diff --git a/depends/packages/openssl.mk b/depends/packages/openssl.mk index 276e887a7..5a2a70138 100644 --- a/depends/packages/openssl.mk +++ b/depends/packages/openssl.mk @@ -1,9 +1,8 @@ package=openssl -$(package)_version=1.1.1a -$(package)_download_path=https://www.openssl.org/source/old/1.1.1 +$(package)_version=1.1.1h +$(package)_download_path=https://www.openssl.org/source $(package)_file_name=$(package)-$($(package)_version).tar.gz -$(package)_sha256_hash=fc20130f8b7cbd2fb918b2f14e2f429e109c31ddd0fb38fc5d71d9ffed3f9f41 -$(package)_patches=ssl_fix.patch +$(package)_sha256_hash=5c9ca8774bd7b03e5784f26ae9e9e6d749c9da2438545077e6b3d755a06595d9 define $(package)_set_vars $(package)_config_env=AR="$($(package)_ar)" RANLIB="$($(package)_ranlib)" CC="$($(package)_cc)" @@ -14,39 +13,40 @@ $(package)_config_opts+=no-async $(package)_config_opts+=no-bf $(package)_config_opts+=no-blake2 $(package)_config_opts+=no-camellia -$(package)_config_opts+=no-capieng +#$(package)_config_opts+=no-capieng $(package)_config_opts+=no-cast $(package)_config_opts+=no-chacha $(package)_config_opts+=no-cmac $(package)_config_opts+=no-cms -$(package)_config_opts+=no-comp +#$(package)_config_opts+=no-comp $(package)_config_opts+=no-crypto-mdebug $(package)_config_opts+=no-crypto-mdebug-backtrace -$(package)_config_opts+=no-ct +#$(package)_config_opts+=no-ct +#$(package)_config_opts+=no-des $(package)_config_opts+=no-dgram -$(package)_config_opts+=no-dsa +#$(package)_config_opts+=no-dsa $(package)_config_opts+=no-dso $(package)_config_opts+=no-dtls $(package)_config_opts+=no-dtls1 $(package)_config_opts+=no-dtls1-method $(package)_config_opts+=no-dynamic-engine -$(package)_config_opts+=no-ec2m -$(package)_config_opts+=no-ec_nistp_64_gcc_128 +#$(package)_config_opts+=no-ec2m +#$(package)_config_opts+=no-ec_nistp_64_gcc_128 $(package)_config_opts+=no-egd $(package)_config_opts+=no-engine -$(package)_config_opts+=no-err +#$(package)_config_opts+=no-err $(package)_config_opts+=no-gost $(package)_config_opts+=no-heartbeats -$(package)_config_opts+=no-idea +#$(package)_config_opts+=no-idea $(package)_config_opts+=no-md2 $(package)_config_opts+=no-md4 $(package)_config_opts+=no-mdc2 $(package)_config_opts+=no-multiblock $(package)_config_opts+=no-nextprotoneg $(package)_config_opts+=no-ocb -$(package)_config_opts+=no-ocsp +#$(package)_config_opts+=no-ocsp $(package)_config_opts+=no-poly1305 -$(package)_config_opts+=no-posix-io +#$(package)_config_opts+=no-posix-io $(package)_config_opts+=no-psk $(package)_config_opts+=no-rc2 $(package)_config_opts+=no-rc4 @@ -58,21 +58,24 @@ $(package)_config_opts+=no-scrypt $(package)_config_opts+=no-sctp $(package)_config_opts+=no-seed $(package)_config_opts+=no-shared +#$(package)_config_opts+=no-sock $(package)_config_opts+=no-srp $(package)_config_opts+=no-srtp +$(package)_config_opts+=no-ssl $(package)_config_opts+=no-ssl3 $(package)_config_opts+=no-ssl3-method $(package)_config_opts+=no-ssl-trace -$(package)_config_opts+=no-stdio -$(package)_config_opts+=no-tls1 -$(package)_config_opts+=no-tls1-method +#$(package)_config_opts+=no-stdio +#$(package)_config_opts+=no-tls +#$(package)_config_opts+=no-tls1 +#$(package)_config_opts+=no-tls1-method $(package)_config_opts+=no-ts $(package)_config_opts+=no-ui $(package)_config_opts+=no-unit-test $(package)_config_opts+=no-weak-ssl-ciphers $(package)_config_opts+=no-whirlpool -$(package)_config_opts+=no-zlib -$(package)_config_opts+=no-zlib-dynamic +#$(package)_config_opts+=no-zlib +#$(package)_config_opts+=no-zlib-dynamic $(package)_config_opts+=$($(package)_cflags) $($(package)_cppflags) $(package)_config_opts+=-DPURIFY $(package)_config_opts_linux=-fPIC -Wa,--noexecstack @@ -89,9 +92,8 @@ $(package)_config_opts_i686_mingw32=mingw endef define $(package)_preprocess_cmds - sed -i.old 's/built on: $date/built on: not available/' util/mkbuildinf.pl && \ - sed -i.old "s|\"engines\", \"apps\", \"test\"|\"engines\"|" Configure && \ - patch -p1 < $($(package)_patch_dir)/ssl_fix.patch + sed -i.old 's/built on: $$$$date/built on: date not available/' util/mkbuildinf.pl && \ + sed -i.old "s|\"engines\", \"apps\", \"test\"|\"engines\"|" Configure endef define $(package)_config_cmds diff --git a/depends/patches/openssl/ssl_fix.patch b/depends/patches/openssl/ssl_fix.patch deleted file mode 100644 index d7f79fed5..000000000 --- a/depends/patches/openssl/ssl_fix.patch +++ /dev/null @@ -1,273 +0,0 @@ -From f725fe5b4b6504df08e30f5194d321c3025e2336 