Hi
openssl security advisory: http://www.openssl.org/news/secadv_20090325.txt
also update shorewall to the latest stable version
greets
Index: patches/120-makedepend.patch
===================================================================
--- patches/120-makedepend.patch (Revision 15047)
+++ patches/120-makedepend.patch (Arbeitskopie)
@@ -1,7 +1,6 @@
-Index: openssl-0.9.8e/util/domd
-===================================================================
---- openssl-0.9.8e.orig/util/domd 2007-06-04 13:23:32.130849264 +0200
-+++ openssl-0.9.8e/util/domd 2007-06-04 13:23:32.408807008 +0200
+diff -burN openssl-0.9.8k/util/domd openssl-0.9.8k.patched/util/domd
+--- openssl-0.9.8k/util/domd 2009-01-21 22:44:52.000000000 +0100
++++ openssl-0.9.8k.patched/util/domd 2009-03-26 15:46:28.600347986 +0100
@@ -14,7 +14,8 @@
cp Makefile Makefile.save
# fake the presence of Kerberos
@@ -16,7 +15,7 @@
done
sed -e '/^# DO NOT DELETE.*/,$d' < Makefile > Makefile.tmp
echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
-- gcc -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp
+- ${CC:-gcc} -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp
+ ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp
${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new
rm -f Makefile.tmp
Index: patches/160-disable_doc_tests.patch
===================================================================
--- patches/160-disable_doc_tests.patch (Revision 15047)
+++ patches/160-disable_doc_tests.patch (Arbeitskopie)
@@ -1,12 +1,12 @@
-diff -burN openssl-0.9.8j/Makefile openssl-0.9.8j.patched/Makefile
---- openssl-0.9.8j/Makefile 2009-01-07 12:57:01.000000000 +0100
-+++ openssl-0.9.8j.patched/Makefile 2009-01-17 14:16:50.279667198 +0100
+diff -burN openssl-0.9.8k/Makefile openssl-0.9.8k.patched/Makefile
+--- openssl-0.9.8k/Makefile 2009-03-25 14:11:43.000000000 +0100
++++ openssl-0.9.8k.patched/Makefile 2009-03-26 15:28:35.483566078 +0100
@@ -133,7 +133,7 @@
BASEADDR=0xFB00000
--DIRS= crypto fips ssl engines apps test tools
-+DIRS= crypto fips ssl engines apps tools
+-DIRS= crypto ssl engines apps test tools
++DIRS= crypto ssl engines apps tools
SHLIBDIRS= crypto ssl
# dirs in crypto to build
@@ -15,7 +15,7 @@
# tests to perform. "alltests" is a special word indicating that all tests
# should be performed.
-TESTS = alltests
-+TESTS =
++TESTS =
MAKEFILE= Makefile
@@ -37,7 +37,7 @@
build_libs: build_crypto build_fips build_ssl build_shared build_engines
-@@ -610,7 +610,7 @@
+@@ -613,7 +613,7 @@
dist_pem_h:
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
@@ -46,10 +46,10 @@
install_sw:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
-diff -burN openssl-0.9.8j/Makefile.org openssl-0.9.8j.patched/Makefile.org
---- openssl-0.9.8j/Makefile.org 2008-12-30 14:26:26.000000000 +0100
-+++ openssl-0.9.8j.patched/Makefile.org 2009-01-17 14:14:18.874409981 +0100
-@@ -608,7 +608,7 @@
+diff -burN openssl-0.9.8k/Makefile.org openssl-0.9.8k.patched/Makefile.org
+--- openssl-0.9.8k/Makefile.org 2009-03-03 23:40:29.000000000 +0100
++++ openssl-0.9.8k.patched/Makefile.org 2009-03-26 15:29:05.243750064 +0100
+@@ -611,7 +611,7 @@
dist_pem_h:
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
Index: patches/200-ocf-20080917.patch
===================================================================
--- patches/200-ocf-20080917.patch (Revision 15047)
+++ patches/200-ocf-20080917.patch (Arbeitskopie)
@@ -1,319 +1,6 @@
---- a/Configure
-+++ b/Configure
-@@ -34,6 +34,8 @@ my $usage="Usage: Configure [no-<cipher>
- # (Default: KRB5_DIR/include)
- # --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently
- # supported values are "MIT" and "Heimdal". A value is required.
-+# --with-cryptodev Force support for cryptodev (ie., ocf-linux)
-+# --with-cryptodev-digests Force support for cryptodev digests (generally slow)
- #
- # --test-sanity Make a number of sanity checks on the data in this file.
- # This is a debugging tool for OpenSSL developers.
-@@ -540,6 +542,9 @@ my %table=(
- ##### Compaq Non-Stop Kernel (Tandem)
- "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
-
-+# uClinux
-+"uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG::::::::::::\$(LIBSSL_dlfcn):linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}",
-+
- );
-
- my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
-@@ -589,6 +594,8 @@ my $montasm=1; # but "no-montasm" is d
- my $no_asm=0;
- my $no_dso=0;
- my $no_gmp=0;
-+my $have_cryptodev=0;
-+my $use_cryptodev_digests=0;
- my @skip=();
- my $Makefile="Makefile";
- my $des_locl="crypto/des/des_locl.h";
-@@ -716,6 +723,14 @@ PROCESS_ARGS:
- {
- exit(&test_sanity());
- }
-+ elsif (/^--with-cryptodev$/)
-+ {
-+ $have_cryptodev = 1;
-+ }
-+ elsif (/^--with-cryptodev-digests$/)
-+ {
-+ $use_cryptodev_digests = 1;
-+ }
- elsif (/^reconfigure/ || /^reconf/)
- {
- if (open(IN,"<$Makefile"))
-@@ -924,6 +939,7 @@ foreach (sort (keys %disabled))
- print " OPENSSL_NO_$ALGO";
-
- if (/^err$/) { $flags .= "-DOPENSSL_NO_ERR "; }
-+ elsif (/^hw$/) { $flags .= "-DOPENSSL_NO_HW "; }
- elsif (/^asm$/) { $no_asm = 1; }
- }
- else
-@@ -1064,6 +1080,16 @@ if (!$no_krb5)
- $withargs{"krb5-dir"} ne "";
- }
-
-+# enable the linux cryptodev (ocf-linux) support
-+if ($have_cryptodev)
-+ {
-+ if ($use_cryptodev_digests)
-+ {
-+ $cflags = "-DUSE_CRYPTODEV_DIGESTS $cflags";
-+ }
-+ $cflags = "-DHAVE_CRYPTODEV $cflags";
-+ }
-+
- # The DSO code currently always implements all functions so that no
- # applications will have to worry about that from a compilation point
- # of view. However, the "method"s may return zero unless that platform
---- a/INSTALL
-+++ b/INSTALL
-@@ -103,6 +103,12 @@
- define preprocessor symbols, specify additional libraries,
- library directories or other compiler options.
