diff options
author | Michał Górny <mgorny@gentoo.org> | 2019-05-28 20:59:32 +0200 |
---|---|---|
committer | Thomas Deutschmann <whissi@gentoo.org> | 2019-06-14 19:46:33 +0200 |
commit | cd72274be0151a5052b83d545e52647f96f51e6a (patch) | |
tree | d4fc9f222fb8c16c53dbfc0756115892a1b77479 /dev-libs/openssl-compat | |
parent | profiles: arm64: mask test USE flag on dev-util/bcc (diff) | |
download | gentoo-cd72274be0151a5052b83d545e52647f96f51e6a.tar.gz gentoo-cd72274be0151a5052b83d545e52647f96f51e6a.tar.bz2 gentoo-cd72274be0151a5052b83d545e52647f96f51e6a.zip |
dev-libs/openssl-compat: Split out of dev-libs/openssl
Signed-off-by: Michał Górny <mgorny@gentoo.org>
Bug: https://bugs.gentoo.org/687984
Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Diffstat (limited to 'dev-libs/openssl-compat')
-rw-r--r-- | dev-libs/openssl-compat/Manifest | 6 | ||||
-rw-r--r-- | dev-libs/openssl-compat/files/gentoo.config-0.9.8 | 144 | ||||
-rw-r--r-- | dev-libs/openssl-compat/files/gentoo.config-1.0.2 | 169 | ||||
-rw-r--r-- | dev-libs/openssl-compat/files/openssl-0.9.8e-bsd-sparc64.patch | 25 | ||||
-rw-r--r-- | dev-libs/openssl-compat/files/openssl-0.9.8h-ldflags.patch | 29 | ||||
-rw-r--r-- | dev-libs/openssl-compat/files/openssl-0.9.8m-binutils.patch | 24 | ||||
-rw-r--r-- | dev-libs/openssl-compat/files/openssl-0.9.8z_p8-perl-5.26.patch | 13 | ||||
-rw-r--r-- | dev-libs/openssl-compat/files/openssl-1.0.2p-hobble-ecc.patch | 283 | ||||
-rw-r--r-- | dev-libs/openssl-compat/metadata.xml | 19 | ||||
-rw-r--r-- | dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r1.ebuild | 164 | ||||
-rw-r--r-- | dev-libs/openssl-compat/openssl-compat-1.0.2r.ebuild | 249 |
11 files changed, 1125 insertions, 0 deletions
diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest new file mode 100644 index 000000000000..8fc04945964a --- /dev/null +++ b/dev-libs/openssl-compat/Manifest @@ -0,0 +1,6 @@ +DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b3845e39e68884fd8bebd738cd5cd6c2c75513643af49bf9e2294adc446a6516480fe9b62de55d9b6379bf9e7c5cd364 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 +DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659 +DIST openssl-1.0.2r.tar.gz 5348369 BLAKE2B 9f9c2d2fe6eaf9acacab29b394a318f30c38e831a5f9c193b2da660f9d04acbf407d8b752274783765416c0f5ba557c24ee293ad7fb7d727771db289e6acc901 SHA512 6eb2211f3ad56d7573ac26f388338592c37e5faaf5e2d44c0fa9062c12186e56a324f135d1c956a89b55fcce047e6428bec2756658d103e7275e08b46f741235 +DIST openssl-1.0.2r_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15 +DIST openssl-1.0.2r_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19 +DIST openssl-1.0.2r_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e diff --git a/dev-libs/openssl-compat/files/gentoo.config-0.9.8 b/dev-libs/openssl-compat/files/gentoo.config-0.9.8 new file mode 100644 index 000000000000..02698250c19d --- /dev/null +++ b/dev-libs/openssl-compat/files/gentoo.config-0.9.8 @@ -0,0 +1,144 @@ +#!