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Tue, 20 Nov 2018 15:32:55 +0000 -Subject: [PATCH] Fix a RUN_ONCE bug - -We have a number of instances where there are multiple "init" functions for -a single CRYPTO_ONCE variable, e.g. to load config automatically or to not -load config automatically. Unfortunately the RUN_ONCE mechanism was not -correctly giving the right return value where an alternative init function -was being used. - -Reviewed-by: Tim Hudson -(Merged from https://github.com/openssl/openssl/pull/7983) ---- - crypto/init.c | 38 +++++++++----- - include/internal/thread_once.h | 92 ++++++++++++++++++++++++++++++++++ - ssl/ssl_init.c | 6 ++- - 3 files changed, 121 insertions(+), 15 deletions(-) - -diff --git a/crypto/init.c b/crypto/init.c -index 209d1a483da..f20a12f069a 100644 ---- a/crypto/init.c -+++ b/crypto/init.c -@@ -177,12 +177,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete) - - static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT; - static int load_crypto_strings_inited = 0; --DEFINE_RUN_ONCE_STATIC(ossl_init_no_load_crypto_strings) --{ -- /* Do nothing in this case */ -- return 1; --} -- - DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings) - { - int ret = 1; -@@ -201,6 +195,13 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings) - return ret; - } - -+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_crypto_strings, -+ ossl_init_load_crypto_strings) -+{ -+ /* Do nothing in this case */ -+ return 1; -+} -+ - static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT; - DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers) - { -@@ -218,6 +219,13 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers) - return 1; - } - -+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_ciphers, -+ ossl_init_add_all_ciphers) -+{ -+ /* Do nothing */ -+ return 1; -+} -+ - static CRYPTO_ONCE add_all_digests = CRYPTO_ONCE_STATIC_INIT; - DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests) - { -@@ -235,7 +243,8 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests) - return 1; - } - --DEFINE_RUN_ONCE_STATIC(ossl_init_no_add_algs) -+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_digests, -+ ossl_init_add_all_digests) - { - /* Do nothing */ - return 1; -@@ -255,7 +264,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_config) - config_inited = 1; - return 1; - } --DEFINE_RUN_ONCE_STATIC(ossl_init_no_config) -+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config, ossl_init_config) - { - #ifdef OPENSSL_INIT_DEBUG - fprintf(stderr, -@@ -595,8 +604,9 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) - return 0; - - if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS) -- && !RUN_ONCE(&load_crypto_strings, -- ossl_init_no_load_crypto_strings)) -+ && !RUN_ONCE_ALT(&load_crypto_strings, -+ ossl_init_no_load_crypto_strings, -+ ossl_init_load_crypto_strings)) - return 0; - - if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS) -@@ -604,7 +614,8 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) - return 0; - - if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS) -- && !RUN_ONCE(&add_all_ciphers, ossl_init_no_add_algs)) -+ && !RUN_ONCE_ALT(&add_all_ciphers, ossl_init_no_add_all_ciphers, -+ ossl_init_add_all_ciphers)) - return 0; - - if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS) -@@ -612,7 +623,8 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) - return 0; - - if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS) -- && !RUN_ONCE(&add_all_digests, ossl_init_no_add_algs)) -+ && !RUN_ONCE_ALT(&add_all_digests, ossl_init_no_add_all_digests, -+ ossl_init_add_all_digests)) - return 0; - - if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS) -@@ -624,7 +636,7 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) - return 0; - - if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) -- && !RUN_ONCE(&config, ossl_init_no_config)) -+ && !RUN_ONCE_ALT(&config, ossl_init_no_config, ossl_init_config)) - return 0; - - if (opts & OPENSSL_INIT_LOAD_CONFIG) { -diff --git a/include/internal/thread_once.h b/include/internal/thread_once.h -index 224244353ab..e268a959ef3 100644 ---- a/include/internal/thread_once.h -+++ b/include/internal/thread_once.h -@@ -9,6 +9,20 @@ - - #include - -+/* -+ * DEFINE_RUN_ONCE: Define an initialiser function that should be run exactly -+ * once. It takes no arguments and returns and int result (1 for success or -+ * 0 for failure). Typical usage might