2019-12-31 Juan Manuel Guerrero * Configure: -march=i386 -mtune=i586 flags added to CFLAGS. Added DJGPP_DEBUG flag to CFLAGS. Adjust openssldir for DJGPP. * crypto/rand/rand_unix.c [OPENSSL_SYS_MSDOS]: New DJGPP specific function RAND_poll to replace the unix version used previously. As the unix one it uses /dev/urandom or/dev/random as entropy source. If this fails it tries generate psuedo entropy using rand48 and rawclock data as seed. This code exists only for debugging purposes!!! It is selected by defining the DJGPP_DEBUG macro in the Configure script. * demos/bio/Makefile: -march=i386 -mtune=i586 flags added to CFLAGS. * demos/prime/Makefile: -march=i386 -mtune=i586 flags added to CFLAGS. * demos/sign/Makefile: -march=i386 -mtune=i586 flags added to CFLAGS. * demos/state_machine/Makefile: -march=i386 -mtune=i586 flags added to CFLAGS. * demos/state_machine/Makefile: Adjust for use with DJGPP. * tools/Makefile: Add INSTALL_OPENSSLDIR to variable list to pass to recursive makefiles. * apps/Makefile: Add INSTALL_OPENSSLDIR to variable list to pass to recursive makefiles. * Makefile.org: Use INSTALL_OPENSSLDIR, INSTALL_MANDIR and INSTALL_HTMLDIR for installing into DJGPP installation tree. * demos/bio/Makefile: Adjust for use with DJGPP. * demos/prime/Makefile: Adjust for use with DJGPP. * demos/sign/Makefile: Adjust for use with DJGPP. diff -aprNU5 openssl-1.0.2u.orig/apps/Makefile openssl-1.0.2u/apps/Makefile --- openssl-1.0.2u.orig/apps/Makefile 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/apps/Makefile 2019-12-31 12:24:24 +0000 @@ -110,17 +110,17 @@ install: mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ done; @set -e; for i in $(SCRIPTS); \ do \ (echo installing $$i; \ - cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \ - chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \ + cp $$i $(INSTALL_PREFIX)$(INSTALL_OPENSSLDIR)/misc/$$i.new; \ + chmod 755 $(INSTALL_PREFIX)$(INSTALL_OPENSSLDIR)/misc/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALL_OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(INSTALL_OPENSSLDIR)/misc/$$i ); \ done - @cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \ - chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \ - mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf + @cp openssl.cnf $(INSTALL_PREFIX)$(INSTALL_OPENSSLDIR)/openssl.cnf.new; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALL_OPENSSLDIR)/openssl.cnf.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALL_OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(INSTALL_OPENSSLDIR)/openssl.cnf tags: ctags $(SRC) tests: diff -aprNU5 openssl-1.0.2u.orig/Configure openssl-1.0.2u/Configure --- openssl-1.0.2u.orig/Configure 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/Configure 2019-12-31 12:24:24 +0000 @@ -633,11 +633,16 @@ my %table=( "netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", "netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", "netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", # DJGPP -"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", +# This is for gcc 4.3.0 or higher. +"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fgnu89-inline -march=i386 -mtune=i586 -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", +# This is other versions. +#"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -march=i386 -mtune=i586 -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", +# This is for debugging purposes. +#"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fgnu89-inline -march=i386 -mtune=i586 -save-temps -O0 -g2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", # Ultrix from Bernhard Simon "ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::", "ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::BN_LLONG::::", # K&R C is no longer supported; you need gcc on old Ultrix installations @@ -1207,12 +1212,17 @@ my $make = $ENV{'MAKE'} || "make"; $cross_compile_prefix=$ENV{'CROSS_COMPILE'} if $cross_compile_prefix eq ""; chop $openssldir if $openssldir =~ /\/$/; chop $prefix if $prefix =~ /.\/$/; -$openssldir=$prefix . "/ssl" if $openssldir eq ""; -$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/; +if ($^O eq 'dos') { + # For DJGPP. + $openssldir=$prefix . "/share/ssl" if $openssldir eq ""; +} else { + $openssldir=$prefix . "/ssl" if $openssldir eq ""; + $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/; +} print "IsMK1MF=$IsMK1MF\n"; my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); @@ -1746,10 +1756,14 @@ while () s/^AR=\s*ar/AR= $ar/; s/^RANLIB=.*/RANLIB= $ranlib/; s/^RC=.*/RC= $windres/; s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc_as_makedepend; } +# if ($target =~ /^DJGPP/) +# { +# s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; +# } s/^CFLAG=.*$/CFLAG= $cflags/; s/^DEPFLAG=.*$/DEPFLAG=$depflags/; s/^PEX_LIBS=.*$/PEX_LIBS= $prelflags/; s/^EX_LIBS=.*$/EX_LIBS= $lflags/; s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/; diff -aprNU5 openssl-1.0.2u.orig/crypto/rand/rand_unix.c openssl-1.0.2u/crypto/rand/rand_unix.c --- openssl-1.0.2u.orig/crypto/rand/rand_unix.c 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/crypto/rand/rand_unix.c 2019-12-31 12:24:24 +0000 @@ -220,10 +220,176 @@ int RAND_poll(void) RAND_add(&v, sizeof(v), 1); v = 0; } return 1; } +# elif defined(DJGPP_DEBUG) +/* +# elif defined(OPENSSL_SYS_MSDOS) +*/ +int RAND_poll(void) +{ + unsigned long l; + pid_t curr_pid = getpid(); +# if defined(DEVRANDOM) + unsigned char tmpbuf[ENTROPY_NEEDED]; + int n = 0; +# endif +# ifdef DEVRANDOM + static const char *randomfiles[] = { DEVRANDOM }; + struct stat randomstats[sizeof(randomfiles) / sizeof(randomfiles[0])]; + int fd; + unsigned int i; +# endif + +# ifdef DEVRANDOM + memset(randomstats, 0, sizeof(randomstats)); + /* + * Use a random entropy pool device. Linux, FreeBSD and OpenBSD have + * this. Use /dev/urandom if you can as /dev/random may block if it runs + * out of random entries. + */ + + for (i = 0; (i < sizeof(randomfiles) / sizeof(randomfiles[0])) && + (n < ENTROPY_NEEDED); i++) { + if ((fd = open(randomfiles[i], O_RDONLY +# ifdef O_NONBLOCK + | O_NONBLOCK +# endif +# ifdef O_BINARY + | O_BINARY +# endif +# ifdef O_NOCTTY /* If it happens to be a TTY (god forbid), do + * not make it our controlling tty */ + | O_NOCTTY +# endif + )) >= 0) { + int usec = 10 * 1000; /* spend 10ms on each file */ + int r; + unsigned int j; + struct stat *st = &randomstats[i]; + + /* + * Avoid using same input... Used to be O_NOFOLLOW above, but + * it's not universally appropriate... + */ + if (fstat(fd, st) != 0) { + close(fd); + continue; + } + for (j = 0; j < i; j++) { + if (randomstats[j].st_ino == st->st_ino && + randomstats[j].st_dev == st->st_dev) + break; + } + if (j < i) { + close(fd); + continue; + } + + do { + int try_read = 0; + + /* use select() */ + fd_set fset; + struct timeval t; + + t.tv_sec = 0; + t.tv_usec = usec; + + if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE) { + /* + * can't use select, so just try to read once anyway + */ + try_read = 1; + } else { + FD_ZERO(&fset); + FD_SET(fd, &fset); + + if (select(fd + 1, &fset, NULL, NULL, &t) >= 0) { + usec = t.tv_usec; + if (FD_ISSET(fd, &fset)) + try_read = 1; + } else + usec = 0; + } + + if (try_read) { + r = read(fd, (unsigned char *)tmpbuf + n, + ENTROPY_NEEDED - n); + if (r > 0) + n += r; + } else + r = -1; + + /* + * Some Unixen will update t in select(), some won't. For + * those who won't, or if we didn't use select() in the first + * place, give up here, otherwise, we will do this once again + * for the remaining time. + */ + if (usec == 10 * 1000) + usec = 0; + } + while ((r > 0 || + (errno == EINTR || errno == EAGAIN)) && usec != 0 + && n < ENTROPY_NEEDED); + + close(fd); + } + } +# endif /* defined(DEVRANDOM) */ + +# if defined(DEVRANDOM) + if (n > 0) { + RAND_add(tmpbuf, sizeof tmpbuf, (double)n); + OPENSSL_cleanse(tmpbuf, n); + } +# endif + + if (n > 0) { + /* put in some default random data, we need more than just this */ + + l = curr_pid; + RAND_add(&l, sizeof(l), 0.0); + l = getuid(); + RAND_add(&l, sizeof(l), 0.0); + l = time(NULL); + RAND_add(&l, sizeof(l), 0.0); + } else { + unsigned char v; + + + /* + * Seed with the gid, pid, and uid, to ensure *some* variation between + * different processes. + */ + + l = curr_pid; + RAND_add(&l, sizeof(l), 1); + l = getuid(); + RAND_add(&l, sizeof(l), 1); + l = time(NULL); + RAND_add(&l, sizeof(l), 1); + + for (i = 0; i < (ENTROPY_NEEDED * 4); i++) { + srand48(rawclock() ^ i ^ l); + l = lrand48(); + + /* take 8 bits */ + v = (unsigned char)(l % 256); + RAND_add(&v, sizeof v, 1); + } + } + + +# if defined(DEVRANDOM) + return 1; +# else + return 0; +# endif +} # elif defined __OpenBSD__ int RAND_poll(void) { u_int32_t rnd = 0, i; unsigned char buf[ENTROPY_NEEDED]; diff -aprNU5 openssl-1.0.2u.orig/demos/bio/Makefile openssl-1.0.2u/demos/bio/Makefile --- openssl-1.0.2u.orig/demos/bio/Makefile 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/demos/bio/Makefile 2019-12-31 12:24:24 +0000 @@ -1,22 +1,23 @@ -CC=cc -CFLAGS= -g -I../../include -LIBS= -L../.. ../../libssl.a ../../libcrypto.a -ldl -EXAMPLES=saccept sconnect client-arg client-conf +CC=gcc +CFLAGS= -g2 -O0 -fgnu89-inline -march=i386 -mtune=i586 -I../../include +LIBS= -L../.. ../../libssl.a ../../libcrypto.a /dev/env/DJDIR/net/watt/lib/libwatt.a -lz +EXE=.exe +EXAMPLES=saccept$(EXE) sconnect$(EXE) client-arg$(EXE) client-conf$(EXE) all: $(EXAMPLES) -saccept: saccept.o - $(CC) -o saccept saccept.o $(LIBS) +saccept$(EXE): saccept.o + $(CC) -o saccept$(EXE) saccept.o $(LIBS) -sconnect: sconnect.o - $(CC) -o sconnect sconnect.o $(LIBS) +sconnect$(EXE): sconnect.o + $(CC) -o sconnect$(EXE) sconnect.o $(LIBS) -client-arg: client-arg.o - $(CC) -o client-arg client-arg.o $(LIBS) +client-arg$(EXE): client-arg.o + $(CC) -o client-arg$(EXE) client-arg.o $(LIBS) -client-conf: client-conf.o - $(CC) -o client-conf client-conf.o $(LIBS) +client-conf$(EXE): client-conf.o + $(CC) -o client-conf$(EXE) client-conf.o $(LIBS) clean: rm -f $(EXAMPLES) *.o diff -aprNU5 openssl-1.0.2u.orig/demos/prime/Makefile openssl-1.0.2u/demos/prime/Makefile --- openssl-1.0.2u.orig/demos/prime/Makefile 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/demos/prime/Makefile 2019-12-31 12:24:24 +0000 @@ -1,14 +1,15 @@ -CC=cc -CFLAGS= -g -I../../include -Wall -LIBS= -L../.. -lcrypto -EXAMPLES=prime +CC=gcc +CFLAGS= -g2 -O0 -fgnu89-inline -march=i386 -mtune=i586 -I../../include -Wall +LIBS= -L../.. -lcrypto /dev/env/DJDIR/net/watt/lib/libwatt.a -lz +EXE=.exe +EXAMPLES=prime$(EXE) all: $(EXAMPLES) -prime: prime.o - $(CC) -o prime prime.o $(LIBS) +prime$(EXE): prime.o + $(CC) -o prime$(EXE) prime.o $(LIBS) clean: rm -f $(EXAMPLES) *.o test: all diff -aprNU5 openssl-1.0.2u.orig/demos/sign/Makefile openssl-1.0.2u/demos/sign/Makefile --- openssl-1.0.2u.orig/demos/sign/Makefile 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/demos/sign/Makefile 2019-12-31 12:24:24 +0000 @@ -1,14 +1,15 @@ -CC=cc -CFLAGS= -g -I../../include -Wall -LIBS= -L../.. -lcrypto -EXAMPLES=sign +CC=gcc +CFLAGS= -g2 -O0 -fgnu89-inline -march=i386 -mtune=i586 -I../../include -Wall +LIBS= -L../.. -lcrypto /dev/env/DJDIR/net/watt/lib/libwatt.a -lz +EXE=.exe +EXAMPLES=sign$(EXE) all: $(EXAMPLES) -sign: sign.o - $(CC) -o sign sign.o $(LIBS) +sign$(EXE): sign.o + $(CC) -o sign$(EXE) sign.o $(LIBS) clean: rm -f $(EXAMPLES) *.o test: all diff -aprNU5 openssl-1.0.2u.orig/demos/state_machine/Makefile openssl-1.0.2u/demos/state_machine/Makefile --- openssl-1.0.2u.orig/demos/state_machine/Makefile 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/demos/state_machine/Makefile 2019-12-31 12:24:24 +0000 @@ -1,9 +1,10 @@ -CFLAGS=-I../../include -Wall -Werror -g +CFLAGS=-I../../include -Wall -g2 -O0 -fgnu89-inline -march=i386 -mtune=i586 +EXE=.exe -all: state_machine +all: state_machine$(EXE) -state_machine: state_machine.o - $(CC) -o state_machine state_machine.o -L../.. -lssl -lcrypto +state_machine$(EXE): state_machine.o + $(CC) -o state_machine$(EXE) state_machine.o -L../.. -lssl -lcrypto /dev/env/DJDIR/net/watt/lib/libwatt.a -lz test: state_machine ./state_machine 10000 ../../apps/server.pem ../../apps/server.pem diff -aprNU5 openssl-1.0.2u.orig/Makefile.org openssl-1.0.2u/Makefile.org --- openssl-1.0.2u.orig/Makefile.org 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/Makefile.org 2019-12-31 12:24:24 +0000 @@ -157,10 +157,13 @@ SDIRS= \ # should be performed. TESTS = alltests MAKEFILE= Makefile +INSTALL_OPENSSLDIR=$(INSTALLTOP)/share/ssl +INSTALL_HTMLDIR=$(INSTALLTOP)/share/ssl/html +INSTALL_MANDIR=$(INSTALLTOP)/share/ssl/man MANDIR=$(OPENSSLDIR)/man MAN1=1 MAN3=3 MANSUFFIX= HTMLSUFFIX=html @@ -214,11 +217,11 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM) CROSS_COMPILE='$(CROSS_COMPILE)' \ PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \ SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \ INSTALL_PREFIX='$(INSTALL_PREFIX)' \ INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)' \ - LIBDIR='$(LIBDIR)' \ + INSTALL_OPENSSLDIR='$(INSTALL_OPENSSLDIR)' LIBDIR='$(LIBDIR)' \ MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \ DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \ MAKEDEPPROG='$(MAKEDEPPROG)' \ SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \ KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \ @@ -538,21 +541,22 @@ tar-snap: $(TARFILE).list dist: $(PERL) Configure dist @$(MAKE) SDIRS='$(SDIRS)' clean @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar -install: all install_docs install_sw +# install: all install_docs install_sw +install: install_html_docs install_docs install_sw install_sw: @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/private + $(INSTALL_PREFIX)$(INSTALL_OPENSSLDIR)/misc \ + $(INSTALL_PREFIX)$(INSTALL_OPENSSLDIR)/certs \ + $(INSTALL_PREFIX)$(INSTALL_OPENSSLDIR)/private @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ done; @@ -620,34 +624,34 @@ install_html_docs: filecase=; \ case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \ filecase=-i; \ esac; \ for subdir in apps crypto ssl; do \ - mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \ + mkdir -p $(INSTALL_PREFIX)$(INSTALL_HTMLDIR)/$$subdir; \ for i in doc/$$subdir/*.pod; do \ fn=`basename $$i .pod`; \ echo "installing html/$$fn.$(HTMLSUFFIX)"; \ cat $$i \ | sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \ | pod2html --podroot=doc --htmlroot=.. --podpath=apps:crypto:ssl \ | sed -r 's/ $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \ + > $(INSTALL_PREFIX)$(INSTALL_HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ grep -v $$filecase "^$$fn\$$" | \ - (cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \ + (cd $(INSTALL_PREFIX)$(INSTALL_HTMLDIR)/$$subdir; \ while read n; do \ PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \ done); \ done; \ done install_docs: @$(PERL) $(TOP)/util/mkdir-p.pl \ - $(INSTALL_PREFIX)$(MANDIR)/man1 \ - $(INSTALL_PREFIX)$(MANDIR)/man3 \ - $(INSTALL_PREFIX)$(MANDIR)/man5 \ - $(INSTALL_PREFIX)$(MANDIR)/man7 + $(INSTALL_PREFIX)$(INSTALL_MANDIR)/man1 \ + $(INSTALL_PREFIX)$(INSTALL_MANDIR)/man3 \ + $(INSTALL_PREFIX)$(INSTALL_MANDIR)/man5 \ + $(INSTALL_PREFIX)$(INSTALL_MANDIR)/man7 @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ here="`pwd`"; \ filecase=; \ case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \ filecase=-i; \ @@ -658,15 +662,15 @@ install_docs: echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$$pod2man \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ - > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ + > $(INSTALL_PREFIX)$(INSTALL_MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ (grep -v $$filecase "^$$fn\$$"; true) | \ (grep -v "[ ]"; true) | \ - (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ + (cd $(INSTALL_PREFIX)$(INSTALL_MANDIR)/man$$sec/; \ while read n; do \ PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ done); \ done; \ set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \ @@ -675,15 +679,15 @@ install_docs: echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$$pod2man \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ - > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ + > $(INSTALL_PREFIX)$(INSTALL_MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ (grep -v $$filecase "^$$fn\$$"; true) | \ (grep -v "[ ]"; true) | \ - (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ + (cd $(INSTALL_PREFIX)$(INSTALL_MANDIR)/man$$sec/; \ while read n; do \ PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ done); \ done diff -aprNU5 openssl-1.0.2u.orig/tools/Makefile openssl-1.0.2u/tools/Makefile --- openssl-1.0.2u.orig/tools/Makefile 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/tools/Makefile 2019-12-31 12:24:24 +0000 @@ -26,13 +26,13 @@ install: chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ done; @for i in $(MISC_APPS) ; \ do \ - (cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \ - chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \ + (cp $$i $(INSTALL_PREFIX)$(INSTALL_OPENSSLDIR)/misc/$$i.new; \ + chmod 755 $(INSTALL_PREFIX)$(INSTALL_OPENSSLDIR)/misc/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALL_OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(INSTALL_OPENSSLDIR)/misc/$$i ); \ done; files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO This is the patch submitted to the OpenSSL maintainers to fix and improve certain DJGPP specific issues and to support the upcomming Watt-32 version. The maintainers have committed these changes into the 1.1.0 version but they will not be committed into any of the maintenance 1.0.N versions. 2019-12-31 Juan Manuel Guerrero * Configure: Replaced -DTERMIO by -DTERMIOS in CFLAGS. * crypto/bio/bss_dgram.c [WATT32]: Remove obsolete redefinition of function names: sock_write, sock_read and sock_puts. * crypto/bio/bss_sock.c [WATT32]: For Watt-32 2.2.11 sock_write, sock_read and sock_puts are redefined to their private names so their names must be undefined first before they can be redefined again. * crypto/bio/bss_file.c (file_fopen) [OPENSSL_SYS_MSDOS]: Call dosify_filename to replace leading dot if file system does not support it. (dosify_filename): Replace leading dot in passed file name if file system does not support LFN. Replace all leading dots in the dirname part and the basname part of the file name. * e_os.h [__DJGPP__]: Undefine macro DEVRANDOM_EGD. Neither MS-DOS nor FreeDOS provide 'egd' sockets. New macro HAS_LFN_SUPPORT checks if underlying file system supports long file names or not. * util/mklink.pl: Do not use symlinks for DJGPP. * INSTALL.DJGPP: Update URL of WATT-32 library. * Configure: -fgnu89-inline flag added to CFLAGS depending on compiler version used. * demos/bio/Makefile: -fgnu89-inline flag added to CFLAGS depending on compiler version used. * demos/prime/Makefile: -fgnu89-inline flag added to CFLAGS depending on compiler version used. * demos/sign/Makefile: -fgnu89-inline flag added to CFLAGS depending on compiler version used. * demos/state_machine/Makefile: -fgnu89-inline flag added to CFLAGS depending on compiler version used. diff -aprNU5 openssl-1.0.2u.orig/Configure openssl-1.0.2u/Configure --- openssl-1.0.2u.orig/Configure 2019-12-31 12:24:24 +0000 +++ openssl-1.0.2u/Configure 2019-12-31 12:30:58 +0000 @@ -633,16 +633,11 @@ my %table=( "netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", "netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", "netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", # DJGPP -# This is for gcc 4.3.0 or higher. -"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fgnu89-inline -march=i386 -mtune=i586 -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", -# This is other versions. -#"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -march=i386 -mtune=i586 -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", -# This is for debugging purposes. -#"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fgnu89-inline -march=i386 -mtune=i586 -save-temps -O0 -g2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", +"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", # Ultrix from Bernhard Simon "ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::", "ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::BN_LLONG::::", # K&R C is no longer supported; you need gcc on old Ultrix installations @@ -1544,10 +1539,33 @@ if ($sys_id ne "") if ($ranlib eq "") { $ranlib = $default_ranlib; } +# DJGPP specific CFLAG adjustments +if ($target =~ /^DJGPP/) + { + my $gccver=0; + if (open(FD,"$cc --version |")) + { + while() { $gccver=$1 if (/ (([1-3])\.