From ffdd356d97a14083645853042fd39260f8e22956 Mon Sep 17 00:00:00 2001 From: Francis Dupont Date: Mon, 14 Apr 2014 14:55:05 +0200 Subject: [PATCH] OpenSSL 1.0.1f -> 1.0.1g --- ...nssl-1.0.1f-patch => openssl-1.0.1g-patch} | 60 +++++++++---------- win32utils/build.txt | 8 +-- 2 files changed, 34 insertions(+), 34 deletions(-) rename bin/pkcs11/{openssl-1.0.1f-patch => openssl-1.0.1g-patch} (99%) diff --git a/bin/pkcs11/openssl-1.0.1f-patch b/bin/pkcs11/openssl-1.0.1g-patch similarity index 99% rename from bin/pkcs11/openssl-1.0.1f-patch rename to bin/pkcs11/openssl-1.0.1g-patch index f492a11acb..e6797ebfa2 100644 --- a/bin/pkcs11/openssl-1.0.1f-patch +++ b/bin/pkcs11/openssl-1.0.1g-patch @@ -1,7 +1,7 @@ Index: openssl/Configure -diff -u openssl/Configure:1.9.2.1.2.1.2.1.2.1.2.1 openssl/Configure:1.14 ---- openssl/Configure:1.9.2.1.2.1.2.1.2.1.2.1 Tue Jan 7 09:44:50 2014 -+++ openssl/Configure Tue Jan 7 09:46:34 2014 +diff -u openssl/Configure:1.9.2.1.2.1.2.1.2.1.2.1.2.1 openssl/Configure:1.15 +--- openssl/Configure:1.9.2.1.2.1.2.1.2.1.2.1.2.1 Mon Apr 14 12:42:45 2014 ++++ openssl/Configure Mon Apr 14 12:44:20 2014 @@ -10,7 +10,7 @@ # see INSTALL for instructions. @@ -135,9 +135,9 @@ diff -u openssl/Configure:1.9.2.1.2.1.2.1.2.1.2.1 openssl/Configure:1.14 s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/; s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/; Index: openssl/Makefile.org -diff -u openssl/Makefile.org:1.5.2.1.2.1.2.1.2.1.2.1 openssl/Makefile.org:1.9 ---- openssl/Makefile.org:1.5.2.1.2.1.2.1.2.1.2.1 Tue Jan 7 09:44:51 2014 -+++ openssl/Makefile.org Tue Jan 7 09:46:34 2014 +diff -u openssl/Makefile.org:1.5.2.1.2.1.2.1.2.1.2.1.2.1 openssl/Makefile.org:1.10 +--- openssl/Makefile.org:1.5.2.1.2.1.2.1.2.1.2.1.2.1 Mon Apr 14 12:42:45 2014 ++++ openssl/Makefile.org Mon Apr 14 12:44:20 2014 @@ -26,6 +26,9 @@ INSTALL_PREFIX= INSTALLTOP=/usr/local/ssl @@ -150,7 +150,7 @@ diff -u openssl/Makefile.org:1.5.2.1.2.1.2.1.2.1.2.1 openssl/Makefile.org:1.9 Index: openssl/README.pkcs11 diff -u /dev/null openssl/README.pkcs11:1.8 ---- /dev/null Tue Jan 7 11:14:50 2014 +--- /dev/null Mon Apr 14 12:47:12 2014 +++ openssl/README.pkcs11 Fri Oct 4 14:16:43 2013 @@ -0,0 +1,266 @@ +ISC modified @@ -611,7 +611,7 @@ diff -u openssl/crypto/engine/Makefile:1.8.2.1.4.1 openssl/crypto/engine/Makefil tb_asnmth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h Index: openssl/crypto/engine/cryptoki.h diff -u /dev/null openssl/crypto/engine/cryptoki.h:1.4 ---- /dev/null Tue Jan 7 11:14:51 2014 +--- /dev/null Mon Apr 14 12:47:12 2014 +++ openssl/crypto/engine/cryptoki.h Thu Dec 18 00:14:12 2008 @@ -0,0 +1,103 @@ +/* @@ -755,7 +755,7 @@ diff -u openssl/crypto/engine/engine.h:1.5.2.1.4.1 openssl/crypto/engine/engine. #endif Index: openssl/crypto/engine/hw_pk11.c diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.33 ---- /dev/null Tue Jan 7 11:14:51 2014 +--- /dev/null Mon Apr 14 12:47:12 2014 +++ openssl/crypto/engine/hw_pk11.c Fri Oct 4 14:07:41 2013 @@ -0,0 +1,4010 @@ +/* @@ -4770,7 +4770,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.33 +#endif /* OPENSSL_NO_HW */ Index: openssl/crypto/engine/hw_pk11_err.c diff -u /dev/null openssl/crypto/engine/hw_pk11_err.c:1.5 ---- /dev/null Tue Jan 7 11:14:51 2014 +--- /dev/null Mon Apr 14 12:47:13 2014 +++ openssl/crypto/engine/hw_pk11_err.c Tue Jun 14 00:43:26 2011 @@ -0,0 +1,288 @@ +/* @@ -5063,7 +5063,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11_err.c:1.5 +} Index: openssl/crypto/engine/hw_pk11_err.h diff -u /dev/null