# HG changeset patch # User Misaki Miyashita # Date 1443634667 25200 # Node ID 37c8a5df8c41c11dcad8e0d8e3f88e1f7395ebb3 # Parent 8eb64ba1b2ad0af772892aec4ee40c46a111d018 21696912 fix for bug 20231102 does not disable SSLv3 fully diff -r 8eb64ba1b2ad -r 37c8a5df8c41 components/openssl/common/patches/041_rm_sslv2_v3.patch --- a/components/openssl/common/patches/041_rm_sslv2_v3.patch Wed Sep 30 09:48:41 2015 -0700 +++ b/components/openssl/common/patches/041_rm_sslv2_v3.patch Wed Sep 30 10:37:47 2015 -0700 @@ -18,7 +18,7 @@ static void *dummy = &dummy; # endif --- openssl-1.0.1/ssl/s2_clnt.c Fri May 8 09:37:51 2015 -+++ openssl-1.0.1/ssl/ss2_clnt.c.new Fri May 8 09:53:12 2015 ++++ openssl-1.0.1/ssl/s2_clnt.c.new Fri May 8 09:53:12 2015 @@ -1087,6 +1087,13 @@ } #else /* !OPENSSL_NO_SSL2 */ @@ -83,6 +83,58 @@ # ifndef OPENSSL_NO_SSL3_METHOD const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ +--- openssl/ssl/s3_meth.c.orig Fri Sep 11 12:19:54 2015 ++++ openssl/ssl/s3_meth.c Fri Sep 11 12:22:24 2015 +@@ -71,4 +71,13 @@ + + IMPLEMENT_ssl3_meth_func(SSLv3_method, + ssl3_accept, ssl3_connect, ssl3_get_method) ++#else /* !OPENSSL_NO_SSL3_METHOD */ ++ ++/* stub function */ ++const SSL_METHOD * ++SSLv3_method(void) ++{ ++ return (NULL); ++} ++ + #endif +--- openssl/ssl/s3_clnt.c.orig Fri Sep 11 12:21:09 2015 ++++ openssl/ssl/s3_clnt.c Fri Sep 11 12:24:31 2015 +@@ -184,6 +184,15 @@ + IMPLEMENT_ssl3_meth_func(SSLv3_client_method, + ssl_undefined_function, + ssl3_connect, ssl3_get_client_method) ++#else /* !OPENSSL_NO_SSL3_METHOD */ ++ ++/* stub function */ ++const SSL_METHOD * ++SSLv3_client_method(void) ++{ ++ return (NULL); ++} ++ + #endif + int ssl3_connect(SSL *s) + { +--- openssl/ssl/s3_srvr.c.orig Fri Sep 11 12:21:18 2015 ++++ openssl/ssl/s3_srvr.c Fri Sep 11 12:24:15 2015 +@@ -184,6 +184,15 @@ + IMPLEMENT_ssl3_meth_func(SSLv3_server_method, + ssl3_accept, + ssl_undefined_function, ssl3_get_server_method) ++#else /* !OPENSSL_NO_SSL3_METHOD */ ++ ++/* stub function */ ++const SSL_METHOD * ++SSLv3_server_method(void) ++{ ++ return (NULL); ++} ++ + #endif + #ifndef OPENSSL_NO_SRP + static int ssl_check_srp_ext_ClientHello(SSL *s, int *al) --- openssl-1.0.1/doc/ssl/SSL_CIPHER_get_name.pod Tue May 26 11:13:15 2015 +++ openssl-1.0.1/doc/ssl/SSL_CIPHER_get_name.pod.new Tue May 26 11:32:09 2015 @@ -25,7 +25,7 @@ diff -r 8eb64ba1b2ad -r 37c8a5df8c41 components/openssl/common/patches/042-suppress_v8plus_abi_warnings.patch --- a/components/openssl/common/patches/042-suppress_v8plus_abi_warnings.patch Wed Sep 30 09:48:41 2015 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,70 +0,0 @@ -# -# Patch developed in-house. Solaris-specific; not suitable for upstream. -# -# Suppress warnings about sparcv8+ ABI violation -# when building T4-specific modules as 32-bit: -# v8+ ABI violation: illegal use of %i or %l register as rs1 in "brnz,a" instruction -# This has been confirmed as a valid usecase and is thus intentional. -# ---- a/crypto/aes/Makefile.orig čt dub 30 03:15:03 2015 -+++ b/crypto/aes/Makefile čt dub 30 03:19:32 2015 -@@ -75,6 +75,9 @@ - aest4-sparcv9.s: asm/aest4-sparcv9.pl ../perlasm/sparcv9_modes.pl - $(PERL) asm/aest4-sparcv9.pl $(CFLAGS) > $@ - -+aest4-sparcv9.o: aest4-sparcv9.s -+ $(AS) $(ASFLAGS) -Wa,-n -o $@ $^ -+ - aes-ppc.s: asm/aes-ppc.pl - $(PERL) asm/aes-ppc.pl $(PERLASM_SCHEME) $@ - vpaes-ppc.s: asm/vpaes-ppc.pl ---- a/crypto/sha/Makefile.orig čt dub 30 14:37:32 2015 -+++ b/crypto/sha/Makefile čt dub 30 14:40:49 2015 -@@ -73,6 +73,8 @@ - sha1-sparcv9.S: asm/sha1-sparcv9.pl; $(PERL) asm/sha1-sparcv9.pl $@ $(CFLAGS) - sha256-sparcv9.S:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS) - sha512-sparcv9.S:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS) -+sha512-sparcv9.o: sha512-sparcv9.S -+ $(CC) $(CFLAGS) -Wa,-n -c -o $@ $^ - - sha1-ppc.s: asm/sha1-ppc.pl; $(PERL) asm/sha1-ppc.pl $(PERLASM_SCHEME) $@ - sha256-ppc.s: asm/sha512-ppc.pl; $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@ ---- a/crypto/bn/Makefile.orig čt dub 30 14:43:20 2015 -+++ b/crypto/bn/Makefile čt dub 30 14:45:11 2015 -@@ -79,8 +79,12 @@ - $(PERL) asm/sparcv9-mont.pl $(CFLAGS) > $@ - vis3-mont.s: asm/vis3-mont.pl - $(PERL) asm/vis3-mont.pl $(CFLAGS) > $@ -+vis3-mont.o: vis3-mont.s -+ $(AS) $(ASFLAGS) -Wa,-n -o $@ $^ - sparct4-mont.S: asm/sparct4-mont.pl - $(PERL) asm/sparct4-mont.pl $(CFLAGS) > $@ -+sparct4-mont.o: sparct4-mont.S -+ $(CC) $(CFLAGS) -Wa,-n -c -o $@ $^ - sparcv9-gf2m.S: asm/sparcv9-gf2m.pl - $(PERL) asm/sparcv9-gf2m.pl $(CFLAGS) > $@ - ---- a/crypto/camellia/Makefile.orig Fri Aug 21 14:51:49 2015rypto/camellia/Makef -+++ b/crypto/camellia/Makefile Fri Aug 21 14:53:18 2015.2d/crypto/camellia/Make -@@ -51,6 +51,9 @@ - cmllt4-sparcv9.s: asm/cmllt4-sparcv9.pl ../perlasm/sparcv9_modes.pl - $(PERL) asm/cmllt4-sparcv9.pl $(CFLAGS) > $@ - -+cmllt4-sparcv9.o: cmllt4-sparcv9.s -+ $(AS) $(ASFLAGS) -Wa,-n -o $@ $^ -+ - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO - ---- a/crypto/modes/Makefile.orig Fri Aug 21 15:22:37 2015 -+++ b/crypto/modes/Makefile Fri Aug 21 15:26:12 2015 -@@ -54,6 +54,9 @@ - $(PERL) asm/aesni-gcm-x86_64.pl $(PERLASM_SCHEME) > $@ - ghash-sparcv9.s: asm/ghash-sparcv9.pl - $(PERL) asm/ghash-sparcv9.pl $@ $(CFLAGS) -+ghash-sparcv9.o: ghash-sparcv9.s -+ $(AS) $(ASFLAGS) -Wa,-n -o $@ $^ -+ - ghash-alpha.s: asm/ghash-alpha.pl - (preproc=$$$$.$@.S; trap "rm $$preproc" INT; \ - $(PERL) asm/ghash-alpha.pl > $$preproc && \ diff -r 8eb64ba1b2ad -r 37c8a5df8c41 components/openssl/common/patches/044-suppress_v8plus_abi_warnings.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/common/patches/044-suppress_v8plus_abi_warnings.patch Wed Sep 30 10:37:47 2015 -0700 @@ -0,0 +1,70 @@ +# +# Patch developed in-house. Solaris-specific; not suitable for upstream. +# +# Suppress warnings about sparcv8+ ABI violation +# when building T4-specific modules as 32-bit: +# v8+ ABI violation: illegal use of %i or %l register as rs1 in "brnz,a" instruction +# This has been confirmed as a valid usecase and is thus intentional. +# +--- a/crypto/aes/Makefile.orig čt dub 30 03:15:03 2015 ++++ b/crypto/aes/Makefile čt dub 30 03:19:32 2015 +@@ -75,6 +75,9 @@ + aest4-sparcv9.s: asm/aest4-sparcv9.pl ../perlasm/sparcv9_modes.pl + $(PERL) asm/aest4-sparcv9.pl $(CFLAGS) > $@ + ++aest4-sparcv9.o: aest4-sparcv9.s ++ $(AS) $(ASFLAGS) -Wa,-n -o $@ $^ ++ + aes-ppc.s: asm/aes-ppc.pl + $(PERL) asm/aes-ppc.pl $(PERLASM_SCHEME) $@ + vpaes-ppc.s: asm/vpaes-ppc.pl +--- a/crypto/sha/Makefile.orig čt dub 30 14:37:32 2015 ++++ b/crypto/sha/Makefile čt dub 30 14:40:49 2015 +@@ -73,6 +73,8 @@ + sha1-sparcv9.S: asm/sha1-sparcv9.pl; $(PERL) asm/sha1-sparcv9.pl $@ $(CFLAGS) + sha256-sparcv9.S:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS) + sha512-sparcv9.S:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS) ++sha512-sparcv9.o: sha512-sparcv9.S ++ $(CC) $(CFLAGS) -Wa,-n -c -o $@ $^ + + sha1-ppc.s: asm/sha1-ppc.pl; $(PERL) asm/sha1-ppc.pl $(PERLASM_SCHEME) $@ + sha256-ppc.s: asm/sha512-ppc.pl; $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@ +--- a/crypto/bn/Makefile.orig čt dub 30 14:43:20 2015 ++++ b/crypto/bn/Makefile čt dub 30 14:45:11 2015 +@@ -79,8 +79,12 @@ + $(PERL) asm/sparcv9-mont.pl $(CFLAGS) > $@ + vis3-mont.s: asm/vis3-mont.pl + $(PERL) asm/vis3-mont.pl $(CFLAGS) > $@ ++vis3-mont.o: vis3-mont.s ++ $(AS) $(ASFLAGS) -Wa,-n -o $@ $^ + sparct4-mont.S: asm/sparct4-mont.pl + $(PERL) asm/sparct4-mont.pl $(CFLAGS) > $@ ++sparct4-mont.o: sparct4-mont.S ++ $(CC) $(CFLAGS) -Wa,-n -c -o $@ $^ + sparcv9-gf2m.S: asm/sparcv9-gf2m.pl + $(PERL) asm/sparcv9-gf2m.pl $(CFLAGS) > $@ + +--- a/crypto/camellia/Makefile.orig Fri Aug 21 14:51:49 2015rypto/camellia/Makef ++++ b/crypto/camellia/Makefile Fri Aug 21 14:53:18 2015.2d/crypto/camellia/Make +@@ -51,6 +51,9 @@ + cmllt4-sparcv9.s: asm/cmllt4-sparcv9.pl ../perlasm/sparcv9_modes.pl + $(PERL) asm/cmllt4-sparcv9.pl $(CFLAGS) > $@ + ++cmllt4-sparcv9.o: cmllt4-sparcv9.s ++ $(AS) $(ASFLAGS) -Wa,-n -o $@ $^ ++ + files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +--- a/crypto/modes/Makefile.orig Fri Aug 21 15:22:37 2015 ++++ b/crypto/modes/Makefile Fri Aug 21 15:26:12 2015 +@@ -54,6 +54,9 @@ + $(PERL) asm/aesni-gcm-x86_64.pl $(PERLASM_SCHEME) > $@ + ghash-sparcv9.s: asm/ghash-sparcv9.pl + $(PERL) asm/ghash-sparcv9.pl $@ $(CFLAGS) ++ghash-sparcv9.o: ghash-sparcv9.s ++ $(AS) $(ASFLAGS) -Wa,-n -o $@ $^ ++ + ghash-alpha.s: asm/ghash-alpha.pl + (preproc=$$$$.$@.S; trap "rm $$preproc" INT; \ + $(PERL) asm/ghash-alpha.pl > $$preproc && \ diff -r 8eb64ba1b2ad -r 37c8a5df8c41 components/openssl/openssl-default/Makefile --- a/components/openssl/openssl-default/Makefile Wed Sep 30 09:48:41 2015 -0700 +++ b/components/openssl/openssl-default/Makefile Wed Sep 30 10:37:47 2015 -0700 @@ -109,7 +109,7 @@ # Disable SSLv2 and SSLv3 protocols CONFIGURE_OPTIONS += no-ssl2 -CONFIGURE_OPTIONS += no-ssl3 +CONFIGURE_OPTIONS += no-ssl3 no-ssl3-method # We use both no-whirlpool and no-whrlpool since there is an inconsistency in # the OpenSSL code and one needs both to build OpenSSL successfully with diff -r 8eb64ba1b2ad -r 37c8a5df8c41 components/openssl/openssl-fips-140/Makefile --- a/components/openssl/openssl-fips-140/Makefile Wed Sep 30 09:48:41 2015 -0700 +++ b/components/openssl/openssl-fips-140/Makefile Wed Sep 30 10:37:47 2015 -0700 @@ -109,7 +109,7 @@ # Disable SSLv2 and SSLv3 protocols CONFIGURE_OPTIONS += no-ssl2 -CONFIGURE_OPTIONS += no-ssl3 +CONFIGURE_OPTIONS += no-ssl3 no-ssl3-method # We define our own compiler and linker option sets for Solaris. See Configure # for more information.