|4\.([0-1])([.0-9]*))/); } + close(FD); + } + if ($gccver==0) + { + # For gcc 4.3.0 and above ensure that always old GNU extern inline semantics + # are used (aka -fgnu89-inline) even if ISO C99 semantics has been specified. + $cflags=~s/-fomit-frame-pointer/-fgnu89-inline -march=i386 -mtune=i586 -fomit-frame-pointer/; + } + else + { + $cflags=~s/-fomit-frame-pointer/-march=i386 -mtune=i586 -fomit-frame-pointer/; + } + # This is for debugging purposes. + # $cflags=~s/-fomit-frame-pointer -O2/-save-temps -O0 -g2 -DDJGPP_DEBUG/; + } + #my ($bn1)=split(/\s+/,$bn_obj); #$bn1 = "" unless defined $bn1; #$bn1=$bn_asm unless ($bn1 =~ /\.o$/); #$bn_obj="$bn1"; diff -aprNU5 openssl-1.0.2u.orig/crypto/bio/bss_dgram.c openssl-1.0.2u/crypto/bio/bss_dgram.c --- openssl-1.0.2u.orig/crypto/bio/bss_dgram.c 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/crypto/bio/bss_dgram.c 2019-12-31 12:30:58 +0000 @@ -92,16 +92,10 @@ (((a)->s6_addr32[0] == 0) && \ ((a)->s6_addr32[1] == 0) && \ ((a)->s6_addr32[2] == htonl(0x0000ffff))) # endif -# ifdef WATT32 -# define sock_write SockWrite /* Watt-32 uses same names */ -# define sock_read SockRead -# define sock_puts SockPuts -# endif - static int dgram_write(BIO *h, const char *buf, int num); static int dgram_read(BIO *h, char *buf, int size); static int dgram_puts(BIO *h, const char *str); static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int dgram_new(BIO *h); diff -aprNU5 openssl-1.0.2u.orig/crypto/bio/bss_file.c openssl-1.0.2u/crypto/bio/bss_file.c --- openssl-1.0.2u.orig/crypto/bio/bss_file.c 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/crypto/bio/bss_file.c 2019-12-31 12:30:58 +0000 @@ -93,10 +93,14 @@ # include # endif # if !defined(OPENSSL_NO_STDIO) +#ifdef OPENSSL_SYS_MSDOS +# include +static void dosify_filename(const char *filename); +#endif static int MS_CALLBACK file_write(BIO *h, const char *buf, int num); static int MS_CALLBACK file_read(BIO *h, char *buf, int size); static int MS_CALLBACK file_puts(BIO *h, const char *str); static int MS_CALLBACK file_gets(BIO *h, char *str, int size); static long MS_CALLBACK file_ctrl(BIO *h, int cmd, long arg1, void *arg2); @@ -159,10 +163,13 @@ static FILE *file_fopen(const char *file } } else if (GetLastError() == ERROR_NO_UNICODE_TRANSLATION) { file = fopen(filename, mode); } # else +# ifdef OPENSSL_SYS_MSDOS + dosify_filename(filename); +# endif file = fopen(filename, mode); # endif return (file); } @@ -484,8 +491,25 @@ static int MS_CALLBACK file_puts(BIO *bp n = strlen(str); ret = file_write(bp, str, n); return (ret); } +# ifdef OPENSSL_SYS_MSDOS +static void dosify_filename(const char *filename) +{ + if (filename && *filename && !HAS_LFN_SUPPORT(filename)) { + char *nextchar = unconst(filename, char *); + + do { + if (nextchar[0] == '/' && nextchar[2] != '.' && nextchar[2] != '/') { + + /* Leading dot not allowed on plain DOS. */ + if (nextchar[1] == '.') + *++nextchar = '_'; + } + } while (*++nextchar); + } +} +# endif # endif /* OPENSSL_NO_STDIO */ #endif /* HEADER_BSS_FILE_C */ diff -aprNU5 openssl-1.0.2u.orig/crypto/bio/bss_sock.c openssl-1.0.2u/crypto/bio/bss_sock.c --- openssl-1.0.2u.orig/crypto/bio/bss_sock.c 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/crypto/bio/bss_sock.c 2019-12-31 12:30:58 +0000 @@ -64,11 +64,15 @@ #ifndef OPENSSL_NO_SOCK # include # ifdef WATT32 -# define sock_write SockWrite /* Watt-32 uses same names */ +/* Watt-32 uses same names */ +# undef sock_write +# undef sock_read +# undef sock_puts +# define sock_write SockWrite # define sock_read SockRead # define sock_puts SockPuts # endif static int sock_write(BIO *h, const char *buf, int num); diff -aprNU5 openssl-1.0.2u.orig/demos/bio/Makefile openssl-1.0.2u/demos/bio/Makefile --- openssl-1.0.2u.orig/demos/bio/Makefile 2019-12-31 12:24:24 +0000 +++ openssl-1.0.2u/demos/bio/Makefile 2019-12-31 12:30:58 +0000 @@ -1,10 +1,16 @@ CC=gcc -CFLAGS= -g2 -O0 -fgnu89-inline -march=i386 -mtune=i586 -I../../include +CFLAGS= -g2 -O0 -march=i386 -mtune=i586 -I../../include +ifeq ($(filter 2 3 4,$(word 3, $(shell true | $(CC) -E -dD -x c - | grep 'define\ *__GNUC__'))),) +# We have gcc >= 5.x and we must ensure that always traditional +# GNU extern inline semantics are used (aka -fgnu89-inline) even +# if ISO C99 semantics have been specified. +CFLAGS += -fgnu89-inline +endif LIBS= -L../.. ../../libssl.a ../../libcrypto.a /dev/env/DJDIR/net/watt/lib/libwatt.a -lz EXE=.exe -EXAMPLES=saccept$(EXE) sconnect$(EXE) client-arg$(EXE) client-conf$(EXE) +EXAMPLES=saccept$(EXE) sconnect$(EXE) all: $(EXAMPLES) saccept$(EXE): saccept.o $(CC) -o saccept$(EXE) saccept.o $(LIBS) diff -aprNU5 openssl-1.0.2u.orig/demos/prime/Makefile openssl-1.0.2u/demos/prime/Makefile --- openssl-1.0.2u.orig/demos/prime/Makefile 2019-12-31 12:24:24 +0000 +++ openssl-1.0.2u/demos/prime/Makefile 2019-12-31 12:30:58 +0000 @@ -1,7 +1,13 @@ CC=gcc -CFLAGS= -g2 -O0 -fgnu89-inline -march=i386 -mtune=i586 -I../../include -Wall +CFLAGS= -g2 -O0 -march=i386 -mtune=i586 -I../../include -Wall +ifeq ($(filter 2 3 4,$(word 3, $(shell true | $(CC) -E -dD -x c - | grep 'define\ *__GNUC__'))),) +# We have gcc >= 5.x and we must ensure that always traditional +# GNU extern inline semantics are used (aka -fgnu89-inline) even +# if ISO C99 semantics have been specified. +CFLAGS += -fgnu89-inline +endif LIBS= -L../.. -lcrypto /dev/env/DJDIR/net/watt/lib/libwatt.a -lz EXE=.exe EXAMPLES=prime$(EXE) all: $(EXAMPLES) diff -aprNU5 openssl-1.0.2u.orig/demos/sign/Makefile openssl-1.0.2u/demos/sign/Makefile --- openssl-1.0.2u.orig/demos/sign/Makefile 2019-12-31 12:24:24 +0000 +++ openssl-1.0.2u/demos/sign/Makefile 2019-12-31 12:30:58 +0000 @@ -1,7 +1,13 @@ CC=gcc -CFLAGS= -g2 -O0 -fgnu89-inline -march=i386 -mtune=i586 -I../../include -Wall +CFLAGS= -g2 -O0 -march=i386 -mtune=i586 -I../../include -Wall +ifeq ($(filter 2 3 4,$(word 3, $(shell true | $(CC) -E -dD -x c - | grep 'define\ *__GNUC__'))),) +# We