Mercurial Mercurial > upstream > oracle > userland-gate / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
authorMisaki Miyashita <Misaki.Miyashita@Oracle.COM>
Thu, 30 Jan 2014 14:31:44 -0800
changeset 1680 49cf3ba424f0
parent 1679 51291a5fd692
child 1681 716fa74ddec1
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
components/openssl/README file | annotate | diff | comparison | revisions
components/openssl/openssl-1.0.1/patches/30_wanboot.patch file | annotate | diff | comparison | revisions 
--- a/components/openssl/README	Thu Jan 30 13:44:37 2014 -0800
+++ b/components/openssl/README	Thu Jan 30 14:31:44 2014 -0800
@@ -18,7 +18,7 @@
 #
 # CDDL HEADER END
 #
-# Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
 #
 
 
@@ -37,7 +37,7 @@
 OpenSSL Version
 ---
 
-For non-FIPS build, we currently deliver OpenSSL 1.0.1e with some updates
+For non-FIPS build, we currently deliver OpenSSL 1.0.1 with some updates
 from OpenSSL 1.0.2 to make T4 instructions embedded in the OpenSSL
 upstream code.  As of April 2013, 1.0.2 is not yet released, and therefore,
 we have decided to patch the code.
@@ -52,10 +52,6 @@
    components/openssl/openssl-1.0.1/inline-t4/sparcv9-gf2m.pl
    components/openssl/openssl-1.0.1/inline-t4/vis3-mont.pl
    components/openssl/openssl-1.0.1/patches/openssl-t4-inline.sparc-patch
-TPNO for OpenSSL 1.0.1e is 13003.
-
-For FIPS build, we currently deliver OpenSSL 0.9.8y with OpenSSL FIPS module 2.1.
-TPNO for OpenSSL 0.9.8y is 13019.
 
 
 The non-fips Build.
@@ -118,9 +114,7 @@
     - results in not using FPU for big numbers multiplication
     - should be ok - original detection seems broken, FPU gets never used
 - implementation of atoi()
-
-31_dtls_version.patch
-Fix DTLS_BAD_VER bug reported after OpenSSL 1.0.1e is released.
+- avoid using ssl_fill_hello_random() in s3_clnt.c
 
 openssl-t4-inline.sparc-patch
 SPARC-only patch.
@@ -135,9 +129,10 @@
 The fips Build
 ---
 
-FIPS-140 certified libraries for Solaris private use. Since OpenSSL 1.0.1 is
-now FIPS-140 certified, we can ship only 1.0.1 with S12 and S11.2 and make
-it a public interface. (To be done next)
+We are now shipping FIPS-140 certified OpenSSL 1.0.1 with S12 and S11.2.
+The admin may choose to activate 'openssl-fips' implementation using 'pkg mediator'.
+The change will come soon.
+
 
 Patches
 ---
@@ -145,6 +140,7 @@
 All the patches from 1.0.1 (non-fips) are used in 1.0.1(fips) as well aside from
 14-manpage_openssl.patch which is not needed since we do not deliver 1.0.1(fips) man
 pages.  Once we make fips version public, we should deliver man page.
+(coming soon)
 
 The wanboot Build
 ----
@@ -176,7 +172,7 @@
 first build static standalone openssl bits in Userland. As a site effect,
 static libraries libssl.a and libcrypto.a are created in build/sparcv9-wanboot.
 
-    $ cd $USERLAND/components/openssl/openssl-1.0.0 ; gmake build
+    $ cd $USERLAND/components/openssl/openssl-1.0.1 ; gmake build
 
 Next, collect some information from linking wanboot static libraries in ON.
 This can be done by the following hack.
@@ -184,16 +180,16 @@
     $ cd $ON/usr/src/psm/stand/boot/sparcv9/sun4
     $ touch wanboot.o
     $ LD_OPTIONS="-Dfiles,symbols,output=ld.dbg \
-        -L$USERLAND/components/openssl/openssl-1.0.0/build/sparcv9-wanboot " \
+        -L$USERLAND/components/openssl/openssl-1.0.1/build/sparcv9-wanboot " \
         WAN_OPENSSL=" -lwanboot -lssl -lcrypto" dmake all
 
 The following sort of information ends up in ld.dbg (note that the debugging
 output from the link-editor is not considered a 'stable interface' and may
 change in the future):
 
-    debug: file=/builds/tkuthan/ul-wanboot-rebuilt/components/openssl/openssl-1.0.0/build/sparcv9-wanboot/libcrypto.a(sparcv9cap.o)  [ ET_REL ]
+    debug: file=/builds/tkuthan/ul-wanboot-rebuilt/components/openssl/openssl-1.0.1/build/sparcv9-wanboot/libcrypto.a(sparcv9cap.o)  [ ET_REL ]
     debug:
-    debug: symbol table processing; file=/builds/tkuthan/ul-wanboot-rebuilt/components/openssl/openssl-1.0.0/build/sparcv9-wanboot/libcrypto.a(sparcv9cap.o)  [ ET_REL ]
+    debug: symbol table processing; file=/builds/tkuthan/ul-wanboot-rebuilt/components/openssl/openssl-1.0.1/build/sparcv9-wanboot/libcrypto.a(sparcv9cap.o)  [ ET_REL ]
     debug: symbol[1]=sparcv9cap.c
     ....
 
@@ -205,7 +201,7 @@
     USERLAND=/builds/tkuthan/ul-wanboot-rebuilt
     ON=/builds/tkuthan/on11u1-wanboot-rti
  
-    BUILD=$USERLAND/components/openssl/openssl-1.0.0/build/sparcv9-wanboot
+    BUILD=$USERLAND/components/openssl/openssl-1.0.1/build/sparcv9-wanboot
     LD_DBG=$ON/usr/src/psm/stand/boot/sparcv9/sun4/ld.dbg
  
     for i in `find $BUILD/crypto $BUILD/ssl -name '*.o'`
--- a/components/openssl/openssl-1.0.1/patches/30_wanboot.patch	Thu Jan 30 13:44:37 2014 -0800
+++ b/components/openssl/openssl-1.0.1/patches/30_wanboot.patch	Thu Jan 30 14:31:44 2014 -0800
@@ -351,3 +351,19 @@
 
  SRC= $(LIBSRC)
 
+--- openssl-1.0.1f/ssl/s3_clnt.c    Thu Jan 30 02:53:33 2014
++++ openssl-1.0.1f/ssl/s3_clnt.c.new   Thu Jan 30 02:57:51 2014
+@@ -681,8 +681,13 @@
+ 
+ 		p=s->s3->client_random;
+ 
++#ifndef	_BOOT
+ 		if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
+ 			goto err;
++#else
++		if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0)
++			goto err;
++#endif
+ 
+ 		/* Do the message type and length last */
+ 		d=p= &(buf[4]);
upstream/oracle/userland-gate