-
-+ --with-cryptodev Enabled the BSD cryptodev engine even if we are not using
-+ BSD. Useful if you are running ocf-linux or something
-+ similar. Once enabled you can also enable the use of
-+ cryptodev digests, with is usually slower unless you have
-+ large amounts data. Use --with-cryptodev-digests to force
-+ it.
-
- Installation in Detail
- ----------------------
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -367,7 +367,7 @@ files:
-
- links:
- @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
-- @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
-+ @$(PERL) $(TOP)/util/mklink.pl include/openssl $(HEADER) $(EXHEADER)
- @set -e; target=links; $(RECURSIVE_BUILD_CMD)
-
- gentests:
---- a/Makefile.shared
-+++ b/Makefile.shared
-@@ -6,13 +6,13 @@
- # properly
-
- # CC contains the current compiler. This one MUST be defined
--CC=cc
--CFLAGS=$(CFLAG)
-+CC?=cc
-+CFLAGS?=$(CFLAG)
- # LDFLAGS contains flags to be used when temporary object files (when building
- # shared libraries) are created, or when an application is linked.
- # SHARED_LDFLAGS contains flags to be used when the shared library is created.
--LDFLAGS=
--SHARED_LDFLAGS=
-+LDFLAGS?=
-+SHARED_LDFLAGS?=
-
- # LIBNAME contains just the name of the library, without prefix ("lib"
- # on Unix, "cyg" for certain forms under Cygwin...) or suffix (.a, .so,
---- a/config
-+++ b/config
-@@ -48,10 +48,10 @@ done
-
- # First get uname entries that we use below
-
--MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
--RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
--SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown"
--VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
-+[ "$MACHINE" ] || MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
-+[ "$RELEASE" ] || RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
-+[ "$SYSTEM" ] || SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown"
-+[ "$VERSION" ] || VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
-
-
- # Now test for ISC and SCO, since it is has a braindamaged uname.
-@@ -270,7 +270,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${
- echo "ppc-apple-darwin${VERSION}"
- ;;
- *)
-- echo "i386-apple-darwin${VERSION}"
-+ echo "${MACHINE}-apple-darwin${VERSION}"
- ;;
- esac
- exit 0
-@@ -401,9 +401,9 @@ exit 0
-
- # figure out if gcc is available and if so we use it otherwise
- # we fallback to whatever cc does on the system
--GCCVER=`(gcc -dumpversion) 2>/dev/null`
-+CC="${CC:-gcc}"
-+GCCVER=`(${CC} -dumpversion) 2>/dev/null`
- if [ "$GCCVER" != "" ]; then
-- CC=gcc
- # then strip off whatever prefix egcs prepends the number with...
- # Hopefully, this will work for any future prefixes as well.
- GCCVER=`echo $GCCVER | LC_ALL=C sed 's/^[a-zA-Z]*\-//'`
-@@ -413,7 +413,7 @@ if [ "$GCCVER" != "" ]; then
- # peak single digit before and after first dot, e.g. 2.95.1 gives 29
- GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
- else
-- CC=cc
-+ CC="${CC:-cc}"
- fi
- GCCVER=${GCCVER:-0}
- if [ "$SYSTEM" = "HP-UX" ];then
-@@ -482,6 +482,9 @@ echo Operating system: $GUESSOS
- # script above so we end up with values in vars but that would take
- # more time that I want to waste at the moment
- case "$GUESSOS" in
-+ uClinux*)
-+ OUT=uClinux-dist
-+ ;;
- mips2-sgi-irix)
- CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
- CPU=${CPU:-0}
---- /dev/null
-+++ b/makefile-uclinuxdist
-@@ -0,0 +1,138 @@
-+#
-+# this makefile gets recursed through by various bits of the build
-+# so we need to only setup some things when invoked from outside
-+# this directory.
-+#
-+# [email protected]
-+#
-+
-+IN_LIBSSL := true
-+export IN_LIBSSL
-+
-+CONFIG_OPTS := --prefix=// --install_prefix=$(shell pwd)/build/install
-+
-+ifdef CONFIG_USER_FLATFSD_FLATFSD
-+CONFIG_OPTS += --openssldir=/etc/config
-+else
-+CONFIG_OPTS += --openssldir=/etc
-+endif
-+ifdef DISABLE_SHARED_SSL
-+CONFIG_OPTS += no-shared
-+else
-+CONFIG_OPTS += shared
-+endif
-+
-+CONFIG_OPTS += no-rc2
-+CONFIG_OPTS += no-krb5
-+CONFIG_OPTS += no-rc5
-+CONFIG_OPTS += no-md2
-+CONFIG_OPTS += no-idea
-+#CONFIG_OPTS += no-pem
-+#CONFIG_OPTS += no-md5
-+#CONFIG_OPTS += no-sha
-+#CONFIG_OPTS += no-hmac
-+#CONFIG_OPTS += no-des
-+#CONFIG_OPTS += no-aes
-+#CONFIG_OPTS += no-bn
-+CONFIG_OPTS += no-ec
-+#CONFIG_OPTS += no-rsa
-+#CONFIG_OPTS += no-dsa
-+CONFIG_OPTS += no-ecdsa
-+#CONFIG_OPTS += no-dh
-+CONFIG_OPTS += no-ecdh
-+CONFIG_OPTS += no-dso
-+#CONFIG_OPTS += no-engine
-+#CONFIG_OPTS += no-buffer
-+#CONFIG_OPTS += no-bio
-+#CONFIG_OPTS += no-stack
-+#CONFIG_OPTS += no-lhash
-+#CONFIG_OPTS += no-rand
-+CONFIG_OPTS += no-err
-+#CONFIG_OPTS += no-evp
-+#CONFIG_OPTS += no-asn1
-+#CONFIG_OPTS += no-x509
-+#CONFIG_OPTS += no-x509v3
-+#CONFIG_OPTS += no-txt_db
-+#CONFIG_OPTS += no-pkcs7
-+#CONFIG_OPTS += no-pkcs12
-+#CONFIG_OPTS += no-comp
-+#CONFIG_OPTS += no-ocsp
-+#CONFIG_OPTS += no-ui
-+#CONFIG_OPTS += no-store
-+CONFIG_OPTS += no-pqueue
-+
-+# REVISIT: It would be better to have OPENSSL config options
-+# which turn on this support as needed
-+ifeq ($(CONFIG_USER_NESSUS_NASL)$(CONFIG_USER_SSH_SSH),)
-+CONFIG_OPTS += no-ripemd
-+CONFIG_OPTS += no-cast
-+CONFIG_OPTS += no-rc4
-+endif
-+
-+ifeq ($(CONFIG_USER_NESSUS_NASL)$(CONFIG_USER_SSH_SSH)$(CONFIG_PROP_SSCEP_SSCEP),)
-+CONFIG_OPTS += no-bf
-+endif
-+
-+ifeq ($(CONFIG_USER_OPENVPN_OPENVPN)$(CONFIG_USER_WGET),)
-+CONFIG_OPTS += no-md4
-+endif
-+
-+ifdef CONFIG_OCF_OCF
-+CONFIG_OPTS += --with-cryptodev
-+#CONFIG_OPTS += --with-cryptodev-digests
-+endif
-+
-+#
-+# if you want engines (they are dl loaded), a few things
-+# need to be setup, you will also need to mod everything
-+# to link against -ldl if it uses libcrypto. By default we
-+# disable it (cryptodev suport is still included).
-+#
-+ifdef YOU_WANT_DYNAMIC_HW_ENGINES_ENABLED
-+LIBSSL_dlfcn = dlfcn
-+else
-+CONFIG_OPTS += no-hw
-+LIBSSL_dlfcn =
-+endif
-+
-+#
-+# our libs aren't in the default location yet
-+#
-+LDFLAGS += -L$(ROOTDIR)/lib/libssl/build
-+export LDFLAGS
-+
-+all: build/configured
-+ $(MAKE) -C build
-+ $(MAKE) -C build install_sw
-+
-+build/configured: makefile config Configure
-+ rm -rf build
-+ find . -type d > .dirs
-+ find . ! -type d | grep -v ./makefile > .files
-+ while read t; do mkdir -p build/$$t; done < .dirs
-+ while read t; do ln -s `pwd`/$$t build/$$t; done < .files
-+ rm -f .dirs .files
-+ chmod +x build/config
-+ cd build; MACHINE=uClinux-dist ./config $(CONFIG_OPTS)
-+ $(MAKE) -C build depend
-+ $(MAKE) -C build links
-+ touch build/configured
-+
-+clean:
-+ -rm -rf build
-+
-+romfs:
-+ cd build/install/lib; \
-+ for i in *.so*; do \
-+ if [ -L $$i ]; then \
-+ $(ROMFSINST) -s `find $$i -printf %l` /lib/$$i; \
-+ elif [ -f $$i ]; then \
-+ $(ROMFSINST) /lib/$$i; \
-+ fi; \
-+ done
-+
-+romfs_user:
-+ $(ROMFSINST) -e CONFIG_USER_OPENSSL_APPS build/install/bin/openssl /bin/openssl
-+ # $(ROMFSINST) -e CONFIG_USER_OPENSSL_APPS build/install/bin/c_rehash /bin/c_rehash
-+
-+
---- a/apps/apps.h
-+++ b/apps/apps.h
+diff -burN openssl-0.9.8k/apps/apps.h openssl-0.9.8k.patched/apps/apps.h
+--- openssl-0.9.8k/apps/apps.h 2008-11-24 17:14:13.000000000 +0100
++++ openssl-0.9.8k.patched/apps/apps.h 2009-03-26 15:07:01.540321920 +0100
@@ -112,7 +112,7 @@
#ifndef HEADER_APPS_H
#define HEADER_APPS_H
@@ -323,9 +10,10 @@
#include <openssl/bio.h>
#include <openssl/x509.h>
---- a/apps/progs.h
-+++ b/apps/progs.h
-@@ -129,7 +129,9 @@ FUNCTION functions[] = {
+diff -burN openssl-0.9.8k/apps/progs.h openssl-0.9.8k.patched/apps/progs.h
+--- openssl-0.9.8k/apps/progs.h 2008-04-04 01:03:41.000000000 +0200
++++ openssl-0.9.8k.patched/apps/progs.h 2009-03-26 15:07:01.565351365 +0100
+@@ -129,7 +129,9 @@
#ifndef OPENSSL_NO_ENGINE
{FUNC_TYPE_GENERAL,"engine",engine_main},
#endif
@@ -335,9 +23,10 @@
{FUNC_TYPE_GENERAL,"prime",prime_main},
#ifndef OPENSSL_NO_MD2
{FUNC_TYPE_MD,"md2",dgst_main},
---- a/apps/speed.c
-+++ b/apps/speed.c
-@@ -292,7 +292,7 @@ static const char *names[ALGOR_NUM]={
+diff -burN openssl-0.9.8k/apps/speed.c openssl-0.9.8k.patched/apps/speed.c
+--- openssl-0.9.8k/apps/speed.c 2009-01-07 11:48:22.000000000 +0100
++++ openssl-0.9.8k.patched/apps/speed.c 2009-03-26 15:07:01.596981371 +0100
+@@ -292,7 +292,7 @@
"evp","sha256","sha512",
"aes-128 ige","aes-192 ige","aes-256 ige"};
static double results[ALGOR_NUM][SIZE_NUM];
@@ -346,7 +35,7 @@
static double rsa_results[RSA_NUM][2];
static double dsa_results[DSA_NUM][2];
#ifndef OPENSSL_NO_ECDSA
-@@ -328,6 +328,79 @@ static SIGRETTYPE sig_done(int sig)
+@@ -328,6 +328,79 @@
#define START 0
#define STOP 1
@@ -426,7 +115,7 @@
#if defined(OPENSSL_SYS_NETWARE)
/* for NetWare the best we can do is use clock() which returns the
-@@ -358,6 +431,11 @@ static double Time_F(int s)
+@@ -358,6 +431,11 @@
{
double ret;
@@ -438,7 +127,7 @@
#ifdef USE_TOD
if(usertime)
{
-@@ -832,6 +910,14 @@ int MAIN(int argc, char **argv)
+@@ -832,6 +910,14 @@
j--; /* Otherwise, -elapsed gets confused with
an algorithm. */
}
@@ -453,7 +142,7 @@
else if ((argc > 0) && (strcmp(*argv,"-evp") == 0))
{
argc--;
-@@ -1260,6 +1346,9 @@ int MAIN(int argc, char **argv)
+@@ -1260,6 +1346,9 @@
#ifdef HAVE_FORK
BIO_printf(bio_err,"-multi n run n benchmarks in parallel.\n");
#endif
@@ -463,7 +152,7 @@
goto end;
}
argc--;
-@@ -1267,11 +1356,6 @@ int MAIN(int argc, char **argv)
+@@ -1267,11 +1356,6 @@
j++;
}
@@ -475,7 +164,7 @@
if (j == 0)
{
for (i=0; i<ALGOR_NUM; i++)
-@@ -1604,6 +1688,11 @@ int MAIN(int argc, char **argv)
+@@ -1604,6 +1688,11 @@
signal(SIGALRM,sig_done);
#endif /* SIGALRM */
@@ -487,7 +176,7 @@
#ifndef OPENSSL_NO_MD2
if (doit[D_MD2])
{
-@@ -2033,8 +2122,6 @@ int MAIN(int argc, char **argv)
+@@ -2033,8 +2122,6 @@
/* -O3 -fschedule-insns messes up an
* optimization here! names[D_EVP]
* somehow becomes NULL */
@@ -496,7 +185,7 @@
EVP_CIPHER_CTX_init(&ctx);
if(decrypt)
-@@ -2043,6 +2130,9 @@ int MAIN(int argc, char **argv)
+@@ -2043,6 +2130,9 @@
EVP_EncryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
EVP_CIPHER_CTX_set_padding(&ctx, 0);
@@ -506,7 +195,7 @@
Time_F(START);
if(decrypt)
for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
-@@ -2107,6 +2197,8 @@ int MAIN(int argc, char **argv)
+@@ -2107,6 +2197,8 @@
}
}
d=Time_F(STOP);
@@ -515,7 +204,7 @@
BIO_printf(bio_err,mr ? "+R1:%ld:%d:%.2f\n"
: "%ld %d bit private RSA's in %.2fs\n",
count,rsa_bits[j],d);
-@@ -2142,6 +2234,8 @@ int MAIN(int argc, char **argv)
+@@ -2142,6 +2234,8 @@
}
}
d=Time_F(STOP);
@@ -524,7 +213,7 @@
BIO_printf(bio_err,mr ? "+R2:%ld:%d:%.2f\n"
: "%ld %d bit public RSA's in %.2fs\n",
count,rsa_bits[j],d);
-@@ -2201,6 +2295,8 @@ int MAIN(int argc, char **argv)
+@@ -2201,6 +2295,8 @@