have gcc >= 5.x and we must ensure that always traditional +# GNU extern inline semantics are used (aka -fgnu89-inline) even +# if ISO C99 semantics have been specified. +CFLAGS += -fgnu89-inline +endif LIBS= -L../.. -lcrypto /dev/env/DJDIR/net/watt/lib/libwatt.a -lz EXE=.exe EXAMPLES=sign$(EXE) all: $(EXAMPLES) diff -aprNU5 openssl-1.0.2u.orig/demos/state_machine/Makefile openssl-1.0.2u/demos/state_machine/Makefile --- openssl-1.0.2u.orig/demos/state_machine/Makefile 2019-12-31 12:24:24 +0000 +++ openssl-1.0.2u/demos/state_machine/Makefile 2019-12-31 12:30:58 +0000 @@ -1,10 +1,16 @@ -CFLAGS=-I../../include -Wall -g2 -O0 -fgnu89-inline -march=i386 -mtune=i586 +CFLAGS=-I../../include -Wall -g2 -O0 -march=i386 -mtune=i586 +ifeq ($(filter 2 3 4,$(word 3, $(shell true | $(CC) -E -dD -x c - | grep 'define\ *__GNUC__'))),) +# We have gcc >= 5.x and we must ensure that always traditional +# GNU extern inline semantics are used (aka -fgnu89-inline) even +# if ISO C99 semantics have been specified. +CFLAGS += -fgnu89-inline +endif EXE=.exe all: state_machine$(EXE) state_machine$(EXE): state_machine.o $(CC) -o state_machine$(EXE) state_machine.o -L../.. -lssl -lcrypto /dev/env/DJDIR/net/watt/lib/libwatt.a -lz -test: state_machine - ./state_machine 10000 ../../apps/server.pem ../../apps/server.pem +test: state_machine$(EXE) + ./state_machine$(EXE) 10000 ../../apps/server.pem ../../apps/server.pem diff -aprNU5 openssl-1.0.2u.orig/e_os.h openssl-1.0.2u/e_os.h --- openssl-1.0.2u.orig/e_os.h 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/e_os.h 2019-12-31 12:30:58 +0000 @@ -240,10 +240,12 @@ extern "C" { # include # include # define _setmode setmode # define _O_TEXT O_TEXT # define _O_BINARY O_BINARY +# define HAS_LFN_SUPPORT(name) (pathconf((name), _PC_NAME_MAX) > 12) +# undef DEVRANDOM_EGD /* Neither MS-DOS nor FreeDOS provide 'egd' sockets. */ # undef DEVRANDOM # define DEVRANDOM "/dev/urandom\x24" # endif /* __DJGPP__ */ # ifndef S_IFDIR diff -aprNU5 openssl-1.0.2u.orig/util/mklink.pl openssl-1.0.2u/util/mklink.pl --- openssl-1.0.2u.orig/util/mklink.pl 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/util/mklink.pl 2019-12-31 12:30:58 +0000 @@ -49,11 +49,11 @@ foreach $dirname (@from_path) { my $to = join('/', @to_path); my $file; $symlink_exists=eval {symlink("",""); 1}; -if ($^O eq "msys") { $symlink_exists=0 }; +if ($^O eq "msys" || $^O eq 'dos') { $symlink_exists=0 }; foreach $file (@files) { my $err = ""; if ($symlink_exists) { if (!-l "$from/$file") { unlink "$from/$file"; 2019-12-31 Juan Manuel Guerrero Applied some patches taken from openssl1.0_1.0.2r-1~deb9u1.debian.tar.xz available at: http://ftp.de.debian.org/debian/pool/main/o/openssl/. The applied patches are: block_digicert_malaysia.patch block_diginotar.patch c_rehash-compat.patch disable_freelist.patch disable_sslv3_test.patch libdoc-manpgs-pod-spell.patch stddef.patch soname.patch diff -aprNU5 openssl-1.0.2u.orig/crypto/opensslv.h openssl-1.0.2u/crypto/opensslv.h --- openssl-1.0.2u.orig/crypto/opensslv.h 2019-12-20 13:09:20 +0000 +++ openssl-1.0.2u/crypto/opensslv.h 2019-12-31 12:35:10 +0000 @@ -86,11 +86,11 @@ extern "C" { * we need to keep a history of version numbers, which is done in the * macro SHLIB_VERSION_HISTORY. The numbers are separated by colons and * should only keep the versions that are binary compatible with the current. */ # define SHLIB_VERSION_HISTORY "" -# define SHLIB_VERSION_NUMBER "1.0.0" +# define SHLIB_VERSION_NUMBER "1.0.2" #ifdef __cplusplus } #endif diff -aprNU5 openssl-1.0.2u.orig/crypto/sha/sha.h openssl-1.0.2u/crypto/sha/sha.h --- openssl-1.0.2u.orig/crypto/sha/sha.h 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/crypto/sha/sha.h 2019-12-31 12:35:10 +0000 @@ -57,12 +57,12 @@ */ #ifndef HEADER_SHA_H # define HEADER_SHA_H -# include # include +# include #ifdef __cplusplus extern "C" { #endif diff -aprNU5 openssl-1.0.2u.orig/crypto/x509/x509_vfy.c openssl-1.0.2u/crypto/x509/x509_vfy.c --- openssl-1.0.2u.orig/crypto/x509/x509_vfy.c 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/crypto/x509/x509_vfy.c 2019-12-31 12:35:10 +0000 @@ -118,10 +118,11 @@ static int check_name_constraints(X509_S static int check_id(X509_STORE_CTX *ctx); static int check_trust(X509_STORE_CTX *ctx); static int check_revocation(X509_STORE_CTX *ctx); static int check_cert(X509_STORE_CTX *ctx); static int check_policy(X509_STORE_CTX *ctx); +static int check_ca_blacklist(X509_STORE_CTX *ctx); static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, unsigned int *preasons, X509_CRL *crl, X509 *x); static int get_crl_delta(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x); @@ -500,10 +501,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx else ok = internal_verify(ctx); if (!ok) goto err; + ok = check_ca_blacklist(ctx); + if (!ok) + goto err; + #ifndef OPENSSL_NO_RFC3779 /* RFC 3779 path validation, now that CRL check has been done */ ok = v3_asid_validate_path(ctx); if (!ok) goto err; @@ -1108,10 +1113,34 @@ static int check_crl_time(X509_STORE_CTX ctx->current_crl = NULL; return 1; } +static int check_ca_blacklist(X509_STORE_CTX *ctx) + { + X509 *x; + int i; + /* Check all certificates against the blacklist */ + for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) + { + x = sk_X509_value(ctx->chain, i); + /* Mark certificates containing the following names as + * revoked, no matter where in the chain they are. + */ + if (x->name && (strstr(x->name, "DigiNotar") || + strstr(x->name, "Digicert Sdn. Bhd."))) + { + ctx->error = X509_V_ERR_CERT_REVOKED; + ctx->error_depth = i; + ctx->current_cert = x; + if (!ctx->verify_cb(0,ctx)) + return 0; + } + } + return 1; + } + static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, X509 **pissuer, int *pscore, unsigned int *preasons, STACK_OF(X509_CRL) *crls) { int i, crl_score, best_score = *pscore; diff -aprNU5 openssl-1.0.2u.orig/doc/crypto/EVP_PKEY_cmp.pod openssl-1.0.2u/doc/crypto/EVP_PKEY_cmp.pod --- openssl-1.0.2u.orig/doc/crypto/EVP_PKEY_cmp.pod 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/doc/crypto/EVP_PKEY_cmp.pod 2019-12-31 12:35:10 +0000 @@ -26,11 +26,11 @@ B or present in both B and B in B and B are both present and match this function has no effect. The function EVP_PKEY_cmp_parameters() compares the parameters of keys B and B. -The function EVP_PKEY_cmp() compares the public key components and paramters +The function EVP_PKEY_cmp() compares the public key components and parameters (if present) of keys B and B. =head1 NOTES The main purpose of the functions EVP_PKEY_missing_parameters() and diff -aprNU5 openssl-1.0.2u.orig/ssl/s3_both.c openssl-1.0.2u/ssl/s3_both.c --- openssl-1.0.2u.orig/ssl/s3_both.c 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/ssl/s3_both.c 2019-12-31 12:35:10 +0000 @@ -582,10 +582,11 @@ int ssl_verify_alarm_type(long type) break; } return (al); } +#define OPENSSL_NO_BUF_FREELISTS #ifndef OPENSSL_NO_BUF_FREELISTS /*- * On some platforms, malloc() performance is bad enough that you can't just * free() and malloc() buffers all the time, so we need to use freelists from * unused buffers. Currently, each freelist holds memory chunks of only a diff -aprNU5 openssl-1.0.2u.orig/ssl/ssl_lib.c openssl-1.0.2u/ssl/ssl_lib.c --- openssl-1.0.2u.orig/ssl/ssl_lib.c 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/ssl/ssl_lib.c 2019-12-31 12:35:10 +0000 @@ -160,10 +160,12 @@ # include #endif const char *SSL_version_str = OPENSSL_VERSION_TEXT; +#define OPENSSL_NO_BUF_FREELISTS + SSL3_ENC_METHOD ssl3_undef_enc_method = { /* * evil casts, but these functions are only called if there's a library * bug */ diff -aprNU5 openssl-1.0.2u.orig/test/testssl openssl-1.0.2u/test/testssl --- openssl-1.0.2u.orig/test/testssl 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/test/testssl 2019-12-31 12:35:10 +0000 @@ -158,11 +158,11 @@ test_cipher() { exit 1 fi } echo "Testing ciphersuites" -for protocol in TLSv1.2 SSLv3; do +for protocol in TLSv1.2; do echo "Testing ciphersuites for $protocol" for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do test_cipher $cipher $protocol done if ../util/shlib_wrap.sh ../apps/openssl no-dh; then diff -aprNU5 openssl-1.0.2u.orig/tools/c_rehash.in openssl-1.0.2u/tools/c_rehash.in --- openssl-1.0.2u.orig/tools/c_rehash.in 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/tools/c_rehash.in 2019-12-31 12:35:10 +0000 @@ -6,24 +6,19 @@ my $dir; my $prefix; my $openssl = $ENV{OPENSSL} || "openssl"; my $pwd; -my $x509hash = "-subject_hash"; -my $crlhash = "-hash"; my $verbose = 0; my $symlink_exists=eval {symlink("",""); 1}; my $removelinks = 1; ## Parse flags. while ( $ARGV[0] =~ /^-/ ) { my $flag = shift @ARGV; last if ( $flag eq '--'); - if ( $flag eq '-old') { - $x509hash = "-subject_hash_old"; - $crlhash = "-hash_old"; - } elsif ( $flag eq '-h') { + if ( $flag eq '-h') { help(); } elsif ( $flag eq '-n' ) { $removelinks = 0; } elsif ( $flag eq '-v' ) { $verbose++; @@ -111,11 +106,13 @@ sub hash_dir { if(!$cert && !$crl) { print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; next; } link_hash_cert($fname) if($cert); + link_hash_cert_old($fname) if($cert); link_hash_crl($fname) if($crl); + link_hash_crl_old($fname) if($crl); } } sub check_file { my ($is_cert, $is_crl) = (0,0); @@ -144,10 +141,11 @@ sub check_file { # case we skip the link. We check for duplicates by comparing the # certificate fingerprints sub link_hash_cert { my $fname = $_[0]; + my $x509hash = $_[1] || '-subject_hash'; $fname =~ s/'/'\\''/g; my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; @@ -175,14 +173,24 @@ sub link_hash_cert { print "copy $fname -> $hash\n" if $verbose; } $hashlist{$hash} = $fprint; } +sub link_hash_cert_old { + link_hash_cert($_[0], '-subject_hash_old'); +} + +sub link_hash_crl_old { + link_hash_crl($_[0], '-hash_old'); +} + + # Same as above except for a CRL. CRL links are of the form .r sub link_hash_crl { my $fname = $_[0]; + my $crlhash = $_[1] || "-hash"; $fname =~ s/'/'\\''/g; my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; 2019-12-31 Juan Manuel Guerrero * e_os.h [__DJGPP__]: Undefine macro DEVRANDOM_EGD. Neither MS-DOS nor FreeDOS provide 'egd' sockets. New macro HAS_LFN_SUPPORT checks if underlying file system supports long file names or not. diff -aprNU5 openssl-1.0.2u.orig/e_os.h openssl-1.0.2u/e_os.h --- openssl-1.0.2u.orig/e_os.h 2019-12-31 12:43:36 +0000 +++ openssl-1.0.2u/e_os.h 2019-12-31 12:45:54 +0000 @@ -243,11 +243,11 @@ extern "C" { # define _O_TEXT O_TEXT # define _O_BINARY O_BINARY # define HAS_LFN_SUPPORT(name) (pathconf((name), _PC_NAME_MAX) > 12) # undef DEVRANDOM_EGD /* Neither MS-DOS nor FreeDOS provide 'egd' sockets. */ # undef DEVRANDOM -# define DEVRANDOM "/dev/urandom\x24" +# define DEVRANDOM "/dev/urandom\x24","/dev/env/RANDFILE" /* Allow for a file in case no noise source is installed. */ # endif /* __DJGPP__ */ # ifndef S_IFDIR # define S_IFDIR _S_IFDIR # endif 2019-12-31 Juan Manuel Guerrero * crypto/threads/profile.sh: Use variables to specify programs. * crypto/threads/pthread.sh: Use variables to specify programs. * crypto/threads/pthread2.sh: Use variables to specify programs. * crypto/threads/purify.sh: Use variables to specify programs. * crypto/threads/solaris.sh: Use variables to specify programs. * demos/ssltest-ecc/ECC-RSAcertgen.sh: Use variables to specify programs. * demos/ssltest-ecc/ECCcertgen.sh: Use variables to specify programs. * demos/ssltest-ecc/RSAcertgen.sh: Use variables to specify programs. * test/tcrl: Use variables to specify programs. * test/testca: Use variables to specify programs. * test/testenc: Use variables to specify programs. * test/testss: Use variables to specify programs. * test/tpkcs7: Use variables to specify programs. * test/tpkcs7d: Use variables to specify programs. * test/treq: Use variables to specify programs. * test/trsa: Use variables to specify programs. * test/tsid: Use variables to specify programs. * test/tx509: Use variables to specify programs. * util/mkcerts.sh: Use variables to specify programs. * util/speed.sh: Use variables to specify programs. diff -aprNU5 openssl-1.0.2u.orig/crypto/threads/profile.sh openssl-1.0.2u/crypto/threads/profile.sh --- openssl-1.0.2u.orig/crypto/threads/profile.sh 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/crypto/threads/profile.sh 2019-12-31 13:06:40 +0000 @@ -1,4 +1,10 @@ #!/bin/sh -/bin/rm -f mttest +if test -d /dev/env/DJDIR -a -n "$DJGPP" -a -f "$DJGPP"; then + RM=/dev/env/DJDIR/bin/rm.exe +else + RM=/bin/rm +fi + +$RM -f mttest cc -p -DSOLARIS -I../../include -g mttest.c -o mttest -L/usr/lib/libc -ldl -L../.. -lthread -lssl -lcrypto -lnsl -lsocket diff -aprNU5 openssl-1.0.2u.orig/crypto/threads/pthread.sh openssl-1.0.2u/crypto/threads/pthread.sh --- openssl-1.0.2u.orig/crypto/threads/pthread.sh 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/crypto/threads/pthread.sh 2019-12-31 13:06:40 +0000 @@ -2,8 +2,14 @@ # # build using pthreads # # http://www.mit.edu:8001/people/proven/pthreads.html # -/bin/rm -f mttest +if test -d /dev/env/DJDIR -a -n "$DJGPP" -a -f "$DJGPP"; then + RM=/dev/env/DJDIR/bin/rm.exe +else + RM=/bin/rm +fi + +$RM -f mttest pgcc -DPTHREADS -I../../include -g mttest.c -o mttest -L../.. -lssl -lcrypto diff -aprNU5 openssl-1.0.2u.orig/crypto/threads/pthread2.sh openssl-1.0.2u/crypto/threads/pthread2.sh --- openssl-1.0.2u.orig/crypto/threads/pthread2.sh 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/crypto/threads/pthread2.sh 2019-12-31 13:06:40 +0000 @@ -1,6 +1,12 @@ #!