7156086 OpenSSL for wanboot should not be build in a separate directory
7153178 Problem with crypto/openssl
--- a/components/openssl/README Fri Apr 06 11:00:02 2012 -0700
+++ b/components/openssl/README Sun Apr 08 02:30:08 2012 -0700
@@ -29,10 +29,9 @@
fips-140, and once for 0.9.8 FIPS-140 canister (in the openssl-fips component)
needed to build 0.9.8 FIPS-140 certified libraries. All builds apart from
static libraries for wanboot are done for 32 and 64 bits. So, in total, OpenSSL
-is built seven times.
+is built seven times. OpenSSL for wanboot is only build on sparc.
-For more details on OpenSSL for wanboot see openssl-1.0.0-wanboot/README.
-See also comments in all three Makefiles for more information.
+See also comments in all the Makefiles for more information.
The non-fips Build.
---
@@ -58,8 +57,11 @@
sub-directory.
18-compiler_opts.patch
-Adds four Solaris specific configurations (both 32bit and 64bit for both sparc
-and x86) to Configure which are then explicitly used by the Makefiles.
+Adds five Solaris specific configurations (both 32bit and 64bit for both sparc
+and x86, plus 64bit sparc for wanboot) to Configure which are then explicitly
+used by the Makefiles. Wanboot configuration is special in that it doesn't link
+with libc and uses -xF=%all to put functions in separate sections, so that
+unused code can be discarded.
Care should be taken if modifying this patch as changes to compile-time options
can change the ABI. One example of this is the use of RC4_INT vs RC4_CHAR.
@@ -81,6 +83,22 @@
Modifies engines/Makefile so that the devcrypto engine will be built in the
"engines" directory.
+30_wanboot.patch:
+Wanboot specific patches.
+- modified Makefiles not to build in engines apps test tools
+- not using vfprintf for error print in crypto/cryptlib.c
+- not using ERR_load_DSO_strings() in crypto/err/err_all.c
+- not using EVP_read_pw_string() in crypto/evp/evp_key.c
+ - reading password is implemented in disabled DES library
+- avoid select() in crypto/rand/rand_unix.c
+- direct reading of IP to avoid sscanf() in crypto/x509v3/v3_utl.c
+- using functions from libsock in e_os.h
+- by-passing version of sparc detection in crypto/sparcv9cap.c
+ - results in not using FPU for big numbers multiplication
+ - should be ok - original detection seems broken, FPU gets never used
+- implementation of atoi()
+
+
openssl-1.0.0d-aesni-v4.i386-patch
X86-only patch.
Add a built-in engine, aesni, to support X86 AES-NI instructions, along with
@@ -118,3 +136,166 @@
sparc-01-ccwrap.patch
Workaround so that fingerprinting the canister during runtime and comparing it
with the saved fingerprint works correctly.
+
+The wanboot Build
+----
+
+There are some significant differences when building OpenSSL for wanboot.
+
+Some additional Configuration options are needed:
+-DNO_CHMOD chmod not available in stand-alone environment
+-DBOOT guard for wanboot specific patches
+-DOPENSSL_NO_DTLS1 to avoid dtls1_min_mtu() - DTLS not used anyway
+
+List of object files for wanboot-openssl.o
+----
+
+At this moment, object files for wanboot-openssl.o need to be listed explicitly.
+This is cumbersome and relatively tedious with respect to upgrading to higher
+version of openssl.
+
+In future, it would be nice, if this could be performed automatically by the
+linker. The required interface for wanboot is already defined in a mapfile and
+linker option '-zdiscard-unused=sections,files' is already used to discard
+unused code.
+But sadly, at this moment when the linker is given all the object files, it
+correctly discards some unused files, but references to undefined symbols from
+the discarded files don't get discarded along. Later, these undefined references
+cause wanboot linking failure.
+
+In order to determine which openssl object files are required for wanboot,
+first build static standalone openssl bits in Userland. As a site effect,
+static libraries libssl.a and libcrypto.a are created in build/sparcv9-wanboot.
+
+ $ cd $USERLAND/components/openssl/openssl-1.0.0 ; gmake build
+
+Next, collect some information from linking wanboot static libraries in ON.
+This can be done by the following hack.
+
+ $ cd $ON/usr/src/psm/stand/boot/sparcv9/sun4
+ $ touch wanboot.o
+ $ LD_OPTIONS="-Dfiles,symbols,output=ld.dbg \
+ -L$USERLAND/components/openssl/openssl-1.0.0/build/sparcv9-wanboot " \
+ WAN_OPENSSL=" -lwanboot -lssl -lcrypto" dmake all
+
+The following sort of information ends up in ld.dbg (note that the debugging
+output from the link-editor is not considered a 'stable interface' and may
+change in the future):
+
+ debug: file=/builds/tkuthan/ul-wanboot-rebuilt/components/openssl/openssl-1.0.0/build/sparcv9-wanboot/libcrypto.a(sparcv9cap.o) [ ET_REL ]
+ debug:
+ debug: symbol table processing; file=/builds/tkuthan/ul-wanboot-rebuilt/components/openssl/openssl-1.0.0/build/sparcv9-wanboot/libcrypto.a(sparcv9cap.o) [ ET_REL ]
+ debug: symbol[1]=sparcv9cap.c
+ ....
+
+Now run the following script in Userland:
+
+ #!/bin/bash
+
+ # set to workspace paths:
+ USERLAND=/builds/tkuthan/ul-wanboot-rebuilt
+ ON=/builds/tkuthan/on11u1-wanboot-rti
+
+ BUILD=$USERLAND/components/openssl/openssl-1.0.0/build/sparcv9-wanboot
+ LD_DBG=$ON/usr/src/psm/stand/boot/sparcv9/sun4/ld.dbg
+
+ for i in `find $BUILD/crypto $BUILD/ssl -name '*.o'`
+ do
+ f=`basename $i`
+ if grep -q "^debug: file.*\<$f\>" $LD_DBG
+ then
+ echo $i | sed "s#$BUILD/##"
+ fi
+ done
+
+to get the list of required object files.
+
+Additionally, you can format the list for including to Makefile by:
+ sort | tr '\n' ' ' | fold -s -w74 | sed -e 's/^/ /' -e 's/$/\\/'
+
+Linking with wanboot
+----
+
+When linking with wanboot please pay attention to following pitfalls.
+
+Correct openssl header files need to be included. This is done in
+$ON/usr/src/stand/lib/wanboot/Makefile
+Make sure CPPFLAGS point to the right directories.
+
+EXTREME CAUTION needs to be employed, if WANBOOT GREW IN SIZE because of the
+changes!
+Wanboot is a statically linked standalone binary and it is loaded on a fixed
+address before execution. This address is defined in
+$ON/usr/src/psm/stand/boot/sparc/common/mapfile:
+
+ 27 LOAD_SEGMENT text {
+ 28 FLAGS = READ EXECUTE;
+ 29 VADDR = 0x130000;
+ 30 ASSIGN_SECTION {
+ 31 TYPE = PROGBITS;
+ 32 FLAGS = ALLOC !WRITE;
+ 33 };
+ 34 };
+
+This address (VADDR) NEEDS TO BE GREATER THEN
+ size of wanboot binary + 0x4000
+
+The reason for this is in how wanboot is loaded by OpenBoot Prom:
+1) user initiates boot from network - "boot net"
+2) obp loads wanboot binary at address 0x4000
+3) obp parses ELF header, reads virtual address where to load wanboot to
+4) obp mem-copies .text section to this address
+5) obp copies .data section behind .text
+6) obp starts executing wanboot at entry address
+
+If the given address is too small, obp overwrites part of .data with
+instructions from .text in step 4. resulting in .data being corrupted.
+Initialized variables get bogus values and failure is inevitable.
+This is very hard to troubleshoot.
+
+
+Testing wanboot with new openssl
+----
+
+With every upgrade of OpenSSL, it is necessary to make sure wanboot builds and
+works well with the new bits.
+
+Provided you have a freshly built ON workspace, you can link wanboot with new
+OpenSSL bits by redefining WAN_OPENSSL macro:
+
+ # copy wanboot-openssl.o to ON build machine
+ cp wanboot-openssl.o /var/tmp/
+
+ # prepare to rebuild wanboot
+ cd $ON
+ bldenv developer.sh
+ cd usr/src/psm/stand/boot/sparcv9/sun4
+
+ # hack to force a rebuild
+ touch wanboot.o
+
+ # link new OpenSSL to wanboot
+ WAN_OPENSSL=/var/tmp/wanboot-openssl.o dmake all
+
+Wanboot should build without warning.
+
+If there is something like this in the output:
+
+ Undefined first referenced
+ symbol in file
+ CRYPTO_ccm128_setiv /var/tmp/wanboot-openssl.o
+ SSL_get_srtp_profiles /var/tmp/wanboot-openssl.o
+ ssl_parse_clienthello_use_srtp_ext /var/tmp/wanboot-openssl.o
+ CRYPTO_gcm128_setiv /var/tmp/wanboot-openssl.o
+ ...
+ cmac_pkey_meth /var/tmp/wanboot-openssl.o
+ ld: fatal: symbol referencing errors. No output written to wanboot
+ *** Error code 1
+ dmake: Fatal error: Command failed for target `wanboot'
+
+some additional work has to be done in OpenSSL to either satisfy the function
+references listed in the linker error message, or to remove the calls to these
+functions.
+
+Finally, resulting wanboot binary shall be deployed on some install server and
+wanbooting from this server shall be tested.
--- a/components/openssl/openssl-1.0.0-wanboot/Makefile Fri Apr 06 11:00:02 2012 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,250 +0,0 @@
-#
-# CDDL HEADER START
-#
-# The contents of this file are subject to the terms of the
-# Common Development and Distribution License (the "License").
-# You may not use this file except in compliance with the License.
-#
-# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
-# or http://www.opensolaris.org/os/licensing.
-# See the License for the specific language governing permissions
-# and limitations under the License.
-#
-# When distributing Covered Code, include this CDDL HEADER in each
-# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
-# If applicable, add the following below this CDDL HEADER, with the
-# fields enclosed by brackets "[]" replaced with your own identifying
-# information: Portions Copyright [yyyy] [name of copyright owner]
-#
-# CDDL HEADER END
-#
-# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
-
-
-#
-# This component is not to be installed. It is used from openssl-1.0.0
-# to build static stand-alone OpenSSL binaries to link with wanboot.
-#
-
-include ../../../make-rules/shared-macros.mk
-
-# COMPONENT_NAME, COMPONENT_VERSION, IPS_COMPONENT_VERSION and some other
-# related macros definitions were moved to ../openssl-1.0.0/Makefile.version
-# in order to keep OpenSSL versions in ../openssl-1.0.0 and
-# ../openssl-1.0.0-wanboot in sync
-include ../openssl-1.0.0/Makefile.version
-
-include $(WS_TOP)/make-rules/prep.mk
-include $(WS_TOP)/make-rules/configure.mk
-include $(WS_TOP)/make-rules/ips.mk
-include $(WS_TOP)/make-rules/lint-libraries.mk
-
-PATH=$(SPRO_VROOT)/bin:/usr/bin:/usr/gnu/bin:/usr/perl5/bin
-
-# OpenSSL does not use autoconf but its own configure system.
-CONFIGURE_SCRIPT = $(SOURCE_DIR)/Configure
-
-# This is to force OpenSSL's Configure script to use gmake for "make links".
-# Otherwise it fails with:
-# mksh: Fatal error in reader: Unmatched `(' on line
-CONFIGURE_ENV += MAKE="$(GMAKE)"
-
-CONFIGURE_OPTIONS = -DNO_WINDOWS_BRAINDEATH
-CONFIGURE_OPTIONS += -DNO_CHMOD -D_BOOT -DOPENSSL_NO_DTLS1
-CONFIGURE_OPTIONS += no-cast
-CONFIGURE_OPTIONS += no-dso
-CONFIGURE_OPTIONS += no-ec
-CONFIGURE_OPTIONS += no-ecdh
-CONFIGURE_OPTIONS += no-ecdsa
-CONFIGURE_OPTIONS += no-mdc2
-CONFIGURE_OPTIONS += no-rc3
-CONFIGURE_OPTIONS += no-rc4
-CONFIGURE_OPTIONS += no-rc5
-CONFIGURE_OPTIONS += no-ripemd
-CONFIGURE_OPTIONS += no-idea
-CONFIGURE_OPTIONS += no-hw
-CONFIGURE_OPTIONS += no-threads
-CONFIGURE_OPTIONS += no-shared
-CONFIGURE_OPTIONS += no-seed
-# We use both no-whirlpool and no-whrlpool since there is an inconsistency in
-# the OpenSSL code and one needs both to build OpenSSL successfully with
-# Whirlpool implementation removed.
-CONFIGURE_OPTIONS += no-whirlpool
-CONFIGURE_OPTIONS += no-whrlpool
-
-# For wanboot, we only need 64-bit sparc binaries
-CONFIGURE_OPTIONS += solaris64-sparcv9-cc-sunw
-
-# OpenSSL has its own configure system which must be run from the fully
-# populated source code directory. However, the Userland configuration phase is
-# run from the build directory. So, we must get the full source code into the
-# build directory.
-COMPONENT_PRE_CONFIGURE_ACTION = \
- ( $(CLONEY) $(SOURCE_DIR) $(BUILD_DIR)/$(MACH$(BITS)); )
-
-# File stubs.c stubs out several functions, that are not available for wanboot.
-# We do not provide it in a form of a patch to ease future maintenance.
-COMPONENT_PRE_BUILD_ACTION = \
- ( $(CP) -fp files/stubs.c $(@D)/crypto/; )
-
-# Object files for wanboot-openssl.o have to be listed explicitly.