be: -+ * -+ * DEFINE_RUN_ONCE(myinitfunc) -+ * { -+ * do_some_initialisation(); -+ * if (init_is_successful()) -+ * return 1; -+ * -+ * return 0; -+ * } -+ */ - #define DEFINE_RUN_ONCE(init) \ - static int init(void); \ - int init##_ossl_ret_ = 0; \ -@@ -17,10 +31,30 @@ - init##_ossl_ret_ = init(); \ - } \ - static int init(void) -+ -+/* -+ * DECLARE_RUN_ONCE: Declare an initialiser function that should be run exactly -+ * once that has been defined in another file via DEFINE_RUN_ONCE(). -+ */ - #define DECLARE_RUN_ONCE(init) \ - extern int init##_ossl_ret_; \ - void init##_ossl_(void); - -+/* -+ * DEFINE_RUN_ONCE_STATIC: Define an initialiser function that should be run -+ * exactly once. This function will be declared as static within the file. It -+ * takes no arguments and returns and int result (1 for success or 0 for -+ * failure). Typical usage might be: -+ * -+ * DEFINE_RUN_ONCE_STATIC(myinitfunc) -+ * { -+ * do_some_initialisation(); -+ * if (init_is_successful()) -+ * return 1; -+ * -+ * return 0; -+ * } -+ */ - #define DEFINE_RUN_ONCE_STATIC(init) \ - static int init(void); \ - static int init##_ossl_ret_ = 0; \ -@@ -30,6 +64,46 @@ - } \ - static int init(void) - -+/* -+ * DEFINE_RUN_ONCE_STATIC_ALT: Define an alternative initialiser function. This -+ * function will be declared as static within the file. It takes no arguments -+ * and returns an int result (1 for success or 0 for failure). An alternative -+ * initialiser function is expected to be associated with a primary initialiser -+ * function defined via DEFINE_ONCE_STATIC where both functions use the same -+ * CRYPTO_ONCE object to synchronise. Where an alternative initialiser function -+ * is used only one of the primary or the alternative initialiser function will -+ * ever be called - and that function will be called exactly once. Definitition -+ * of an alternative initialiser function MUST occur AFTER the definition of the -+ * primary initialiser function. -+ * -+ * Typical usage might be: -+ * -+ * DEFINE_RUN_ONCE_STATIC(myinitfunc) -+ * { -+ * do_some_initialisation(); -+ * if (init_is_successful()) -+ * return 1; -+ * -+ * return 0; -+ * } -+ * -+ * DEFINE_RUN_ONCE_STATIC_ALT(myaltinitfunc, myinitfunc) -+ * { -+ * do_some_alternative_initialisation(); -+ * if (init_is_successful()) -+ * return 1; -+ * -+ * return 0; -+ * } -+ */ -+#define DEFINE_RUN_ONCE_STATIC_ALT(initalt, init) \ -+ static int initalt(void); \ -+ static void initalt##_ossl_(void) \ -+ { \ -+ init##_ossl_ret_ = initalt(); \ -+ } \ -+ static int initalt(void) -+ - /* - * RUN_ONCE - use CRYPTO_THREAD_run_once, and check if the init succeeded - * @once: pointer to static object of type CRYPTO_ONCE -@@ -43,3 +117,21 @@ - */ - #define RUN_ONCE(once, init) \ - (CRYPTO_THREAD_run_once(once, init##_ossl_) ? init##_ossl_ret_ : 0) -+ -+/* -+ * RUN_ONCE_ALT - use CRYPTO_THREAD_run_once, to run an alternative initialiser -+ * function and check if that initialisation succeeded -+ * @once: pointer to static object of type CRYPTO_ONCE -+ * @initalt: alternative initialiser function name that was previously given to -+ * DEFINE_RUN_ONCE_STATIC_ALT. This function must return 1 for -+ * success or 0 for failure. -+ * @init: primary initialiser function name that was previously given to -+ * DEFINE_RUN_ONCE_STATIC. This function must return 1 for success or -+ * 0 for failure. -+ * -+ * The return value is 1 on success (*) or 0 in case of error. -+ * -+ * (*) by convention, since the init function must return 1 on success. -+ */ -+#define RUN_ONCE_ALT(once, initalt, init) \ -+ (CRYPTO_THREAD_run_once(once, initalt##_ossl_) ? init##_ossl_ret_ : 0) -diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c -index c0ccb9304a6..96526472c57 100644 ---- a/ssl/ssl_init.c -+++ b/ssl/ssl_init.c -@@ -134,7 +134,8 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings) - return 1; - } - --DEFINE_RUN_ONCE_STATIC(ossl_init_no_load_ssl_strings) -+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_ssl_strings, -+ ossl_init_load_ssl_strings) - { - /* Do nothing in this case */ - return 1; -@@ -207,7 +208,8 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings) - return 0; - - if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS) -- && !RUN_ONCE(&ssl_strings, ossl_init_no_load_ssl_strings)) -+ && !RUN_ONCE_ALT(&ssl_strings, ossl_init_no_load_ssl_strings, -+ ossl_init_load_ssl_strings)) - return 0; - - if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS)