From: Michael Tremer Date: Sat, 27 Mar 2010 09:31:20 +0000 (+0100) Subject: openssl: Update to 1.0.0-beta5. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=68d15d217ed17bdb27642ea98ba0e6e2ad08b90b;p=ipfire-3.x.git openssl: Update to 1.0.0-beta5. --- diff --git a/pkgs/core/openssl/openssl.nm b/pkgs/core/openssl/openssl.nm index 95c1e3c7d..bc32f57b7 100644 --- a/pkgs/core/openssl/openssl.nm +++ b/pkgs/core/openssl/openssl.nm @@ -25,10 +25,10 @@ include $(PKGROOT)/Include PKG_NAME = openssl -PKG_VER = 0.9.8k +PKG_VER = 1.0.0-beta5 PKG_REL = 0 -PKG_MAINTAINER = +PKG_MAINTAINER = Michael Tremer PKG_GROUP = System/Libraries PKG_URL = http://www.openssl.org/ PKG_LICENSE = OpenSSL @@ -58,13 +58,7 @@ endif #endif #endif -############################################################################### -# Installation Details -############################################################################### - define STAGE_PREPARE_CMDS - cd $(DIR_APP) && sed -e 's/-O3 -fomit-frame-pointer/$(CFLAGS)/' -i Configure - cd $(DIR_APP) && sed -e 's/__OpenBSD__/__linux__/' -e 's/arandom/urandom/' \ -i crypto/rand/randfile.c @@ -72,6 +66,13 @@ define STAGE_PREPARE_CMDS cd $(DIR_APP) && find crypto/ -name Makefile -exec \ sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \; + + # # Modify the various perl scripts to reference perl in the right location. + cd $(DIR_APP) && perl util/perlpath.pl /usr/bin + + # Generate a table with the compile settings for my perusal. + cd $(DIR_APP) && touch Makefile + cd $(DIR_APP) && make TABLE PERL=/usr/bin/perl endef define STAGE_BUILD @@ -96,7 +97,7 @@ define STAGE_BUILD -DSSL_FORBID_ENULL # Build. - cd $(DIR_APP) && make all build-shared #$(PARALLELISMFLAGS) + cd $(DIR_APP) && make depend all build-shared RPM_OPT_FLAGS="$(CFLAGS)" #$(PARALLELISMFLAGS) # Generate hashes for the included certs. cd $(DIR_APP) && make rehash build-shared @@ -109,6 +110,10 @@ endef define STAGE_INSTALL cd $(DIR_APP) && make install build-shared INSTALL_PREFIX=$(BUILDROOT) + # Install manpages do right place + -mkdir -pv $(BUILDROOT)/usr/share + mv -v $(BUILDROOT)/etc/pki/tls/man $(BUILDROOT)/usr/share/ + -mkdir -pv $(BUILDROOT)/usr/lib/openssl mv -v $(BUILDROOT)/usr/lib/engines $(BUILDROOT)/usr/lib/openssl diff --git a/pkgs/core/openssl/patches/openssl-0.9.8b-test-use-localhost.patch b/pkgs/core/openssl/patches/openssl-0.9.8b-test-use-localhost.patch new file mode 100644 index 000000000..08adf1cb0 --- /dev/null +++ b/pkgs/core/openssl/patches/openssl-0.9.8b-test-use-localhost.patch @@ -0,0 +1,24 @@ +diff -up openssl-0.9.8b/ssl/ssltest.c.use-localhost openssl-0.9.8b/ssl/ssltest.c +--- openssl-0.9.8b/ssl/ssltest.c.use-localhost 2006-02-24 18:58:35.000000000 +0100 ++++ openssl-0.9.8b/ssl/ssltest.c 2007-08-03 14:06:16.000000000 +0200 +@@ -839,19 +839,8 @@ bad: + #ifndef OPENSSL_NO_KRB5 + if (c_ssl && c_ssl->kssl_ctx) + { +- char localhost[MAXHOSTNAMELEN+2]; +- +- if (gethostname(localhost, sizeof localhost-1) == 0) +- { +- localhost[sizeof localhost-1]='\0'; +- if(strlen(localhost) == sizeof localhost-1) +- { +- BIO_printf(bio_err,"localhost name too long\n"); +- goto end; +- } + kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, +- localhost); +- } ++ "localhost"); + } + #endif /* OPENSSL_NO_KRB5 */ + diff --git a/pkgs/core/openssl/patches/openssl-0.9.8j-env-nozlib.patch b/pkgs/core/openssl/patches/openssl-0.9.8j-env-nozlib.patch new file mode 100644 index 000000000..65af5a89b --- /dev/null +++ b/pkgs/core/openssl/patches/openssl-0.9.8j-env-nozlib.patch @@ -0,0 +1,13 @@ +Do not implicitly load the zlib support if OPENSSL_NO_DEFAULT_ZLIB is set. +diff -up openssl-0.9.8j/ssl/ssl_ciph.c.env-nozlib openssl-0.9.8j/ssl/ssl_ciph.c +--- openssl-0.9.8j/ssl/ssl_ciph.c.env-nozlib 2009-01-05 15:43:07.000000000 +0100 ++++ openssl-0.9.8j/ssl/ssl_ciph.c 2009-01-14 17:47:46.000000000 +0100 +@@ -287,7 +287,7 @@ static void load_builtin_compressions(vo + + MemCheck_off(); + ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); +- if (ssl_comp_methods != NULL) ++ if (ssl_comp_methods != NULL && getenv("OPENSSL_NO_DEFAULT_ZLIB") == NULL) + { + comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); + if (comp != NULL) diff --git a/pkgs/core/openssl/patches/openssl-0.9.8j-version-add-engines.patch b/pkgs/core/openssl/patches/openssl-0.9.8j-version-add-engines.patch new file mode 100644 index 000000000..f54326cbc --- /dev/null +++ b/pkgs/core/openssl/patches/openssl-0.9.8j-version-add-engines.patch @@ -0,0 +1,48 @@ +diff -up openssl-0.9.8j/apps/version.c.version-add-engines openssl-0.9.8j/apps/version.c +--- openssl-0.9.8j/apps/version.c.version-add-engines 2008-10-20 14:53:33.000000000 +0200 ++++ openssl-0.9.8j/apps/version.c 2009-01-13 23:22:03.000000000 +0100 +@@ -131,6 +131,7 @@ + #ifndef OPENSSL_NO_BF + # include + #endif ++#include + + #undef PROG + #define PROG version_main +@@ -140,7 +141,7 @@ int MAIN(int, char **); + int MAIN(int argc, char **argv) + { + int i,ret=0; +- int cflags=0,version=0,date=0,options=0,platform=0,dir=0; ++ int cflags=0,version=0,date=0,options=0,platform=0,dir=0,engines=0; + + apps_startup(); + +@@ -164,7 +165,7 @@ int MAIN(int argc, char **argv) + else if (strcmp(argv[i],"-d") == 0) + dir=1; + else if (strcmp(argv[i],"-a") == 0) +- date=version=cflags=options=platform=dir=1; ++ date=version=cflags=options=platform=dir=engines=1; + else + { + BIO_printf(bio_err,"usage:version -[avbofpd]\n"); +@@ -211,6 +212,18 @@ int MAIN(int argc, char **argv) + } + if (cflags) printf("%s\n",SSLeay_version(SSLEAY_CFLAGS)); + if (dir) printf("%s\n",SSLeay_version(SSLEAY_DIR)); ++ if (engines) ++ { ++ ENGINE *e; ++ printf("engines: "); ++ e = ENGINE_get_first(); ++ while (e) ++ { ++ printf("%s ", ENGINE_get_id(e)); ++ e = ENGINE_get_next(e); ++ } ++ printf("\n"); ++ } + end: + apps_shutdown(); + OPENSSL_EXIT(ret); diff --git a/pkgs/core/openssl/patches/openssl-0.9.8k-enginesdir.patch b/pkgs/core/openssl/patches/openssl-0.9.8k-enginesdir.patch deleted file mode 100644 index 0c33b742e..000000000 --- a/pkgs/core/openssl/patches/openssl-0.9.8k-enginesdir.patch +++ /dev/null @@ -1,39 +0,0 @@ ---- openssl-0.9.8a/Configure.enginesdir 2005-11-04 15:06:37.000000000 +0100 -+++ openssl-0.9.8a/Configure 2005-11-07 14:15:12.000000000 +0100 -@@ -560,6 +560,7 @@ - - my $prefix=""; - my $openssldir=""; -+my $enginesdir=""; - my $exe_ext=""; - my $install_prefix=""; - my $no_threads=0; -@@ -739,6 +740,10 @@ - { - $openssldir=$1; - } -+ elsif (/^--enginesdir=(.*)$/) -+ { -+ $enginesdir=$1; -+ } - elsif (/^--install.prefix=(.*)$/) - { - $install_prefix=$1; -@@ -923,7 +928,7 @@ - - $openssldir=$prefix . "/ssl" if $openssldir eq ""; - $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/; -- -+$enginesdir="$prefix/lib/engines" if $enginesdir eq ""; - - print "IsMK1MF=$IsMK1MF\n"; - -@@ -1430,7 +1435,7 @@ - if (/^#define\s+OPENSSLDIR/) - { print OUT "#define OPENSSLDIR \"$openssldir\"\n"; } - elsif (/^#define\s+ENGINESDIR/) -- { print OUT "#define ENGINESDIR \"$prefix/lib/engines\"\n"; } -+ { print OUT "#define ENGINESDIR \"$enginesdir\"\n"; } - elsif (/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/) - { printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n" - if $export_var_as_fn; diff --git a/pkgs/core/openssl/patches/openssl-0.9.8k-fix_manpages-1.patch b/pkgs/core/openssl/patches/openssl-0.9.8k-fix_manpages-1.patch deleted file mode 100644 index 69189c97d..000000000 --- a/pkgs/core/openssl/patches/openssl-0.9.8k-fix_manpages-1.patch +++ /dev/null @@ -1,1888 +0,0 @@ -Submitted By: Robert Connolly -Date: 2005-11-13 -Initial Package Version: 0.9.8a -Upstream Status: Submitted upstream -Origin: Anderson Lizardo -Description: This patch fixes conflicts between man pages - installed by OpenSSL and those found on other - packages (particulary Shadow, Perl, and - Man-pages). It also fixes syntax errors on some - POD files that generates slightly broken man - pages. - -$LastChangedBy: igor $ -$Date: 2005-04-03 16:54:23 -0600 (Sun, 03 Apr 2005) $ - -diff -Naur openssl-0.9.8a.orig/FAQ openssl-0.9.8a/FAQ ---- openssl-0.9.8a.orig/FAQ 2005-10-11 10:16:06.000000000 +0000 -+++ openssl-0.9.8a/FAQ 2005-11-14 03:59:59.000000000 +0000 -@@ -680,7 +680,7 @@ - - Multi-threaded applications must provide two callback functions to - OpenSSL by calling CRYPTO_set_locking_callback() and --CRYPTO_set_id_callback(). This is described in the threads(3) -+CRYPTO_set_id_callback(). This is described in the openssl_threads(3) - manpage. - - * I've compiled a program under Windows and it crashes: why? -diff -Naur openssl-0.9.8a.orig/crypto/rand/md_rand.c openssl-0.9.8a/crypto/rand/md_rand.c ---- openssl-0.9.8a.orig/crypto/rand/md_rand.c 2005-04-07 22:53:35.000000000 +0000 -+++ openssl-0.9.8a/crypto/rand/md_rand.c 2005-11-14 03:59:59.000000000 +0000 -@@ -196,7 +196,7 @@ - int do_not_lock; - - /* -- * (Based on the rand(3) manpage) -+ * (Based on the openssl_rand(3) manpage) - * - * The input is chopped up into units of 20 bytes (or less for - * the last block). Each of these blocks is run through the hash -@@ -351,7 +351,7 @@ - num_ceil = (1 + (num-1)/(MD_DIGEST_LENGTH/2)) * (MD_DIGEST_LENGTH/2); - - /* -- * (Based on the rand(3) manpage:) -+ * (Based on the openssl_rand(3) manpage) - * - * For each group of 10 bytes (or less), we do the following: - * -diff -Naur openssl-0.9.8a.orig/doc/apps/openssl-passwd.pod openssl-0.9.8a/doc/apps/openssl-passwd.pod ---- openssl-0.9.8a.orig/doc/apps/openssl-passwd.pod 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-0.9.8a/doc/apps/openssl-passwd.