/usr/bin/env bash +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# +# Openssl doesn't play along nicely with cross-compiling +# like autotools based projects, so let's teach it new tricks. +# +# Review the bundled 'config' script to see why kind of targets +# we can pass to the 'Configure' script. + + +# Testing routines +if [[ $1 == "test" ]] ; then + for c in \ + "arm-gentoo-linux-uclibc |linux-generic32 -DL_ENDIAN" \ + "armv5b-linux-gnu |linux-generic32 -DB_ENDIAN" \ + "x86_64-pc-linux-gnu |linux-x86_64" \ + "alphaev56-unknown-linux-gnu |linux-alpha+bwx-gcc" \ + "i686-pc-linux-gnu |linux-elf" \ + "whatever-gentoo-freebsdX.Y |BSD-generic32" \ + "i686-gentoo-freebsdX.Y |BSD-x86-elf" \ + "sparc64-alpha-freebsdX.Y |BSD-sparc64" \ + "ia64-gentoo-freebsd5.99234 |BSD-ia64" \ + "x86_64-gentoo-freebsdX.Y |BSD-x86_64" \ + "hppa64-aldsF-linux-gnu5.3 |linux-generic32 -DB_ENDIAN" \ + "powerpc-gentOO-linux-uclibc |linux-ppc" \ + "powerpc64-unk-linux-gnu |linux-ppc64" \ + "x86_64-apple-darwinX |darwin64-x86_64-cc" \ + "powerpc64-apple-darwinX |darwin64-ppc-cc" \ + "i686-apple-darwinX |darwin-i386-cc" \ + "i386-apple-darwinX |darwin-i386-cc" \ + "powerpc-apple-darwinX |darwin-ppc-cc" \ + "i586-pc-winnt |winnt-parity" \ + ;do + CHOST=${c/|*} + ret_want=${c/*|} + ret_got=$(CHOST=${CHOST} "$0") + + if [[ ${ret_want} == "${ret_got}" ]] ; then + echo "PASS: ${CHOST}" + else + echo "FAIL: ${CHOST}" + echo -e "\twanted: ${ret_want}" + echo -e "\twe got: ${ret_got}" + fi + done + exit 0 +fi +[[ -z ${CHOST} && -n $1 ]] && CHOST=$1 + + +# Detect the operating system +case ${CHOST} in + *-aix*) system="aix";; + *-darwin*) system="darwin";; + *-freebsd*) system="BSD";; + *-hpux*) system="hpux";; + *-linux*) system="linux";; + *-solaris*) system="solaris";; + *-winnt*) system="winnt";; + *) exit 0;; +esac + + +# Compiler munging +compiler="gcc" +if [[ ${CC} == "ccc" ]] ; then + compiler=${CC} +fi + + +# Detect target arch +machine="" +chost_machine=${CHOST%%-*} +case ${system} in +linux) + case ${chost_machine} in + alphaev56*) machine=alpha+bwx-${compiler};; + alphaev[678]*)machine=alpha+bwx-${compiler};; + alpha*) machine=alpha-${compiler};; + arm*b*) machine="generic32 -DB_ENDIAN";; + arm*) machine="generic32 -DL_ENDIAN";; + # hppa64*) machine=parisc64;; + hppa*) machine="generic32 -DB_ENDIAN";; + i[0-9]86*) machine=elf;; + ia64*) machine=ia64;; + m68*) machine="generic32 -DB_ENDIAN";; + mips*el*) machine="generic32 -DL_ENDIAN";; + mips*) machine="generic32 -DB_ENDIAN";; + powerpc64*) machine=ppc64;; + powerpc*) machine=ppc;; + # sh64*) machine=elf;; + sh*b*) machine="generic32 -DB_ENDIAN";; + sh*) machine="generic32 -DL_ENDIAN";; + sparc*v7*) machine="generic32 -DB_ENDIAN";; + sparc64*) machine=sparcv9;; + sparc*) machine=sparcv8;; + s390x*) machine="generic64 -DB_ENDIAN";; + s390*) machine="generic32 -DB_ENDIAN";; + x86_64*) machine=x86_64;; + esac + ;; +BSD) + case ${chost_machine} in + alpha*) machine=generic64;; + i[6-9]86*) machine=x86-elf;; + ia64*) machine=ia64;; + sparc64*) machine=sparc64;; + x86_64*) machine=x86_64;; + *) machine=generic32;; + esac + ;; +aix) + machine=${compiler} + ;; +darwin) + case ${chost_machine} in + powerpc64) machine=ppc-cc; system=${system}64;; + powerpc) machine=ppc-cc;; + i?86*) machine=i386-cc;; + x86_64) machine=x86_64-cc; system=${system}64;; + esac + ;; +hpux) + case ${chost_machine} in + ia64) machine=ia64-${compiler} ;; + esac + ;; +solaris) + case ${chost_machine} in + i386) machine=x86-${compiler} ;; + x86_64*) machine=x86_64-${compiler}; system=${system}64;; + sparcv9*) machine=sparcv9-${compiler}; system=${system}64;; + sparc*) machine=sparcv8-${compiler};; + esac + ;; +winnt) + machine=parity + ;; +esac + + +# If we have something, show it +[[ -n ${machine} ]] && echo ${system}-${machine} diff --git a/dev-libs/openssl-compat/files/gentoo.config-1.0.2 b/dev-libs/openssl-compat/files/gentoo.config-1.0.2 new file mode 100644 index 000000000000..d16175e6292e --- /dev/null +++ b/dev-libs/openssl-compat/files/gentoo.config-1.0.2 @@ -0,0 +1,169 @@ +#!/usr/bin/env bash +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# +# Openssl doesn't play along nicely with cross-compiling +# like autotools based projects, so let's teach it new tricks. +# +# Review the bundled 'config' script to see why kind of targets +# we can pass to the 'Configure' script. + + +# Testing routines +if [[ $1 == "test" ]] ; then + for c in \ + "arm-gentoo-linux-uclibc |linux-generic32 -DL_ENDIAN" \ + "armv5b-linux-gnu |linux-armv4 -DB_ENDIAN" \ + "x86_64-pc-linux-gnu |linux-x86_64" \ + "alpha-linux-gnu |linux-alpha-gcc" \ + "alphaev56-unknown-linux-gnu |linux-alpha+bwx-gcc" \ + "i686-pc-linux-gnu |linux-elf" \ + "whatever-gentoo-freebsdX.Y |BSD-generic32" \ + "i686-gentoo-freebsdX.Y |BSD-x86-elf" \ + "sparc64-alpha-freebsdX.Y |BSD-sparc64" \ + "ia64-gentoo-freebsd5.99234 |BSD-ia64" \ + "x86_64-gentoo-freebsdX.Y |BSD-x86_64" \ + "hppa64-aldsF-linux-gnu5.3 |linux-generic32 -DB_ENDIAN" \ + "powerpc-gentOO-linux-uclibc |linux-ppc" \ + "powerpc64-unk-linux-gnu |linux-ppc64" \ + "powerpc64le-linux-gnu |linux-ppc64le" \ + "x86_64-apple-darwinX |darwin64-x86_64-cc" \ + "powerpc64-apple-darwinX |darwin64-ppc-cc" \ + "i686-apple-darwinX |darwin-i386-cc" \ + "i386-apple-darwinX |darwin-i386-cc" \ + "powerpc-apple-darwinX |darwin-ppc-cc" \ + "i586-pc-winnt |winnt-parity" \ + "s390-ibm-linux-gnu |linux-generic32 -DB_ENDIAN" \ + "s390x-linux-gnu |linux64-s390x" \ + ;do + CHOST=${c/|*} + ret_want=${c/*|} + ret_got=$(CHOST=${CHOST} "$0") + + if [[ ${ret_want} == "${ret_got}" ]] ; then + echo "PASS: ${CHOST}" + else + echo "FAIL: ${CHOST}" + echo -e "\twanted: ${ret_want}" + echo -e "\twe got: ${ret_got}" + fi + done + exit 0 +fi +[[ -z ${CHOST} && -n $1 ]] && CHOST=$1 + + +# Detect the operating system +case ${CHOST} in + *-aix*) system="aix";; + *-darwin*) system="darwin";; + *-freebsd*) system="BSD";; + *-hpux*) system="hpux";; + *-linux*) system="linux";; + *-solaris*) system="solaris";; + *-winnt*) system="winnt";; + x86_64-*-mingw*) system="mingw64";; + *mingw*) system="mingw";; + *) exit 0;; +esac + + +# Compiler munging +compiler="gcc" +if [[ ${CC} == "ccc" ]] ; then + compiler=${CC} +fi + + +# Detect target arch +machine="" +chost_machine=${CHOST%%-*} +case ${system} in +linux) + case ${chost_machine}:${ABI} in + aarch64*be*) machine="aarch64 -DB_ENDIAN";; + aarch64*) machine="aarch64 -DL_ENDIAN";; + alphaev56*|\ + alphaev[678]*)machine=alpha+bwx-${compiler};; + alpha*) machine=alpha-${compiler};; + armv[4-9]*b*) machine="armv4 -DB_ENDIAN";; + armv[4-9]*) machine="armv4 -DL_ENDIAN";; + arm*b*) machine="generic32 -DB_ENDIAN";; + arm*) machine="generic32 -DL_ENDIAN";; + avr*) machine="generic32 -DL_ENDIAN";; + bfin*) machine="generic32 -DL_ENDIAN";; + # hppa64*) machine=parisc64;; + hppa*) machine="generic32 -DB_ENDIAN";; + i[0-9]86*|\ + x86_64*:x86) machine=elf;; + ia64*) machine=ia64;; + m68*) machine="generic32 -DB_ENDIAN";; + mips*el*) machine="generic32 -DL_ENDIAN";; + mips*) machine="generic32 -DB_ENDIAN";; + powerpc64*le*)machine=ppc64le;; + powerpc64*) machine=ppc64;; + powerpc*le*) machine="generic32 -DL_ENDIAN";; + powerpc*) machine=ppc;; + # sh64*) machine=elf;; + sh*b*) machine="generic32 -DB_ENDIAN";; + sh*) machine="generic32 -DL_ENDIAN";; + # TODO: Might want to do -mcpu probing like glibc to determine a + # better default for sparc-linux-gnu targets. This logic will + # break v7 and older systems when they use it. + sparc*v7*) machine="generic32 -DB_ENDIAN";; + sparc64*) machine=sparcv9 system=linux64;; + sparc*v9*) machine=sparcv9;; + sparc*v8*) machine=sparcv8;; + sparc*) machine=sparcv8;; + s390x*) machine=s390x system=linux64;; + s390*) machine="generic32 -DB_ENDIAN";; + x86_64*:x32) machine=x32;; + x86_64*) machine=x86_64;; + esac + ;; +BSD) + case ${chost_machine} in + alpha*) machine=generic64;; + i[6-9]86*) machine=x86-elf;; + ia64*) machine=ia64;; + sparc64*) machine=sparc64;; + x86_64*) machine=x86_64;; + *) machine=generic32;; + esac + ;; +aix) + machine=${compiler} + ;; +darwin) + case ${chost_machine} in + powerpc64) machine=ppc-cc; system=${system}64;; + powerpc) machine=ppc-cc;; + i?86*) machine=i386-cc;; + x86_64) machine=x86_64-cc; system=${system}64;; + esac + ;; +hpux) + case ${chost_machine} in + ia64) machine=ia64-${compiler} ;; + esac + ;; +solaris) + case ${chost_machine} in + i386) machine=x86-${compiler} ;; + x86_64*) machine=x86_64-${compiler}; system=${system}64;; + sparcv9*) machine=sparcv9-${compiler}; system=${system}64;; + sparc*) machine=sparcv8-${compiler};; + esac + ;; +winnt) + machine=parity + ;; +mingw*) + # special case ... no xxx-yyy style name + echo ${system} + ;; +esac + + +# If we have something, show it +[[ -n ${machine} ]] && echo ${system}-${machine} diff --git a/dev-libs/openssl-compat/files/openssl-0.9.8e-bsd-sparc64.patch b/dev-libs/openssl-compat/files/openssl-0.9.8e-bsd-sparc64.patch new file mode 100644 index 000000000000..a798164a9069 --- /dev/null +++ b/dev-libs/openssl-compat/files/openssl-0.9.8e-bsd-sparc64.patch @@ -0,0 +1,25 @@ +--- a/Configure ++++ b/Configure +@@ -365,7 +365,7 @@ + # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it + # simply *happens* to work around a