/bin/sh # # build using pthreads where it's already built into the system # -/bin/rm -f mttest +if test -d /dev/env/DJDIR -a -n "$DJGPP" -a -f "$DJGPP"; then + RM=/dev/env/DJDIR/bin/rm.exe +else + RM=/bin/rm +fi + +$RM -f mttest gcc -DPTHREADS -I../../include -g mttest.c -o mttest -L../.. -lssl -lcrypto -lpthread -ldl diff -aprNU5 openssl-1.0.2u.orig/crypto/threads/purify.sh openssl-1.0.2u/crypto/threads/purify.sh --- openssl-1.0.2u.orig/crypto/threads/purify.sh 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/crypto/threads/purify.sh 2019-12-31 13:06:40 +0000 @@ -1,4 +1,10 @@ #!/bin/sh -/bin/rm -f mttest +if test -d /dev/env/DJDIR -a -n "$DJGPP" -a -f "$DJGPP"; then + RM=/dev/env/DJDIR/bin/rm.exe +else + RM=/bin/rm +fi + +$RM -f mttest purify cc -DSOLARIS -I../../include -g mttest.c -o mttest -L../.. -lthread -lssl -lcrypto -lnsl -lsocket diff -aprNU5 openssl-1.0.2u.orig/crypto/threads/solaris.sh openssl-1.0.2u/crypto/threads/solaris.sh --- openssl-1.0.2u.orig/crypto/threads/solaris.sh 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/crypto/threads/solaris.sh 2019-12-31 13:06:40 +0000 @@ -1,4 +1,10 @@ #!/bin/sh -/bin/rm -f mttest +if test -d /dev/env/DJDIR -a -n "$DJGPP" -a -f "$DJGPP"; then + RM=/dev/env/DJDIR/bin/rm.exe +else + RM=/bin/rm +fi + +$RM -f mttest cc -DSOLARIS -I../../include -g mttest.c -o mttest -L../.. -lthread -lssl -lcrypto -lnsl -lsocket diff -aprNU5 openssl-1.0.2u.orig/demos/ssltest-ecc/ECC-RSAcertgen.sh openssl-1.0.2u/demos/ssltest-ecc/ECC-RSAcertgen.sh --- openssl-1.0.2u.orig/demos/ssltest-ecc/ECC-RSAcertgen.sh 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/demos/ssltest-ecc/ECC-RSAcertgen.sh 2019-12-31 13:06:40 +0000 @@ -13,16 +13,25 @@ CERTS_DIR=./Certs # Directory where private key files are stored KEYS_DIR=$CERTS_DIR # Directory where combo files (containing a certificate and corresponding # private key together) are stored COMBO_DIR=$CERTS_DIR -# cat command -CAT=/bin/cat -# rm command -RM=/bin/rm -# mkdir command -MKDIR=/bin/mkdir +if test -d /dev/env/DJDIR -a -n "$DJGPP" -a -f "$DJGPP"; then + # cat command + CAT=/dev/env/DJDIR/bin/cat.exe + # rm command + RM=/dev/env/DJDIR/bin/rm.exe + # mkdir command + MKDIR=/dev/env/DJDIR/bin/mkdir.exe +else + # cat command + CAT=/bin/cat + # rm command + RM=/bin/rm + # mkdir command + MKDIR=/bin/mkdir +fi # The certificate will expire these many days after the issue date. DAYS=1500 TEST_CA_FILE=rsa1024TestCA TEST_SERVER_CURVE=sect163r1 diff -aprNU5 openssl-1.0.2u.orig/demos/ssltest-ecc/ECCcertgen.sh openssl-1.0.2u/demos/ssltest-ecc/ECCcertgen.sh --- openssl-1.0.2u.orig/demos/ssltest-ecc/ECCcertgen.sh 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/demos/ssltest-ecc/ECCcertgen.sh 2019-12-31 13:06:40 +0000 @@ -13,16 +13,25 @@ CERTS_DIR=./Certs # Directory where private key files are stored KEYS_DIR=$CERTS_DIR # Directory where combo files (containing a certificate and corresponding # private key together) are stored COMBO_DIR=$CERTS_DIR -# cat command -CAT=/bin/cat -# rm command -RM=/bin/rm -# mkdir command -MKDIR=/bin/mkdir +if test -d /dev/env/DJDIR -a -n "$DJGPP" -a -f "$DJGPP"; then + # cat command + CAT=/dev/env/DJDIR/bin/cat.exe + # rm command + RM=/dev/env/DJDIR/bin/rm.exe + # mkdir command + MKDIR=/dev/env/DJDIR/bin/mkdir.exe +else + # cat command + CAT=/bin/cat + # rm command + RM=/bin/rm + # mkdir command + MKDIR=/bin/mkdir +fi # The certificate will expire these many days after the issue date. DAYS=1500 TEST_CA_CURVE=secp160r1 TEST_CA_FILE=secp160r1TestCA TEST_CA_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test CA (Elliptic curve secp160r1)" diff -aprNU5 openssl-1.0.2u.orig/demos/ssltest-ecc/RSAcertgen.sh openssl-1.0.2u/demos/ssltest-ecc/RSAcertgen.sh --- openssl-1.0.2u.orig/demos/ssltest-ecc/RSAcertgen.sh 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/demos/ssltest-ecc/RSAcertgen.sh 2019-12-31 13:06:40 +0000 @@ -13,16 +13,25 @@ CERTS_DIR=./Certs # Directory where private key files are stored KEYS_DIR=$CERTS_DIR # Directory where combo files (containing a certificate and corresponding # private key together) are stored COMBO_DIR=$CERTS_DIR -# cat command -CAT=/bin/cat -# rm command -RM=/bin/rm -# mkdir command -MKDIR=/bin/mkdir +if test -d /dev/env/DJDIR -a -n "$DJGPP" -a -f "$DJGPP"; then + # cat command + CAT=/dev/env/DJDIR/bin/cat.exe + # rm command + RM=/dev/env/DJDIR/bin/rm.exe + # mkdir command + MKDIR=/dev/env/DJDIR/bin/mkdir.exe +else + # cat command + CAT=/bin/cat + # rm command + RM=/bin/rm + # mkdir command + MKDIR=/bin/mkdir +fi # The certificate will expire these many days after the issue date. DAYS=1500 TEST_CA_FILE=rsa1024TestCA TEST_CA_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test CA (1024 bit RSA)" diff -aprNU5 openssl-1.0.2u.orig/test/tcrl openssl-1.0.2u/test/tcrl --- openssl-1.0.2u.orig/test/tcrl 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/test/tcrl 2019-12-31 13:06:40 +0000 @@ -72,7 +72,13 @@ if [ $? != 0 ]; then exit 1; fi #cmp crl-f.p crl-ff.p2 #if [ $? != 0 ]; then exit 1; fi cmp crl-f.p crl-ff.p3 if [ $? != 0 ]; then exit 1; fi -/bin/rm -f crl-f.* crl-ff.* crl-fff.* +if test -d /dev/env/DJDIR -a -n "$DJGPP" -a -f "$DJGPP"; then + RM=/dev/env/DJDIR/bin/rm.exe +else + RM=/bin/rm +fi + +$RM -f crl-f.* crl-ff.* crl-fff.* exit 0 diff -aprNU5 openssl-1.0.2u.orig/test/testca openssl-1.0.2u/test/testca --- openssl-1.0.2u.orig/test/testca 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/test/testca 2019-12-31 13:06:40 +0000 @@ -44,8 +44,14 @@ fi $SH ../apps/CA.sh -verify newcert.pem if [ $? != 0 ]; then exit 1; fi -/bin/rm -fr demoCA newcert.pem newreq.pem +if test -d /dev/env/DJDIR -a -n "$DJGPP" -a -f "$DJGPP"; then + RM=/dev/env/DJDIR/bin/rm.exe +else + RM=/bin/rm +fi + +$RM -fr demoCA newcert.pem newreq.pem #usage: CA -newcert|-newreq|-newca|-sign|-verify diff -aprNU5 openssl-1.0.2u.orig/test/testenc openssl-1.0.2u/test/testenc --- openssl-1.0.2u.orig/test/testenc 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/test/testenc 2019-12-31 13:06:40 +0000 @@ -2,31 +2,37 @@ testsrc=testenc test=./p cmd="../util/shlib_wrap.sh ../apps/openssl" +if test -d /dev/env/DJDIR -a -n "$DJGPP" -a -f "$DJGPP"; then + RM=/dev/env/DJDIR/bin/rm.exe +else + RM=/bin/rm +fi + cat $testsrc >$test; echo cat $cmd enc < $test > $test.cipher $cmd enc < $test.cipher >$test.clear cmp $test $test.clear if [ $? != 0 ] then exit 1 else - /bin/rm $test.cipher $test.clear + $RM $test.cipher $test.clear fi echo base64 $cmd enc -a -e < $test > $test.cipher $cmd enc -a -d < $test.cipher >$test.clear cmp $test $test.clear if [ $? != 0 ] then exit 1 else - /bin/rm $test.cipher $test.clear + $RM $test.cipher $test.clear fi for i in `$cmd list-cipher-commands` do echo $i @@ -35,20 +41,20 @@ do cmp $test $test.