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -0,0 +1,82 @@ -+=pod -+ -+=head1 NAME -+ -+openssl-passwd - compute password hashes -+ -+=head1 SYNOPSIS -+ -+B -+[B<-crypt>] -+[B<-1>] -+[B<-apr1>] -+[B<-salt> I] -+[B<-in> I] -+[B<-stdin>] -+[B<-noverify>] -+[B<-quiet>] -+[B<-table>] -+{I} -+ -+=head1 DESCRIPTION -+ -+The B command computes the hash of a password typed at -+run-time or the hash of each password in a list. The password list is -+taken from the named file for option B<-in file>, from stdin for -+option B<-stdin>, or from the command line, or from the terminal otherwise. -+The Unix standard algorithm B and the MD5-based BSD password -+algorithm B<1> and its Apache variant B are available. -+ -+=head1 OPTIONS -+ -+=over 4 -+ -+=item B<-crypt> -+ -+Use the B algorithm (default). -+ -+=item B<-1> -+ -+Use the MD5 based BSD password algorithm B<1>. -+ -+=item B<-apr1> -+ -+Use the B algorithm (Apache variant of the BSD algorithm). -+ -+=item B<-salt> I -+ -+Use the specified salt. -+When reading a password from the terminal, this implies B<-noverify>. -+ -+=item B<-in> I -+ -+Read passwords from I. -+ -+=item B<-stdin> -+ -+Read passwords from B. -+ -+=item B<-noverify> -+ -+Don't verify when reading a password from the terminal. -+ -+=item B<-quiet> -+ -+Don't output warnings when passwords given at the command line are truncated. -+ -+=item B<-table> -+ -+In the output list, prepend the cleartext password and a TAB character -+to each password hash. -+ -+=back -+ -+=head1 EXAMPLES -+ -+B prints B. -+ -+B prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>. -+ -+B prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>. -+ -+=cut -diff -Naur openssl-0.9.8a.orig/doc/apps/openssl.pod openssl-0.9.8a/doc/apps/openssl.pod ---- openssl-0.9.8a.orig/doc/apps/openssl.pod 2004-01-04 18:59:14.000000000 +0000 -+++ openssl-0.9.8a/doc/apps/openssl.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -125,7 +125,7 @@ - - Online Certificate Status Protocol utility. - --=item L|passwd(1)> -+=item L|openssl-passwd(1)> - - Generation of hashed passwords. - -@@ -325,7 +325,7 @@ - L, L, L, - L, L, - L, L, L, --L, -+L, - L, L, L, - L, L, L, - L, L, -diff -Naur openssl-0.9.8a.orig/doc/apps/passwd.pod openssl-0.9.8a/doc/apps/passwd.pod ---- openssl-0.9.8a.orig/doc/apps/passwd.pod 2002-10-04 12:59:00.000000000 +0000 -+++ openssl-0.9.8a/doc/apps/passwd.pod 1970-01-01 00:00:00.000000000 +0000 -@@ -1,82 +0,0 @@ --=pod -- --=head1 NAME -- --passwd - compute password hashes -- --=head1 SYNOPSIS -- --B --[B<-crypt>] --[B<-1>] --[B<-apr1>] --[B<-salt> I] --[B<-in> I] --[B<-stdin>] --[B<-noverify>] --[B<-quiet>] --[B<-table>] --{I} -- --=head1 DESCRIPTION -- --The B command computes the hash of a password typed at --run-time or the hash of each password in a list. The password list is --taken from the named file for option B<-in file>, from stdin for --option B<-stdin>, or from the command line, or from the terminal otherwise. --The Unix standard algorithm B and the MD5-based BSD password --algorithm B<1> and its Apache variant B are available. -- --=head1 OPTIONS -- --=over 4 -- --=item B<-crypt> -- --Use the B algorithm (default). -- --=item B<-1> -- --Use the MD5 based BSD password algorithm B<1>. -- --=item B<-apr1> -- --Use the B algorithm (Apache variant of the BSD algorithm). -- --=item B<-salt> I -- --Use the specified salt. --When reading a password from the terminal, this implies B<-noverify>. -- --=item B<-in> I -- --Read passwords from I. -- --=item B<-stdin> -- --Read passwords from B. -- --=item B<-noverify> -- --Don't verify when reading a password from the terminal. -- --=item B<-quiet> -- --Don't output warnings when passwords given at the command line are truncated. -- --=item B<-table> -- --In the output list, prepend the cleartext password and a TAB character --to each password hash. -- --=back -- --=head1 EXAMPLES -- --B prints B. -- --B prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>. -- --B prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>. -- --=cut -diff -Naur openssl-0.9.8a.orig/doc/crypto/BN_generate_prime.pod openssl-0.9.8a/doc/crypto/BN_generate_prime.pod ---- openssl-0.9.8a.orig/doc/crypto/BN_generate_prime.pod 2003-01-13 13:18:22.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/BN_generate_prime.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -90,7 +90,7 @@ - - =head1 SEE ALSO - --L, L, L -+L, L, L - - =head1 HISTORY - -diff -Naur openssl-0.9.8a.orig/doc/crypto/BN_rand.pod openssl-0.9.8a/doc/crypto/BN_rand.pod ---- openssl-0.9.8a.orig/doc/crypto/BN_rand.pod 2002-09-25 13:33:26.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/BN_rand.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -45,7 +45,7 @@ - - =head1 SEE ALSO - --L, L, L, -+L, L, L, - L, L - - =head1 HISTORY -diff -Naur openssl-0.9.8a.orig/doc/crypto/CONF_modules_free.pod openssl-0.9.8a/doc/crypto/CONF_modules_free.pod ---- openssl-0.9.8a.orig/doc/crypto/CONF_modules_free.pod 2004-03-02 13:31:32.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/CONF_modules_free.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -37,7 +37,7 @@ - =head1 SEE ALSO - - L, L, --L -+L - - =head1 HISTORY - -diff -Naur openssl-0.9.8a.orig/doc/crypto/CONF_modules_load_file.pod openssl-0.9.8a/doc/crypto/CONF_modules_load_file.pod ---- openssl-0.9.8a.orig/doc/crypto/CONF_modules_load_file.pod 2004-03-02 13:31:32.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/CONF_modules_load_file.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -51,7 +51,7 @@ - =head1 SEE ALSO - - L, L, --L, L -+L, L - - =head1 HISTORY - -diff -Naur openssl-0.9.8a.orig/doc/crypto/DH_generate_key.pod openssl-0.9.8a/doc/crypto/DH_generate_key.pod ---- openssl-0.9.8a.orig/doc/crypto/DH_generate_key.pod 2002-09-25 13:33:27.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/DH_generate_key.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -40,7 +40,7 @@ - - =head1 SEE ALSO - --L, L, L, L -+L, L, L, L - - =head1 HISTORY - -diff -Naur openssl-0.9.8a.orig/doc/crypto/DH_generate_parameters.pod openssl-0.9.8a/doc/crypto/DH_generate_parameters.pod ---- openssl-0.9.8a.orig/doc/crypto/DH_generate_parameters.pod 2002-09-25 13:33:27.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/DH_generate_parameters.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -59,7 +59,7 @@ - - =head1 SEE ALSO - --L, L, L, -+L, L, L, - L - - =head1 HISTORY -diff -Naur openssl-0.9.8a.orig/doc/crypto/DSA_do_sign.pod openssl-0.9.8a/doc/crypto/DSA_do_sign.pod ---- openssl-0.9.8a.orig/doc/crypto/DSA_do_sign.pod 2002-09-25 13:33:27.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/DSA_do_sign.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -36,7 +36,7 @@ - - =head1 SEE ALSO - --L, L, L, -+L, L, L, - L, - L - -diff -Naur openssl-0.9.8a.orig/doc/crypto/DSA_generate_key.pod openssl-0.9.8a/doc/crypto/DSA_generate_key.pod ---- openssl-0.9.8a.orig/doc/crypto/DSA_generate_key.pod 2002-09-25 13:33:27.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/DSA_generate_key.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -24,7 +24,7 @@ - - =head1 SEE ALSO - --L, L, L, -+L, L, L, - L - - =head1 HISTORY -diff -Naur openssl-0.9.8a.orig/doc/crypto/DSA_generate_parameters.pod openssl-0.9.8a/doc/crypto/DSA_generate_parameters.pod ---- openssl-0.9.8a.orig/doc/crypto/DSA_generate_parameters.pod 2002-09-25 13:33:27.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/DSA_generate_parameters.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -90,7 +90,7 @@ - - =head1 SEE ALSO - --L, L, L, -+L, L, L, - L - - =head1 HISTORY -diff -Naur openssl-0.9.8a.orig/doc/crypto/DSA_sign.pod openssl-0.9.8a/doc/crypto/DSA_sign.pod ---- openssl-0.9.8a.orig/doc/crypto/DSA_sign.pod 2002-09-25 13:33:27.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/DSA_sign.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -55,7 +55,7 @@ - - =head1 SEE ALSO - --L, L, L, -+L, L, L, - L - - =head1 HISTORY -diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_GET_LIB.pod openssl-0.9.8a/doc/crypto/ERR_GET_LIB.pod ---- openssl-0.9.8a.orig/doc/crypto/ERR_GET_LIB.pod 2000-02-01 01:36:58.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/ERR_GET_LIB.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -41,7 +41,7 @@ - - =head1 SEE ALSO - --L, L -+L, L - - =head1 HISTORY - -diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_clear_error.pod openssl-0.9.8a/doc/crypto/ERR_clear_error.pod ---- openssl-0.9.8a.orig/doc/crypto/ERR_clear_error.pod 2000-02-01 01:36:58.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/ERR_clear_error.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -20,7 +20,7 @@ - - =head1 SEE ALSO - --L, L -+L, L - - =head1 HISTORY - -diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_error_string.pod openssl-0.9.8a/doc/crypto/ERR_error_string.pod ---- openssl-0.9.8a.orig/doc/crypto/ERR_error_string.pod 2004-11-14 15:11:37.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/ERR_error_string.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -60,7 +60,7 @@ - - =head1 SEE ALSO - --L, L, -+L, L, - L, - L - L -diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_get_error.pod openssl-0.9.8a/doc/crypto/ERR_get_error.pod ---- openssl-0.9.8a.orig/doc/crypto/ERR_get_error.pod 2002-11-29 14:21:54.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/ERR_get_error.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -61,7 +61,7 @@ - - =head1 SEE ALSO - --L, L, -+L, L, - L - - =head1 HISTORY -diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_load_crypto_strings.pod openssl-0.9.8a/doc/crypto/ERR_load_crypto_strings.pod ---- openssl-0.9.8a.orig/doc/crypto/ERR_load_crypto_strings.pod 2000-02-24 11:55:08.