1 # |
|
2 # This patch file makes the changes neccessary to build wanboot-openssl.o |
|
3 # binary. This is Solaris-specific: not suitable for upstream. |
|
4 # |
|
5 --- openssl-1.0.0g/Makefile.org 2010-01-27 08:06:58.000000000 -0800 |
|
6 +++ openssl-1.0.0g-1/Makefile.org 2012-03-26 03:04:08.440194448 -0700 |
|
7 @@ -138,7 +138,13 @@ |
|
8 |
|
9 BASEADDR= |
|
10 |
|
11 +# For wanboot, we only need crypto and ssl. |
|
12 +# 'apps' are not patched to work in stand-alone environment anyway. |
|
13 +ifeq ($(PLATFORM), solaris64-sparcv9-cc-sunw-wanboot) |
|
14 +DIRS= crypto ssl |
|
15 +else |
|
16 DIRS= crypto ssl engines apps test tools |
|
17 +endif |
|
18 ENGDIRS= ccgost |
|
19 SHLIBDIRS= crypto ssl |
|
20 |
|
21 --- openssl-1.0.0g/Makefile 2012-01-18 05:42:28.000000000 -0800 |
|
22 +++ openssl-1.0.0g-1/Makefile 2012-03-26 03:03:59.170540344 -0700 |
|
23 @@ -137,7 +137,13 @@ |
|
24 |
|
25 BASEADDR=0xFB00000 |
|
26 |
|
27 +# For wanboot, we only need crypto and ssl. |
|
28 +# 'apps' are not patched to work in stand-alone environment anyway. |
|
29 +ifeq ($(PLATFORM), solaris64-sparcv9-cc-sunw-wanboot) |
|
30 +DIRS= crypto ssl |
|
31 +else |
|
32 DIRS= crypto ssl engines apps test tools |
|
33 +endif |
|
34 ENGDIRS= ccgost |
|
35 SHLIBDIRS= crypto ssl |
|
36 |
|
37 --- openssl-1.0.0e/crypto/cryptlib.c 2011-06-22 08:39:00.000000000 -0700 |
|
38 +++ openssl-1.0.0e_patched/crypto/cryptlib.c 2011-12-12 06:17:45.422476900 -0800 |
|
39 @@ -421,11 +421,13 @@ |
|
40 static void solaris_locking_callback(int mode, int type, const char *file, |
|
41 int line) |
|
42 { |
|
43 +#ifndef _BOOT |
|
44 if (mode & CRYPTO_LOCK) { |
|
45 pthread_mutex_lock(&solaris_openssl_locks[type]); |
|
46 } else { |
|
47 pthread_mutex_unlock(&solaris_openssl_locks[type]); |
|
48 } |
|
49 +#endif |
|
50 } |
|
51 |
|
52 |
|
53 @@ -435,6 +437,7 @@ |
|
54 static struct CRYPTO_dynlock_value * |
|
55 solaris_dynlock_create(const char *file, int line) |
|
56 { |
|
57 +#ifndef _BOOT |
|
58 int ret; |
|
59 pthread_mutex_t *dynlock; |
|
60 |
|
61 @@ -447,6 +450,9 @@ |
|
62 OPENSSL_assert(ret); |
|
63 |
|
64 return ((struct CRYPTO_dynlock_value *)dynlock); |
|
65 +#else |
|
66 + return (NULL); |
|
67 +#endif |
|
68 } |
|
69 |
|
70 static void |
|
71 @@ -453,6 +459,7 @@ |
|
72 solaris_dynlock_lock(int mode, struct CRYPTO_dynlock_valud *dynlock, |
|
73 const char *file, int line) |
|
74 { |
|
75 +#ifndef _BOOT |
|
76 int ret; |
|
77 |
|
78 if (mode & CRYPTO_LOCK) { |
|
79 @@ -462,6 +469,7 @@ |
|
80 } |
|
81 |
|
82 OPENSSL_assert(ret == 0); |
|
83 +#endif |
|
84 } |
|
85 |
|
86 static void |
|
87 @@ -468,9 +476,11 @@ |
|
88 solaris_dynlock_destroy(struct CRYPTO_dynlock_value *dynlock, |
|
89 const char *file, int line) |
|
90 { |
|
91 +#ifndef _BOOT |
|
92 int ret; |
|
93 ret = pthread_mutex_destroy((pthread_mutex_t *)dynlock); |
|
94 OPENSSL_assert(ret); |
|
95 +#endif |
|
96 } |
|
97 |
|
98 |
|
99 @@ -514,6 +524,12 @@ |
|
100 } |
|
101 |
|
102 /* |
|
103 + * pthread_* can't be used in wanboot. |
|
104 + * wanboot needs not be thread-safe and mutexes and locking callback |
|
105 + * function will not be setup for wanboot. |
|
106 + */ |
|
107 +#ifndef _BOOT |
