author | Mike Sullivan <Mike.Sullivan@Oracle.COM> |
Mon, 19 Nov 2012 17:59:12 -0800 | |
branch | s11-update |
changeset 2425 | ef005fd07371 |
parent 763 | 45da4d38492e |
child 1267 | 3d7359ef8168 |
child 2674 | 4801864231c8 |
permissions | -rw-r--r-- |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
1 |
# |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
2 |
# CDDL HEADER START |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
3 |
# |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
4 |
# The contents of this file are subject to the terms of the |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
5 |
# Common Development and Distribution License (the "License"). |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
6 |
# You may not use this file except in compliance with the License. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
7 |
# |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
8 |
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
9 |
# or http://www.opensolaris.org/os/licensing. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
10 |
# See the License for the specific language governing permissions |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
11 |
# and limitations under the License. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
12 |
# |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
13 |
# When distributing Covered Code, include this CDDL HEADER in each |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
14 |
# file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
15 |
# If applicable, add the following below this CDDL HEADER, with the |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
16 |
# fields enclosed by brackets "[]" replaced with your own identifying |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
17 |
# information: Portions Copyright [yyyy] [name of copyright owner] |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
18 |
# |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
19 |
# CDDL HEADER END |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
20 |
# |
745
09fd85317532
7141635 Deliver wanboot-openssl.o for wanboot
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
426
diff
changeset
|
21 |
# Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved. |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
22 |
# |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
23 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
24 |
Build Layout |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
25 |
--- |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
26 |
|
745
09fd85317532
7141635 Deliver wanboot-openssl.o for wanboot
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
426
diff
changeset
|
27 |
OpenSSL build is run four times. Once for regular dynamic 1.0.0 non-fips, once |
09fd85317532
7141635 Deliver wanboot-openssl.o for wanboot
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
426
diff
changeset
|
28 |
for static 1.0.0 bits to link with standalone wanboot binary, once for 0.9.8 |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
29 |
fips-140, and once for 0.9.8 FIPS-140 canister (in the openssl-fips component) |
745
09fd85317532
7141635 Deliver wanboot-openssl.o for wanboot
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
426
diff
changeset
|
30 |
needed to build 0.9.8 FIPS-140 certified libraries. All builds apart from |
09fd85317532
7141635 Deliver wanboot-openssl.o for wanboot
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
426
diff
changeset
|
31 |
static libraries for wanboot are done for 32 and 64 bits. So, in total, OpenSSL |
763
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
32 |
is built seven times. OpenSSL for wanboot is only build on sparc. |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
33 |
|
763
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
34 |
See also comments in all the Makefiles for more information. |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
35 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
36 |
The non-fips Build. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
37 |
--- |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
38 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
39 |
The non-fips build is the main build of OpenSSL and includes the regular |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
40 |
binaries, libraries, man pages, and header files. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
41 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
42 |
Patches |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
43 |
--- |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
44 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
45 |
08-6193522.patch |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
46 |
Give CA.pl better defaults. See 6193522 for more information. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
47 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
48 |
11-6546806.patch |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
49 |
Make sure the HMAC_CTX_init(3) man page gets delivered. See 6546806 for |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
50 |
more information. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
51 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
52 |
14-manpage_openssl.patch |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
53 |
Force openssl to install man pages into man[1357]openssl instead of man[1357]. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
54 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
55 |
15-pkcs11_engine-0.9.8a.patch |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
56 |
Patch which adds the pkcs11 engine. See also the pkcs11-engine/ |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
57 |
sub-directory. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
58 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
59 |
18-compiler_opts.patch |
763
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
60 |
Adds five Solaris specific configurations (both 32bit and 64bit for both sparc |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
61 |
and x86, plus 64bit sparc for wanboot) to Configure which are then explicitly |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
62 |
used by the Makefiles. Wanboot configuration is special in that it doesn't link |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
63 |
with libc and uses -xF=%all to put functions in separate sections, so that |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
64 |
unused code can be discarded. |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
65 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
66 |
Care should be taken if modifying this patch as changes to compile-time options |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
67 |
can change the ABI. One example of this is the use of RC4_INT vs RC4_CHAR. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
68 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
69 |
20-remove_rpath.patch |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
70 |
Prevent build binaries having an unnecessary runpath (/lib). |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
71 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
72 |
23-noexstack.patch |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
73 |
Build with non-executable stacks and non-executable data (x86). |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