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/ERR_load_crypto_strings.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -35,7 +35,7 @@ - - =head1 SEE ALSO - --L, L -+L, L - - =head1 HISTORY - -diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_load_strings.pod openssl-0.9.8a/doc/crypto/ERR_load_strings.pod ---- openssl-0.9.8a.orig/doc/crypto/ERR_load_strings.pod 2000-02-24 11:55:08.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/ERR_load_strings.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -43,7 +43,7 @@ - - =head1 SEE ALSO - --L, L -+L, L - - =head1 HISTORY - -diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_print_errors.pod openssl-0.9.8a/doc/crypto/ERR_print_errors.pod ---- openssl-0.9.8a.orig/doc/crypto/ERR_print_errors.pod 2000-02-01 01:36:59.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/ERR_print_errors.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -38,7 +38,7 @@ - - =head1 SEE ALSO - --L, L, -+L, L, - L, - L, - L -diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_put_error.pod openssl-0.9.8a/doc/crypto/ERR_put_error.pod ---- openssl-0.9.8a.orig/doc/crypto/ERR_put_error.pod 2000-02-24 11:55:08.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/ERR_put_error.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -34,7 +34,7 @@ - - =head1 SEE ALSO - --L, L -+L, L - - =head1 HISTORY - -diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_remove_state.pod openssl-0.9.8a/doc/crypto/ERR_remove_state.pod ---- openssl-0.9.8a.orig/doc/crypto/ERR_remove_state.pod 2000-05-19 07:54:42.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/ERR_remove_state.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -25,7 +25,7 @@ - - =head1 SEE ALSO - --L -+L - - =head1 HISTORY - -diff -Naur openssl-0.9.8a.orig/doc/crypto/EVP_BytesToKey.pod openssl-0.9.8a/doc/crypto/EVP_BytesToKey.pod ---- openssl-0.9.8a.orig/doc/crypto/EVP_BytesToKey.pod 2004-11-25 17:47:30.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/EVP_BytesToKey.pod 2005-11-14 04:00:45.000000000 +0000 -@@ -59,7 +59,7 @@ - - =head1 SEE ALSO - --L, L, -+L, L, - L - - =head1 HISTORY -diff -Naur openssl-0.9.8a.orig/doc/crypto/EVP_OpenInit.pod openssl-0.9.8a/doc/crypto/EVP_OpenInit.pod ---- openssl-0.9.8a.orig/doc/crypto/EVP_OpenInit.pod 2000-09-23 07:16:14.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/EVP_OpenInit.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -54,7 +54,7 @@ - - =head1 SEE ALSO - --L, L, -+L, L, - L, - L - -diff -Naur openssl-0.9.8a.orig/doc/crypto/EVP_SealInit.pod openssl-0.9.8a/doc/crypto/EVP_SealInit.pod ---- openssl-0.9.8a.orig/doc/crypto/EVP_SealInit.pod 2005-03-29 17:50:08.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/EVP_SealInit.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -74,7 +74,7 @@ - - =head1 SEE ALSO - --L, L, -+L, L, - L, - L - -diff -Naur openssl-0.9.8a.orig/doc/crypto/EVP_SignInit.pod openssl-0.9.8a/doc/crypto/EVP_SignInit.pod ---- openssl-0.9.8a.orig/doc/crypto/EVP_SignInit.pod 2005-03-22 17:55:33.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/EVP_SignInit.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -80,7 +80,7 @@ - =head1 SEE ALSO - - L, --L, L, -+L, L, - L, L, L, - L, L, L, - L, L -diff -Naur openssl-0.9.8a.orig/doc/crypto/EVP_VerifyInit.pod openssl-0.9.8a/doc/crypto/EVP_VerifyInit.pod ---- openssl-0.9.8a.orig/doc/crypto/EVP_VerifyInit.pod 2002-07-10 19:35:46.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/EVP_VerifyInit.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -71,7 +71,7 @@ - - L, - L, --L, L, -+L, L, - L, L, L, - L, L, L, - L, L -diff -Naur openssl-0.9.8a.orig/doc/crypto/OPENSSL_config.pod openssl-0.9.8a/doc/crypto/OPENSSL_config.pod ---- openssl-0.9.8a.orig/doc/crypto/OPENSSL_config.pod 2005-06-02 23:17:38.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/OPENSSL_config.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -73,7 +73,7 @@ - =head1 SEE ALSO - - L, L, --L -+L - - =head1 HISTORY - -diff -Naur openssl-0.9.8a.orig/doc/crypto/RAND_add.pod openssl-0.9.8a/doc/crypto/RAND_add.pod ---- openssl-0.9.8a.orig/doc/crypto/RAND_add.pod 2000-03-22 15:30:03.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/RAND_add.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -65,7 +65,7 @@ - - =head1 SEE ALSO - --L, L, -+L, L, - L, L - - =head1 HISTORY -diff -Naur openssl-0.9.8a.orig/doc/crypto/RAND_bytes.pod openssl-0.9.8a/doc/crypto/RAND_bytes.pod ---- openssl-0.9.8a.orig/doc/crypto/RAND_bytes.pod 2002-09-25 13:33:27.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/RAND_bytes.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -35,7 +35,7 @@ - - =head1 SEE ALSO - --L, L, -+L, L, - L - - =head1 HISTORY -diff -Naur openssl-0.9.8a.orig/doc/crypto/RAND_cleanup.pod openssl-0.9.8a/doc/crypto/RAND_cleanup.pod ---- openssl-0.9.8a.orig/doc/crypto/RAND_cleanup.pod 2000-01-27 01:25:06.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/RAND_cleanup.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -20,7 +20,7 @@ - - =head1 SEE ALSO - --L -+L - - =head1 HISTORY - -diff -Naur openssl-0.9.8a.orig/doc/crypto/RAND_egd.pod openssl-0.9.8a/doc/crypto/RAND_egd.pod ---- openssl-0.9.8a.orig/doc/crypto/RAND_egd.pod 2001-02-10 19:10:36.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/RAND_egd.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -69,7 +69,7 @@ - - =head1 SEE ALSO - --L, L, -+L, L, - L - - =head1 HISTORY -diff -Naur openssl-0.9.8a.orig/doc/crypto/RAND_load_file.pod openssl-0.9.8a/doc/crypto/RAND_load_file.pod ---- openssl-0.9.8a.orig/doc/crypto/RAND_load_file.pod 2001-03-21 15:25:56.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/RAND_load_file.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -43,7 +43,7 @@ - - =head1 SEE ALSO - --L, L, L -+L, L, L - - =head1 HISTORY - -diff -Naur openssl-0.9.8a.orig/doc/crypto/RAND_set_rand_method.pod openssl-0.9.8a/doc/crypto/RAND_set_rand_method.pod ---- openssl-0.9.8a.orig/doc/crypto/RAND_set_rand_method.pod 2002-08-05 16:27:01.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/RAND_set_rand_method.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -67,7 +67,7 @@ - - =head1 SEE ALSO - --L, L -+L, L - - =head1 HISTORY - -diff -Naur openssl-0.9.8a.orig/doc/crypto/RSA_blinding_on.pod openssl-0.9.8a/doc/crypto/RSA_blinding_on.pod ---- openssl-0.9.8a.orig/doc/crypto/RSA_blinding_on.pod 2000-02-24 11:55:10.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/RSA_blinding_on.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -34,7 +34,7 @@ - - =head1 SEE ALSO - --L, L -+L, L - - =head1 HISTORY - -diff -Naur openssl-0.9.8a.orig/doc/crypto/RSA_generate_key.pod openssl-0.9.8a/doc/crypto/RSA_generate_key.pod ---- openssl-0.9.8a.orig/doc/crypto/RSA_generate_key.pod 2002-09-25 13:33:27.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/RSA_generate_key.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -59,7 +59,7 @@ - - =head1 SEE ALSO - --L, L, L, -+L, L, L, - L - - =head1 HISTORY -diff -Naur openssl-0.9.8a.orig/doc/crypto/RSA_public_encrypt.pod openssl-0.9.8a/doc/crypto/RSA_public_encrypt.pod ---- openssl-0.9.8a.orig/doc/crypto/RSA_public_encrypt.pod 2004-03-23 21:01:34.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/RSA_public_encrypt.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -73,7 +73,7 @@ - - =head1 SEE ALSO - --L, L, L, -+L, L, L, - L - - =head1 HISTORY -diff -Naur openssl-0.9.8a.orig/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod openssl-0.9.8a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod ---- openssl-0.9.8a.orig/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod 2002-09-25 13:33:28.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -48,7 +48,7 @@ - =head1 SEE ALSO - - L, L, --L, L, L, -+L, L, L, - L - - =head1 HISTORY -diff -Naur openssl-0.9.8a.orig/doc/crypto/X509_NAME_ENTRY_get_object.pod openssl-0.9.8a/doc/crypto/X509_NAME_ENTRY_get_object.pod ---- openssl-0.9.8a.orig/doc/crypto/X509_NAME_ENTRY_get_object.pod 2005-03-30 11:50:14.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/X509_NAME_ENTRY_get_object.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -63,7 +63,7 @@ - =head1 SEE ALSO - - L, L, --L -+L - - =head1 HISTORY - -diff -Naur openssl-0.9.8a.orig/doc/crypto/bn.pod openssl-0.9.8a/doc/crypto/bn.pod ---- openssl-0.9.8a.orig/doc/crypto/bn.pod 2005-04-29 15:07:34.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/bn.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -167,7 +167,7 @@ - =head1 SEE ALSO - - L, --L, L, L, L, -+L, L, L, L, - L, L, - L, L, L, - L, L, -diff -Naur openssl-0.9.8a.orig/doc/crypto/crypto.pod openssl-0.9.8a/doc/crypto/crypto.pod ---- openssl-0.9.8a.orig/doc/crypto/crypto.pod 2002-10-06 12:59:25.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/crypto.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -46,7 +46,7 @@ - - =item AUXILIARY FUNCTIONS - --L, L, L, -+L, L, L, - L - - =item INPUT/OUTPUT, DATA ENCODING -diff -Naur openssl-0.9.8a.orig/doc/crypto/des.pod openssl-0.9.8a/doc/crypto/des.pod ---- openssl-0.9.8a.orig/doc/crypto/des.pod 2003-10-01 15:02:45.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/des.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -115,7 +115,7 @@ - the key; it is used to speed the encryption process. - - DES_random_key() generates a random key. The PRNG must be seeded --prior to using this function (see L). If the PRNG -+prior to using this function (see L). If the PRNG - could not generate a secure key, 0 is returned. - - Before a DES key can be used, it must be converted into the -@@ -317,7 +317,7 @@ - - =head1 SEE ALSO - --crypt(3), L, L, L -+crypt(3), L, L, L - - =head1 HISTORY - -diff -Naur openssl-0.9.8a.orig/doc/crypto/dh.pod openssl-0.9.8a/doc/crypto/dh.pod ---- openssl-0.9.8a.orig/doc/crypto/dh.pod 2002-08-05 16:27:01.