-WANBOOT_OBJS = \
- crypto/aes/aes-sparcv9.o crypto/aes/aes_cbc.o crypto/aes/aes_cfb.o \
- crypto/aes/aes_core.o crypto/aes/aes_ecb.o crypto/aes/aes_ofb.o \
- crypto/aes/aes_wrap.o crypto/asn1/a_bitstr.o crypto/asn1/a_bool.o \
- crypto/asn1/a_bytes.o crypto/asn1/a_d2i_fp.o crypto/asn1/a_digest.o \
- crypto/asn1/a_dup.o crypto/asn1/a_enum.o crypto/asn1/a_gentm.o \
- crypto/asn1/a_i2d_fp.o crypto/asn1/a_int.o crypto/asn1/a_mbstr.o \
- crypto/asn1/a_object.o crypto/asn1/a_octet.o crypto/asn1/a_print.o \
- crypto/asn1/a_set.o crypto/asn1/a_sign.o crypto/asn1/a_strex.o \
- crypto/asn1/a_strnid.o crypto/asn1/a_time.o crypto/asn1/a_type.o \
- crypto/asn1/a_utctm.o crypto/asn1/a_utf8.o crypto/asn1/a_verify.o \
- crypto/asn1/ameth_lib.o crypto/asn1/asn1_err.o crypto/asn1/asn1_gen.o \
- crypto/asn1/asn1_lib.o crypto/asn1/asn1_par.o crypto/asn1/asn_mime.o \
- crypto/asn1/asn_pack.o crypto/asn1/bio_asn1.o crypto/asn1/bio_ndef.o \
- crypto/asn1/d2i_pr.o crypto/asn1/evp_asn1.o crypto/asn1/f_int.o \
- crypto/asn1/f_string.o crypto/asn1/i2d_pr.o crypto/asn1/nsseq.o \
- crypto/asn1/p5_pbe.o crypto/asn1/p5_pbev2.o crypto/asn1/p8_pkey.o \
- crypto/asn1/t_pkey.o crypto/asn1/t_x509.o crypto/asn1/t_x509a.o \
- crypto/asn1/tasn_dec.o crypto/asn1/tasn_enc.o crypto/asn1/tasn_fre.o \
- crypto/asn1/tasn_new.o crypto/asn1/tasn_prn.o crypto/asn1/tasn_typ.o \
- crypto/asn1/tasn_utl.o crypto/asn1/x_algor.o crypto/asn1/x_attrib.o \
- crypto/asn1/x_bignum.o crypto/asn1/x_crl.o crypto/asn1/x_exten.o \
- crypto/asn1/x_info.o crypto/asn1/x_long.o crypto/asn1/x_name.o \
- crypto/asn1/x_pkey.o crypto/asn1/x_pubkey.o crypto/asn1/x_req.o \
- crypto/asn1/x_sig.o crypto/asn1/x_spki.o crypto/asn1/x_val.o \
- crypto/asn1/x_x509.o crypto/asn1/x_x509a.o crypto/bf/bf_cfb64.o \
- crypto/bf/bf_ecb.o crypto/bf/bf_enc.o crypto/bf/bf_ofb64.o \
- crypto/bf/bf_skey.o crypto/bio/b_dump.o crypto/bio/b_print.o \
- crypto/bio/bf_buff.o crypto/bio/bio_err.o crypto/bio/bio_lib.o \
- crypto/bio/bss_file.o crypto/bio/bss_mem.o crypto/bio/bss_null.o \
- crypto/bio/bss_sock.o crypto/bn/bn-sparcv9.o crypto/bn/bn_add.o \
- crypto/bn/bn_blind.o crypto/bn/bn_ctx.o crypto/bn/bn_div.o \
- crypto/bn/bn_err.o crypto/bn/bn_exp.o crypto/bn/bn_exp2.o \
- crypto/bn/bn_gcd.o crypto/bn/bn_lib.o crypto/bn/bn_mod.o \
- crypto/bn/bn_mont.o crypto/bn/bn_mul.o crypto/bn/bn_prime.o \
- crypto/bn/bn_print.o crypto/bn/bn_rand.o crypto/bn/bn_recp.o \
- crypto/bn/bn_shift.o crypto/bn/bn_sqr.o crypto/bn/bn_word.o \
- crypto/bn/sparcv9-mont.o crypto/bn/sparcv9a-mont.o \
- crypto/buffer/buf_err.o crypto/buffer/buffer.o crypto/camellia/camellia.o \
- crypto/camellia/cmll_cbc.o crypto/camellia/cmll_cfb.o \
- crypto/camellia/cmll_ecb.o crypto/camellia/cmll_misc.o \
- crypto/camellia/cmll_ofb.o crypto/cms/cms_asn1.o crypto/cms/cms_att.o \
- crypto/cms/cms_dd.o crypto/cms/cms_enc.o crypto/cms/cms_env.o \
- crypto/cms/cms_err.o crypto/cms/cms_io.o crypto/cms/cms_lib.o \
- crypto/cms/cms_sd.o crypto/comp/c_zlib.o crypto/comp/comp_err.o \
- crypto/comp/comp_lib.o crypto/conf/conf_api.o crypto/conf/conf_def.o \
- crypto/conf/conf_err.o crypto/conf/conf_lib.o crypto/conf/conf_mod.o \
- crypto/cpt_err.o crypto/cryptlib.o crypto/des/cfb64ede.o \
- crypto/des/cfb64enc.o crypto/des/cfb_enc.o crypto/des/des_enc-sparc.o \
- crypto/des/ecb3_enc.o crypto/des/ecb_enc.o crypto/des/ofb64ede.o \
- crypto/des/ofb64enc.o crypto/des/set_key.o crypto/des/xcbc_enc.o \
- crypto/dh/dh_ameth.o crypto/dh/dh_asn1.o crypto/dh/dh_check.o \
- crypto/dh/dh_err.o crypto/dh/dh_gen.o crypto/dh/dh_key.o \
- crypto/dh/dh_lib.o crypto/dh/dh_pmeth.o crypto/dsa/dsa_ameth.o \
- crypto/dsa/dsa_asn1.o crypto/dsa/dsa_err.o crypto/dsa/dsa_gen.o \
- crypto/dsa/dsa_key.o crypto/dsa/dsa_lib.o crypto/dsa/dsa_ossl.o \
- crypto/dsa/dsa_pmeth.o crypto/dsa/dsa_sign.o crypto/dsa/dsa_vrf.o \
- crypto/dso/dso_lib.o crypto/dso/dso_null.o crypto/dso/dso_openssl.o \
- crypto/engine/eng_ctrl.o crypto/engine/eng_err.o crypto/engine/eng_init.o \
- crypto/engine/eng_lib.o crypto/engine/eng_list.o crypto/engine/eng_pkey.o \
- crypto/engine/eng_table.o crypto/engine/tb_asnmth.o \
- crypto/engine/tb_cipher.o crypto/engine/tb_dh.o crypto/engine/tb_digest.o \
- crypto/engine/tb_dsa.o crypto/engine/tb_pkmeth.o crypto/engine/tb_rand.o \
- crypto/engine/tb_rsa.o crypto/err/err.o crypto/err/err_all.o \
- crypto/err/err_prn.o crypto/evp/bio_b64.o crypto/evp/bio_enc.o \
- crypto/evp/bio_md.o crypto/evp/c_all.o crypto/evp/c_allc.o \
- crypto/evp/c_alld.o crypto/evp/digest.o crypto/evp/e_aes.o \
- crypto/evp/e_bf.o crypto/evp/e_camellia.o crypto/evp/e_des.o \
- crypto/evp/e_des3.o crypto/evp/e_null.o crypto/evp/e_rc2.o \
- crypto/evp/e_xcbc_d.o crypto/evp/encode.o crypto/evp/evp_enc.o \
- crypto/evp/evp_err.o crypto/evp/evp_key.o crypto/evp/evp_lib.o \
- crypto/evp/evp_pbe.o crypto/evp/evp_pkey.o crypto/evp/m_dss.o \
- crypto/evp/m_dss1.o crypto/evp/m_md4.o crypto/evp/m_md5.o \
- crypto/evp/m_sha.o crypto/evp/m_sha1.o crypto/evp/m_sigver.o \
- crypto/evp/names.o crypto/evp/p5_crpt.o crypto/evp/p5_crpt2.o \
- crypto/evp/p_lib.o crypto/evp/p_sign.o crypto/evp/p_verify.o \
- crypto/evp/pmeth_fn.o crypto/evp/pmeth_gn.o crypto/evp/pmeth_lib.o \
- crypto/ex_data.o crypto/hmac/hm_ameth.o crypto/hmac/hm_pmeth.o \
- crypto/hmac/hmac.o crypto/lhash/lhash.o crypto/md4/md4_dgst.o \
- crypto/md5/md5_dgst.o crypto/mem.o crypto/mem_dbg.o crypto/modes/cbc128.o \
- crypto/modes/cfb128.o crypto/modes/ofb128.o crypto/o_dir.o \
- crypto/o_time.o crypto/objects/o_names.o crypto/objects/obj_dat.o \
- crypto/objects/obj_err.o crypto/objects/obj_lib.o \
- crypto/objects/obj_xref.o crypto/ocsp/ocsp_asn.o crypto/ocsp/ocsp_err.o \
- crypto/pem/pem_all.o crypto/pem/pem_err.o crypto/pem/pem_info.o \
- crypto/pem/pem_lib.o crypto/pem/pem_oth.o crypto/pem/pem_pk8.o \
- crypto/pem/pem_pkey.o crypto/pem/pem_x509.o crypto/pem/pem_xaux.o \
- crypto/pkcs12/p12_add.o crypto/pkcs12/p12_asn.o crypto/pkcs12/p12_attr.o \
- crypto/pkcs12/p12_crpt.o crypto/pkcs12/p12_decr.o crypto/pkcs12/p12_key.o \
- crypto/pkcs12/p12_mutl.o crypto/pkcs12/p12_p8d.o crypto/pkcs12/p12_p8e.o \
- crypto/pkcs12/p12_utl.o crypto/pkcs12/pk12err.o crypto/pkcs7/pk7_asn1.o \
- crypto/pkcs7/pk7_attr.o crypto/pkcs7/pk7_doit.o crypto/pkcs7/pk7_lib.o \
- crypto/pkcs7/pkcs7err.o crypto/rand/md_rand.o crypto/rand/rand_err.o \
- crypto/rand/rand_lib.o crypto/rand/rand_unix.o crypto/rand/randfile.o \
- crypto/rc2/rc2_cbc.o crypto/rc2/rc2_ecb.o crypto/rc2/rc2_skey.o \
- crypto/rc2/rc2cfb64.o crypto/rc2/rc2ofb64.o crypto/rsa/rsa_ameth.o \
- crypto/rsa/rsa_asn1.o crypto/rsa/rsa_eay.o crypto/rsa/rsa_err.o \
- crypto/rsa/rsa_gen.o crypto/rsa/rsa_lib.o crypto/rsa/rsa_none.o \
- crypto/rsa/rsa_oaep.o crypto/rsa/rsa_pk1.o crypto/rsa/rsa_pmeth.o \
- crypto/rsa/rsa_pss.o crypto/rsa/rsa_sign.o crypto/rsa/rsa_ssl.o \
- crypto/rsa/rsa_x931.o crypto/sha/sha1-sparcv9.o crypto/sha/sha1dgst.o \
- crypto/sha/sha256-sparcv9.o crypto/sha/sha256.o \
- crypto/sha/sha512-sparcv9.o crypto/sha/sha512.o crypto/sha/sha_dgst.o \
- crypto/sparccpuid.o crypto/sparcv9cap.o crypto/stack/stack.o \
- crypto/stubs.o crypto/ts/ts_err.o crypto/ui/ui_err.o crypto/x509/by_dir.o \
- crypto/x509/by_file.o crypto/x509/x509_att.o crypto/x509/x509_cmp.o \
- crypto/x509/x509_d2.o crypto/x509/x509_def.o crypto/x509/x509_err.o \
- crypto/x509/x509_ext.o crypto/x509/x509_lu.o crypto/x509/x509_obj.o \
- crypto/x509/x509_req.o crypto/x509/x509_trs.o crypto/x509/x509_txt.o \
- crypto/x509/x509_v3.o crypto/x509/x509_vfy.o crypto/x509/x509_vpm.o \
- crypto/x509/x509name.o crypto/x509/x509rset.o crypto/x509/x509type.o \
- crypto/x509/x_all.o crypto/x509v3/pcy_cache.o crypto/x509v3/pcy_data.o \
- crypto/x509v3/pcy_lib.o crypto/x509v3/pcy_map.o crypto/x509v3/pcy_node.o \
- crypto/x509v3/pcy_tree.o crypto/x509v3/v3_akey.o crypto/x509v3/v3_akeya.o \
- crypto/x509v3/v3_alt.o crypto/x509v3/v3_bcons.o crypto/x509v3/v3_bitst.o \
- crypto/x509v3/v3_conf.o crypto/x509v3/v3_cpols.o crypto/x509v3/v3_crld.o \
- crypto/x509v3/v3_enum.o crypto/x509v3/v3_extku.o crypto/x509v3/v3_genn.o \
- crypto/x509v3/v3_ia5.o crypto/x509v3/v3_info.o crypto/x509v3/v3_int.o \
- crypto/x509v3/v3_lib.o crypto/x509v3/v3_ncons.o crypto/x509v3/v3_ocsp.o \
- crypto/x509v3/v3_pci.o crypto/x509v3/v3_pcia.o crypto/x509v3/v3_pcons.o \
- crypto/x509v3/v3_pku.o crypto/x509v3/v3_pmaps.o crypto/x509v3/v3_prn.o \
- crypto/x509v3/v3_purp.o crypto/x509v3/v3_skey.o crypto/x509v3/v3_sxnet.o \
- crypto/x509v3/v3_utl.o crypto/x509v3/v3err.o ssl/s3_both.o ssl/s3_clnt.o \
- ssl/s3_enc.o ssl/s3_lib.o ssl/s3_pkt.o ssl/ssl_algs.o ssl/ssl_asn1.o \
- ssl/ssl_cert.o ssl/ssl_ciph.o ssl/ssl_err.o ssl/ssl_err2.o ssl/ssl_lib.o \
- ssl/ssl_rsa.o ssl/ssl_sess.o ssl/t1_enc.o ssl/t1_lib.o ssl/t1_reneg.o
-
-# Linking of openssl bits for wanboot.
