--- a/components/openssl/openssl-1.0.1/patches/30_wanboot.patch Wed Oct 12 06:26:22 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,486 +0,0 @@
-#
-# This patch file makes the changes neccessary to build wanboot-openssl.o
-# binary. This is Solaris-specific: not suitable for upstream.
-#
---- openssl-1.0.0g/Makefile.org 2010-01-27 08:06:58.000000000 -0800
-+++ openssl-1.0.0g-1/Makefile.org 2012-03-26 03:04:08.440194448 -0700
-@@ -138,7 +138,13 @@
-
- BASEADDR=
-
-+# For wanboot, we only need crypto and ssl.
-+# 'apps' are not patched to work in stand-alone environment anyway.
-+ifeq ($(PLATFORM), solaris64-sparcv9-cc-sunw-wanboot)
-+DIRS= crypto ssl
-+else
- DIRS= crypto ssl engines apps test tools
-+endif
- ENGDIRS= ccgost
- SHLIBDIRS= crypto ssl
-
---- openssl-1.0.0g/Makefile 2012-01-18 05:42:28.000000000 -0800
-+++ openssl-1.0.0g-1/Makefile 2012-03-26 03:03:59.170540344 -0700
-@@ -137,7 +137,13 @@
-
- BASEADDR=0xFB00000
-
-+# For wanboot, we only need crypto and ssl.
-+# 'apps' are not patched to work in stand-alone environment anyway.
-+ifeq ($(PLATFORM), solaris64-sparcv9-cc-sunw-wanboot)
-+DIRS= crypto ssl
-+else
- DIRS= crypto ssl engines apps test tools
-+endif
- ENGDIRS= ccgost
- SHLIBDIRS= crypto ssl
-
---- openssl-1.0.0e/crypto/cryptlib.c 2011-06-22 08:39:00.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/cryptlib.c 2011-12-12 06:17:45.422476900 -0800
-@@ -421,11 +421,13 @@
- static void solaris_locking_callback(int mode, int type, const char *file,
- int line)
- {
-+#ifndef _BOOT
- if (mode & CRYPTO_LOCK) {
- pthread_mutex_lock(&solaris_openssl_locks[type]);
- } else {
- pthread_mutex_unlock(&solaris_openssl_locks[type]);
- }
-+#endif
- }
-
-
-@@ -435,6 +437,7 @@
- static struct CRYPTO_dynlock_value *
- solaris_dynlock_create(const char *file, int line)
- {
-+#ifndef _BOOT
- int ret;
- pthread_mutex_t *dynlock;
-
-@@ -447,6 +450,9 @@
- OPENSSL_assert(ret);
-
- return ((struct CRYPTO_dynlock_value *)dynlock);
-+#else
-+ return (NULL);
-+#endif
- }
-
- static void
-@@ -453,6 +459,7 @@
- solaris_dynlock_lock(int mode, struct CRYPTO_dynlock_value *dynlock,
- const char *file, int line)
- {
-+#ifndef _BOOT
- int ret;
-
- if (mode & CRYPTO_LOCK) {
-@@ -462,6 +469,7 @@
- }
-
- OPENSSL_assert(ret == 0);
-+#endif
- }
-
- static void
-@@ -468,9 +476,11 @@
- solaris_dynlock_destroy(struct CRYPTO_dynlock_value *dynlock,
- const char *file, int line)
- {
-+#ifndef _BOOT
- int ret;
- ret = pthread_mutex_destroy((pthread_mutex_t *)dynlock);
- OPENSSL_assert(ret);
-+#endif
- }
-
-
-@@ -514,6 +524,12 @@
- }
-
- /*
-+ * pthread_* can't be used in wanboot.
-+ * wanboot needs not be thread-safe and mutexes and locking callback
-+ * function will not be setup for wanboot.
-+ */
-+#ifndef _BOOT
-+ /*
- * Set atfork handler so that child can setup its own mutexes and
- * locking callbacks when it is forked
- */
-@@ -534,7 +550,7 @@
- pthread_mutex_init(&solaris_openssl_locks[i], NULL);
- }
- locking_callback = solaris_locking_callback;
--
-+#endif
- }
-
- void CRYPTO_set_locking_callback(void (*func) (int mode, int type,
-@@ -1084,6 +1100,12 @@
- MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONSTOP);
- }
- #else
-+/*
-+ * Solaris libsa.a used for WAN boot doesn't provide for vfprintf(). Since
-+ * OPENSSL_showfatal() is not used anywhere else then here we can safely use
-+ * the code from 0.9.7d version.
