|
1 # |
|
2 # This patch file makes the changes neccessary to build wanboot-openssl.o |
|
3 # binary. This is Solaris-specific: not suitable for upstream. |
|
4 # |
|
5 --- openssl-1.0.0g/Makefile.org 2010-01-27 08:06:58.000000000 -0800 |
|
6 +++ openssl-1.0.0g-1/Makefile.org 2012-03-26 03:04:08.440194448 -0700 |
|
7 @@ -139,7 +139,13 @@ |
|
8 |
|
9 BASEADDR= |
|
10 |
|
11 +# For wanboot, we only need crypto and ssl. |
|
12 +# 'apps' are not patched to work in stand-alone environment anyway. |
|
13 +ifeq ($(PLATFORM), solaris64-sparcv9-cc-sunw-wanboot) |
|
14 +DIRS= crypto ssl |
|
15 +else |
|
16 DIRS= crypto ssl engines apps test tools |
|
17 +endif |
|
18 ENGDIRS= ccgost |
|
19 SHLIBDIRS= crypto ssl |
|
20 |
|
21 --- openssl-1.0.0g/Makefile 2012-01-18 05:42:28.000000000 -0800 |
|
22 +++ openssl-1.0.0g-1/Makefile 2012-03-26 03:03:59.170540344 -0700 |
|
23 @@ -138,7 +138,13 @@ |
|
24 |
|
25 BASEADDR=0xFB00000 |
|
26 |
|
27 +# For wanboot, we only need crypto and ssl. |
|
28 +# 'apps' are not patched to work in stand-alone environment anyway. |
|
29 +ifeq ($(PLATFORM), solaris64-sparcv9-cc-sunw-wanboot) |
|
30 +DIRS= crypto ssl |
|
31 +else |
|
32 DIRS= crypto ssl engines apps test tools |
|
33 +endif |
|
34 ENGDIRS= ccgost |
|
35 SHLIBDIRS= crypto ssl |
|
36 |
|
37 --- openssl-1.0.0e/crypto/cryptlib.c 2011-06-22 08:39:00.000000000 -0700 |
|
38 +++ openssl-1.0.0e/crypto/cryptlib.c 2011-12-12 06:17:45.422476900 -0800 |
|
39 @@ -421,11 +421,13 @@ |
|
40 static void solaris_locking_callback(int mode, int type, const char *file, |
|
41 int line) |
|
42 { |
|
43 +#ifndef _BOOT |
|
44 if (mode & CRYPTO_LOCK) { |
|
45 (void) pthread_mutex_lock(&solaris_openssl_locks[type]); |
|
46 } else { |
|
47 (void) pthread_mutex_unlock(&solaris_openssl_locks[type]); |
|
48 } |
|
49 +#endif |
|
50 } |
|
51 |
|
52 /* |
|
53 @@ -434,6 +436,7 @@ |
|
54 static struct CRYPTO_dynlock_value * |
|
55 solaris_dynlock_create(const char *file, int line) |
|
56 { |
|
57 +#ifndef _BOOT |
|
58 int ret; |
|
59 pthread_mutex_t *dynlock; |
|
60 |
|
61 @@ -446,6 +449,9 @@ |
|
62 OPENSSL_assert(ret == 0); |
|
63 |
|
64 return ((struct CRYPTO_dynlock_value *)dynlock); |
|
65 +#else |
|
66 + return (NULL); |
|
67 +#endif |
|
68 } |
|
69 |
|
70 static void |
|
71 @@ -452,6 +458,7 @@ |
|
72 solaris_dynlock_lock(int mode, struct CRYPTO_dynlock_value *dynlock, |
|
73 const char *file, int line) |
|
74 { |
|
75 +#ifndef _BOOT |
|
76 int ret; |
|
77 |
|
78 if (mode & CRYPTO_LOCK) { |
|
79 @@ -461,6 +468,7 @@ |
|
80 } |
|
81 |
|
82 OPENSSL_assert(ret == 0); |
|
83 +#endif |
|
84 } |
|
85 |
|
86 static void |
|
87 @@ -467,23 +475,28 @@ |
|
88 solaris_dynlock_destroy(struct CRYPTO_dynlock_value *dynlock, |
|
89 const char *file, int line) |
|
90 { |
|
91 +#ifndef _BOOT |
|
92 int ret; |
|
93 ret = pthread_mutex_destroy((pthread_mutex_t *)dynlock); |
|
94 OPENSSL_assert(ret == 0); |
|
95 +#endif |
|
96 } |
|
97 |
|
98 |
|
99 static void solaris_fork_prep(void) |
|
100 { |
|
101 +#ifndef _BOOT |
|
102 int i; |
|
103 |
|
104 for (i = 0; i < CRYPTO_NUM_LOCKS; i++) { |
|
105 (void) pthread_mutex_lock(&solaris_openssl_locks[i]); |
|
106 } |
|
107 +#endif |
|
108 } |
|
109 |
|
110 static void solaris_fork_post(void) |
|
111 { |
|
112 +#ifndef _BOOT |
|
113 int i; |
|
114 |
|
115 for (i = CRYPTO_NUM_LOCKS - 1; i >= 0; i--) { |
|
116 @@ -494,6 +507,7 @@ |
|
117 OPENSSL_assert(dynlock_lock_callback == solaris_dynlock_lock); |
|
118 OPENSSL_assert(dynlock_destroy_callback == solaris_dynlock_destroy); |
|
119 OPENSSL_assert(locking_callback == solaris_locking_callback); |
|
120 +#endif |
|
121 } |
|
122 |
|
123 /* |
|
124 @@ -517,6 +531,12 @@ |
|
125 locking_callback = solaris_locking_callback; |
