ports

morpheus ports
git clone git://git.2f30.org/ports.git
Log | Files | Refs | LICENSE

commit 18d6d50aeb35f5842782aa359c8a590f706dc54e
parent 4e3b8d4c8685add103daf4096f93c26bb0489ddc
Author: Hiltjo Posthuma <hiltjo@codemadness.org>
Date:   Thu Apr 24 22:35:54 +0200

ports: add openssl

initial version, will need more work

Signed-off-by: Hiltjo Posthuma <hiltjo@codemadness.org>

Diffstat:
openssl/depsinc.mk | 6++++++
openssl/mkfile | 6++++++
openssl/openssl-1.0.0a-ldflags.patch | 23+++++++++++++++++++++++
openssl/openssl-1.0.0d-windres.patch | 76++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
openssl/openssl-1.0.0h-pkg-config.patch | 32++++++++++++++++++++++++++++++++
openssl/openssl-1.0.1-parallel-build.patch | 337+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
openssl/openssl-1.0.1-x32.patch | 79+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
openssl/openssl-1.0.1e-ipv6.patch | 656+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
openssl/openssl.mk | 68++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
openssl/v.mk | 1+
10 files changed, 1284 insertions(+), 0 deletions(-)
diff --git a/openssl/depsinc.mk b/openssl/depsinc.mk @@ -0,0 +1,6 @@ +<$openssl_DEPDIR/v.mk + +openssl_includedir = $openssl_DEPDIR/openssl-$v/include +openssl_libdir = $openssl_DEPDIR/openssl-$v +DEPS_CFLAGS = $DEPS_CFLAGS -I$openssl_includedir +DEPS_LDFLAGS = $DEPS_LDFLAGS -L$openssl_libdir -lssl diff --git a/openssl/mkfile b/openssl/mkfile @@ -0,0 +1,6 @@ +<$mkbuild/mk.3rdparty + +<v.mk +src = openssl-$v +url = https://www.openssl.org/source/openssl-$v.tar.gz +mkfile = ../openssl.mk diff --git a/openssl/openssl-1.0.0a-ldflags.patch b/openssl/openssl-1.0.0a-ldflags.patch @@ -0,0 +1,23 @@ +http://bugs.gentoo.org/327421 + +--- a/Makefile.org ++++ b/Makefile.org +@@ -189,6 +189,7 @@ + MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \ + DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \ + MAKEDEPPROG='$(MAKEDEPPROG)' \ ++ LDFLAGS='${LDFLAGS}' \ + SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \ + KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \ + ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \ +--- a/Makefile.shared ++++ b/Makefile.shared +@@ -153,7 +153,7 @@ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + +-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" ++DO_GNU_APP=LDFLAGS="$(LDFLAGS) $(CFLAGS)" + + #This is rather special. It's a special target with which one can link + #applications without bothering with any features that have anything to diff --git a/openssl/openssl-1.0.0d-windres.patch b/openssl/openssl-1.0.0d-windres.patch @@ -0,0 +1,76 @@ +URL: http://rt.openssl.org/Ticket/Display.html?id=2558 +Subject: make windres controllable via build env var settings + +atm, the windres code in openssl is only usable via the cross-compile prefix +option unlike all the other build tools. so add support for the standard $RC +/ $WINDRES env vars as well. + +Index: Configure +=================================================================== +RCS file: /usr/local/src/openssl/CVSROOT/openssl/Configure,v +retrieving revision 1.621.2.40 +diff -u -p -r1.621.2.40 Configure +--- a/Configure 30 Nov 2010 22:19:26 -0000 1.621.2.40 ++++ b/Configure 4 Jul 2011 23:12:32 -0000 +@@ -1094,6 +1094,7 @@ my $shared_extension = $fields[$idx_shar + my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib]; + my $ar = $ENV{'AR'} || "ar"; + my $arflags = $fields[$idx_arflags]; ++my $windres = $ENV{'RC'} || $ENV{'WINDRES'} || "windres"; + my $multilib = $fields[$idx_multilib]; + + # if $prefix/lib$multilib is not an existing directory, then +@@ -1511,12 +1512,14 @@ while (<IN>) + s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/; + s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/; + s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/; ++ s/^WINDRES=\s*/WINDRES= \$\(CROSS_COMPILE\)/; + s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc"; + } + else { + s/^CC=.*$/CC= $cc/; + s/^AR=\s*ar/AR= $ar/; + s/^RANLIB=.*/RANLIB= $ranlib/; ++ s/^WINDRES=.*/WINDRES= $windres/; + s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; + } + s/^CFLAG=.*$/CFLAG= $cflags/; +Index: Makefile.org +=================================================================== +RCS file: /usr/local/src/openssl/CVSROOT/openssl/Makefile.org,v +retrieving revision 1.295.2.10 +diff -u -p -r1.295.2.10 Makefile.org +--- a/Makefile.org 27 Jan 2010 16:06:58 -0000 1.295.2.10 ++++ b/Makefile.org 4 Jul 2011 23:13:08 -0000 +@@ -66,6 +66,7 @@ EXE_EXT= + ARFLAGS= + AR=ar $(ARFLAGS) r + RANLIB= ranlib ++WINDRES= windres + NM= nm + PERL= perl + TAR= tar +@@ -180,6 +181,7 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESS + CC='$(CC)' CFLAG='$(CFLAG)' \ + AS='$(CC)' ASFLAG='$(CFLAG) -c' \ + AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \ ++ WINDRES='$(WINDRES)' \ + CROSS_COMPILE='$(CROSS_COMPILE)' \ + PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \ + SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \ +Index: Makefile.shared +=================================================================== +RCS file: /usr/local/src/openssl/CVSROOT/openssl/Makefile.shared,v +retrieving revision 1.72.2.4 +diff -u -p -r1.72.2.4 Makefile.shared +--- a/Makefile.shared 21 Aug 2010 11:36:49 -0000 1.72.2.4 ++++ b/Makefile.shared 4 Jul 2011 23:13:52 -0000 +@@ -293,7 +293,7 @@ link_a.cygwin: + fi; \ + dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \ + $(PERL) util/mkrc.pl $$dll_name | \ +- $(CROSS_COMPILE)windres -o rc.o; \ ++ $(WINDRES) -o rc.o; \ + extras="$$extras rc.o"; \ + ALLSYMSFLAGS='-Wl,--whole-archive'; \ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ diff --git a/openssl/openssl-1.0.0h-pkg-config.patch b/openssl/openssl-1.0.0h-pkg-config.patch @@ -0,0 +1,32 @@ +depend on other pc files rather than encoding library info directly in +every pkg-config file + +--- a/Makefile.org ++++ b/Makefile.org +@@ -335,11 +335,11 @@ libssl.pc: Makefile + echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ + echo 'includedir=$${prefix}/include'; \ + echo ''; \ +- echo 'Name: OpenSSL'; \ ++ echo 'Name: OpenSSL-libssl'; \ + echo 'Description: Secure Sockets Layer and cryptography libraries'; \ + echo 'Version: '$(VERSION); \ +- echo 'Requires: '; \ +- echo 'Libs: -L$${libdir} -lssl -lcrypto'; \ ++ echo 'Requires.private: libcrypto'; \ ++ echo 'Libs: -L$${libdir} -lssl'; \ + echo 'Libs.private: $(EX_LIBS)'; \ + echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc + +@@ -352,10 +353,7 @@ openssl.pc: Makefile + echo 'Name: OpenSSL'; \ + echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \ + echo 'Version: '$(VERSION); \ +- echo 'Requires: '; \ +- echo 'Libs: -L$${libdir} -lssl -lcrypto'; \ +- echo 'Libs.private: $(EX_LIBS)'; \ +- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc ++ echo 'Requires: libssl libcrypto' ) > openssl.pc + + Makefile: Makefile.org Configure config + @echo "Makefile is older than Makefile.org, Configure or config." diff --git a/openssl/openssl-1.0.1-parallel-build.patch b/openssl/openssl-1.0.1-parallel-build.patch @@ -0,0 +1,337 @@ +http://rt.openssl.org/Ticket/Display.html?id=2084 + +--- a/Makefile.org ++++ b/Makefile.org +@@ -247,17 +247,17 @@ + build_libs: build_crypto build_ssl build_engines + + build_crypto: +- @dir=crypto; target=all; $(BUILD_ONE_CMD) ++ +@dir=crypto; target=all; $(BUILD_ONE_CMD) +-build_ssl: ++build_ssl: build_crypto +- @dir=ssl; target=all; $(BUILD_ONE_CMD) ++ +@dir=ssl; target=all; $(BUILD_ONE_CMD) +-build_engines: ++build_engines: build_crypto +- @dir=engines; target=all; $(BUILD_ONE_CMD) ++ +@dir=engines; target=all; $(BUILD_ONE_CMD) +-build_apps: ++build_apps: build_libs +- @dir=apps; target=all; $(BUILD_ONE_CMD) ++ +@dir=apps; target=all; $(BUILD_ONE_CMD) +-build_tests: ++build_tests: build_libs +- @dir=test; target=all; $(BUILD_ONE_CMD) ++ +@dir=test; target=all; $(BUILD_ONE_CMD) +-build_tools: ++build_tools: build_libs +- @dir=tools; target=all; $(BUILD_ONE_CMD) ++ +@dir=tools; target=all; $(BUILD_ONE_CMD) + + all_testapps: build_libs build_testapps + build_testapps: +@@ -497,9 +497,9 @@ + dist_pem_h: + (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) + +-install: all install_docs install_sw ++install: install_docs install_sw + +-install_sw: ++install_dirs: + @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ +@@ -508,6 +508,13 @@ + $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/private ++ @$(PERL) $(TOP)/util/mkdir-p.pl \ ++ $(INSTALL_PREFIX)$(MANDIR)/man1 \ ++ $(INSTALL_PREFIX)$(MANDIR)/man3 \ ++ $(INSTALL_PREFIX)$(MANDIR)/man5 \ ++ $(INSTALL_PREFIX)$(MANDIR)/man7 ++ ++install_sw: install_dirs + @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +@@ -511,7 +518,7 @@ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; +- @set -e; target=install; $(RECURSIVE_BUILD_CMD) ++ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) + @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ + do \ + if [ -f "$$i" ]; then \ +@@ -593,12 +600,7 @@ + done; \ + done + +-install_docs: +- @$(PERL) $(TOP)/util/mkdir-p.pl \ +- $(INSTALL_PREFIX)$(MANDIR)/man1 \ +- $(INSTALL_PREFIX)$(MANDIR)/man3 \ +- $(INSTALL_PREFIX)$(MANDIR)/man5 \ +- $(INSTALL_PREFIX)$(MANDIR)/man7 ++install_docs: install_dirs + @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ + here="`pwd`"; \ + filecase=; \ +--- a/Makefile.shared ++++ b/Makefile.shared +@@ -105,6 +105,7 @@ LINK_SO= \ + SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ + LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ + LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ ++ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ + LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ + $${SHAREDCMD} $${SHAREDFLAGS} \ + -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ +@@ -122,6 +123,7 @@ SYMLINK_SO= \ + done; \ + fi; \ + if [ -n "$$SHLIB_SOVER" ]; then \ ++ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ + ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ + ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ + fi; \ +--- a/crypto/Makefile ++++ b/crypto/Makefile +@@ -85,11 +85,11 @@ + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + + subdirs: +- @target=all; $(RECURSIVE_MAKE) ++ +@target=all; $(RECURSIVE_MAKE) + + files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO +- @target=files; $(RECURSIVE_MAKE) ++ +@target=files; $(RECURSIVE_MAKE) + + links: + @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) +@@ -100,7 +100,7 @@ + # lib: $(LIB): are splitted to avoid end-less loop + lib: $(LIB) + @touch lib +-$(LIB): $(LIBOBJ) ++$(LIB): $(LIBOBJ) | subdirs + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + +@@ -110,7 +110,7 @@ + fi + + libs: +- @target=lib; $(RECURSIVE_MAKE) ++ +@target=lib; $(RECURSIVE_MAKE) + + install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... +@@ -119,7 +119,7 @@ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; +- @target=install; $(RECURSIVE_MAKE) ++ +@target=install; $(RECURSIVE_MAKE) + + lint: + @target=lint; $(RECURSIVE_MAKE) +--- a/engines/Makefile ++++ b/engines/Makefile +@@ -72,7 +72,7 @@ + + all: lib subdirs + +-lib: $(LIBOBJ) ++lib: $(LIBOBJ) | subdirs + @if [ -n "$(SHARED_LIBS)" ]; then \ + set -e; \ + for l in $(LIBNAMES); do \ +@@ -89,7 +89,7 @@ + + subdirs: + echo $(EDIRS) +- @target=all; $(RECURSIVE_MAKE) ++ +@target=all; $(RECURSIVE_MAKE) + + files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO +@@ -128,7 +128,7 @@ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ + done; \ + fi +- @target=install; $(RECURSIVE_MAKE) ++ +@target=install; $(RECURSIVE_MAKE) + + tags: + ctags $(SRC) +--- a/test/Makefile ++++ b/test/Makefile +@@ -123,7 +123,7 @@ + tags: + ctags $(SRC) + +-tests: exe apps $(TESTS) ++tests: exe $(TESTS) + + apps: + @(cd ..; $(MAKE) DIRS=apps all) +@@ -365,109 +365,109 @@ + link_app.$${shlib_target} + + $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) +- @target=$(RSATEST); $(BUILD_CMD) ++ +@target=$(RSATEST); $(BUILD_CMD) + + $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) +- @target=$(BNTEST); $(BUILD_CMD) ++ +@target=$(BNTEST); $(BUILD_CMD) + + $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) +- @target=$(ECTEST); $(BUILD_CMD) ++ +@target=$(ECTEST); $(BUILD_CMD) + + $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) +- @target=$(EXPTEST); $(BUILD_CMD) ++ +@target=$(EXPTEST); $(BUILD_CMD) + + $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) +- @target=$(IDEATEST); $(BUILD_CMD) ++ +@target=$(IDEATEST); $(BUILD_CMD) + + $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) +- @target=$(MD2TEST); $(BUILD_CMD) ++ +@target=$(MD2TEST); $(BUILD_CMD) + + $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) +- @target=$(SHATEST); $(BUILD_CMD) ++ +@target=$(SHATEST); $(BUILD_CMD) + + $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) +- @target=$(SHA1TEST); $(BUILD_CMD) ++ +@target=$(SHA1TEST); $(BUILD_CMD) + + $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) +- @target=$(SHA256TEST); $(BUILD_CMD) ++ +@target=$(SHA256TEST); $(BUILD_CMD) + + $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) +- @target=$(SHA512TEST); $(BUILD_CMD) ++ +@target=$(SHA512TEST); $(BUILD_CMD) + + $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) +- @target=$(RMDTEST); $(BUILD_CMD) ++ +@target=$(RMDTEST); $(BUILD_CMD) + + $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) +- @target=$(MDC2TEST); $(BUILD_CMD) ++ +@target=$(MDC2TEST); $(BUILD_CMD) + + $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) +- @target=$(MD4TEST); $(BUILD_CMD) ++ +@target=$(MD4TEST); $(BUILD_CMD) + + $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) +- @target=$(MD5TEST); $(BUILD_CMD) ++ +@target=$(MD5TEST); $(BUILD_CMD) + + $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) +- @target=$(HMACTEST); $(BUILD_CMD) ++ +@target=$(HMACTEST); $(BUILD_CMD) + + $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO) +- @target=$(WPTEST); $(BUILD_CMD) ++ +@target=$(WPTEST); $(BUILD_CMD) + + $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) +- @target=$(RC2TEST); $(BUILD_CMD) ++ +@target=$(RC2TEST); $(BUILD_CMD) + + $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) +- @target=$(BFTEST); $(BUILD_CMD) ++ +@target=$(BFTEST); $(BUILD_CMD) + + $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) +- @target=$(CASTTEST); $(BUILD_CMD) ++ +@target=$(CASTTEST); $(BUILD_CMD) + + $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) +- @target=$(RC4TEST); $(BUILD_CMD) ++ +@target=$(RC4TEST); $(BUILD_CMD) + + $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) +- @target=$(RC5TEST); $(BUILD_CMD) ++ +@target=$(RC5TEST); $(BUILD_CMD) + + $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) +- @target=$(DESTEST); $(BUILD_CMD) ++ +@target=$(DESTEST); $(BUILD_CMD) + + $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) +- @target=$(RANDTEST); $(BUILD_CMD) ++ +@target=$(RANDTEST); $(BUILD_CMD) + + $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) +- @target=$(DHTEST); $(BUILD_CMD) ++ +@target=$(DHTEST); $(BUILD_CMD) + + $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) +- @target=$(DSATEST); $(BUILD_CMD) ++ +@target=$(DSATEST); $(BUILD_CMD) + + $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) +- @target=$(METHTEST); $(BUILD_CMD) ++ +@target=$(METHTEST); $(BUILD_CMD) + + $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) +- @target=$(SSLTEST); $(FIPS_BUILD_CMD) ++ +@target=$(SSLTEST); $(FIPS_BUILD_CMD) + + $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) +- @target=$(ENGINETEST); $(BUILD_CMD) ++ +@target=$(ENGINETEST); $(BUILD_CMD) + + $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) +- @target=$(EVPTEST); $(BUILD_CMD) ++ +@target=$(EVPTEST); $(BUILD_CMD) + + $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) +- @target=$(ECDSATEST); $(BUILD_CMD) ++ +@target=$(ECDSATEST); $(BUILD_CMD) + + $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) +- @target=$(ECDHTEST); $(BUILD_CMD) ++ +@target=$(ECDHTEST); $(BUILD_CMD) + + $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) +- @target=$(IGETEST); $(BUILD_CMD) ++ +@target=$(IGETEST); $(BUILD_CMD) + + $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) +- @target=$(JPAKETEST); $(BUILD_CMD) ++ +@target=$(JPAKETEST); $(BUILD_CMD) + + $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) +- @target=$(ASN1TEST); $(BUILD_CMD) ++ +@target=$(ASN1TEST); $(BUILD_CMD) + + $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO) +- @target=$(SRPTEST); $(BUILD_CMD) ++ +@target=$(SRPTEST); $(BUILD_CMD) + + #$(AESTEST).o: $(AESTEST).c + # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c +@@ -480,7 +480,7 @@ + # fi + + dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) +- @target=dummytest; $(BUILD_CMD) ++ +@target=dummytest; $(BUILD_CMD) + + # DO NOT DELETE THIS LINE -- make depend depends on it. + diff --git a/openssl/openssl-1.0.1-x32.patch b/openssl/openssl-1.0.1-x32.patch @@ -0,0 +1,79 @@ +http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=51bfed2e26fc13a66e8b5710aa2ce1d7a04af721 + +UpstreamStatus: Pending + +Received from H J Liu @ Intel +Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors. +Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13 + +ported the patch to the 1.0.0e version +Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01 +Index: openssl-1.0.0e/Configure +=================================================================== +--- openssl-1.0.0e.orig/Configure ++++ openssl-1.0.0e/Configure +@@ -393,6 +393,7 @@ my %table=( + "debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", ++"linux-x32", "gcc:-DL_ENDIAN -DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "dist", "cc:-O::(unknown)::::::", + + # Basic configs that should work on any (32 and less bit) box +Index: openssl-1.0.0e/crypto/bn/asm/x86_64-gcc.c +=================================================================== +--- openssl-1.0.0e.orig/crypto/bn/asm/x86_64-gcc.c ++++ openssl-1.0.0e/crypto/bn/asm/x86_64-gcc.c +@@ -55,7 +55,7 @@ + * machine. + */ + +-#ifdef _WIN64 ++#if defined _WIN64 || !defined __LP64__ + #define BN_ULONG unsigned long long + #else + #define BN_ULONG unsigned long +@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con + asm ( + " subq %2,%2 \n" + ".p2align 4 \n" +- "1: movq (%4,%2,8),%0 \n" +- " adcq (%5,%2,8),%0 \n" +- " movq %0,(%3,%2,8) \n" ++ "1: movq (%q4,%2,8),%0 \n" ++ " adcq (%q5,%2,8),%0 \n" ++ " movq %0,(%q3,%2,8) \n" + " leaq 1(%2),%2 \n" + " loop 1b \n" + " sbbq %0,%0 \n" +@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con + asm ( + " subq %2,%2 \n" + ".p2align 4 \n" +- "1: movq (%4,%2,8),%0 \n" +- " sbbq (%5,%2,8),%0 \n" +- " movq %0,(%3,%2,8) \n" ++ "1: movq (%q4,%2,8),%0 \n" ++ " sbbq (%q5,%2,8),%0 \n" ++ " movq %0,(%q3,%2,8) \n" + " leaq 1(%2),%2 \n" + " loop 1b \n" + " sbbq %0,%0 \n" +Index: openssl-1.0.0e/crypto/bn/bn.h +=================================================================== +--- openssl-1.0.0e.orig/crypto/bn/bn.h ++++ openssl-1.0.0e/crypto/bn/bn.h +@@ -172,6 +172,13 @@ extern "C" { + # endif + #endif + ++/* Address type. */ ++#ifdef _WIN64 ++#define BN_ADDR unsigned long long ++#else ++#define BN_ADDR unsigned long ++#endif ++ + /* assuming long is 64bit - this is the DEC Alpha + * unsigned long long is only 64 bits :-(, don't define + * BN_LLONG for the DEC Alpha */ diff --git a/openssl/openssl-1.0.1e-ipv6.patch b/openssl/openssl-1.0.1e-ipv6.patch @@ -0,0 +1,656 @@ +http://rt.openssl.org/Ticket/Display.html?id=2051 +user/pass: guest/guest + +Index: apps/s_apps.h +=================================================================== +RCS file: /v/openssl/cvs/openssl/apps/s_apps.h,v +retrieving revision 1.21.2.1 +diff -u -r1.21.2.1 s_apps.h +--- apps/s_apps.h 4 Sep 2009 17:42:04 -0000 1.21.2.1 ++++ apps/s_apps.h 28 Dec 2011 00:28:14 -0000 +@@ -148,7 +148,7 @@ + #define PORT_STR "4433" + #define PROTOCOL "tcp" + +-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context); ++int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6); + #ifdef HEADER_X509_H + int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); + #endif +@@ -156,7 +156,7 @@ + int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); + int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key); + #endif +-int init_client(int *sock, char *server, int port, int type); ++int init_client(int *sock, char *server, int port, int type, int use_ipv4, int use_ipv6); + int should_retry(int i); + int extract_port(char *str, short *port_ptr); + int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p); +Index: apps/s_client.c +=================================================================== +RCS file: /v/openssl/cvs/openssl/apps/s_client.c,v +retrieving revision 1.123.2.6.2.10 +diff -u -r1.123.2.6.2.10 s_client.c +--- apps/s_client.c 14 Dec 2011 22:18:02 -0000 1.123.2.6.2.10 ++++ apps/s_client.c 28 Dec 2011 00:28:14 -0000 +@@ -285,6 +285,10 @@ + { + BIO_printf(bio_err,"usage: s_client args\n"); + BIO_printf(bio_err,"\n"); ++ BIO_printf(bio_err," -4 - use IPv4 only\n"); ++#if OPENSSL_USE_IPV6 ++ BIO_printf(bio_err," -6 - use IPv6 only\n"); ++#endif + BIO_printf(bio_err," -host host - use -connect instead\n"); + BIO_printf(bio_err," -port port - use -connect instead\n"); + BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); +@@ -564,6 +567,7 @@ + int sbuf_len,sbuf_off; + fd_set readfds,writefds; + short port=PORT; ++ int use_ipv4, use_ipv6; + int full_log=1; + char *host=SSL_HOST_NAME; + char *cert_file=NULL,*key_file=NULL; +@@ -609,7 +613,11 @@ + #endif + char *sess_in = NULL; + char *sess_out = NULL; +- struct sockaddr peer; ++#if OPENSSL_USE_IPV6 ++ struct sockaddr_storage peer; ++#else ++ struct sockaddr_in peer; ++#endif + int peerlen = sizeof(peer); + int enable_timeouts = 0 ; + long socket_mtu = 0; +@@ -630,6 +638,12 @@ + meth=SSLv2_client_method(); + #endif + ++ use_ipv4 = 1; ++#if OPENSSL_USE_IPV6 ++ use_ipv6 = 1; ++#else ++ use_ipv6 = 0; ++#endif + apps_startup(); + c_Pause=0; + c_quiet=0; +@@ -951,6 +961,18 @@ + jpake_secret = *++argv; + } + #endif ++ else if (strcmp(*argv,"-4") == 0) ++ { ++ use_ipv4 = 1; ++ use_ipv6 = 0; ++ } ++#if OPENSSL_USE_IPV6 ++ else if (strcmp(*argv,"-6") == 0) ++ { ++ use_ipv4 = 0; ++ use_ipv6 = 1; ++ } ++#endif + #ifndef OPENSSL_NO_SRTP + else if (strcmp(*argv,"-use_srtp") == 0) + { +@@ -1259,7 +1276,7 @@ + + re_start: + +- if (init_client(&s,host,port,socket_type) == 0) ++ if (init_client(&s,host,port,socket_type,use_ipv4,use_ipv6) == 0) + { + BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); + SHUTDOWN(s); +@@ -1285,7 +1302,7 @@ + { + + sbio=BIO_new_dgram(s,BIO_NOCLOSE); +- if (getsockname(s, &peer, (void *)&peerlen) < 0) ++ if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0) + { + BIO_printf(bio_err, "getsockname:errno=%d\n", + get_last_socket_error()); +=================================================================== +RCS file: /v/openssl/cvs/openssl/apps/s_server.c,v +retrieving revision 1.136.2.15.2.13 +diff -u -r1.136.2.15.2.13 s_server.c +--- apps/s_server.c 27 Dec 2011 14:23:22 -0000 1.136.2.15.2.13 ++++ apps/s_server.c 28 Dec 2011 00:28:14 -0000 +@@ -558,6 +558,10 @@ + # endif + BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list"); + #endif ++ BIO_printf(bio_err," -4 - use IPv4 only\n"); ++#if OPENSSL_USE_IPV6 ++ BIO_printf(bio_err," -6 - use IPv6 only\n"); ++#endif + BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); + BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); + } +@@ -943,6 +947,7 @@ + int state=0; + const SSL_METHOD *meth=NULL; + int socket_type=SOCK_STREAM; ++ int use_ipv4, use_ipv6; + ENGINE *e=NULL; + char *inrand=NULL; + int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; +@@ -981,6 +986,12 @@ + /* #error no SSL version enabled */ + #endif + ++ use_ipv4 = 1; ++#if OPENSSL_USE_IPV6 ++ use_ipv6 = 1; ++#else ++ use_ipv6 = 0; ++#endif + local_argc=argc; + local_argv=argv; + +@@ -1329,6 +1340,18 @@ + jpake_secret = *(++argv); + } + #endif ++ else if (strcmp(*argv,"-4") == 0) ++ { ++ use_ipv4 = 1; ++ use_ipv6 = 0; ++ } ++#if OPENSSL_USE_IPV6 ++ else if (strcmp(*argv,"-6") == 0) ++ { ++ use_ipv4 = 0; ++ use_ipv6 = 1; ++ } ++#endif + #ifndef OPENSSL_NO_SRTP + else if (strcmp(*argv,"-use_srtp") == 0) + { +@@ -1884,9 +1907,9 @@ + BIO_printf(bio_s_out,"ACCEPT\n"); + (void)BIO_flush(bio_s_out); + if (www) +- do_server(port,socket_type,&accept_socket,www_body, context); ++ do_server(port,socket_type,&accept_socket,www_body, context, use_ipv4, use_ipv6); + else +- do_server(port,socket_type,&accept_socket,sv_body, context); ++ do_server(port,socket_type,&accept_socket,sv_body, context, use_ipv4, use_ipv6); + print_stats(bio_s_out,ctx); + ret=0; + end: +Index: apps/s_socket.c +=================================================================== +RCS file: /v/openssl/cvs/openssl/apps/s_socket.c,v +retrieving revision 1.43.2.3.2.2 +diff -u -r1.43.2.3.2.2 s_socket.c +--- apps/s_socket.c 