-# Interface for wanboot is specified in mapfile. Object files are compiled
-# to have functions in separate sections, unused sections get discarded.
-CREATE_BIG_OBJECT_FILE = ( \
- cd $(BUILD_DIR)/$(MACH64); \
- $(LD) -o wanboot-openssl.o -r -M../../mapfile -Breduce \
- -zdiscard-unused=sections,files -zguidance \
- $(WANBOOT_OBJS); \
- )
-
-COMPONENT_POST_BUILD_ACTION = \
- ($(CREATE_BIG_OBJECT_FILE); )
-
-
-# For wanboot, we only need 64-bit sparc binaries
-build_sparc: $(BUILD_64)
-
-build_i386:
- @echo "Not available"
-
-build: build_$(MACH)
-
-install:
- @echo "This component is not to be installed individually."
-
-publish:
- @echo "This component is not to be published individually."
-
-test: $(NO_TESTS)
-
-BUILD_PKG_DEPENDENCIES = $(BUILD_TOOLS)
-
-include $(WS_TOP)/make-rules/depend.mk
--- a/components/openssl/openssl-1.0.0-wanboot/README Fri Apr 06 11:00:02 2012 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,241 +0,0 @@
-#
-# CDDL HEADER START
-#
-# The contents of this file are subject to the terms of the
-# Common Development and Distribution License (the "License").
-# You may not use this file except in compliance with the License.
-#
-# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
-# or http://www.opensolaris.org/os/licensing.
-# See the License for the specific language governing permissions
-# and limitations under the License.
-#
-# When distributing Covered Code, include this CDDL HEADER in each
-# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
-# If applicable, add the following below this CDDL HEADER, with the
-# fields enclosed by brackets "[]" replaced with your own identifying
-# information: Portions Copyright [yyyy] [name of copyright owner]
-#
-# CDDL HEADER END
-#
-# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
-#
-
-
-Disclaimer
-----
-
-The purpose of this directory is solely to build and deliver static OpenSSL
-binaries for wanboot. These binaries have some highly specific patches applied.
-Do not attempt to use these for any other purpose.
-
-
-Building
-----
-
-Building in this directory is triggered by running 'gmake build' in
-../openssl-1.0.0. Calling 'gmake build' locally is possible for debugging
-purposes. There are no 'install' and 'publish' targets. Only 64-bit sparc
-version is built, nothing is done for x86.
-
-The outcome of build is file wanboot-openssl.o containing all the openssl bits
-required for wanboot. As part of 'make install' in ../openssl-1.0.0 this file
-is copied in to its proto area. From there, wanboot-openssl.o is published and
-delivered as a part of pkg:/library/security/openssl package.
-
-
-Patches
-----
-
-18-compiler_opts.patch:
-Taken from $USERLAND/components/openssl/openssl-1.0.0/patches/
-- modified not to link with libc (-lc);
-- '-xF=%all' added to comp. flags to create separate section for each function
-
-30_wanboot.patch:
-Wanboot specific patches.
-- modified Makefiles not to build in engines apps test tools
-- not using vfprintf for error print in crypto/cryptlib.c
-- not using ERR_load_DSO_strings() in crypto/err/err_all.c
-- not using EVP_read_pw_string() in crypto/evp/evp_key.c
- - reading password is implemented in disabled DES library
-- avoid select() in crypto/rand/rand_unix.c
-- not defining _XOPEN_SOURCE in crypto/rand/randfile.c
-- direct reading of IP to avoid sscanf() in crypto/x509v3/v3_utl.c
-- using functions from libsock in e_os.h
-- by-passing version of sparc detection in crypto/sparcv9cap.c
- - results in not using FPU for big numbers multiplication
- - should be ok - original detection seems broken, FPU gets never used
-- stubs for EVP_read_pw_string_min(), OPENSSL_issetugid(),
- opendir(), readdir(), closedir()
-- implementation of atoi()
-
-
-Configure options
-----
-
-Most of the Configure options where carried over from the original code when
-migrating openssl for wanboot from ON to Userland. For the most part, these
-options exclude unused ciphers.
-
-New options added:
--DNO_CHMOD chmod not available in stand-alone environment
--DBOOT guard for wanboot specific patches
--DOPENSSL_NO_DTLS1 to avoid dtls1_min_mtu() - DTLS not used anyway
-
-
-List of object files for wanboot-openssl.o
-----
-
-At this moment, object files for wanboot-openssl.o need to be listed explicitly.
-This is cumbersome and relatively tedious with respect to upgrading to higher
-version of openssl.
-
-In future, it would be nice, if this could be performed automatically by the
-linker. The required interface for wanboot is already defined in a mapfile and
-linker option '-zdiscard-unused=sections,files' is already used to discard
-unused code.
-But sadly, at this moment when the linker is given all the object files, it
-fails to recognize some unreferenced sections as unused. As a result, numerous
-object files are not discarded, although they should be. These files are not
-patched to work in standalone environment, which causes wanboot linking failure
-due to undefined references.
-
-In order to determine which openssl object files are required for wanboot,
-first build static standalone openssl bits in Userland. As a site effect,
-static libraries libssl.a and libcrypto.a are created.
-
- $ cd $USERLAND/components/openssl/openssl-1.0.0-wanboot ; gmake build
-
-Next, collect some information from linking wanboot static libraries in ON.
-This can be done by the following hack.
-
- $ cd $ON/usr/src/psm/stand/boot/sparcv9/sun4
- $ touch wanboot.o
- $ LD_OPTIONS="-Dfiles,symbols,output=ld.dbg \
- -L$USERLAND/components/openssl/openssl-1.0.0-wanboot/build/sparcv9 " \
- WAN_OPENSSL=" -lwanboot -lssl -lcrypto" dmake all
-
-The following sort of information ends up in ld.dbg (note that the debugging
-output from the link-editor is not considered a 'stable interface' and may
-change in the future):
-
- debug:
- debug: file=/builds/tkuthan/ul-s11u1/components/openssl/openssl-1.0.0-wanboot/build/sparcv9/libcrypto.a(sparcv9cap.o) [ ET_REL ]
- debug:
- debug: symbol table processing; file=/builds/tkuthan/ul-s11u1/components/openssl/openssl-1.0.0-wanboot/build/sparcv9/libcrypto.a(sparcv9cap.o) [ ET_REL ]
- debug: symbol[1]=sparcv9cap.c
- ...
-
-Now run the following script in Userland:
-
- #!/bin/bash
-
- # set to workspace paths:
- USERLAND=/builds/tkuthan/ul-s11u1
- ON=/builds/tkuthan/on11u1-wanboot-rti
-
- BUILD=$USERLAND/components/openssl/openssl-1.0.0-wanboot/build/sparcv9
- LD_DBG=$ON/usr/src/psm/stand/boot/sparcv9/sun4/ld.dbg
-
- for i in `find $BUILD/crypto $BUILD/ssl -name '*.o'`
- do
- f=`basename $i`
- if grep -q "^debug: file.*\<$f\>" $LD_DBG
- then
- echo $i | sed "s#$BUILD/##"
- fi
- done
-
-to get the list of required object files.
-
-Additionally, you can format the list for including to Makefile by:
- $ sort | tr '\n' ' ' | fold -s -w74 | sed -e 's/^/ /' -e 's/$/\\/'
-
-
-Linking with wanboot
-----
-
-When linking with wanboot please pay attention to following pitfalls.
-
-Correct openssl header files need to be included. This is done in
-$ON/usr/src/stand/lib/wanboot/Makefile
-Make sure CPPFLAGS point to the right directories.
-
-EXTREME CAUTION needs to be employed, if WANBOOT GREW IN SIZE because of the
-changes!
-Wanboot is a statically linked standalone binary and it is loaded on a fixed
-address before execution. This address is defined in
-$ON/usr/src/psm/stand/boot/sparc/common/mapfile:
-
- 27 LOAD_SEGMENT text {
- 28 FLAGS = READ EXECUTE;
- 29 VADDR = 0x130000;
- 30 ASSIGN_SECTION {
- 31 TYPE = PROGBITS;
- 32 FLAGS = ALLOC !WRITE;
- 33 };
- 34 };
-
-This address (VADDR) NEEDS TO BE GREATER THEN
- size of .text section + size of .data section + 0x4000
-
-The reason for this is in how wanboot is loaded by OpenBoot Prom:
-1) user initiates boot from network - "boot net"
-2) obp loads wanboot binary at address 0x4000
-3) obp parses ELF header, reads virtual address where to load wanboot to
-4) obp mem-copies .text section to this address
-5) obp copies .data section behind .text
-6) obp starts executing wanboot at entry address
-
-If the given address is too small, obp overwrites part of .data with
-instructions from .text in step 4. resulting in .data being corrupted.
-Initialized variables get bogus values and failure is inevitable.
-This is very hard to troubleshoot.
-
-
-Testing wanboot with new openssl
-----
-
-With every upgrade of OpenSSL, it is necessary to make sure wanboot builds and
-works well with the new bits.
-
-Provided you have a freshly built ON workspace, you can link wanboot with new
-OpenSSL bits by redefining WAN_OPENSSL macro:
-
- # copy wanboot-openssl.o to ON build machine
- cp wanboot-openssl.o /var/tmp/
-
- # prepare to rebuild wanboot
- cd $ON
- bldenv developer.sh
- cd usr/src/psm/stand/boot/sparcv9/sun4
-
- # hack to force a rebuild
- touch wanboot.o
-
- # link new OpenSSL to wanboot
- WAN_OPENSSL=/var/tmp/wanboot-openssl.o dmake all
-
-Wanboot should build without warning.
-
-If there is something like this in the output:
-
- Undefined first referenced
- symbol in file
- CRYPTO_ccm128_setiv /var/tmp/wanboot-openssl.o
- SSL_get_srtp_profiles /var/tmp/wanboot-openssl.o
- ssl_parse_clienthello_use_srtp_ext /var/tmp/wanboot-openssl.o
- CRYPTO_gcm128_setiv /var/tmp/wanboot-openssl.o
- ...
- cmac_pkey_meth /var/tmp/wanboot-openssl.o
- ld: fatal: symbol referencing errors. No output written to wanboot
- *** Error code 1
- dmake: Fatal error: Command failed for target `wanboot'
-
-some additional work has to be done in OpenSSL to either satisfy the function
-references listed in the linker error message, or to remove the calls to these
-functions.
-
-Finally, resulting wanboot binary shall be deployed on some install server and
-wanbooting from this server shall be tested.
--- a/components/openssl/openssl-1.0.0-wanboot/files/stubs.c Fri Apr 06 11:00:02 2012 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,118 +0,0 @@
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License (the "License").
- * You may not use this file except in compliance with the License.
- *
- * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
- * or http://www.opensolaris.org/os/licensing.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information: Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- */
-/*
- * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
- */
-
-
-#include <sys/types.h>
-#include <dirent.h>
-#include <errno.h>
-#include <stddef.h>
-
-/*
- * In OpenSSL 0.9.7 the EVP_read_pw_string now calls into the new "ui"
- * routines of 0.9.7, which is not compiled in the standalone, so it is
- * stubbed out here to avoid having to add a bunch of #ifndef's elsewhere.
- */
-/* ARGSUSED */
-int
-EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, int
- verify)
-{
- return (-1); /* failure */
-}
-
-/*
- * In standalone issetugid() is always false.
- */
-int
-OPENSSL_issetugid(void)
-{
- return (1);
-}
-
-/*
- * Directory routines -- currently, the only consumer of these interfaces
- * is $SRC/common/openssl/ssl/ssl_cert.c, and it has fallback code in the
- * case of failure, so we just fail opendir() and stub out the rest. At
- * some point, we may need to provide a real implementation.
- */
-/* ARGSUSED */
-DIR *
-opendir(const char *dirname)
-{
- errno = EACCES;
- return (NULL);
-}
-
-/* ARGSUSED */
-struct dirent *
-readdir(DIR *dirp)
-{
- return (NULL);
-}
-
-/* ARGSUSED */
-int
-closedir(DIR *dirp)
-{
- return (0);
-}
-
-/*
- * Atoi is used on multiple places in libcrypto.
- * This implementation is taken from stand-alone libsock library:
- * usr/src/stand/lib/sock/sock_test.c
- * Alternative solution: just extern it here, wanboot has -lsock anyway.
- */
-#ifndef isdigit
-#define isdigit(c) ((c) >= '0' && (c) <= '9')
-#endif
-
-#ifndef isspace
-#define isspace(c) ((c) == ' ' || (c) == '\t' || (c) == '\n' || \
- (c) == '\r' || (c) == '\f' || (c) == '\013')
-#endif
-int
-atoi(const char *p)
-{
- int n;
- int c = *p++, neg = 0;
-
- while (isspace(c)) {
- c = *p++;
- }
- if (!isdigit(c)) {
- switch (c) {
- case '-':
- neg++;
- /* FALLTHROUGH */
- case '+':
- c = *p++;
- }
- }
- for (n = 0; isdigit(c); c = *p++) {
- n *= 10; /* two steps to avoid unnecessary overflow */
- n += '0' - c; /* accum neg to avoid surprises at MAX */
- }
- return (neg ? n : -n);
-}
--- a/components/openssl/openssl-1.0.0-wanboot/mapfile Fri Apr 06 11:00:02 2012 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,126 +0,0 @@
-#
-# CDDL HEADER START
-#
-# The contents of this file are subject to the terms of the
-# Common Development and Distribution License (the "License").