|
126 } |
|
127 |
|
128 + /* |
|
129 + * pthread_* can't be used in wanboot. |
|
130 + * wanboot needs not be thread-safe and mutexes and locking callback |
|
131 + * function will not be setup for wanboot. |
|
132 + */ |
|
133 +#ifndef _BOOT |
|
134 /* allocate and initialize locks needed by OpenSSL */ |
|
135 solaris_openssl_locks = |
|
136 OPENSSL_malloc(sizeof (pthread_mutex_t) * CRYPTO_NUM_LOCKS); |
|
137 @@ -530,6 +550,7 @@ |
|
138 } |
|
139 |
|
140 (void) pthread_atfork(solaris_fork_prep, solaris_fork_post, solaris_fork_post); |
|
141 +#endif |
|
142 } |
|
143 |
|
144 |
|
145 @@ -1104,6 +1120,12 @@ |
|
146 MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR); |
|
147 } |
|
148 #else |
|
149 +/* |
|
150 + * Solaris libsa.a used for WAN boot doesn't provide for vfprintf(). Since |
|
151 + * OPENSSL_showfatal() is not used anywhere else then here we can safely use |
|
152 + * the code from 0.9.7d version. |
|
153 + */ |
|
154 +#ifndef _BOOT |
|
155 void OPENSSL_showfatal(const char *fmta, ...) |
|
156 { |
|
157 va_list ap; |
|
158 @@ -1112,6 +1134,7 @@ |
|
159 vfprintf(stderr, fmta, ap); |
|
160 va_end(ap); |
|
161 } |
|
162 +#endif /* _BOOT */ |
|
163 |
|
164 int OPENSSL_isservice(void) |
|
165 { |
|
166 @@ -1121,9 +1144,15 @@ |
|
167 |
|
168 void OpenSSLDie(const char *file, int line, const char *assertion) |
|
169 { |
|
170 +#ifndef _BOOT |
|
171 OPENSSL_showfatal |
|
172 ("%s(%d): OpenSSL internal error, assertion failed: %s\n", file, line, |
|
173 assertion); |
|
174 +#else |
|
175 + fprintf(stderr, |
|
176 + "%s(%d): OpenSSL internal error, assertion failed: %s\n", |
|
177 + file,line,assertion); |
|
178 +#endif |
|
179 #if !defined(_WIN32) || defined(__CYGWIN__) |
|
180 abort(); |
|
181 #else |
|
182 --- openssl-1.0.0e/crypto/err/err_all.c 2009-08-09 07:58:05.000000000 -0700 |
|
183 +++ openssl-1.0.0e_patched/crypto/err/err_all.c 2011-12-13 05:22:01.205351400 -0800 |
|
184 @@ -148,7 +148,9 @@ |
|
185 ERR_load_X509V3_strings(); |
|
186 ERR_load_PKCS12_strings(); |
|
187 ERR_load_RAND_strings(); |
|
188 +#ifndef _BOOT |
|
189 ERR_load_DSO_strings(); |
|
190 +#endif /* _BOOT */ |
|
191 ERR_load_TS_strings(); |
|
192 # ifndef OPENSSL_NO_ENGINE |
|
193 ERR_load_ENGINE_strings(); |
|
194 --- openssl-1.0.0e/crypto/evp/evp_key.c 2010-03-27 12:27:50.000000000 -0700 |
|
195 +++ openssl-1.0.0e_patched/crypto/evp/evp_key.c 2011-12-13 05:19:32.956908600 -0800 |
|
196 @@ -83,7 +83,7 @@ |
|
197 else |
|
198 return (prompt_string); |
|
199 } |
|
200 - |
|
201 +#ifndef _BOOT |
|
202 /* |
|
203 * For historical reasons, the standard function for reading passwords is in |
|
204 * the DES library -- if someone ever wants to disable DES, this function |
|
205 @@ -115,6 +115,7 @@ |
|
206 OPENSSL_cleanse(buff, BUFSIZ); |
|
207 return ret; |
|
208 } |
|
209 +#endif /* !_BOOT */ |
|
210 |
|
211 int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, |
|
212 const unsigned char *salt, const unsigned char *data, |
|
213 --- openssl-1.0.0e/crypto/rand/rand_unix.c 2009-04-06 07:31:36.000000000 -0700 |
|
214 +++ openssl-1.0.0e_patched/crypto/rand/rand_unix.c 2011-12-19 07:28:39.988944800 -0800 |
|
215 @@ -122,7 +122,11 @@ |
|
216 # include <sys/time.h> |
|
217 # include <sys/times.h> |
|
218 # include <sys/stat.h> |
|
219 +#ifdef _BOOT |
|
220 +# include <sys/fcntl.h> |
|
221 +#else |
|
222 # include <fcntl.h> |
|
223 +#endif |
|
224 # include <unistd.h> |
|
225 # include <time.h> |
|
226 # if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually |
|
227 @@ -259,6 +263,11 @@ |
|
228 const char **egdsocket = NULL; |
|
229 # endif |
|
230 |
|
231 +#ifdef _BOOT |
|
232 +/* open() is provided by standalone libsa not visible from here */ |