-+ */
-+#ifndef _BOOT
- void OPENSSL_showfatal(const char *fmta, ...)
- {
- va_list ap;
-@@ -1092,6 +1114,7 @@
- vfprintf(stderr, fmta, ap);
- va_end(ap);
- }
-+#endif /* _BOOT */
-
- int OPENSSL_isservice(void)
- {
-@@ -1101,9 +1124,15 @@
-
- void OpenSSLDie(const char *file, int line, const char *assertion)
- {
-+#ifndef _BOOT
- OPENSSL_showfatal
- ("%s(%d): OpenSSL internal error, assertion failed: %s\n", file, line,
- assertion);
-+#else
-+ fprintf(stderr,
-+ "%s(%d): OpenSSL internal error, assertion failed: %s\n",
-+ file,line,assertion);
-+#endif
- #if !defined(_WIN32) || defined(__CYGWIN__)
- abort();
- #else
---- openssl-1.0.0e/crypto/err/err_all.c 2009-08-09 07:58:05.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/err/err_all.c 2011-12-13 05:22:01.205351400 -0800
-@@ -148,7 +148,9 @@
- ERR_load_X509V3_strings();
- ERR_load_PKCS12_strings();
- ERR_load_RAND_strings();
-+#ifndef _BOOT
- ERR_load_DSO_strings();
-+#endif /* _BOOT */
- ERR_load_TS_strings();
- # ifndef OPENSSL_NO_ENGINE
- ERR_load_ENGINE_strings();
---- openssl-1.0.0e/crypto/evp/evp_key.c 2010-03-27 12:27:50.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/evp/evp_key.c 2011-12-13 05:19:32.956908600 -0800
-@@ -83,7 +83,7 @@
- else
- return (prompt_string);
- }
--
-+#ifndef _BOOT
- /*
- * For historical reasons, the standard function for reading passwords is in
- * the DES library -- if someone ever wants to disable DES, this function
-@@ -115,6 +115,7 @@
- OPENSSL_cleanse(buff, BUFSIZ);
- return ret;
- }
-+#endif /* !_BOOT */
-
- int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
- const unsigned char *salt, const unsigned char *data,
---- openssl-1.0.0e/crypto/rand/rand_unix.c 2009-04-06 07:31:36.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/rand/rand_unix.c 2011-12-19 07:28:39.988944800 -0800
-@@ -122,7 +122,11 @@
- # include <sys/time.h>
- # include <sys/times.h>
- # include <sys/stat.h>
-+#ifdef _BOOT
-+# include <sys/fcntl.h>
-+#else
- # include <fcntl.h>
-+#endif
- # include <unistd.h>
- # include <time.h>
- # if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually
-@@ -259,6 +263,11 @@
- const char **egdsocket = NULL;
- # endif
-
-+#ifdef _BOOT
-+/* open() is provided by standalone libsa not visible from here */
-+extern int open(const char *, int);
-+#endif
-+
- # ifdef DEVRANDOM
- memset(randomstats, 0, sizeof(randomstats));
- /*
-@@ -307,11 +316,15 @@
- do {
- int try_read = 0;
-
--# if defined(OPENSSL_SYS_BEOS_R5)
-+# if defined(OPENSSL_SYS_BEOS_R5) || defined(_BOOT)
- /*
- * select() is broken in BeOS R5, so we simply try to read
- * something and snooze if we couldn't
- */
-+ /*
-+ * select() is not available when linking stand-alone
-+ * library for wanboot
-+ */
- try_read = 1;
-
- # elif defined(OPENSSL_SYS_LINUX)
-@@ -365,6 +378,7 @@
- } else
- r = -1;
-
-+#ifndef _BOOT
- /*
- * Some Unixen will update t in select(), some won't. For
- * those who won't, or if we didn't use select() in the first
-@@ -377,13 +391,17 @@
- while ((r > 0 ||
- (errno == EINTR || errno == EAGAIN)) && usec != 0
- && n < ENTROPY_NEEDED);
-+#else /* _BOOT */
-+ }
-+ while (r > 0 && n < ENTROPY_NEEDED);
-+#endif /* _BOOT */
-
- close(fd);
- }
- }
- # endif /* defined(DEVRANDOM) */
-
--# ifdef DEVRANDOM_EGD
-+# if defined(DEVRANDOM_EGD) && !defined(_BOOT)
- /*
- * Use an EGD socket to read entropy from an EGD or PRNGD entropy
- * collecting daemon.
-@@ -407,6 +424,7 @@
- }
- # endif
-
-+#ifndef _BOOT
- /* put in some default random data, we need more than just this */
- l = curr_pid;
- RAND_add(&l, sizeof(l), 0.0);
-@@ -415,6 +433,7 @@
-
- l = time(NULL);
- RAND_add(&l, sizeof(l), 0.0);
-+#endif /* !_BOOT */
-
- # if defined(OPENSSL_SYS_BEOS)
- {
---- openssl-1.0.0e/crypto/rand/randfile.c 2011-03-19 02:44:37.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/rand/randfile.c 2011-12-13 05:26:51.884824200 -0800
-@@ -57,9 +57,11 @@
- */
-
- /* We need to define this to get macros like S_IFBLK and S_IFCHR */
-+#ifndef _BOOT
- #if !defined(OPENSSL_SYS_VXWORKS)
- # define _XOPEN_SOURCE 500
- #endif
-+#endif /* _BOOT */
-
- #include <errno.h>
- #include <stdio.h>
-@@ -191,6 +193,7 @@
- return (ret);
- }
-
-+#ifndef _BOOT
- int RAND_write_file(const char *file)
- {
- unsigned char buf[BUFSIZE];
-@@ -335,3 +338,5 @@
- #endif
- return (buf);
- }
-+
-+#endif /* _BOOT */
---- openssl-1.0.0e/crypto/x509v3/v3_utl.c 2009-07-27 14:08:53.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/x509v3/v3_utl.c 2011-12-13 05:10:08.844191400 -0800
-@@ -715,9 +715,50 @@
- }
- }
-
-+#if defined(_BOOT)
-+/* This function was copied from bio/b_sock.c */
-+static int get_ip(const char *str, unsigned char ip[4])
-+{
-+ unsigned int tmp[4];
-+ int num = 0, c, ok = 0;
-+
-+ tmp[0]=tmp[1]=tmp[2]=tmp[3]=0;
-+
-+ for (;;) {
-+ c = *(str++);
-+ if ((c >= '0') && (c <= '9')) {
-+ ok = 1;
-+ tmp[num] = tmp[num]*10+c-'0';
-+ if (tmp[num] > 255)
-+ return(0);
-+ } else if (c == '.') {
-+ if (!ok)
-+ return (-1);
-+ if (num == 3)
-+ return (0);
-+ num++;
-+ ok = 0;
-+ } else if (c == '\0' && (num == 3) && ok)
-+ break;
-+ else
-+ return(0);
-+ }
-+ ip[0]=tmp[0];
-+ ip[1]=tmp[1];
-+ ip[2]=tmp[2];
-+ ip[3]=tmp[3];
-+ return(1);
-+}
-+#endif /* _BOOT */
-+
- static int ipv4_from_asc(unsigned char *v4, const char *in)
- {
- int a0, a1, a2, a3;
-+
-+#if defined(_BOOT)
-+ if (get_ip(in, v4) != 1)
-+ return 0;
-+#else /* _BOOT */
- if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
- return 0;
- if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
-@@ -727,6 +768,7 @@
- v4[1] = a1;
- v4[2] = a2;
- v4[3] = a3;
-+#endif /* _BOOT */
- return 1;
- }
-
---- openssl-1.0.0e/e_os.h 2011-12-19 04:17:51.631087400 -0800
-+++ openssl-1.0.0e_patched/e_os.h 2011-12-19 04:15:15.776668900 -0800
-@@ -213,10 +213,19 @@
- # define get_last_socket_error() errno
- # define clear_socket_error() errno=0
- # define ioctlsocket(a,b,c) ioctl(a,b,c)
-+#ifdef _BOOT
-+#include <netinet/in.h>
-+extern int socket_read(int, void *, size_t, int);
-+extern int socket_close(int);
-+# define closesocket(s) socket_close(s)
-+# define readsocket(s,b,n) socket_read((s),(b),(n), 200)
-+# define writesocket(s,b,n) send((s),(b),(n), 0)
-+#else /* !_BOOT */
- # define closesocket(s) close(s)
- # define readsocket(s,b,n) read((s),(b),(n))
- # define writesocket(s,b,n) write((s),(b),(n))
- # endif
-+#endif
-
- # ifdef WIN16 /* never the case */
- # define MS_CALLBACK _far _loadds
---- openssl-1.0.0e/crypto/sparcv9cap.c 2010-09-05 12:48:01.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/sparcv9cap.c 2011-12-23 05:24:02.011607700 -0800
-@@ -12,7 +12,11 @@
- #define SPARCV9_VIS2 (1<<3) /* reserved */
- #define SPARCV9_FMADD (1<<4) /* reserved for SPARC64 V */
-
-+#ifndef _BOOT
- static int OPENSSL_sparcv9cap_P = SPARCV9_TICK_PRIVILEGED;
-+#else
-+static int OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
-+#endif
-
- int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
- const BN_ULONG *np, const BN_ULONG *n0, int num)
-@@ -36,6 +40,7 @@
- void _sparcv9_vis2_probe(void);
- void _sparcv9_fmadd_probe(void);
-
-+#ifndef _BOOT
- unsigned long OPENSSL_rdtsc(void)
- {
- if (OPENSSL_sparcv9cap_P & SPARCV9_TICK_PRIVILEGED)
-@@ -47,8 +52,19 @@
- else
- return _sparcv9_rdtick();
- }
-+#endif
-+
-+#if defined(_BOOT)
-+/*
-+ * Hardcoding sparc capabilities for wanboot.
-+ * Older CPUs are EOLed anyway.
-+ */
-+void OPENSSL_cpuid_setup(void)
-+ {
-+ OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
-+ }
-
--#if 0 && defined(__sun) && defined(__SVR4)
-+#elif 0 && defined(__sun) && defined(__SVR4)
- /*
- * This code path is disabled, because of incompatibility of libdevinfo.so.1
- * and libmalloc.so.1 (see below for details)
---- openssl-1.0.0e/crypto/sparccpuid.S 2010-09-05 12:48:01.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/sparccpuid.S 2012-02-13 07:42:58.259478325 -0800
-@@ -397,8 +397,13 @@
- .type OPENSSL_cleanse,#function
- .size OPENSSL_cleanse,.-OPENSSL_cleanse
-
-+#ifndef _BOOT
- .section ".init",#alloc,#execinstr
- call solaris_locking_setup
- nop
- call OPENSSL_cpuid_setup
- nop
-+#else
-+ nop
-+ nop
-+#endif
---- openssl-1.0.1c/crypto/Makefile Thu Aug 2 12:56:38 2012
-+++ openssl-1.0.1c/crypto/Makefile.new Thu Aug 2 12:59:43 2012
-@@ -36,9 +36,9 @@
- LIB= $(TOP)/libcrypto.a
- SHARED_LIB= libcrypto$(SHLIB_EXT)
- LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
-- ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c
-+ ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c wanboot-stubs.c
- LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o \
-- uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ)
-+ uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o wanboot-stubs.o $(CPUID_OBJ)
-
- SRC= $(LIBSRC)
-
---- openssl-1.0.1f/ssl/s3_clnt.c Thu Jan 30 02:53:33 2014
-+++ openssl-1.0.1f/ssl/s3_clnt.c.new Thu Jan 30 02:57:51 2014
-@@ -668,7 +668,11 @@
-
- p = s->s3->client_random;
-
-+#ifndef _BOOT
- if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
-+#else
-+ if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0)
-+#endif
- goto err;
-
- /* Do the message type and length last */
---- openssl-1.0.1f/ssl/s3_lib.c Wed Oct 15 11:18:30 2014
-+++ openssl-1.0.1f/ssl/s3_lib.c.new Wed Oct 15 11:20:07 2014
-@@ -3343,7 +3343,11 @@
- * Apparently we're using a version-flexible SSL_METHOD (not at its
- * highest protocol version).
- */
-+#ifndef _BOOT
- if (s->ctx->method->version == SSLv23_method()->version) {
-+#else
-+ if (s->ctx->method->version == TLS1_2_VERSION) {
-+#endif
- #if TLS_MAX_VERSION != TLS1_2_VERSION
- # error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION.
- #endif