74 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
75 |
27-6978791.patch |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
76 |
Modifies Makefile.shared so that libssl is built with -znodelete. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
77 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
78 |
28-enginesdir.patch |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
79 |
Adds a new "enginesdir" option to the Configure script which allows a user to |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
80 |
specify the engines directory. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
81 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
82 |
29-devcrypto_engine.patch |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
83 |
Modifies engines/Makefile so that the devcrypto engine will be built in the |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
84 |
"engines" directory. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
85 |
|
763
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
86 |
30_wanboot.patch: |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
87 |
Wanboot specific patches. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
88 |
- modified Makefiles not to build in engines apps test tools |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
89 |
- not using vfprintf for error print in crypto/cryptlib.c |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
90 |
- not using ERR_load_DSO_strings() in crypto/err/err_all.c |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
91 |
- not using EVP_read_pw_string() in crypto/evp/evp_key.c |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
92 |
- reading password is implemented in disabled DES library |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
93 |
- avoid select() in crypto/rand/rand_unix.c |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
94 |
- direct reading of IP to avoid sscanf() in crypto/x509v3/v3_utl.c |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
95 |
- using functions from libsock in e_os.h |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
96 |
- by-passing version of sparc detection in crypto/sparcv9cap.c |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
97 |
- results in not using FPU for big numbers multiplication |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
98 |
- should be ok - original detection seems broken, FPU gets never used |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
99 |
- implementation of atoi() |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
100 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
101 |
|
419
a926b383669b
7025650 Default 32-bit /usr/bin/openssl hurts performance on 64-bit amd64 and sparcv9
Dan Anderson <dan.anderson@oracle.com>
parents:
363
diff
changeset
|
102 |
openssl-1.0.0d-aesni-v4.i386-patch |
a926b383669b
7025650 Default 32-bit /usr/bin/openssl hurts performance on 64-bit amd64 and sparcv9
Dan Anderson <dan.anderson@oracle.com>
parents:
363
diff
changeset
|
103 |
X86-only patch. |
a926b383669b
7025650 Default 32-bit /usr/bin/openssl hurts performance on 64-bit amd64 and sparcv9
Dan Anderson <dan.anderson@oracle.com>
parents:
363
diff
changeset
|
104 |
Add a built-in engine, aesni, to support X86 AES-NI instructions, along with |
a926b383669b
7025650 Default 32-bit /usr/bin/openssl hurts performance on 64-bit amd64 and sparcv9
Dan Anderson <dan.anderson@oracle.com>
parents:
363
diff
changeset
|
105 |
files engines/aesni/aesni-x86[_64].pl. |
a926b383669b
7025650 Default 32-bit /usr/bin/openssl hurts performance on 64-bit amd64 and sparcv9
Dan Anderson <dan.anderson@oracle.com>
parents:
363
diff
changeset
|
106 |
This patch is for OpenSSL 1.0.0d. For newer OpenSSL versions, a newer patch |
a926b383669b
7025650 Default 32-bit /usr/bin/openssl hurts performance on 64-bit amd64 and sparcv9
Dan Anderson <dan.anderson@oracle.com>
parents:
363
diff
changeset
|
107 |
may be needed. |
a926b383669b
7025650 Default 32-bit /usr/bin/openssl hurts performance on 64-bit amd64 and sparcv9
Dan Anderson <dan.anderson@oracle.com>
parents:
363
diff
changeset
|
108 |
|
426
8c675b553a27
7048212 T4 engine needed for openssl
Dan Anderson <dan.anderson@oracle.com>
parents:
419
diff
changeset
|
109 |
openssl-1.0.0d-t4-engine.sparc-patch |
8c675b553a27
7048212 T4 engine needed for openssl
Dan Anderson <dan.anderson@oracle.com>
parents:
419
diff
changeset
|
110 |
SPARC-only patch. |
8c675b553a27
7048212 T4 engine needed for openssl
Dan Anderson <dan.anderson@oracle.com>
parents:
419
diff
changeset
|
111 |
Add a built-in engine, t4, to support SPARC T4 crypto instructions. |
8c675b553a27
7048212 T4 engine needed for openssl
Dan Anderson <dan.anderson@oracle.com>
parents:
419
diff
changeset
|
112 |
along with files in directory engines/t4. |
8c675b553a27
7048212 T4 engine needed for openssl
Dan Anderson <dan.anderson@oracle.com>
parents:
419
diff
changeset
|
113 |
|
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
114 |
opensslconf.patch |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
115 |
Modifies opensslconf.h so that it is suitable for both 32bit and 64bit installs. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
116 |
OpenSSL either builds for 32bit or 64bit - it doesn't allow for combined 32bit |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
117 |
and 64bit builds. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
118 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
119 |
The fips Build |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
120 |
--- |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
121 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
122 |
FIPS-140 certified libraries for Solaris private use. We wait for OpenSSL 1.0.0 |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
123 |
to be FIPS-140 certified in which time we can ship only 1.0.0 with S11 and make |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
124 |
it a public interface. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
125 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
126 |
Patches |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
127 |
--- |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
128 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
129 |
All the patches from 1.0.0 are used in 0.9.8 as well aside from |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
130 |
14-manpage_openssl.patch which is not needed since we do not deliver 0.9.8 man |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
131 |
pages. Additional patches: |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
132 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
133 |
01-7009105.patch |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
134 |
Fixing a bug introduces in 0.9.8q and fixed in 0.9.8r. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
135 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
136 |
sparc-01-ccwrap.patch |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
137 |
Workaround so that fingerprinting the canister during runtime and comparing it |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
138 |
with the saved fingerprint works correctly. |
763
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
139 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
140 |
The wanboot Build |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
141 |
---- |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