-# You may not use this file except in compliance with the License.
-#
-# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
-# or http://www.opensolaris.org/os/licensing.
-# See the License for the specific language governing permissions
-# and limitations under the License.
-#
-# When distributing Covered Code, include this CDDL HEADER in each
-# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
-# If applicable, add the following below this CDDL HEADER, with the
-# fields enclosed by brackets "[]" replaced with your own identifying
-# information: Portions Copyright [yyyy] [name of copyright owner]
-#
-# CDDL HEADER END
-#
-# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
-#
-
-#
-# This file defines interface requirements of wanboot on OpenSSL.
-#
-
-$mapfile_version 2
-SYMBOL_SCOPE {
- ERR_clear_error;
- SSL_CTX_set_default_passwd_cb;
- SSL_load_error_strings;
- EVP_PKEY_free;
- SSL_get_peer_certificate;
- SSL_CIPHER_get_name;
- sk_value;
- RAND_load_file;
- X509_NAME_oneline;
- SSL_write;
- X509_NAME_get_text_by_NID;
- OPENSSL_uni2asc;
- SSL_CTX_set_default_passwd_cb_userdata;
- SSL_CTX_use_PrivateKey_file;
- OPENSSL_asc2uni;
- SSL_get_error;
- ASN1_UTF8STRING_free;
- ASN1_mbstring_copy;
- ERR_error_string;
- PKCS12_unpack_p7data;
- X509_free;
- ERR_get_error;
- ERR_put_error;
- PKCS12_free;
- ASN1_UTF8STRING_new;
- OPENSSL_add_all_algorithms_noconf;
- OBJ_nid2obj;
- PKCS12_SAFEBAG_free;
- ASN1_STRING_free;
- sk_delete;
- OBJ_obj2nid;
- SSL_CTX_set_verify_depth;
- PKCS8_PRIV_KEY_INFO_free;
- SSL_set_connect_state;
- sk_pop_free;
- BIO_s_file;
- SSL_set_fd;
- SSL_CTX_use_PrivateKey;
- ASN1_STRING_to_UTF8;
- PKCS12_certbag2x509;
- PKCS7_free;
- PKCS12_decrypt_skey;
- BIO_new;
- RAND_status;
- sk_num;
- SSL_get_verify_result;
- SSL_free;
- SSL_read;
- SSL_new;
- SSLv3_client_method;
- X509_check_private_key;
- SSL_CTX_new;
- ASN1_TYPE_set;
- ASN1_TYPE_new;
- ERR_peek_error;
- CRYPTO_free;
- SSL_CTX_load_verify_locations;
- PKCS12_unpack_authsafes;
- X509_ATTRIBUTE_new;
- PKCS12_unpack_p7encdata;
- sk_push;
- SSL_connect;
- SSL_shutdown;
- SSL_CTX_use_certificate_file;
- PKCS12_get_attr_gen;
- X509_verify_cert_error_string;
- X509_ATTRIBUTE_free;
- X509_alias_set1;
- PKCS12_verify_mac;
- ASN1_TIME_print;
- SSL_CTX_use_certificate;
- SSL_get_ciphers;
- SSL_CTX_ctrl;
- SSL_CTX_free;
- X509_keyid_set1;
- ERR_load_strings;
- EVP_EncodeBlock;
- ASN1_TYPE_free;
- sk_new_null;
- SSL_get_current_cipher;
- ASN1_STRING_cmp;
- ASN1_STRING_set;
- ERR_get_next_error_library;
- EVP_PKCS82PKEY;
- X509_get_issuer_name;
- CRYPTO_malloc;
- BIO_ctrl;
- BIO_free;
- X509_STORE_add_cert;
- ASN1_STRING_type_new;
- SSL_CTX_set_cipher_list;
- X509_get_subject_name;
- SSL_library_init;
- d2i_PKCS12_fp;
- local:
- *;
-};
--- a/components/openssl/openssl-1.0.0-wanboot/patches/18-compiler_opts.patch Fri Apr 06 11:00:02 2012 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,15 +0,0 @@
---- openssl-1.0.0f/Configure Thu Feb 10 20:02:41 2011
-+++ /tmp/Configure Thu Feb 10 20:01:51 2011
-@@ -246,6 +246,12 @@
- #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
- "sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
-
-+#### Solaris configs, used for OpenSSL as delivered by S11.
-+# Option -xF=%all instructs the compiler to place functions and data
-+# variables into separate section fragments. This enables the link editor
-+# to discard unused sections and files when linking wanboot-openssl.o
-+"solaris64-sparcv9-cc-sunw","cc:-xtarget=ultra -m64 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -xspace -xF=%all -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl:BN_LLONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/bin/ar rs::/64",
-+
- #### IRIX 5.x configs
- # -mips2 flag is added by ./config when appropriate.
- "irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--- a/components/openssl/openssl-1.0.0-wanboot/patches/30_wanboot.patch Fri Apr 06 11:00:02 2012 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,348 +0,0 @@
---- openssl-1.0.0e/Makefile 2011-09-06 06:18:01.000000000 -0700
-+++ openssl-1.0.0e_patched/Makefile 2011-12-19 08:29:38.100618700 -0800
-@@ -111,7 +111,7 @@
- ZLIB_INCLUDE=
- LIBZLIB=
-
--DIRS= crypto ssl engines apps test tools
-+DIRS= crypto ssl
- ENGDIRS= ccgost
- SHLIBDIRS= crypto ssl
-
---- openssl-1.0.0e/Makefile.org 2010-01-27 08:06:58.000000000 -0800
-+++ openssl-1.0.0e_patched/Makefile.org 2011-12-19 08:30:01.795240100 -0800
-@@ -109,7 +109,7 @@
- ZLIB_INCLUDE=
- LIBZLIB=
-
--DIRS= crypto ssl engines apps test tools
-+DIRS= crypto ssl
- ENGDIRS= ccgost
- SHLIBDIRS= crypto ssl
-
---- openssl-1.0.0e/crypto/cryptlib.c 2011-06-22 08:39:00.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/cryptlib.c 2011-12-12 06:17:45.422476900 -0800
-@@ -871,6 +871,10 @@
- MessageBox (NULL,buf,_T("OpenSSL: FATAL"),MB_OK|MB_ICONSTOP);
- }
- #else
-+/* Solaris libsa.a used for WAN boot doesn't provide for vfprintf(). Since
-+ * * OPENSSL_showfatal() is not used anywhere else then here we can safely use
-+ * * the code from 0.9.7d version. */
-+#ifndef _BOOT
- void OPENSSL_showfatal (const char *fmta,...)
- { va_list ap;
-
-@@ -878,14 +882,21 @@
- vfprintf (stderr,fmta,ap);
- va_end (ap);
- }
-+#endif /* _BOOT */
- int OPENSSL_isservice (void) { return 0; }
- #endif
-
- void OpenSSLDie(const char *file,int line,const char *assertion)
- {
-+#ifndef _BOOT
- OPENSSL_showfatal(
- "%s(%d): OpenSSL internal error, assertion failed: %s\n",
- file,line,assertion);
-+#else
-+ fprintf(stderr,
-+ "%s(%d): OpenSSL internal error, assertion failed: %s\n",
-+ file,line,assertion);
-+#endif
- #if !defined(_WIN32) || defined(__CYGWIN__)
- abort();
- #else
---- openssl-1.0.0e/crypto/err/err_all.c 2009-08-09 07:58:05.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/err/err_all.c 2011-12-13 05:22:01.205351400 -0800
-@@ -142,7 +142,9 @@
- ERR_load_X509V3_strings();
- ERR_load_PKCS12_strings();
- ERR_load_RAND_strings();
-+#ifndef _BOOT
- ERR_load_DSO_strings();
-+#endif /* _BOOT */
- ERR_load_TS_strings();
- #ifndef OPENSSL_NO_ENGINE
- ERR_load_ENGINE_strings();
---- openssl-1.0.0e/crypto/evp/evp_key.c 2010-03-27 12:27:50.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/evp/evp_key.c 2011-12-13 05:19:32.956908600 -0800
-@@ -84,7 +84,7 @@
- else
- return(prompt_string);
- }
--
-+#ifndef _BOOT
- /* For historical reasons, the standard function for reading passwords is
- * in the DES library -- if someone ever wants to disable DES,
- * this function will fail */
-@@ -111,6 +111,7 @@
- OPENSSL_cleanse(buff,BUFSIZ);
- return ret;
- }
-+#endif /* !_BOOT */
-
- int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
- const unsigned char *salt, const unsigned char *data, int datal,
---- openssl-1.0.0e/crypto/rand/rand_unix.c 2009-04-06 07:31:36.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/rand/rand_unix.c 2011-12-19 07:28:39.988944800 -0800
-@@ -122,7 +122,11 @@
- #include <sys/time.h>
- #include <sys/times.h>
- #include <sys/stat.h>
-+#ifdef _BOOT
-+#include <sys/fcntl.h>
-+#else
- #include <fcntl.h>
-+#endif
- #include <unistd.h>
- #include <time.h>
- #if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually everywhere */
-@@ -253,6 +257,11 @@
- const char **egdsocket = NULL;
- #endif
-
-+#ifdef _BOOT
-+/* open() is provided by standalone libsa not visible from here */
-+extern int open(const char *, int);
-+#endif
-+
- #ifdef DEVRANDOM
- memset(randomstats,0,sizeof(randomstats));
- /* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
-@@ -295,9 +304,13 @@
- {
- int try_read = 0;
-
--#if defined(OPENSSL_SYS_BEOS_R5)
-+#if defined(OPENSSL_SYS_BEOS_R5) || defined(_BOOT)
- /* select() is broken in BeOS R5, so we simply
- * try to read something and snooze if we couldn't */
-+ /*
-+ * select() is not available when linking stand-alone
-+ * library for wanboot
-+ */
- try_read = 1;
-
- #elif defined(OPENSSL_SYS_LINUX)
-@@ -355,6 +368,7 @@
- else
- r = -1;
-
-+#ifndef _BOOT
- /* Some Unixen will update t in select(), some
- won't. For those who won't, or if we
- didn't use select() in the first place,
-@@ -366,13 +380,17 @@
- }
- while ((r > 0 ||
- (errno == EINTR || errno == EAGAIN)) && usec != 0 && n < ENTROPY_NEEDED);
-+#else /* _BOOT */
-+ }
-+ while (r > 0 && n < ENTROPY_NEEDED);
-+#endif /* _BOOT */
-
- close(fd);
- }
- }
- #endif /* defined(DEVRANDOM) */
-
--#ifdef DEVRANDOM_EGD
-+#if defined(DEVRANDOM_EGD) && !defined(_BOOT)
- /* Use an EGD socket to read entropy from an EGD or PRNGD entropy
- * collecting daemon. */
-
-@@ -395,6 +413,7 @@
- }
- #endif
-
-+#ifndef _BOOT
- /* put in some default random data, we need more than just this */
- l=curr_pid;
- RAND_add(&l,sizeof(l),0.0);
-@@ -403,6 +422,7 @@
-
- l=time(NULL);
- RAND_add(&l,sizeof(l),0.0);
-+#endif /* !_BOOT */
-
- #if defined(OPENSSL_SYS_BEOS)
- {
-
---- openssl-1.0.0e/crypto/rand/randfile.c 2011-03-19 02:44:37.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/rand/randfile.c 2011-12-13 05:26:51.884824200 -0800
-@@ -57,7 +57,9 @@
- */
-
- /* We need to define this to get macros like S_IFBLK and S_IFCHR */
-+#ifndef _BOOT
- #define _XOPEN_SOURCE 500
-+#endif /* _BOOT */
-
- #include <errno.h>
- #include <stdio.h>
---- openssl-1.0.0e/crypto/x509v3/v3_utl.c 2009-07-27 14:08:53.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/x509v3/v3_utl.c 2011-12-13 05:10:08.844191400 -0800
-@@ -659,9 +659,52 @@
- }
- }
-
-+#if defined(_BOOT)
-+/* This function was copied from bio/b_sock.c */
-+static int get_ip(const char *str, unsigned char ip[4])
-+ {
-+ unsigned int tmp[4];
-+ int num=0,c,ok=0;
-+
-+ tmp[0]=tmp[1]=tmp[2]=tmp[3]=0;
-+
-+ for (;;)
-+ {
-+ c= *(str++);
-+ if ((c >= '0') && (c <= '9'))
-+ {
-+ ok=1;
-+ tmp[num]=tmp[num]*10+c-'0';
-+ if (tmp[num] > 255) return(0);
-+ }
-+ else if (c == '.')