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/dh.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -67,8 +67,8 @@ - - =head1 SEE ALSO - --L, L, L, L, --L, L, L, -+L, L, L, L, -+L, L, L, - L, L, - L, - L, -diff -Naur openssl-0.9.8a.orig/doc/crypto/dsa.pod openssl-0.9.8a/doc/crypto/dsa.pod ---- openssl-0.9.8a.orig/doc/crypto/dsa.pod 2002-08-05 16:27:01.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/dsa.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -100,7 +100,7 @@ - - =head1 SEE ALSO - --L, L, L, L, -+L, L, L, L, - L, L, L, - L, - L, -diff -Naur openssl-0.9.8a.orig/doc/crypto/engine.pod openssl-0.9.8a/doc/crypto/engine.pod ---- openssl-0.9.8a.orig/doc/crypto/engine.pod 2004-06-17 23:40:14.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/engine.pod 2005-11-14 04:01:19.000000000 +0000 -@@ -594,6 +594,6 @@ - - =head1 SEE ALSO - --L, L, L, L -+L, L, L, L - - =cut -diff -Naur openssl-0.9.8a.orig/doc/crypto/err.pod openssl-0.9.8a/doc/crypto/err.pod ---- openssl-0.9.8a.orig/doc/crypto/err.pod 2002-07-10 19:35:46.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/err.pod 1970-01-01 00:00:00.000000000 +0000 -@@ -1,187 +0,0 @@ --=pod -- --=head1 NAME -- --err - error codes -- --=head1 SYNOPSIS -- -- #include -- -- unsigned long ERR_get_error(void); -- unsigned long ERR_peek_error(void); -- unsigned long ERR_get_error_line(const char **file, int *line); -- unsigned long ERR_peek_error_line(const char **file, int *line); -- unsigned long ERR_get_error_line_data(const char **file, int *line, -- const char **data, int *flags); -- unsigned long ERR_peek_error_line_data(const char **file, int *line, -- const char **data, int *flags); -- -- int ERR_GET_LIB(unsigned long e); -- int ERR_GET_FUNC(unsigned long e); -- int ERR_GET_REASON(unsigned long e); -- -- void ERR_clear_error(void); -- -- char *ERR_error_string(unsigned long e, char *buf); -- const char *ERR_lib_error_string(unsigned long e); -- const char *ERR_func_error_string(unsigned long e); -- const char *ERR_reason_error_string(unsigned long e); -- -- void ERR_print_errors(BIO *bp); -- void ERR_print_errors_fp(FILE *fp); -- -- void ERR_load_crypto_strings(void); -- void ERR_free_strings(void); -- -- void ERR_remove_state(unsigned long pid); -- -- void ERR_put_error(int lib, int func, int reason, const char *file, -- int line); -- void ERR_add_error_data(int num, ...); -- -- void ERR_load_strings(int lib,ERR_STRING_DATA str[]); -- unsigned long ERR_PACK(int lib, int func, int reason); -- int ERR_get_next_error_library(void); -- --=head1 DESCRIPTION -- --When a call to the OpenSSL library fails, this is usually signalled --by the return value, and an error code is stored in an error queue --associated with the current thread. The B library provides --functions to obtain these error codes and textual error messages. -- --The L manpage describes how to --access error codes. -- --Error codes contain information about where the error occurred, and --what went wrong. L describes how to --extract this information. A method to obtain human-readable error --messages is described in L. -- --L can be used to clear the --error queue. -- --Note that L should be used to --avoid memory leaks when threads are terminated. -- --=head1 ADDING NEW ERROR CODES TO OPENSSL -- --See L if you want to record error codes in the --OpenSSL error system from within your application. -- --The remainder of this section is of interest only if you want to add --new error codes to OpenSSL or add error codes from external libraries. -- --=head2 Reporting errors -- --Each sub-library has a specific macro XXXerr() that is used to report --errors. Its first argument is a function code B, the second --argument is a reason code B. Function codes are derived --from the function names; reason codes consist of textual error --descriptions. For example, the function ssl23_read() reports a --"handshake failure" as follows: -- -- SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE); -- --Function and reason codes should consist of upper case characters, --numbers and underscores only. The error file generation script translates --function codes into function names by looking in the header files --for an appropriate function name, if none is found it just uses --the capitalized form such as "SSL23_READ" in the above example. -- --The trailing section of a reason code (after the "_R_") is translated --into lower case and underscores changed to spaces. -- --When you are using new function or reason codes, run B. --The necessary B<#define>s will then automatically be added to the --sub-library's header file. -- --Although a library will normally report errors using its own specific --XXXerr macro, another library's macro can be used. This is normally --only done when a library wants to include ASN1 code which must use --the ASN1err() macro. -- --=head2 Adding new libraries -- --When adding a new sub-library to OpenSSL, assign it a library number --B, define a macro XXXerr() (both in B), add its --name to B (in B), and add --C to the ERR_load_crypto_strings() function --(in B). Finally, add an entry -- -- L XXX xxx.h xxx_err.c -- --to B, and add B to the Makefile. --Running B will then generate a file B, and --add all error codes used in the library to B. -- --Additionally the library include file must have a certain form. --Typically it will initially look like this: -- -- #ifndef HEADER_XXX_H -- #define HEADER_XXX_H -- -- #ifdef __cplusplus -- extern "C" { -- #endif -- -- /* Include files */ -- -- #include -- #include -- -- /* Macros, structures and function prototypes */ -- -- -- /* BEGIN ERROR CODES */ -- --The B sequence is used by the error code --generation script as the point to place new error codes, any text --after this point will be overwritten when B is run. --The closing #endif etc will be automatically added by the script. -- --The generated C error code file B will load the header --files B, B and B so the --header file must load any additional header files containing any --definitions it uses. -- --=head1 USING ERROR CODES IN EXTERNAL LIBRARIES -- --It is also possible to use OpenSSL's error code scheme in external --libraries. The library needs to load its own codes and call the OpenSSL --error code insertion script B explicitly to add codes to --the header file and generate the C error code file. This will normally --be done if the external library needs to generate new ASN1 structures --but it can also be used to add more general purpose error code handling. -- --TBA more details -- --=head1 INTERNALS -- --The error queues are stored in a hash table with one B --entry for each pid. ERR_get_state() returns the current thread's --B. An B can hold up to B error --codes. When more error codes are added, the old ones are overwritten, --on the assumption that the most recent errors are most important. -- --Error strings are also stored in hash table. The hash tables can --be obtained by calling ERR_get_err_state_table(void) and --ERR_get_string_table(void) respectively. -- --=head1 SEE ALSO -- --L, --L, --L, --L, --L, --L, --L, --L, --L, --L, --L, --L -- --=cut -diff -Naur openssl-0.9.8a.orig/doc/crypto/openssl_err.pod openssl-0.9.8a/doc/crypto/openssl_err.pod ---- openssl-0.9.8a.orig/doc/crypto/openssl_err.pod 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/openssl_err.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -0,0 +1,187 @@ -+=pod -+ -+=head1 NAME -+ -+openssl_err - error codes -+ -+=head1 SYNOPSIS -+ -+ #include -+ -+ unsigned long ERR_get_error(void); -+ unsigned long ERR_peek_error(void); -+ unsigned long ERR_get_error_line(const char **file, int *line); -+ unsigned long ERR_peek_error_line(const char **file, int *line); -+ unsigned long ERR_get_error_line_data(const char **file, int *line, -+ const char **data, int *flags); -+ unsigned long ERR_peek_error_line_data(const char **file, int *line, -+ const char **data, int *flags); -+ -+ int ERR_GET_LIB(unsigned long e); -+ int ERR_GET_FUNC(unsigned long e); -+ int ERR_GET_REASON(unsigned long e); -+ -+ void ERR_clear_error(void); -+ -+ char *ERR_error_string(unsigned long e, char *buf); -+ const char *ERR_lib_error_string(unsigned long e); -+ const char *ERR_func_error_string(unsigned long e); -+ const char *ERR_reason_error_string(unsigned long e); -+ -+ void ERR_print_errors(BIO *bp); -+ void ERR_print_errors_fp(FILE *fp); -+ -+ void ERR_load_crypto_strings(void); -+ void ERR_free_strings(void); -+ -+ void ERR_remove_state(unsigned long pid); -+ -+ void ERR_put_error(int lib, int func, int reason, const char *file, -+ int line); -+ void ERR_add_error_data(int num, ...); -+ -+ void ERR_load_strings(int lib,ERR_STRING_DATA str[]); -+ unsigned long ERR_PACK(int lib, int func, int reason); -+ int ERR_get_next_error_library(void); -+ -+=head1 DESCRIPTION -+ -+When a call to the OpenSSL library fails, this is usually signalled -+by the return value, and an error code is stored in an error queue -+associated with the current thread. The B library provides -+functions to obtain these error codes and textual error messages. -+ -+The L manpage describes how to -+access error codes. -+ -+Error codes contain information about where the error occurred, and -+what went wrong. L describes how to -+extract this information. A method to obtain human-readable error -+messages is described in L. -+ -+L can be used to clear the -+error queue. -+ -+Note that L should be used to -+avoid memory leaks when threads are terminated. -+ -+=head1 ADDING NEW ERROR CODES TO OPENSSL -+ -+See L if you want to record error codes in the -+OpenSSL error system from within your application. -+ -+The remainder of this section is of interest only if you want to add -+new error codes to OpenSSL or add error codes from external libraries. -+ -+=head2 Reporting errors -+ -+Each sub-library has a specific macro XXXerr() that is used to report -+errors. Its first argument is a function code B, the second -+argument is a reason code B. Function codes are derived -+from the function names; reason codes consist of textual error -+descriptions. For example, the function ssl23_read() reports a -+"handshake failure" as follows: -+ -+ SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE); -+ -+Function and reason codes should consist of upper case characters, -+numbers and underscores only. The error file generation script translates -+function codes into function names by looking in the header files -+for an appropriate function name, if none is found it just uses -+the capitalized form such as "SSL23_READ" in the above example. -+ -+The trailing section of a reason code (after the "_R_") is translated -+into lower case and underscores changed to spaces. -+ -+When you are using new function or reason codes, run B. -+The necessary B<#define>s will then automatically be added to the -+sub-library's header file. -+ -+Although a library will normally report errors using its own specific -+XXXerr macro, another library's macro can be used. This is normally -+only done when a library wants to include ASN1 code which must use -+the ASN1err() macro. -+ -+=head2 Adding new libraries -+ -+When adding a new sub-library to OpenSSL, assign it a library number -+B, define a macro XXXerr() (both in B), add its -+name to B (in B), and add -+C to the ERR_load_crypto_strings() function -+(in B). Finally, add an entry -+ -+ L XXX xxx.h xxx_err.c -+ -+to B, and add B to the Makefile. -+Running B will then generate a file B, and -+add all error codes used in the library to B. -+ -+Additionally the library include file must have a certain form. -+Typically it will initially look like this: -+ -+ #ifndef HEADER_XXX_H -+ #define HEADER_XXX_H -+ -+ #ifdef __cplusplus -+ extern "C" { -+ #endif -+ -+ /* Include files */ -+ -+ #include -+ #include -+ -+ /* Macros, structures and function prototypes */ -+ -+ -+ /* BEGIN ERROR CODES */ -+ -+The B sequence is used by the error code -+generation script as the point to place new error codes, any text -+after this point will be overwritten when B is run. -+The closing #endif etc will be automatically added by the script. -+ -+The generated C error code file B will load the header -+files B, B and B so the -+header file must load any additional header files containing any -+definitions it uses. -+ -+=head1 USING ERROR CODES IN EXTERNAL LIBRARIES -+ -+It is also possible to use OpenSSL's error code scheme in external -+libraries. The library needs to load its own codes and call the OpenSSL -+error code insertion script B explicitly to add codes to -+the header file and generate the C error code file. This will normally -+be done if the external library needs to generate new ASN1 structures -+but it can also be used to add more general purpose error code handling. -+ -+TBA more details -+ -+=head1 INTERNALS -+ -+The error queues are stored in a hash table with one B -+entry for each pid. ERR_get_state() returns the current thread's -+B. An B can hold up to B error -+codes. When more error codes are added, the old ones are overwritten, -+on the assumption that the most recent errors are most important. -+ -+Error strings are also stored in hash table. The hash tables can -+be obtained by calling ERR_get_err_state_table(void) and -+ERR_get_string_table(void) respectively. -+ -+=head1 SEE ALSO -+ -+L, -+L, -+L, -+L, -+L, -+L, -+L, -+L, -+L, -+L, -+L, -+L -+ -+=cut -diff -Naur openssl-0.9.8a.orig/doc/crypto/openssl_rand.pod openssl-0.9.8a/doc/crypto/openssl_rand.pod ---- openssl-0.9.8a.orig/doc/crypto/openssl_rand.pod 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/openssl_rand.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -0,0 +1,175 @@ -+=pod -+ -+=head1 NAME -+ -+openssl_rand - pseudo-random number generator -+ -+=head1 SYNOPSIS -+ -+ #include -+ -+ int RAND_set_rand_engine(ENGINE *engine); -+ -+ int RAND_bytes(unsigned char *buf, int num); -+ int RAND_pseudo_bytes(unsigned char *buf, int num); -+ -+ void RAND_seed(const void *buf, int num); -+ void RAND_add(const void *buf, int num, int entropy); -+ int RAND_status(void); -+ -+ int RAND_load_file(const char *file, long max_bytes); -+ int RAND_write_file(const char *file); -+ const char *RAND_file_name(char *file, size_t num); -+ -+ int RAND_egd(const char *path); -+ -+ void RAND_set_rand_method(const RAND_METHOD *meth); -+ const RAND_METHOD *RAND_get_rand_method(void); -+ RAND_METHOD *RAND_SSLeay(void); -+ -+ void RAND_cleanup(void); -+ -+ /* For Win32 only */ -+ void RAND_screen(void); -+ int RAND_event(UINT, WPARAM, LPARAM); -+ -+=head1 DESCRIPTION -+ -+Since the introduction of the ENGINE API, the recommended way of controlling -+default implementations is by using the ENGINE API functions. The default -+B, as set by RAND_set_rand_method() and returned by -+RAND_get_rand_method(), is only used if no ENGINE has been set as the default -+"rand" implementation. Hence, these two functions are no longer the recommened -+way to control defaults. -+ -+If an alternative B implementation is being used (either set -+directly or as provided by an ENGINE module), then it is entirely responsible -+for the generation and management of a cryptographically secure PRNG stream. The -+mechanisms described below relate solely to the software PRNG implementation -+built in to OpenSSL and used by default. -+ -+These functions implement a cryptographically secure pseudo-random -+number generator (PRNG). It is used by other library functions for -+example to generate random keys, and applications can use it when they -+need randomness. -+ -+A cryptographic PRNG must be seeded with unpredictable data such as -+mouse movements or keys pressed at random by the user. This is -+described in L. Its state can be saved in a seed file -+(see L) to avoid having to go through the -+seeding process whenever the application is started. -+ -+L describes how to obtain random data from the -+PRNG. -+ -+=head1 INTERNALS -+ -+The RAND_SSLeay() method implements a PRNG based on a cryptographic -+hash function. -+ -+The following description of its design is based on the SSLeay -+documentation: -+ -+First up I will state the things I believe I need for a good RNG. -+ -+=over 4 -+ -+=item 1 -+ -+A good hashing algorithm to mix things up and to convert the RNG 'state' -+to random numbers. -+ -+=item 2 -+ -+An initial source of random 'state'. -+ -+=item 3 -+ -+The state should be very large. If the RNG is being used to generate -+4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum). -+If your RNG state only has 128 bits, you are obviously limiting the -+search space to 128 bits, not 2048. I'm probably getting a little -+carried away on this last point but it does indicate that it may not be -+a bad idea to keep quite a lot of RNG state. It should be easier to -+break a cipher than guess the RNG seed data. -+ -+=item 4 -+ -+Any RNG seed data should influence all subsequent random numbers -+generated. This implies that any random seed data entered will have -+an influence on all subsequent random numbers generated. -+ -+=item 5 -+ -+When using data to seed the RNG state, the data used should not be -+extractable from the RNG state. I believe this should be a -+requirement because one possible source of 'secret' semi random -+data would be a private key or a password. This data must -+not be disclosed by either subsequent random numbers or a -+'core' dump left by a program crash. -+ -+=item 6 -+ -+Given the same initial 'state', 2 systems should deviate in their RNG state -+(and hence the random numbers generated) over time if at all possible. -+ -+=item 7 -+ -+Given the random number output stream, it should not be possible to determine -+the RNG state or the next random number. -+ -+=back -+ -+The algorithm is as follows. -+ -+There is global state made up of a 1023 byte buffer (the 'state'), a -+working hash value ('md'), and a counter ('count'). -+ -+Whenever seed data is added, it is inserted into the 'state' as -+follows. -+ -+The input is chopped up into units of 20 bytes (or less for -+the last block). Each of these blocks is run through the hash -+function as follows: The data passed to the hash function -+is the current 'md', the same number of bytes from the 'state' -+(the location determined by in incremented looping index) as -+the current 'block', the new key data 'block', and 'count' -+(which is incremented after each use). -+The result of this is kept in 'md' and also xored into the -+'state' at the same locations that were used as input into the -+hash function. I -+believe this system addresses points 1 (hash function; currently -+SHA-1), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash -+function and xor). -+ -+When bytes are extracted from the RNG, the following process is used. -+For each group of 10 bytes (or less), we do the following: -+ -+Input into the hash function the local 'md' (which is initialized from -+the global 'md' before any bytes are generated), the bytes that are to -+be overwritten by the random bytes, and bytes from the 'state' -+(incrementing looping index). From this digest output (which is kept -+in 'md'), the top (up to) 10 bytes are returned to the caller and the -+bottom 10 bytes are xored into the 'state'. -+ -+Finally, after we have finished 'num' random bytes for the caller, -+'count' (which is incremented) and the local and global 'md' are fed -+into the hash function and the results are kept in the global 'md'. -+ -+I believe the above addressed points 1 (use of SHA-1), 6 (by hashing -+into the 'state' the 'old' data from the caller that is about to be -+overwritten) and 7 (by not using the 10 bytes given to the caller to -+update the 'state', but they are used to update 'md'). -+ -+So of the points raised, only 2 is not addressed (but see -+L). -+ -+=head1 SEE ALSO -+ -+L, L, -+L, L, -+L, -+L, -+L -+ -+=cut -diff -Naur openssl-0.9.8a.orig/doc/crypto/openssl_threads.pod openssl-0.9.8a/doc/crypto/openssl_threads.pod ---- openssl-0.9.8a.orig/doc/crypto/openssl_threads.pod 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/openssl_threads.