libxml2/libxml2-2.7.1.tar.gz
nsis/nsis-2.19-src.tar.bz2
nsis/nsis-2.39-src.tar.bz2
+openssl/openssl-0.9.8g-usa.tar.bz2
pango/pango-1.21.6.tar.bz2
pdcurses/PDCurses-3.4.tar.gz
pixman/pixman-0.11.10.tar.gz
--- /dev/null
+#!/bin/sh
+
+# Quit out if anything fails.
+set -e
+
+# Clean out patent-or-otherwise-encumbered code.
+# MDC-2: 4,908,861 13/03/2007
+# IDEA: 5,214,703 25/05/2010
+# RC5: 5,724,428 03/03/2015
+# EC: ????????? ??/??/2015
+
+# Remove assembler portions of IDEA, MDC2, and RC5.
+(find crypto/{idea,mdc2,rc5}/asm -type f | xargs -r rm -fv)
+
+# IDEA, MDC2, RC5, EC.
+for a in idea mdc2 rc5 ec ecdh ecdsa; do
+ for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do
+ echo Destroying $c
+ > $c
+ done
+done
+
+for c in `find crypto/evp -name "*_rc5.c" -o -name "*_idea.c" -o -name "*_mdc2.c" -o -name "*_ecdsa.c"`; do
+ echo Destroying $c
+ > $c
+done
+
+for h in `find crypto ssl apps test -name "*.h"` ; do
+ echo Removing IDEA, MDC2, RC5, and EC references from $h
+ cat $h | \
+ awk 'BEGIN {ech=1;} \
+ /^#[ \t]*ifndef.*NO_IDEA/ {ech--; next;} \
+ /^#[ \t]*ifndef.*NO_MDC2/ {ech--; next;} \
+ /^#[ \t]*ifndef.*NO_RC5/ {ech--; next;} \
+ /^#[ \t]*ifndef.*NO_EC/ {ech--; next;} \
+ /^#[ \t]*ifndef.*NO_ECDH/ {ech--; next;} \
+ /^#[ \t]*ifndef.*NO_ECDSA/ {ech--; next;} \
+ /^#[ \t]*if/ {if(ech < 1) ech--;} \
+ {if(ech>0) {;print $0};} \
+ /^#[ \t]*endif/ {if(ech < 1) ech++;}' > $h.hobbled && \
+ mv $h.hobbled $h
+done
+
+# Make the makefiles happy.
+touch crypto/rc5/asm/rc5-586.pl
--- /dev/null
+#!/bin/sh
+umask 077
+
+answers() {
+ echo --
+ echo SomeState
+ echo SomeCity
+ echo SomeOrganization
+ echo SomeOrganizationalUnit
+ echo localhost.localdomain
+ echo root@localhost.localdomain
+}
+
+if [ $# -eq 0 ] ; then
+ echo $"Usage: `basename $0` filename [...]"
+ exit 0
+fi
+
+for target in $@ ; do
+ PEM1=`/bin/mktemp /tmp/openssl.XXXXXX`
+ PEM2=`/bin/mktemp /tmp/openssl.XXXXXX`
+ trap "rm -f $PEM1 $PEM2" SIGINT
+ answers | /usr/bin/openssl req -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 2> /dev/null
+ cat $PEM1 > ${target}
+ echo "" >> ${target}
+ cat $PEM2 >> ${target}
+ rm -f $PEM1 $PEM2
+done
--- /dev/null
+The 'mingw' target to Configure has some problems with cross-compilation.
+
+ - RWMJ 2008-09-30
+
+diff -ur openssl-0.9.8g.orig/Configure openssl-0.9.8g.mingw/Configure
+--- openssl-0.9.8g.orig/Configure 2008-09-30 14:16:16.000000000 +0100
++++ openssl-0.9.8g.mingw/Configure 2008-09-30 14:59:34.000000000 +0100
+@@ -468,7 +468,7 @@
+ "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32",
+
+ # MinGW
+-"mingw", "gcc:-mno-cygwin -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall -D_WIN32_WINNT=0x333:::MINGW32:-lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_coff_asm}:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin -shared:.dll.a",
++"mingw", "i686-pc-mingw32-gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall -D_WIN32_WINNT=0x333 -DMK1MF_BUILD:::MINGW32:-lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_coff_asm}:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-shared:.dll.a:i686-pc-mingw32-ranlib",
+
+ # UWIN
+ "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
--- /dev/null
+Fix global variable macros.
+
+ - RWMJ 2008-09-30
+
+diff -ur openssl-0.9.8g.orig/e_os2.h openssl-0.9.8g.mingw/e_os2.h
+--- openssl-0.9.8g.orig/e_os2.h 2005-12-18 18:57:07.000000000 +0000
++++ openssl-0.9.8g.mingw/e_os2.h 2008-09-30 14:27:53.000000000 +0100
+@@ -264,7 +264,7 @@
+ # define OPENSSL_IMPLEMENT_GLOBAL(type,name) \
+ extern type _hide_##name; \
+ type *_shadow_##name(void) { return &_hide_##name; } \
+- static type _hide_##name
++ type _hide_##name
+ # define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void)
+ # define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name()))
+ #else
--- /dev/null
+Fix the location of certain header files.
+
+ - RWMJ 2008-09-30
+
+diff -ur openssl-0.9.8g.orig/apps/speed.c openssl-0.9.8g.mingw/apps/speed.c
+--- openssl-0.9.8g.orig/apps/speed.c 2008-09-30 14:16:16.000000000 +0100
++++ openssl-0.9.8g.mingw/apps/speed.c 2008-09-30 14:53:25.000000000 +0100
+@@ -165,7 +165,7 @@
+ #include <openssl/aes.h>
+ #endif
+ #ifndef OPENSSL_NO_CAMELLIA
+-#include <openssl/camellia.h>
++#include "../crypto/camellia/camellia.h"
+ #endif
+ #ifndef OPENSSL_NO_MD2
+ #include <openssl/md2.h>
+@@ -202,7 +202,7 @@
+ #include <openssl/idea.h>
+ #endif
+ #ifndef OPENSSL_NO_SEED
+-#include <openssl/seed.h>
++#include "../crypto/seed/seed.h"
+ #endif
+ #ifndef OPENSSL_NO_BF
+ #include <openssl/blowfish.h>
+diff -ur openssl-0.9.8g.orig/crypto/camellia/cmll_cbc.c openssl-0.9.8g.mingw/crypto/camellia/cmll_cbc.c
+--- openssl-0.9.8g.orig/crypto/camellia/cmll_cbc.c 2006-12-02 12:00:27.000000000 +0000
++++ openssl-0.9.8g.mingw/crypto/camellia/cmll_cbc.c 2008-09-30 14:29:02.000000000 +0100
+@@ -58,7 +58,7 @@
+ #include <stdio.h>
+ #include <string.h>
+
+-#include <openssl/camellia.h>
++#include "camellia.h"
+ #include "cmll_locl.h"
+
+ void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
+diff -ur openssl-0.9.8g.orig/crypto/camellia/cmll_cfb.c openssl-0.9.8g.mingw/crypto/camellia/cmll_cfb.c
+--- openssl-0.9.8g.orig/crypto/camellia/cmll_cfb.c 2006-06-09 23:31:05.000000000 +0100
++++ openssl-0.9.8g.mingw/crypto/camellia/cmll_cfb.c 2008-09-30 14:29:25.000000000 +0100
+@@ -113,7 +113,7 @@
+ #include <assert.h>
+ #include <string.h>
+
+-#include <openssl/camellia.h>
++#include "camellia.h"
+ #include "cmll_locl.h"
+ #include "e_os.h"
+
+diff -ur openssl-0.9.8g.orig/crypto/camellia/cmll_ctr.c openssl-0.9.8g.mingw/crypto/camellia/cmll_ctr.c
+--- openssl-0.9.8g.orig/crypto/camellia/cmll_ctr.c 2006-06-09 23:31:05.000000000 +0100
++++ openssl-0.9.8g.mingw/crypto/camellia/cmll_ctr.c 2008-09-30 14:29:36.000000000 +0100
+@@ -56,7 +56,7 @@
+ #endif
+ #include <assert.h>
+
+-#include <openssl/camellia.h>
++#include "camellia.h"
+ #include "cmll_locl.h"
+
+ /* NOTE: the IV/counter CTR mode is big-endian. The rest of the Camellia code
+diff -ur openssl-0.9.8g.orig/crypto/camellia/cmll_ecb.c openssl-0.9.8g.mingw/crypto/camellia/cmll_ecb.c
+--- openssl-0.9.8g.orig/crypto/camellia/cmll_ecb.c 2006-06-09 23:31:05.000000000 +0100
++++ openssl-0.9.8g.mingw/crypto/camellia/cmll_ecb.c 2008-09-30 14:28:50.000000000 +0100
+@@ -56,7 +56,7 @@
+ #endif
+ #include <assert.h>
+
+-#include <openssl/camellia.h>
++#include "camellia.h"
+ #include "cmll_locl.h"
+
+ void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
+diff -ur openssl-0.9.8g.orig/crypto/camellia/cmll_misc.c openssl-0.9.8g.mingw/crypto/camellia/cmll_misc.c
+--- openssl-0.9.8g.orig/crypto/camellia/cmll_misc.c 2007-01-21 13:16:21.000000000 +0000
++++ openssl-0.9.8g.mingw/crypto/camellia/cmll_misc.c 2008-09-30 14:28:37.000000000 +0100
+@@ -50,7 +50,7 @@
+ */
+
+ #include <openssl/opensslv.h>
+-#include <openssl/camellia.h>
++#include "camellia.h"
+ #include "cmll_locl.h"
+
+ const char CAMELLIA_version[]="CAMELLIA" OPENSSL_VERSION_PTEXT;
+diff -ur openssl-0.9.8g.orig/crypto/camellia/cmll_ofb.c openssl-0.9.8g.mingw/crypto/camellia/cmll_ofb.c
+--- openssl-0.9.8g.orig/crypto/camellia/cmll_ofb.c 2006-06-09 23:31:05.000000000 +0100
++++ openssl-0.9.8g.mingw/crypto/camellia/cmll_ofb.c 2008-09-30 14:29:14.000000000 +0100
+@@ -111,7 +111,7 @@
+ # endif
+ #endif
+ #include <assert.h>
+-#include <openssl/camellia.h>
++#include "camellia.h"
+ #include "cmll_locl.h"
+
+ /* The input and output encrypted as though 128bit ofb mode is being