|
233 +extern int open(const char *, int); |
|
234 +#endif |
|
235 + |
|
236 # ifdef DEVRANDOM |
|
237 memset(randomstats, 0, sizeof(randomstats)); |
|
238 /* |
|
239 @@ -307,11 +316,15 @@ |
|
240 do { |
|
241 int try_read = 0; |
|
242 |
|
243 -# if defined(OPENSSL_SYS_BEOS_R5) |
|
244 +# if defined(OPENSSL_SYS_BEOS_R5) || defined(_BOOT) |
|
245 /* |
|
246 * select() is broken in BeOS R5, so we simply try to read |
|
247 * something and snooze if we couldn't |
|
248 */ |
|
249 + /* |
|
250 + * select() is not available when linking stand-alone |
|
251 + * library for wanboot |
|
252 + */ |
|
253 try_read = 1; |
|
254 |
|
255 # elif defined(OPENSSL_SYS_LINUX) |
|
256 @@ -365,6 +378,7 @@ |
|
257 } else |
|
258 r = -1; |
|
259 |
|
260 +#ifndef _BOOT |
|
261 /* |
|
262 * Some Unixen will update t in select(), some won't. For |
|
263 * those who won't, or if we didn't use select() in the first |
|
264 @@ -377,13 +391,17 @@ |
|
265 while ((r > 0 || |
|
266 (errno == EINTR || errno == EAGAIN)) && usec != 0 |
|
267 && n < ENTROPY_NEEDED); |
|
268 +#else /* _BOOT */ |
|
269 + } |
|
270 + while (r > 0 && n < ENTROPY_NEEDED); |
|
271 +#endif /* _BOOT */ |
|
272 |
|
273 close(fd); |
|
274 } |
|
275 } |
|
276 # endif /* defined(DEVRANDOM) */ |
|
277 |
|
278 -# ifdef DEVRANDOM_EGD |
|
279 +# if defined(DEVRANDOM_EGD) && !defined(_BOOT) |
|
280 /* |
|
281 * Use an EGD socket to read entropy from an EGD or PRNGD entropy |
|
282 * collecting daemon. |
|
283 @@ -407,6 +424,7 @@ |
|
284 } |
|
285 # endif |
|
286 |
|
287 +#ifndef _BOOT |
|
288 /* put in some default random data, we need more than just this */ |
|
289 l = curr_pid; |
|
290 RAND_add(&l, sizeof(l), 0.0); |
|
291 @@ -415,6 +433,7 @@ |
|
292 |
|
293 l = time(NULL); |
|
294 RAND_add(&l, sizeof(l), 0.0); |
|
295 +#endif /* !_BOOT */ |
|
296 |
|
297 # if defined(OPENSSL_SYS_BEOS) |
|
298 { |
|
299 --- openssl-1.0.0e/crypto/rand/randfile.c 2011-03-19 02:44:37.000000000 -0700 |
|
300 +++ openssl-1.0.0e_patched/crypto/rand/randfile.c 2011-12-13 05:26:51.884824200 -0800 |
|
301 @@ -191,6 +193,7 @@ |
|
302 return (ret); |
|
303 } |
|
304 |
|
305 +#ifndef _BOOT |
|
306 int RAND_write_file(const char *file) |
|
307 { |
|
308 unsigned char buf[BUFSIZE]; |
|
309 @@ -335,3 +338,5 @@ |
|
310 #endif |
|
311 return (buf); |
|
312 } |
|
313 + |
|
314 +#endif /* _BOOT */ |
|
315 --- openssl-1.0.0e/crypto/x509v3/v3_utl.c 2009-07-27 14:08:53.000000000 -0700 |
|
316 +++ openssl-1.0.0e_patched/crypto/x509v3/v3_utl.c 2011-12-13 05:10:08.844191400 -0800 |
|
317 @@ -1146,9 +1146,50 @@ |
|
318 } |
|
319 } |
|
320 |
|
321 +#if defined(_BOOT) |
|
322 +/* This function was copied from bio/b_sock.c */ |
|
323 +static int get_ip(const char *str, unsigned char ip[4]) |
|
324 +{ |
|
325 + unsigned int tmp[4]; |
|
326 + int num = 0, c, ok = 0; |
|
327 + |
|
328 + tmp[0]=tmp[1]=tmp[2]=tmp[3]=0; |
|
329 + |
|
330 + for (;;) { |
|
331 + c = *(str++); |
|
332 + if ((c >= '0') && (c <= '9')) { |
|
333 + ok = 1; |
|
334 + tmp[num] = tmp[num]*10+c-'0'; |
|
335 + if (tmp[num] > 255) |
|
336 + return(0); |
|
337 + } else if (c == '.') { |
|
338 + if (!ok) |
|
339 + return (-1); |
|
340 + if (num == 3) |
|
341 + return (0); |
|
342 + num++; |
|
343 + ok = 0; |
|
344 + } else if (c == '\0' && (num == 3) && ok) |
|
345 + break; |
|
346 + else |
|
347 + return(0); |
|
348 + } |
|
349 + ip[0]=tmp[0]; |
|
350 + ip[1]=tmp[1]; |
|
351 + ip[2]=tmp[2]; |
|
352 + ip[3]=tmp[3]; |
|
353 + return(1); |
|
354 +} |
|
355 +#endif /* _BOOT */ |
|
356 + |
|
357 static int ipv4_from_asc(unsigned char *v4, const char *in) |
|
358 { |
|
359 int a0, a1, a2, a3; |
|
360 + |
|
361 +#if defined(_BOOT) |
|