compiler bug in gcc 3.3.3, + # triggered by RIPEMD160 code. +-"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:ULTRASPARC::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + + +the -B flag is a no-op nowadays + +--- a/crypto/des/Makefile ++++ b/crypto/des/Makefile +@@ -62,7 +62,7 @@ + $(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB) + + des_enc-sparc.S: asm/des_enc.m4 +- m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S ++ m4 asm/des_enc.m4 > des_enc-sparc.S + + # ELF + dx86-elf.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl diff --git a/dev-libs/openssl-compat/files/openssl-0.9.8h-ldflags.patch b/dev-libs/openssl-compat/files/openssl-0.9.8h-ldflags.patch new file mode 100644 index 000000000000..64cc7bde0504 --- /dev/null +++ b/dev-libs/openssl-compat/files/openssl-0.9.8h-ldflags.patch @@ -0,0 +1,29 @@ +http://bugs.gentoo.org/181438 +http://bugs.gentoo.org/327421 +https://rt.openssl.org/Ticket/Display.html?id=3332&user=guest&pass=guest + +make sure we respect LDFLAGS + +also make sure we don't add useless -rpath flags to the system libdir + +--- openssl-0.9.8h/Makefile.org ++++ openssl-0.9.8h/Makefile.org +@@ -180,6 +181,7 @@ + MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \ + DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \ + MAKEDEPPROG='${MAKEDEPPROG}' \ ++ LDFLAGS='${LDFLAGS}' \ + SHARED_LDFLAGS='${SHARED_LDFLAGS}' \ + KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \ + EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \ +--- openssl-0.9.8h/Makefile.shared ++++ openssl-0.9.8h/Makefile.shared +@@ -153,7 +153,7 @@ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + +-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" ++DO_GNU_APP=LDFLAGS="$(LDFLAGS) $(CFLAGS)" + + #This is rather special. It's a special target with which one can link + #applications without bothering with any features that have anything to diff --git a/dev-libs/openssl-compat/files/openssl-0.9.8m-binutils.patch b/dev-libs/openssl-compat/files/openssl-0.9.8m-binutils.patch new file mode 100644 index 000000000000..9fa79b9a65fb --- /dev/null +++ b/dev-libs/openssl-compat/files/openssl-0.9.8m-binutils.patch @@ -0,0 +1,24 @@ +http://bugs.gentoo.org/289130 + +Ripped from Fedora + +--- openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl.binutils 2009-11-12 15:17:29.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl 2009-11-12 17:24:18.000000000 +0100 +@@ -150,7 +150,7 @@ ___ + sub BODY_20_39 { + my ($i,$a,$b,$c,$d,$e,$f)=@_; + my $j=$i+1; +-my $K=($i<40)?0x6ed9eba1:0xca62c1d6; ++my $K=($i<40)?0x6ed9eba1:-0x359d3e2a; + $code.=<<___ if ($i<79); + lea $K($xi,$e),$f + mov `4*($j%16)`(%rsp),$xi +@@ -187,7 +187,7 @@ sub BODY_40_59 { + my ($i,$a,$b,$c,$d,$e,$f)=@_; + my $j=$i+1; + $code.