+diff -ur openssl-0.9.8g.orig/crypto/evp/e_camellia.c openssl-0.9.8g.mingw/crypto/evp/e_camellia.c
+--- openssl-0.9.8g.orig/crypto/evp/e_camellia.c 2006-08-31 21:56:52.000000000 +0100
++++ openssl-0.9.8g.mingw/crypto/evp/e_camellia.c 2008-09-30 14:31:31.000000000 +0100
+@@ -59,7 +59,7 @@
+ #include <openssl/err.h>
+ #include <string.h>
+ #include <assert.h>
+-#include <openssl/camellia.h>
++#include "../camellia/camellia.h"
+ #include "evp_locl.h"
+
+ static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+diff -ur openssl-0.9.8g.orig/crypto/evp/e_seed.c openssl-0.9.8g.mingw/crypto/evp/e_seed.c
+--- openssl-0.9.8g.orig/crypto/evp/e_seed.c 2007-07-04 13:56:32.000000000 +0100
++++ openssl-0.9.8g.mingw/crypto/evp/e_seed.c 2008-09-30 14:31:46.000000000 +0100
+@@ -59,7 +59,7 @@
+ #include <string.h>
+ #include <assert.h>
+ #ifndef OPENSSL_NO_SEED
+-#include <openssl/seed.h>
++#include "../seed/seed.h"
+ #include "evp_locl.h"
+
+ static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc);
+diff -ur openssl-0.9.8g.orig/crypto/seed/seed.c openssl-0.9.8g.mingw/crypto/seed/seed.c
+--- openssl-0.9.8g.orig/crypto/seed/seed.c 2007-04-24 00:50:10.000000000 +0100
++++ openssl-0.9.8g.mingw/crypto/seed/seed.c 2008-09-30 14:29:58.000000000 +0100
+@@ -32,7 +32,7 @@
+ #include <memory.h>
+ #endif
+
+-#include <openssl/seed.h>
++#include "seed.h"
+ #include "seed_locl.h"
+
+ static seed_word SS[4][256] = { {
+diff -ur openssl-0.9.8g.orig/crypto/seed/seed_ecb.c openssl-0.9.8g.mingw/crypto/seed/seed_ecb.c
+--- openssl-0.9.8g.orig/crypto/seed/seed_ecb.c 2007-04-24 00:50:10.000000000 +0100
++++ openssl-0.9.8g.mingw/crypto/seed/seed_ecb.c 2008-09-30 14:30:21.000000000 +0100
+@@ -49,7 +49,7 @@
+ *
+ */
+
+-#include <openssl/seed.h>
++#include "seed.h"
+
+ void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, const SEED_KEY_SCHEDULE *ks, int enc)
+ {
+diff -ur openssl-0.9.8g.orig/crypto/seed/seed_locl.h openssl-0.9.8g.mingw/crypto/seed/seed_locl.h
+--- openssl-0.9.8g.orig/crypto/seed/seed_locl.h 2008-09-30 14:16:15.000000000 +0100
++++ openssl-0.9.8g.mingw/crypto/seed/seed_locl.h 2008-09-30 14:30:10.000000000 +0100
+@@ -27,7 +27,7 @@
+ #define HEADER_SEED_LOCL_H
+
+ #include "openssl/e_os2.h"
+-#include <openssl/seed.h>
++#include "seed.h"
+
+
+ #ifdef SEED_LONG /* need 32-bit type */
--- /dev/null
+Fix build of shared libraries on MinGW cross-compilation target.
+
+ - RWMJ 2008-09-30
+
+diff -ur openssl-0.9.8g.orig/Makefile.shared openssl-0.9.8g.mingw/Makefile.shared
+--- openssl-0.9.8g.orig/Makefile.shared 2008-09-30 14:16:16.000000000 +0100
++++ openssl-0.9.8g.mingw/Makefile.shared 2008-09-30 15:19:51.000000000 +0100
+@@ -101,7 +101,7 @@
+ LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+ SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
+ SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+- nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \
++ i686-pc-mingw32-nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \
+ LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
+ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+@@ -238,7 +238,7 @@
+ SHLIB=cyg$(LIBNAME); \
+ base=-Wl,--enable-auto-image-base; \
+ if expr $(PLATFORM) : 'mingw' > /dev/null; then \
+- SHLIB=$(LIBNAME)eay32; base=; \
++ SHLIB=lib$(LIBNAME); base=; \
+ fi; \
+ SHLIB_SUFFIX=.dll; \
+ LIBVERSION="$(LIBVERSION)"; \
+@@ -253,7 +253,7 @@
+ SHLIB=cyg$(LIBNAME); \
+ base=-Wl,--enable-auto-image-base; \
+ if expr $(PLATFORM) : 'mingw' > /dev/null; then \
+- SHLIB=$(LIBNAME)eay32; \
++ SHLIB=lib$(LIBNAME); \
+ base=; [ $(LIBNAME) = "crypto" ] && base=-Wl,--image-base,0x63000000; \
+ fi; \
+ SHLIB_SUFFIX=.dll; \
--- /dev/null
+%define __strip %{_mingw32_strip}
+%define __objdump %{_mingw32_objdump}
+%define _use_internal_dependency_generator 0
+%define __find_requires %{_mingw32_findrequires}
+%define __find_provides %{_mingw32_findprovides}
+
+Name: mingw32-openssl
+Version: 0.9.8g
+Release: 1%{?dist}
+Summary: MinGW port of the OpenSSL toolkit
+
+License: OpenSSL
+Group: Development/Libraries
+URL: http://www.openssl.org/
+
+# Use the hobble-openssl script to create the source file.
+Source0: openssl-%{version}-usa.tar.bz2
+
+Source1: hobble-openssl
+Source2: Makefile.certificate
+Source6: make-dummy-cert
+Source8: openssl-thread-test.c
+Source9: opensslconf-new.h
+Source10: opensslconf-new-warning.h
+
+# Patches from Fedora native package.
+Patch0: openssl-0.9.8g-redhat.patch
+Patch1: openssl-0.9.8a-defaults.patch
+Patch2: openssl-0.9.8a-link-krb5.patch
+Patch3: openssl-0.9.8g-soversion.patch
+Patch4: openssl-0.9.8a-enginesdir.patch
+Patch5: openssl-0.9.8a-no-rpath.patch
+Patch6: openssl-0.9.8b-test-use-localhost.patch
+Patch7: openssl-0.9.8g-shlib-version.patch
+Patch21: openssl-0.9.8b-aliasing-bug.patch
+Patch22: openssl-0.9.8b-x509-name-cmp.patch
+Patch23: openssl-0.9.8g-default-paths.patch
+Patch24: openssl-0.9.8g-no-extssl.patch
+Patch32: openssl-0.9.8g-ia64.patch
+Patch33: openssl-0.9.7f-ca-dir.patch
+Patch34: openssl-0.9.6-x509.patch
+Patch35: openssl-0.9.7-beta5-version-add-engines.patch
+Patch38: openssl-0.9.8a-reuse-cipher-change.patch
+# Disabled this because it uses getaddrinfo which is lacking on Windows.
+#Patch39: openssl-0.9.8g-ipv6-apps.patch
+Patch50: openssl-0.9.8g-speed-bug.patch
+Patch51: openssl-0.9.8g-bn-mul-bug.patch
+Patch52: openssl-0.9.8g-cve-2008-0891.patch
+Patch53: openssl-0.9.8g-cve-2008-1671.patch
+
+# MinGW-specific patches.
+Patch100: mingw32-openssl-0.9.8g-header-files.patch
+Patch101: mingw32-openssl-0.9.8g-configure.patch
+Patch102: mingw32-openssl-0.9.8g-shared.patch
+Patch103: mingw32-openssl-0.9.8g-global.patch
+
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+BuildArch: noarch
+
+BuildRequires: mingw32-filesystem >= 26
+BuildRequires: mingw32-gcc
+BuildRequires: mingw32-binutils
+
+BuildRequires: mingw32-zlib
+
+BuildRequires: mktemp
+#BuildRequires: krb5-devel
+BuildRequires: perl
+BuildRequires: sed
+BuildRequires: /usr/bin/cmp
+BuildRequires: /usr/bin/rename
+
+# Required to run the tests.
+BuildRequires: wine
+BuildRequires: xorg-x11-server-Xvfb
+
+#Requires: ca-certificates >= 2008-5
+Requires: pkgconfig
+
+
+%description
+The OpenSSL toolkit provides support for secure communications between
+machines. OpenSSL includes a certificate management tool and shared
+libraries which provide various cryptographic algorithms and
+protocols.
+
+This package contains Windows (MinGW) libraries and development tools.
+
+
+%prep
+%setup -q -n openssl-%{version}
+
+%{SOURCE1} > /dev/null
+%patch0 -p1 -b .redhat
+%patch1 -p1 -b .defaults
+# Fix link line for libssl (bug #111154).
+%patch2 -p1 -b .krb5
+%patch3 -p1 -b .soversion
+%patch4 -p1 -b .enginesdir
+%patch5 -p1 -b .no-rpath
+%patch6 -p1 -b .use-localhost
+%patch7 -p1 -b .shlib-version
+
+%patch21 -p1 -b .aliasing-bug
+%patch22 -p1 -b .name-cmp
+%patch23 -p1 -b .default-paths
+%patch24 -p1 -b .no-extssl
+
+%patch32 -p1 -b .ia64
+#patch33 is applied after make test
+%patch34 -p1 -b .x509
+%patch35 -p1 -b .version-add-engines
+%patch38 -p1 -b .cipher-change
+#%patch39 -p1 -b .ipv6-apps
+%patch50 -p1 -b .speed-bug
+%patch51 -p1 -b .bn-mul-bug
+%patch52 -p0 -b .srvname-crash
+%patch53 -p0 -b .srv-kex-crash
+
+%patch100 -p1 -b .mingw-header-files
+%patch101 -p1 -b .mingw-configure
+%patch102 -p1 -b .mingw-shared
+%patch103 -p1 -b .mingw-global
+
+# Modify the various perl scripts to reference perl in the right location.