}
}
d=Time_F(STOP);
@@ -533,7 +222,7 @@
BIO_printf(bio_err,mr ? "+R3:%ld:%d:%.2f\n"
: "%ld %d bit DSA signs in %.2fs\n",
count,dsa_bits[j],d);
-@@ -2236,6 +2332,8 @@ int MAIN(int argc, char **argv)
+@@ -2236,6 +2332,8 @@
}
}
d=Time_F(STOP);
@@ -542,7 +231,7 @@
BIO_printf(bio_err,mr ? "+R4:%ld:%d:%.2f\n"
: "%ld %d bit DSA verify in %.2fs\n",
count,dsa_bits[j],d);
-@@ -2530,14 +2628,23 @@ show_res:
+@@ -2530,14 +2628,23 @@
fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n");
fprintf(stdout,"type ");
}
@@ -567,7 +256,7 @@
if(mr)
fprintf(stdout,"+F:%d:%s",k,names[k]);
else
-@@ -2548,6 +2655,8 @@ show_res:
+@@ -2548,6 +2655,8 @@
fprintf(stdout," %11.2fk",results[k][j]/1e3);
else
fprintf(stdout,mr ? ":%.2f" : " %11.2f ",results[k][j]);
@@ -576,19 +265,17 @@
}
fprintf(stdout,"\n");
}
-@@ -2562,13 +2671,18 @@ show_res:
+@@ -2562,13 +2671,18 @@
j=0;
}
if(mr)
- fprintf(stdout,"+F2:%u:%u:%f:%f\n",
- k,rsa_bits[k],rsa_results[k][0],
- rsa_results[k][1]);
-- else
++ fprintf(stdout,"+F2:%u:%u:%f", k,rsa_bits[k],rsa_results[k][0]);
+ else
- fprintf(stdout,"rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
- rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
-- 1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
-+ fprintf(stdout,"+F2:%u:%u:%f", k,rsa_bits[k],rsa_results[k][0]);
-+ else
+ fprintf(stdout,"rsa %4u bits %8.6fs",rsa_bits[k],rsa_results[k][0]);
+ if (do_cpu)
+ fprintf(stdout, mr ? "/%d": "/%%%-3d", rsa_cpu_usage[k][0]);
@@ -597,12 +284,12 @@
+ fprintf(stdout, mr ? "/%d": "/%%%-3d", rsa_cpu_usage[k][1]);
+ if(!mr)
+ fprintf(stdout, " %8.1f %8.1f",
-+ 1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
+ 1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
+ fprintf(stdout, "\n");
}
#endif
#ifndef OPENSSL_NO_DSA
-@@ -2582,12 +2696,18 @@ show_res:
+@@ -2582,12 +2696,18 @@
j=0;
}
if(mr)
@@ -612,7 +299,6 @@
else
- fprintf(stdout,"dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
- dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
-- 1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
+ fprintf(stdout,"dsa %4u bits %8.6fs",dsa_bits[k],dsa_results[k][0]);
+ if (do_cpu)
+ fprintf(stdout, mr ? "/%d": "/%%%-3d", dsa_cpu_usage[k][0]);
@@ -621,12 +307,12 @@
+ fprintf(stdout, mr ? "/%d": "/%%%-3d", dsa_cpu_usage[k][1]);
+ if(!mr)
+ fprintf(stdout, " %8.1f %8.1f",
-+ 1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
+ 1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
+ fprintf(stdout, "\n");
}
#endif
#ifndef OPENSSL_NO_ECDSA
-@@ -2712,8 +2832,10 @@ static void pkey_print_message(const cha
+@@ -2712,8 +2832,10 @@
static void print_result(int alg,int run_no,int count,double time_used)
{
@@ -639,7 +325,7 @@
results[alg][run_no]=((double)count)/time_used*lengths[run_no];
}
-@@ -2806,29 +2928,11 @@ static int do_multi(int multi)
+@@ -2808,29 +2930,11 @@
p=buf+3;
alg=atoi(sstrsep(&p,sep));
sstrsep(&p,sep);
@@ -672,7 +358,7 @@
}
else if(!strncmp(buf,"+F2:",4))
{
-@@ -2839,12 +2943,18 @@ static int do_multi(int multi)
+@@ -2841,12 +2945,18 @@
k=atoi(sstrsep(&p,sep));
sstrsep(&p,sep);
@@ -691,7 +377,7 @@
d=atof(sstrsep(&p,sep));
if(n)
rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
-@@ -2860,12 +2970,18 @@ static int do_multi(int multi)
+@@ -2862,12 +2972,18 @@
k=atoi(sstrsep(&p,sep));
sstrsep(&p,sep);
@@ -710,8 +396,138 @@
d=atof(sstrsep(&p,sep));
if(n)
dsa_results[k][1]=1/(1/dsa_results[k][1]+1/d);
---- a/crypto/cryptlib.h
-+++ b/crypto/cryptlib.h
+diff -burN openssl-0.9.8k/config openssl-0.9.8k.patched/config
+--- openssl-0.9.8k/config 2009-02-16 09:43:41.000000000 +0100
++++ openssl-0.9.8k.patched/config 2009-03-26 15:07:05.353647021 +0100
+@@ -48,10 +48,10 @@
+
+ # First get uname entries that we use below
+
+-MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
+-RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
+-SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown"
+-VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
++[ "$MACHINE" ] || MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
++[ "$RELEASE" ] || RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
++[ "$SYSTEM" ] || SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown"
++[ "$VERSION" ] || VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
+
+
+ # Now test for ISC and SCO, since it is has a braindamaged uname.
+@@ -270,7 +270,7 @@
+ echo "ppc-apple-darwin${VERSION}"
+ ;;
+ *)
+- echo "i386-apple-darwin${VERSION}"
++ echo "${MACHINE}-apple-darwin${VERSION}"
+ ;;
+ esac
+ exit 0
+@@ -399,7 +399,8 @@
+ # this is where the translation occurs into SSLeay terms
+ # ---------------------------------------------------------------------------
+
+-GCCVER=`(gcc -dumpversion) 2>/dev/null`
++CC="${CC:-gcc}"
++GCCVER=`(${CC} -dumpversion) 2>/dev/null`
+ if [ "$GCCVER" != "" ]; then
+ # then strip off whatever prefix egcs prepends the number with...