142 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
143 |
There are some significant differences when building OpenSSL for wanboot. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
144 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
145 |
Some additional Configuration options are needed: |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
146 |
-DNO_CHMOD chmod not available in stand-alone environment |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
147 |
-DBOOT guard for wanboot specific patches |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
148 |
-DOPENSSL_NO_DTLS1 to avoid dtls1_min_mtu() - DTLS not used anyway |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
149 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
150 |
List of object files for wanboot-openssl.o |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
151 |
---- |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
152 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
153 |
At this moment, object files for wanboot-openssl.o need to be listed explicitly. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
154 |
This is cumbersome and relatively tedious with respect to upgrading to higher |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
155 |
version of openssl. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
156 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
157 |
In future, it would be nice, if this could be performed automatically by the |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
158 |
linker. The required interface for wanboot is already defined in a mapfile and |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
159 |
linker option '-zdiscard-unused=sections,files' is already used to discard |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
160 |
unused code. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
161 |
But sadly, at this moment when the linker is given all the object files, it |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
162 |
correctly discards some unused files, but references to undefined symbols from |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
163 |
the discarded files don't get discarded along. Later, these undefined references |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
164 |
cause wanboot linking failure. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
165 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
166 |
In order to determine which openssl object files are required for wanboot, |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
167 |
first build static standalone openssl bits in Userland. As a site effect, |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
168 |
static libraries libssl.a and libcrypto.a are created in build/sparcv9-wanboot. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
169 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
170 |
$ cd $USERLAND/components/openssl/openssl-1.0.0 ; gmake build |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
171 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
172 |
Next, collect some information from linking wanboot static libraries in ON. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
173 |
This can be done by the following hack. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
174 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
175 |
$ cd $ON/usr/src/psm/stand/boot/sparcv9/sun4 |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
176 |
$ touch wanboot.o |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
177 |
$ LD_OPTIONS="-Dfiles,symbols,output=ld.dbg \ |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
178 |
-L$USERLAND/components/openssl/openssl-1.0.0/build/sparcv9-wanboot " \ |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
179 |
WAN_OPENSSL=" -lwanboot -lssl -lcrypto" dmake all |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
180 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
181 |
The following sort of information ends up in ld.dbg (note that the debugging |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
182 |
output from the link-editor is not considered a 'stable interface' and may |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
183 |
change in the future): |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
184 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
185 |
debug: file=/builds/tkuthan/ul-wanboot-rebuilt/components/openssl/openssl-1.0.0/build/sparcv9-wanboot/libcrypto.a(sparcv9cap.o) [ ET_REL ] |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
186 |
debug: |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
187 |
debug: symbol table processing; file=/builds/tkuthan/ul-wanboot-rebuilt/components/openssl/openssl-1.0.0/build/sparcv9-wanboot/libcrypto.a(sparcv9cap.o) [ ET_REL ] |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
188 |
debug: symbol[1]=sparcv9cap.c |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
189 |
.... |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
190 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
191 |
Now run the following script in Userland: |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
192 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
193 |
#!/bin/bash |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
194 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
195 |
# set to workspace paths: |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
196 |
USERLAND=/builds/tkuthan/ul-wanboot-rebuilt |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
197 |
ON=/builds/tkuthan/on11u1-wanboot-rti |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
198 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
199 |
BUILD=$USERLAND/components/openssl/openssl-1.0.0/build/sparcv9-wanboot |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
200 |
LD_DBG=$ON/usr/src/psm/stand/boot/sparcv9/sun4/ld.dbg |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
201 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
202 |
for i in `find $BUILD/crypto $BUILD/ssl -name '*.o'` |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
203 |
do |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
204 |
f=`basename $i` |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
205 |
if grep -q "^debug: file.*\<$f\>" $LD_DBG |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
206 |
then |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
207 |
echo $i | sed "s#$BUILD/##" |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
208 |
fi |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
209 |
done |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
210 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
211 |
to get the list of required object files. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
212 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
213 |
Additionally, you can format the list for including to Makefile by: |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
214 |
sort | tr '\n' ' ' | fold -s -w74 | sed -e 's/^/ /' -e 's/$/\\/' |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
215 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
216 |
Linking with wanboot |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
217 |
---- |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
218 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
219 |
When linking with wanboot please pay attention to following pitfalls. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