|
108 + /* |
|
109 * Set atfork handler so that child can setup its own mutexes and |
|
110 * locking callbacks when it is forked |
|
111 */ |
|
112 @@ -534,7 +550,7 @@ |
|
113 pthread_mutex_init(&solaris_openssl_locks[i], NULL); |
|
114 } |
|
115 locking_callback = solaris_locking_callback; |
|
116 - |
|
117 +#endif |
|
118 } |
|
119 |
|
120 void CRYPTO_set_locking_callback(void (*func) (int mode, int type, |
|
121 @@ -1084,6 +1100,12 @@ |
|
122 MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONSTOP); |
|
123 } |
|
124 #else |
|
125 +/* |
|
126 + * Solaris libsa.a used for WAN boot doesn't provide for vfprintf(). Since |
|
127 + * OPENSSL_showfatal() is not used anywhere else then here we can safely use |
|
128 + * the code from 0.9.7d version. |
|
129 + */ |
|
130 +#ifndef _BOOT |
|
131 void OPENSSL_showfatal(const char *fmta, ...) |
|
132 { |
|
133 va_list ap; |
|
134 @@ -1092,6 +1114,7 @@ |
|
135 vfprintf(stderr, fmta, ap); |
|
136 va_end(ap); |
|
137 } |
|
138 +#endif /* _BOOT */ |
|
139 |
|
140 int OPENSSL_isservice(void) |
|
141 { |
|
142 @@ -1101,9 +1124,15 @@ |
|
143 |
|
144 void OpenSSLDie(const char *file, int line, const char *assertion) |
|
145 { |
|
146 +#ifndef _BOOT |
|
147 OPENSSL_showfatal |
|
148 ("%s(%d): OpenSSL internal error, assertion failed: %s\n", file, line, |
|
149 assertion); |
|
150 +#else |
|
151 + fprintf(stderr, |
|
152 + "%s(%d): OpenSSL internal error, assertion failed: %s\n", |
|
153 + file,line,assertion); |
|
154 +#endif |
|
155 #if !defined(_WIN32) || defined(__CYGWIN__) |
|
156 abort(); |
|
157 #else |
|
158 --- openssl-1.0.0e/crypto/err/err_all.c 2009-08-09 07:58:05.000000000 -0700 |
|
159 +++ openssl-1.0.0e_patched/crypto/err/err_all.c 2011-12-13 05:22:01.205351400 -0800 |
|
160 @@ -148,7 +148,9 @@ |
|
161 ERR_load_X509V3_strings(); |
|
162 ERR_load_PKCS12_strings(); |
|
163 ERR_load_RAND_strings(); |
|
164 +#ifndef _BOOT |
|
165 ERR_load_DSO_strings(); |
|
166 +#endif /* _BOOT */ |
|
167 ERR_load_TS_strings(); |
|
168 # ifndef OPENSSL_NO_ENGINE |
|
169 ERR_load_ENGINE_strings(); |
|
170 --- openssl-1.0.0e/crypto/evp/evp_key.c 2010-03-27 12:27:50.000000000 -0700 |
|
171 +++ openssl-1.0.0e_patched/crypto/evp/evp_key.c 2011-12-13 05:19:32.956908600 -0800 |
|
172 @@ -83,7 +83,7 @@ |
|
173 else |
|
174 return (prompt_string); |
|
175 } |
|
176 - |
|
177 +#ifndef _BOOT |
|
178 /* |
|
179 * For historical reasons, the standard function for reading passwords is in |
|
180 * the DES library -- if someone ever wants to disable DES, this function |
|
181 @@ -115,6 +115,7 @@ |
|
182 OPENSSL_cleanse(buff, BUFSIZ); |
|
183 return ret; |
|
184 } |
|
185 +#endif /* !_BOOT */ |
|
186 |
|
187 int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, |
|
188 const unsigned char *salt, const unsigned char *data, |
|
189 --- openssl-1.0.0e/crypto/rand/rand_unix.c 2009-04-06 07:31:36.000000000 -0700 |
|
190 +++ openssl-1.0.0e_patched/crypto/rand/rand_unix.c 2011-12-19 07:28:39.988944800 -0800 |
|
191 @@ -122,7 +122,11 @@ |
|
192 # include <sys/time.h> |
|
193 # include <sys/times.h> |
|
194 # include <sys/stat.h> |
|
195 +#ifdef _BOOT |
|
196 +# include <sys/fcntl.h> |
|