-+ {
-+ if (!ok) return(-1);
-+ if (num == 3) return(0);
-+ num++;
-+ ok=0;
-+ }
-+ else if (c == '\0' && (num == 3) && ok)
-+ break;
-+ else
-+ return(0);
-+ }
-+ ip[0]=tmp[0];
-+ ip[1]=tmp[1];
-+ ip[2]=tmp[2];
-+ ip[3]=tmp[3];
-+ return(1);
-+ }
-+#endif /* _BOOT */
-+
- static int ipv4_from_asc(unsigned char *v4, const char *in)
- {
- int a0, a1, a2, a3;
-+
-+#if defined(_BOOT)
-+ if (get_ip(in, v4) != 1)
-+ return 0;
-+#else /* _BOOT */
- if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
- return 0;
- if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
-@@ -671,6 +716,7 @@
- v4[1] = a1;
- v4[2] = a2;
- v4[3] = a3;
-+#endif /* _BOOT */
- return 1;
- }
-
---- openssl-1.0.0e/doc/crypto/hmac.pod 2009-09-30 16:40:52.000000000 -0700
-+++ openssl-1.0.0e_patched/doc/crypto/hmac.pod 2011-12-12 05:39:53.818071600 -0800
-@@ -2,7 +2,7 @@
-
- =head1 NAME
-
--HMAC, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup - HMAC message
-+HMAC, HMAC_CTX_init, HMAC_Init, HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_cleanup, HMAC_cleanup - HMAC message
- authentication code
-
- =head1 SYNOPSIS
---- openssl-1.0.0e/e_os.h 2011-12-19 04:17:51.631087400 -0800
-+++ openssl-1.0.0e_patched/e_os.h 2011-12-19 04:15:15.776668900 -0800
-@@ -207,10 +207,19 @@
- #define get_last_socket_error() errno
- #define clear_socket_error() errno=0
- #define ioctlsocket(a,b,c) ioctl(a,b,c)
-+#ifdef _BOOT
-+#include <netinet/in.h>
-+extern int socket_read(int, void *, size_t, int);
-+extern int socket_close(int);
-+#define closesocket(s) socket_close(s)
-+#define readsocket(s,b,n) socket_read((s),(b),(n), 200)
-+#define writesocket(s,b,n) send((s),(b),(n), 0)
-+#else /* !_BOOT */
- #define closesocket(s) close(s)
- #define readsocket(s,b,n) read((s),(b),(n))
- #define writesocket(s,b,n) write((s),(b),(n))
- #endif
-+#endif
-
- #ifdef WIN16 /* never the case */
- # define MS_CALLBACK _far _loadds
---- openssl-1.0.0e/crypto/sparcv9cap.c 2010-09-05 12:48:01.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/sparcv9cap.c 2011-12-23 05:24:02.011607700 -0800
-@@ -12,7 +12,7 @@
- #define SPARCV9_VIS2 (1<<3) /* reserved */
- #define SPARCV9_FMADD (1<<4) /* reserved for SPARC64 V */
-
--static int OPENSSL_sparcv9cap_P=SPARCV9_TICK_PRIVILEGED;
-+static int OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
-
- int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num)
- {
-@@ -32,6 +32,7 @@
- void _sparcv9_vis2_probe(void);
- void _sparcv9_fmadd_probe(void);
-
-+#ifndef _BOOT
- unsigned long OPENSSL_rdtsc(void)
- {
- if (OPENSSL_sparcv9cap_P&SPARCV9_TICK_PRIVILEGED)
-@@ -43,8 +44,19 @@
- else
- return _sparcv9_rdtick();
- }
-+#endif
-+
-+#if defined(_BOOT)
-+/*
-+ * Hardcoding sparc capabilities for wanboot.
-+ * Older CPUs are EOLed anyway.
-+ */
-+void OPENSSL_cpuid_setup(void)
-+ {
-+ OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
-+ }
-
--#if 0 && defined(__sun) && defined(__SVR4)
-+#elif 0 && defined(__sun) && defined(__SVR4)
- /* This code path is disabled, because of incompatibility of
- * libdevinfo.so.1 and libmalloc.so.1 (see below for details)
- */
---- openssl-1.0.0e/crypto/sparccpuid.S 2010-09-05 12:48:01.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/sparccpuid.S 2012-02-13 07:42:58.259478325 -0800
-@@ -397,6 +397,11 @@
- .type OPENSSL_cleanse,#function
- .size OPENSSL_cleanse,.-OPENSSL_cleanse
-
-+#ifndef _BOOT
- .section ".init",#alloc,#execinstr
- call OPENSSL_cpuid_setup
- nop
-+#else
-+ nop
-+ nop
-+#endif
---- openssl-1.0.0e/crypto/Makefile 2010-07-26 15:09:59.000000000 -0700
-+++ openssl-1.0.0e_patched/crypto/Makefile 2011-12-22 08:26:22.041955800 -0800
-@@ -34,8 +34,8 @@
-
- LIB= $(TOP)/libcrypto.a
- SHARED_LIB= libcrypto$(SHLIB_EXT)
--LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c
--LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o $(CPUID_OBJ)
-+LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c stubs.c
-+LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o stubs.o $(CPUID_OBJ)
-
- SRC= $(LIBSRC)
-
--- a/components/openssl/openssl-1.0.0/Makefile Fri Apr 06 11:00:02 2012 -0700
+++ b/components/openssl/openssl-1.0.0/Makefile Sun Apr 08 02:30:08 2012 -0700
@@ -22,11 +22,21 @@
#
include ../../../make-rules/shared-macros.mk
-# COMPONENT_NAME, COMPONENT_VERSION, IPS_COMPONENT_VERSION and some other
-# related macros definitions were moved to ../openssl-1.0.0/Makefile.version
-# in order to keep OpenSSL versions in ../openssl-1.0.0 and
-# ../openssl-1.0.0-wanboot in sync
-include Makefile.version
+COMPONENT_NAME = openssl
+# When new version of OpenSSL comes in, you must update both COMPONENT_VERSION
+# and IPS_COMPONENT_VERSION.
+# When upgrading OpenSSL, please, DON'T FORGET TO TEST WANBOOT too.
+# For more information about wanboot-openssl testing, please refer to
+# ../README.
+COMPONENT_VERSION = 1.0.0h
+# Version for IPS. It is easier to do it manually than convert the letter to a
+# number while taking into account that there might be no letter at all.
+IPS_COMPONENT_VERSION = 1.0.0.8
+COMPONENT_PROJECT_URL= http://www.openssl.org/
+COMPONENT_SRC = $(COMPONENT_NAME)-$(COMPONENT_VERSION)
+COMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz
+COMPONENT_ARCHIVE_HASH= sha1:6d4587a96817147021e93ca266441daf4bcbf485
+COMPONENT_ARCHIVE_URL = $(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
# Architecture-specific patches
EXTRA_PATCHES.i386 = $(PATCH_DIR)/openssl-1.0.0d-aesni-v4.i386-patch
@@ -40,6 +50,9 @@
PATH=$(SPRO_VROOT)/bin:/usr/bin:/usr/gnu/bin:/usr/perl5/bin
+# Variant of OpenSSL for wanboot is built in build/sparcv9-wanboot.
+BUILD_DIR_WANBOOT = $(BUILD_DIR)/$(MACH64)-wanboot
+
# OpenSSL does not use autoconf but its own configure system.
CONFIGURE_SCRIPT = $(SOURCE_DIR)/Configure
@@ -54,6 +67,7 @@
ENGINESDIR_32 = /lib/openssl/engines
ENGINESDIR_64 = /lib/openssl/engines/64
+# Configure options common to both regular OpenSSL and OpenSSL for wanboot.
CONFIGURE_OPTIONS = -DSOLARIS_OPENSSL -DNO_WINDOWS_BRAINDEATH
CONFIGURE_OPTIONS += --openssldir=/etc/openssl
CONFIGURE_OPTIONS += --prefix=/usr
@@ -78,8 +92,6 @@
CONFIGURE_OPTIONS += no-hw_sureware
CONFIGURE_OPTIONS += no-hw_ubsec
CONFIGURE_OPTIONS += no-hw_cswift
-CONFIGURE_OPTIONS += threads
-CONFIGURE_OPTIONS += shared
# MD2 is not enabled by default in OpensSSL but some software we have in
# Userland needs it. One example is nmap.
CONFIGURE_OPTIONS += enable-md2
@@ -89,6 +101,9 @@
# Whirlpool implementation removed.
CONFIGURE_OPTIONS += no-whirlpool
CONFIGURE_OPTIONS += no-whrlpool
+# Some additional options needed for our engines.
+CONFIGURE_OPTIONS += --pk11-libname=$(PKCS11_LIB$(BITS))
+CONFIGURE_OPTIONS += --enginesdir=$(ENGINESDIR_$(BITS))
# We define our own compiler and linker option sets for Solaris. See Configure
# for more information.
@@ -97,10 +112,34 @@
CONFIGURE_OPTIONS64_i386 = solaris64-x86_64-cc-sunw
CONFIGURE_OPTIONS64_sparc = solaris64-sparcv9-cc-sunw
-# Some additional options needed for our engines.
-CONFIGURE_OPTIONS += --pk11-libname=$(PKCS11_LIB$(BITS))
-CONFIGURE_OPTIONS += --enginesdir=$(ENGINESDIR_$(BITS))
-CONFIGURE_OPTIONS += $(CONFIGURE_OPTIONS$(BITS)_$(MACH))
+# Options specific to regular build.
+# They must not be specified as common, as they cannot be overridden.
+$(BUILD_DIR)/$(MACH32)/.configured: CONFIGURE_OPTIONS += threads
+$(BUILD_DIR)/$(MACH64)/.configured: CONFIGURE_OPTIONS += threads
+$(BUILD_DIR)/$(MACH32)/.configured: CONFIGURE_OPTIONS += shared
+$(BUILD_DIR)/$(MACH64)/.configured: CONFIGURE_OPTIONS += shared
+$(BUILD_DIR)/$(MACH32)/.configured: CONFIGURE_OPTIONS += shared
+$(BUILD_DIR)/$(MACH64)/.configured: CONFIGURE_OPTIONS += shared
+$(BUILD_DIR)/$(MACH32)/.configured: CONFIGURE_OPTIONS += \
+ $(CONFIGURE_OPTIONS32_$(MACH))
+$(BUILD_DIR)/$(MACH64)/.configured: CONFIGURE_OPTIONS += \
+ $(CONFIGURE_OPTIONS64_$(MACH))
+
+# OpenSSL for wanboot specific options
+$(BUILD_DIR_WANBOOT)/.configured: BITS=64
+$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += -DNO_CHMOD
+$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += -D_BOOT
+$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += -DOPENSSL_NO_DTLS1
+$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += no-cast
+$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += no-dso
+$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += no-rc4
+$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += no-ripemd
+$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += no-hw
+$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += no-threads
+$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += no-shared
+$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += \
+ solaris64-sparcv9-cc-sunw-wanboot
+
# OpenSSL has its own configure system which must be run from the fully
# populated source code directory. However, the Userland configuration phase is
@@ -109,6 +148,9 @@
COMPONENT_PRE_CONFIGURE_ACTION = \
( $(CLONEY) $(SOURCE_DIR) $(BUILD_DIR)/$(MACH$(BITS)); )
+$(BUILD_DIR_WANBOOT)/.configured: COMPONENT_PRE_CONFIGURE_ACTION = \
+ ( $(CLONEY) $(SOURCE_DIR) $(BUILD_DIR_WANBOOT); )
+
# We deliver only one opensslconf.h file which must be suitable for both 32 and
# 64 bits. Depending on the configuration option, OpenSSL's Configure script
# creates opensslconf.h for either 32 or 64 bits. A patch makes the resulting
@@ -118,38 +160,12 @@
( [ $(BITS) -eq 32 ] && $(GPATCH) -p1 $(@D)/crypto/opensslconf.h \
patches-post-config/opensslconf.patch; cd $(@D); $(MAKE) depend; )
-# This conditional part triggers actions in ../openssl-1.0.0-wanboot directory
-# in order to create static openssl bits for linking with wanboot.
-# Specifically
-# - propagate clean and clobber targets to wanboot dir
-# - build wanboot bits and copy in wanboot-openssl.o to proto area
-# - cache (link) openssl tarball from wanboot dir
-ifeq ($(MACH), sparc)
-WANBOOT_DIR = $(COMPONENT_DIR)/../openssl-1.0.0-wanboot
-WANBOOT_TO = $(PROTO_DIR)/lib/openssl/wanboot/$(MACH64)
-clobber clean::
- (cd $(WANBOOT_DIR) ; $(GMAKE) $@)
-
-# In order not to download the tarball twice (once here and once in
-# ../openssl-1.0.0-wanboot), there is a hacky caching applied.
-# After having build in ../openssl-1.0.0-wanboot an attempt is made to create
-# a soft-link in this directory pointing to the tarball.
-$(WANBOOT_DIR)/build/$(MACH64)/.built:
- (cd $(WANBOOT_DIR) ; $(GMAKE) build;)
- -$(LN) -s $(WANBOOT_DIR)/$(COMPONENT_ARCHIVE) $(COMPONENT_DIR)/
-
-build: $(WANBOOT_DIR)/build/$(MACH64)/.built
-install: $(WANBOOT_DIR)/build/$(MACH64)/.built
-
-$(INSTALL_64): COMPONENT_POST_INSTALL_ACTION = \
- ( $(MKDIR) -p $(WANBOOT_TO); \
- $(CP) $(WANBOOT_DIR)/build/$(MACH64)/wanboot-openssl.o $(WANBOOT_TO); )
-endif
-
# We do not ship our engines as patches since it would be more difficult to
# update the files which have been under continuous development. We rather copy
# the files to the right directories.
+# Same holds for wanboot-stubs.c, which stubs out several functions, that are
+# not available in the stand-alone environment of wanboot.
COMPONENT_PRE_BUILD_ACTION = \
( $(CP) -fp engines/aesni/eng_aesni.c $(@D)/crypto/engine; \
$(CP) -fp engines/aesni/aesni-x86*.pl $(@D)/crypto/aes/asm; \
@@ -159,10 +175,159 @@
$(CP) -fp engines/t4/t4_aes.S $(@D)/crypto/aes/asm; \
$(CP) -fp engines/t4/t4_des.S $(@D)/crypto/des/asm; \
$(CP) -fp engines/t4/t4_md5.S $(@D)/crypto/md5/asm; \
- $(CP) -fp engines/t4/t4_sha?.S $(@D)/crypto/sha/asm; )
+ $(CP) -fp engines/t4/t4_sha?.S $(@D)/crypto/sha/asm; \
+ $(CP) -fp wanboot-openssl/wanboot-stubs.c $(@D)/crypto; )
+
+# OpenSSL for wanboot is built on sparc only.
