18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o s11-update
authorMisaki Miyashita <Misaki.Miyashita@Oracle.COM>
Fri, 31 Jan 2014 18:14:58 -0800
branchs11-update
changeset 2931 8e563e01c224
parent 2930 4177d9c0b142
child 2932 e38748989807
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
components/openssl/README
components/openssl/openssl-1.0.1/patches/30_wanboot.patch
--- a/components/openssl/README	Fri Jan 31 18:03:31 2014 -0800
+++ b/components/openssl/README	Fri Jan 31 18:14:58 2014 -0800
@@ -21,6 +21,7 @@
 # Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
 #
 
+
 Build Layout
 ---
 
@@ -36,25 +37,21 @@
 OpenSSL Version
 ---
 
-For non-FIPS build, we currently deliver OpenSSL 1.0.1e with some updates
+For non-FIPS build, we currently deliver OpenSSL 1.0.1 with some updates
 from OpenSSL 1.0.2 to make T4 instructions embedded in the OpenSSL
 upstream code.  As of April 2013, 1.0.2 is not yet released, and therefore,
 we have decided to patch the code.
 The following files/code are copied in from 1.0.2.
 added:
-    components/openssl/openssl-1.0.1/inline-t4/aest4-sparcv9.pl
-    components/openssl/openssl-1.0.1/inline-t4/dest4-sparcv9.pl
-    components/openssl/openssl-1.0.1/inline-t4/md5-sparcv9.pl
-    components/openssl/openssl-1.0.1/inline-t4/sparc_arch.h
-    components/openssl/openssl-1.0.1/inline-t4/sparct4-mont.pl
-    components/openssl/openssl-1.0.1/inline-t4/sparcv9_modes.pl
-    components/openssl/openssl-1.0.1/inline-t4/sparcv9-gf2m.pl
-    components/openssl/openssl-1.0.1/inline-t4/vis3-mont.pl
-    components/openssl/openssl-1.0.1/patches/openssl-t4-inline.sparc-patch
-TPNO for OpenSSL 1.0.1e is 13003.
-
-For FIPS build, we currently deliver OpenSSL 0.9.8y with OpenSSL FIPS module 2.1.
-TPNO for OpenSSL 0.9.8y is 13019.
+   components/openssl/openssl-1.0.1/inline-t4/aest4-sparcv9.pl
+   components/openssl/openssl-1.0.1/inline-t4/dest4-sparcv9.pl
+   components/openssl/openssl-1.0.1/inline-t4/md5-sparcv9.pl
+   components/openssl/openssl-1.0.1/inline-t4/sparc_arch.h
+   components/openssl/openssl-1.0.1/inline-t4/sparct4-mont.pl
+   components/openssl/openssl-1.0.1/inline-t4/sparcv9_modes.pl
+   components/openssl/openssl-1.0.1/inline-t4/sparcv9-gf2m.pl
+   components/openssl/openssl-1.0.1/inline-t4/vis3-mont.pl
+   components/openssl/openssl-1.0.1/patches/openssl-t4-inline.sparc-patch
 
 
 The non-fips Build.
@@ -77,7 +74,7 @@
 Force openssl to install man pages into man[1357]openssl instead of man[1357].
 
 15-pkcs11_engine-0.9.8a.patch
-Patch which adds the pkcs11 engine. See also the engines/pkcs11 
+Patch which adds the pkcs11 engine. See also the engines/pkcs11
 sub-directory. 
 
 18-compiler_opts.patch
@@ -117,9 +114,7 @@
     - results in not using FPU for big numbers multiplication
     - should be ok - original detection seems broken, FPU gets never used
 - implementation of atoi()
-
-31_dtls_version.patch
-Fix DTLS_BAD_VER bug reported after OpenSSL 1.0.1e is released.
+- avoid using ssl_fill_hello_random() in s3_clnt.c
 
 openssl-t4-inline.sparc-patch
 SPARC-only patch.
@@ -134,16 +129,18 @@
 The fips Build
 ---
 
-FIPS-140 certified libraries for Solaris private use. We wait for OpenSSL 1.0.1
-to be FIPS-140 certified in which time we can ship only 1.0.1 with S11 and make
-it a public interface. (To be done next)
+We are now shipping FIPS-140 certified OpenSSL 1.0.1 with S12 and S11.2.
+The admin may choose to activate 'openssl-fips' implementation using 'pkg mediator'.
+The change will come soon.
+
 