197 +#else |
|
198 # include <fcntl.h> |
|
199 +#endif |
|
200 # include <unistd.h> |
|
201 # include <time.h> |
|
202 # if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually |
|
203 @@ -259,6 +263,11 @@ |
|
204 const char **egdsocket = NULL; |
|
205 # endif |
|
206 |
|
207 +#ifdef _BOOT |
|
208 +/* open() is provided by standalone libsa not visible from here */ |
|
209 +extern int open(const char *, int); |
|
210 +#endif |
|
211 + |
|
212 # ifdef DEVRANDOM |
|
213 memset(randomstats, 0, sizeof(randomstats)); |
|
214 /* |
|
215 @@ -307,11 +316,15 @@ |
|
216 do { |
|
217 int try_read = 0; |
|
218 |
|
219 -# if defined(OPENSSL_SYS_BEOS_R5) |
|
220 +# if defined(OPENSSL_SYS_BEOS_R5) || defined(_BOOT) |
|
221 /* |
|
222 * select() is broken in BeOS R5, so we simply try to read |
|
223 * something and snooze if we couldn't |
|
224 */ |
|
225 + /* |
|
226 + * select() is not available when linking stand-alone |
|
227 + * library for wanboot |
|
228 + */ |
|
229 try_read = 1; |
|
230 |
|
231 # elif defined(OPENSSL_SYS_LINUX) |
|
232 @@ -365,6 +378,7 @@ |
|
233 } else |
|
234 r = -1; |
|
235 |
|
236 +#ifndef _BOOT |
|
237 /* |
|
238 * Some Unixen will update t in select(), some won't. For |
|
239 * those who won't, or if we didn't use select() in the first |
|
240 @@ -377,13 +391,17 @@ |
|
241 while ((r > 0 || |
|
242 (errno == EINTR || errno == EAGAIN)) && usec != 0 |
|
243 && n < ENTROPY_NEEDED); |
|
244 +#else /* _BOOT */ |
|
245 + } |
|
246 + while (r > 0 && n < ENTROPY_NEEDED); |
|
247 +#endif /* _BOOT */ |
|
248 |
|
249 close(fd); |
|
250 } |
|
251 } |
|
252 # endif /* defined(DEVRANDOM) */ |
|
253 |
|
254 -# ifdef DEVRANDOM_EGD |
|
255 +# if defined(DEVRANDOM_EGD) && !defined(_BOOT) |
|
256 /* |
|
257 * Use an EGD socket to read entropy from an EGD or PRNGD entropy |
|
258 * collecting daemon. |
|
259 @@ -407,6 +424,7 @@ |
|
260 } |
|
261 # endif |
|
262 |
|
263 +#ifndef _BOOT |
|
264 /* put in some default random data, we need more than just this */ |
|
265 l = curr_pid; |
|
266 RAND_add(&l, sizeof(l), 0.0); |
|
267 @@ -415,6 +433,7 @@ |
|
268 |
|
269 l = time(NULL); |
|
270 RAND_add(&l, sizeof(l), 0.0); |
|
271 +#endif /* !_BOOT */ |
|
272 |
|
273 # if defined(OPENSSL_SYS_BEOS) |
|
274 { |
|
275 --- openssl-1.0.0e/crypto/rand/randfile.c 2011-03-19 02:44:37.000000000 -0700 |
|
276 +++ openssl-1.0.0e_patched/crypto/rand/randfile.c 2011-12-13 05:26:51.884824200 -0800 |
|
277 @@ -57,9 +57,11 @@ |
|
278 */ |
|
279 |
|
280 /* We need to define this to get macros like S_IFBLK and S_IFCHR */ |
|
281 +#ifndef _BOOT |
|
282 #if !defined(OPENSSL_SYS_VXWORKS) |
|
283 # define _XOPEN_SOURCE 500 |
|
284 #endif |
|
285 +#endif /* _BOOT */ |
|
286 |
|
287 #include <errno.h> |
|
288 #include <stdio.h> |
|
289 @@ -191,6 +193,7 @@ |
|
290 return (ret); |
|
291 } |
|
292 |
|
293 +#ifndef _BOOT |
|
294 int RAND_write_file(const char *file) |
|
295 { |
|
296 unsigned char buf[BUFSIZE]; |
|
297 @@ -335,3 +338,5 @@ |
|
298 #endif |
|
299 return (buf); |
|
300 } |
|
301 + |
|
302 +#endif /* _BOOT */ |
|
303 --- openssl-1.0.0e/crypto/x509v3/v3_utl.c 2009-07-27 14:08:53.000000000 -0700 |
|