362 + if (get_ip(in, v4) != 1) |
|
363 + return 0; |
|
364 +#else /* _BOOT */ |
|
365 if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4) |
|
366 return 0; |
|
367 if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) |
|
368 @@ -1158,6 +1199,7 @@ |
|
369 v4[1] = a1; |
|
370 v4[2] = a2; |
|
371 v4[3] = a3; |
|
372 +#endif /* _BOOT */ |
|
373 return 1; |
|
374 } |
|
375 |
|
376 --- openssl-1.0.0e/e_os.h 2011-12-19 04:17:51.631087400 -0800 |
|
377 +++ openssl-1.0.0e_patched/e_os.h 2011-12-19 04:15:15.776668900 -0800 |
|
378 @@ -213,10 +213,19 @@ |
|
379 # define get_last_socket_error() errno |
|
380 # define clear_socket_error() errno=0 |
|
381 # define ioctlsocket(a,b,c) ioctl(a,b,c) |
|
382 +#ifdef _BOOT |
|
383 +#include <netinet/in.h> |
|
384 +extern int socket_read(int, void *, size_t, int); |
|
385 +extern int socket_close(int); |
|
386 +# define closesocket(s) socket_close(s) |
|
387 +# define readsocket(s,b,n) socket_read((s),(b),(n), 200) |
|
388 +# define writesocket(s,b,n) send((s),(b),(n), 0) |
|
389 +#else /* !_BOOT */ |
|
390 # define closesocket(s) close(s) |
|
391 # define readsocket(s,b,n) read((s),(b),(n)) |
|
392 # define writesocket(s,b,n) write((s),(b),(n)) |
|
393 # endif |
|
394 +#endif |
|
395 |
|
396 # ifdef WIN16 /* never the case */ |
|
397 # define MS_CALLBACK _far _loadds |
|
398 --- openssl-1.0.0e/crypto/sparcv9cap.c 2010-09-05 12:48:01.000000000 -0700 |
|
399 +++ openssl-1.0.0e_patched/crypto/sparcv9cap.c 2011-12-23 05:24:02.011607700 -0800 |
|
400 @@ -12,7 +12,11 @@ |
|
401 #if defined(__GNUC__) && defined(__linux) |
|
402 __attribute__ ((visibility("hidden"))) |
|
403 #endif |
|
404 +#ifndef _BOOT |
|
405 unsigned int OPENSSL_sparcv9cap_P[2] = { SPARCV9_TICK_PRIVILEGED, 0 }; |
|
406 +#else |
|
407 +unsigned int OPENSSL_sparcv9cap_P[2] = { SPARCV9_VIS1, 0 }; |
|
408 +#endif |
|
409 |
|
410 int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, |
|
411 const BN_ULONG *np, const BN_ULONG *n0, int num) |
|
412 @@ -74,6 +78,7 @@ |
|
413 size_t _sparcv9_vis1_instrument_bus(unsigned int *, size_t); |
|
414 size_t _sparcv9_vis1_instrument_bus2(unsigned int *, size_t, size_t); |
|
415 |
|
416 +#ifndef _BOOT |
|
417 unsigned long OPENSSL_rdtsc(void) |
|
418 { |
|
419 if (OPENSSL_sparcv9cap_P[0] & SPARCV9_TICK_PRIVILEGED) |
|
420 @@ -103,9 +108,20 @@ |
|
421 else |
|
422 return 0; |
|
423 } |
|
424 +#endif |
|
425 |
|
426 -#if 0 && defined(__sun) && defined(__SVR4) |
|
427 +#if defined(_BOOT) |
|
428 /* |
|
429 + * Hardcoding sparc capabilities for wanboot. |
|
430 + * Older CPUs are EOLed anyway. |
|
431 + */ |
|
432 +void OPENSSL_cpuid_setup(void) |
|
433 +{ |
|
434 + OPENSSL_sparcv9cap_P[0] = SPARCV9_VIS1; |
|
435 +} |
|
436 + |
|
437 +#elif 0 && defined(__sun) && defined(__SVR4) |
|
438 +/* |
|
439 * This code path is disabled, because of incompatibility of libdevinfo.so.1 |
|
440 * and libmalloc.so.1 (see below for details) |
|
441 */ |
|
442 --- openssl-1.0.0e/crypto/sparccpuid.S 2010-09-05 12:48:01.000000000 -0700 |
|
443 +++ openssl-1.0.0e_patched/crypto/sparccpuid.S 2012-02-13 07:42:58.259478325 -0800 |
|
444 @@ -400,6 +400,7 @@ |
|
445 .type OPENSSL_cleanse,#function |
|
446 .size OPENSSL_cleanse,.-OPENSSL_cleanse |
|
447 |
|
448 +#ifndef _BOOT |
|
449 .global _sparcv9_vis1_instrument_bus |
|
450 .weak _sparcv9_vis1_instrument_bus |
|
451 .align 8 |
|
452 @@ -501,3 +502,7 @@ |
|
453 nop |
|
454 call OPENSSL_cpuid_setup |
|
455 nop |
|
456 +#else |
|
457 + nop |
|
458 + nop |
|
459 +#endif |
|
460 --- openssl-1.0.1c/crypto/Makefile Thu Aug 2 12:56:38 2012 |
|
461 +++ openssl-1.0.1c/crypto/Makefile.new Thu Aug 2 12:59:43 2012 |
|
462 @@ -36,9 +36,9 @@ |
|
463 LIB= $(TOP)/libcrypto.a |