+ # Hopefully, this will work for any future prefixes as well.
+@@ -418,7 +419,7 @@
+ if [ "$GCCVER" != "" ]; then
+ CC=gcc
+ else
+- CC=cc
++ CC="${CC:-cc}"
+ fi
+ fi
+ GCCVER=${GCCVER:-0}
+@@ -487,7 +488,10 @@
+ # now map the output into SSLeay terms ... really should hack into the
+ # script above so we end up with values in vars but that would take
+ # more time that I want to waste at the moment
+-case "$GUESSOS" in
++ case "$GUESSOS" in
++ uClinux*)
++ OUT=uClinux-dist
++ ;;
+ mips2-sgi-irix)
+ CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+ CPU=${CPU:-0}
+diff -burN openssl-0.9.8k/Configure openssl-0.9.8k.patched/Configure
+--- openssl-0.9.8k/Configure 2009-02-16 09:44:22.000000000 +0100
++++ openssl-0.9.8k.patched/Configure 2009-03-26 15:07:01.446980695 +0100
+@@ -36,6 +36,8 @@
+ # (Default: KRB5_DIR/include)
+ # --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently
+ # supported values are "MIT" and "Heimdal". A value is required.
++# --with-cryptodev Force support for cryptodev (ie., ocf-linux)
++# --with-cryptodev-digests Force support for cryptodev digests (generally slow)
+ #
+ # --test-sanity Make a number of sanity checks on the data in this file.
+ # This is a debugging tool for OpenSSL developers.
+@@ -545,6 +547,9 @@
+ ##### Compaq Non-Stop Kernel (Tandem)
+ "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
+
++# uClinux
++"uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG::::::::::::\$(LIBSSL_dlfcn):linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}",
++
+ );
+
+ my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
+@@ -599,6 +604,8 @@
+ my $no_asm=0;
+ my $no_dso=0;
+ my $no_gmp=0;
++my $have_cryptodev=0;
++my $use_cryptodev_digests=0;
+ my @skip=();
+ my $Makefile="Makefile";
+ my $des_locl="crypto/des/des_locl.h";
+@@ -747,6 +754,14 @@
+ {
+ exit(&test_sanity());
+ }
++ elsif (/^--with-cryptodev$/)
++ {
++ $have_cryptodev = 1;
++ }
++ elsif (/^--with-cryptodev-digests$/)
++ {
++ $use_cryptodev_digests = 1;
++ }
+ elsif (/^reconfigure/ || /^reconf/)
+ {
+ if (open(IN,"<$Makefile"))
+@@ -1035,6 +1050,7 @@
+ print " OPENSSL_NO_$ALGO";
+
+ if (/^err$/) { $flags .= "-DOPENSSL_NO_ERR "; }
++ elsif (/^hw$/) { $flags .= "-DOPENSSL_NO_HW "; }
+ elsif (/^asm$/) { $no_asm = 1; }
+ }
+ else
+@@ -1159,6 +1175,16 @@
+ $withargs{"krb5-dir"} ne "";
+ }
+
++# enable the linux cryptodev (ocf-linux) support
++if ($have_cryptodev)
++ {
++ if ($use_cryptodev_digests)
++ {
++ $cflags = "-DUSE_CRYPTODEV_DIGESTS $cflags";
++ }
++ $cflags = "-DHAVE_CRYPTODEV $cflags";
++ }
++
+ # The DSO code currently always implements all functions so that no
+ # applications will have to worry about that from a compilation point
+ # of view. However, the "method"s may return zero unless that platform
+diff -burN openssl-0.9.8k/crypto/cryptlib.h openssl-0.9.8k.patched/crypto/cryptlib.h
+--- openssl-0.9.8k/crypto/cryptlib.h 2008-06-06 17:52:31.000000000 +0200
++++ openssl-0.9.8k.patched/crypto/cryptlib.h 2009-03-26 15:07:01.615406344 +0100
@@ -62,7 +62,7 @@
#include <stdlib.h>
#include <string.h>
@@ -721,9 +537,10 @@
#ifdef OPENSSL_USE_APPLINK
#define BIO_FLAGS_UPLINK 0x8000
---- a/crypto/engine/eng_all.c
-+++ b/crypto/engine/eng_all.c
-@@ -104,7 +104,7 @@ void ENGINE_load_builtin_engines(void)
+diff -burN openssl-0.9.8k/crypto/engine/eng_all.c openssl-0.9.8k.patched/crypto/engine/eng_all.c
+--- openssl-0.9.8k/crypto/engine/eng_all.c 2008-06-04 20:01:39.000000000 +0200
++++ openssl-0.9.8k.patched/crypto/engine/eng_all.c 2009-03-26 15:07:01.640472951 +0100
+@@ -104,7 +104,7 @@
#endif
#endif
#ifndef OPENSSL_NO_HW
@@ -732,7 +549,7 @@
ENGINE_load_cryptodev();
#endif
#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
-@@ -113,7 +113,7 @@ void ENGINE_load_builtin_engines(void)
+@@ -113,7 +113,7 @@
#endif
}
@@ -741,9 +558,10 @@
void ENGINE_setup_bsd_cryptodev(void) {
static int bsd_cryptodev_default_loaded = 0;
if (!bsd_cryptodev_default_loaded) {
---- a/crypto/engine/eng_cryptodev.c
-+++ b/crypto/engine/eng_cryptodev.c
-@@ -68,6 +68,16 @@ ENGINE_load_cryptodev(void)
+diff -burN openssl-0.9.8k/crypto/engine/eng_cryptodev.c openssl-0.9.8k.patched/crypto/engine/eng_cryptodev.c
+--- openssl-0.9.8k/crypto/engine/eng_cryptodev.c 2004-06-15 13:45:42.000000000 +0200
++++ openssl-0.9.8k.patched/crypto/engine/eng_cryptodev.c 2009-03-26 15:07:01.665498768 +0100
+@@ -68,6 +68,16 @@
struct dev_crypto_state {
struct session_op d_sess;
int d_fd;
@@ -760,7 +578,7 @@
};
static u_int32_t cryptodev_asymfeat = 0;
-@@ -75,9 +85,11 @@ static u_int32_t cryptodev_asymfeat = 0;
+@@ -75,9 +85,11 @@
static int get_asym_dev_crypto(void);
static int open_dev_crypto(void);
static int get_dev_crypto(void);
@@ -772,7 +590,7 @@
static int get_cryptodev_ciphers(const int **cnids);
static int get_cryptodev_digests(const int **cnids);
static int cryptodev_usable_ciphers(const int **nids);
-@@ -100,7 +112,7 @@ static int cryptodev_asym(struct crypt_k
+@@ -100,7 +112,7 @@
static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
@@ -781,7 +599,7 @@
static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-@@ -130,9 +142,12 @@ static struct {
+@@ -130,9 +142,12 @@
int ivmax;
int keylen;
} ciphers[] = {
@@ -794,7 +612,7 @@
{ CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
{ CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
{ CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
-@@ -142,14 +157,15 @@ static struct {
+@@ -142,14 +157,15 @@
static struct {
int id;
int nid;
@@ -817,7 +635,7 @@
};
/*
-@@ -176,10 +192,17 @@ open_dev_crypto(void)
+@@ -176,10 +192,17 @@
static int
get_dev_crypto(void)
{
@@ -825,11 +643,9 @@
+ static int fd = -1;
+ int retfd;
-- if ((fd = open_dev_crypto()) == -1)
-- return (-1);
+ if (fd == -1) {
-+ if ((fd = open_dev_crypto()) == -1)
-+ return (-1);
+ if ((fd = open_dev_crypto()) == -1)
+ return (-1);
+ if (fcntl(fd, F_SETFD, 1) == -1) {
+ close(fd);
+ return (-1);
@@ -838,7 +654,7 @@
if (ioctl(fd, CRIOGET, &retfd) == -1)
return (-1);
-@@ -202,6 +225,7 @@ get_asym_dev_crypto(void)
+@@ -202,6 +225,7 @@
return fd;
}
@@ -846,7 +662,7 @@
/*
* XXXX this needs to be set for each alg - and determined from
* a running card.