2 Dec 2011 14:39:40 -0000 1.43.2.3.2.2 ++++ apps/s_socket.c 28 Dec 2011 00:28:14 -0000 +@@ -97,16 +97,16 @@ + #include "netdb.h" + #endif + +-static struct hostent *GetHostByName(char *name); ++static struct hostent *GetHostByName(char *name, int domain); + #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) + static void ssl_sock_cleanup(void); + #endif + static int ssl_sock_init(void); +-static int init_client_ip(int *sock,unsigned char ip[4], int port, int type); +-static int init_server(int *sock, int port, int type); +-static int init_server_long(int *sock, int port,char *ip, int type); ++static int init_client_ip(int *sock,unsigned char *ip, int port, int type, int domain); ++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6); ++static int init_server_long(int *sock, int port,char *ip, int type, int use_ipv4, int use_ipv6); + static int do_accept(int acc_sock, int *sock, char **host); +-static int host_ip(char *str, unsigned char ip[4]); ++static int host_ip(char *str, unsigned char *ip, int domain); + + #ifdef OPENSSL_SYS_WIN16 + #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ +@@ -234,38 +234,68 @@ + return(1); + } + +-int init_client(int *sock, char *host, int port, int type) ++int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6) + { ++#if OPENSSL_USE_IPV6 ++ unsigned char ip[16]; ++#else + unsigned char ip[4]; ++#endif + +- memset(ip, '\0', sizeof ip); +- if (!host_ip(host,&(ip[0]))) +- return 0; +- return init_client_ip(sock,ip,port,type); +- } +- +-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) +- { +- unsigned long addr; ++ if (use_ipv4) ++ if (host_ip(host,ip,AF_INET)) ++ return(init_client_ip(sock,ip,port,type,AF_INET)); ++#if OPENSSL_USE_IPV6 ++ if (use_ipv6) ++ if (host_ip(host,ip,AF_INET6)) ++ return(init_client_ip(sock,ip,port,type,AF_INET6)); ++#endif ++ return 0; ++ } ++ ++static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain) ++ { ++#if OPENSSL_USE_IPV6 ++ struct sockaddr_storage them; ++ struct sockaddr_in *them_in = (struct sockaddr_in *)&them; ++ struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them; ++#else + struct sockaddr_in them; ++ struct sockaddr_in *them_in = &them; ++#endif ++ socklen_t addr_len; + int s,i; + + if (!ssl_sock_init()) return(0); + + memset((char *)&them,0,sizeof(them)); +- them.sin_family=AF_INET; +- them.sin_port=htons((unsigned short)port); +- addr=(unsigned long) +- ((unsigned long)ip[0]<<24L)| +- ((unsigned long)ip[1]<<16L)| +- ((unsigned long)ip[2]<< 8L)| +- ((unsigned long)ip[3]); +- them.sin_addr.s_addr=htonl(addr); ++ if (domain == AF_INET) ++ { ++ addr_len = (socklen_t)sizeof(struct sockaddr_in); ++ them_in->sin_family=AF_INET; ++ them_in->sin_port=htons((unsigned short)port); ++#ifndef BIT_FIELD_LIMITS ++ memcpy(&them_in->sin_addr.s_addr, ip, 4); ++#else ++ memcpy(&them_in->sin_addr, ip, 4); ++#endif ++ } ++ else ++#if OPENSSL_USE_IPV6 ++ { ++ addr_len = (socklen_t)sizeof(struct sockaddr_in6); ++ them_in6->sin6_family=AF_INET6; ++ them_in6->sin6_port=htons((unsigned short)port); ++ memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr)); ++ } ++#else ++ return(0); ++#endif + + if (type == SOCK_STREAM) +- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); ++ s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL); + else /* ( type == SOCK_DGRAM) */ +- s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP); ++ s=socket(domain,SOCK_DGRAM,IPPROTO_UDP); + + if (s == INVALID_SOCKET) { perror("socket"); return(0); } + +@@ -277,29 +315,27 @@ + if (i < 0) { perror("keepalive"); return(0); } + } + #endif +- +- if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1) ++ if (connect(s,(struct sockaddr *)&them,addr_len) == -1) + { closesocket(s); perror("connect"); return(0); } + *sock=s; + return(1); + } + +-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context) ++int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6) + { + int sock; + char *name = NULL; + int accept_socket = 0; + int i; + +- if (!init_server(&accept_socket,port,type)) return(0); +- ++ if (!init_server(&accept_socket,port,type, use_ipv4, use_ipv6)) return(0); + if (ret != NULL) + { + *ret=accept_socket; + /* return(1);*/ + } +- for (;;) +- { ++ for (;;) ++ { + if (type==SOCK_STREAM) + { + if (do_accept(accept_socket,&sock,&name) == 0) +@@ -322,41 +358,88 @@ + } + } + +-static int init_server_long(int *sock, int port, char *ip, int type) ++static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6) + { + int ret=0; ++ int domain; ++#if OPENSSL_USE_IPV6 ++ struct sockaddr_storage server; ++ struct sockaddr_in *server_in = (struct sockaddr_in *)&server; ++ struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server; ++#else + struct sockaddr_in server; ++ struct sockaddr_in *server_in = &server; ++#endif ++ socklen_t addr_len; + int s= -1; + ++ if (!use_ipv4 && !use_ipv6) ++ goto err; ++#if OPENSSL_USE_IPV6 ++ /* we are fine here */ ++#else ++ if (use_ipv6) ++ goto err; ++#endif + if (!ssl_sock_init()) return(0); + +- memset((char *)&server,0,sizeof(server)); +- server.sin_family=AF_INET; +- server.sin_port=htons((unsigned short)port); +- if (ip == NULL) +- server.sin_addr.s_addr=INADDR_ANY; +- else +-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ +-#ifndef BIT_FIELD_LIMITS +- memcpy(&server.sin_addr.s_addr,ip,4); ++#if OPENSSL_USE_IPV6 ++ domain = use_ipv6 ? AF_INET6 : AF_INET; + #else +- memcpy(&server.sin_addr,ip,4); ++ domain = AF_INET; + #endif +- +- if (type == SOCK_STREAM) +- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); +- else /* type == SOCK_DGRAM */ +- s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP); ++ if (type == SOCK_STREAM) ++ s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL); ++ else /* type == SOCK_DGRAM */ ++ s=socket(domain, SOCK_DGRAM,IPPROTO_UDP); + + if (s == INVALID_SOCKET) goto err; + #if defined SOL_SOCKET && defined SO_REUSEADDR ++ { ++ int j = 1; ++ setsockopt(s, SOL_SOCKET, SO_REUSEADDR, ++ (void *) &j, sizeof j); ++ } ++#endif ++#if OPENSSL_USE_IPV6 ++ if ((use_ipv4 == 0) && (use_ipv6 == 1)) + { +- int j = 1; +- setsockopt(s, SOL_SOCKET, SO_REUSEADDR, +- (void *) &j, sizeof j); ++ const int on = 1; ++ ++ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, ++ (const void *) &on, sizeof(int)); + } + #endif +- if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1) ++ if (domain == AF_INET) ++ { ++ addr_len = (socklen_t)sizeof(struct sockaddr_in); ++ memset(server_in, 0, sizeof(struct sockaddr_in)); ++ server_in->sin_family=AF_INET; ++ server_in->sin_port = htons((unsigned short)port); ++ if (ip == NULL) ++ server_in->sin_addr.s_addr = htonl(INADDR_ANY); ++ else ++/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ ++#ifndef BIT_FIELD_LIMITS ++ memcpy(&server_in->sin_addr.s_addr, ip, 4); ++#else ++ memcpy(&server_in->sin_addr, ip, 4); ++#endif ++ } ++#if OPENSSL_USE_IPV6 ++ else ++ { ++ addr_len = (socklen_t)sizeof(struct sockaddr_in6); ++ memset(server_in6, 0, sizeof(struct sockaddr_in6)); ++ server_in6->sin6_family = AF_INET6; ++ server_in6->sin6_port = htons((unsigned short)port); ++ if (ip == NULL) ++ server_in6->sin6_addr = in6addr_any; ++ else ++ memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr)); ++ } ++#endif ++ if (bind(s, (struct sockaddr *)&server, addr_len) == -1) + { + #ifndef OPENSSL_SYS_WINDOWS + perror("bind"); +@@ -375,16 +458,23 @@ + return(ret); + } + +-static int init_server(int *sock, int port, int type) ++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6) + { +- return(init_server_long(sock, port, NULL, type)); ++ return(init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6)); + } + + static int do_accept(int acc_sock, int *sock, char **host) + { + int ret; + struct hostent *h1,*h2; +- static struct sockaddr_in from; ++#if OPENSSL_USE_IPV6 ++ struct sockaddr_storage from; ++ struct sockaddr_in *from_in = (struct sockaddr_in *)&from; ++ struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from; ++#else ++ struct sockaddr_in from; ++ struct sockaddr_in *from_in = &from; ++#endif + int len; + /* struct linger ling; */ + +@@ -431,13 +521,23 @@ + */ + + if (host == NULL) goto end; ++#if OPENSSL_USE_IPV6 ++ if (from.ss_family == AF_INET) ++#else ++ if (from.sin_family == AF_INET) ++#endif + #ifndef BIT_FIELD_LIMITS +- /* I should use WSAAsyncGetHostByName() under windows */ +- h1=gethostbyaddr((char *)&from.sin_addr.s_addr, +- sizeof(from.sin_addr.s_addr),AF_INET); ++ /* I should use WSAAsyncGetHostByName() under windows */ ++ h1=gethostbyaddr((char *)&from_in->sin_addr.s_addr, ++ sizeof(from_in->sin_addr.s_addr), AF_INET); + #else +- h1=gethostbyaddr((char *)&from.sin_addr, +- sizeof(struct in_addr),AF_INET); ++ h1=gethostbyaddr((char *)&from_in->sin_addr, ++ sizeof(struct in_addr), AF_INET); ++#endif ++#if OPENSSL_USE_IPV6 ++ else ++ h1=gethostbyaddr((char *)&from_in6->sin6_addr, ++ sizeof(struct in6_addr), AF_INET6); + #endif + if (h1 == NULL) + { +@@ -454,15 +554,23 @@ + } + BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1); + +- h2=GetHostByName(*host); ++#if OPENSSL_USE_IPV6 ++ h2=GetHostByName(*host, from.ss_family); ++#else ++ h2=GetHostByName(*host, from.sin_family); ++#endif + if (h2 == NULL) + { + BIO_printf(bio_err,"gethostbyname failure\n"); + return(0); + } +- if (h2->h_addrtype != AF_INET) ++#if OPENSSL_USE_IPV6 ++ if (h2->h_addrtype != from.ss_family) ++#else ++ if (h2->h_addrtype != from.sin_family) ++#endif + { +- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); ++ BIO_printf(bio_err,"gethostbyname addr address is not correct\n"); + return(0); + } + } +@@ -477,7 +585,7 @@ + char *h,*p; + + h=str; +- p=strchr(str,':'); ++ p=strrchr(str,':'); + if (p == NULL) + { + BIO_printf(bio_err,"no port defined\n"); +@@ -485,7 +593,7 @@ + } + *(p++)='\0'; + +- if ((ip != NULL) && !host_ip(str,ip)) ++ if ((ip != NULL) && !host_ip(str,ip,AF_INET)) + goto err; + if (host_ptr != NULL) *host_ptr=h; + +@@ -496,48 +604,58 @@ + return(0); + } + +-static int host_ip(char *str, unsigned