|
464 SHARED_LIB= libcrypto$(SHLIB_EXT) |
|
465 LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \ |
|
466 - ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c |
|
467 + ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c wanboot-stubs.c |
|
468 LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o \ |
|
469 - uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ) |
|
470 + uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o wanboot-stubs.o $(CPUID_OBJ) |
|
471 |
|
472 SRC= $(LIBSRC) |
|
473 |
|
474 --- openssl-1.0.1f/ssl/s3_clnt.c Thu Jan 30 02:53:33 2014 |
|
475 +++ openssl-1.0.1f/ssl/s3_clnt.c.new Thu Jan 30 02:57:51 2014 |
|
476 @@ -698,6 +698,7 @@ |
|
477 if (!ssl_get_new_session(s, 0)) |
|
478 goto err; |
|
479 } |
|
480 +#ifndef _BOOT |
|
481 if (s->method->version == DTLS_ANY_VERSION) { |
|
482 /* Determine which DTLS version to use */ |
|
483 int options = s->options; |
|
484 @@ -730,6 +731,7 @@ |
|
485 } |
|
486 s->client_version = s->version; |
|
487 } |
|
488 +#endif |
|
489 /* else use the pre-loaded session */ |
|
490 |
|
491 p = s->s3->client_random; |
|
492 @@ -750,8 +750,12 @@ |
|
493 } else |
|
494 i = 1; |
|
495 |
|
496 +#ifndef _BOOT |
|
497 if (i && ssl_fill_hello_random(s, 0, p, |
|
498 sizeof(s->s3->client_random)) <= 0) |
|
499 +#else |
|
500 + if (i && RAND_pseudo_bytes(p, sizeof(s->s3->client_random)) <= 0) |
|
501 +#endif |
|
502 goto err; |
|
503 |
|
504 /* Do the message type and length last */ |
|
505 @@ -938,6 +942,7 @@ |
|
506 } |
|
507 |
|
508 d = p = (unsigned char *)s->init_msg; |
|
509 +#ifndef _BOOT |
|
510 if (s->method->version == DTLS_ANY_VERSION) { |
|
511 /* Work out correct protocol version to use */ |
|
512 int hversion = (p[0] << 8) | p[1]; |
|
513 @@ -960,6 +965,7 @@ |
|
514 } |
|
515 s->session->ssl_version = s->version = s->method->version; |
|
516 } |
|
517 +#endif |
|
518 |
|
519 if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) { |
|
520 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION); |
|
521 --- openssl-1.0.1f/ssl/s3_lib.c Wed Oct 15 11:18:30 2014 |
|
522 +++ openssl-1.0.1f/ssl/s3_lib.c.new Wed Oct 15 11:20:07 2014 |
|
523 @@ -3574,7 +3574,11 @@ |
|
524 * Apparently we're using a version-flexible SSL_METHOD (not at its |
|
525 * highest protocol version). |
|
526 */ |
|
527 +#ifndef _BOOT |
|
528 if (s->ctx->method->version == SSLv23_method()->version) { |
|
529 +#else |
|
530 + if (s->ctx->method->version == TLS1_2_VERSION) { |
|
531 +#endif |
|
532 #if TLS_MAX_VERSION != TLS1_2_VERSION |
|
533 # error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION. |
|
534 #endif |
|
535 --- openssl-1.0.2d/ssl/ssl_algs.c.orig Fri Aug 7 08:54:56 2015 |
|
536 +++ openssl-1.0.2d/ssl/ssl_algs.c Fri Aug 7 08:14:38 2015 |
|
537 @@ -96,8 +96,10 @@ |
|
538 EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); |
|
539 # endif |
|
540 # if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) |
|
541 +#ifndef _BOOT |
|
542 EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); |
|
543 EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); |
|
544 +#endif |
|
545 # endif |
|
546 |
|
547 #endif |
|
548 --- openssl-1.0.2d/ssl/ssl_cert.c.orig Fri Aug 7 08:57:29 2015 |
|
549 +++ openssl-1.0.2d/ssl/ssl_cert.c Fri Aug 7 08:14:37 2015 |
|
550 @@ -384,11 +384,13 @@ |
|
551 ret->ciphers_raw = NULL; |
|
552 |
|
553 #ifndef OPENSSL_NO_TLSEXT |
|
554 +#ifndef _BOOT |
|
555 if (!custom_exts_copy(&ret->cli_ext, &cert->cli_ext)) |
|
556 goto err; |
|
557 if (!custom_exts_copy(&ret->srv_ext, &cert->srv_ext)) |
|
558 goto err; |
|
559 #endif |
|
560 +#endif |
|
561 |
|
562 return (ret); |
|
563 |
|
564 @@ -409,9 +411,11 @@ |
|
565 #endif |
|
566 |
