From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mail.openembedded.org (Postfix) with ESMTP id C8A426013D for ; Mon, 16 Mar 2015 05:41:34 +0000 (UTC) Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga103.fm.intel.com with ESMTP; 15 Mar 2015 22:35:44 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.11,407,1422950400"; d="scan'208";a="665691676" Received: from rhannah-mobl.amr.corp.intel.com (HELO swold-mobl.amr.corp.intel.com) ([10.254.105.230]) by orsmga001.jf.intel.com with ESMTP; 15 Mar 2015 22:41:27 -0700 Message-ID: <55066D06.2000806@linux.intel.com> Date: Sun, 15 Mar 2015 23:41:26 -0600 From: Saul Wold User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Martin Jansa , Robert Yang References: <1425491208-7670-1-git-send-email-sgw@linux.intel.com> <55012FB3.2030404@windriver.com> <20150313134615.GA2345@jama> In-Reply-To: <20150313134615.GA2345@jama> Cc: openembedded-core@lists.openembedded.org Subject: Re: [PATCH] openssl: Upgrade to 1.0.2 X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Mar 2015 05:41:35 -0000 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit On 03/13/2015 07:46 AM, Martin Jansa wrote: > On Thu, Mar 12, 2015 at 02:18:27PM +0800, Robert Yang wrote: >> >> I met this error when building openflow in meta-networking, I guess it maybe >> related to the upgraded: >> >> x86_64-wrs-linux-gcc -m64 -march=core2 -mtune=core2 -msse3 -mfpmath=sse >> --sysroot=/buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/qemux86-64 -Wstrict-prototypes >> -O2 -pipe -g -feliminate-unused-debug-types -Wall -Wno-sign-compare >> -Wpointer-arith -Wdeclaration-after-statement -Wformat-security -Wswitch-enum >> -Wunused-parameter -Wstrict-aliasing -Wbad-function-cast -Wcast-align >> -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes >> -Wmissing-field-initializers -Wno-override-init -export-dynamic -Wl,-O1 >> -Wl,--hash-style=gnu -Wl,--as-needed -o secchan/ofprotocol secchan/discovery.o >> secchan/emerg-flow.o secchan/fail-open.o secchan/failover.o secchan/in-band.o >> secchan/port-watcher.o secchan/protocol-stat.o secchan/ratelimit.o >> secchan/secchan.o secchan/status.o secchan/stp-secchan.o lib/libopenflow.a -ldl >> -L/buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/qemux86-64/usr/lib64 >> -lssl >> /buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/x86_64-linux/usr/libexec/x86_64-wrs-linux/gcc/x86_64-wrs-linux/4.9.2/ld: >> lib/libopenflow.a(vconn-ssl.o): undefined reference to symbol >> 'ERR_error_string@@OPENSSL_1.0.0' >> /buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/qemux86-64/lib64/libcrypto.so.1.0.0: >> error adding symbols: DSO missing from command line >> collect2: error: ld returned 1 exit status > I think I have a fix for this coming with a change to the libssl.pc file to Require libcrypto instead of Require.private it. > python-pyopenssl is also failing since this upgrade: > > | x86_64-oe-linux-gcc -m64 -march=core2 -mtune=core2 -msse3 -mfpmath=sse --sysroot=/home/jenkins/oe/world/shr-core/tmp-glibc/sysroots/qemux86-64 -DNDEBUG -g -O3 -Wall -Wstrict-prototypes -O2 -pipe -g -feliminate-unused-debug-types -fPIC -I/home/jenkins/oe/world/shr-core/tmp-glibc/sysroots/qemux86-64/usr/include/python2.7 -c OpenSSL/crypto/crl.c -o build/temp.linux-x86_64-2.7/OpenSSL/crypto/crl.o > | OpenSSL/crypto/crl.c:6:23: error: static declaration of 'X509_REVOKED_dup' follows non-static declaration > | static X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) { > | ^ > | In file included from /home/jenkins/oe/world/shr-core/tmp-glibc/sysroots/qemux86-64/usr/include/openssl/ssl.h:156:0, > | from OpenSSL/crypto/x509.h:17, > | from OpenSSL/crypto/crypto.h:30, > | from OpenSSL/crypto/crl.c:3: > | /home/jenkins/oe/world/shr-core/tmp-glibc/sysroots/qemux86-64/usr/include/openssl/x509.h:751:15: note: previous declaration of 'X509_REVOKED_dup' was here > | X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev); > | ^ > | OpenSSL/crypto/crl.c: In function 'init_crypto_crl': > | OpenSSL/crypto/crl.c:285:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] > | Py_INCREF((PyObject *)&crypto_CRL_Type); > | ^ > | error: command 'x86_64-oe-linux-gcc' failed with exit status 1 > | ERROR: python setup.py build_ext execution failed. > | WARNING: exit code 1 from a shell command. > | ERROR: Function failed: do_compile (log file is located at /home/jenkins/oe/world/shr-core/tmp-glibc/work/core2-64-oe-linux/python-pyopenssl/0.13-r1/temp/log.do_compile.21838) > NOTE: recipe python-pyopenssl-0.13-r1: task do_compile: Failed > ERROR: Task 19005 (/home/jenkins/oe/world/shr-core/meta-openembedded/meta-oe/recipes-devtools/python/python-pyopenssl_0.13.bb, do_compile) failed with exit code '1' > I think this one needs a fix in the pyopenssl code which may be part of the 0.14, can you look into that update? Sau! >> >> // Robert >> >> On 03/05/2015 01:46 AM, Saul Wold wrote: >>> Rebased numerous patches >>> removed aarch64 initial work since it's part of upstream now >>> Imported a few additional patches from Debian to support the version-script >>> and blacklist additional bad certificates. >>> >>> Signed-off-by: Saul Wold >>> --- >>> .../openssl/openssl/Makefiles-ptest.patch | 36 +-- >>> .../openssl/openssl/debian/c_rehash-compat.patch | 58 +++- >>> .../openssl/openssl/debian/debian-targets.patch | 25 +- >>> .../openssl/openssl/debian/version-script.patch | 311 ++++++++++----------- >>> .../debian1.0.2/block_digicert_malaysia.patch | 29 ++ >>> .../openssl/debian1.0.2/block_diginotar.patch | 67 +++++ >>> .../openssl/openssl/debian1.0.2/padlock_conf.patch | 31 ++ >>> .../openssl/engines-install-in-libdir-ssl.patch | 42 +-- >>> .../openssl/openssl/fix-cipher-des-ede3-cfb1.patch | 21 +- >>> .../openssl/openssl/initial-aarch64-bits.patch | 120 -------- >>> ...-pointer-dereference-in-EVP_DigestInit_ex.patch | 22 +- >>> ...NULL-pointer-dereference-in-dh_pub_encode.patch | 41 +-- >>> .../openssl/openssl/openssl_fix_for_x32.patch | 85 ++---- >>> .../openssl/openssl/ptest-deps.patch | 16 +- >>> .../openssl/update-version-script-for-1.0.2.patch | 66 +++++ >>> .../{openssl_1.0.1k.bb => openssl_1.0.2.bb} | 19 +- >>> 16 files changed, 522 insertions(+), 467 deletions(-) >>> create mode 100644 meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch >>> create mode 100644 meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch >>> create mode 100644 meta/recipes-connectivity/openssl/openssl/debian1.0.2/padlock_conf.patch >>> delete mode 100644 meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch >>> create mode 100644 meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch >>> rename meta/recipes-connectivity/openssl/{openssl_1.0.1k.bb => openssl_1.0.2.bb} (84%) >>> >>> diff --git a/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch b/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch >>> index ac53a91..249446a 100644 >>> --- a/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch >>> +++ b/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch >>> @@ -5,10 +5,11 @@ Signed-off-by: Anders Roxell >>> Signed-off-by: Maxin B. John >>> Upstream-Status: Pending >>> --- >>> -diff -uNr a/Makefile b/Makefile >>> ---- a/Makefile.org 2012-05-10 17:06:02.000000000 +0200 >>> -+++ b/Makefile.org 2012-10-27 00:05:55.359424024 +0200 >>> -@@ -411,8 +411,16 @@ >>> +Index: openssl-1.0.2/Makefile.org >>> +=================================================================== >>> +--- openssl-1.0.2.orig/Makefile.org >>> ++++ openssl-1.0.2/Makefile.org >>> +@@ -451,8 +451,16 @@ rehash.time: certs apps >>> test: tests >>> >>> tests: rehash >>> @@ -26,11 +27,11 @@ diff -uNr a/Makefile b/Makefile >>> OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a >>> >>> report: >>> -diff --git a/test/Makefile b/test/Makefile >>> -index 3912f82..1696767 100644 >>> ---- a/test/Makefile >>> -+++ b/test/Makefile >>> -@@ -128,7 +128,7 @@ tests: exe apps $(TESTS) >>> +Index: openssl-1.0.2/test/Makefile >>> +=================================================================== >>> +--- openssl-1.0.2.orig/test/Makefile >>> ++++ openssl-1.0.2/test/Makefile >>> +@@ -137,7 +137,7 @@ tests: exe apps $(TESTS) >>> apps: >>> @(cd ..; $(MAKE) DIRS=apps all) >>> >>> @@ -39,28 +40,28 @@ index 3912f82..1696767 100644 >>> test_des test_idea test_sha test_md4 test_md5 test_hmac \ >>> test_md2 test_mdc2 test_wp \ >>> test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \ >>> -@@ -138,6 +138,11 @@ alltests: \ >>> - test_ss test_ca test_engine test_evp test_ssl test_tsa test_ige \ >>> - test_jpake test_cms >>> +@@ -148,6 +148,11 @@ alltests: \ >>> + test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \ >>> + test_constant_time >>> >>> +alltests: >>> + @(for i in $(all-tests); do \ >>> + ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \ >>> + done) >>> + >>> - test_evp: >>> + test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt >>> ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt >>> >>> -@@ -203,7 +208,7 @@ test_x509: >>> +@@ -213,7 +218,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx5 >>> echo test second x509v3 certificate >>> sh ./tx509 v3-cert2.pem 2>/dev/null >>> >>> --test_rsa: $(RSATEST)$(EXE_EXT) >>> -+test_rsa: >>> +-test_rsa: $(RSATEST)$(EXE_EXT) ../apps/openssl$(EXE_EXT) trsa testrsa.pem >>> ++test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem >>> @sh ./trsa 2>/dev/null >>> ../util/shlib_wrap.sh ./$(RSATEST) >>> >>> -@@ -298,11 +303,11 @@ test_tsa: >>> +@@ -313,11 +318,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) test >>> sh ./testtsa; \ >>> fi >>> >>> @@ -73,3 +74,4 @@ index 3912f82..1696767 100644 >>> +test_jpake: >>> @echo "Test JPAKE" >>> ../util/shlib_wrap.sh ./$(JPAKETEST) >>> + >>> diff --git a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch >>> index ac1b19b..3943e2c 100644 >>> --- a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch >>> +++ b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch >>> @@ -1,38 +1,58 @@ >>> -Upstream-Status: Backport [debian] >>> - >>> From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001 >>> From: Ludwig Nussel >>> Date: Wed, 21 Apr 2010 15:52:10 +0200 >>> Subject: [PATCH] also create old hash for compatibility >>> >>> +Upstream-Status: Backport [debian] >>> + >>> --- >>> tools/c_rehash.in | 8 +++++++- >>> 1 files changed, 7 insertions(+), 1 deletions(-) >>> >>> -Index: openssl-1.0.0d/tools/c_rehash.in >>> +Index: openssl-1.0.2~beta3/tools/c_rehash.in >>> =================================================================== >>> ---- openssl-1.0.0d.orig/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000 >>> -+++ openssl-1.0.0d/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000 >>> -@@ -86,6 +86,7 @@ >>> - } >>> +--- openssl-1.0.2~beta3.orig/tools/c_rehash.in >>> ++++ openssl-1.0.2~beta3/tools/c_rehash.in >>> +@@ -8,8 +8,6 @@ my $prefix; >>> + >>> + my $openssl = $ENV{OPENSSL} || "openssl"; >>> + my $pwd; >>> +-my $x509hash = "-subject_hash"; >>> +-my $crlhash = "-hash"; >>> + my $verbose = 0; >>> + my $symlink_exists=eval {symlink("",""); 1}; >>> + my $removelinks = 1; >>> +@@ -18,10 +16,7 @@ my $removelinks = 1; >>> + while ( $ARGV[0] =~ '-.*' ) { >>> + my $flag = shift @ARGV; >>> + last if ( $flag eq '--'); >>> +- if ( $flag =~ /-old/) { >>> +- $x509hash = "-subject_hash_old"; >>> +- $crlhash = "-hash_old"; >>> +- } elsif ( $flag =~ /-h/) { >>> ++ if ( $flag =~ /-h/) { >>> + help(); >>> + } elsif ( $flag eq '-n' ) { >>> + $removelinks = 0; >>> +@@ -113,7 +108,9 @@ sub hash_dir { >>> + next; >>> } >>> link_hash_cert($fname) if($cert); >>> + link_hash_cert_old($fname) if($cert); >>> link_hash_crl($fname) if($crl); >>> ++ link_hash_crl_old($fname) if($crl); >>> } >>> } >>> -@@ -119,8 +120,9 @@ >>> + >>> +@@ -146,6 +143,7 @@ sub check_file { >>> >>> sub link_hash_cert { >>> my $fname = $_[0]; >>> -+ my $hashopt = $_[1] || '-subject_hash'; >>> ++ my $x509hash = $_[1] || '-subject_hash'; >>> $fname =~ s/'/'\\''/g; >>> -- my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`; >>> -+ my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`; >>> + my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; >>> chomp $hash; >>> - chomp $fprint; >>> - $fprint =~ s/^.*=//; >>> -@@ -150,6 +152,10 @@ >>> +@@ -177,10 +175,20 @@ sub link_hash_cert { >>> $hashlist{$hash} = $fprint; >>> } >>> >>> @@ -40,6 +60,16 @@ Index: openssl-1.0.0d/tools/c_rehash.in >>> + link_hash_cert($_[0], '-subject_hash_old'); >>> +} >>> + >>> ++sub link_hash_crl_old { >>> ++ link_hash_crl($_[0], '-hash_old'); >>> ++} >>> ++ >>> ++ >>> # Same as above except for a CRL. CRL links are of the form .r >>> >>> sub link_hash_crl { >>> + my $fname = $_[0]; >>> ++ my $crlhash = $_[1] || "-hash"; >>> + $fname =~ s/'/'\\''/g; >>> + my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; >>> + chomp $hash; >>> diff --git a/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch b/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch >>> index 8101edf..39d4328 100644 >>> --- a/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch >>> +++ b/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch >>> @@ -1,12 +1,12 @@ >>> Upstream-Status: Backport [debian] >>> >>> -Index: openssl-1.0.1/Configure >>> +Index: openssl-1.0.2/Configure >>> =================================================================== >>> ---- openssl-1.0.1.orig/Configure 2012-03-17 15:37:54.000000000 +0000 >>> -+++ openssl-1.0.1/Configure 2012-03-17 16:13:49.000000000 +0000 >>> -@@ -105,6 +105,10 @@ >>> +--- openssl-1.0.2.orig/Configure >>> ++++ openssl-1.0.2/Configure >>> +@@ -107,6 +107,10 @@ my $gcc_devteam_warn = "-Wall -pedantic >>> >>> - my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; >>> + my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum"; >>> >>> +# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS >>> +my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall"; >>> @@ -15,7 +15,7 @@ Index: openssl-1.0.1/Configure >>> my $strict_warnings = 0; >>> >>> my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; >>> -@@ -338,6 +342,48 @@ >>> +@@ -343,6 +347,55 @@ my %table=( >>> "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", >>> "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", >>> >>> @@ -23,9 +23,9 @@ Index: openssl-1.0.1/Configure >>> +"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> +"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> +"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> -+"debian-armeb","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> -+"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> -+"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> ++"debian-arm64","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> ++"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> ++"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> +"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", >>> +"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> +"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> @@ -40,15 +40,21 @@ Index: openssl-1.0.1/Configure >>> +"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> +"debian-mips", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> +"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> ++"debian-mipsn32", "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> ++"debian-mipsn32el", "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> ++"debian-mips64", "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> ++"debian-mips64el", "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> +"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> +"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> +"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> +"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> +"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> +"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> ++"debian-or1k", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> +"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> +"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> +"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> ++"debian-ppc64el","gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> +"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> +"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> +"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> @@ -60,6 +66,7 @@ Index: openssl-1.0.1/Configure >>> +"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> +"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> +"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> ++"debian-x32","gcc:-mx32 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", >>> + >>> #### >>> #### Variety of LINUX:-) >>> diff --git a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch >>> index ece8b9b..a249180 100644 >>> --- a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch >>> +++ b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch >>> @@ -1,10 +1,8 @@ >>> -Upstream-Status: Backport [debian] >>> - >>> -Index: openssl-1.0.1d/Configure >>> +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure >>> =================================================================== >>> ---- openssl-1.0.1d.orig/Configure 2013-02-06 19:41:43.000000000 +0100 >>> -+++ openssl-1.0.1d/Configure 2013-02-06 19:41:43.000000000 +0100 >>> -@@ -1621,6 +1621,8 @@ >>> +--- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100 >>> ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure 2014-02-24 21:02:30.000000000 +0100 >>> +@@ -1651,6 +1651,8 @@ >>> } >>> } >>> >>> @@ -13,11 +11,11 @@ Index: openssl-1.0.1d/Configure >>> open(IN,'>> unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new"; >>> open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n"; >>> -Index: openssl-1.0.1d/openssl.ld >>> +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld >>> =================================================================== >>> --- /dev/null 1970-01-01 00:00:00.000000000 +0000 >>> -+++ openssl-1.0.1d/openssl.ld 2013-02-06 19:44:25.000000000 +0100 >>> -@@ -0,0 +1,4620 @@ >>> ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100 >>> +@@ -0,0 +1,4615 @@ >>> +OPENSSL_1.0.0 { >>> + global: >>> + BIO_f_ssl; >>> @@ -2229,20 +2227,16 @@ Index: openssl-1.0.1d/openssl.ld >>> + ERR_load_COMP_strings; >>> + PKCS12_item_decrypt_d2i; >>> + ASN1_UTF8STRING_it; >>> -+ ASN1_UTF8STRING_it; >>> + ENGINE_unregister_ciphers; >>> + ENGINE_get_ciphers; >>> + d2i_OCSP_BASICRESP; >>> + KRB5_CHECKSUM_it; >>> -+ KRB5_CHECKSUM_it; >>> + EC_POINT_add; >>> + ASN1_item_ex_i2d; >>> + OCSP_CERTID_it; >>> -+ OCSP_CERTID_it; >>> + d2i_OCSP_RESPBYTES; >>> + X509V3_add1_i2d; >>> + PKCS7_ENVELOPE_it; >>> -+ PKCS7_ENVELOPE_it; >>> + UI_add_input_boolean; >>> + ENGINE_unregister_RSA; >>> + X509V3_EXT_nconf; >>> @@ -2254,19 +2248,15 @@ Index: openssl-1.0.1d/openssl.ld >>> + ENGINE_register_all_RAND; >>> + ENGINE_load_dynamic; >>> + PBKDF2PARAM_it; >>> -+ PBKDF2PARAM_it; >>> + EXTENDED_KEY_USAGE_new; >>> + EC_GROUP_clear_free; >>> + OCSP_sendreq_bio; >>> + ASN1_item_digest; >>> + OCSP_BASICRESP_delete_ext; >>> + OCSP_SIGNATURE_it; >>> -+ OCSP_SIGNATURE_it; >>> -+ X509_CRL_it; >>> + X509_CRL_it; >>> + OCSP_BASICRESP_add_ext; >>> + KRB5_ENCKEY_it; >>> -+ KRB5_ENCKEY_it; >>> + UI_method_set_closer; >>> + X509_STORE_set_purpose; >>> + i2d_ASN1_GENERALSTRING; >>> @@ -2277,7 +2267,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + OCSP_REQUEST_get_ext_by_OBJ; >>> + _ossl_old_des_random_key; >>> + ASN1_T61STRING_it; >>> -+ ASN1_T61STRING_it; >>> + EC_GROUP_method_of; >>> + i2d_KRB5_APREQ; >>> + _ossl_old_des_encrypt; >>> @@ -2293,7 +2282,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + OCSP_SINGLERESP_get_ext_count; >>> + UI_ctrl; >>> + _shadow_DES_rw_mode; >>> -+ _shadow_DES_rw_mode; >>> + asn1_do_adb; >>> + ASN1_template_i2d; >>> + ENGINE_register_DH; >>> @@ -2307,8 +2295,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + KRB5_ENCKEY_free; >>> + OCSP_resp_get0; >>> + GENERAL_NAME_it; >>> -+ GENERAL_NAME_it; >>> -+ ASN1_GENERALIZEDTIME_it; >>> + ASN1_GENERALIZEDTIME_it; >>> + X509_STORE_set_flags; >>> + EC_POINT_set_compressed_coordinates_GFp; >>> @@ -2330,21 +2316,18 @@ Index: openssl-1.0.1d/openssl.ld >>> + EC_POINT_set_affine_coords_GFp; >>> + _ossl_old_des_options; >>> + SXNET_it; >>> -+ SXNET_it; >>> + UI_dup_input_boolean; >>> + PKCS12_add_CSPName_asc; >>> + EC_POINT_is_at_infinity; >>> + ENGINE_load_cryptodev; >>> + DSO_convert_filename; >>> + POLICYQUALINFO_it; >>> -+ POLICYQUALINFO_it; >>> + ENGINE_register_ciphers; >>> + BN_mod_lshift_quick; >>> + DSO_set_filename; >>> + ASN1_item_free; >>> + KRB5_TKTBODY_free; >>> + AUTHORITY_KEYID_it; >>> -+ AUTHORITY_KEYID_it; >>> + KRB5_APREQBODY_new; >>> + X509V3_EXT_REQ_add_nconf; >>> + ENGINE_ctrl_cmd_string; >>> @@ -2352,19 +2335,15 @@ Index: openssl-1.0.1d/openssl.ld >>> + EVP_MD_CTX_init; >>> + EXTENDED_KEY_USAGE_free; >>> + PKCS7_ATTR_SIGN_it; >>> -+ PKCS7_ATTR_SIGN_it; >>> + UI_add_error_string; >>> + KRB5_CHECKSUM_free; >>> + OCSP_REQUEST_get_ext; >>> + ENGINE_load_ubsec; >>> + ENGINE_register_all_digests; >>> + PKEY_USAGE_PERIOD_it; >>> -+ PKEY_USAGE_PERIOD_it; >>> + PKCS12_unpack_authsafes; >>> + ASN1_item_unpack; >>> + NETSCAPE_SPKAC_it; >>> -+ NETSCAPE_SPKAC_it; >>> -+ X509_REVOKED_it; >>> + X509_REVOKED_it; >>> + ASN1_STRING_encode; >>> + EVP_aes_128_ecb; >>> @@ -2376,7 +2355,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + UI_dup_info_string; >>> + _ossl_old_des_xwhite_in2out; >>> + PKCS12_it; >>> -+ PKCS12_it; >>> + OCSP_SINGLERESP_get_ext_by_critical; >>> + OCSP_SINGLERESP_get_ext_by_crit; >>> + OCSP_CERTSTATUS_free; >>> @@ -2395,10 +2373,8 @@ Index: openssl-1.0.1d/openssl.ld >>> + ENGINE_unregister_DSA; >>> + _ossl_old_des_key_sched; >>> + X509_EXTENSION_it; >>> -+ X509_EXTENSION_it; >>> + i2d_KRB5_AUTHENT; >>> + SXNETID_it; >>> -+ SXNETID_it; >>> + d2i_OCSP_SINGLERESP; >>> + EDIPARTYNAME_new; >>> + PKCS12_certbag2x509; >>> @@ -2409,10 +2385,8 @@ Index: openssl-1.0.1d/openssl.ld >>> + d2i_KRB5_APREQBODY; >>> + UI_method_get_flusher; >>> + X509_PUBKEY_it; >>> -+ X509_PUBKEY_it; >>> + _ossl_old_des_enc_read; >>> + PKCS7_ENCRYPT_it; >>> -+ PKCS7_ENCRYPT_it; >>> + i2d_OCSP_RESPONSE; >>> + EC_GROUP_get_cofactor; >>> + PKCS12_unpack_p7data; >>> @@ -2430,10 +2404,8 @@ Index: openssl-1.0.1d/openssl.ld >>> + PKCS12_item_i2d_encrypt; >>> + X509_add1_ext_i2d; >>> + PKCS7_SIGNER_INFO_it; >>> -+ PKCS7_SIGNER_INFO_it; >>> + KRB5_PRINCNAME_new; >>> + PKCS12_SAFEBAG_it; >>> -+ PKCS12_SAFEBAG_it; >>> + EC_GROUP_get_order; >>> + d2i_OCSP_RESPID; >>> + OCSP_request_verify; >>> @@ -2448,42 +2420,32 @@ Index: openssl-1.0.1d/openssl.ld >>> + EVP_MD_CTX_create; >>> + OCSP_resp_find_status; >>> + X509_ALGOR_it; >>> -+ X509_ALGOR_it; >>> -+ ASN1_TIME_it; >>> + ASN1_TIME_it; >>> + OCSP_request_set1_name; >>> + OCSP_ONEREQ_get_ext_count; >>> + UI_get0_result; >>> + PKCS12_AUTHSAFES_it; >>> -+ PKCS12_AUTHSAFES_it; >>> + EVP_aes_256_ecb; >>> + PKCS12_pack_authsafes; >>> + ASN1_IA5STRING_it; >>> -+ ASN1_IA5STRING_it; >>> + UI_get_input_flags; >>> + EC_GROUP_set_generator; >>> + _ossl_old_des_string_to_2keys; >>> + OCSP_CERTID_free; >>> + X509_CERT_AUX_it; >>> -+ X509_CERT_AUX_it; >>> -+ CERTIFICATEPOLICIES_it; >>> + CERTIFICATEPOLICIES_it; >>> + _ossl_old_des_ede3_cbc_encrypt; >>> + RAND_set_rand_engine; >>> + DSO_get_loaded_filename; >>> + X509_ATTRIBUTE_it; >>> -+ X509_ATTRIBUTE_it; >>> + OCSP_ONEREQ_get_ext_by_NID; >>> + PKCS12_decrypt_skey; >>> + KRB5_AUTHENT_it; >>> -+ KRB5_AUTHENT_it; >>> + UI_dup_error_string; >>> + RSAPublicKey_it; >>> -+ RSAPublicKey_it; >>> + i2d_OCSP_REQUEST; >>> + PKCS12_x509crl2certbag; >>> + OCSP_SERVICELOC_it; >>> -+ OCSP_SERVICELOC_it; >>> + ASN1_item_sign; >>> + X509_CRL_set_issuer_name; >>> + OBJ_NAME_do_all_sorted; >>> @@ -2494,30 +2456,23 @@ Index: openssl-1.0.1d/openssl.ld >>> + ENGINE_get_digest; >>> + OCSP_RESPONSE_print; >>> + KRB5_TKTBODY_it; >>> -+ KRB5_TKTBODY_it; >>> + ACCESS_DESCRIPTION_it; >>> -+ ACCESS_DESCRIPTION_it; >>> -+ PKCS7_ISSUER_AND_SERIAL_it; >>> + PKCS7_ISSUER_AND_SERIAL_it; >>> + PBE2PARAM_it; >>> -+ PBE2PARAM_it; >>> + PKCS12_certbag2x509crl; >>> + PKCS7_SIGNED_it; >>> -+ PKCS7_SIGNED_it; >>> + ENGINE_get_cipher; >>> + i2d_OCSP_CRLID; >>> + OCSP_SINGLERESP_new; >>> + ENGINE_cmd_is_executable; >>> + RSA_up_ref; >>> + ASN1_GENERALSTRING_it; >>> -+ ASN1_GENERALSTRING_it; >>> + ENGINE_register_DSA; >>> + X509V3_EXT_add_nconf_sk; >>> + ENGINE_set_load_pubkey_function; >>> + PKCS8_decrypt; >>> + PEM_bytes_read_bio; >>> + DIRECTORYSTRING_it; >>> -+ DIRECTORYSTRING_it; >>> + d2i_OCSP_CRLID; >>> + EC_POINT_is_on_curve; >>> + CRYPTO_set_locked_mem_ex_functions; >>> @@ -2525,7 +2480,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + d2i_KRB5_CHECKSUM; >>> + ASN1_item_dup; >>> + X509_it; >>> -+ X509_it; >>> + BN_mod_add; >>> + KRB5_AUTHDATA_free; >>> + _ossl_old_des_cbc_cksum; >>> @@ -2534,7 +2488,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + EC_POINT_get_Jprojective_coordinates_GFp; >>> + EC_POINT_get_Jproj_coords_GFp; >>> + ZLONG_it; >>> -+ ZLONG_it; >>> + CRYPTO_get_locked_mem_ex_functions; >>> + CRYPTO_get_locked_mem_ex_funcs; >>> + ASN1_TIME_check; >>> @@ -2544,41 +2497,30 @@ Index: openssl-1.0.1d/openssl.ld >>> + _ossl_old_des_ede3_cfb64_encrypt; >>> + _ossl_odes_ede3_cfb64_encrypt; >>> + ASN1_BMPSTRING_it; >>> -+ ASN1_BMPSTRING_it; >>> + ASN1_tag2bit; >>> + UI_method_set_flusher; >>> + X509_ocspid_print; >>> + KRB5_ENCDATA_it; >>> -+ KRB5_ENCDATA_it; >>> + ENGINE_get_load_pubkey_function; >>> + UI_add_user_data; >>> + OCSP_REQUEST_delete_ext; >>> + UI_get_method; >>> + OCSP_ONEREQ_free; >>> + ASN1_PRINTABLESTRING_it; >>> -+ ASN1_PRINTABLESTRING_it; >>> + X509_CRL_set_nextUpdate; >>> + OCSP_REQUEST_it; >>> -+ OCSP_REQUEST_it; >>> -+ OCSP_BASICRESP_it; >>> + OCSP_BASICRESP_it; >>> + AES_ecb_encrypt; >>> + BN_mod_sqr; >>> + NETSCAPE_CERT_SEQUENCE_it; >>> -+ NETSCAPE_CERT_SEQUENCE_it; >>> -+ GENERAL_NAMES_it; >>> + GENERAL_NAMES_it; >>> + AUTHORITY_INFO_ACCESS_it; >>> -+ AUTHORITY_INFO_ACCESS_it; >>> -+ ASN1_FBOOLEAN_it; >>> + ASN1_FBOOLEAN_it; >>> + UI_set_ex_data; >>> + _ossl_old_des_string_to_key; >>> + ENGINE_register_all_RSA; >>> + d2i_KRB5_PRINCNAME; >>> + OCSP_RESPBYTES_it; >>> -+ OCSP_RESPBYTES_it; >>> -+ X509_CINF_it; >>> + X509_CINF_it; >>> + ENGINE_unregister_digests; >>> + d2i_EDIPARTYNAME; >>> @@ -2588,7 +2530,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + OCSP_RESPDATA_free; >>> + d2i_KRB5_TICKET; >>> + OTHERNAME_it; >>> -+ OTHERNAME_it; >>> + EVP_MD_CTX_cleanup; >>> + d2i_ASN1_GENERALSTRING; >>> + X509_CRL_set_version; >>> @@ -2598,7 +2539,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + OCSP_REQUEST_free; >>> + OCSP_REQUEST_add1_ext_i2d; >>> + X509_VAL_it; >>> -+ X509_VAL_it; >>> + EC_POINTs_make_affine; >>> + EC_POINT_mul; >>> + X509V3_EXT_add_nconf; >>> @@ -2606,7 +2546,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + X509_CRL_add1_ext_i2d; >>> + _ossl_old_des_fcrypt; >>> + DISPLAYTEXT_it; >>> -+ DISPLAYTEXT_it; >>> + X509_CRL_set_lastUpdate; >>> + OCSP_BASICRESP_free; >>> + OCSP_BASICRESP_add1_ext_i2d; >>> @@ -2619,7 +2558,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + UI_get0_result_string; >>> + ASN1_GENERALSTRING_new; >>> + X509_SIG_it; >>> -+ X509_SIG_it; >>> + ERR_set_implementation; >>> + ERR_load_EC_strings; >>> + UI_get0_action_string; >>> @@ -2634,35 +2572,27 @@ Index: openssl-1.0.1d/openssl.ld >>> + OCSP_ONEREQ_get_ext_by_OBJ; >>> + ASN1_primitive_new; >>> + ASN1_PRINTABLE_it; >>> -+ ASN1_PRINTABLE_it; >>> + EVP_aes_192_ecb; >>> + OCSP_SIGNATURE_new; >>> + LONG_it; >>> -+ LONG_it; >>> -+ ASN1_VISIBLESTRING_it; >>> + ASN1_VISIBLESTRING_it; >>> + OCSP_SINGLERESP_add1_ext_i2d; >>> + d2i_OCSP_CERTID; >>> + ASN1_item_d2i_fp; >>> + CRL_DIST_POINTS_it; >>> -+ CRL_DIST_POINTS_it; >>> + GENERAL_NAME_print; >>> + OCSP_SINGLERESP_delete_ext; >>> + PKCS12_SAFEBAGS_it; >>> -+ PKCS12_SAFEBAGS_it; >>> + d2i_OCSP_SIGNATURE; >>> + OCSP_request_add1_nonce; >>> + ENGINE_set_cmd_defns; >>> + OCSP_SERVICELOC_free; >>> + EC_GROUP_free; >>> + ASN1_BIT_STRING_it; >>> -+ ASN1_BIT_STRING_it; >>> -+ X509_REQ_it; >>> + X509_REQ_it; >>> + _ossl_old_des_cbc_encrypt; >>> + ERR_unload_strings; >>> + PKCS7_SIGN_ENVELOPE_it; >>> -+ PKCS7_SIGN_ENVELOPE_it; >>> + EDIPARTYNAME_free; >>> + OCSP_REQINFO_free; >>> + EC_GROUP_new_curve_GFp; >>> @@ -2687,7 +2617,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + OCSP_CRLID_free; >>> + OCSP_BASICRESP_get1_ext_d2i; >>> + RSAPrivateKey_it; >>> -+ RSAPrivateKey_it; >>> + ENGINE_register_all_DH; >>> + i2d_EDIPARTYNAME; >>> + EC_POINT_get_affine_coordinates_GFp; >>> @@ -2695,10 +2624,8 @@ Index: openssl-1.0.1d/openssl.ld >>> + OCSP_CRLID_new; >>> + ENGINE_get_flags; >>> + OCSP_ONEREQ_it; >>> -+ OCSP_ONEREQ_it; >>> + UI_process; >>> + ASN1_INTEGER_it; >>> -+ ASN1_INTEGER_it; >>> + EVP_CipherInit_ex; >>> + UI_get_string_type; >>> + ENGINE_unregister_DH; >>> @@ -2707,7 +2634,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + bn_dup_expand; >>> + OCSP_cert_id_new; >>> + BASIC_CONSTRAINTS_it; >>> -+ BASIC_CONSTRAINTS_it; >>> + BN_mod_add_quick; >>> + EC_POINT_new; >>> + EVP_MD_CTX_destroy; >>> @@ -2717,7 +2643,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + EC_POINT_free; >>> + DH_up_ref; >>> + X509_NAME_ENTRY_it; >>> -+ X509_NAME_ENTRY_it; >>> + UI_get_ex_new_index; >>> + BN_mod_sub_quick; >>> + OCSP_ONEREQ_add_ext; >>> @@ -2730,7 +2655,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + ENGINE_register_complete; >>> + X509V3_EXT_nconf_nid; >>> + ASN1_SEQUENCE_it; >>> -+ ASN1_SEQUENCE_it; >>> + UI_set_default_method; >>> + RAND_query_egd_bytes; >>> + UI_method_get_writer; >>> @@ -2738,8 +2662,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + PEM_def_callback; >>> + ENGINE_cleanup; >>> + DIST_POINT_it; >>> -+ DIST_POINT_it; >>> -+ OCSP_SINGLERESP_it; >>> + OCSP_SINGLERESP_it; >>> + d2i_KRB5_TKTBODY; >>> + EC_POINT_cmp; >>> @@ -2758,24 +2680,20 @@ Index: openssl-1.0.1d/openssl.ld >>> + OCSP_cert_to_id; >>> + OCSP_RESPID_new; >>> + OCSP_RESPDATA_it; >>> -+ OCSP_RESPDATA_it; >>> + d2i_OCSP_RESPDATA; >>> + ENGINE_register_all_complete; >>> + OCSP_check_validity; >>> + PKCS12_BAGS_it; >>> -+ PKCS12_BAGS_it; >>> + OCSP_url_svcloc_new; >>> + ASN1_template_free; >>> + OCSP_SINGLERESP_add_ext; >>> + KRB5_AUTHENTBODY_it; >>> -+ KRB5_AUTHENTBODY_it; >>> + X509_supported_extension; >>> + i2d_KRB5_AUTHDATA; >>> + UI_method_get_opener; >>> + ENGINE_set_ex_data; >>> + OCSP_REQUEST_print; >>> + CBIGNUM_it; >>> -+ CBIGNUM_it; >>> + KRB5_TICKET_new; >>> + KRB5_APREQ_new; >>> + EC_GROUP_get_curve_GFp; >>> @@ -2785,27 +2703,20 @@ Index: openssl-1.0.1d/openssl.ld >>> + OCSP_single_get0_status; >>> + BN_swap; >>> + POLICYINFO_it; >>> -+ POLICYINFO_it; >>> + ENGINE_set_destroy_function; >>> + asn1_enc_free; >>> + OCSP_RESPID_it; >>> -+ OCSP_RESPID_it; >>> + EC_GROUP_new; >>> + EVP_aes_256_cbc; >>> + i2d_KRB5_PRINCNAME; >>> + _ossl_old_des_encrypt2; >>> + _ossl_old_des_encrypt3; >>> + PKCS8_PRIV_KEY_INFO_it; >>> -+ PKCS8_PRIV_KEY_INFO_it; >>> -+ OCSP_REQINFO_it; >>> + OCSP_REQINFO_it; >>> + PBEPARAM_it; >>> -+ PBEPARAM_it; >>> + KRB5_AUTHENTBODY_new; >>> + X509_CRL_add0_revoked; >>> + EDIPARTYNAME_it; >>> -+ EDIPARTYNAME_it; >>> -+ NETSCAPE_SPKI_it; >>> + NETSCAPE_SPKI_it; >>> + UI_get0_test_string; >>> + ENGINE_get_cipher_engine; >>> @@ -2817,14 +2728,12 @@ Index: openssl-1.0.1d/openssl.ld >>> + UI_method_get_reader; >>> + OCSP_BASICRESP_get_ext_count; >>> + ASN1_ENUMERATED_it; >>> -+ ASN1_ENUMERATED_it; >>> + UI_set_result; >>> + i2d_KRB5_TICKET; >>> + X509_print_ex_fp; >>> + EVP_CIPHER_CTX_set_padding; >>> + d2i_OCSP_RESPONSE; >>> + ASN1_UTCTIME_it; >>> -+ ASN1_UTCTIME_it; >>> + _ossl_old_des_enc_write; >>> + OCSP_RESPONSE_new; >>> + AES_set_encrypt_key; >>> @@ -2834,14 +2743,11 @@ Index: openssl-1.0.1d/openssl.ld >>> + OCSP_onereq_get0_id; >>> + ENGINE_set_default_ciphers; >>> + NOTICEREF_it; >>> -+ NOTICEREF_it; >>> + X509V3_EXT_CRL_add_nconf; >>> + OCSP_REVOKEDINFO_it; >>> -+ OCSP_REVOKEDINFO_it; >>> + AES_encrypt; >>> + OCSP_REQUEST_new; >>> + ASN1_ANY_it; >>> -+ ASN1_ANY_it; >>> + CRYPTO_ex_data_new_class; >>> + _ossl_old_des_ncbc_encrypt; >>> + i2d_KRB5_TKTBODY; >>> @@ -2864,19 +2770,15 @@ Index: openssl-1.0.1d/openssl.ld >>> + ENGINE_load_nuron; >>> + _ossl_old_des_pcbc_encrypt; >>> + PKCS12_MAC_DATA_it; >>> -+ PKCS12_MAC_DATA_it; >>> + OCSP_accept_responses_new; >>> + asn1_do_lock; >>> + PKCS7_ATTR_VERIFY_it; >>> -+ PKCS7_ATTR_VERIFY_it; >>> -+ KRB5_APREQBODY_it; >>> + KRB5_APREQBODY_it; >>> + i2d_OCSP_SINGLERESP; >>> + ASN1_item_ex_new; >>> + UI_add_verify_string; >>> + _ossl_old_des_set_key; >>> + KRB5_PRINCNAME_it; >>> -+ KRB5_PRINCNAME_it; >>> + EVP_DecryptInit_ex; >>> + i2d_OCSP_CERTID; >>> + ASN1_item_d2i_bio; >>> @@ -2890,20 +2792,17 @@ Index: openssl-1.0.1d/openssl.ld >>> + OCSP_BASICRESP_new; >>> + OCSP_REQUEST_get_ext_by_NID; >>> + KRB5_APREQ_it; >>> -+ KRB5_APREQ_it; >>> + ENGINE_get_destroy_function; >>> + CONF_set_nconf; >>> + ASN1_PRINTABLE_free; >>> + OCSP_BASICRESP_get_ext_by_NID; >>> + DIST_POINT_NAME_it; >>> -+ DIST_POINT_NAME_it; >>> + X509V3_extensions_print; >>> + _ossl_old_des_cfb64_encrypt; >>> + X509_REVOKED_add1_ext_i2d; >>> + _ossl_old_des_ofb_encrypt; >>> + KRB5_TKTBODY_new; >>> + ASN1_OCTET_STRING_it; >>> -+ ASN1_OCTET_STRING_it; >>> + ERR_load_UI_strings; >>> + i2d_KRB5_ENCKEY; >>> + ASN1_template_new; >>> @@ -2911,8 +2810,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + ASN1_item_i2d_fp; >>> + KRB5_PRINCNAME_free; >>> + PKCS7_RECIP_INFO_it; >>> -+ PKCS7_RECIP_INFO_it; >>> -+ EXTENDED_KEY_USAGE_it; >>> + EXTENDED_KEY_USAGE_it; >>> + EC_GFp_simple_method; >>> + EC_GROUP_precompute_mult; >>> @@ -2920,42 +2817,33 @@ Index: openssl-1.0.1d/openssl.ld >>> + UI_method_set_writer; >>> + KRB5_AUTHENT_new; >>> + X509_CRL_INFO_it; >>> -+ X509_CRL_INFO_it; >>> + DSO_set_name_converter; >>> + AES_set_decrypt_key; >>> + PKCS7_DIGEST_it; >>> -+ PKCS7_DIGEST_it; >>> + PKCS12_x5092certbag; >>> + EVP_DigestInit_ex; >>> + i2a_ACCESS_DESCRIPTION; >>> + OCSP_RESPONSE_it; >>> -+ OCSP_RESPONSE_it; >>> -+ PKCS7_ENC_CONTENT_it; >>> + PKCS7_ENC_CONTENT_it; >>> + OCSP_request_add0_id; >>> + EC_POINT_make_affine; >>> + DSO_get_filename; >>> + OCSP_CERTSTATUS_it; >>> -+ OCSP_CERTSTATUS_it; >>> + OCSP_request_add1_cert; >>> + UI_get0_output_string; >>> + UI_dup_verify_string; >>> + BN_mod_lshift; >>> + KRB5_AUTHDATA_it; >>> -+ KRB5_AUTHDATA_it; >>> + asn1_set_choice_selector; >>> + OCSP_basic_add1_status; >>> + OCSP_RESPID_free; >>> + asn1_get_field_ptr; >>> + UI_add_input_string; >>> + OCSP_CRLID_it; >>> -+ OCSP_CRLID_it; >>> + i2d_KRB5_AUTHENTBODY; >>> + OCSP_REQUEST_get_ext_count; >>> + ENGINE_load_atalla; >>> + X509_NAME_it; >>> -+ X509_NAME_it; >>> -+ USERNOTICE_it; >>> + USERNOTICE_it; >>> + OCSP_REQINFO_new; >>> + OCSP_BASICRESP_get_ext; >>> @@ -2965,33 +2853,27 @@ Index: openssl-1.0.1d/openssl.ld >>> + i2d_KRB5_ENCDATA; >>> + X509_PURPOSE_set; >>> + X509_REQ_INFO_it; >>> -+ X509_REQ_INFO_it; >>> + UI_method_set_opener; >>> + ASN1_item_ex_free; >>> + ASN1_BOOLEAN_it; >>> -+ ASN1_BOOLEAN_it; >>> + ENGINE_get_table_flags; >>> + UI_create_method; >>> + OCSP_ONEREQ_add1_ext_i2d; >>> + _shadow_DES_check_key; >>> -+ _shadow_DES_check_key; >>> + d2i_OCSP_REQINFO; >>> + UI_add_info_string; >>> + UI_get_result_minsize; >>> + ASN1_NULL_it; >>> -+ ASN1_NULL_it; >>> + BN_mod_lshift1; >>> + d2i_OCSP_ONEREQ; >>> + OCSP_ONEREQ_new; >>> + KRB5_TICKET_it; >>> -+ KRB5_TICKET_it; >>> + EVP_aes_192_cbc; >>> + KRB5_TICKET_free; >>> + UI_new; >>> + OCSP_response_create; >>> + _ossl_old_des_xcbc_encrypt; >>> + PKCS7_it; >>> -+ PKCS7_it; >>> + OCSP_REQUEST_get_ext_by_critical; >>> + OCSP_REQUEST_get_ext_by_crit; >>> + ENGINE_set_flags; >>> @@ -3000,11 +2882,9 @@ Index: openssl-1.0.1d/openssl.ld >>> + EVP_Digest; >>> + OCSP_ONEREQ_delete_ext; >>> + ASN1_TBOOLEAN_it; >>> -+ ASN1_TBOOLEAN_it; >>> + ASN1_item_new; >>> + ASN1_TIME_to_generalizedtime; >>> + BIGNUM_it; >>> -+ BIGNUM_it; >>> + AES_cbc_encrypt; >>> + ENGINE_get_load_privkey_function; >>> + ENGINE_get_load_privkey_fn; >>> @@ -3016,7 +2896,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + EC_POINT_point2oct; >>> + KRB5_APREQ_free; >>> + ASN1_OBJECT_it; >>> -+ ASN1_OBJECT_it; >>> + OCSP_crlID_new; >>> + OCSP_crlID2_new; >>> + CONF_modules_load_file; >>> @@ -3074,7 +2953,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + i2d_ASN1_UNIVERSALSTRING; >>> + ASN1_UNIVERSALSTRING_free; >>> + ASN1_UNIVERSALSTRING_it; >>> -+ ASN1_UNIVERSALSTRING_it; >>> + d2i_ASN1_UNIVERSALSTRING; >>> + EVP_des_ede3_ecb; >>> + X509_REQ_print_ex; >>> @@ -3130,14 +3008,12 @@ Index: openssl-1.0.1d/openssl.ld >>> + HMAC_CTX_set_flags; >>> + d2i_PROXY_CERT_INFO_EXTENSION; >>> + PROXY_POLICY_it; >>> -+ PROXY_POLICY_it; >>> + i2d_PROXY_POLICY; >>> + i2d_PROXY_CERT_INFO_EXTENSION; >>> + d2i_PROXY_POLICY; >>> + PROXY_CERT_INFO_EXTENSION_new; >>> + PROXY_CERT_INFO_EXTENSION_free; >>> + PROXY_CERT_INFO_EXTENSION_it; >>> -+ PROXY_CERT_INFO_EXTENSION_it; >>> + PROXY_POLICY_free; >>> + PROXY_POLICY_new; >>> + BN_MONT_CTX_set_locked; >>> @@ -3174,7 +3050,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + BN_BLINDING_get_thread_id; >>> + X509_STORE_CTX_set0_param; >>> + POLICY_MAPPING_it; >>> -+ POLICY_MAPPING_it; >>> + STORE_parse_attrs_start; >>> + POLICY_CONSTRAINTS_free; >>> + EVP_PKEY_add1_attr_by_NID; >>> @@ -3183,7 +3058,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + STORE_set_method; >>> + GENERAL_SUBTREE_free; >>> + NAME_CONSTRAINTS_it; >>> -+ NAME_CONSTRAINTS_it; >>> + ECDH_get_default_method; >>> + PKCS12_add_safe; >>> + EC_KEY_new_by_curve_name; >>> @@ -3226,7 +3100,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + ENGINE_get_default_ECDH; >>> + EC_KEY_get_conv_form; >>> + ASN1_OCTET_STRING_NDEF_it; >>> -+ ASN1_OCTET_STRING_NDEF_it; >>> + STORE_delete_public_key; >>> + STORE_get_public_key; >>> + STORE_modify_arbitrary; >>> @@ -3383,7 +3256,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + ENGINE_load_padlock; >>> + EC_GROUP_set_curve_name; >>> + X509_CERT_PAIR_it; >>> -+ X509_CERT_PAIR_it; >>> + STORE_meth_get_revoke_fn; >>> + STORE_method_get_revoke_function; >>> + STORE_method_set_get_function; >>> @@ -3510,7 +3382,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + pqueue_pop; >>> + STORE_ATTR_INFO_get0_cstr; >>> + POLICY_CONSTRAINTS_it; >>> -+ POLICY_CONSTRAINTS_it; >>> + STORE_get_ex_new_index; >>> + EVP_PKEY_get_attr_by_OBJ; >>> + X509_VERIFY_PARAM_add0_policy; >>> @@ -3558,8 +3429,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + STORE_modify_crl; >>> + STORE_list_private_key_start; >>> + POLICY_MAPPINGS_it; >>> -+ POLICY_MAPPINGS_it; >>> -+ GENERAL_SUBTREE_it; >>> + GENERAL_SUBTREE_it; >>> + EC_GROUP_get_curve_name; >>> + PEM_write_X509_CERT_PAIR; >>> @@ -3692,15 +3561,12 @@ Index: openssl-1.0.1d/openssl.ld >>> + BIO_set_callback_arg; >>> + v3_addr_add_prefix; >>> + IPAddressOrRange_it; >>> -+ IPAddressOrRange_it; >>> + BIO_set_flags; >>> + ASIdentifiers_it; >>> -+ ASIdentifiers_it; >>> + v3_addr_get_range; >>> + BIO_method_type; >>> + v3_addr_inherits; >>> + IPAddressChoice_it; >>> -+ IPAddressChoice_it; >>> + AES_ige_encrypt; >>> + v3_addr_add_range; >>> + EVP_CIPHER_CTX_nid; >>> @@ -3721,7 +3587,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + BIO_clear_flags; >>> + i2d_ASRange; >>> + IPAddressRange_it; >>> -+ IPAddressRange_it; >>> + IPAddressChoice_new; >>> + ASIdentifierChoice_new; >>> + ASRange_free; >>> @@ -3742,7 +3607,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + BIO_test_flags; >>> + i2d_ASIdentifierChoice; >>> + ASRange_it; >>> -+ ASRange_it; >>> + d2i_ASIdentifiers; >>> + ASRange_new; >>> + d2i_IPAddressChoice; >>> @@ -3751,7 +3615,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + EVP_Cipher; >>> + i2d_IPAddressOrRange; >>> + ASIdOrRange_it; >>> -+ ASIdOrRange_it; >>> + EVP_CIPHER_nid; >>> + i2d_IPAddressChoice; >>> + EVP_CIPHER_CTX_block_size; >>> @@ -3762,7 +3625,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + v3_addr_is_canonical; >>> + i2d_IPAddressRange; >>> + IPAddressFamily_it; >>> -+ IPAddressFamily_it; >>> + v3_asid_inherits; >>> + EVP_CIPHER_CTX_cipher; >>> + EVP_CIPHER_CTX_get_app_data; >>> @@ -3772,7 +3634,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + d2i_IPAddressOrRange; >>> + v3_addr_canonize; >>> + ASIdentifierChoice_it; >>> -+ ASIdentifierChoice_it; >>> + EVP_MD_CTX_md; >>> + d2i_ASIdentifierChoice; >>> + BIO_method_name; >>> @@ -3795,7 +3656,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + SEED_set_key; >>> + EVP_seed_cfb128; >>> + X509_EXTENSIONS_it; >>> -+ X509_EXTENSIONS_it; >>> + X509_get1_ocsp; >>> + OCSP_REQ_CTX_free; >>> + i2d_X509_EXTENSIONS; >>> @@ -3803,7 +3663,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + OCSP_sendreq_new; >>> + d2i_X509_EXTENSIONS; >>> + X509_ALGORS_it; >>> -+ X509_ALGORS_it; >>> + X509_ALGOR_get0; >>> + X509_ALGOR_set0; >>> + AES_unwrap_key; >>> @@ -3848,7 +3707,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + CMS_SignerInfo_verify; >>> + CMS_data; >>> + CMS_ContentInfo_it; >>> -+ CMS_ContentInfo_it; >>> + d2i_CMS_ReceiptRequest; >>> + CMS_compress; >>> + CMS_digest_create; >>> @@ -3893,7 +3751,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + CMS_RecipientInfo_kekri_get0_id; >>> + CMS_verify_receipt; >>> + CMS_ReceiptRequest_it; >>> -+ CMS_ReceiptRequest_it; >>> + PEM_read_bio_CMS; >>> + CMS_get1_crls; >>> + CMS_add0_recipient_key; >>> @@ -4032,7 +3889,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + TS_REQ_dup; >>> + GENERAL_NAME_dup; >>> + ASN1_SEQUENCE_ANY_it; >>> -+ ASN1_SEQUENCE_ANY_it; >>> + WHIRLPOOL; >>> + X509_STORE_get1_crls; >>> + ENGINE_get_pkey_asn1_meth; >>> @@ -4103,7 +3959,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + DIST_POINT_set_dpname; >>> + i2d_ISSUING_DIST_POINT; >>> + ASN1_SET_ANY_it; >>> -+ ASN1_SET_ANY_it; >>> + EVP_PKEY_CTX_get_data; >>> + TS_STATUS_INFO_print_bio; >>> + EVP_PKEY_derive_init; >>> @@ -4263,7 +4118,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + EVP_DigestSignFinal; >>> + TS_RESP_CTX_set_def_policy; >>> + NETSCAPE_X509_it; >>> -+ NETSCAPE_X509_it; >>> + TS_RESP_create_response; >>> + PKCS7_SIGNER_INFO_get0_algs; >>> + TS_TST_INFO_get_nonce; >>> @@ -4322,7 +4176,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + EVP_CIPHER_do_all_sorted; >>> + EVP_PKEY_CTX_free; >>> + ISSUING_DIST_POINT_it; >>> -+ ISSUING_DIST_POINT_it; >>> + d2i_TS_MSG_IMPRINT_fp; >>> + X509_STORE_get1_certs; >>> + EVP_PKEY_CTX_get_operation; >>> @@ -4615,7 +4468,6 @@ Index: openssl-1.0.1d/openssl.ld >>> + X509_signature_dump; >>> + d2i_RSA_PSS_PARAMS; >>> + RSA_PSS_PARAMS_it; >>> -+ RSA_PSS_PARAMS_it; >>> + RSA_PSS_PARAMS_free; >>> + X509_sign_ctx; >>> + i2d_RSA_PSS_PARAMS; >>> @@ -4638,10 +4490,151 @@ Index: openssl-1.0.1d/openssl.ld >>> + CRYPTO_memcmp; >>> +} OPENSSL_1.0.1; >>> + >>> -Index: openssl-1.0.1d/engines/openssl.ld >>> ++OPENSSL_1.0.2 { >>> ++ global: >>> ++ SSL_CTX_set_alpn_protos; >>> ++ SSL_set_alpn_protos; >>> ++ SSL_CTX_set_alpn_select_cb; >>> ++ SSL_get0_alpn_selected; >>> ++ SSL_CTX_set_custom_cli_ext; >>> ++ SSL_CTX_set_custom_srv_ext; >>> ++ SSL_CTX_set_srv_supp_data; >>> ++ SSL_CTX_set_cli_supp_data; >>> ++ SSL_set_cert_cb; >>> ++ SSL_CTX_use_serverinfo; >>> ++ SSL_CTX_use_serverinfo_file; >>> ++ SSL_CTX_set_cert_cb; >>> ++ SSL_CTX_get0_param; >>> ++ SSL_get0_param; >>> ++ SSL_certs_clear; >>> ++ DTLSv1_2_method; >>> ++ DTLSv1_2_server_method; >>> ++ DTLSv1_2_client_method; >>> ++ DTLS_method; >>> ++ DTLS_server_method; >>> ++ DTLS_client_method; >>> ++ SSL_CTX_get_ssl_method; >>> ++ SSL_CTX_get0_certificate; >>> ++ SSL_CTX_get0_privatekey; >>> ++ SSL_COMP_set0_compression_methods; >>> ++ SSL_COMP_free_compression_methods; >>> ++ SSL_CIPHER_find; >>> ++ SSL_is_server; >>> ++ SSL_CONF_CTX_new; >>> ++ SSL_CONF_CTX_finish; >>> ++ SSL_CONF_CTX_free; >>> ++ SSL_CONF_CTX_set_flags; >>> ++ SSL_CONF_CTX_clear_flags; >>> ++ SSL_CONF_CTX_set1_prefix; >>> ++ SSL_CONF_CTX_set_ssl; >>> ++ SSL_CONF_CTX_set_ssl_ctx; >>> ++ SSL_CONF_cmd; >>> ++ SSL_CONF_cmd_argv; >>> ++ SSL_CONF_cmd_value_type; >>> ++ SSL_trace; >>> ++ SSL_CIPHER_standard_name; >>> ++ SSL_get_tlsa_record_byname; >>> ++ ASN1_TIME_diff; >>> ++ BIO_hex_string; >>> ++ CMS_RecipientInfo_get0_pkey_ctx; >>> ++ CMS_RecipientInfo_encrypt; >>> ++ CMS_SignerInfo_get0_pkey_ctx; >>> ++ CMS_SignerInfo_get0_md_ctx; >>> ++ CMS_SignerInfo_get0_signature; >>> ++ CMS_RecipientInfo_kari_get0_alg; >>> ++ CMS_RecipientInfo_kari_get0_reks; >>> ++ CMS_RecipientInfo_kari_get0_orig_id; >>> ++ CMS_RecipientInfo_kari_orig_id_cmp; >>> ++ CMS_RecipientEncryptedKey_get0_id; >>> ++ CMS_RecipientEncryptedKey_cert_cmp; >>> ++ CMS_RecipientInfo_kari_set0_pkey; >>> ++ CMS_RecipientInfo_kari_get0_ctx; >>> ++ CMS_RecipientInfo_kari_decrypt; >>> ++ CMS_SharedInfo_encode; >>> ++ DH_compute_key_padded; >>> ++ d2i_DHxparams; >>> ++ i2d_DHxparams; >>> ++ DH_get_1024_160; >>> ++ DH_get_2048_224; >>> ++ DH_get_2048_256; >>> ++ DH_KDF_X9_42; >>> ++ ECDH_KDF_X9_62; >>> ++ ECDSA_METHOD_new; >>> ++ ECDSA_METHOD_free; >>> ++ ECDSA_METHOD_set_app_data; >>> ++ ECDSA_METHOD_get_app_data; >>> ++ ECDSA_METHOD_set_sign; >>> ++ ECDSA_METHOD_set_sign_setup; >>> ++ ECDSA_METHOD_set_verify; >>> ++ ECDSA_METHOD_set_flags; >>> ++ ECDSA_METHOD_set_name; >>> ++ EVP_des_ede3_wrap; >>> ++ EVP_aes_128_wrap; >>> ++ EVP_aes_192_wrap; >>> ++ EVP_aes_256_wrap; >>> ++ EVP_aes_128_cbc_hmac_sha256; >>> ++ EVP_aes_256_cbc_hmac_sha256; >>> ++ CRYPTO_128_wrap; >>> ++ CRYPTO_128_unwrap; >>> ++ OCSP_REQ_CTX_nbio; >>> ++ OCSP_REQ_CTX_new; >>> ++ OCSP_set_max_response_length; >>> ++ OCSP_REQ_CTX_i2d; >>> ++ OCSP_REQ_CTX_nbio_d2i; >>> ++ OCSP_REQ_CTX_get0_mem_bio; >>> ++ OCSP_REQ_CTX_http; >>> ++ RSA_padding_add_PKCS1_OAEP_mgf1; >>> ++ RSA_padding_check_PKCS1_OAEP_mgf1; >>> ++ RSA_OAEP_PARAMS_free; >>> ++ RSA_OAEP_PARAMS_it; >>> ++ RSA_OAEP_PARAMS_new; >>> ++ SSL_get_sigalgs; >>> ++ SSL_get_shared_sigalgs; >>> ++ SSL_check_chain; >>> ++ X509_chain_up_ref; >>> ++ X509_http_nbio; >>> ++ X509_CRL_http_nbio; >>> ++ X509_REVOKED_dup; >>> ++ i2d_re_X509_tbs; >>> ++ X509_get0_signature; >>> ++ X509_get_signature_nid; >>> ++ X509_CRL_diff; >>> ++ X509_chain_check_suiteb; >>> ++ X509_CRL_check_suiteb; >>> ++ X509_check_host; >>> ++ X509_check_email; >>> ++ X509_check_ip; >>> ++ X509_check_ip_asc; >>> ++ X509_STORE_set_lookup_crls_cb; >>> ++ X509_STORE_CTX_get0_store; >>> ++ X509_VERIFY_PARAM_set1_host; >>> ++ X509_VERIFY_PARAM_add1_host; >>> ++ X509_VERIFY_PARAM_set_hostflags; >>> ++ X509_VERIFY_PARAM_get0_peername; >>> ++ X509_VERIFY_PARAM_set1_email; >>> ++ X509_VERIFY_PARAM_set1_ip; >>> ++ X509_VERIFY_PARAM_set1_ip_asc; >>> ++ X509_VERIFY_PARAM_get0_name; >>> ++ X509_VERIFY_PARAM_get_count; >>> ++ X509_VERIFY_PARAM_get0; >>> ++ X509V3_EXT_free; >>> ++ EC_GROUP_get_mont_data; >>> ++ EC_curve_nid2nist; >>> ++ EC_curve_nist2nid; >>> ++ PEM_write_bio_DHxparams; >>> ++ PEM_write_DHxparams; >>> ++ SSL_CTX_add_client_custom_ext; >>> ++ SSL_CTX_add_server_custom_ext; >>> ++ SSL_extension_supported; >>> ++ BUF_strnlen; >>> ++ sk_deep_copy; >>> ++ SSL_test_functions; >>> ++} OPENSSL_1.0.1d; >>> ++ >>> +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld >>> =================================================================== >>> --- /dev/null 1970-01-01 00:00:00.000000000 +0000 >>> -+++ openssl-1.0.1d/engines/openssl.ld 2013-02-06 19:41:43.000000000 +0100 >>> ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100 >>> @@ -0,0 +1,10 @@ >>> +OPENSSL_1.0.0 { >>> + global: >>> @@ -4653,10 +4646,10 @@ Index: openssl-1.0.1d/engines/openssl.ld >>> + *; >>> +}; >>> + >>> -Index: openssl-1.0.1d/engines/ccgost/openssl.ld >>> +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld >>> =================================================================== >>> --- /dev/null 1970-01-01 00:00:00.000000000 +0000 >>> -+++ openssl-1.0.1d/engines/ccgost/openssl.ld 2013-02-06 19:41:43.000000000 +0100 >>> ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100 >>> @@ -0,0 +1,10 @@ >>> +OPENSSL_1.0.0 { >>> + global: >>> diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch >>> new file mode 100644 >>> index 0000000..c43bcd1 >>> --- /dev/null >>> +++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch >>> @@ -0,0 +1,29 @@ >>> +From: Raphael Geissert >>> +Description: make X509_verify_cert indicate that any certificate whose >>> + name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked. >>> +Forwarded: not-needed >>> +Origin: vendor >>> +Last-Update: 2011-11-05 >>> + >>> +Upstream-Status: Backport [debian] >>> + >>> + >>> +Index: openssl-1.0.2~beta1/crypto/x509/x509_vfy.c >>> +=================================================================== >>> +--- openssl-1.0.2~beta1.orig/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.488028844 +0100 >>> ++++ openssl-1.0.2~beta1/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.484028929 +0100 >>> +@@ -964,10 +964,11 @@ >>> + for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) >>> + { >>> + x = sk_X509_value(ctx->chain, i); >>> +- /* Mark DigiNotar certificates as revoked, no matter >>> +- * where in the chain they are. >>> ++ /* Mark certificates containing the following names as >>> ++ * revoked, no matter where in the chain they are. >>> + */ >>> +- if (x->name && strstr(x->name, "DigiNotar")) >>> ++ if (x->name && (strstr(x->name, "DigiNotar") || >>> ++ strstr(x->name, "Digicert Sdn. Bhd."))) >>> + { >>> + ctx->error = X509_V_ERR_CERT_REVOKED; >>> + ctx->error_depth = i; >>> diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch >>> new file mode 100644 >>> index 0000000..0c1a0b6 >>> --- /dev/null >>> +++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch >>> @@ -0,0 +1,67 @@ >>> +From: Raphael Geissert >>> +Description: make X509_verify_cert indicate that any certificate whose >>> + name contains "DigiNotar" is revoked. >>> +Forwarded: not-needed >>> +Origin: vendor >>> +Last-Update: 2011-09-08 >>> +Bug: http://bugs.debian.org/639744 >>> +Reviewed-by: Kurt Roeckx >>> +Reviewed-by: Dr Stephen N Henson >>> + >>> +This is not meant as final patch. >>> + >>> +Upstream-Status: Backport [debian] >>> + >>> + >>> +Index: openssl-1.0.2/crypto/x509/x509_vfy.c >>> +=================================================================== >>> +--- openssl-1.0.2.orig/crypto/x509/x509_vfy.c >>> ++++ openssl-1.0.2/crypto/x509/x509_vfy.c >>> +@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c >>> + static int check_revocation(X509_STORE_CTX *ctx); >>> + static int check_cert(X509_STORE_CTX *ctx); >>> + static int check_policy(X509_STORE_CTX *ctx); >>> ++static int check_ca_blacklist(X509_STORE_CTX *ctx); >>> + >>> + static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, >>> + unsigned int *preasons, X509_CRL *crl, X509 *x); >>> +@@ -438,6 +439,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx >>> + if (!ok) >>> + goto end; >>> + >>> ++ ok = check_ca_blacklist(ctx); >>> ++ if(!ok) goto end; >>> ++ >>> + #ifndef OPENSSL_NO_RFC3779 >>> + /* RFC 3779 path validation, now that CRL check has been done */ >>> + ok = v3_asid_validate_path(ctx); >>> +@@ -938,6 +942,29 @@ static int check_crl_time(X509_STORE_CTX >>> + return 1; >>> + } >>> + >>> ++static int check_ca_blacklist(X509_STORE_CTX *ctx) >>> ++ { >>> ++ X509 *x; >>> ++ int i; >>> ++ /* Check all certificates against the blacklist */ >>> ++ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) >>> ++ { >>> ++ x = sk_X509_value(ctx->chain, i); >>> ++ /* Mark DigiNotar certificates as revoked, no matter >>> ++ * where in the chain they are. >>> ++ */ >>> ++ if (x->name && strstr(x->name, "DigiNotar")) >>> ++ { >>> ++ ctx->error = X509_V_ERR_CERT_REVOKED; >>> ++ ctx->error_depth = i; >>> ++ ctx->current_cert = x; >>> ++ if (!ctx->verify_cb(0,ctx)) >>> ++ return 0; >>> ++ } >>> ++ } >>> ++ return 1; >>> ++ } >>> ++ >>> + static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, >>> + X509 **pissuer, int *pscore, unsigned int *preasons, >>> + STACK_OF(X509_CRL) *crls) >>> diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/padlock_conf.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/padlock_conf.patch >>> new file mode 100644 >>> index 0000000..61dcf45 >>> --- /dev/null >>> +++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/padlock_conf.patch >>> @@ -0,0 +1,31 @@ >>> + >>> +Upstream-Status: Backport [debian] >>> + >>> +--- openssl/apps/openssl.cnf.orig 2012-06-06 00:45:56.000000000 +0200 >>> ++++ openssl/apps/openssl.cnf 2012-06-06 00:46:46.000000000 +0200 >>> +@@ -19,6 +19,8 @@ >>> + # (Alternatively, use a configuration file that has only >>> + # X.509v3 extensions in its main [= default] section.) >>> + >>> ++openssl_conf = openssl_def >>> ++ >>> + [ new_oids ] >>> + >>> + # We can add new OIDs in here for use by 'ca', 'req' and 'ts'. >>> +@@ -348,3 +350,16 @@ >>> + # (optional, default: no) >>> + ess_cert_id_chain = no # Must the ESS cert id chain be included? >>> + # (optional, default: no) >>> ++ >>> ++[openssl_def] >>> ++engines = engine_section >>> ++ >>> ++[engine_section] >>> ++padlock = padlock_section >>> ++ >>> ++[padlock_section] >>> ++soft_load=1 >>> ++init=1 >>> ++default_algorithms = ALL >>> ++dynamic_path=padlock >>> ++ >>> diff --git a/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch b/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch >>> index d8a6f1a..a574648 100644 >>> --- a/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch >>> +++ b/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch >>> @@ -1,11 +1,11 @@ >>> Upstream-Status: Inappropriate [configuration] >>> >>> >>> -Index: openssl-1.0.0/engines/Makefile >>> +Index: openssl-1.0.2/engines/Makefile >>> =================================================================== >>> ---- openssl-1.0.0.orig/engines/Makefile >>> -+++ openssl-1.0.0/engines/Makefile >>> -@@ -107,7 +107,7 @@ >>> +--- openssl-1.0.2.orig/engines/Makefile >>> ++++ openssl-1.0.2/engines/Makefile >>> +@@ -107,13 +107,13 @@ install: >>> @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... >>> @if [ -n "$(SHARED_LIBS)" ]; then \ >>> set -e; \ >>> @@ -14,16 +14,19 @@ Index: openssl-1.0.0/engines/Makefile >>> for l in $(LIBNAMES); do \ >>> ( echo installing $$l; \ >>> pfx=lib; \ >>> -@@ -119,13 +119,13 @@ >>> + if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ >>> + sfx=".so"; \ >>> +- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ >>> ++ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \ >>> + else \ >>> + case "$(CFLAGS)" in \ >>> + *DSO_BEOS*) sfx=".so";; \ >>> +@@ -122,10 +122,10 @@ install: >>> *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ >>> *) sfx=".bad";; \ >>> esac; \ >>> - cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ >>> + cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \ >>> - else \ >>> - sfx=".so"; \ >>> -- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ >>> -+ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \ >>> fi; \ >>> - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ >>> - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ >>> @@ -32,20 +35,25 @@ Index: openssl-1.0.0/engines/Makefile >>> done; \ >>> fi >>> @target=install; $(RECURSIVE_MAKE) >>> -Index: openssl-1.0.0/engines/ccgost/Makefile >>> +Index: openssl-1.0.2/engines/ccgost/Makefile >>> =================================================================== >>> ---- openssl-1.0.0.orig/engines/ccgost/Makefile >>> -+++ openssl-1.0.0/engines/ccgost/Makefile >>> -@@ -53,13 +53,13 @@ >>> +--- openssl-1.0.2.orig/engines/ccgost/Makefile >>> ++++ openssl-1.0.2/engines/ccgost/Makefile >>> +@@ -47,7 +47,7 @@ install: >>> + pfx=lib; \ >>> + if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ >>> + sfx=".so"; \ >>> +- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ >>> ++ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \ >>> + else \ >>> + case "$(CFLAGS)" in \ >>> + *DSO_BEOS*) sfx=".so";; \ >>> +@@ -56,10 +56,10 @@ install: >>> *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ >>> *) sfx=".bad";; \ >>> esac; \ >>> - cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ >>> + cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \ >>> - else \ >>> - sfx=".so"; \ >>> -- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ >>> -+ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \ >>> fi; \ >>> - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ >>> - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ >>> diff --git a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch >>> index f0e1778..06d1ea6 100644 >>> --- a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch >>> +++ b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch >>> @@ -6,17 +6,16 @@ http://rt.openssl.org/Ticket/Display.html?id=2867 >>> >>> Signed-Off-By: Muhammad Shakeel >>> >>> -diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c >>> -index 3232cfe..df84922 100644 >>> +Index: openssl-1.0.2/crypto/evp/e_des3.c >>> =================================================================== >>> ---- a/crypto/evp/e_des3.c >>> -+++ b/crypto/evp/e_des3.c >>> -@@ -173,7 +173,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, >>> +--- openssl-1.0.2.orig/crypto/evp/e_des3.c >>> ++++ openssl-1.0.2/crypto/evp/e_des3.c >>> +@@ -211,7 +211,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPH >>> size_t n; >>> - unsigned char c[1],d[1]; >>> + unsigned char c[1], d[1]; >>> >>> -- for(n=0 ; n < inl ; ++n) >>> -+ for(n=0 ; n < inl*8 ; ++n) >>> - { >>> - c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; >>> - DES_ede3_cfb_encrypt(c,d,1,1, >>> +- for (n = 0; n < inl; ++n) { >>> ++ for (n = 0; n * 8 < inl; ++n) { >>> + c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; >>> + DES_ede3_cfb_encrypt(c, d, 1, 1, >>> + &data(ctx)->ks1, &data(ctx)->ks2, >>> diff --git a/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch b/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch >>> deleted file mode 100644 >>> index 770097d..0000000 >>> --- a/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch >>> +++ /dev/null >>> @@ -1,120 +0,0 @@ >>> -From: Andy Polyakov >>> -Date: Sun, 13 Oct 2013 17:15:15 +0000 (+0200) >>> -Subject: Initial aarch64 bits. >>> -X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=039081b80977e2a5de84e1f88f8b4d025b559956 >>> - >>> -Initial aarch64 bits. >>> -Upstream-Status: backport (will be included in 1.0.2) >>> ---- >>> - crypto/bn/bn_lcl.h | 9 +++++++++ >>> - crypto/md32_common.h | 18 ++++++++++++++++++ >>> - crypto/modes/modes_lcl.h | 8 ++++++++ >>> - crypto/sha/sha512.c | 13 +++++++++++++ >>> - 4 files changed, 48 insertions(+) >>> - >>> -Index: openssl-1.0.1f/crypto/bn/bn_lcl.h >>> -=================================================================== >>> ---- openssl-1.0.1f.orig/crypto/bn/bn_lcl.h 2014-01-06 15:47:42.000000000 +0200 >>> -+++ openssl-1.0.1f/crypto/bn/bn_lcl.h 2014-02-28 10:37:55.495979037 +0200 >>> -@@ -300,6 +300,15 @@ >>> - : "r"(a), "r"(b)); >>> - # endif >>> - # endif >>> -+# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG) >>> -+# if defined(__GNUC__) && __GNUC__>=2 >>> -+# define BN_UMULT_HIGH(a,b) ({ \ >>> -+ register BN_ULONG ret; \ >>> -+ asm ("umulh %0,%1,%2" \ >>> -+ : "=r"(ret) \ >>> -+ : "r"(a), "r"(b)); \ >>> -+ ret; }) >>> -+# endif >>> - # endif /* cpu */ >>> - #endif /* OPENSSL_NO_ASM */ >>> - >>> -Index: openssl-1.0.1f/crypto/md32_common.h >>> -=================================================================== >>> ---- openssl-1.0.1f.orig/crypto/md32_common.h 2014-01-06 15:47:42.000000000 +0200 >>> -+++ openssl-1.0.1f/crypto/md32_common.h 2014-02-28 10:39:21.751979107 +0200 >>> -@@ -213,6 +213,24 @@ >>> - asm ("bswapl %0":"=r"(r):"0"(r)); \ >>> - *((unsigned int *)(c))=r; (c)+=4; r; }) >>> - # endif >>> -+# elif defined(__aarch64__) >>> -+# if defined(__BYTE_ORDER__) >>> -+# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ >>> -+# define HOST_c2l(c,l) ({ unsigned int r; \ >>> -+ asm ("rev %w0,%w1" \ >>> -+ :"=r"(r) \ >>> -+ :"r"(*((const unsigned int *)(c))));\ >>> -+ (c)+=4; (l)=r; }) >>> -+# define HOST_l2c(l,c) ({ unsigned int r; \ >>> -+ asm ("rev %w0,%w1" \ >>> -+ :"=r"(r) \ >>> -+ :"r"((unsigned int)(l)));\ >>> -+ *((unsigned int *)(c))=r; (c)+=4; r; }) >>> -+# elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__ >>> -+# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l)) >>> -+# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) >>> -+# endif >>> -+# endif >>> - # endif >>> - # endif >>> - #endif >>> -Index: openssl-1.0.1f/crypto/modes/modes_lcl.h >>> -=================================================================== >>> ---- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h 2014-02-28 10:47:48.731979011 +0200 >>> -+++ openssl-1.0.1f/crypto/modes/modes_lcl.h 2014-02-28 10:48:49.707978919 +0200 >>> -@@ -29,6 +29,7 @@ >>> - #if defined(__i386) || defined(__i386__) || \ >>> - defined(__x86_64) || defined(__x86_64__) || \ >>> - defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ >>> -+ defined(__aarch64__) || \ >>> - defined(__s390__) || defined(__s390x__) >>> - # undef STRICT_ALIGNMENT >>> - #endif >>> -@@ -50,6 +51,13 @@ >>> - # define BSWAP4(x) ({ u32 ret=(x); \ >>> - asm ("bswapl %0" \ >>> - : "+r"(ret)); ret; }) >>> -+# elif defined(__aarch64__) >>> -+# define BSWAP8(x) ({ u64 ret; \ >>> -+ asm ("rev %0,%1" \ >>> -+ : "=r"(ret) : "r"(x)); ret; }) >>> -+# define BSWAP4(x) ({ u32 ret; \ >>> -+ asm ("rev %w0,%w1" \ >>> -+ : "=r"(ret) : "r"(x)); ret; }) >>> - # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT) >>> - # define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \ >>> - asm ("rev %0,%0; rev %1,%1" \ >>> -Index: openssl-1.0.1f/crypto/sha/sha512.c >>> -=================================================================== >>> ---- openssl-1.0.1f.orig/crypto/sha/sha512.c 2014-01-06 15:47:42.000000000 +0200 >>> -+++ openssl-1.0.1f/crypto/sha/sha512.c 2014-02-28 10:52:14.579978981 +0200 >>> -@@ -55,6 +55,7 @@ >>> - #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ >>> - defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ >>> - defined(__s390__) || defined(__s390x__) || \ >>> -+ defined(__aarch64__) || \ >>> - defined(SHA512_ASM) >>> - #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA >>> - #endif >>> -@@ -347,6 +348,18 @@ >>> - asm ("rotrdi %0,%1,%2" \ >>> - : "=r"(ret) \ >>> - : "r"(a),"K"(n)); ret; }) >>> -+# elif defined(__aarch64__) >>> -+# define ROTR(a,n) ({ SHA_LONG64 ret; \ >>> -+ asm ("ror %0,%1,%2" \ >>> -+ : "=r"(ret) \ >>> -+ : "r"(a),"I"(n)); ret; }) >>> -+# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ >>> -+ __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ >>> -+# define PULL64(x) ({ SHA_LONG64 ret; \ >>> -+ asm ("rev %0,%1" \ >>> -+ : "=r"(ret) \ >>> -+ : "r"(*((const SHA_LONG64 *)(&(x))))); ret; }) >>> -+# endif >>> - # endif >>> - # elif defined(_MSC_VER) >>> - # if defined(_WIN64) /* applies to both IA-64 and AMD64 */ >>> diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch >>> index c161e62..cebc8cf 100644 >>> --- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch >>> +++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch >>> @@ -8,14 +8,16 @@ http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html >>> >>> Signed-off-by: Xufeng Zhang >>> --- >>> ---- a/crypto/evp/digest.c >>> -+++ b/crypto/evp/digest.c >>> -@@ -199,7 +199,7 @@ >>> - return 0; >>> - } >>> +Index: openssl-1.0.2/crypto/evp/digest.c >>> +=================================================================== >>> +--- openssl-1.0.2.orig/crypto/evp/digest.c >>> ++++ openssl-1.0.2/crypto/evp/digest.c >>> +@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c >>> + return 0; >>> + } >>> #endif >>> -- if (ctx->digest != type) >>> -+ if (type && (ctx->digest != type)) >>> - { >>> - if (ctx->digest && ctx->digest->ctx_size) >>> - OPENSSL_free(ctx->md_data); >>> +- if (ctx->digest != type) { >>> ++ if (type && (ctx->digest != type)) { >>> + if (ctx->digest && ctx->digest->ctx_size) >>> + OPENSSL_free(ctx->md_data); >>> + ctx->digest = type; >>> diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch >>> index 3e93fe4..d7047bb 100644 >>> --- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch >>> +++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch >>> @@ -8,32 +8,19 @@ http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html >>> >>> Signed-off-by: Xufeng Zhang >>> --- >>> ---- a/crypto/dh/dh_ameth.c >>> -+++ b/crypto/dh/dh_ameth.c >>> -@@ -139,6 +139,12 @@ >>> - dh=pkey->pkey.dh; >>> +Index: openssl-1.0.2/crypto/dh/dh_ameth.c >>> +=================================================================== >>> +--- openssl-1.0.2.orig/crypto/dh/dh_ameth.c >>> ++++ openssl-1.0.2/crypto/dh/dh_ameth.c >>> +@@ -161,6 +161,11 @@ static int dh_pub_encode(X509_PUBKEY *pk >>> + dh = pkey->pkey.dh; >>> >>> - str = ASN1_STRING_new(); >>> -+ if (!str) >>> -+ { >>> -+ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); >>> -+ goto err; >>> -+ } >>> + str = ASN1_STRING_new(); >>> ++ if (!str) { >>> ++ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); >>> ++ goto err; >>> ++ } >>> + >>> - str->length = i2d_DHparams(dh, &str->data); >>> - if (str->length <= 0) >>> - { >>> ---- a/crypto/dsa/dsa_ameth.c >>> -+++ b/crypto/dsa/dsa_ameth.c >>> -@@ -148,6 +148,11 @@ >>> - { >>> - ASN1_STRING *str; >>> - str = ASN1_STRING_new(); >>> -+ if (!str) >>> -+ { >>> -+ DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); >>> -+ goto err; >>> -+ } >>> - str->length = i2d_DSAparams(dsa, &str->data); >>> - if (str->length <= 0) >>> - { >>> + str->length = i2d_dhp(pkey, dh, &str->data); >>> + if (str->length <= 0) { >>> + DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); >>> diff --git a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch >>> index 93ce034..cbce32c 100644 >>> --- a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch >>> +++ b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch >>> @@ -6,64 +6,13 @@ Signed-Off-By: Nitin A Kamble 2011/07/13 >>> >>> ported the patch to the 1.0.0e version >>> Signed-Off-By: Nitin A Kamble 2011/12/01 >>> -Index: openssl-1.0.1e/Configure >>> +Index: openssl-1.0.2/crypto/bn/bn.h >>> =================================================================== >>> ---- openssl-1.0.1e.orig/Configure >>> -+++ openssl-1.0.1e/Configure >>> -@@ -402,6 +402,7 @@ my %table=( >>> - "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> - "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", >>> - "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", >>> -+"linux-x32", "gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", >>> - "linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", >>> - #### So called "highgprs" target for z/Architecture CPUs >>> - # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see >>> -Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c >>> -=================================================================== >>> ---- openssl-1.0.1e.orig/crypto/bn/asm/x86_64-gcc.c >>> -+++ openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c >>> -@@ -55,7 +55,7 @@ >>> - * machine. >>> - */ >>> - >>> --#ifdef _WIN64 >>> -+#if defined _WIN64 || !defined __LP64__ >>> - #define BN_ULONG unsigned long long >>> - #else >>> - #define BN_ULONG unsigned long >>> -@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con >>> - asm ( >>> - " subq %2,%2 \n" >>> - ".p2align 4 \n" >>> -- "1: movq (%4,%2,8),%0 \n" >>> -- " adcq (%5,%2,8),%0 \n" >>> -- " movq %0,(%3,%2,8) \n" >>> -+ "1: movq (%q4,%2,8),%0 \n" >>> -+ " adcq (%q5,%2,8),%0 \n" >>> -+ " movq %0,(%q3,%2,8) \n" >>> - " leaq 1(%2),%2 \n" >>> - " loop 1b \n" >>> - " sbbq %0,%0 \n" >>> -@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con >>> - asm ( >>> - " subq %2,%2 \n" >>> - ".p2align 4 \n" >>> -- "1: movq (%4,%2,8),%0 \n" >>> -- " sbbq (%5,%2,8),%0 \n" >>> -- " movq %0,(%3,%2,8) \n" >>> -+ "1: movq (%q4,%2,8),%0 \n" >>> -+ " sbbq (%q5,%2,8),%0 \n" >>> -+ " movq %0,(%q3,%2,8) \n" >>> - " leaq 1(%2),%2 \n" >>> - " loop 1b \n" >>> - " sbbq %0,%0 \n" >>> -Index: openssl-1.0.1e/crypto/bn/bn.h >>> -=================================================================== >>> ---- openssl-1.0.1e.orig/crypto/bn/bn.h >>> -+++ openssl-1.0.1e/crypto/bn/bn.h >>> -@@ -172,6 +172,13 @@ extern "C" { >>> +--- openssl-1.0.2.orig/crypto/bn/bn.h >>> ++++ openssl-1.0.2/crypto/bn/bn.h >>> +@@ -173,6 +173,13 @@ extern "C" { >>> + # endif >>> # endif >>> - #endif >>> >>> +/* Address type. */ >>> +#ifdef _WIN64 >>> @@ -72,19 +21,19 @@ Index: openssl-1.0.1e/crypto/bn/bn.h >>> +#define BN_ADDR unsigned long >>> +#endif >>> + >>> - /* assuming long is 64bit - this is the DEC Alpha >>> - * unsigned long long is only 64 bits :-(, don't define >>> - * BN_LLONG for the DEC Alpha */ >>> -Index: openssl-1.0.1e/crypto/bn/bn_exp.c >>> + /* >>> + * assuming long is 64bit - this is the DEC Alpha unsigned long long is only >>> + * 64 bits :-(, don't define BN_LLONG for the DEC Alpha >>> +Index: openssl-1.0.2/crypto/bn/bn_exp.c >>> =================================================================== >>> ---- openssl-1.0.1e.orig/crypto/bn/bn_exp.c >>> -+++ openssl-1.0.1e/crypto/bn/bn_exp.c >>> -@@ -567,7 +567,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU >>> - >>> - /* Given a pointer value, compute the next address that is a cache line multiple. */ >>> +--- openssl-1.0.2.orig/crypto/bn/bn_exp.c >>> ++++ openssl-1.0.2/crypto/bn/bn_exp.c >>> +@@ -638,7 +638,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU >>> + * multiple. >>> + */ >>> #define MOD_EXP_CTIME_ALIGN(x_) \ >>> -- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) >>> +- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) >>> + ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) >>> >>> - /* This variant of BN_mod_exp_mont() uses fixed windows and the special >>> - * precomputation memory layout to limit data-dependency to a minimum >>> + /* >>> + * This variant of BN_mod_exp_mont() uses fixed windows and the special >>> diff --git a/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch b/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch >>> index 527e10c..ef6d179 100644 >>> --- a/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch >>> +++ b/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch >>> @@ -10,11 +10,11 @@ Upstream-Status: Inappropriate [config] >>> >>> Signed-off-by: Paul Eggleton >>> >>> -diff --git a/test/Makefile b/test/Makefile >>> -index e6fcfb4..5ae043b 100644 >>> ---- a/test/Makefile >>> -+++ b/test/Makefile >>> -@@ -322,11 +322,11 @@ test_cms: >>> +Index: openssl-1.0.2/test/Makefile >>> +=================================================================== >>> +--- openssl-1.0.2.orig/test/Makefile >>> ++++ openssl-1.0.2/test/Makefile >>> +@@ -330,7 +330,7 @@ test_cms: ../apps/openssl$(EXE_EXT) cms- >>> @echo "CMS consistency test" >>> $(PERL) cms-test.pl >>> >>> @@ -23,8 +23,12 @@ index e6fcfb4..5ae043b 100644 >>> @echo "Test SRP" >>> ../util/shlib_wrap.sh ./srptest >>> >>> +@@ -342,7 +342,7 @@ test_v3name: $(V3NAMETEST)$(EXE_EXT) >>> + @echo "Test X509v3_check_*" >>> + ../util/shlib_wrap.sh ./$(V3NAMETEST) >>> + >>> -test_heartbeat: $(HEARTBEATTEST)$(EXE_EXT) >>> +test_heartbeat: >>> ../util/shlib_wrap.sh ./$(HEARTBEATTEST) >>> >>> - lint: >>> + test_constant_time: $(CONSTTIMETEST)$(EXE_EXT) >>> diff --git a/meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch b/meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch >>> new file mode 100644 >>> index 0000000..fcfccfa >>> --- /dev/null >>> +++ b/meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch >>> @@ -0,0 +1,66 @@ >>> +Index: openssl-1.0.2/openssl.ld >>> +=================================================================== >>> +--- openssl-1.0.2.orig/openssl.ld >>> ++++ openssl-1.0.2/openssl.ld >>> +@@ -4618,3 +4618,61 @@ OPENSSL_1.0.1d { >>> + CRYPTO_memcmp; >>> + } OPENSSL_1.0.1; >>> + >>> ++OPENSSL_1.0.2 { >>> ++ global: >>> ++ ASN1_TIME_diff; >>> ++ CMS_RecipientInfo_get0_pkey_ctx; >>> ++ CMS_RecipientInfo_kari_get0_ctx; >>> ++ CMS_SignerInfo_get0_pkey_ctx; >>> ++ DH_get_1024_160; >>> ++ DH_get_2048_224; >>> ++ DH_get_2048_256; >>> ++ DTLS_client_method; >>> ++ DTLS_server_method; >>> ++ DTLSv1_2_client_method; >>> ++ DTLSv1_2_server_method; >>> ++ EC_curve_nid2nist; >>> ++ EC_curve_nist2nid; >>> ++ EVP_aes_128_cbc_hmac_sha256; >>> ++ EVP_aes_128_wrap; >>> ++ EVP_aes_192_wrap; >>> ++ EVP_aes_256_cbc_hmac_sha256; >>> ++ EVP_aes_256_wrap; >>> ++ EVP_des_ede3_wrap; >>> ++ OCSP_REQ_CTX_http; >>> ++ OCSP_REQ_CTX_new; >>> ++ PEM_write_bio_DHxparams; >>> ++ SSL_CIPHER_find; >>> ++ SSL_CONF_CTX_finish; >>> ++ SSL_CONF_CTX_free; >>> ++ SSL_CONF_CTX_new; >>> ++ SSL_CONF_CTX_set_flags; >>> ++ SSL_CONF_CTX_set_ssl_ctx; >>> ++ SSL_CONF_cmd; >>> ++ SSL_CONF_cmd_argv; >>> ++ SSL_CTX_add_client_custom_ext; >>> ++ SSL_CTX_add_server_custom_ext; >>> ++ SSL_CTX_set_alpn_protos; >>> ++ SSL_CTX_set_alpn_select_cb; >>> ++ SSL_CTX_set_cert_cb; >>> ++ SSL_CTX_use_serverinfo_file; >>> ++ SSL_certs_clear; >>> ++ SSL_check_chain; >>> ++ SSL_get0_alpn_selected; >>> ++ SSL_get_shared_sigalgs; >>> ++ SSL_get_sigalgs; >>> ++ SSL_is_server; >>> ++ X509_CRL_diff; >>> ++ X509_CRL_http_nbio; >>> ++ X509_STORE_set_lookup_crls_cb; >>> ++ X509_VERIFY_PARAM_set1_email; >>> ++ X509_VERIFY_PARAM_set1_host; >>> ++ X509_VERIFY_PARAM_set1_ip_asc; >>> ++ X509_chain_check_suiteb; >>> ++ X509_chain_up_ref; >>> ++ X509_check_email; >>> ++ X509_check_host; >>> ++ X509_check_ip_asc; >>> ++ X509_get_signature_nid; >>> ++ X509_http_nbio; >>> ++} OPENSSL_1.0.1d; >>> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1k.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2.bb >>> similarity index 84% >>> rename from meta/recipes-connectivity/openssl/openssl_1.0.1k.bb >>> rename to meta/recipes-connectivity/openssl/openssl_1.0.2.bb >>> index 16ffc58..79537f9 100644 >>> --- a/meta/recipes-connectivity/openssl/openssl_1.0.1k.bb >>> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2.bb >>> @@ -16,21 +16,22 @@ SRC_URI += "file://configure-targets.patch \ >>> file://oe-ldflags.patch \ >>> file://engines-install-in-libdir-ssl.patch \ >>> file://openssl-fix-link.patch \ >>> - file://debian/version-script.patch \ >>> - file://debian/pic.patch \ >>> - file://debian/c_rehash-compat.patch \ >>> + file://debian1.0.2/block_diginotar.patch \ >>> + file://debian1.0.2/block_digicert_malaysia.patch \ >>> + file://debian1.0.2/padlock_conf.patch \ >>> file://debian/ca.patch \ >>> - file://debian/make-targets.patch \ >>> - file://debian/no-rpath.patch \ >>> + file://debian/c_rehash-compat.patch \ >>> + file://debian/debian-targets.patch \ >>> file://debian/man-dir.patch \ >>> file://debian/man-section.patch \ >>> + file://debian/no-rpath.patch \ >>> file://debian/no-symbolic.patch \ >>> - file://debian/debian-targets.patch \ >>> + file://debian/pic.patch \ >>> + file://debian/version-script.patch \ >>> file://openssl_fix_for_x32.patch \ >>> file://fix-cipher-des-ede3-cfb1.patch \ >>> file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ >>> file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \ >>> - file://initial-aarch64-bits.patch \ >>> file://find.pl \ >>> file://openssl-fix-des.pod-error.patch \ >>> file://Makefiles-ptest.patch \ >>> @@ -38,8 +39,8 @@ SRC_URI += "file://configure-targets.patch \ >>> file://run-ptest \ >>> " >>> >>> -SRC_URI[md5sum] = "d4f002bd22a56881340105028842ae1f" >>> -SRC_URI[sha256sum] = "8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c" >>> +SRC_URI[md5sum] = "38373013fc85c790aabf8837969c5eba" >>> +SRC_URI[sha256sum] = "8c48baf3babe0d505d16cfc0cf272589c66d3624264098213db0fb00034728e9" >>> >>> PACKAGES =+ " \ >>> ${PN}-engines \ >>> >> -- >> _______________________________________________ >> Openembedded-core mailing list >> Openembedded-core@lists.openembedded.org >> http://lists.openembedded.org/mailman/listinfo/openembedded-core >