+perl util/perlpath.pl `dirname %{__perl}`
+
+# Generate a table with the compile settings for my perusal.
+touch Makefile
+make TABLE PERL=%{__perl}
+
+
+%build
+
+cat > gcc <<EOS
+#!/bin/sh -
+%{_bindir}/i686-pc-mingw32-gcc -m32 "$@"
+EOS
+export PATH=.:$PATH
+
+# NB: 'no-hw' is vital. MinGW cannot build the hardware drivers
+# and if you don't have this you'll get an obscure link error.
+./Configure \
+ --openssldir=%{_mingw32_sysconfdir}/pki/tls \
+ zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
+ no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa no-hw shared \
+ --enginesdir=%{_mingw32_libdir}/openssl/engines \
+ mingw
+# --with-krb5-flavor=MIT
+# -I%{_mingw32_prefix}/kerberos/include -L%{_mingw32_prefix}/kerberos/%{_lib}
+make depend
+make all build-shared
+make rehash build-shared
+
+#----------------------------------------------------------------------
+# Run some tests. I don't know why this isn't in a %-check section
+# but this is how it is in the native RPM.
+
+# This is a bit of a hack, but the test scripts look for 'openssl'
+# by name.
+pushd apps
+ln -s openssl.exe openssl
+popd
+
+# This is useful for diagnosing Wine problems.
+WINEDEBUG=+loaddll
+export WINEDEBUG
+
+# Make sure we can find the installed DLLs.
+WINEDLLPATH=%{_mingw32_bindir}
+export WINEDLLPATH
+
+# The tests run Wine and require an X server (but don't really use
+# it). Therefore we create a virtual framebuffer for the duration of
+# the tests.
+# XXX There is no good way to choose a random, unused display.
+display=:21
+Xvfb $display & xpid=$!
+trap "kill -TERM $xpid ||:" EXIT
+sleep 3
+DISPLAY=$display
+export DISPLAY
+
+make LDCMD=%{_mingw32_cc} -C test apps tests
+
+# Disable this thread test, because we don't have pthread on Windows.
+#%{_mingw32_cc} -o openssl-thread-test \
+# -I./include \
+# %{_mingw32_cflags} \
+# %{SOURCE8} \
+# -L. \
+# -lssl -lcrypto \
+# -lpthread -lz -ldl
+#
+## `krb5-config --cflags`
+## `krb5-config --libs`
+#
+#./openssl-thread-test --threads %{thread_test_threads}
+
+# Patch33 must be patched after tests otherwise they will fail
+patch -p1 -b -z .ca-dir < %{PATCH33}
+
+if ! iconv -f UTF-8 -t ASCII//TRANSLIT CHANGES >/dev/null 2>&1 ; then
+ iconv -f ISO-8859-1 -t UTF-8 -o CHANGES.utf8 CHANGES && \
+ mv -f CHANGES.utf8 CHANGES
+fi
+
+
+%install
+rm -rf $RPM_BUILD_ROOT
+exit 1
+make DESTDIR=$RPM_BUILD_ROOT install
+
+# Remove static libraries but DON'T remove *.dll.a files.
+rm $RPM_BUILD_ROOT%{_mingw32_libdir}/libfoo.a
+
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+
+%files
+%defattr(-,root,root)
+%{_mingw32_bindir}/foo.dll
+%{_mingw32_libdir}/foo.dll.a
+# etc.
+
+
+%changelog
+* Wed Sep 24 2008 Your Name <you@example.com> - 1.2.3-1
+- Initial RPM release.
--- /dev/null
+Do not treat duplicate certs as an error.
+
+--- openssl-0.9.6/crypto/x509/by_file.c Wed Sep 27 15:09:05 2000
++++ openssl-0.9.6/crypto/x509/by_file.c Wed Sep 27 14:21:20 2000
+@@ -163,8 +163,12 @@
+ }
+ }
+ i=X509_STORE_add_cert(ctx->store_ctx,x);
+- if (!i) goto err;
+- count++;
++ /* ignore any problems with current certificate
++ and continue with the next one */
++ if (i)
++ count++;
++ else
++ ERR_clear_error();
+ X509_free(x);
+ x=NULL;
+ }
+@@ -179,7 +183,8 @@
+ goto err;
+ }
+ i=X509_STORE_add_cert(ctx->store_ctx,x);
+- if (!i) goto err;
++ if (!i)
++ ERR_clear_error();
+ ret=i;
+ }
+ else
--- /dev/null
+List the compiled-in hardware support when passed the -a flag.
+
+--- openssl-0.9.7-beta5/apps/version.c 2002-12-03 11:34:28.000000000 -0500
++++ openssl-0.9.7-beta5/apps/version.c 2002-12-11 19:29:10.000000000 -0500
+@@ -130,6 +130,7 @@
+ #ifndef OPENSSL_NO_BF
+ # include <openssl/blowfish.h>
+ #endif
++#include <openssl/engine.h>
+
+ #undef PROG
+ #define PROG version_main
+@@ -139,7 +140,7 @@
+ int MAIN(int argc, char **argv)
+ {
+ int i,ret=0;
+- int cflags=0,version=0,date=0,options=0,platform=0,dir=0;
++ int cflags=0,version=0,date=0,options=0,platform=0,dir=0,engines=0;
+
+ apps_startup();
+
+@@ -163,7 +164,7 @@
+ else if (strcmp(argv[i],"-d") == 0)
+ dir=1;
+ else if (strcmp(argv[i],"-a") == 0)
+- date=version=cflags=options=platform=dir=1;
++ date=version=cflags=options=platform=dir=engines=1;
+ else
+ {
+ BIO_printf(bio_err,"usage:version -[avbofp]\n");
+@@ -198,6 +199,18 @@
+ }
+ if (cflags) printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
+ if (dir) printf("%s\n",SSLeay_version(SSLEAY_DIR));
++ if (engines)
++ {
++ ENGINE *e;
++ printf("engines: ");
++ e = ENGINE_get_first();
++ while (e)
++ {
++ printf("%s ", ENGINE_get_id(e));
++ e = ENGINE_get_next(e);
++ }
++ printf("\n");
++ }
+ end:
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
--- /dev/null
+--- openssl-0.9.7f/apps/CA.sh.ca-dir 2005-02-02 00:45:38.000000000 +0100
++++ openssl-0.9.7f/apps/CA.sh 2005-04-21 21:08:09.270233699 +0200
+@@ -38,7 +38,7 @@
+ VERIFY="$OPENSSL verify"
+ X509="$OPENSSL x509"
+
+-CATOP=./demoCA
++CATOP=../../CA
+ CAKEY=./cakey.pem
+ CACERT=./cacert.pem
+
+--- openssl-0.9.7f/apps/CA.pl.ca-dir 2005-02-02 00:45:38.000000000 +0100
++++ openssl-0.9.7f/apps/CA.pl 2005-04-21 21:07:52.307995284 +0200
+@@ -52,7 +52,7 @@
+ $X509="$openssl x509";
+ $PKCS12="$openssl pkcs12";
+
+-$CATOP="./demoCA";
++$CATOP="../../CA";
+ $CAKEY="cakey.pem";
+ $CACERT="cacert.pem";
+
+--- openssl-0.9.7f/apps/openssl.cnf.ca-dir 2005-03-30 12:20:17.000000000 +0200
++++ openssl-0.9.7f/apps/openssl.cnf 2005-04-21 21:08:29.581927172 +0200
+@@ -34,7 +34,7 @@
+ ####################################################################
+ [ CA_default ]
+
+-dir = ./demoCA # Where everything is kept
++dir = ../../CA # Where everything is kept
+ certs = $dir/certs # Where the issued certs are kept
+ crl_dir = $dir/crl # Where the issued crl are kept
+ database = $dir/index.txt # database index file.
--- /dev/null
+--- openssl-0.9.8a/apps/openssl.cnf.defaults 2005-09-16 14:20:24.000000000 +0200
++++ openssl-0.9.8a/apps/openssl.cnf 2005-11-04 11:00:37.000000000 +0100
+@@ -99,6 +99,7 @@
+ ####################################################################
+ [ req ]
+ default_bits = 1024
++default_md = sha1
+ default_keyfile = privkey.pem
+ distinguished_name = req_distinguished_name
+ attributes = req_attributes
+@@ -116,23 +117,26 @@
+ # MASK:XXXX a literal mask value.
+ # WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+ # so use this option with caution!