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -0,0 +1,175 @@ -+=pod -+ -+=head1 NAME -+ -+CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks, -+CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback, -+CRYPTO_set_dynlock_destroy_callback, CRYPTO_get_new_dynlockid, -+CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support -+ -+=head1 SYNOPSIS -+ -+ #include -+ -+ void CRYPTO_set_locking_callback(void (*locking_function)(int mode, -+ int n, const char *file, int line)); -+ -+ void CRYPTO_set_id_callback(unsigned long (*id_function)(void)); -+ -+ int CRYPTO_num_locks(void); -+ -+ -+ /* struct CRYPTO_dynlock_value needs to be defined by the user */ -+ struct CRYPTO_dynlock_value; -+ -+ void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value * -+ (*dyn_create_function)(char *file, int line)); -+ void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function) -+ (int mode, struct CRYPTO_dynlock_value *l, -+ const char *file, int line)); -+ void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function) -+ (struct CRYPTO_dynlock_value *l, const char *file, int line)); -+ -+ int CRYPTO_get_new_dynlockid(void); -+ -+ void CRYPTO_destroy_dynlockid(int i); -+ -+ void CRYPTO_lock(int mode, int n, const char *file, int line); -+ -+ #define CRYPTO_w_lock(type) \ -+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) -+ #define CRYPTO_w_unlock(type) \ -+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) -+ #define CRYPTO_r_lock(type) \ -+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) -+ #define CRYPTO_r_unlock(type) \ -+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) -+ #define CRYPTO_add(addr,amount,type) \ -+ CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) -+ -+=head1 DESCRIPTION -+ -+OpenSSL can safely be used in multi-threaded applications provided -+that at least two callback functions are set. -+ -+locking_function(int mode, int n, const char *file, int line) is -+needed to perform locking on shared data structures. -+(Note that OpenSSL uses a number of global data structures that -+will be implicitly shared whenever multiple threads use OpenSSL.) -+Multi-threaded applications will crash at random if it is not set. -+ -+locking_function() must be able to handle up to CRYPTO_num_locks() -+different mutex locks. It sets the B-th lock if B & -+B, and releases it otherwise. -+ -+B and B are the file number of the function setting the -+lock. They can be useful for debugging. -+ -+id_function(void) is a function that returns a thread ID, for example -+pthread_self() if it returns an integer (see NOTES below). It isn't -+needed on Windows nor on platforms where getpid() returns a different -+ID for each thread (see NOTES below). -+ -+Additionally, OpenSSL supports dynamic locks, and sometimes, some parts -+of OpenSSL need it for better performance. To enable this, the following -+is required: -+ -+=over 4 -+ -+=item * -+Three additional callback function, dyn_create_function, dyn_lock_function -+and dyn_destroy_function. -+ -+=item * -+A structure defined with the data that each lock needs to handle. -+ -+=back -+ -+struct CRYPTO_dynlock_value has to be defined to contain whatever structure -+is needed to handle locks. -+ -+dyn_create_function(const char *file, int line) is needed to create a -+lock. Multi-threaded applications might crash at random if it is not set. -+ -+dyn_lock_function(int mode, CRYPTO_dynlock *l, const char *file, int line) -+is needed to perform locking off dynamic lock numbered n. Multi-threaded -+applications might crash at random if it is not set. -+ -+dyn_destroy_function(CRYPTO_dynlock *l, const char *file, int line) is -+needed to destroy the lock l. Multi-threaded applications might crash at -+random if it is not set. -+ -+CRYPTO_get_new_dynlockid() is used to create locks. It will call -+dyn_create_function for the actual creation. -+ -+CRYPTO_destroy_dynlockid() is used to destroy locks. It will call -+dyn_destroy_function for the actual destruction. -+ -+CRYPTO_lock() is used to lock and unlock the locks. mode is a bitfield -+describing what should be done with the lock. n is the number of the -+lock as returned from CRYPTO_get_new_dynlockid(). mode can be combined -+from the following values. These values are pairwise exclusive, with -+undefined behaviour if misused (for example, CRYPTO_READ and CRYPTO_WRITE -+should not be used together): -+ -+ CRYPTO_LOCK 0x01 -+ CRYPTO_UNLOCK 0x02 -+ CRYPTO_READ 0x04 -+ CRYPTO_WRITE 0x08 -+ -+=head1 RETURN VALUES -+ -+CRYPTO_num_locks() returns the required number of locks. -+ -+CRYPTO_get_new_dynlockid() returns the index to the newly created lock. -+ -+The other functions return no values. -+ -+=head1 NOTES -+ -+You can find out if OpenSSL was configured with thread support: -+ -+ #define OPENSSL_THREAD_DEFINES -+ #include -+ #if defined(OPENSSL_THREADS) -+ // thread support enabled -+ #else -+ // no thread support -+ #endif -+ -+Also, dynamic locks are currently not used internally by OpenSSL, but -+may do so in the future. -+ -+Defining id_function(void) has it's own issues. Generally speaking, -+pthread_self() should be used, even on platforms where getpid() gives -+different answers in each thread, since that may depend on the machine -+the program is run on, not the machine where the program is being -+compiled. For instance, Red Hat 8 Linux and earlier used -+LinuxThreads, whose getpid() returns a different value for each -+thread. Red Hat 9 Linux and later use NPTL, which is -+Posix-conformant, and has a getpid() that returns the same value for -+all threads in a process. A program compiled on Red Hat 8 and run on -+Red Hat 9 will therefore see getpid() returning the same value for -+all threads. -+ -+There is still the issue of platforms where pthread_self() returns -+something other than an integer. This is a bit unusual, and this -+manual has no cookbook solution for that case. -+ -+=head1 EXAMPLES -+ -+B shows examples of the callback functions on -+Solaris, Irix and Win32. -+ -+=head1 HISTORY -+ -+CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() are -+available in all versions of SSLeay and OpenSSL. -+CRYPTO_num_locks() was added in OpenSSL 0.9.4. -+All functions dealing with dynamic locks were added in OpenSSL 0.9.5b-dev. -+ -+=head1 SEE ALSO -+ -+L -+ -+=cut -diff -Naur openssl-0.9.8a.orig/doc/crypto/rand.pod openssl-0.9.8a/doc/crypto/rand.pod ---- openssl-0.9.8a.orig/doc/crypto/rand.pod 2002-08-05 16:27:01.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/rand.pod 1970-01-01 00:00:00.000000000 +0000 -@@ -1,175 +0,0 @@ --=pod -- --=head1 NAME -- --rand - pseudo-random number generator -- --=head1 SYNOPSIS -- -- #include -- -- int RAND_set_rand_engine(ENGINE *engine); -- -- int RAND_bytes(unsigned char *buf, int num); -- int RAND_pseudo_bytes(unsigned char *buf, int num); -- -- void RAND_seed(const void *buf, int num); -- void RAND_add(const void *buf, int num, int entropy); -- int RAND_status(void); -- -- int RAND_load_file(const char *file, long max_bytes); -- int RAND_write_file(const char *file); -- const char *RAND_file_name(char *file, size_t num); -- -- int RAND_egd(const char *path); -- -- void RAND_set_rand_method(const RAND_METHOD *meth); -- const RAND_METHOD *RAND_get_rand_method(void); -- RAND_METHOD *RAND_SSLeay(void); -- -- void RAND_cleanup(void); -- -- /* For Win32 only */ -- void RAND_screen(void); -- int RAND_event(UINT, WPARAM, LPARAM); -- --=head1 DESCRIPTION -- --Since the introduction of the ENGINE API, the recommended way of controlling --default implementations is by using the ENGINE API functions. The default --B, as set by RAND_set_rand_method() and returned by --RAND_get_rand_method(), is only used if no ENGINE has been set as the default --"rand" implementation. Hence, these two functions are no longer the recommened --way to control defaults. -- --If an alternative B implementation is being used (either set --directly or as provided by an ENGINE module), then it is entirely responsible --for the generation and management of a cryptographically secure PRNG stream. The --mechanisms described below relate solely to the software PRNG implementation --built in to OpenSSL and used by default. -- --These functions implement a cryptographically secure pseudo-random --number generator (PRNG). It is used by other library functions for --example to generate random keys, and applications can use it when they --need randomness. -- --A cryptographic PRNG must be seeded with unpredictable data such as --mouse movements or keys pressed at random by the user. This is --described in L. Its state can be saved in a seed file --(see L) to avoid having to go through the --seeding