220 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
221 |
Correct openssl header files need to be included. This is done in |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
222 |
$ON/usr/src/stand/lib/wanboot/Makefile |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
223 |
Make sure CPPFLAGS point to the right directories. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
224 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
225 |
EXTREME CAUTION needs to be employed, if WANBOOT GREW IN SIZE because of the |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
226 |
changes! |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
227 |
Wanboot is a statically linked standalone binary and it is loaded on a fixed |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
228 |
address before execution. This address is defined in |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
229 |
$ON/usr/src/psm/stand/boot/sparc/common/mapfile: |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
230 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
231 |
27 LOAD_SEGMENT text { |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
232 |
28 FLAGS = READ EXECUTE; |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
233 |
29 VADDR = 0x130000; |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
234 |
30 ASSIGN_SECTION { |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
235 |
31 TYPE = PROGBITS; |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
236 |
32 FLAGS = ALLOC !WRITE; |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
237 |
33 }; |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
238 |
34 }; |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
239 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
240 |
This address (VADDR) NEEDS TO BE GREATER THEN |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
241 |
size of wanboot binary + 0x4000 |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
242 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
243 |
The reason for this is in how wanboot is loaded by OpenBoot Prom: |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
244 |
1) user initiates boot from network - "boot net" |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
245 |
2) obp loads wanboot binary at address 0x4000 |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
246 |
3) obp parses ELF header, reads virtual address where to load wanboot to |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
247 |
4) obp mem-copies .text section to this address |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
248 |
5) obp copies .data section behind .text |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
249 |
6) obp starts executing wanboot at entry address |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
250 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
251 |
If the given address is too small, obp overwrites part of .data with |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
252 |
instructions from .text in step 4. resulting in .data being corrupted. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
253 |
Initialized variables get bogus values and failure is inevitable. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
254 |
This is very hard to troubleshoot. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
255 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
256 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
257 |
Testing wanboot with new openssl |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
258 |
---- |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
259 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
260 |
With every upgrade of OpenSSL, it is necessary to make sure wanboot builds and |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
261 |
works well with the new bits. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
262 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
263 |
Provided you have a freshly built ON workspace, you can link wanboot with new |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
264 |
OpenSSL bits by redefining WAN_OPENSSL macro: |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
265 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
266 |
# copy wanboot-openssl.o to ON build machine |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
267 |
cp wanboot-openssl.o /var/tmp/ |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
268 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
269 |
# prepare to rebuild wanboot |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
270 |
cd $ON |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
271 |
bldenv developer.sh |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
272 |
cd usr/src/psm/stand/boot/sparcv9/sun4 |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
273 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
274 |
# hack to force a rebuild |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
275 |
touch wanboot.o |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
276 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
277 |
# link new OpenSSL to wanboot |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
278 |
WAN_OPENSSL=/var/tmp/wanboot-openssl.o dmake all |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
279 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
280 |
Wanboot should build without warning. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
281 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
282 |
If there is something like this in the output: |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
283 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
284 |
Undefined first referenced |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
285 |
symbol in file |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
286 |
CRYPTO_ccm128_setiv /var/tmp/wanboot-openssl.o |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
287 |
SSL_get_srtp_profiles /var/tmp/wanboot-openssl.o |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
288 |
ssl_parse_clienthello_use_srtp_ext /var/tmp/wanboot-openssl.o |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
289 |
CRYPTO_gcm128_setiv /var/tmp/wanboot-openssl.o |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
290 |
... |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
291 |
cmac_pkey_meth /var/tmp/wanboot-openssl.o |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
292 |
ld: fatal: symbol referencing errors. No output written to wanboot |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
293 |
*** Error code 1 |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
294 |
dmake: Fatal error: Command failed for target `wanboot' |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
295 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
296 |
some additional work has to be done in OpenSSL to either satisfy the function |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
297 |
references listed in the linker error message, or to remove the calls to these |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
298 |
functions. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
299 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
300 |
Finally, resulting wanboot binary shall be deployed on some install server and |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
301 |
wanbooting from this server shall be tested. |