304 +++ openssl-1.0.0e_patched/crypto/x509v3/v3_utl.c 2011-12-13 05:10:08.844191400 -0800 |
|
305 @@ -715,9 +715,50 @@ |
|
306 } |
|
307 } |
|
308 |
|
309 +#if defined(_BOOT) |
|
310 +/* This function was copied from bio/b_sock.c */ |
|
311 +static int get_ip(const char *str, unsigned char ip[4]) |
|
312 +{ |
|
313 + unsigned int tmp[4]; |
|
314 + int num = 0, c, ok = 0; |
|
315 + |
|
316 + tmp[0]=tmp[1]=tmp[2]=tmp[3]=0; |
|
317 + |
|
318 + for (;;) { |
|
319 + c = *(str++); |
|
320 + if ((c >= '0') && (c <= '9')) { |
|
321 + ok = 1; |
|
322 + tmp[num] = tmp[num]*10+c-'0'; |
|
323 + if (tmp[num] > 255) |
|
324 + return(0); |
|
325 + } else if (c == '.') { |
|
326 + if (!ok) |
|
327 + return (-1); |
|
328 + if (num == 3) |
|
329 + return (0); |
|
330 + num++; |
|
331 + ok = 0; |
|
332 + } else if (c == '\0' && (num == 3) && ok) |
|
333 + break; |
|
334 + else |
|
335 + return(0); |
|
336 + } |
|
337 + ip[0]=tmp[0]; |
|
338 + ip[1]=tmp[1]; |
|
339 + ip[2]=tmp[2]; |
|
340 + ip[3]=tmp[3]; |
|
341 + return(1); |
|
342 +} |
|
343 +#endif /* _BOOT */ |
|
344 + |
|
345 static int ipv4_from_asc(unsigned char *v4, const char *in) |
|
346 { |
|
347 int a0, a1, a2, a3; |
|
348 + |
|
349 +#if defined(_BOOT) |
|
350 + if (get_ip(in, v4) != 1) |
|
351 + return 0; |
|
352 +#else /* _BOOT */ |
|
353 if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4) |
|
354 return 0; |
|
355 if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) |
|
356 @@ -727,6 +768,7 @@ |
|
357 v4[1] = a1; |
|
358 v4[2] = a2; |
|
359 v4[3] = a3; |
|
360 +#endif /* _BOOT */ |
|
361 return 1; |
|
362 } |
|
363 |
|
364 --- openssl-1.0.0e/e_os.h 2011-12-19 04:17:51.631087400 -0800 |
|
365 +++ openssl-1.0.0e_patched/e_os.h 2011-12-19 04:15:15.776668900 -0800 |
|
366 @@ -213,10 +213,19 @@ |
|
367 # define get_last_socket_error() errno |
|
368 # define clear_socket_error() errno=0 |
|
369 # define ioctlsocket(a,b,c) ioctl(a,b,c) |
|
370 +#ifdef _BOOT |
|
371 +#include <netinet/in.h> |
|
372 +extern int socket_read(int, void *, size_t, int); |
|
373 +extern int socket_close(int); |
|
374 +# define closesocket(s) socket_close(s) |
|
375 +# define readsocket(s,b,n) socket_read((s),(b),(n), 200) |
|
376 +# define writesocket(s,b,n) send((s),(b),(n), 0) |
|
377 +#else /* !_BOOT */ |
|
378 # define closesocket(s) close(s) |
|
379 # define readsocket(s,b,n) read((s),(b),(n)) |
|
380 # define writesocket(s,b,n) write((s),(b),(n)) |
|
381 # endif |
|
382 +#endif |
|
383 |
|
384 # ifdef WIN16 /* never the case */ |
|
385 # define MS_CALLBACK _far _loadds |
|
386 --- openssl-1.0.0e/crypto/sparcv9cap.c 2010-09-05 12:48:01.000000000 -0700 |
|
387 +++ openssl-1.0.0e_patched/crypto/sparcv9cap.c 2011-12-23 05:24:02.011607700 -0800 |
|
388 @@ -12,7 +12,11 @@ |
|
389 #define SPARCV9_VIS2 (1<<3) /* reserved */ |
|
390 #define SPARCV9_FMADD (1<<4) /* reserved for SPARC64 V */ |
|
391 |
|
392 +#ifndef _BOOT |
|
393 static int OPENSSL_sparcv9cap_P = SPARCV9_TICK_PRIVILEGED; |
|
394 +#else |
|
395 +static int OPENSSL_sparcv9cap_P = SPARCV9_VIS1; |
|
396 +#endif |
|
397 |
|
398 int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, |
|
399 const BN_ULONG *np, const BN_ULONG *n0, int num) |
|
400 @@ -36,6 +40,7 @@ |
|
401 void _sparcv9_vis2_probe(void); |
|
402 void _sparcv9_fmadd_probe(void); |
|
403 |
|
404 +#ifndef _BOOT |
|
405 unsigned long OPENSSL_rdtsc(void) |
|
406 { |
|
407 if (OPENSSL_sparcv9cap_P & SPARCV9_TICK_PRIVILEGED) |
|
408 @@ -47,8 +52,19 @@ |
|
409 else |
|
410 return _sparcv9_rdtick(); |
|
411 } |
|
412 +#endif |
|
413 + |
|
414 +#if defined(_BOOT) |
|
415 +/* |
|
416 + * Hardcoding sparc capabilities for wanboot. |
|
417 + * Older CPUs are EOLed anyway. |
|
418 + */ |
|
419 +void OPENSSL_cpuid_setup(void) |
|
420 + { |
|
421 + OPENSSL_sparcv9cap_P = SPARCV9_VIS1; |
|
422 + } |
|
423 |
|
424 -#if 0 && defined(__sun) && defined(__SVR4) |
|
425 +#elif 0 && defined(__sun) && defined(__SVR4) |
|
426 /* |
|
427 * This code path is disabled, because of incompatibility of libdevinfo.so.1 |
|
428 * and libmalloc.so.1 (see below for details) |
|
429 --- openssl-1.0.0e/crypto/sparccpuid.S 2010-09-05 12:48:01.000000000 -0700 |
|
430 +++ openssl-1.0.0e_patched/crypto/sparccpuid.S 2012-02-13 07:42:58.259478325 -0800 |
|
431 @@ -397,8 +397,13 @@ |
|
432 .type OPENSSL_cleanse,#function |
|
433 .size OPENSSL_cleanse,.-OPENSSL_cleanse |
|
434 |
|
435 +#ifndef _BOOT |
|
436 .section ".init",#alloc,#execinstr |
|
437 call solaris_locking_setup |
|
438 nop |
|
439 call OPENSSL_cpuid_setup |
|
440 nop |
|
441 +#else |
|
442 + nop |
|
443 + nop |
|
444 +#endif |
|
445 --- openssl-1.0.1c/crypto/Makefile Thu Aug 2 12:56:38 2012 |
|
446 +++ openssl-1.0.1c/crypto/Makefile.new Thu Aug 2 12:59:43 2012 |
|
447 @@ -36,9 +36,9 @@ |
|
448 LIB= $(TOP)/libcrypto.a |
|
449 SHARED_LIB= libcrypto$(SHLIB_EXT) |
|
450 LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \ |
|
451 - ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c |
|
452 + ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c wanboot-stubs.c |
|
453 LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o \ |
|
454 - uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ) |
|
455 + uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o wanboot-stubs.o $(CPUID_OBJ) |
|
456 |
|
457 SRC= $(LIBSRC) |
|
458 |
|
459 --- openssl-1.0.1f/ssl/s3_clnt.c Thu Jan 30 02:53:33 2014 |
|
460 +++ openssl-1.0.1f/ssl/s3_clnt.c.new Thu Jan 30 02:57:51 2014 |
|
461 @@ -668,7 +668,11 @@ |
|
462 |
|
463 p = s->s3->client_random; |
|
464 |
|
465 +#ifndef _BOOT |
|
466 if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) |
|
467 +#else |
|
468 + if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0) |
|
469 +#endif |
|
470 goto err; |
|
471 |
|
472 /* Do the message type and length last */ |
|
473 --- openssl-1.0.1f/ssl/s3_lib.c Wed Oct 15 11:18:30 2014 |
|
474 +++ openssl-1.0.1f/ssl/s3_lib.c.new Wed Oct 15 11:20:07 2014 |
|
475 @@ -3343,7 +3343,11 @@ |
|
476 * Apparently we're using a version-flexible SSL_METHOD (not at its |
|
477 * highest protocol version). |
|
478 */ |
|
479 +#ifndef _BOOT |
|
480 if (s->ctx->method->version == SSLv23_method()->version) { |
|
481 +#else |
|
482 + if (s->ctx->method->version == TLS1_2_VERSION) { |
|
483 +#endif |
|
484 #if TLS_MAX_VERSION != TLS1_2_VERSION |
|
485 # error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION. |
|
486 #endif |
|