|
567 #ifndef OPENSSL_NO_TLSEXT |
|
568 +#ifndef _BOOT |
|
569 custom_exts_free(&ret->cli_ext); |
|
570 custom_exts_free(&ret->srv_ext); |
|
571 #endif |
|
572 +#endif |
|
573 |
|
574 ssl_cert_clear_certs(ret); |
|
575 |
|
576 @@ -502,11 +506,13 @@ |
|
577 if (c->ciphers_raw) |
|
578 OPENSSL_free(c->ciphers_raw); |
|
579 #ifndef OPENSSL_NO_TLSEXT |
|
580 +#ifndef _BOOT |
|
581 custom_exts_free(&c->cli_ext); |
|
582 custom_exts_free(&c->srv_ext); |
|
583 if (c->alpn_proposed) |
|
584 OPENSSL_free(c->alpn_proposed); |
|
585 #endif |
|
586 +#endif |
|
587 OPENSSL_free(c); |
|
588 } |
|
589 |
|
590 --- openssl-1.0.2d/ssl/ssl_conf.c.orig Fri Aug 7 08:57:43 2015 |
|
591 +++ openssl-1.0.2d/ssl/ssl_conf.c Fri Aug 7 08:14:38 2015 |
|
592 @@ -386,6 +386,7 @@ |
|
593 return rv > 0; |
|
594 } |
|
595 |
|
596 +#ifndef _BOOT |
|
597 static int cmd_ServerInfoFile(SSL_CONF_CTX *cctx, const char *value) |
|
598 { |
|
599 int rv = 1; |
|
600 @@ -398,6 +399,8 @@ |
|
601 return rv > 0; |
|
602 } |
|
603 |
|
604 +#endif |
|
605 + |
|
606 #ifndef OPENSSL_NO_DH |
|
607 static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value) |
|
608 { |
|
609 @@ -456,7 +459,9 @@ |
|
610 SSL_CONF_CMD_STRING(Options, NULL), |
|
611 SSL_CONF_CMD(Certificate, "cert", SSL_CONF_TYPE_FILE), |
|
612 SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_TYPE_FILE), |
|
613 +#ifndef _BOOT |
|
614 SSL_CONF_CMD(ServerInfoFile, NULL, SSL_CONF_TYPE_FILE), |
|
615 +#endif |
|
616 #ifndef OPENSSL_NO_DH |
|
617 SSL_CONF_CMD(DHParameters, "dhparam", SSL_CONF_TYPE_FILE) |
|
618 #endif |
|
619 --- openssl-1.0.2d/ssl/ssl_rsa.c.orig Fri Aug 7 08:58:26 2015 |
|
620 +++ openssl-1.0.2d/ssl/ssl_rsa.c Fri Aug 7 08:14:38 2015 |
|
621 @@ -788,6 +788,7 @@ |
|
622 return 0; /* Error */ |
|
623 } |
|
624 |
|
625 +#ifndef _BOOT |
|
626 static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type, |
|
627 const unsigned char *in, |
|
628 size_t inlen, int *al, void *arg) |
|
629 @@ -1005,4 +1006,5 @@ |
|
630 return ret; |
|
631 } |
|
632 # endif /* OPENSSL_NO_STDIO */ |
|
633 +#endif /*!_BOOT*/ |
|
634 #endif /* OPENSSL_NO_TLSEXT */ |
|
635 --- openssl-1.0.2d/ssl/t1_lib.c.orig Fri Aug 7 08:59:39 2015 |
|
636 +++ openssl-1.0.2d/ssl/t1_lib.c Fri Aug 7 09:01:32 2015 |
|
637 @@ -1559,10 +1559,12 @@ |
|
638 ret += el; |
|
639 } |
|
640 # endif |
|
641 +#ifndef _BOOT |
|
642 custom_ext_init(&s->cert->cli_ext); |
|
643 /* Add custom TLS Extensions to ClientHello */ |
|
644 if (!custom_ext_add(s, 0, &ret, limit, al)) |
|
645 return NULL; |
|
646 +#endif |
|
647 |
|
648 /* |
|
649 * Add padding to workaround bugs in F5 terminators. See |
|
650 @@ -1798,8 +1800,10 @@ |
|
651 } |
|
652 } |
|
653 # endif |
|
654 +#ifndef _BOOT |
|
655 if (!custom_ext_add(s, 1, &ret, limit, al)) |
|
656 return NULL; |
|
657 +#endif |
|
658 |
|
659 if (s->s3->alpn_selected) { |
|
660 const unsigned char *selected = s->s3->alpn_selected; |
|
661 @@ -2428,6 +2432,7 @@ |
|
662 return 0; |
|
663 } |
|
664 |
|
665 +#ifndef _BOOT |
|
666 /* |
|
667 * Parse any custom extensions found. "data" is the start of the extension data |
|
668 * and "limit" is the end of the record. TODO: add strict syntax checking. |
|
669 @@ -2464,6 +2469,7 @@ |
|
670 |
|
671 return 1; |
|
672 } |
|
673 +#endif /*!_BOOT*/ |
|
674 |
|
675 int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, |
|
676 unsigned char *limit) |
|
677 @@ -2486,11 +2492,13 @@ |
|
678 return 0; |
|
679 } |
|
680 |
|
681 +#ifndef _BOOT |
|
682 custom_ext_init(&s->cert->srv_ext); |
|
683 if (ssl_scan_clienthello_custom_tlsext(s, ptmp, limit, &al) <= 0) { |
|
684 ssl3_send_alert(s, SSL3_AL_FATAL, al); |
|
685 return 0; |
|
686 } |
|
687 +#endif |
|
688 |
|