char ip[4]) ++static int host_ip(char *str, unsigned char *ip, int domain) + { +- unsigned int in[4]; ++ unsigned int in[4]; ++ unsigned long l; + int i; + +- if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4) ++ if ((domain == AF_INET) && ++ (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)) + { ++ + for (i=0; i<4; i++) + if (in[i] > 255) + { + BIO_printf(bio_err,"invalid IP address\n"); + goto err; + } +- ip[0]=in[0]; +- ip[1]=in[1]; +- ip[2]=in[2]; +- ip[3]=in[3]; +- } ++ l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]); ++ memcpy(ip, &l, 4); ++ return 1; ++ } ++#if OPENSSL_USE_IPV6 ++ else if ((domain == AF_INET6) && ++ (inet_pton(AF_INET6, str, ip) == 1)) ++ return 1; ++#endif + else + { /* do a gethostbyname */ + struct hostent *he; + + if (!ssl_sock_init()) return(0); + +- he=GetHostByName(str); ++ he=GetHostByName(str,domain); + if (he == NULL) + { + BIO_printf(bio_err,"gethostbyname failure\n"); + goto err; + } + /* cast to short because of win16 winsock definition */ +- if ((short)he->h_addrtype != AF_INET) ++ if ((short)he->h_addrtype != domain) + { +- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); ++ BIO_printf(bio_err,"gethostbyname addr family is not correct\n"); + return(0); + } +- ip[0]=he->h_addr_list[0][0]; +- ip[1]=he->h_addr_list[0][1]; +- ip[2]=he->h_addr_list[0][2]; +- ip[3]=he->h_addr_list[0][3]; ++ if (domain == AF_INET) ++ memset(ip, 0, 4); ++#if OPENSSL_USE_IPV6 ++ else ++ memset(ip, 0, 16); ++#endif ++ memcpy(ip, he->h_addr_list[0], he->h_length); ++ return 1; + } +- return(1); + err: + return(0); + } +@@ -574,7 +692,7 @@ + static unsigned long ghbn_hits=0L; + static unsigned long ghbn_miss=0L; + +-static struct hostent *GetHostByName(char *name) ++static struct hostent *GetHostByName(char *name, int domain) + { + struct hostent *ret; + int i,lowi=0; +@@ -589,14 +707,20 @@ + } + if (ghbn_cache[i].order > 0) + { +- if (strncmp(name,ghbn_cache[i].name,128) == 0) ++ if ((strncmp(name,ghbn_cache[i].name,128) == 0) && ++ (ghbn_cache[i].ent.h_addrtype == domain)) + break; + } + } + if (i == GHBN_NUM) /* no hit*/ + { + ghbn_miss++; +- ret=gethostbyname(name); ++ if (domain == AF_INET) ++ ret=gethostbyname(name); ++#if OPENSSL_USE_IPV6 ++ else ++ ret=gethostbyname2(name, AF_INET6); ++#endif + if (ret == NULL) return(NULL); + /* else add to cache */ + if(strlen(name) < sizeof ghbn_cache[0].name) diff --git a/openssl/openssl.mk b/openssl/openssl.mk @@ -0,0 +1,68 @@ +TARG = openssl +LIB = libssl.a +DEPS= zlib +# TODO: add perl, patch to DEPS + +<$mkbuild/mk.common-noinst + +openssl:QV: + # apply patches + patch -p1 < ../openssl-1.0.0a-ldflags.patch #327421 + patch -p1 < ../openssl-1.0.0d-windres.patch #373743 + patch -p1 < ../openssl-1.0.0h-pkg-config.patch + patch -p1 < ../openssl-1.0.1-parallel-build.patch + patch -p1 < ../openssl-1.0.1-x32.patch + patch -p0 < ../openssl-1.0.1e-ipv6.patch + # disable fips in the build + # make sure the man pages are suffixed #302165 + # don't bother building man pages if they're disabled + sed -i \ + -e '/DIRS/s: fips : :g' \ + -e '/^MANSUFFIX/s:=.*:=ssl:' \ + -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ + -e '/^MANDIR=/s:=.*:=/share/man:' \ + Makefile.org \ + || die + # show the actual commands in the log + sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared + # + sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906 + #./config --test-sanity || die "I AM NOT SANE" + # + sed -i 's/-DTERMIO/-DTERMIOS/g' Configure + sed -i 's/defined(linux)/0/' crypto/ui/ui_openssl.c + # + # this is asm generated by perl (asm/cast-586.pl) which will cause textrel's that + # will require musl's dynlinker to mprotect(PROT_EXEC), which is not allowed by grsec. + sed -i 's@cast-586.o:@c_enc.o:@' Configure + # + export CFLAGS="-fPIC -Wa,--noexecstack -fno-strict-aliasing -D_GNU_SOURCE -Wl,-Bsymbolic \ + $optcflags $DEPS_CFLAGS" + export LDFLAGS="$optldflags $DEPS_LDFLAGS" + # + #disable_asm= + disable_asm=no-asm + # + ./config --prefix="$prefix" --openssldir="$prefix"/etc/ssl \ + --libdir="$prefix"/lib no-dso $disable_asm zlib enable-md2 $CFLAGS + # Clean out hardcoded flags that openssl uses + local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ + -e 's:^CFLAG=::' \ + -e 's:-fomit-frame-pointer ::g' \ + -e 's:-O[0-9] ::g' \ + -e 's:-march=[-a-z0-9]* ::g' \ + -e 's:-mcpu=[-a-z0-9]* ::g' \ + -e 's:-m[a-z0-9]* ::g' \ + ) + for mak in Makefile ; do + # for mak in Makefile crypto/cast/Makefile ; do + sed -i \ + -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS} ${INCLUDES}|" \ + -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ + "$mak" || die + done + # second part of our cast-586 fix: CFLAGS need to be picked up by the makefile. + sed -i 's@CFLAG=-g@CFLAG=${CFLAG} ${CFLAGS}@' crypto/cast/Makefile + #sed -i 's@#include "e_os.h"@#define CAST_LONG unsigned@' crypto/cast/cast_lcl.h + make -j$nprocs depend + make -j$nprocs build_libs diff --git a/openssl/v.mk b/openssl/v.mk @@ -0,0 +1 @@ +v = 1.0.1g