-@@ -245,6 +269,7 @@ cipher_nid_to_cryptodev(int nid)
+@@ -245,6 +269,7 @@
return (ciphers[i].id);
return (0);
}
@@ -854,7 +670,7 @@
/*
* Find out what ciphers /dev/crypto will let us have a session for.
-@@ -264,7 +289,7 @@ get_cryptodev_ciphers(const int **cnids)
+@@ -264,7 +289,7 @@
return (0);
}
memset(&sess, 0, sizeof(sess));
@@ -863,7 +679,7 @@
for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
if (ciphers[i].nid == NID_undef)
-@@ -303,10 +328,12 @@ get_cryptodev_digests(const int **cnids)
+@@ -303,10 +328,12 @@
return (0);
}
memset(&sess, 0, sizeof(sess));
@@ -876,7 +692,7 @@
sess.cipher = 0;
if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
-@@ -351,6 +378,9 @@ cryptodev_usable_ciphers(const int **nid
+@@ -351,6 +378,9 @@
static int
cryptodev_usable_digests(const int **nids)
{
@@ -886,7 +702,7 @@
/*
* XXXX just disable all digests for now, because it sucks.
* we need a better way to decide this - i.e. I may not
-@@ -365,6 +395,7 @@ cryptodev_usable_digests(const int **nid
+@@ -365,6 +395,7 @@
*/
*nids = NULL;
return (0);
@@ -894,16 +710,16 @@
}
static int
-@@ -427,16 +458,20 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx,
+@@ -427,16 +458,20 @@
{
struct dev_crypto_state *state = ctx->cipher_data;
struct session_op *sess = &state->d_sess;
- int cipher;
+-
+- if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
+- return (0);
+ int cipher, i;
-- if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
-- return (0);
--
- if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
- return (0);
+ for (i = 0; ciphers[i].id; i++)
@@ -922,7 +738,7 @@
memset(sess, 0, sizeof(struct session_op));
-@@ -496,6 +531,20 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
+@@ -496,6 +531,20 @@
* gets called when libcrypto requests a cipher NID.
*/
@@ -943,7 +759,7 @@
/* DES CBC EVP */
const EVP_CIPHER cryptodev_des_cbc = {
NID_des_cbc,
-@@ -563,6 +612,32 @@ const EVP_CIPHER cryptodev_aes_cbc = {
+@@ -563,6 +612,32 @@
NULL
};
@@ -976,7 +792,7 @@
/*
* Registered by the ENGINE when used to find out how to deal with
* a particular NID in the ENGINE. this says what we'll do at the
-@@ -576,6 +651,9 @@ cryptodev_engine_ciphers(ENGINE *e, cons
+@@ -576,6 +651,9 @@
return (cryptodev_usable_ciphers(nids));
switch (nid) {
@@ -986,7 +802,7 @@
case NID_des_ede3_cbc:
*cipher = &cryptodev_3des_cbc;
break;
-@@ -591,6 +669,12 @@ cryptodev_engine_ciphers(ENGINE *e, cons
+@@ -591,6 +669,12 @@
case NID_aes_128_cbc:
*cipher = &cryptodev_aes_cbc;
break;
@@ -999,7 +815,7 @@
default:
*cipher = NULL;
break;
-@@ -598,6 +682,234 @@ cryptodev_engine_ciphers(ENGINE *e, cons
+@@ -598,6 +682,234 @@
return (*cipher != NULL);
}
@@ -1234,7 +1050,7 @@
static int
cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
const int **nids, int nid)
-@@ -606,10 +918,15 @@ cryptodev_engine_digests(ENGINE *e, cons
+@@ -606,10 +918,15 @@
return (cryptodev_usable_digests(nids));
switch (nid) {
@@ -1242,16 +1058,16 @@
case NID_md5:
- *digest = NULL; /* need to make a clean md5 critter */
+ *digest = &cryptodev_md5;
- break;
++ break;
+ case NID_sha1:
+ *digest = &cryptodev_sha1;
-+ break;
+ break;
default:
+#endif /* USE_CRYPTODEV_DIGESTS */
*digest = NULL;
break;
}
-@@ -625,7 +942,7 @@ static int
+@@ -625,7 +942,7 @@
bn2crparam(const BIGNUM *a, struct crparam *crp)
{
int i, j, k;
@@ -1260,7 +1076,7 @@
u_char *b;
crp->crp_p = NULL;
-@@ -637,6 +954,7 @@ bn2crparam(const BIGNUM *a, struct crpar
+@@ -637,6 +954,7 @@
b = malloc(bytes);
if (b == NULL)
return (1);
@@ -1268,7 +1084,7 @@
crp->crp_p = b;
crp->crp_nbits = bits;
-@@ -681,7 +999,7 @@ zapparams(struct crypt_kop *kop)
+@@ -681,7 +999,7 @@
{
int i;
@@ -1277,7 +1093,7 @@
if (kop->crk_param[i].crp_p)
free(kop->crk_param[i].crp_p);
kop->crk_param[i].crp_p = NULL;
-@@ -756,12 +1074,10 @@ err:
+@@ -756,12 +1074,10 @@
}
static int
@@ -1292,9 +1108,10 @@
r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
BN_CTX_free(ctx);
return (r);
---- a/crypto/engine/engine.h
-+++ b/crypto/engine/engine.h
-@@ -703,7 +703,7 @@ typedef int (*dynamic_bind_engine)(ENGIN
+diff -burN openssl-0.9.8k/crypto/engine/engine.h openssl-0.9.8k.patched/crypto/engine/engine.h
+--- openssl-0.9.8k/crypto/engine/engine.h 2008-06-04 20:01:40.000000000 +0200
++++ openssl-0.9.8k.patched/crypto/engine/engine.h 2009-03-26 15:07:01.690528776 +0100