openssl/crypto/engine/hw_pk11_err.h:1.13 ---- /dev/null Tue Jan 7 11:14:51 2014 +--- /dev/null Mon Apr 14 12:47:13 2014 +++ openssl/crypto/engine/hw_pk11_err.h Fri Oct 4 14:04:20 2013 @@ -0,0 +1,440 @@ +/* @@ -5508,7 +5508,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11_err.h:1.13 +#endif /* HW_PK11_ERR_H */ Index: openssl/crypto/engine/hw_pk11_pub.c diff -u /dev/null openssl/crypto/engine/hw_pk11_pub.c:1.42 ---- /dev/null Tue Jan 7 11:14:51 2014 +--- /dev/null Mon Apr 14 12:47:13 2014 +++ openssl/crypto/engine/hw_pk11_pub.c Fri Oct 4 14:27:06 2013 @@ -0,0 +1,3556 @@ +/* @@ -9069,7 +9069,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11_pub.c:1.42 +#endif /* OPENSSL_NO_HW */ Index: openssl/crypto/engine/hw_pk11ca.h diff -u /dev/null openssl/crypto/engine/hw_pk11ca.h:1.4 ---- /dev/null Tue Jan 7 11:14:51 2014 +--- /dev/null Mon Apr 14 12:47:13 2014 +++ openssl/crypto/engine/hw_pk11ca.h Wed Jun 15 21:12:20 2011 @@ -0,0 +1,32 @@ +/* Redefine all pk11/PK11 external symbols to pk11ca/PK11CA */ @@ -9106,7 +9106,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11ca.h:1.4 +#define ENGINE_load_pk11 ENGINE_load_pk11ca Index: openssl/crypto/engine/hw_pk11so.c diff -u /dev/null openssl/crypto/engine/hw_pk11so.c:1.8 ---- /dev/null Tue Jan 7 11:14:51 2014 +--- /dev/null Mon Apr 14 12:47:13 2014 +++ openssl/crypto/engine/hw_pk11so.c Fri Oct 4 14:05:16 2013 @@ -0,0 +1,1775 @@ +/* @@ -10886,7 +10886,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11so.c:1.8 +#endif /* OPENSSL_NO_HW */ Index: openssl/crypto/engine/hw_pk11so.h diff -u /dev/null openssl/crypto/engine/hw_pk11so.h:1.4 ---- /dev/null Tue Jan 7 11:14:51 2014 +--- /dev/null Mon Apr 14 12:47:13 2014 +++ openssl/crypto/engine/hw_pk11so.h Wed Jun 15 21:12:20 2011 @@ -0,0 +1,32 @@ +/* Redefine all pk11/PK11 external symbols to pk11so/PK11SO */ @@ -10923,7 +10923,7 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11so.h:1.4 +#define ENGINE_load_pk11 ENGINE_load_pk11so Index: openssl/crypto/engine/hw_pk11so_pub.c diff -u /dev/null openssl/crypto/engine/hw_pk11so_pub.c:1.10 ---- /dev/null Tue Jan 7 11:14:51 2014 +--- /dev/null Mon Apr 14 12:47:13 2014 +++ openssl/crypto/engine/hw_pk11so_pub.c Fri Oct 4 14:05:38 2013 @@ -0,0 +1,1642 @@ +/* @@ -12570,11 +12570,11 @@ diff -u /dev/null openssl/crypto/engine/hw_pk11so_pub.c:1.10 +#endif /* OPENSSL_NO_HW */ Index: openssl/crypto/engine/pkcs11.h diff -u /dev/null openssl/crypto/engine/pkcs11.h:1.1.1.1 ---- /dev/null Tue Jan 7 11:14:51 2014 +--- /dev/null Mon Apr 14 12:47:13 2014 +++ openssl/crypto/engine/pkcs11.h Wed Oct 24 23:27:09 2007 @@ -0,0 +1,299 @@ +/* pkcs11.h include file for PKCS #11. */ -+/* $Revision: 1.1.1.1 $ */ ++/* $Revision$ */ + +/* License to copy and use this software is granted provided that it is + * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface @@ -12874,11 +12874,11 @@ diff -u /dev/null openssl/crypto/engine/pkcs11.h:1.1.1.1 +#endif Index: openssl/crypto/engine/pkcs11f.h diff -u /dev/null openssl/crypto/engine/pkcs11f.h:1.1.1.1 ---- /dev/null Tue Jan 7 11:14:51 2014 +--- /dev/null Mon Apr 14 12:47:13 2014 +++ openssl/crypto/engine/pkcs11f.h Wed Oct 24 23:27:09 2007 @@ -0,0 +1,912 @@ +/* pkcs11f.h include file for PKCS #11. */ -+/* $Revision: 1.1.1.1 $ */ ++/* $Revision$ */ + +/* License to copy and use this software is granted provided that it is + * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface @@ -13791,11 +13791,11 @@ diff -u /dev/null openssl/crypto/engine/pkcs11f.h:1.1.1.1 +#endif Index: openssl/crypto/engine/pkcs11t.h diff -u /dev/null