SRC_FETCH_PATH="http://www.openssl.org/source/openssl-${PKGVER}.tar.gz" SRC_FETCH_METHOD="http" PATCH_LIST=" 0001-no-wbuf-during-handshake.diff 0002-release-rbuf-during-handshake.diff 1001-Sort-sstacklst-correctly.patch 1002-Exit-on-error-in-ecparam.patch 1013-Fix-SSL_set_session_ticket_ext-when-used-with-SSLv23.patch 1015-RT3774-double-free-in-DSA.patch 1016-use-X9.31-keygen-by-default-in-FIPS-mode.patch 1017-Clear-BN-mont-values-when-free-ing-it.patch 1018-GH336-Return-an-exit-code-if-report-fails.patch 1019-Fix-warning-when-compiling-with-no-ec2m.patch 1020-Fix-seg-fault-with-0-p-val-in-SKE.patch 1021-Check-for-0-modulus-in-BN_MONT_CTX_set.patch 1022-Fix-missing-return-value-checks-in-SCTP.patch 1023-Fix-make-test-seg-fault-with-SCTP-enabled.patch 1024-Err-isn-t-always-malloc-failure.patch 1025-Fix-memory-leak-if-setup-fails.patch 1026-Return-error-for-unsupported-modes.patch 1032-Fix-DTLS-session-ticket-renewal.patch 1034-Fixed-problem-with-multiple-load-unload-of-comp-zlib.patch 1036-bntest-don-t-dereference-the-d-array-for-a-zero-BIGN.patch 1040-BN_mod_exp_mont_consttime-check-for-zero-modulus.patch 1042-check-bn_new-return-value.patch 1044-RT-3493-fix-RSA-test.patch 1045-RT4002-check-for-NULL-cipher-in-p12_crpt.c.patch 1048-Fix-building-with-OPENSSL_NO_TLSEXT.patch 1049-Fix-session-resumption.patch 1050-RT3754-check-for-NULL-pointer.patch 1051-Use-default-field-separator.patch 1052-Check-for-FIPS-mode-after-loading-config.patch 1053-d2i-don-t-update-input-pointer-on-failure.patch 1056-Make-no-psk-compile-without-warnings.patch 1057-RT3757-base64-encoding-bugs.patch 1058-base64-decode-check-for-high-bit.patch 1059-Make-sure-OPENSSL_cleanse-checks-for-NULL.patch 1062-Handle-SSL_ERROR_WANT_X509_LOOKUP.patch 1063-Make-SRP-work-with-www.patch 1064-Fix-SRP-memory-leaks.patch 1065-RT3823-Improve-the-robustness-of-event-logging.patch 1066-RT3479-Add-UTF8-support-to-BIO_read_filename.patch 1068-Make-BUF_strndup-read-safe-on-arbitrary-inputs.patch 1069-BUF_strndup-tidy.patch 1073-SRP-memory-leak-fix.patch 1074-RT2772-accept-empty-SessionTicket.patch 1076-GH367-use-random-data-if-seed-too-short.patch 1078-Fix-more-d2i-cases-to-properly-update-the-input-poin.patch 1079-Validate-ClientHello-extension-field-length.patch 1080-Change-functions-to-pass-in-a-limit-rather-than-calc.patch 1081-Don-t-try-and-parse-boolean-type.patch 1082-Set-flags-to-0-before-calling-BN_with_flags.patch 1083-Move-BN_CTX_start-call-so-the-error-case-can-always-.patch 1084-When-ENGINE_add-finds-that-id-or-name-is-missing-act.patch 1085-Don-t-treat-a-bare-OCTETSTRING-as-DigestInfo-in-int_.patch 1087-Avoid-SHA1-weakness.patch 1088-Typo.patch 1090-Do-not-treat-0-return-value-from-BIO_get_fd-as-error.patch 1091-Replace-malloc-strlcpy-with-strdup.patch 1092-Fix-memory-leaks-and-other-mistakes-on-errors.patch 1093-Set-salt-length-after-the-malloc-has-succeeded.patch 1096-Check-memory-allocation.patch bn_wexpand.patch openssl-1.0.1p-ssl_new-error-handling.diff openssl-1.0.1p-ssl3_free-null-deref.diff fix-md-init-return-not-checked-cause-null-deref.diff default_ciphers.patch small-records-1.0.1m.patch " function do_config { # To find these options, try "./Configure LIST" then "./Configure TABLE". # The colons are just delimiters and all words are allowed on the line. # Please read the Configure script in openssl to fin the relevant keywords, # as most of them are already implied by the OS target definition and the # default compiler ! if [ "$FLXARCH" == "x86_64" ]; then os="linux-x86_64" #os="debug-linux-x86_64" # Note: enable-ec_nistp_64_gcc_128 must be disabled on 1.0.2 to use asm code opt=( -g $GCC_ARCH_CURRENT $GCC_CPU_CURRENT $GCC_OPT_FASTEST enable-ec_nistp_64_gcc_128 ) elif [ "$FLX_ARCH_SMALL" == "i386" ]; then os="linux-elf" opt=( $GCC_ARCH_CURRENT $GCC_CPU_CURRENT $GCC_OPT_FASTEST ) elif [ -n "$FLXARCH" -a -z "${FLXARCH##arm*}" ]; then os="linux-armv4" opt=( $GCC_ARCH_CURRENT $GCC_CPU_CURRENT $GCC_OPT_FASTEST ) elif [ "$FLXARCH" == "sparc" ]; then os="linux-sparcv9" opt="" elif [ "$FLXARCH" == "sparc64" ]; then os="linux64-sparcv9" opt="" elif [ "$FLX_BITS" == "64" ]; then os="linux-generic64" opt="" elif [ "$FLX_BITS" == "32" ]; then os="linux-generic32" opt="" else echo "Error: cannot find a suitable OS configuration or this platform." echo "Please check instructions in do_config() using 'pkg cat'." exit 1 fi opt=( "${opt[@]}" ) CC="$CC" ./Configure --prefix=/usr --openssldir=/usr/share/openssl threads shared "${opt[@]}" "$os" } function do_compile_only { # emits lots of warnings and errors despite being suggested. Doesn't seem # to be designed for cross-compilation. #$FLXMAKE CC=$CC AR='${FLXCROSS}ar r' RANLIB='${FLXCROSS}ranlib' depend || exit $? $FLXMAKE CC=$CC AR='${FLXCROSS}ar r' RANLIB='${FLXCROSS}ranlib' || exit $? $FLXMAKE build-shared CC=$CC AR='${FLXCROSS}ar r' RANLIB='${FLXCROSS}ranlib' || exit $? $FLXMAKE -C apps CC=$CC DLIBCRYPTO=../libcrypto.so AR='${FLXCROSS}ar r' RANLIB='${FLXCROSS}ranlib' || exit $? } function do_prepack { $FLXMAKE install LIBDIR=/lib INSTALL_PREFIX=$ROOTDIR || exit $? set_default_perm $ROOTDIR }