+@@ -703,7 +703,7 @@
* values. */
void *ENGINE_get_static_state(void);
@@ -1303,9 +1120,10 @@
void ENGINE_setup_bsd_cryptodev(void);
#endif
---- a/crypto/evp/c_all.c
-+++ b/crypto/evp/c_all.c
-@@ -83,7 +83,7 @@ void OPENSSL_add_all_algorithms_noconf(v
+diff -burN openssl-0.9.8k/crypto/evp/c_all.c openssl-0.9.8k.patched/crypto/evp/c_all.c
+--- openssl-0.9.8k/crypto/evp/c_all.c 2004-08-29 18:36:04.000000000 +0200
++++ openssl-0.9.8k.patched/crypto/evp/c_all.c 2009-03-26 15:07:01.715554872 +0100
+@@ -83,7 +83,7 @@
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
#ifndef OPENSSL_NO_ENGINE
@@ -1314,9 +1132,10 @@
ENGINE_setup_bsd_cryptodev();
# endif
#endif
---- a/crypto/evp/c_alld.c
-+++ b/crypto/evp/c_alld.c
-@@ -81,7 +81,7 @@ void OpenSSL_add_all_digests(void)
+diff -burN openssl-0.9.8k/crypto/evp/c_alld.c openssl-0.9.8k.patched/crypto/evp/c_alld.c
+--- openssl-0.9.8k/crypto/evp/c_alld.c 2005-04-30 23:51:40.000000000 +0200
++++ openssl-0.9.8k.patched/crypto/evp/c_alld.c 2009-03-26 15:07:01.740621755 +0100
+@@ -81,7 +81,7 @@
EVP_add_digest(EVP_dss());
#endif
#endif
@@ -1325,9 +1144,10 @@
EVP_add_digest(EVP_sha1());
EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
---- a/engines/Makefile
-+++ b/engines/Makefile
-@@ -96,6 +96,7 @@ install:
+diff -burN openssl-0.9.8k/engines/Makefile openssl-0.9.8k.patched/engines/Makefile
+--- openssl-0.9.8k/engines/Makefile 2008-09-17 19:11:07.000000000 +0200
++++ openssl-0.9.8k.patched/engines/Makefile 2009-03-26 15:07:01.765650365 +0100
+@@ -96,6 +96,7 @@
( echo installing $$l; \
if [ "$(PLATFORM)" != "Cygwin" ]; then \
case "$(CFLAGS)" in \
@@ -1335,22 +1155,214 @@
*DSO_DLFCN*) sfx="so";; \
*DSO_DL*) sfx="sl";; \
*) sfx="bad";; \
---- a/util/domd
-+++ b/util/domd
-@@ -23,13 +23,17 @@ if [ "$D" = "gcc" ]; then
+diff -burN openssl-0.9.8k/INSTALL openssl-0.9.8k.patched/INSTALL
+--- openssl-0.9.8k/INSTALL 2008-04-07 08:35:41.000000000 +0200
++++ openssl-0.9.8k.patched/INSTALL 2009-03-26 15:07:01.446980695 +0100
+@@ -103,6 +103,12 @@
+ define preprocessor symbols, specify additional libraries,
+ library directories or other compiler options.
+
++ --with-cryptodev Enabled the BSD cryptodev engine even if we are not using
++ BSD. Useful if you are running ocf-linux or something
++ similar. Once enabled you can also enable the use of
++ cryptodev digests, with is usually slower unless you have
++ large amounts data. Use --with-cryptodev-digests to force
++ it.
+
+ Installation in Detail
+ ----------------------
+diff -burN openssl-0.9.8k/Makefile.org openssl-0.9.8k.patched/Makefile.org
+--- openssl-0.9.8k/Makefile.org 2009-03-03 23:40:29.000000000 +0100
++++ openssl-0.9.8k.patched/Makefile.org 2009-03-26 15:07:01.463653490 +0100
+@@ -502,7 +502,7 @@
+
+ links:
+ @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
+- @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
++ @$(PERL) $(TOP)/util/mklink.pl include/openssl $(HEADER) $(EXHEADER)
+ @set -e; target=links; $(RECURSIVE_BUILD_CMD)
+ @if [ -z "$(FIPSCANLIB)" ]; then \
+ set -e; target=links; dir=fips ; $(BUILD_CMD) ; \
+diff -burN openssl-0.9.8k/Makefile.shared openssl-0.9.8k.patched/Makefile.shared
+--- openssl-0.9.8k/Makefile.shared 2008-09-17 17:56:40.000000000 +0200
++++ openssl-0.9.8k.patched/Makefile.shared 2009-03-26 15:07:01.490313871 +0100
+@@ -6,13 +6,13 @@
+ # properly
+
+ # CC contains the current compiler. This one MUST be defined
+-CC=cc
+-CFLAGS=$(CFLAG)
++CC?=cc
++CFLAGS?=$(CFLAG)
+ # LDFLAGS contains flags to be used when temporary object files (when building
+ # shared libraries) are created, or when an application is linked.
+ # SHARED_LDFLAGS contains flags to be used when the shared library is created.
+-LDFLAGS=
+-SHARED_LDFLAGS=
++LDFLAGS?=
++SHARED_LDFLAGS?=
+
+ # LIBNAME contains just the name of the library, without prefix ("lib"
+ # on Unix, "cyg" for certain forms under Cygwin...) or suffix (.a, .so,
+diff -burN openssl-0.9.8k/makefile-uclinuxdist openssl-0.9.8k.patched/makefile-uclinuxdist
+--- openssl-0.9.8k/makefile-uclinuxdist 1970-01-01 01:00:00.000000000 +0100
++++ openssl-0.9.8k.patched/makefile-uclinuxdist 2009-03-26 15:07:01.515256714 +0100
+@@ -0,0 +1,138 @@
++#
++# this makefile gets recursed through by various bits of the build
++# so we need to only setup some things when invoked from outside
++# this directory.