openssl/crypto/engine/pkcs11t.h:1.2 ---- /dev/null Tue Jan 7 11:14:51 2014 +--- /dev/null Mon Apr 14 12:47:13 2014 +++ openssl/crypto/engine/pkcs11t.h Sat Aug 30 11:58:07 2008 @@ -0,0 +1,1885 @@ +/* pkcs11t.h include file for PKCS #11. */ -+/* $Revision: 1.2 $ */ ++/* $Revision$ */ + +/* License to copy and use this software is granted provided that it is + * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface @@ -15680,10 +15680,10 @@ diff -u /dev/null openssl/crypto/engine/pkcs11t.h:1.2 + +#endif Index: openssl/util/libeay.num -diff -u openssl/util/libeay.num:1.8.2.1.4.1.2.1 openssl/util/libeay.num:1.11 ---- openssl/util/libeay.num:1.8.2.1.4.1.2.1 Wed May 15 11:47:13 2013 -+++ openssl/util/libeay.num Wed May 15 11:57:43 2013 -@@ -4311,3 +4311,5 @@ +diff -u openssl/util/libeay.num:1.8.2.1.4.1.2.1.4.1 openssl/util/libeay.num:1.12 +--- openssl/util/libeay.num:1.8.2.1.4.1.2.1.4.1 Mon Apr 14 12:42:50 2014 ++++ openssl/util/libeay.num Mon Apr 14 12:44:22 2014 +@@ -4312,3 +4312,5 @@ BIO_s_datagram_sctp 4680 EXIST::FUNCTION:DGRAM,SCTP BIO_dgram_is_sctp 4681 EXIST::FUNCTION:SCTP BIO_dgram_sctp_notification_cb 4682 EXIST::FUNCTION:SCTP @@ -15770,10 +15770,10 @@ diff -u openssl/util/mkdef.pl:1.7.2.1.4.1 openssl/util/mkdef.pl:1.9 if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; } if ($keyword eq "GMP" && $no_gmp) { return 0; } Index: openssl/util/pl/VC-32.pl -diff -u openssl/util/pl/VC-32.pl:1.7.2.1.4.1.2.1 openssl/util/pl/VC-32.pl:1.9 ---- openssl/util/pl/VC-32.pl:1.7.2.1.4.1.2.1 Wed May 15 11:47:13 2013 -+++ openssl/util/pl/VC-32.pl Wed May 15 11:57:43 2013 -@@ -46,7 +46,7 @@ +diff -u openssl/util/pl/VC-32.pl:1.7.2.1.4.1.2.1.4.1 openssl/util/pl/VC-32.pl:1.10 +--- openssl/util/pl/VC-32.pl:1.7.2.1.4.1.2.1.4.1 Mon Apr 14 12:42:50 2014 ++++ openssl/util/pl/VC-32.pl Mon Apr 14 12:44:22 2014 +@@ -48,7 +48,7 @@ my $f = $shlib || $fips ?' /MD':' /MT'; $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib $opt_cflags=$f.' /Ox'; diff --git a/win32utils/build.txt b/win32utils/build.txt index 648e1756de..c5b9ca2f87 100644 --- a/win32utils/build.txt +++ b/win32utils/build.txt @@ -41,15 +41,15 @@ Step 1: Download and build OpenSSL Download and untar the OpenSSL sources from http://www.openssl.org/. Extract them at in the same directory in which you extracted the BIND 9 source: If BIND 9 is in \build\bind-9.10.0, for instance, OpenSSL should - be in \build\openssl-1.0.1f (subject to version number changes). + be in \build\openssl-1.0.1g (subject to version number changes). Note: Building OpenSSL requires that you install Perl as it uses it during its build process. The following commands work as of - openssl-1.0.1f, but you should check the OpenSSL distribution to see + openssl-1.0.1g, but you should check the OpenSSL distribution to see if the build instructions in the INSTALL.W32 (or INSTALL.W64) file have changed, in particular for the assembler options: - cd openssl-1.0.1f + cd openssl-1.0.1g perl Configure --prefix=c:/openssl enable-static-engine VC-WIN32 ms\do_ms nmake /f ms\ntdll.mak @@ -62,7 +62,7 @@ Step 1: Download and build OpenSSL If you wish to use PKCS #11 to control a cryptographic hardware service module, please see "PKCS #11 (Cryptoki) support" in chapter 4 of the BIND 9 Administrator Reference Guide. You will need to apply - the patch in bind9\bin\pkcs11\openssl-1.0.1f-patch (this can be done + the patch in bind9\bin\pkcs11\openssl-1.0.1g-patch (this can be done using the Cygwin 'patch' utility) and add --pk11-libname and --pk11-flavor to the Configure command above.