+ifeq ($(MACH), sparc)
+BUILD_64 += $(BUILD_DIR_WANBOOT)/.built
+endif
build: $(BUILD_32_and_64)
+# Object files for wanboot-openssl.o have to be listed explicitly.
+WANBOOT_OBJS = \
+ crypto/aes/aes-sparcv9.o crypto/aes/aes_cbc.o crypto/aes/aes_cfb.o \
+ crypto/aes/aes_core.o crypto/aes/aes_ecb.o crypto/aes/aes_ofb.o \
+ crypto/aes/aes_wrap.o crypto/asn1/a_bitstr.o crypto/asn1/a_bool.o \
+ crypto/asn1/a_bytes.o crypto/asn1/a_d2i_fp.o crypto/asn1/a_digest.o \
+ crypto/asn1/a_dup.o crypto/asn1/a_enum.o crypto/asn1/a_gentm.o \
+ crypto/asn1/a_i2d_fp.o crypto/asn1/a_int.o crypto/asn1/a_mbstr.o \
+ crypto/asn1/a_object.o crypto/asn1/a_octet.o crypto/asn1/a_print.o \
+ crypto/asn1/a_set.o crypto/asn1/a_sign.o crypto/asn1/a_strex.o \
+ crypto/asn1/a_strnid.o crypto/asn1/a_time.o crypto/asn1/a_type.o \
+ crypto/asn1/a_utctm.o crypto/asn1/a_utf8.o crypto/asn1/a_verify.o \
+ crypto/asn1/ameth_lib.o crypto/asn1/asn1_err.o crypto/asn1/asn1_gen.o \
+ crypto/asn1/asn1_lib.o crypto/asn1/asn1_par.o crypto/asn1/asn_mime.o \
+ crypto/asn1/asn_pack.o crypto/asn1/bio_asn1.o crypto/asn1/bio_ndef.o \
+ crypto/asn1/d2i_pr.o crypto/asn1/evp_asn1.o crypto/asn1/f_int.o \
+ crypto/asn1/f_string.o crypto/asn1/i2d_pr.o crypto/asn1/nsseq.o \
+ crypto/asn1/p5_pbe.o crypto/asn1/p5_pbev2.o crypto/asn1/p8_pkey.o \
+ crypto/asn1/t_pkey.o crypto/asn1/t_x509.o crypto/asn1/t_x509a.o \
+ crypto/asn1/tasn_dec.o crypto/asn1/tasn_enc.o crypto/asn1/tasn_fre.o \
+ crypto/asn1/tasn_new.o crypto/asn1/tasn_prn.o crypto/asn1/tasn_typ.o \
+ crypto/asn1/tasn_utl.o crypto/asn1/x_algor.o crypto/asn1/x_attrib.o \
+ crypto/asn1/x_bignum.o crypto/asn1/x_crl.o crypto/asn1/x_exten.o \
+ crypto/asn1/x_info.o crypto/asn1/x_long.o crypto/asn1/x_name.o \
+ crypto/asn1/x_pkey.o crypto/asn1/x_pubkey.o crypto/asn1/x_req.o \
+ crypto/asn1/x_sig.o crypto/asn1/x_spki.o crypto/asn1/x_val.o \
+ crypto/asn1/x_x509.o crypto/asn1/x_x509a.o crypto/bf/bf_cfb64.o \
+ crypto/bf/bf_ecb.o crypto/bf/bf_enc.o crypto/bf/bf_ofb64.o \
+ crypto/bf/bf_skey.o crypto/bio/b_dump.o crypto/bio/b_print.o \
+ crypto/bio/bf_buff.o crypto/bio/bio_err.o crypto/bio/bio_lib.o \
+ crypto/bio/bss_file.o crypto/bio/bss_mem.o crypto/bio/bss_null.o \
+ crypto/bio/bss_sock.o crypto/bn/bn-sparcv9.o crypto/bn/bn_add.o \
+ crypto/bn/bn_blind.o crypto/bn/bn_ctx.o crypto/bn/bn_div.o \
+ crypto/bn/bn_err.o crypto/bn/bn_exp.o crypto/bn/bn_exp2.o \
+ crypto/bn/bn_gcd.o crypto/bn/bn_lib.o crypto/bn/bn_mod.o \
+ crypto/bn/bn_mont.o crypto/bn/bn_mul.o crypto/bn/bn_prime.o \
+ crypto/bn/bn_print.o crypto/bn/bn_rand.o crypto/bn/bn_recp.o \
+ crypto/bn/bn_shift.o crypto/bn/bn_sqr.o crypto/bn/bn_word.o \
+ crypto/bn/sparcv9-mont.o crypto/bn/sparcv9a-mont.o \
+ crypto/buffer/buf_err.o crypto/buffer/buffer.o crypto/camellia/camellia.o \
+ crypto/camellia/cmll_cbc.o crypto/camellia/cmll_cfb.o \
+ crypto/camellia/cmll_ecb.o crypto/camellia/cmll_misc.o \
+ crypto/camellia/cmll_ofb.o crypto/cms/cms_asn1.o crypto/cms/cms_att.o \
+ crypto/cms/cms_dd.o crypto/cms/cms_enc.o crypto/cms/cms_env.o \
+ crypto/cms/cms_err.o crypto/cms/cms_io.o crypto/cms/cms_lib.o \
+ crypto/cms/cms_sd.o crypto/comp/c_zlib.o crypto/comp/comp_err.o \
+ crypto/comp/comp_lib.o crypto/conf/conf_api.o crypto/conf/conf_def.o \
+ crypto/conf/conf_err.o crypto/conf/conf_lib.o crypto/conf/conf_mod.o \
+ crypto/cpt_err.o crypto/cryptlib.o crypto/des/cfb64ede.o \
+ crypto/des/cfb64enc.o crypto/des/cfb_enc.o crypto/des/des_enc-sparc.o \
+ crypto/des/ecb3_enc.o crypto/des/ecb_enc.o crypto/des/ofb64ede.o \
+ crypto/des/ofb64enc.o crypto/des/set_key.o crypto/des/xcbc_enc.o \
+ crypto/dh/dh_ameth.o crypto/dh/dh_asn1.o crypto/dh/dh_check.o \
+ crypto/dh/dh_err.o crypto/dh/dh_gen.o crypto/dh/dh_key.o \
+ crypto/dh/dh_lib.o crypto/dh/dh_pmeth.o crypto/dsa/dsa_ameth.o \
+ crypto/dsa/dsa_asn1.o crypto/dsa/dsa_err.o crypto/dsa/dsa_gen.o \
+ crypto/dsa/dsa_key.o crypto/dsa/dsa_lib.o crypto/dsa/dsa_ossl.o \
+ crypto/dsa/dsa_pmeth.o crypto/dsa/dsa_sign.o crypto/dsa/dsa_vrf.o \
+ crypto/dso/dso_lib.o crypto/dso/dso_null.o crypto/dso/dso_openssl.o \
+ crypto/engine/eng_ctrl.o crypto/engine/eng_err.o crypto/engine/eng_init.o \
+ crypto/engine/eng_lib.o crypto/engine/eng_list.o crypto/engine/eng_pkey.o \
+ crypto/engine/eng_table.o crypto/engine/tb_asnmth.o \
+ crypto/engine/tb_cipher.o crypto/engine/tb_dh.o crypto/engine/tb_digest.o \
+ crypto/engine/tb_dsa.o crypto/engine/tb_pkmeth.o crypto/engine/tb_rand.o \
+ crypto/engine/tb_rsa.o crypto/err/err.o crypto/err/err_all.o \
+ crypto/err/err_prn.o crypto/evp/bio_b64.o crypto/evp/bio_enc.o \
+ crypto/evp/bio_md.o crypto/evp/c_all.o crypto/evp/c_allc.o \
+ crypto/evp/c_alld.o crypto/evp/digest.o crypto/evp/e_aes.o \
+ crypto/evp/e_bf.o crypto/evp/e_camellia.o crypto/evp/e_des.o \
+ crypto/evp/e_des3.o crypto/evp/e_null.o crypto/evp/e_rc2.o \
+ crypto/evp/e_xcbc_d.o crypto/evp/encode.o crypto/evp/evp_enc.o \
+ crypto/evp/evp_err.o crypto/evp/evp_key.o crypto/evp/evp_lib.o \
+ crypto/evp/evp_pbe.o crypto/evp/evp_pkey.o crypto/evp/m_dss.o \
+ crypto/evp/m_dss1.o crypto/evp/m_md4.o crypto/evp/m_md5.o \
+ crypto/evp/m_sha.o crypto/evp/m_sha1.o crypto/evp/m_sigver.o \
+ crypto/evp/names.o crypto/evp/p5_crpt.o crypto/evp/p5_crpt2.o \
+ crypto/evp/p_lib.o crypto/evp/p_sign.o crypto/evp/p_verify.o \
+ crypto/evp/pmeth_fn.o crypto/evp/pmeth_gn.o crypto/evp/pmeth_lib.o \
+ crypto/ex_data.o crypto/hmac/hm_ameth.o crypto/hmac/hm_pmeth.o \
+ crypto/hmac/hmac.o crypto/lhash/lhash.o crypto/md4/md4_dgst.o \
+ crypto/md5/md5_dgst.o crypto/mem.o crypto/mem_dbg.o crypto/modes/cbc128.o \
+ crypto/modes/cfb128.o crypto/modes/ofb128.o crypto/o_dir.o \
+ crypto/o_time.o crypto/objects/o_names.o crypto/objects/obj_dat.o \
+ crypto/objects/obj_err.o crypto/objects/obj_lib.o \
+ crypto/objects/obj_xref.o crypto/ocsp/ocsp_asn.o crypto/ocsp/ocsp_err.o \
+ crypto/pem/pem_all.o crypto/pem/pem_err.o crypto/pem/pem_info.o \
+ crypto/pem/pem_lib.o crypto/pem/pem_oth.o crypto/pem/pem_pk8.o \
+ crypto/pem/pem_pkey.o crypto/pem/pem_x509.o crypto/pem/pem_xaux.o \
+ crypto/pkcs12/p12_add.o crypto/pkcs12/p12_asn.o crypto/pkcs12/p12_attr.o \
+ crypto/pkcs12/p12_crpt.o crypto/pkcs12/p12_decr.o crypto/pkcs12/p12_key.o \
+ crypto/pkcs12/p12_mutl.o crypto/pkcs12/p12_p8d.o crypto/pkcs12/p12_p8e.o \
+ crypto/pkcs12/p12_utl.o crypto/pkcs12/pk12err.o crypto/pkcs7/pk7_asn1.o \
+ crypto/pkcs7/pk7_attr.o crypto/pkcs7/pk7_doit.o crypto/pkcs7/pk7_lib.o \
+ crypto/pkcs7/pkcs7err.o crypto/rand/md_rand.o crypto/rand/rand_err.o \
+ crypto/rand/rand_lib.o crypto/rand/rand_unix.o crypto/rand/randfile.o \
+ crypto/rc2/rc2_cbc.o crypto/rc2/rc2_ecb.o crypto/rc2/rc2_skey.o \
+ crypto/rc2/rc2cfb64.o crypto/rc2/rc2ofb64.o crypto/rsa/rsa_ameth.o \
+ crypto/rsa/rsa_asn1.o crypto/rsa/rsa_eay.o crypto/rsa/rsa_err.o \
+ crypto/rsa/rsa_gen.o crypto/rsa/rsa_lib.o crypto/rsa/rsa_none.o \
+ crypto/rsa/rsa_oaep.o crypto/rsa/rsa_pk1.o crypto/rsa/rsa_pmeth.o \
+ crypto/rsa/rsa_pss.o crypto/rsa/rsa_sign.o crypto/rsa/rsa_ssl.o \
+ crypto/rsa/rsa_x931.o crypto/sha/sha1-sparcv9.o crypto/sha/sha1dgst.o \
+ crypto/sha/sha256-sparcv9.o crypto/sha/sha256.o \
+ crypto/sha/sha512-sparcv9.o crypto/sha/sha512.o crypto/sha/sha_dgst.o \
+ crypto/sparccpuid.o crypto/sparcv9cap.o crypto/stack/stack.o \
+ crypto/wanboot-stubs.o \
+ crypto/ts/ts_err.o crypto/ui/ui_err.o crypto/x509/by_dir.o \
+ crypto/x509/by_file.o crypto/x509/x509_att.o crypto/x509/x509_cmp.o \
+ crypto/x509/x509_d2.o crypto/x509/x509_def.o crypto/x509/x509_err.o \
+ crypto/x509/x509_ext.o crypto/x509/x509_lu.o crypto/x509/x509_obj.o \
+ crypto/x509/x509_req.o crypto/x509/x509_trs.o crypto/x509/x509_txt.o \
+ crypto/x509/x509_v3.o crypto/x509/x509_vfy.o crypto/x509/x509_vpm.o \
+ crypto/x509/x509name.o crypto/x509/x509rset.o crypto/x509/x509type.o \
+ crypto/x509/x_all.o crypto/x509v3/pcy_cache.o crypto/x509v3/pcy_data.o \
+ crypto/x509v3/pcy_lib.o crypto/x509v3/pcy_map.o crypto/x509v3/pcy_node.o \
+ crypto/x509v3/pcy_tree.o crypto/x509v3/v3_akey.o crypto/x509v3/v3_akeya.o \
+ crypto/x509v3/v3_alt.o crypto/x509v3/v3_bcons.o crypto/x509v3/v3_bitst.o \
+ crypto/x509v3/v3_conf.o crypto/x509v3/v3_cpols.o crypto/x509v3/v3_crld.o \
+ crypto/x509v3/v3_enum.o crypto/x509v3/v3_extku.o crypto/x509v3/v3_genn.o \
+ crypto/x509v3/v3_ia5.o crypto/x509v3/v3_info.o crypto/x509v3/v3_int.o \
+ crypto/x509v3/v3_lib.o crypto/x509v3/v3_ncons.o crypto/x509v3/v3_ocsp.o \
+ crypto/x509v3/v3_pci.o crypto/x509v3/v3_pcia.o crypto/x509v3/v3_pcons.o \
+ crypto/x509v3/v3_pku.o crypto/x509v3/v3_pmaps.o crypto/x509v3/v3_prn.o \
+ crypto/x509v3/v3_purp.o crypto/x509v3/v3_skey.o crypto/x509v3/v3_sxnet.o \
+ crypto/x509v3/v3_utl.o crypto/x509v3/v3err.o ssl/s3_both.o ssl/s3_clnt.o \
+ ssl/s3_enc.o ssl/s3_lib.o ssl/s3_pkt.o ssl/ssl_algs.o ssl/ssl_asn1.o \
+ ssl/ssl_cert.o ssl/ssl_ciph.o ssl/ssl_err.o ssl/ssl_err2.o ssl/ssl_lib.o \
+ ssl/ssl_rsa.o ssl/ssl_sess.o ssl/t1_enc.o ssl/t1_lib.o ssl/t1_reneg.o
+
+# Linking of openssl bits for wanboot.
