[PATCH] Switch to OpenSSL 1.0.1 branch
Jung-uk Kim
jkim at FreeBSD.org
Mon Jul 2 17:39:26 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have upgraded OpenSSL in the base to 0.9.8x for all supported
branches. Now it is time to move *head* to OpenSSL 1.0.1 branch[1].
Here is the patch to switch OpenSSL from 0.9.8x to 1.0.1c:
http://people.freebsd.org/~jkim/openssl-1.0.1c.diff.bz2
I had to compress it because the patch was too big, unfortunately. :-(
Some notes:
- - Configuration is relatively close to what you'd expect when you run
config script with the following options[2]:
enable-rc5 enable-rfc3779 shared
- - MD2 was removed because a) it was deprecated by OpenSSL team and
disabled by default and b) we did the same for libmd.
- - Optimized i386 asm files are updated and new files are added.
Optimized amd64 asm files are added.
- - opensslconf-amd64.h and opensslconf-i386.h are merged to a new
opensslconf-x86.h[3].
- - A small change to libfetch was necessary to avoid buildworld breakage:
- --- lib/libfetch/common.h
+++ lib/libfetch/common.h
@@ -63,7 +63,7 @@ struct fetchconn {
SSL *ssl; /* SSL handle */
SSL_CTX *ssl_ctx; /* SSL context */
X509 *ssl_cert; /* server certificate */
- - SSL_METHOD *ssl_meth; /* SSL method */
+ const SSL_METHOD *ssl_meth; /* SSL method */
#endif
int ref; /* reference count */
};
- - Another small change to OpenSSL was necessary to avoid buildworld
breakage:
- --- crypto/openssl/ssl/srtp.h
+++ crypto/openssl/ssl/srtp.h
@@ -135,7 +135,6 @@
SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
- -SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
#ifdef __cplusplus
}
It was very briefly tested on amd64 (and on i386 chroot).
Cheers,
Jung-uk Kim
1. We have no plan to switch stable branches to 1.0.X.
2. Add "no-asm" for non-x86 platforms. I believe rc5 and rfc3779 were
forcefully enabled on FreeBSD for POLA.
3. Very minimal changes were done for non-x86 platforms. They need
platform maintainers' attention.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk/x3M0ACgkQmlay1b9qnVMClwCdEL1Vq2+r6fm3UAcMXqG0lUeB
+lMAnj9thNnXcgTd8JbzBzdlvfL59i7C
=tJYx
-----END PGP SIGNATURE-----
More information about the freebsd-security
mailing list