+-string_mask = nombstr
++# we use PrintableString+UTF8String mask so if pure ASCII texts are used
++# the resulting certificates are compatible with Netscape
++string_mask = MASK:0x2002
+
+ # req_extensions = v3_req # The extensions to add to a certificate request
+
+ [ req_distinguished_name ]
+ countryName = Country Name (2 letter code)
+-countryName_default = AU
++countryName_default = GB
+ countryName_min = 2
+ countryName_max = 2
+
+ stateOrProvinceName = State or Province Name (full name)
+-stateOrProvinceName_default = Some-State
++stateOrProvinceName_default = Berkshire
+
+ localityName = Locality Name (eg, city)
++localityName_default = Newbury
+
+ 0.organizationName = Organization Name (eg, company)
+-0.organizationName_default = Internet Widgits Pty Ltd
++0.organizationName_default = My Company Ltd
+
+ # we can do this but it is not needed normally :-)
+ #1.organizationName = Second Organization Name (eg, company)
+@@ -141,7 +145,7 @@
+ organizationalUnitName = Organizational Unit Name (eg, section)
+ #organizationalUnitName_default =
+
+-commonName = Common Name (eg, YOUR name)
++commonName = Common Name (eg, your name or your server\'s hostname)
+ commonName_max = 64
+
+ emailAddress = Email Address
--- /dev/null
+--- openssl-0.9.8a/Configure.enginesdir 2005-11-04 15:06:37.000000000 +0100
++++ openssl-0.9.8a/Configure 2005-11-07 14:15:12.000000000 +0100
+@@ -560,6 +560,7 @@
+
+ my $prefix="";
+ my $openssldir="";
++my $enginesdir="";
+ my $exe_ext="";
+ my $install_prefix="";
+ my $no_threads=0;
+@@ -739,6 +740,10 @@
+ {
+ $openssldir=$1;
+ }
++ elsif (/^--enginesdir=(.*)$/)
++ {
++ $enginesdir=$1;
++ }
+ elsif (/^--install.prefix=(.*)$/)
+ {
+ $install_prefix=$1;
+@@ -923,7 +928,7 @@
+
+ $openssldir=$prefix . "/ssl" if $openssldir eq "";
+ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
+-
++$enginesdir="$prefix/lib/engines" if $enginesdir eq "";
+
+ print "IsMK1MF=$IsMK1MF\n";
+
+@@ -1430,7 +1435,7 @@
+ if (/^#define\s+OPENSSLDIR/)
+ { print OUT "#define OPENSSLDIR \"$openssldir\"\n"; }
+ elsif (/^#define\s+ENGINESDIR/)
+- { print OUT "#define ENGINESDIR \"$prefix/lib/engines\"\n"; }
++ { print OUT "#define ENGINESDIR \"$enginesdir\"\n"; }
+ elsif (/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/)
+ { printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n"
+ if $export_var_as_fn;
--- /dev/null
+--- openssl-0.9.8a/Makefile.org.link-krb5 2005-07-05 07:14:21.000000000 +0200
++++ openssl-0.9.8a/Makefile.org 2005-11-07 18:00:08.000000000 +0100
+@@ -266,7 +266,7 @@
+
+ do_$(SHLIB_TARGET):
+ @ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
+ $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
--- /dev/null
+--- openssl-0.9.8a/Makefile.shared.no-rpath 2005-06-23 22:47:54.000000000 +0200
++++ openssl-0.9.8a/Makefile.shared 2005-11-16 22:35:37.000000000 +0100
+@@ -153,7 +153,7 @@
+ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+
+-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
++DO_GNU_APP=LDFLAGS="$(CFLAGS)"
+
+ #This is rather special. It's a special target with which one can link
+ #applications without bothering with any features that have anything to
--- /dev/null
+--- openssl-0.9.8a/ssl/ssl.h.cipher-change 2005-11-22 16:36:22.000000000 +0100
++++ openssl-0.9.8a/ssl/ssl.h 2005-12-15 11:28:05.000000000 +0100
+@@ -477,7 +477,7 @@
+
+ #define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
+ #define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
+-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
++#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L /* can break some security expectations */
+ #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
+ #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
+ #define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
+@@ -494,7 +494,7 @@
+
+ /* SSL_OP_ALL: various bug workarounds that should be rather harmless.
+ * This used to be 0x000FFFFFL before 0.9.7. */
+-#define SSL_OP_ALL 0x00000FFFL
++#define SSL_OP_ALL 0x00000FF7L /* without SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG */
+
+ /* DTLS options */
+ #define SSL_OP_NO_QUERY_MTU 0x00001000L
--- /dev/null
+
+This patch fixes a violation of the C aliasing rules that can cause
+miscompilation with some compiler versions.
+
+--- openssl-0.9.8b/crypto/dso/dso_dlfcn.c.orig 2006-10-30 18:21:35.000000000 +0100
++++ openssl-0.9.8b/crypto/dso/dso_dlfcn.c 2006-10-30 18:21:37.000000000 +0100
+@@ -237,7 +237,7 @@ static void *dlfcn_bind_var(DSO *dso, co
+ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
+ {
+ void *ptr;
+- DSO_FUNC_TYPE sym, *tsym = &sym;
++ DSO_FUNC_TYPE sym;
+
+ if((dso == NULL) || (symname == NULL))
+ {
+@@ -255,7 +255,7 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO
+ DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE);
+ return(NULL);
+ }
+- *(void **)(tsym) = dlsym(ptr, symname);
++ sym = dlsym(ptr, symname);
+ if(sym == NULL)
+ {
+ DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE);
--- /dev/null
+diff -up openssl-0.9.8b/ssl/ssltest.c.use-localhost openssl-0.9.8b/ssl/ssltest.c
+--- openssl-0.9.8b/ssl/ssltest.c.use-localhost 2006-02-24 18:58:35.000000000 +0100
++++ openssl-0.9.8b/ssl/ssltest.c 2007-08-03 14:06:16.000000000 +0200
+@@ -839,19 +839,8 @@ bad:
+ #ifndef OPENSSL_NO_KRB5
+ if (c_ssl && c_ssl->kssl_ctx)
+ {
+- char localhost[MAXHOSTNAMELEN+2];
+-
+- if (gethostname(localhost, sizeof localhost-1) == 0)
+- {
+- localhost[sizeof localhost-1]='\0';
+- if(strlen(localhost) == sizeof localhost-1)
+- {
+- BIO_printf(bio_err,"localhost name too long\n");
+- goto end;
+- }
+ kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,
+- localhost);
+- }
++ "localhost");
+ }
+ #endif /* OPENSSL_NO_KRB5 */
+
--- /dev/null
+--- openssl-0.9.8b/crypto/x509/x509_cmp.c.name-cmp 2004-12-01 02:45:30.000000000 +0100
++++ openssl-0.9.8b/crypto/x509/x509_cmp.c 2006-11-30 23:37:26.000000000 +0100
+@@ -282,14 +282,7 @@
+ nb=sk_X509_NAME_ENTRY_value(b->entries,i);
+ j=na->value->type-nb->value->type;
+ if (j)
+- {
+- nabit = ASN1_tag2bit(na->value->type);
+- nbbit = ASN1_tag2bit(nb->value->type);
+- if (!(nabit & STR_TYPE_CMP) ||
+- !(nbbit & STR_TYPE_CMP))
+- return j;
+- j = asn1_string_memcmp(na->value, nb->value);
+- }
++ return j;
+ else if (na->value->type == V_ASN1_PRINTABLESTRING)
+ j=nocase_spacenorm_cmp(na->value, nb->value);
+ else if (na->value->type == V_ASN1_IA5STRING
--- /dev/null
+openssl/crypto/bn/bn_mul.c 1.36.2.1 -> 1.36.2.2
+
+--- openssl/crypto/bn/bn_mul.c 2007/07/08 18:54:30 1.36.2.1
++++ openssl/crypto/bn/bn_mul.c 2007/11/03 20:09:29 1.36.2.2
+@@ -389,6 +389,7 @@
+ * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
+ * a[1]*b[1]
+ */
++/* dnX may not be positive, but n2/2+dnX has to be */
+ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+ int dna, int dnb, BN_ULONG *t)
+ {
+@@ -398,7 +399,7 @@
+ BN_ULONG ln,lo,*p;
+
+ # ifdef BN_COUNT
+- fprintf(stderr," bn_mul_recursive %d * %d\n",n2,n2);
++ fprintf(stderr," bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb);
+ # endif
+ # ifdef BN_MUL_COMBA
+ # if 0
+@@ -545,6 +546,7 @@
+
+ /* n+tn is the word length
+ * t needs to be n*4 is size, as does r */
++/* tnX may not be negative but less than n */
+ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
+ int tna, int tnb, BN_ULONG *t)
+ {
+@@ -553,8 +555,8 @@
+ BN_ULONG ln,lo,*p;
+
+ # ifdef BN_COUNT
+- fprintf(stderr," bn_mul_part_recursive (%d+%d) * (%d+%d)\n",
+- tna, n, tnb, n);
++ fprintf(stderr," bn_mul_part_recursive (%d%+d) * (%d%+d)\n",
++ n, tna, n, tnb);
+ # endif
+ if (n < 8)
+ {
+@@ -655,16 +657,19 @@
+ for (;;)
+ {
+ i/=2;
+- if (i <= tna && tna == tnb)
++ /* these simplified conditions work
++ * exclusively because difference
++ * between tna and tnb is 1 or 0 */
++ if (i < tna || i < tnb)
+ {
+- bn_mul_recursive(&(r[n2]),
++ bn_mul_part_recursive(&(r[n2]),
+ &(a[n]),&(b[n]),
+ i,tna-i,tnb-i,p);
+ break;
+ }
+- else if (i < tna || i < tnb)
++ else if (i == tna || i == tnb)
+ {
+- bn_mul_part_recursive(&(r[n2]),
++ bn_mul_recursive(&(r[n2]),
+ &(a[n]),&(b[n]),
+ i,tna-i,tnb-i,p);
+ break;
--- /dev/null
+*) Fix double free in TLS server name extensions which could lead to a remote
+crash found by Codenomicon TLS test suite (CVE-2008-0891) [Joe Orton]
+Index: ssl/t1_lib.c
+===================================================================
+RCS file: /e/openssl/cvs/openssl/ssl/t1_lib.c,v
+retrieving revision 1.13.2.8
+diff -u -r1.13.2.8 ssl/t1_lib.c
+--- ssl/t1_lib.c 18 Oct 2007 11:39:11 -0000
++++ ssl/t1_lib.c 18 Mar 2008 12:06:58 -0000
+@@ -381,6 +381,7 @@
+ s->session->tlsext_hostname[len]='\0';
+ if (strlen(s->session->tlsext_hostname) != len) {
+ OPENSSL_free(s->session->tlsext_hostname);
++ s->session->tlsext_hostname = NULL;
+ *al = TLS1_AD_UNRECOGNIZED_NAME;
+ return 0;
+ }
--- /dev/null
+*) Fix flaw if 'Server Key exchange message' is omitted from a TLS
+Handshake which could lead to a cilent crash as found using the
+Codenomicon TLS test suite (CVE-2008-1672) [Steve Henson, Mark Cox]
+Index: ssl/s3_clnt.c
+===================================================================
+RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v
+retrieving revision 1.88.2.12
+diff -u -r1.88.2.12 ssl/s3_clnt.c
+--- ssl/s3_clnt.c 3 Nov 2007 13:07:39 -0000
++++ ssl/s3_clnt.c 22 May 2008 09:19:30 -0000
+@@ -2061,6 +2061,13 @@
+ {
+ DH *dh_srvr,*dh_clnt;
+
++ if (s->session->sess_cert == NULL)
++ {
++ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
++ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
++ goto err;
++ }
++
+ if (s->session->sess_cert->peer_dh_tmp != NULL)
+ dh_srvr=s->session->sess_cert->peer_dh_tmp;
+ else
--- /dev/null
+diff -up openssl-0.9.8g/apps/s_server.c.default-paths openssl-0.9.8g/apps/s_server.c
+--- openssl-0.9.8g/apps/s_server.c.default-paths 2007-12-13 17:41:34.000000000 +0100
++++ openssl-0.9.8g/apps/s_server.c 2007-12-13 17:36:58.000000000 +0100
+@@ -1077,12 +1077,13 @@ bad:
+ }
+ #endif
+
+- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
+- (!SSL_CTX_set_default_verify_paths(ctx)))
++ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
++ {
++ ERR_print_errors(bio_err);
++ }
++ if (!SSL_CTX_set_default_verify_paths(ctx))
+ {
+- /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
+ ERR_print_errors(bio_err);
+- /* goto end; */
+ }
+ store = SSL_CTX_get_cert_store(ctx);
+ X509_STORE_set_flags(store, vflags);
+@@ -1132,8 +1133,11 @@ bad:
+
+ SSL_CTX_sess_set_cache_size(ctx2,128);
+
+- if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
+- (!SSL_CTX_set_default_verify_paths(ctx2)))
++ if (!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath))
++ {
++ ERR_print_errors(bio_err);
++ }
++ if (!SSL_CTX_set_default_verify_paths(ctx2))
+ {
+ ERR_print_errors(bio_err);
+ }
+diff -up openssl-0.9.8g/apps/s_client.c.default-paths openssl-0.9.8g/apps/s_client.c
+--- openssl-0.9.8g/apps/s_client.c.default-paths 2007-12-13 17:41:34.000000000 +0100
++++ openssl-0.9.8g/apps/s_client.c 2007-12-13 17:37:34.000000000 +0100
+@@ -673,12 +673,13 @@ bad:
+ if (!set_cert_key_stuff(ctx,cert,key))
+ goto end;
+
+- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
+- (!SSL_CTX_set_default_verify_paths(ctx)))
++ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
++ {
++ ERR_print_errors(bio_err);
++ }
++ if (!SSL_CTX_set_default_verify_paths(ctx))
+ {
+- /* BIO_printf(bio_err,"error setting default verify locations\n"); */
+ ERR_print_errors(bio_err);
+- /* goto end; */
+ }
+
+ store = SSL_CTX_get_cert_store(ctx);
+diff -up openssl-0.9.8g/apps/s_time.c.default-paths openssl-0.9.8g/apps/s_time.c
+--- openssl-0.9.8g/apps/s_time.c.default-paths 2003-12-27 15:40:17.000000000 +0100
++++ openssl-0.9.8g/apps/s_time.c 2007-12-13 17:35:27.000000000 +0100
+@@ -476,12 +476,13 @@ int MAIN(int argc, char **argv)
+
+ SSL_load_error_strings();
+
+- if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
+- (!SSL_CTX_set_default_verify_paths(tm_ctx)))
++ if (!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath))
++ {
++ ERR_print_errors(bio_err);
++ }
++ if (!SSL_CTX_set_default_verify_paths(tm_ctx))
+ {
+- /* BIO_printf(bio_err,"error setting default verify locations\n"); */
+ ERR_print_errors(bio_err);
+- /* goto end; */
+ }
+
+ if (tm_cipher == NULL)
--- /dev/null
+diff -up openssl-0.9.8g/crypto/bn/bn_lcl.h.ia64 openssl-0.9.8g/crypto/bn/bn_lcl.h
+--- openssl-0.9.8g/crypto/bn/bn_lcl.h.ia64 2008-08-10 22:23:55.000000000 +0200
++++ openssl-0.9.8g/crypto/bn/bn_lcl.h 2008-08-10 22:23:55.000000000 +0200
+@@ -279,6 +279,15 @@ extern "C" {
+ # define BN_UMULT_HIGH(a,b) __umulh((a),(b))
+ # define BN_UMULT_LOHI(low,high,a,b) ((low)=_umul128((a),(b),&(high)))
+ # endif
++# elif defined(__ia64) && defined(SIXTY_FOUR_BIT_LONG)
++# if defined(__GNUC__)
++# define BN_UMULT_HIGH(a,b) ({ \
++ register BN_ULONG ret; \
++ asm ("xmpy.hu %0 = %1, %2" \
++ : "=f"(ret) \
++ : "f"(a), "f"(b)); \
++ ret; })
++# endif /* compiler */
+ # endif /* cpu */
+ #endif /* OPENSSL_NO_ASM */
+
--- /dev/null
+diff -up openssl-0.9.8g/apps/s_socket.c.ipv6-apps openssl-0.9.8g/apps/s_socket.c
+--- openssl-0.9.8g/apps/s_socket.c.ipv6-apps 2005-06-13 05:21:00.000000000 +0200
++++ openssl-0.9.8g/apps/s_socket.c 2007-12-03 13:28:42.000000000 +0100
+@@ -96,9 +96,7 @@ static struct hostent *GetHostByName(cha
+ static void ssl_sock_cleanup(void);
+ #endif
+ static int ssl_sock_init(void);
+-static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
+-static int init_server(int *sock, int port, int type);
+-static int init_server_long(int *sock, int port,char *ip, int type);
++static int init_server(int *sock, char *port, int type);
+ static int do_accept(int acc_sock, int *sock, char **host);
+ static int host_ip(char *str, unsigned char ip[4]);
+
+@@ -228,60 +226,69 @@ static int ssl_sock_init(void)
+ return(1);
+ }
+
+-int init_client(int *sock, char *host, int port, int type)
++int init_client(int *sock, char *host, char *port, int type)
+ {
+- unsigned char ip[4];
+- short p=0;
+-
+- if (!host_ip(host,&(ip[0])))
+- {
+- return(0);
+- }
+- if (p != 0) port=p;
+- return(init_client_ip(sock,ip,port,type));
+- }
+-
+-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
+- {
+- unsigned long addr;
+- struct sockaddr_in them;
+- int s,i;
++ struct addrinfo *res, *res0, hints;
++ char * failed_call = NULL;
++ int s;
++ int e;
+
+ if (!ssl_sock_init()) return(0);
+
+- memset((char *)&them,0,sizeof(them));
+- them.sin_family=AF_INET;
+- them.sin_port=htons((unsigned short)port);
+- addr=(unsigned long)
+- ((unsigned long)ip[0]<<24L)|
+- ((unsigned long)ip[1]<<16L)|
+- ((unsigned long)ip[2]<< 8L)|
+- ((unsigned long)ip[3]);
+- them.sin_addr.s_addr=htonl(addr);
+-
+- if (type == SOCK_STREAM)
+- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+- else /* ( type == SOCK_DGRAM) */
+- s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
+-
+- if (s == INVALID_SOCKET) { perror("socket"); return(0); }
++ memset(&hints, '\0', sizeof(hints));
++ hints.ai_socktype = type;
++ hints.ai_flags = AI_ADDRCONFIG;
++
++ e = getaddrinfo(host, port, &hints, &res);
++ if (e)
++ {
++ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
++ if (e == EAI_SYSTEM)
++ perror("getaddrinfo");
++ return (0);
++ }
+
++ res0 = res;
++ while (res)
++ {
++ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
++ if (s == INVALID_SOCKET)
++ {
++ failed_call = "socket";
++ goto nextres;
++ }
+ #ifndef OPENSSL_SYS_MPE
+ if (type == SOCK_STREAM)
+ {
+- i=0;
+- i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+- if (i < 0) { perror("keepalive"); return(0); }
++ int i=0;
++ i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,
++ (char *)&i,sizeof(i));
++ if (i < 0) {
++ failed_call = "keepalive";
++ goto nextres;
++ }
+ }
+ #endif
+-
+- if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
+- { close(s); perror("connect"); return(0); }
++ if (connect(s,(struct sockaddr *)res->ai_addr,
++ res->ai_addrlen) == 0)
++ {
++ freeaddrinfo(res0);
+ *sock=s;
+ return(1);
+ }
++ failed_call = "socket";
++nextres:
++ if (s != INVALID_SOCKET)
++ close(s);
++ res = res->ai_next;
++ }
++ freeaddrinfo(res0);
+
+-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
++ perror(failed_call);
++ return(0);
++ }
++
++int do_server(char *port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
+ {
+ int sock;
+ char *name = NULL;
+@@ -319,33 +326,38 @@ int do_server(int port, int type, int *r
+ }
+ }
+
+-static int init_server_long(int *sock, int port, char *ip, int type)
++static int init_server(int *sock, char *port, int type)
+ {
+- int ret=0;
+- struct sockaddr_in server;
+- int s= -1,i;
++ struct addrinfo *res, *res0, hints;
++ char * failed_call = NULL;
++ char port_name[8];
++ int s;
++ int e;
+
+ if (!ssl_sock_init()) return(0);
+
+- memset((char *)&server,0,sizeof(server));
+- server.sin_family=AF_INET;
+- server.sin_port=htons((unsigned short)port);
+- if (ip == NULL)
+- server.sin_addr.s_addr=INADDR_ANY;
+- else
+-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
+-#ifndef BIT_FIELD_LIMITS
+- memcpy(&server.sin_addr.s_addr,ip,4);
+-#else
+- memcpy(&server.sin_addr,ip,4);
+-#endif
++ memset(&hints, '\0', sizeof(hints));
++ hints.ai_socktype = type;
++ hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
+
+- if (type == SOCK_STREAM)
+- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+- else /* type == SOCK_DGRAM */
+- s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
++ e = getaddrinfo(NULL, port, &hints, &res);
++ if (e)
++ {
++ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
++ if (e == EAI_SYSTEM)
++ perror("getaddrinfo");
++ return (0);
++ }
+
+- if (s == INVALID_SOCKET) goto err;
++ res0 = res;
++ while (res)
++ {
++ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
++ if (s == INVALID_SOCKET)
++ {
++ failed_call = "socket";
++ goto nextres;
++ }
+ #if defined SOL_SOCKET && defined SO_REUSEADDR
+ {
+ int j = 1;
+@@ -353,36 +365,39 @@ static int init_server_long(int *sock, i
+ (void *) &j, sizeof j);
+ }
+ #endif
+- if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
++
++ if (bind(s,(struct sockaddr *)res->ai_addr, res->ai_addrlen) == -1)
+ {
+-#ifndef OPENSSL_SYS_WINDOWS