+# Interface for wanboot is specified in mapfile.wanboot. Object files are
+# compiled to have functions in separate sections, unused sections get
+# discarded.
+CREATE_BIG_OBJECT_FILE = ( \
+ cd $(BUILD_DIR_WANBOOT); \
+ $(LD) -o wanboot-openssl.o -r -M../../mapfile.wanboot -Breduce \
+ -zdiscard-unused=sections,files -zguidance \
+ $(WANBOOT_OBJS); \
+ )
+
+$(BUILD_DIR_WANBOOT)/.built: COMPONENT_POST_BUILD_ACTION = \
+ ($(CREATE_BIG_OBJECT_FILE); )
+
# OpenSSL uses sections man[1357] by default so we must create the man
# directories we use for OpenSSL man pages in Solaris. Note that we patch the
# OpenSSL man page install script to use the correct directories.
@@ -184,12 +349,21 @@
# from the tarball which would corrupt some man pages.
COMPONENT_INSTALL_ARGS += PATH=$(PATH) MANDIR=/usr/share/man
+WANBOOT_TO = $(PROTO_DIR)/lib/openssl/wanboot/$(MACH64)
+
# We could run OpenSSL install code for 32 bits only to process header files and
-# manual pages. However, link libraries depend on install stamps so we run
+# manual pages. However, lint libraries depend on install stamps so we run
# install for 64 bit as well. Note that we must take built binary files from
# build directories, not from the proto area which contains whatever was
# installed first.
+# OpenSSL for wanboot is built on sparc only.
+ifeq ($(MACH), sparc)
+install: $(INSTALL_32_and_64) $(BUILD_DIR_WANBOOT)/.built
+ $(MKDIR) -p $(WANBOOT_TO);
+ $(CP) $(BUILD_DIR_WANBOOT)/wanboot-openssl.o $(WANBOOT_TO);
+else
install: $(INSTALL_32_and_64)
+endif
# We need to modify the default lint flags to include patched opensslconf.h from
# the build directory. If we do not do that, lint will complain about md2.h
--- a/components/openssl/openssl-1.0.0/Makefile.version Fri Apr 06 11:00:02 2012 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,45 +0,0 @@
-#
-# CDDL HEADER START
-#
-# The contents of this file are subject to the terms of the
-# Common Development and Distribution License (the "License").
-# You may not use this file except in compliance with the License.
-#
-# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
-# or http://www.opensolaris.org/os/licensing.
-# See the License for the specific language governing permissions
-# and limitations under the License.
-#
-# When distributing Covered Code, include this CDDL HEADER in each
-# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
-# If applicable, add the following below this CDDL HEADER, with the
-# fields enclosed by brackets "[]" replaced with your own identifying
-# information: Portions Copyright [yyyy] [name of copyright owner]
-#
-# CDDL HEADER END
-#
-# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
-
-
-#
-# This file contains version-related macro definitions. It is included
-# by both ./Makefile and ../openssl-1.0.0-wanboot/Makefile in order to
-# keep them in sync.
-#
-
-COMPONENT_NAME = openssl
-# When new version of OpenSSL comes in, you must update both COMPONENT_VERSION
-# and IPS_COMPONENT_VERSION.
-# When upgrading OpenSSL, please, DON'T FORGET TO TEST WANBOOT too.
-# For more information about wanboot-openssl testing, please refer to
-# ../openssl-1.0.0-wanboot/README.
-COMPONENT_VERSION = 1.0.0g
-# Version for IPS. It is easier to do it manually than convert the letter to a
-# number while taking into account that there might be no letter at all.
-IPS_COMPONENT_VERSION = 1.0.0.7
-COMPONENT_PROJECT_URL= http://www.openssl.org/
-COMPONENT_SRC = $(COMPONENT_NAME)-$(COMPONENT_VERSION)
-COMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz
-COMPONENT_ARCHIVE_HASH= sha1:2b517baada2338663c27314cb922f9755e73e07f
-COMPONENT_ARCHIVE_URL = $(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
-
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-1.0.0/mapfile.wanboot Sun Apr 08 02:30:08 2012 -0700
@@ -0,0 +1,126 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+#
+
+#
+# This file defines interface requirements of wanboot on OpenSSL.
+#
+
+$mapfile_version 2
+SYMBOL_SCOPE {
+ ERR_clear_error;
+ SSL_CTX_set_default_passwd_cb;
+ SSL_load_error_strings;
+ EVP_PKEY_free;
+ SSL_get_peer_certificate;
+ SSL_CIPHER_get_name;
+ sk_value;
+ RAND_load_file;
+ X509_NAME_oneline;
+ SSL_write;
+ X509_NAME_get_text_by_NID;
+ OPENSSL_uni2asc;
+ SSL_CTX_set_default_passwd_cb_userdata;
+ SSL_CTX_use_PrivateKey_file;
+ OPENSSL_asc2uni;
+ SSL_get_error;
+ ASN1_UTF8STRING_free;
+ ASN1_mbstring_copy;
+ ERR_error_string;
+ PKCS12_unpack_p7data;
+ X509_free;
+ ERR_get_error;
+ ERR_put_error;
+ PKCS12_free;
+ ASN1_UTF8STRING_new;
+ OPENSSL_add_all_algorithms_noconf;
+ OBJ_nid2obj;
+ PKCS12_SAFEBAG_free;
+ ASN1_STRING_free;
+ sk_delete;
+ OBJ_obj2nid;
+ SSL_CTX_set_verify_depth;
+ PKCS8_PRIV_KEY_INFO_free;
+ SSL_set_connect_state;
+ sk_pop_free;
+ BIO_s_file;
+ SSL_set_fd;
+ SSL_CTX_use_PrivateKey;
+ ASN1_STRING_to_UTF8;
+ PKCS12_certbag2x509;
+ PKCS7_free;
+ PKCS12_decrypt_skey;
+ BIO_new;
+ RAND_status;
+ sk_num;
+ SSL_get_verify_result;
+ SSL_free;
+ SSL_read;
+ SSL_new;
+ SSLv3_client_method;
+ X509_check_private_key;
+ SSL_CTX_new;
+ ASN1_TYPE_set;
+ ASN1_TYPE_new;
+ ERR_peek_error;
+ CRYPTO_free;
+ SSL_CTX_load_verify_locations;
+ PKCS12_unpack_authsafes;
+ X509_ATTRIBUTE_new;
+ PKCS12_unpack_p7encdata;
+ sk_push;
+ SSL_connect;
+ SSL_shutdown;
+ SSL_CTX_use_certificate_file;
+ PKCS12_get_attr_gen;
+ X509_verify_cert_error_string;
+ X509_ATTRIBUTE_free;
+ X509_alias_set1;
+ PKCS12_verify_mac;
+ ASN1_TIME_print;
+ SSL_CTX_use_certificate;
+ SSL_get_ciphers;
+ SSL_CTX_ctrl;
+ SSL_CTX_free;
+ X509_keyid_set1;
+ ERR_load_strings;
+ EVP_EncodeBlock;
+ ASN1_TYPE_free;
+ sk_new_null;
+ SSL_get_current_cipher;
+ ASN1_STRING_cmp;
+ ASN1_STRING_set;
+ ERR_get_next_error_library;
+ EVP_PKCS82PKEY;
+ X509_get_issuer_name;
+ CRYPTO_malloc;
+ BIO_ctrl;
+ BIO_free;
+ X509_STORE_add_cert;
+ ASN1_STRING_type_new;
+ SSL_CTX_set_cipher_list;
+ X509_get_subject_name;
+ SSL_library_init;
+ d2i_PKCS12_fp;
+ local:
+ *;
+};
--- a/components/openssl/openssl-1.0.0/patches/18-compiler_opts.patch Fri Apr 06 11:00:02 2012 -0700
+++ b/components/openssl/openssl-1.0.0/patches/18-compiler_opts.patch Sun Apr 08 02:30:08 2012 -0700
@@ -1,6 +1,6 @@
--- openssl-1.0.0d/Configure Thu Feb 10 20:02:41 2011
+++ /tmp/Configure Thu Feb 10 20:01:51 2011
-@@ -249,6 +255,15 @@
+@@ -249,6 +255,19 @@
#"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
@@ -12,6 +12,10 @@
+"solaris-sparcv9-cc-sunw","cc:-xtarget=ultra -m32 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc:BN_LLONG RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m32 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+#
+"solaris64-sparcv9-cc-sunw","cc:-xtarget=ultra -m64 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -xspace -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc:BN_LLONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs::/64",
++# Option -xF=%all instructs the compiler to place functions and data
++# variables into separate section fragments. This enables the link editor
++# to discard unused sections and files when linking wanboot-openssl.o
++"solaris64-sparcv9-cc-sunw-wanboot","cc:-xtarget=ultra -m64 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -xspace -xF=%all -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl:BN_LLONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/bin/ar rs::/64",
+
#### IRIX 5.x configs
# -mips2 flag is added by ./config when appropriate.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-1.0.0/patches/30_wanboot.patch Sun Apr 08 02:30:08 2012 -0700
@@ -0,0 +1,350 @@
+--- openssl-1.0.0g/Makefile.org 2010-01-27 08:06:58.000000000 -0800
++++ openssl-1.0.0g-1/Makefile.org 2012-03-26 03:04:08.440194448 -0700
+@@ -109,7 +109,13 @@
+ ZLIB_INCLUDE=
+ LIBZLIB=
+
++# For wanboot, we only need crypto and ssl.
++# 'apps' are not patched to work in stand-alone environment anyway.
++ifeq ($(PLATFORM), solaris64-sparcv9-cc-sunw-wanboot)
++DIRS= crypto ssl
++else
+ DIRS= crypto ssl engines apps test tools
++endif
+ ENGDIRS= ccgost
+ SHLIBDIRS= crypto ssl
+
+--- openssl-1.0.0g/Makefile 2012-01-18 05:42:28.000000000 -0800
++++ openssl-1.0.0g-1/Makefile 2012-03-26 03:03:59.170540344 -0700
+@@ -111,7 +111,13 @@
+ ZLIB_INCLUDE=
+ LIBZLIB=
+
++# For wanboot, we only need crypto and ssl.
++# 'apps' are not patched to work in stand-alone environment anyway.
++ifeq ($(PLATFORM), solaris64-sparcv9-cc-sunw-wanboot)
++DIRS= crypto ssl
++else
+ DIRS= crypto ssl engines apps test tools
++endif
+ ENGDIRS= ccgost
+ SHLIBDIRS= crypto ssl
+
+--- openssl-1.0.0e/crypto/cryptlib.c 2011-06-22 08:39:00.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/cryptlib.c 2011-12-12 06:17:45.422476900 -0800
+@@ -871,6 +871,10 @@
+ MessageBox (NULL,buf,_T("OpenSSL: FATAL"),MB_OK|MB_ICONSTOP);
+ }
+ #else
++/* Solaris libsa.a used for WAN boot doesn't provide for vfprintf(). Since
++ * * OPENSSL_showfatal() is not used anywhere else then here we can safely use
++ * * the code from 0.9.7d version. */
++#ifndef _BOOT
+ void OPENSSL_showfatal (const char *fmta,...)