689 return 1; |
|
690 } |
|
691 @@ -2762,6 +2770,7 @@ |
|
692 return 0; |
|
693 } |
|
694 # endif |
|
695 +#ifndef _BOOT |
|
696 /* |
|
697 * If this extension type was not otherwise handled, but matches a |
|
698 * custom_cli_ext_record, then send it to the c callback |
|
699 @@ -2768,6 +2777,7 @@ |
|
700 */ |
|
701 else if (custom_ext_parse(s, 0, type, data, size, al) <= 0) |
|
702 return 0; |
|
703 +#endif |
|
704 |
|
705 data += size; |
|
706 } |
|
707 --- openssl-1.0.2d/crypto/x509/x_all.c.orig Fri Aug 7 09:28:54 2015 |
|
708 +++ openssl-1.0.2d/crypto/x509/x_all.c Fri Aug 7 08:14:33 2015 |
|
709 @@ -106,11 +106,13 @@ |
|
710 x->sig_alg, x->signature, x->cert_info, ctx); |
|
711 } |
|
712 |
|
713 +#ifndef _BOOT |
|
714 int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert) |
|
715 { |
|
716 return OCSP_REQ_CTX_nbio_d2i(rctx, |
|
717 (ASN1_VALUE **)pcert, ASN1_ITEM_rptr(X509)); |
|
718 } |
|
719 +#endif |
|
720 |
|
721 int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) |
|
722 { |
|
723 @@ -140,6 +142,7 @@ |
|
724 x->crl, ctx); |
|
725 } |
|
726 |
|
727 +#ifndef _BOOT |
|
728 int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl) |
|
729 { |
|
730 return OCSP_REQ_CTX_nbio_d2i(rctx, |
|
731 @@ -146,6 +149,7 @@ |
|
732 (ASN1_VALUE **)pcrl, |
|
733 ASN1_ITEM_rptr(X509_CRL)); |
|
734 } |
|
735 +#endif |
|
736 |
|
737 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) |
|
738 { |
|
739 --- openssl-1.0.2d/crypto/dh/dh_ameth.c.orig Fri Aug 7 10:19:49 2015 |
|
740 +++ openssl-1.0.2d/crypto/dh/dh_ameth.c Fri Aug 7 08:14:35 2015 |
|
741 @@ -557,6 +557,7 @@ |
|
742 return do_dh_print(bp, x, 4, NULL, 0); |
|
743 } |
|
744 |
|
745 +#ifndef _BOOT |
|
746 #ifndef OPENSSL_NO_CMS |
|
747 static int dh_cms_decrypt(CMS_RecipientInfo *ri); |
|
748 static int dh_cms_encrypt(CMS_RecipientInfo *ri); |
|
749 @@ -583,6 +584,7 @@ |
|
750 } |
|
751 |
|
752 } |
|
753 +#endif |
|
754 |
|
755 const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { |
|
756 EVP_PKEY_DH, |
|
757 @@ -645,9 +647,14 @@ |
|
758 0, |
|
759 |
|
760 int_dh_free, |
|
761 +#ifndef _BOOT |
|
762 dh_pkey_ctrl |
|
763 +#else |
|
764 + 0 |
|
765 +#endif |
|
766 }; |
|
767 |
|
768 +#ifndef _BOOT |
|
769 #ifndef OPENSSL_NO_CMS |
|
770 |
|
771 static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, |
|
772 @@ -955,3 +962,5 @@ |
|
773 } |
|
774 |
|
775 #endif |
|
776 + |
|
777 +#endif |
|
778 --- openssl-1.0.2d/crypto/dh/dh_pmeth.c.orig Fri Aug 7 10:16:52 2015 |
|
779 +++ openssl-1.0.2d/crypto/dh/dh_pmeth.c Fri Aug 7 08:14:34 2015 |
|
780 @@ -194,11 +194,13 @@ |
|
781 dctx->use_dsa = p1; |
|
782 return 1; |
|
783 |
|
784 +#ifndef _BOOT |
|
785 case EVP_PKEY_CTRL_DH_RFC5114: |
|
786 if (p1 < 1 || p1 > 3) |
|
787 return -2; |
|
788 dctx->rfc5114_param = p1; |
|
789 return 1; |
|
790 +#endif |
|
791 |
|
792 case EVP_PKEY_CTRL_PEER_KEY: |
|
793 /* Default behaviour is OK */ |
|
794 @@ -207,7 +209,11 @@ |
|
795 case EVP_PKEY_CTRL_DH_KDF_TYPE: |
|
796 if (p1 == -2) |
|
797 return dctx->kdf_type; |
|
798 +#ifndef _BOOT |
|
799 if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42) |
|
800 +#else |
|
801 + if (p1 != EVP_PKEY_DH_KDF_NONE) |
|
802 +#endif |
|
803 return -2; |
|
804 dctx->kdf_type = p1; |
|
805 return 1; |
|
806 @@ -268,6 +274,7 @@ |
|
807 len = atoi(value); |
|
808 return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len); |
|
809 } |
|
810 +#ifndef _BOOT |
|
811 if (!strcmp(type, "dh_rfc5114")) { |
|
812 DH_PKEY_CTX *dctx = ctx->data; |
|
813 int len; |
|
814 @@ -277,6 +284,7 @@ |
|
815 dctx->rfc5114_param = len; |
|
816 return 1; |
|
817 } |
|
818 +#endif |
|
819 if (!strcmp(type, "dh_paramgen_generator")) { |
|
820 int len; |
|
821 len = atoi(value); |
|
822 @@ -355,6 +363,7 @@ |
|
823 DH_PKEY_CTX *dctx = ctx->data; |
|
824 BN_GENCB *pcb, cb; |
|
825 int ret; |
|
826 +#ifndef _BOOT |
|
827 if (dctx->rfc5114_param) { |
|
828 switch (dctx->rfc5114_param) { |
|
829 case 1: |
|
830 @@ -375,6 +384,7 @@ |
|
831 EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh); |
|
832 return 1; |
|
833 } |
|
834 +#endif |
|
835 |
|
836 if (ctx->pkey_gencb) { |
|
837 pcb = &cb; |
|
838 @@ -448,6 +458,7 @@ |
|
839 return ret; |
|
840 *keylen = ret; |
|
841 return 1; |
|
842 +#ifndef _BOOT |
|
843 } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { |
|
844 unsigned char *Z = NULL; |
|
845 size_t Zlen = 0; |
|
846 @@ -478,6 +489,7 @@ |
|
847 OPENSSL_free(Z); |
|
848 } |
|
849 return ret; |
|
850 +#endif |
|
851 } |
|
852 return 1; |
|
853 } |
|
854 --- openssl-1.0.2d/crypto/evp/e_des3.c.orig Fri Aug 7 10:22:12 2015 |
|
855 +++ openssl-1.0.2d/crypto/evp/e_des3.c Fri Aug 7 10:23:16 2015 |
|
856 @@ -381,6 +381,8 @@ |
|
857 return &des_ede3_ecb; |
|
858 } |
|
859 |
|
860 +#ifndef _BOOT |
|
861 + |
|
862 # ifndef OPENSSL_NO_SHA |
|
863 |
|
864 # include <openssl/sha.h> |
|
865 @@ -491,4 +493,6 @@ |
|
866 } |
|
867 |
|
868 # endif |
|
869 +#endif |
|
870 + |
|
871 #endif |
|
872 --- openssl-1.0.2d/crypto/evp/c_allc.c.orig Fri Aug 7 10:21:48 2015 |
|
873 +++ openssl-1.0.2d/crypto/evp/c_allc.c Fri Aug 7 08:14:31 2015 |
|
874 @@ -93,8 +93,10 @@ |
|
875 EVP_add_cipher(EVP_des_ecb()); |
|
876 EVP_add_cipher(EVP_des_ede()); |
|
877 EVP_add_cipher(EVP_des_ede3()); |
|
878 +#ifndef _BOOT |
|
879 EVP_add_cipher(EVP_des_ede3_wrap()); |
|
880 #endif |
|
881 +#endif |
|
882 |
|
883 #ifndef OPENSSL_NO_RC4 |
|
884 EVP_add_cipher(EVP_rc4()); |
|
885 @@ -207,8 +209,10 @@ |
|
886 EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); |
|
887 # endif |
|
888 # if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) |
|
889 +#ifndef _BOOT |
|
890 EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); |
|
891 EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); |
|
892 +#endif |
|
893 # endif |
|
894 #endif |
|
895 |
|
896 --- openssl-1.0.2d/crypto/cms/cms_env.c.orig Fri Aug 7 10:25:00 2015 |
|
897 +++ openssl-1.0.2d/crypto/cms/cms_env.c Fri Aug 7 10:25:37 2015 |
|
898 @@ -106,6 +106,7 @@ |
|
899 int i; |
|
900 if (ri->type == CMS_RECIPINFO_TRANS) |
|
901 pkey = ri->d.ktri->pkey; |
|
902 +#ifndef _BOOT |
|
903 else if (ri->type == CMS_RECIPINFO_AGREE) { |
|
904 EVP_PKEY_CTX *pctx = ri->d.kari->pctx; |
|
905 if (!pctx) |
|
906 @@ -114,6 +115,9 @@ |
|
907 if (!pkey) |
|
908 return 0; |
|
909 } else |
|
910 +#else |
|
911 + else |
|
912 +#endif |
|
913 return 0; |
|
914 if (!pkey->ameth || !pkey->ameth->pkey_ctrl) |
|
915 return 1; |
|
916 @@ -148,8 +152,10 @@ |
|
917 { |
|
918 if (ri->type == CMS_RECIPINFO_TRANS) |
|
919 return ri->d.ktri->pctx; |
|
920 +#ifndef _BOOT |
|
921 else if (ri->type == CMS_RECIPINFO_AGREE) |
|
922 return ri->d.kari->pctx; |
|
923 +#endif |
|
924 return NULL; |
|
925 } |
|
926 |
|
927 @@ -255,10 +261,12 @@ |
|
928 goto err; |
|
929 break; |
|
930 |
|
931 +#ifndef _BOOT |
|
932 case CMS_RECIPINFO_AGREE: |
|
933 if (!cms_RecipientInfo_kari_init(ri, recip, pk, flags)) |
|
934 goto err; |
|
935 break; |
|
936 +#endif |
|
937 |
|
938 default: |
|
939 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, |
|
940 @@ -827,8 +835,10 @@ |
|
941 case CMS_RECIPINFO_TRANS: |
|
942 return cms_RecipientInfo_ktri_encrypt(cms, ri); |
|
943 |
|
944 +#ifndef _BOOT |
|
945 case CMS_RECIPINFO_AGREE: |
|
946 return cms_RecipientInfo_kari_encrypt(cms, ri); |
|
947 +#endif |
|
948 |
|
949 case CMS_RECIPINFO_KEK: |
|
950 return cms_RecipientInfo_kekri_encrypt(cms, ri); |