+- perror("bind");
+-#endif
+- goto err;
++ failed_call = "bind";
++ goto nextres;
+ }
+- /* Make it 128 for linux */
+- if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
+- i=0;
+- *sock=s;
+- ret=1;
+-err:
+- if ((ret == 0) && (s != -1))
++ if (type==SOCK_STREAM && listen(s,128) == -1)
+ {
+- SHUTDOWN(s);
++ failed_call = "listen";
++ goto nextres;
+ }
+- return(ret);
++
++ *sock=s;
++ return(1);
++
++nextres:
++ if (s != INVALID_SOCKET)
++ close(s);
++ res = res->ai_next;
+ }
++ freeaddrinfo(res0);
+
+-static int init_server(int *sock, int port, int type)
+- {
+- return(init_server_long(sock, port, NULL, type));
++ if (s == INVALID_SOCKET) { perror("socket"); return(0); }
++
++ perror(failed_call);
++ return(0);
+ }
+
+ static int do_accept(int acc_sock, int *sock, char **host)
+ {
+- int ret,i;
+- struct hostent *h1,*h2;
+- static struct sockaddr_in from;
++ static struct sockaddr_storage from;
++ char buffer[NI_MAXHOST];
++ int ret;
+ int len;
+ /* struct linger ling; */
+
+@@ -427,137 +442,62 @@ redoit:
+ if (i < 0) { perror("keepalive"); return(0); }
+ */
+
+- if (host == NULL) goto end;
+-#ifndef BIT_FIELD_LIMITS
+- /* I should use WSAAsyncGetHostByName() under windows */
+- h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
+- sizeof(from.sin_addr.s_addr),AF_INET);
+-#else
+- h1=gethostbyaddr((char *)&from.sin_addr,
+- sizeof(struct in_addr),AF_INET);
+-#endif
+- if (h1 == NULL)
+- {
+- BIO_printf(bio_err,"bad gethostbyaddr\n");
+- *host=NULL;
+- /* return(0); */
+- }
+- else
++ if (host == NULL)
+ {
+- if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
+- {
+- perror("OPENSSL_malloc");
++ *sock=ret;
+ return(0);
+ }
+- BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
+
+- h2=GetHostByName(*host);
+- if (h2 == NULL)
++ if (getnameinfo((struct sockaddr *)&from, sizeof(from),
++ buffer, sizeof(buffer),
++ NULL, 0, 0))
+ {
+- BIO_printf(bio_err,"gethostbyname failure\n");
++ BIO_printf(bio_err,"getnameinfo failed\n");
++ *host=NULL;
+ return(0);
+ }
+- i=0;
+- if (h2->h_addrtype != AF_INET)
++ else
+ {
+- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
++ if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL)
++ {
++ perror("OPENSSL_malloc");
+ return(0);
+ }
+- }
+-end:
++ strcpy(*host, buffer);
+ *sock=ret;
+ return(1);
+ }
++ }
+
+-int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
+- short *port_ptr)
++int extract_host_port(char *str, char **host_ptr,
++ char **port_ptr)
+ {
+- char *h,*p;
++ char *h,*p,*x;
+
+- h=str;
+- p=strchr(str,':');
++ x=h=str;
++ if (*h == '[')
++ {
++ h++;
++ p=strchr(h,']');
+ if (p == NULL)
+ {
+- BIO_printf(bio_err,"no port defined\n");
++ BIO_printf(bio_err,"no ending bracket for IPv6 address\n");
+ return(0);
+ }
+ *(p++)='\0';
+-
+- if ((ip != NULL) && !host_ip(str,ip))
+- goto err;
+- if (host_ptr != NULL) *host_ptr=h;
+-
+- if (!extract_port(p,port_ptr))
+- goto err;
+- return(1);
+-err:
+- return(0);
++ x = p;
+ }
+-
+-static int host_ip(char *str, unsigned char ip[4])
+- {
+- unsigned int in[4];
+- int i;
+-
+- if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
+- {
+- for (i=0; i<4; i++)
+- if (in[i] > 255)
+- {
+- BIO_printf(bio_err,"invalid IP address\n");
+- goto err;
+- }
+- ip[0]=in[0];
+- ip[1]=in[1];
+- ip[2]=in[2];
+- ip[3]=in[3];
+- }
+- else
+- { /* do a gethostbyname */
+- struct hostent *he;
+-
+- if (!ssl_sock_init()) return(0);
+-
+- he=GetHostByName(str);
+- if (he == NULL)
+- {
+- BIO_printf(bio_err,"gethostbyname failure\n");
+- goto err;
+- }
+- /* cast to short because of win16 winsock definition */
+- if ((short)he->h_addrtype != AF_INET)
++ p=strchr(x,':');
++ if (p == NULL)
+ {
+- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+- return(0);
+- }
+- ip[0]=he->h_addr_list[0][0];
+- ip[1]=he->h_addr_list[0][1];
+- ip[2]=he->h_addr_list[0][2];
+- ip[3]=he->h_addr_list[0][3];
+- }
+- return(1);
+-err:
++ BIO_printf(bio_err,"no port defined\n");
+ return(0);
+ }
++ *(p++)='\0';
+
+-int extract_port(char *str, short *port_ptr)
+- {
+- int i;
+- struct servent *s;
++ if (host_ptr != NULL) *host_ptr=h;
++ if (port_ptr != NULL) *port_ptr=p;
+
+- i=atoi(str);
+- if (i != 0)
+- *port_ptr=(unsigned short)i;
+- else
+- {
+- s=getservbyname(str,"tcp");
+- if (s == NULL)
+- {
+- BIO_printf(bio_err,"getservbyname failure for %s\n",str);
+- return(0);
+- }
+- *port_ptr=ntohs((unsigned short)s->s_port);
+- }
+ return(1);
+ }
+
+diff -up openssl-0.9.8g/apps/s_server.c.ipv6-apps openssl-0.9.8g/apps/s_server.c
+--- openssl-0.9.8g/apps/s_server.c.ipv6-apps 2007-08-23 14:16:02.000000000 +0200
++++ openssl-0.9.8g/apps/s_server.c 2007-12-03 13:31:14.000000000 +0100
+@@ -592,7 +592,7 @@ int MAIN(int argc, char *argv[])
+ {
+ X509_STORE *store = NULL;
+ int vflags = 0;
+- short port=PORT;
++ char *port_str = PORT_STR;
+ char *CApath=NULL,*CAfile=NULL;
+ unsigned char *context = NULL;
+ char *dhfile = NULL;
+@@ -662,8 +662,7 @@ int MAIN(int argc, char *argv[])
+ (strcmp(*argv,"-accept") == 0))
+ {
+ if (--argc < 1) goto bad;
+- if (!extract_port(*(++argv),&port))
+- goto bad;
++ port_str= *(++argv);
+ }
+ else if (strcmp(*argv,"-verify") == 0)
+ {
+@@ -1332,9 +1331,9 @@ bad:
+ }
+ BIO_printf(bio_s_out,"ACCEPT\n");
+ if (www)
+- do_server(port,socket_type,&accept_socket,www_body, context);
++ do_server(port_str,socket_type,&accept_socket,www_body, context);
+ else
+- do_server(port,socket_type,&accept_socket,sv_body, context);
++ do_server(port_str,socket_type,&accept_socket,sv_body, context);
+ print_stats(bio_s_out,ctx);
+ ret=0;
+ end:
+diff -up openssl-0.9.8g/apps/s_client.c.ipv6-apps openssl-0.9.8g/apps/s_client.c
+--- openssl-0.9.8g/apps/s_client.c.ipv6-apps 2007-08-23 14:20:56.000000000 +0200
++++ openssl-0.9.8g/apps/s_client.c 2007-12-03 13:28:42.000000000 +0100
+@@ -285,7 +285,7 @@ int MAIN(int argc, char **argv)
+ int cbuf_len,cbuf_off;
+ int sbuf_len,sbuf_off;
+ fd_set readfds,writefds;
+- short port=PORT;
++ char *port_str = PORT_STR;
+ int full_log=1;
+ char *host=SSL_HOST_NAME;
+ char *cert_file=NULL,*key_file=NULL;
+@@ -377,13 +377,12 @@ int MAIN(int argc, char **argv)
+ else if (strcmp(*argv,"-port") == 0)
+ {
+ if (--argc < 1) goto bad;
+- port=atoi(*(++argv));
+- if (port == 0) goto bad;
++ port_str= *(++argv);
+ }
+ else if (strcmp(*argv,"-connect") == 0)
+ {
+ if (--argc < 1) goto bad;
+- if (!extract_host_port(*(++argv),&host,NULL,&port))
++ if (!extract_host_port(*(++argv),&host,&port_str))
+ goto bad;
+ }
+ else if (strcmp(*argv,"-verify") == 0)
+@@ -739,7 +738,7 @@ bad:
+
+ re_start:
+
+- if (init_client(&s,host,port,sock_type) == 0)
++ if (init_client(&s,host,port_str,sock_type) == 0)
+ {
+ BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
+ SHUTDOWN(s);
+diff -up openssl-0.9.8g/apps/s_apps.h.ipv6-apps openssl-0.9.8g/apps/s_apps.h
+--- openssl-0.9.8g/apps/s_apps.h.ipv6-apps 2007-12-03 13:28:42.000000000 +0100
++++ openssl-0.9.8g/apps/s_apps.h 2007-12-03 13:28:42.000000000 +0100
+@@ -148,7 +148,7 @@ typedef fd_mask fd_set;
+ #define PORT_STR "4433"
+ #define PROTOCOL "tcp"
+
+-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
++int do_server(char *port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
+ #ifdef HEADER_X509_H
+ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
+ #endif
+@@ -156,10 +156,9 @@ int MS_CALLBACK verify_callback(int ok,
+ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
+ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
+ #endif
+-int init_client(int *sock, char *server, int port, int type);
++int init_client(int *sock, char *server, char *port, int type);
+ int should_retry(int i);
+-int extract_port(char *str, short *port_ptr);
+-int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
++int extract_host_port(char *str,char **host_ptr,char **port_ptr);
+
+ long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
+ int argi, long argl, long ret);
--- /dev/null
+diff -up openssl-0.9.8g/ssl/t1_lib.c.no-extssl openssl-0.9.8g/ssl/t1_lib.c
+--- openssl-0.9.8g/ssl/t1_lib.c.no-extssl 2007-10-19 09:44:10.000000000 +0200
++++ openssl-0.9.8g/ssl/t1_lib.c 2008-08-10 21:42:11.000000000 +0200
+@@ -132,6 +132,11 @@ unsigned char *ssl_add_clienthello_tlsex
+ int extdatalen=0;
+ unsigned char *ret = p;
+
++ if (s->client_version != TLS1_VERSION && s->client_version != DTLS1_VERSION)
++ {
++ return ret;
++ }
++
+ ret+=2;
+
+ if (ret>=limit) return NULL; /* this really never occurs, but ... */
+@@ -202,6 +207,11 @@ unsigned char *ssl_add_serverhello_tlsex
+ int extdatalen=0;
+ unsigned char *ret = p;
+
++ if (s->version != TLS1_VERSION && s->version != DTLS1_VERSION)
++ {
++ return ret;
++ }
++
+ ret+=2;
+ if (ret>=limit) return NULL; /* this really never occurs, but ... */
+
--- /dev/null
+diff -up openssl-0.9.8g/Configure.redhat openssl-0.9.8g/Configure
+--- openssl-0.9.8g/Configure.redhat 2007-09-16 14:24:17.000000000 +0200
++++ openssl-0.9.8g/Configure 2007-12-03 13:16:08.000000000 +0100
+@@ -313,28 +313,28 @@ my %table=(
+ ####
+ # *-generic* is endian-neutral target, but ./config is free to
+ # throw in -D[BL]_ENDIAN, whichever appropriate...