 Patches
 ---
 
-All the patches from 1.0.1 (non-fips) are used in 1.0.1 (fips) as well aside from
-14-manpage_openssl.patch which is not needed since we do not deliver 1.0.1 man
+All the patches from 1.0.1 (non-fips) are used in 1.0.1(fips) as well aside from
+14-manpage_openssl.patch which is not needed since we do not deliver 1.0.1(fips) man
 pages.  Once we make fips version public, we should deliver man page.
+(coming soon)
 
 The wanboot Build
 ----
@@ -175,7 +172,7 @@
 first build static standalone openssl bits in Userland. As a site effect,
 static libraries libssl.a and libcrypto.a are created in build/sparcv9-wanboot.
 
-    $ cd $USERLAND/components/openssl/openssl-1.0.0 ; gmake build
+    $ cd $USERLAND/components/openssl/openssl-1.0.1 ; gmake build
 
 Next, collect some information from linking wanboot static libraries in ON.
 This can be done by the following hack.
@@ -183,16 +180,16 @@
     $ cd $ON/usr/src/psm/stand/boot/sparcv9/sun4
     $ touch wanboot.o
     $ LD_OPTIONS="-Dfiles,symbols,output=ld.dbg \
-        -L$USERLAND/components/openssl/openssl-1.0.0/build/sparcv9-wanboot " \
+        -L$USERLAND/components/openssl/openssl-1.0.1/build/sparcv9-wanboot " \
         WAN_OPENSSL=" -lwanboot -lssl -lcrypto" dmake all
 
 The following sort of information ends up in ld.dbg (note that the debugging
 output from the link-editor is not considered a 'stable interface' and may
 change in the future):
 
-    debug: file=/builds/tkuthan/ul-wanboot-rebuilt/components/openssl/openssl-1.0.0/build/sparcv9-wanboot/libcrypto.a(sparcv9cap.o)  [ ET_REL ]
+    debug: file=/builds/tkuthan/ul-wanboot-rebuilt/components/openssl/openssl-1.0.1/build/sparcv9-wanboot/libcrypto.a(sparcv9cap.o)  [ ET_REL ]
     debug:
-    debug: symbol table processing; file=/builds/tkuthan/ul-wanboot-rebuilt/components/openssl/openssl-1.0.0/build/sparcv9-wanboot/libcrypto.a(sparcv9cap.o)  [ ET_REL ]
+    debug: symbol table processing; file=/builds/tkuthan/ul-wanboot-rebuilt/components/openssl/openssl-1.0.1/build/sparcv9-wanboot/libcrypto.a(sparcv9cap.o)  [ ET_REL ]
     debug: symbol[1]=sparcv9cap.c
     ....
 
@@ -204,7 +201,7 @@
     USERLAND=/builds/tkuthan/ul-wanboot-rebuilt
     ON=/builds/tkuthan/on11u1-wanboot-rti
  
-    BUILD=$USERLAND/components/openssl/openssl-1.0.0/build/sparcv9-wanboot
+    BUILD=$USERLAND/components/openssl/openssl-1.0.1/build/sparcv9-wanboot
     LD_DBG=$ON/usr/src/psm/stand/boot/sparcv9/sun4/ld.dbg
  
     for i in `find $BUILD/crypto $BUILD/ssl -name '*.o'`
--- a/components/openssl/openssl-1.0.1/patches/30_wanboot.patch	Fri Jan 31 18:03:31 2014 -0800
+++ b/components/openssl/openssl-1.0.1/patches/30_wanboot.patch	Fri Jan 31 18:14:58 2014 -0800
@@ -351,3 +351,19 @@
 
  SRC= $(LIBSRC)
 
+--- openssl-1.0.1f/ssl/s3_clnt.c    Thu Jan 30 02:53:33 2014
++++ openssl-1.0.1f/ssl/s3_clnt.c.new   Thu Jan 30 02:57:51 2014
[email protected]@ -681,8 +681,13 @@
+ 
+ 		p=s->s3->client_random;
+ 
++#ifndef	_BOOT
+ 		if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
+ 			goto err;
++#else
++		if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0)
++			goto err;
++#endif
+ 
+ 		/* Do the message type and length last */
+ 		d=p= &(buf[4]);