process whenever the application is started. -- --L describes how to obtain random data from the --PRNG. -- --=head1 INTERNALS -- --The RAND_SSLeay() method implements a PRNG based on a cryptographic --hash function. -- --The following description of its design is based on the SSLeay --documentation: -- --First up I will state the things I believe I need for a good RNG. -- --=over 4 -- --=item 1 -- --A good hashing algorithm to mix things up and to convert the RNG 'state' --to random numbers. -- --=item 2 -- --An initial source of random 'state'. -- --=item 3 -- --The state should be very large. If the RNG is being used to generate --4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum). --If your RNG state only has 128 bits, you are obviously limiting the --search space to 128 bits, not 2048. I'm probably getting a little --carried away on this last point but it does indicate that it may not be --a bad idea to keep quite a lot of RNG state. It should be easier to --break a cipher than guess the RNG seed data. -- --=item 4 -- --Any RNG seed data should influence all subsequent random numbers --generated. This implies that any random seed data entered will have --an influence on all subsequent random numbers generated. -- --=item 5 -- --When using data to seed the RNG state, the data used should not be --extractable from the RNG state. I believe this should be a --requirement because one possible source of 'secret' semi random --data would be a private key or a password. This data must --not be disclosed by either subsequent random numbers or a --'core' dump left by a program crash. -- --=item 6 -- --Given the same initial 'state', 2 systems should deviate in their RNG state --(and hence the random numbers generated) over time if at all possible. -- --=item 7 -- --Given the random number output stream, it should not be possible to determine --the RNG state or the next random number. -- --=back -- --The algorithm is as follows. -- --There is global state made up of a 1023 byte buffer (the 'state'), a --working hash value ('md'), and a counter ('count'). -- --Whenever seed data is added, it is inserted into the 'state' as --follows. -- --The input is chopped up into units of 20 bytes (or less for --the last block). Each of these blocks is run through the hash --function as follows: The data passed to the hash function --is the current 'md', the same number of bytes from the 'state' --(the location determined by in incremented looping index) as --the current 'block', the new key data 'block', and 'count' --(which is incremented after each use). --The result of this is kept in 'md' and also xored into the --'state' at the same locations that were used as input into the --hash function. I --believe this system addresses points 1 (hash function; currently --SHA-1), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash --function and xor). -- --When bytes are extracted from the RNG, the following process is used. --For each group of 10 bytes (or less), we do the following: -- --Input into the hash function the local 'md' (which is initialized from --the global 'md' before any bytes are generated), the bytes that are to --be overwritten by the random bytes, and bytes from the 'state' --(incrementing looping index). From this digest output (which is kept --in 'md'), the top (up to) 10 bytes are returned to the caller and the --bottom 10 bytes are xored into the 'state'. -- --Finally, after we have finished 'num' random bytes for the caller, --'count' (which is incremented) and the local and global 'md' are fed --into the hash function and the results are kept in the global 'md'. -- --I believe the above addressed points 1 (use of SHA-1), 6 (by hashing --into the 'state' the 'old' data from the caller that is about to be --overwritten) and 7 (by not using the 10 bytes given to the caller to --update the 'state', but they are used to update 'md'). -- --So of the points raised, only 2 is not addressed (but see --L). -- --=head1 SEE ALSO -- --L, L, --L, L, --L, --L, --L -- --=cut -diff -Naur openssl-0.9.8a.orig/doc/crypto/rsa.pod openssl-0.9.8a/doc/crypto/rsa.pod ---- openssl-0.9.8a.orig/doc/crypto/rsa.pod 2002-08-04 21:08:36.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/rsa.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -108,7 +108,7 @@ - =head1 SEE ALSO - - L, L, L, L, --L, L, L, -+L, L, L, - L, - L, L, - L, -diff -Naur openssl-0.9.8a.orig/doc/crypto/threads.pod openssl-0.9.8a/doc/crypto/threads.pod ---- openssl-0.9.8a.orig/doc/crypto/threads.pod 2005-06-18 05:52:23.000000000 +0000 -+++ openssl-0.9.8a/doc/crypto/threads.pod 1970-01-01 00:00:00.000000000 +0000 -@@ -1,175 +0,0 @@ --=pod -- --=head1 NAME -- --CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks, --CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback, --CRYPTO_set_dynlock_destroy_callback, CRYPTO_get_new_dynlockid, --CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support -- --=head1 SYNOPSIS -- -- #include -- -- void CRYPTO_set_locking_callback(void (*locking_function)(int mode, -- int n, const char *file, int line)); -- -- void CRYPTO_set_id_callback(unsigned long (*id_function)(void)); -- -- int CRYPTO_num_locks(void); -- -- -- /* struct CRYPTO_dynlock_value needs to be defined by the user */ -- struct CRYPTO_dynlock_value; -- -- void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value * -- (*dyn_create_function)(char *file, int line)); -- void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function) -- (int mode, struct CRYPTO_dynlock_value *l, -- const char *file, int line)); -- void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function) -- (struct CRYPTO_dynlock_value *l, const char *file, int line)); -- -- int CRYPTO_get_new_dynlockid(void); -- -- void CRYPTO_destroy_dynlockid(int i); -- -- void CRYPTO_lock(int mode, int n, const char *file, int line); -- -- #define CRYPTO_w_lock(type) \ -- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) -- #define CRYPTO_w_unlock(type) \ -- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) -- #define CRYPTO_r_lock(type) \ -- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) -- #define CRYPTO_r_unlock(type) \ -- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) -- #define CRYPTO_add(addr,amount,type) \ -- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) -- --=head1 DESCRIPTION -- --OpenSSL can safely be used in multi-threaded applications provided --that at least two callback functions are set. -- --locking_function(int mode, int n, const char *file, int line) is --needed to perform locking on shared data structures. --(Note that OpenSSL uses a number of global data structures that --will be implicitly shared whenever multiple threads use OpenSSL.) --Multi-threaded applications will crash at random if it is not set. -- --locking_function() must be able to handle up to CRYPTO_num_locks() --different mutex locks. It sets the B-th lock if B & --B, and releases it otherwise. -- --B and B are the file number of the function setting the --lock. They can be useful for debugging. -- --id_function(void) is a function that returns a thread ID, for example --pthread_self() if it returns an integer (see NOTES below). It isn't --needed on Windows nor on platforms where getpid() returns a different --ID for each thread (see NOTES below). -- --Additionally, OpenSSL supports dynamic locks, and sometimes, some parts --of OpenSSL need it for better performance. To enable this, the following --is required: -- --=over 4 -- --=item * --Three additional callback function, dyn_create_function, dyn_lock_function --and dyn_destroy_function. -- --=item * --A structure defined with the data that each lock needs to handle. -- --=back -- --struct CRYPTO_dynlock_value has to be defined to contain whatever structure --is needed to handle locks. -- --dyn_create_function(const char *file, int line) is needed to create a --lock. Multi-threaded applications might crash at random if it is not set. -- --dyn_lock_function(int mode, CRYPTO_dynlock *l, const char *file, int line) --is needed to perform locking off dynamic lock numbered n. Multi-threaded --applications might crash at random if it is not set. -- --dyn_destroy_function(CRYPTO_dynlock *l, const char *file, int line) is --needed to destroy the lock l. Multi-threaded applications might crash at --random if it is not set. -- --CRYPTO_get_new_dynlockid() is used to create locks. It will call --dyn_create_function for the actual creation. -- --CRYPTO_destroy_dynlockid() is used to destroy locks. It will call --dyn_destroy_function for the actual destruction. -- --CRYPTO_lock() is used to lock and unlock the locks. mode is a bitfield --describing what should be done with the lock. n is the number of the --lock as returned from CRYPTO_get_new_dynlockid(). mode can be combined --from the following values. These values are pairwise exclusive, with --undefined behaviour if misused (for example, CRYPTO_READ and CRYPTO_WRITE --should not be used together): -- -- CRYPTO_LOCK 0x01 -- CRYPTO_UNLOCK 0x02 -- CRYPTO_READ 0x04 -- CRYPTO_WRITE 0x08 -- --=head1 RETURN VALUES -- --CRYPTO_num_locks() returns the required number of locks. -- --CRYPTO_get_new_dynlockid() returns the index to the newly created lock. -- --The other functions return no values. -- --=head1 NOTES -- --You can find out if OpenSSL was configured with thread support: -- -- #define OPENSSL_THREAD_DEFINES -- #include -- #if defined(OPENSSL_THREADS) -- // thread support enabled -- #else -- // no thread support -- #endif -- --Also, dynamic locks are currently not used internally by OpenSSL, but --may do so in the future. -- --Defining id_function(void) has it's own issues. Generally speaking, --pthread_self() should be used, even on platforms where getpid() gives --different answers in each thread, since that may depend on the machine --the program is run on, not the machine where the program is being --compiled. For instance, Red Hat 8 Linux and earlier used --LinuxThreads, whose getpid() returns a different value for each --thread. Red Hat 9 Linux and later use NPTL, which is --Posix-conformant, and has a getpid() that returns the same value for --all threads in a process. A program compiled on Red Hat 8 and run on --Red Hat 9 will therefore see getpid() returning the same value for --all threads. -- --There is still the issue of platforms where pthread_self() returns --something other than an integer. This is a bit unusual, and this --manual has no cookbook solution for that case. -- --=head1 EXAMPLES -- --B shows examples of the callback functions on --Solaris, Irix and Win32. -- --=head1 HISTORY -- --CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() are --available in all versions of SSLeay and OpenSSL. --CRYPTO_num_locks() was added in OpenSSL 0.9.4. --All functions dealing with dynamic locks were added in OpenSSL 0.9.5b-dev. -- --=head1 SEE ALSO -- --L -- --=cut -diff -Naur openssl-0.9.8a.orig/doc/ssl/SSL_get_error.pod openssl-0.9.8a/doc/ssl/SSL_get_error.pod ---- openssl-0.9.8a.orig/doc/ssl/SSL_get_error.pod 2005-03-30 11:50:14.000000000 +0000 -+++ openssl-0.9.8a/doc/ssl/SSL_get_error.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -105,7 +105,7 @@ - - =head1 SEE ALSO - --L, L -+L, L - - =head1 HISTORY - -diff -Naur openssl-0.9.8a.orig/doc/ssl/SSL_want.pod openssl-0.9.8a/doc/ssl/SSL_want.pod ---- openssl-0.9.8a.orig/doc/ssl/SSL_want.pod 2005-03-30 11:50:14.000000000 +0000 -+++ openssl-0.9.8a/doc/ssl/SSL_want.pod 2005-11-14 03:59:59.000000000 +0000 -@@ -72,6 +72,6 @@ - - =head1 SEE ALSO - --L, L, L -+L, L, L - - =cut diff --git a/pkgs/core/openssl/patches/openssl-1.0.0-beta3-soversion.patch b/pkgs/core/openssl/patches/openssl-1.0.0-beta3-soversion.patch new file mode 100644 index 000000000..3836e8900 --- /dev/null +++ b/pkgs/core/openssl/patches/openssl-1.0.0-beta3-soversion.patch @@ -0,0 +1,44 @@ +diff -up openssl-1.0.0-beta3/Configure.soversion openssl-1.0.0-beta3/Configure +--- openssl-1.0.0-beta3/Configure.soversion 2009-08-04 23:06:52.000000000 +0200 ++++ openssl-1.0.0-beta3/Configure 2009-08-04 23:06:52.000000000 +0200 +@@ -1514,7 +1514,7 @@ while () + elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) + { + my $sotmp = $1; +- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; ++ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_SONAMEVER) .s$sotmp/; + } + elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/) + { +diff -up openssl-1.0.0-beta3/Makefile.org.soversion openssl-1.0.0-beta3/Makefile.org +--- openssl-1.0.0-beta3/Makefile.org.soversion 2009-08-04 23:06:52.000000000 +0200 ++++ openssl-1.0.0-beta3/Makefile.org 2009-08-04 23:11:01.000000000 +0200 +@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY= + SHLIB_MAJOR= + SHLIB_MINOR= + SHLIB_EXT= ++SHLIB_SONAMEVER=10 + PLATFORM=dist + OPTIONS= + CONFIGURE_ARGS= +@@ -289,10 +290,9 @@ clean-shared: + link-shared: + @ set -e; for i in $(SHLIBDIRS); do \ + $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \ +- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ ++ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \ + LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ + symlink.$(SHLIB_TARGET); \ +- libs="$$libs -l$$i"; \ + done + + build-shared: do_$(SHLIB_TARGET) link-shared +@@ -303,7 +303,7 @@ do_$(SHLIB_TARGET): + libs="$(LIBKRB5) $$libs"; \ + fi; \ + $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \ +- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ ++ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \ + LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ + LIBDEPS="$$libs $(EX_LIBS)" \ + link_a.$(SHLIB_TARGET); \ diff --git a/pkgs/core/openssl/patches/openssl-1.0.0-beta4-redhat.patch b/pkgs/core/openssl/patches/openssl-1.0.0-beta4-redhat.patch new file mode 100644 index 000000000..4356e410e --- /dev/null +++ b/pkgs/core/openssl/patches/openssl-1.0.0-beta4-redhat.patch @@ -0,0 +1,59 @@ +diff -up openssl-1.0.0-beta4/Configure.redhat openssl-1.0.0-beta4/Configure +--- openssl-1.0.0-beta4/Configure.redhat 2009-11-09 15:11:13.000000000 +0100 ++++ openssl-1.0.0-beta4/Configure 2009-11-12 12:15:27.000000000 +0100 +@@ -336,32 +336,32 @@ my %table=( + #### + # *-generic* is endian-neutral target, but ./config is free to + # throw in -D[BL]_ENDIAN, whichever appropriate... +-"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-generic32","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", ++"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", + # It's believed that majority of ARM toolchains predefine appropriate -march. + # If you compiler does not, do complement config command line with one! +-"linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-armv4", "gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", + #### IA-32 targets... + "linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", + "linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", + #### +-"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", ++"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64", ++"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", + "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +-"linux-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", ++"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64", ++"linux-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64", + #### SPARC Linux setups + # Ray Miller has patiently + # assisted with debugging of following two configs. +-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-sparcv8","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", + # it's a real mess with -mcpu=ultrasparc option under Linux, but + # -Wa,-Av8plus should do the trick no matter what. +-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", + # GCC 3.1 is a requirement +-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", ++"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64", + #### Alpha Linux with GNU C and Compaq C setups + # Special notes: + # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you +@@ -375,8 +375,8 @@ my %table=( + # + # + # +-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-alpha-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", ++"linux-alpha+bwx-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", + "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", + "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", + diff --git a/pkgs/core/openssl/patches/openssl-1.0.0-beta5-enginesdir.patch b/pkgs/core/openssl/patches/openssl-1.0.0-beta5-enginesdir.patch new file mode 100644 index 000000000..d942d6e2b --- /dev/null +++ b/pkgs/core/openssl/patches/openssl-1.0.0-beta5-enginesdir.patch @@ -0,0 +1,52 @@ +diff -up openssl-1.0.0-beta5/Configure.enginesdir openssl-1.0.0-beta5/Configure +--- openssl-1.0.0-beta5/Configure.enginesdir 2010-01-20 18:07:05.000000000 +0100 ++++ openssl-1.0.0-beta5/Configure 2010-01-20 18:10:48.000000000 +0100 +@@ -622,6 +622,7 @@ my $idx_multilib = $idx++; + my $prefix=""; + my $libdir=""; + my $openssldir=""; ++my $enginesdir=""; + my $exe_ext=""; + my $install_prefix= "$ENV{'INSTALL_PREFIX'}"; + my $cross_compile_prefix=""; +@@ -833,6 +834,10 @@ PROCESS_ARGS: + { + $openssldir=$1; + } ++ elsif (/^--enginesdir=(.*)$/) ++ { ++ $enginesdir=$1; ++ } + elsif (/^--install.prefix=(.*)$/) + { + $install_prefix=$1; +@@ -1053,7 +1058,7 @@ chop $prefix if $prefix =~ /.\/$/; + + $openssldir=$prefix . "/ssl" if $openssldir eq ""; + $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/; +- ++$enginesdir="$prefix/lib/engines" if $enginesdir eq ""; + + print "IsMK1MF=$IsMK1MF\n"; + +@@ -1673,7 +1678,7 @@ while () + } + elsif (/^#define\s+ENGINESDIR/) + { +- my $foo = "$prefix/$libdir/engines"; ++ my $foo = "$enginesdir"; + $foo =~ s/\\/\\\\/g; + print OUT "#define ENGINESDIR \"$foo\"\n"; + } +diff -up openssl-1.0.0-beta5/engines/Makefile.enginesdir openssl-1.0.0-beta5/engines/Makefile +--- openssl-1.0.0-beta5/engines/Makefile.enginesdir 2010-01-16 21:06:09.000000000 +0100 ++++ openssl-1.0.0-beta5/engines/Makefile 2010-01-20 18:07:05.000000000 +0100 +@@ -124,7 +124,7 @@ install: + sfx=".so"; \ + cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ + fi; \ +- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ ++ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ + done; \ + fi diff --git a/pkgs/core/openssl/patches/openssl-1.0.0-beta5-version.patch b/pkgs/core/openssl/patches/openssl-1.0.0-beta5-version.patch new file mode 100644 index 000000000..cf3bcf6c1 --- /dev/null +++ b/pkgs/core/openssl/patches/openssl-1.0.0-beta5-version.patch @@ -0,0 +1,14 @@ +We have to keep the beta status on 3 as some applications (OpenSSH) incorrectly insist +on having the same beta status of OpenSSL library as they were built against. +diff -up openssl-1.0.0-beta5/crypto/opensslv.h.version openssl-1.0.0-beta5/crypto/opensslv.h +--- openssl-1.0.0-beta5/crypto/opensslv.h.version 2010-01-20 18:16:43.000000000 +0100 ++++ openssl-1.0.0-beta5/crypto/opensslv.h 2010-01-20 20:20:23.000000000 +0100 +@@ -25,7 +25,7 @@ + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +-#define OPENSSL_VERSION_NUMBER 0x10000005L ++#define OPENSSL_VERSION_NUMBER 0x10000003L + #ifdef OPENSSL_FIPS + #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0-fips-beta5 20 Jan 2010" + #else