+-"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-generic32","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
++"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ #### IA-32 targets...
+ "linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
++"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
++"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+ ####
+-"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
++"linux-ppc64", "gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
++"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-x86_64", "gcc:-DL_ENDIAN -DTERMIO -Wall -DMD32_REG_T=int \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ #### SPARC Linux setups
+ # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
+ # assisted with debugging of following two configs.
+-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-sparcv8","gcc:-DB_ENDIAN -DTERMIO -Wall -DBN_DIV2W \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ # it's a real mess with -mcpu=ultrasparc option under Linux, but
+ # -Wa,-Av8plus should do the trick no matter what.
+-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall -Wa,-Av8plus -DBN_DIV2W \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ # GCC 3.1 is a requirement
+-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ #### Alpha Linux with GNU C and Compaq C setups
+ # Special notes:
+ # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
+@@ -348,8 +348,8 @@ my %table=(
+ #
+ # <appro@fy.chalmers.se>
+ #
+-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-alpha-gcc","gcc:-DL_ENDIAN -DTERMIO -mcpu=ev5 \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
++"linux-alpha+bwx-gcc","gcc:-DL_ENDIAN -DTERMIO -mcpu=ev5 \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
+ "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
+
--- /dev/null
+diff -up openssl-0.9.8g/crypto/opensslv.h.shlib-version openssl-0.9.8g/crypto/opensslv.h
+--- openssl-0.9.8g/crypto/opensslv.h.shlib-version 2007-12-13 17:57:40.000000000 +0100
++++ openssl-0.9.8g/crypto/opensslv.h 2008-01-25 17:10:13.000000000 +0100
+@@ -83,7 +83,7 @@
+ * should only keep the versions that are binary compatible with the current.
+ */
+ #define SHLIB_VERSION_HISTORY ""
+-#define SHLIB_VERSION_NUMBER "0.9.8"
++#define SHLIB_VERSION_NUMBER "0.9.8g"
+
+
+ #endif /* HEADER_OPENSSLV_H */
--- /dev/null
+Define and use a soname -- because we have to care about binary
+compatibility, we have to increment the soname in order to allow
+this version to co-exist with another versions and have everything
+work right.
+
+diff -up openssl-0.9.8g/Configure.soversion openssl-0.9.8g/Configure
+--- openssl-0.9.8g/Configure.soversion 2007-12-03 14:41:19.000000000 +0100
++++ openssl-0.9.8g/Configure 2007-12-03 14:41:19.000000000 +0100
+@@ -1371,7 +1371,7 @@ while (<IN>)
+ elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
+ {
+ my $sotmp = $1;
+- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
++ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_SONAMEVER) .s$sotmp/;
+ }
+ elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
+ {
+diff -up openssl-0.9.8g/Makefile.org.soversion openssl-0.9.8g/Makefile.org
+--- openssl-0.9.8g/Makefile.org.soversion 2007-12-03 14:41:19.000000000 +0100
++++ openssl-0.9.8g/Makefile.org 2007-12-03 14:41:19.000000000 +0100
+@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY=
+ SHLIB_MAJOR=
+ SHLIB_MINOR=
+ SHLIB_EXT=
++SHLIB_SONAMEVER=7
+ PLATFORM=dist
+ OPTIONS=
+ CONFIGURE_ARGS=
+@@ -277,10 +278,9 @@ clean-shared:
+ link-shared:
+ @ set -e; for i in ${SHLIBDIRS}; do \
+ $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
+- LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
++ LIBNAME=$$i LIBVERSION=${SHLIB_SONAMEVER} \
+ LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
+ symlink.$(SHLIB_TARGET); \
+- libs="$$libs -l$$i"; \
+ done
+
+ build-shared: do_$(SHLIB_TARGET) link-shared
+@@ -291,7 +291,7 @@ do_$(SHLIB_TARGET):
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
+ $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
+- LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
++ LIBNAME=$$i LIBVERSION=${SHLIB_SONAMEVER} \
+ LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
+ LIBDEPS="$$libs $(EX_LIBS)" \
+ link_a.$(SHLIB_TARGET); \
--- /dev/null
+openssl/apps/speed.c 1.126.2.8 -> 1.126.2.9
+
+--- openssl/apps/speed.c 2007/05/13 15:04:14 1.126.2.8
++++ openssl/apps/speed.c 2007/11/15 13:33:47 1.126.2.9
+@@ -577,7 +577,7 @@
+ #define MAX_BLOCK_SIZE 64
+ #endif
+ unsigned char DES_iv[8];
+- unsigned char iv[MAX_BLOCK_SIZE/8];
++ unsigned char iv[2*MAX_BLOCK_SIZE/8];
+ #ifndef OPENSSL_NO_DES
+ DES_cblock *buf_as_des_cblock = NULL;
+ static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
--- /dev/null
+/* Test program to verify that RSA signing is thread-safe in OpenSSL. */
+
+#include <assert.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <pthread.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/rsa.h>
+#include <openssl/md5.h>
+#include <openssl/ssl.h>
+
+/* Just assume we want to do engine stuff if we're using 0.9.6b or
+ * higher. This assumption is only valid for versions bundled with RHL. */
+#if OPENSSL_VERSION_NUMBER >= 0x0090602fL
+#include <openssl/engine.h>
+#define USE_ENGINE
+#endif
+
+#define MAX_THREAD_COUNT 10000
+#define ITERATION_COUNT 10
+#define MAIN_COUNT 100
+
+/* OpenSSL requires us to provide thread ID and locking primitives. */
+pthread_mutex_t *mutex_locks = NULL;
+static unsigned long
+thread_id_cb(void)
+{
+ return (unsigned long) pthread_self();
+}
+static void
+lock_cb(int mode, int n, const char *file, int line)
+{
+ if (mode & CRYPTO_LOCK) {
+ pthread_mutex_lock(&mutex_locks[n]);
+ } else {
+ pthread_mutex_unlock(&mutex_locks[n]);
+ }
+}
+
+struct thread_args {
+ RSA *rsa;
+ int digest_type;
+ unsigned char *digest;
+ unsigned int digest_len;
+ unsigned char *signature;
+ unsigned int signature_len;
+ pthread_t main_thread;
+};
+
+static int print = 0;
+
+pthread_mutex_t sign_lock = PTHREAD_MUTEX_INITIALIZER;
+static int locked_sign = 0;
+static void SIGN_LOCK() {if (locked_sign) pthread_mutex_lock(&sign_lock);}
+static void SIGN_UNLOCK() {if (locked_sign) pthread_mutex_unlock(&sign_lock);}
+
+pthread_mutex_t verify_lock = PTHREAD_MUTEX_INITIALIZER;
+static int locked_verify = 0;
+static void VERIFY_LOCK() {if (locked_verify) pthread_mutex_lock(&verify_lock);}
+static void VERIFY_UNLOCK() {if (locked_verify) pthread_mutex_unlock(&verify_lock);}
+
+pthread_mutex_t failure_count_lock = PTHREAD_MUTEX_INITIALIZER;
+long failure_count = 0;
+static void
+failure()
+{
+ pthread_mutex_lock(&failure_count_lock);
+ failure_count++;
+ pthread_mutex_unlock(&failure_count_lock);
+}
+
+static void *
+thread_main(void *argp)
+{
+ struct thread_args *args = argp;
+ unsigned char *signature;
+ unsigned int signature_len, signature_alloc_len;
+ int ret, i;
+
+ signature_alloc_len = args->signature_len;
+ if (RSA_size(args->rsa) > signature_alloc_len) {
+ signature_alloc_len = RSA_size(args->rsa);
+ }
+ signature = malloc(signature_alloc_len);
+ if (signature == NULL) {
+ fprintf(stderr, "Skipping checks in thread %lu -- %s.\n",
+ (unsigned long) pthread_self(), strerror(errno));
+ pthread_exit(0);
+ return NULL;
+ }
+ for (i = 0; i < ITERATION_COUNT; i++) {
+ signature_len = signature_alloc_len;
+ SIGN_LOCK();
+ ret = RSA_check_key(args->rsa);
+ ERR_print_errors_fp(stdout);
+ if (ret != 1) {
+ failure();
+ break;
+ }
+ ret = RSA_sign(args->digest_type,
+ args->digest,
+ args->digest_len,
+ signature, &signature_len,
+ args->rsa);
+ SIGN_UNLOCK();
+ ERR_print_errors_fp(stdout);
+ if (ret != 1) {
+ failure();
+ break;
+ }
+
+ VERIFY_LOCK();
+ ret = RSA_verify(args->digest_type,
+ args->digest,
+ args->digest_len,
+ signature, signature_len,
+ args->rsa);
+ VERIFY_UNLOCK();
+ if (ret != 1) {
+ fprintf(stderr,
+ "Signature from thread %lu(%d) fails "
+ "verification (passed in thread #%lu)!\n",
+ (long) pthread_self(), i,
+ (long) args->main_thread);
+ ERR_print_errors_fp(stdout);