$i.clear if [ $? != 0 ] then exit 1 else - /bin/rm $test.$i.cipher $test.$i.clear + $RM $test.$i.cipher $test.$i.clear fi echo $i base64 $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear cmp $test $test.$i.clear if [ $? != 0 ] then exit 1 else - /bin/rm $test.$i.cipher $test.$i.clear + $RM $test.$i.cipher $test.$i.clear fi done rm -f $test diff -aprNU5 openssl-1.0.2u.orig/test/testss openssl-1.0.2u/test/testss --- openssl-1.0.2u.orig/test/testss 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/test/testss 2019-12-31 13:06:40 +0000 @@ -155,9 +155,15 @@ echo The first generated proxy certifica echo The first generated proxy private key is $P1key echo The second generated proxy certificate is $P2cert echo The second generated proxy private key is $P2key -/bin/rm err.ss +if test -d /dev/env/DJDIR -a -n "$DJGPP" -a -f "$DJGPP"; then + RM=/dev/env/DJDIR/bin/rm.exe +else + RM=/bin/rm +fi + +$RM err.ss #/bin/rm $P1intermediate #/bin/rm $P2intermediate exit 0 diff -aprNU5 openssl-1.0.2u.orig/test/tpkcs7 openssl-1.0.2u/test/tpkcs7 --- openssl-1.0.2u.orig/test/tpkcs7 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/test/tpkcs7 2019-12-31 13:06:40 +0000 @@ -42,7 +42,13 @@ if [ $? != 0 ]; then exit 1; fi cmp p7-f.p p7-ff.p1 if [ $? != 0 ]; then exit 1; fi cmp p7-f.p p7-ff.p3 if [ $? != 0 ]; then exit 1; fi -/bin/rm -f p7-f.* p7-ff.* p7-fff.* +if test -d /dev/env/DJDIR -a -n "$DJGPP" -a -f "$DJGPP"; then + RM=/dev/env/DJDIR/bin/rm.exe +else + RM=/bin/rm +fi + +$RM -f p7-f.* p7-ff.* p7-fff.* exit 0 diff -aprNU5 openssl-1.0.2u.orig/test/tpkcs7d openssl-1.0.2u/test/tpkcs7d --- openssl-1.0.2u.orig/test/tpkcs7d 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/test/tpkcs7d 2019-12-31 13:06:40 +0000 @@ -35,7 +35,13 @@ if [ $? != 0 ]; then exit 1; fi cmp p7d-f.p p7d-ff.p1 if [ $? != 0 ]; then exit 1; fi cmp p7d-f.p p7d-ff.p3 if [ $? != 0 ]; then exit 1; fi -/bin/rm -f p7d-f.* p7d-ff.* p7d-fff.* +if test -d /dev/env/DJDIR -a -n "$DJGPP" -a -f "$DJGPP"; then + RM=/dev/env/DJDIR/bin/rm.exe +else + RM=/bin/rm +fi + +$RM -f p7d-f.* p7d-ff.* p7d-fff.* exit 0 diff -aprNU5 openssl-1.0.2u.orig/test/treq openssl-1.0.2u/test/treq --- openssl-1.0.2u.orig/test/treq 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/test/treq 2019-12-31 13:06:40 +0000 @@ -77,7 +77,13 @@ if [ $? != 0 ]; then exit 1; fi #cmp req-f.p req-ff.p2 #if [ $? != 0 ]; then exit 1; fi cmp req-f.p req-ff.p3 if [ $? != 0 ]; then exit 1; fi -/bin/rm -f req-f.* req-ff.* req-fff.* +if test -d /dev/env/DJDIR -a -n "$DJGPP" -a -f "$DJGPP"; then + RM=/dev/env/DJDIR/bin/rm.exe +else + RM=/bin/rm +fi + +$RM -f req-f.* req-ff.* req-fff.* exit 0 diff -aprNU5 openssl-1.0.2u.orig/test/trsa openssl-1.0.2u/test/trsa --- openssl-1.0.2u.orig/test/trsa 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/test/trsa 2019-12-31 13:06:40 +0000 @@ -77,7 +77,13 @@ if [ $? != 0 ]; then exit 1; fi #cmp rsa-f.p rsa-ff.p2 #if [ $? != 0 ]; then exit 1; fi cmp rsa-f.p rsa-ff.p3 if [ $? != 0 ]; then exit 1; fi -/bin/rm -f rsa-f.* rsa-ff.* rsa-fff.* +if test -d /dev/env/DJDIR -a -n "$DJGPP" -a -f "$DJGPP"; then + RM=/dev/env/DJDIR/bin/rm.exe +else + RM=/bin/rm +fi + +$RM -f rsa-f.* rsa-ff.* rsa-fff.* exit 0 diff -aprNU5 openssl-1.0.2u.orig/test/tsid openssl-1.0.2u/test/tsid --- openssl-1.0.2u.orig/test/tsid 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/test/tsid 2019-12-31 13:06:40 +0000 @@ -72,7 +72,13 @@ if [ $? != 0 ]; then exit 1; fi #cmp sid-f.p sid-ff.p2 #if [ $? != 0 ]; then exit 1; fi cmp sid-f.p sid-ff.p3 if [ $? != 0 ]; then exit 1; fi -/bin/rm -f sid-f.* sid-ff.* sid-fff.* +if test -d /dev/env/DJDIR -a -n "$DJGPP" -a -f "$DJGPP"; then + RM=/dev/env/DJDIR/bin/rm.exe +else + RM=/bin/rm +fi + +$RM -f sid-f.* sid-ff.* sid-fff.* exit 0 diff -aprNU5 openssl-1.0.2u.orig/test/tx509 openssl-1.0.2u/test/tx509 --- openssl-1.0.2u.orig/test/tx509 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/test/tx509 2019-12-31 13:06:40 +0000 @@ -79,7 +79,13 @@ echo "Parsing test certificates" $cmd -in certs/pss1.pem -text -noout >/dev/null if [ $? != 0 ]; then exit 1; fi echo OK -/bin/rm -f x509-f.* x509-ff.* x509-fff.* +if test -d /dev/env/DJDIR -a -n "$DJGPP" -a -f "$DJGPP"; then + RM=/dev/env/DJDIR/bin/rm.exe +else + RM=/bin/rm +fi + +$RM -f x509-f.* x509-ff.* x509-fff.* exit 0 diff -aprNU5 openssl-1.0.2u.orig/util/mkcerts.sh openssl-1.0.2u/util/mkcerts.sh --- openssl-1.0.2u.orig/util/mkcerts.sh 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/util/mkcerts.sh 2019-12-31 13:06:40 +0000 @@ -204,16 +204,26 @@ cat pca-key.pem >> pca-cert.pem cat ca-key.pem >> ca-cert.pem cat s512-key.pem >> server.pem cat s1024key.pem >> server2.pem cat c512-key.pem >> client.pem + +if test -d /dev/env/DJDIR -a -n "$DJGPP" -a -f "$DJGPP"; then + CAT=/dev/env/DJDIR/bin/cat.exe + MV=/dev/env/DJDIR/bin/mv.exe +else + CAT=/bin/cat + MV=/bin/mv +fi + +$RM -f crl-f.* crl-ff.* crl-fff.* for i in pca-cert.pem ca-cert.pem server.pem server2.pem client.pem do $SSLEAY x509 -issuer -subject -in $i -noout >$$ cat $$ -/bin/cat $i >>$$ -/bin/mv $$ $i +$CAT $i >>$$ +$MV $$ $i done #/bin/rm -f *key.pem *req.pem *.srl echo Finished diff -aprNU5 openssl-1.0.2u.orig/util/speed.sh openssl-1.0.2u/util/speed.sh --- openssl-1.0.2u.orig/util/speed.sh 2019-12-20 13:02:40 +0000 +++ openssl-1.0.2u/util/speed.sh 2019-12-31 13:06:40 +0000 @@ -9,28 +9,34 @@ # from the $(TOP) directory # Edit Configure, modifying things to do with the b/bl-4c-2c etc # configurations. # +if test -d /dev/env/DJDIR -a -n "$DJGPP" -a -f "$DJGPP"; then + RM=/dev/env/DJDIR/bin/rm.exe +else + RM=/bin/rm +fi + make clean perl Configure b make apps/ssleay version -v -b -f >speed.1 apps/ssleay speed >speed.1l perl Configure bl-4c-2c -/bin/rm -f crypto/rc4/*.o crypto/bn/bn*.o crypto/md2/md2_dgst.o +$RM -f crypto/rc4/*.o crypto/bn/bn*.o crypto/md2/md2_dgst.o make apps/ssleay speed rc4 rsa md2 >speed.2l perl Configure bl-4c-ri -/bin/rm -f crypto/rc4/rc4*.o +$RM -f crypto/rc4/rc4*.o make apps/ssleay speed rc4 >speed.3l perl Configure b2-is-ri-dp -/bin/rm -f crypto/idea/i_*.o crypto/rc4/*.o crypto/des/ecb_enc.o crypto/bn/bn*.o +$RM -f crypto/idea/i_*.o crypto/rc4/*.o crypto/des/ecb_enc.o crypto/bn/bn*.o apps/ssleay speed rsa rc4 idea des >speed.4l cat speed.1 >speed.log cat speed.1l >>speed.log perl util/sp-diff.pl speed.1l speed.2l >>speed.log