+ { va_list ap;
+
+@@ -878,14 +882,21 @@
+ vfprintf (stderr,fmta,ap);
+ va_end (ap);
+ }
++#endif /* _BOOT */
+ int OPENSSL_isservice (void) { return 0; }
+ #endif
+
+ void OpenSSLDie(const char *file,int line,const char *assertion)
+ {
++#ifndef _BOOT
+ OPENSSL_showfatal(
+ "%s(%d): OpenSSL internal error, assertion failed: %s\n",
+ file,line,assertion);
++#else
++ fprintf(stderr,
++ "%s(%d): OpenSSL internal error, assertion failed: %s\n",
++ file,line,assertion);
++#endif
+ #if !defined(_WIN32) || defined(__CYGWIN__)
+ abort();
+ #else
+--- openssl-1.0.0e/crypto/err/err_all.c 2009-08-09 07:58:05.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/err/err_all.c 2011-12-13 05:22:01.205351400 -0800
+@@ -142,7 +142,9 @@
+ ERR_load_X509V3_strings();
+ ERR_load_PKCS12_strings();
+ ERR_load_RAND_strings();
++#ifndef _BOOT
+ ERR_load_DSO_strings();
++#endif /* _BOOT */
+ ERR_load_TS_strings();
+ #ifndef OPENSSL_NO_ENGINE
+ ERR_load_ENGINE_strings();
+--- openssl-1.0.0e/crypto/evp/evp_key.c 2010-03-27 12:27:50.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/evp/evp_key.c 2011-12-13 05:19:32.956908600 -0800
+@@ -84,7 +84,7 @@
+ else
+ return(prompt_string);
+ }
+-
++#ifndef _BOOT
+ /* For historical reasons, the standard function for reading passwords is
+ * in the DES library -- if someone ever wants to disable DES,
+ * this function will fail */
+@@ -111,6 +111,7 @@
+ OPENSSL_cleanse(buff,BUFSIZ);
+ return ret;
+ }
++#endif /* !_BOOT */
+
+ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
+ const unsigned char *salt, const unsigned char *data, int datal,
+--- openssl-1.0.0e/crypto/rand/rand_unix.c 2009-04-06 07:31:36.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/rand/rand_unix.c 2011-12-19 07:28:39.988944800 -0800
+@@ -122,7 +122,11 @@
+ #include <sys/time.h>
+ #include <sys/times.h>
+ #include <sys/stat.h>
++#ifdef _BOOT
++#include <sys/fcntl.h>
++#else
+ #include <fcntl.h>
++#endif
+ #include <unistd.h>
+ #include <time.h>
+ #if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually everywhere */
+@@ -253,6 +257,11 @@
+ const char **egdsocket = NULL;
+ #endif
+
++#ifdef _BOOT
++/* open() is provided by standalone libsa not visible from here */
++extern int open(const char *, int);
++#endif
++
+ #ifdef DEVRANDOM
+ memset(randomstats,0,sizeof(randomstats));
+ /* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
+@@ -295,9 +304,13 @@
+ {
+ int try_read = 0;
+
+-#if defined(OPENSSL_SYS_BEOS_R5)
++#if defined(OPENSSL_SYS_BEOS_R5) || defined(_BOOT)
+ /* select() is broken in BeOS R5, so we simply
+ * try to read something and snooze if we couldn't */
++ /*
++ * select() is not available when linking stand-alone
++ * library for wanboot
++ */
+ try_read = 1;
+
+ #elif defined(OPENSSL_SYS_LINUX)
+@@ -355,6 +368,7 @@
+ else
+ r = -1;
+
++#ifndef _BOOT
+ /* Some Unixen will update t in select(), some
+ won't. For those who won't, or if we
+ didn't use select() in the first place,
+@@ -366,13 +380,17 @@
+ }
+ while ((r > 0 ||
+ (errno == EINTR || errno == EAGAIN)) && usec != 0 && n < ENTROPY_NEEDED);
++#else /* _BOOT */
++ }
++ while (r > 0 && n < ENTROPY_NEEDED);
++#endif /* _BOOT */
+
+ close(fd);
+ }
+ }
+ #endif /* defined(DEVRANDOM) */
+
+-#ifdef DEVRANDOM_EGD
++#if defined(DEVRANDOM_EGD) && !defined(_BOOT)
+ /* Use an EGD socket to read entropy from an EGD or PRNGD entropy
+ * collecting daemon. */
+
+@@ -395,6 +413,7 @@
+ }
+ #endif
+
++#ifndef _BOOT
+ /* put in some default random data, we need more than just this */
+ l=curr_pid;
+ RAND_add(&l,sizeof(l),0.0);
+@@ -403,6 +422,7 @@
+
+ l=time(NULL);
+ RAND_add(&l,sizeof(l),0.0);
++#endif /* !_BOOT */
+
+ #if defined(OPENSSL_SYS_BEOS)
+ {
+
+--- openssl-1.0.0e/crypto/rand/randfile.c 2011-03-19 02:44:37.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/rand/randfile.c 2011-12-13 05:26:51.884824200 -0800
+@@ -57,7 +57,9 @@
+ */
+
+ /* We need to define this to get macros like S_IFBLK and S_IFCHR */
++#ifndef _BOOT
+ #define _XOPEN_SOURCE 500
++#endif /* _BOOT */
+
+ #include <errno.h>
+ #include <stdio.h>
+--- openssl-1.0.0e/crypto/x509v3/v3_utl.c 2009-07-27 14:08:53.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/x509v3/v3_utl.c 2011-12-13 05:10:08.844191400 -0800
+@@ -659,9 +659,52 @@
+ }
+ }
+
++#if defined(_BOOT)
++/* This function was copied from bio/b_sock.c */
++static int get_ip(const char *str, unsigned char ip[4])
++ {
++ unsigned int tmp[4];
++ int num=0,c,ok=0;
++
++ tmp[0]=tmp[1]=tmp[2]=tmp[3]=0;
++
++ for (;;)
++ {
++ c= *(str++);
++ if ((c >= '0') && (c <= '9'))
++ {
++ ok=1;
++ tmp[num]=tmp[num]*10+c-'0';
++ if (tmp[num] > 255) return(0);
++ }
++ else if (c == '.')
++ {
++ if (!ok) return(-1);
++ if (num == 3) return(0);
++ num++;
++ ok=0;
++ }
++ else if (c == '\0' && (num == 3) && ok)
++ break;
++ else
++ return(0);
++ }
++ ip[0]=tmp[0];
++ ip[1]=tmp[1];
++ ip[2]=tmp[2];
++ ip[3]=tmp[3];
++ return(1);
++ }
++#endif /* _BOOT */
++
+ static int ipv4_from_asc(unsigned char *v4, const char *in)
+ {
+ int a0, a1, a2, a3;
++
++#if defined(_BOOT)
++ if (get_ip(in, v4) != 1)
++ return 0;
++#else /* _BOOT */
+ if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
+ return 0;
+ if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
+@@ -671,6 +716,7 @@
+ v4[1] = a1;
+ v4[2] = a2;
+ v4[3] = a3;
++#endif /* _BOOT */
+ return 1;
+ }
+
+--- openssl-1.0.0e/e_os.h 2011-12-19 04:17:51.631087400 -0800
++++ openssl-1.0.0e_patched/e_os.h 2011-12-19 04:15:15.776668900 -0800
+@@ -207,10 +207,19 @@
+ #define get_last_socket_error() errno
+ #define clear_socket_error() errno=0
+ #define ioctlsocket(a,b,c) ioctl(a,b,c)
++#ifdef _BOOT
++#include <netinet/in.h>
++extern int socket_read(int, void *, size_t, int);
++extern int socket_close(int);
++#define closesocket(s) socket_close(s)
++#define readsocket(s,b,n) socket_read((s),(b),(n), 200)
++#define writesocket(s,b,n) send((s),(b),(n), 0)
++#else /* !_BOOT */
+ #define closesocket(s) close(s)
+ #define readsocket(s,b,n) read((s),(b),(n))
+ #define writesocket(s,b,n) write((s),(b),(n))
+ #endif
++#endif
+
+ #ifdef WIN16 /* never the case */
+ # define MS_CALLBACK _far _loadds
+--- openssl-1.0.0e/crypto/sparcv9cap.c 2010-09-05 12:48:01.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/sparcv9cap.c 2011-12-23 05:24:02.011607700 -0800
+@@ -12,7 +12,11 @@
+ #define SPARCV9_VIS2 (1<<3) /* reserved */
+ #define SPARCV9_FMADD (1<<4) /* reserved for SPARC64 V */
+
++#ifndef _BOOT
+ static int OPENSSL_sparcv9cap_P=SPARCV9_TICK_PRIVILEGED;
++#else
++static int OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
++#endif
+
+ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num)
+ {
+@@ -32,6 +36,7 @@
+ void _sparcv9_vis2_probe(void);
+ void _sparcv9_fmadd_probe(void);
+
++#ifndef _BOOT
+ unsigned long OPENSSL_rdtsc(void)
+ {
+ if (OPENSSL_sparcv9cap_P&SPARCV9_TICK_PRIVILEGED)
+@@ -43,8 +48,19 @@
+ else
+ return _sparcv9_rdtick();
+ }
++#endif
++
++#if defined(_BOOT)
++/*
++ * Hardcoding sparc capabilities for wanboot.
++ * Older CPUs are EOLed anyway.
++ */
++void OPENSSL_cpuid_setup(void)
++ {
++ OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
++ }
+
+-#if 0 && defined(__sun) && defined(__SVR4)
++#elif 0 && defined(__sun) && defined(__SVR4)
+ /* This code path is disabled, because of incompatibility of
+ * libdevinfo.so.1 and libmalloc.so.1 (see below for details)
+ */
+--- openssl-1.0.0e/crypto/sparccpuid.S 2010-09-05 12:48:01.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/sparccpuid.S 2012-02-13 07:42:58.259478325 -0800
+@@ -397,6 +397,11 @@
+ .type OPENSSL_cleanse,#function
+ .size OPENSSL_cleanse,.-OPENSSL_cleanse
+
++#ifndef _BOOT
+ .section ".init",#alloc,#execinstr
+ call OPENSSL_cpuid_setup
+ nop
++#else
++ nop
++ nop
++#endif
+--- openssl-1.0.0e/crypto/Makefile 2010-07-26 15:09:59.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/Makefile 2011-12-22 08:26:22.041955800 -0800
+@@ -34,8 +34,8 @@
+
+ LIB= $(TOP)/libcrypto.a
+ SHARED_LIB= libcrypto$(SHLIB_EXT)
+-LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c
+-LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o $(CPUID_OBJ)
++LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c wanboot-stubs.c
++LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o wanboot-stubs.o $(CPUID_OBJ)
+
+ SRC= $(LIBSRC)
+
--- a/components/openssl/openssl-1.0.0/patches/openssl-1.0.0d-t4-engine.sparc-patch Fri Apr 06 11:00:02 2012 -0700
+++ b/components/openssl/openssl-1.0.0/patches/openssl-1.0.0d-t4-engine.sparc-patch Sun Apr 08 02:30:08 2012 -0700
@@ -27,10 +27,9 @@
#
-"solaris64-sparcv9-cc-sunw","cc:-xtarget=ultra -m64 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -xspace -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc:BN_LLONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs::/64",
+"solaris64-sparcv9-cc-sunw","cc:-xtarget=ultra -m64 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -xspace -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc -lsoftcrypto:BN_LLONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs::/64",
-
- #### IRIX 5.x configs
- # -mips2 flag is added by ./config when appropriate.
-Index: crypto/aes/Makefile
+ # Option -xF=%all instructs the compiler to place functions and data
+ # variables into separate section fragments. This enables the link editor
+ # to discard unused sections and files when linking wanboot-openssl.o
===================================================================
diff -ru openssl-1.0.0d/crypto/aes/ openssl-1.0.0d/crypto/aes/Makefile
--- openssl-1.0.0d/crypto/aes/Makefile 2011-05-24 17:03:31.000000000 -0700
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-1.0.0/wanboot-openssl/wanboot-stubs.c Sun Apr 08 02:30:08 2012 -0700
@@ -0,0 +1,122 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+/*
+ * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+ */
+
+/* Content of this file is only needed for wanboot. */
+#ifdef _BOOT
+
+#include <sys/types.h>
+#include <dirent.h>
+#include <errno.h>
+#include <stddef.h>
+
+/*
+ * In OpenSSL 0.9.7 the EVP_read_pw_string now calls into the new "ui"
+ * routines of 0.9.7, which is not compiled in the standalone, so it is
+ * stubbed out here to avoid having to add a bunch of #ifndef's elsewhere.
+ */
+/* ARGSUSED */
+int
+EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, int
+ verify)
+{
+ return (-1); /* failure */
+}
+
+/*
+ * In standalone issetugid() is always false.
+ */
+int
+OPENSSL_issetugid(void)
+{
+ return (1);
+}
+
+/*
+ * Directory routines -- currently, the only consumer of these interfaces
+ * is $SRC/common/openssl/ssl/ssl_cert.c, and it has fallback code in the
+ * case of failure, so we just fail opendir() and stub out the rest. At
+ * some point, we may need to provide a real implementation.
+ */
+/* ARGSUSED */
+DIR *
+opendir(const char *dirname)
+{
+ errno = EACCES;
+ return (NULL);
+}
+
+/* ARGSUSED */
+struct dirent *
+readdir(DIR *dirp)
+{
+ return (NULL);
+}
+
+/* ARGSUSED */
+int
+closedir(DIR *dirp)
+{
+ return (0);
+}
+
+/*
+ * Atoi is used on multiple places in libcrypto.
+ * This implementation is taken from stand-alone libsock library:
+ * usr/src/stand/lib/sock/sock_test.c
+ * Alternative solution: just extern it here, wanboot has -lsock anyway.
+ */
+#ifndef isdigit
+#define isdigit(c) ((c) >= '0' && (c) <= '9')
+#endif
+
+#ifndef isspace
+#define isspace(c) ((c) == ' ' || (c) == '\t' || (c) == '\n' || \
+ (c) == '\r' || (c) == '\f' || (c) == '\013')
+#endif
+int
+atoi(const char *p)
+{
+ int n;
+ int c = *p++, neg = 0;
+
+ while (isspace(c)) {
+ c = *p++;
+ }
+ if (!isdigit(c)) {
+ switch (c) {
+ case '-':
+ neg++;
+ /* FALLTHROUGH */
+ case '+':
+ c = *p++;
+ }
+ }
+ for (n = 0; isdigit(c); c = *p++) {
+ n *= 10; /* two steps to avoid unnecessary overflow */
+ n += '0' - c; /* accum neg to avoid surprises at MAX */
+ }
+ return (neg ? n : -n);
+}
+
+#endif /* _BOOT */