+ failure();
+ continue;
+ }
+ if (print) {
+ fprintf(stderr, ">%d\n", i);
+ }
+ }
+ free(signature);
+
+ pthread_exit(0);
+
+ return NULL;
+}
+
+unsigned char *
+xmemdup(unsigned char *s, size_t len)
+{
+ unsigned char *r;
+ r = malloc(len);
+ if (r == NULL) {
+ fprintf(stderr, "Out of memory.\n");
+ ERR_print_errors_fp(stdout);
+ assert(r != NULL);
+ }
+ memcpy(r, s, len);
+ return r;
+}
+
+int
+main(int argc, char **argv)
+{
+ RSA *rsa;
+ MD5_CTX md5;
+ int fd, i;
+ pthread_t threads[MAX_THREAD_COUNT];
+ int thread_count = 1000;
+ unsigned char *message, *digest;
+ unsigned int message_len, digest_len;
+ unsigned char *correct_signature;
+ unsigned int correct_siglen, ret;
+ struct thread_args master_args, *args;
+ int sync = 0, seed = 0;
+ int again = 1;
+#ifdef USE_ENGINE
+ char *engine = NULL;
+ ENGINE *e = NULL;
+#endif
+
+ pthread_mutex_init(&failure_count_lock, NULL);
+
+ for (i = 1; i < argc; i++) {
+ if (strcmp(argv[i], "--seed") == 0) {
+ printf("Seeding PRNG.\n");
+ seed++;
+ } else
+ if (strcmp(argv[i], "--sync") == 0) {
+ printf("Running synchronized.\n");
+ sync++;
+ } else
+ if ((strcmp(argv[i], "--threads") == 0) && (i < argc - 1)) {
+ i++;
+ thread_count = atol(argv[i]);
+ if (thread_count > MAX_THREAD_COUNT) {
+ thread_count = MAX_THREAD_COUNT;
+ }
+ printf("Starting %d threads.\n", thread_count);
+ sync++;
+ } else
+ if (strcmp(argv[i], "--sign") == 0) {
+ printf("Locking signing.\n");
+ locked_sign++;
+ } else
+ if (strcmp(argv[i], "--verify") == 0) {
+ printf("Locking verifies.\n");
+ locked_verify++;
+ } else
+ if (strcmp(argv[i], "--print") == 0) {
+ printf("Tracing.\n");
+ print++;
+#ifdef USE_ENGINE
+ } else
+ if ((strcmp(argv[i], "--engine") == 0) && (i < argc - 1)) {
+ printf("Using engine \"%s\".\n", argv[i + 1]);
+ engine = argv[i + 1];
+ i++;
+#endif
+ } else {
+ printf("Bad argument: %s\n", argv[i]);
+ return 1;
+ }
+ }
+
+ /* Get some random data to sign. */
+ fd = open("/dev/urandom", O_RDONLY);
+ if (fd == -1) {
+ fprintf(stderr, "Error opening /dev/urandom: %s\n",
+ strerror(errno));
+ }
+
+ if (print) {
+ fprintf(stderr, "Reading random data.\n");
+ }
+ message = malloc(message_len = 9371);
+ read(fd, message, message_len);
+ close(fd);
+
+ /* Initialize the SSL library and set up thread-safe locking. */
+ ERR_load_crypto_strings();
+ SSL_library_init();
+ mutex_locks = malloc(sizeof(pthread_mutex_t) * CRYPTO_num_locks());
+ for (i = 0; i < CRYPTO_num_locks(); i++) {
+ pthread_mutex_init(&mutex_locks[i], NULL);
+ }
+ CRYPTO_set_id_callback(thread_id_cb);
+ CRYPTO_set_locking_callback(lock_cb);
+ ERR_print_errors_fp(stdout);
+
+ /* Seed the PRNG if we were asked to do so. */
+ if (seed) {
+ if (print) {
+ fprintf(stderr, "Seeding PRNG.\n");
+ }
+ RAND_add(message, message_len, message_len);
+ ERR_print_errors_fp(stdout);
+ }
+
+ /* Turn on a hardware crypto device if asked to do so. */
+#ifdef USE_ENGINE
+ if (engine) {
+#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
+ ENGINE_load_builtin_engines();
+#endif
+ if (print) {
+ fprintf(stderr, "Initializing \"%s\" engine.\n",
+ engine);
+ }
+ e = ENGINE_by_id(engine);
+ ERR_print_errors_fp(stdout);
+ if (e) {
+ i = ENGINE_init(e);
+ ERR_print_errors_fp(stdout);
+ i = ENGINE_set_default_RSA(e);
+ ERR_print_errors_fp(stdout);
+ }
+ }
+#endif
+
+ /* Compute the digest for the signature. */
+ if (print) {
+ fprintf(stderr, "Computing digest.\n");
+ }
+ digest = malloc(digest_len = MD5_DIGEST_LENGTH);
+ MD5_Init(&md5);
+ MD5_Update(&md5, message, message_len);
+ MD5_Final(digest, &md5);
+
+ /* Generate a signing key. */
+ if (print) {
+ fprintf(stderr, "Generating key.\n");
+ }
+ rsa = RSA_generate_key(4096, 3, NULL, NULL);
+ ERR_print_errors_fp(stdout);
+ if (rsa == NULL) {
+ _exit(1);
+ }
+
+ /* Sign the data. */
+ correct_siglen = RSA_size(rsa);
+ correct_signature = malloc(correct_siglen);
+ for (i = 0; i < MAIN_COUNT; i++) {
+ if (print) {
+ fprintf(stderr, "Signing data (%d).\n", i);
+ }
+ ret = RSA_check_key(rsa);
+ ERR_print_errors_fp(stdout);
+ if (ret != 1) {
+ failure();
+ }
+ correct_siglen = RSA_size(rsa);
+ ret = RSA_sign(NID_md5, digest, digest_len,
+ correct_signature, &correct_siglen,
+ rsa);
+ ERR_print_errors_fp(stdout);
+ if (ret != 1) {
+ _exit(2);
+ }
+ if (print) {
+ fprintf(stderr, "Verifying data (%d).\n", i);
+ }
+ ret = RSA_verify(NID_md5, digest, digest_len,
+ correct_signature, correct_siglen,
+ rsa);
+ if (ret != 1) {
+ _exit(2);
+ }
+ }
+
+ /* Collect up the inforamtion which other threads will need for
+ * comparing their signature results with ours. */
+ master_args.rsa = rsa;
+ master_args.digest_type = NID_md5;
+ master_args.digest = digest;
+ master_args.digest_len = digest_len;
+ master_args.signature = correct_signature;
+ master_args.signature_len = correct_siglen;
+ master_args.main_thread = pthread_self();
+
+ fprintf(stdout, "Performing %d signatures in each of %d threads "
+ "(%d, %d).\n", ITERATION_COUNT, thread_count,
+ digest_len, correct_siglen);
+ fflush(NULL);
+
+ /* Start up all of the threads. */
+ for (i = 0; i < thread_count; i++) {
+ args = malloc(sizeof(struct thread_args));
+ args->rsa = RSAPrivateKey_dup(master_args.rsa);
+ args->digest_type = master_args.digest_type;
+ args->digest_len = master_args.digest_len;
+ args->digest = xmemdup(master_args.digest, args->digest_len);
+ args->signature_len = master_args.signature_len;
+ args->signature = xmemdup(master_args.signature,
+ args->signature_len);
+ args->main_thread = pthread_self();
+ ret = pthread_create(&threads[i], NULL, thread_main, args);
+ while ((ret != 0) && (errno == EAGAIN)) {
+ ret = pthread_create(&threads[i], NULL,
+ thread_main, &args);
+ fprintf(stderr, "Thread limit hit at %d.\n", i);
+ }
+ if (ret != 0) {
+ fprintf(stderr, "Unable to create thread %d: %s.\n",
+ i, strerror(errno));
+ threads[i] = -1;
+ } else {
+ if (sync) {
+ ret = pthread_join(threads[i], NULL);
+ assert(ret == 0);
+ }
+ if (print) {
+ fprintf(stderr, "%d\n", i);
+ }
+ }
+ }
+
+ /* Wait for all threads to complete. So long as we can find an
+ * unjoined thread, keep joining threads. */
+ do {
+ again = 0;
+ for (i = 0; i < thread_count; i++) {
+ /* If we have an unterminated thread, join it. */
+ if (threads[i] != -1) {
+ again = 1;
+ if (print) {
+ fprintf(stderr, "Joining thread %d.\n",
+ i);
+ }
+ pthread_join(threads[i], NULL);
+ threads[i] = -1;
+ break;
+ }
+ }
+ } while (again == 1);
+
+ fprintf(stderr, "%ld failures\n", failure_count);
+
+ return (failure_count != 0);
+}
--- /dev/null
+/* Prepended at openssl package build-time. Don't include this file directly,
+ * use <openssl/opensslconf.h> instead. */
+
+#ifndef openssl_opensslconf_multilib_redirection_h
+#error "Don't include this file directly, use <openssl/opensslconf.h> instead!"
+#endif
+
--- /dev/null
+/* This file is here to prevent a file conflict on multiarch systems. A
+ * conflict will frequently occur because arch-specific build-time
+ * configuration options are stored (and used, so they can't just be stripped
+ * out) in opensslconf.h. The original opensslconf.h has been renamed.
+ * DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */
+
+#ifdef openssl_opensslconf_multilib_redirection_h
+#error "Do not define openssl_opensslconf_multilib_redirection_h!"
+#endif
+#define openssl_opensslconf_multilib_redirection_h
+
+#if defined(__i386__)
+#include "opensslconf-i386.h"
+#elif defined(__ia64__)
+#include "opensslconf-ia64.h"
+#elif defined(__powerpc64__)
+#include "opensslconf-ppc64.h"
+#elif defined(__powerpc__)
+#include "opensslconf-ppc.h"
+#elif defined(__s390x__)
+#include "opensslconf-s390x.h"
+#elif defined(__s390__)
+#include "opensslconf-s390.h"
+#elif defined(__sparc__) && defined(__arch64__)
+#include "opensslconf-sparc64.h"
+#elif defined(__sparc__)
+#include "opensslconf-sparc.h"
+#elif defined(__x86_64__)
+#include "opensslconf-x86_64.h"
+#else
+#error "This openssl-devel package does not work your architecture?"
+#endif
+
+#undef openssl_opensslconf_multilib_redirection_h
git.annexia.org / fedora-mingw.git / commitdiff