++#
++# [email protected]
++#
++
++IN_LIBSSL := true
++export IN_LIBSSL
++
++CONFIG_OPTS := --prefix=// --install_prefix=$(shell pwd)/build/install
++
++ifdef CONFIG_USER_FLATFSD_FLATFSD
++CONFIG_OPTS += --openssldir=/etc/config
++else
++CONFIG_OPTS += --openssldir=/etc
++endif
++ifdef DISABLE_SHARED_SSL
++CONFIG_OPTS += no-shared
++else
++CONFIG_OPTS += shared
++endif
++
++CONFIG_OPTS += no-rc2
++CONFIG_OPTS += no-krb5
++CONFIG_OPTS += no-rc5
++CONFIG_OPTS += no-md2
++CONFIG_OPTS += no-idea
++#CONFIG_OPTS += no-pem
++#CONFIG_OPTS += no-md5
++#CONFIG_OPTS += no-sha
++#CONFIG_OPTS += no-hmac
++#CONFIG_OPTS += no-des
++#CONFIG_OPTS += no-aes
++#CONFIG_OPTS += no-bn
++CONFIG_OPTS += no-ec
++#CONFIG_OPTS += no-rsa
++#CONFIG_OPTS += no-dsa
++CONFIG_OPTS += no-ecdsa
++#CONFIG_OPTS += no-dh
++CONFIG_OPTS += no-ecdh
++CONFIG_OPTS += no-dso
++#CONFIG_OPTS += no-engine
++#CONFIG_OPTS += no-buffer
++#CONFIG_OPTS += no-bio
++#CONFIG_OPTS += no-stack
++#CONFIG_OPTS += no-lhash
++#CONFIG_OPTS += no-rand
++CONFIG_OPTS += no-err
++#CONFIG_OPTS += no-evp
++#CONFIG_OPTS += no-asn1
++#CONFIG_OPTS += no-x509
++#CONFIG_OPTS += no-x509v3
++#CONFIG_OPTS += no-txt_db
++#CONFIG_OPTS += no-pkcs7
++#CONFIG_OPTS += no-pkcs12
++#CONFIG_OPTS += no-comp
++#CONFIG_OPTS += no-ocsp
++#CONFIG_OPTS += no-ui
++#CONFIG_OPTS += no-store
++CONFIG_OPTS += no-pqueue
++
++# REVISIT: It would be better to have OPENSSL config options
++# which turn on this support as needed
++ifeq ($(CONFIG_USER_NESSUS_NASL)$(CONFIG_USER_SSH_SSH),)
++CONFIG_OPTS += no-ripemd
++CONFIG_OPTS += no-cast
++CONFIG_OPTS += no-rc4
++endif
++
++ifeq ($(CONFIG_USER_NESSUS_NASL)$(CONFIG_USER_SSH_SSH)$(CONFIG_PROP_SSCEP_SSCEP),)
++CONFIG_OPTS += no-bf
++endif
++
++ifeq ($(CONFIG_USER_OPENVPN_OPENVPN)$(CONFIG_USER_WGET),)
++CONFIG_OPTS += no-md4
++endif
++
++ifdef CONFIG_OCF_OCF
++CONFIG_OPTS += --with-cryptodev
++#CONFIG_OPTS += --with-cryptodev-digests
++endif
++
++#
++# if you want engines (they are dl loaded), a few things
++# need to be setup, you will also need to mod everything
++# to link against -ldl if it uses libcrypto. By default we
++# disable it (cryptodev suport is still included).
++#
++ifdef YOU_WANT_DYNAMIC_HW_ENGINES_ENABLED
++LIBSSL_dlfcn = dlfcn
++else
++CONFIG_OPTS += no-hw
++LIBSSL_dlfcn =
++endif
++
++#
++# our libs aren't in the default location yet
++#
++LDFLAGS += -L$(ROOTDIR)/lib/libssl/build
++export LDFLAGS
++
++all: build/configured
++ $(MAKE) -C build
++ $(MAKE) -C build install_sw
++
++build/configured: makefile config Configure
++ rm -rf build
++ find . -type d > .dirs
++ find . ! -type d | grep -v ./makefile > .files
++ while read t; do mkdir -p build/$$t; done < .dirs
++ while read t; do ln -s `pwd`/$$t build/$$t; done < .files
++ rm -f .dirs .files
++ chmod +x build/config
++ cd build; MACHINE=uClinux-dist ./config $(CONFIG_OPTS)
++ $(MAKE) -C build depend
++ $(MAKE) -C build links
++ touch build/configured
++
++clean:
++ -rm -rf build
++
++romfs:
++ cd build/install/lib; \
++ for i in *.so*; do \
++ if [ -L $$i ]; then \
++ $(ROMFSINST) -s `find $$i -printf %l` /lib/$$i; \
++ elif [ -f $$i ]; then \
++ $(ROMFSINST) /lib/$$i; \
++ fi; \
++ done
++
++romfs_user:
++ $(ROMFSINST) -e CONFIG_USER_OPENSSL_APPS build/install/bin/openssl /bin/openssl
++ # $(ROMFSINST) -e CONFIG_USER_OPENSSL_APPS build/install/bin/c_rehash /bin/c_rehash
++
++
+diff -burN openssl-0.9.8k/util/domd openssl-0.9.8k.patched/util/domd
+--- openssl-0.9.8k/util/domd 2009-01-21 22:44:52.000000000 +0100
++++ openssl-0.9.8k.patched/util/domd 2009-03-26 15:07:05.353647021 +0100
+@@ -22,13 +22,17 @@
done
sed -e '/^# DO NOT DELETE.*/,$d' < Makefile > Makefile.tmp
echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
- ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp
+ ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp && \
${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new
-+ RC=$?
++ RC=$?
rm -f Makefile.tmp
else
- ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND $@
+ ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND $@ && \
${PERL} $TOP/util/clean-depend.pl < Makefile > Makefile.new
-+ RC=$?
++ RC=$?
fi
mv Makefile.new Makefile
# unfake the presence of Kerberos
Index: Makefile
===================================================================
--- Makefile (Revision 15047)
+++ Makefile (Arbeitskopie)
@@ -9,7 +9,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=openssl
-PKG_VERSION:=0.9.8j
+PKG_VERSION:=0.9.8k
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
@@ -17,7 +17,7 @@
ftp://ftp.funet.fi/pub/crypt/cryptography/libs/openssl/source/ \
ftp://ftp.webmonster.de/pub/openssl/source/ \
ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/
-PKG_MD5SUM:=a5cb5f6c3d11affb387ecf7a997cac0c
+PKG_MD5SUM:=e555c6d58d276aec7fdc53363e338ab3
PKG_BUILD_DEPENDS:=ocf-crypto-headers
Index: shorewall-common/Makefile
===================================================================
--- shorewall-common/Makefile (Revision 15047)
+++ shorewall-common/Makefile (Arbeitskopie)
@@ -9,12 +9,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=shorewall-common
-PKG_VERSION:=4.2.4
+PKG_VERSION:=4.2.7
PKG_RELEASE:=1
PKG_SOURCE_URL:=http://www.shorewall.net/pub/shorewall/4.2/shorewall-$(PKG_VERSION)/
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_MD5SUM:=888130a12280f7bf9022009153ac63cd
+PKG_MD5SUM:=47f51b083bdea3904ffaf3a3c9317526
include $(INCLUDE_DIR)/package.mk
Index: shorewall-shell/Makefile
===================================================================
--- shorewall-shell/Makefile (Revision 15047)
+++ shorewall-shell/Makefile (Arbeitskopie)
@@ -9,12 +9,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=shorewall-shell
-PKG_VERSION:=4.2.4
+PKG_VERSION:=4.2.7
PKG_RELEASE:=1
PKG_SOURCE_URL:=http://www1.shorewall.net/pub/shorewall/4.2/shorewall-$(PKG_VERSION)/
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_MD5SUM:=95a645963e541aef5a39c707f67874b5
+PKG_MD5SUM:=c5555ef10e493af3d3ad40785bf33caa
include $(INCLUDE_DIR)/package.mk
_______________________________________________
openwrt-devel mailing list
[email protected]
http://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