=<<___; +- lea 0x8f1bbcdc($xi,$e),$f ++ lea -0x70e44324($xi,$e),$f + mov `4*($j%16)`(%rsp),$xi + mov $b,$t0 + mov $b,$t1 diff --git a/dev-libs/openssl-compat/files/openssl-0.9.8z_p8-perl-5.26.patch b/dev-libs/openssl-compat/files/openssl-0.9.8z_p8-perl-5.26.patch new file mode 100644 index 000000000000..c932b820425c --- /dev/null +++ b/dev-libs/openssl-compat/files/openssl-0.9.8z_p8-perl-5.26.patch @@ -0,0 +1,13 @@ +https://bugs.gentoo.org/639876 + +--- a/crypto/des/asm/des-586.pl ++++ b/crypto/des/asm/des-586.pl +@@ -4,7 +4,7 @@ + # Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk> + # + +-push(@INC,"perlasm","../../perlasm"); ++push(@INC,".","perlasm","../../perlasm"); + require "x86asm.pl"; + require "cbc.pl"; + require "desboth.pl"; diff --git a/dev-libs/openssl-compat/files/openssl-1.0.2p-hobble-ecc.patch b/dev-libs/openssl-compat/files/openssl-1.0.2p-hobble-ecc.patch new file mode 100644 index 000000000000..3a458a783603 --- /dev/null +++ b/dev-libs/openssl-compat/files/openssl-1.0.2p-hobble-ecc.patch @@ -0,0 +1,283 @@ +Port of Fedora's Hobble-EC patches for OpenSSL 1.0 series. + +From https://src.fedoraproject.org/git/rpms/openssl.git + +Contains parts of the following patches, rediffed. The patches are on various +different branches. +f23 openssl-1.0.2c-ecc-suiteb.patch +f23 openssl-1.0.2a-fips-ec.patch +f28 openssl-1.1.0-ec-curves.patch + +Signed-off-By: Robin H. Johnson <robbat2@gentoo.org> + +--- a/apps/speed.c ++++ b/apps/speed.c +@@ -989,10 +989,7 @@ int MAIN(int argc, char **argv) + } else + # endif + # ifndef OPENSSL_NO_ECDSA +- if (strcmp(*argv, "ecdsap160") == 0) +- ecdsa_doit[R_EC_P160] = 2; +- else if (strcmp(*argv, "ecdsap192") == 0) +- ecdsa_doit[R_EC_P192] = 2; ++ if (0) {} + else if (strcmp(*argv, "ecdsap224") == 0) + ecdsa_doit[R_EC_P224] = 2; + else if (strcmp(*argv, "ecdsap256") == 0) +@@ -1001,36 +998,13 @@ int MAIN(int argc, char **argv) + ecdsa_doit[R_EC_P384] = 2; + else if (strcmp(*argv, "ecdsap521") == 0) + ecdsa_doit[R_EC_P521] = 2; +- else if (strcmp(*argv, "ecdsak163") == 0) +- ecdsa_doit[R_EC_K163] = 2; +- else if (strcmp(*argv, "ecdsak233") == 0) +- ecdsa_doit[R_EC_K233] = 2; +- else if (strcmp(*argv, "ecdsak283") == 0) +- ecdsa_doit[R_EC_K283] = 2; +- else if (strcmp(*argv, "ecdsak409") == 0) +- ecdsa_doit[R_EC_K409] = 2; +- else if (strcmp(*argv, "ecdsak571") == 0) +- ecdsa_doit[R_EC_K571] = 2; +- else if (strcmp(*argv, "ecdsab163") == 0) +- ecdsa_doit[R_EC_B163] = 2; +- else if (strcmp(*argv, "ecdsab233") == 0) +- ecdsa_doit[R_EC_B233] = 2; +- else if (strcmp(*argv, "ecdsab283") == 0) +- ecdsa_doit[R_EC_B283] = 2; +- else if (strcmp(*argv, "ecdsab409") == 0) +- ecdsa_doit[R_EC_B409] = 2; +- else if (strcmp(*argv, "ecdsab571") == 0) +- ecdsa_doit[R_EC_B571] = 2; + else if (strcmp(*argv, "ecdsa") == 0) { +- for (i = 0; i < EC_NUM; i++) ++ for (i = R_EC_P224; i < R_EC_P521; i++) + ecdsa_doit[i] = 1; + } else + # endif + # ifndef OPENSSL_NO_ECDH +- if (strcmp(*argv, "ecdhp160") == 0) +- ecdh_doit[R_EC_P160] = 2; +- else if (strcmp(*argv, "ecdhp192") == 0) +- ecdh_doit[R_EC_P192] = 2; ++ if (0) {} + else if (strcmp(*argv, "ecdhp224") == 0) + ecdh_doit[R_EC_P224] = 2; + else if (strcmp(*argv, "ecdhp256") == 0) +@@ -1039,28 +1013,8 @@ int MAIN(int argc, char **argv) + ecdh_doit[R_EC_P384] = 2; + else if (strcmp(*argv, "ecdhp521") == 0) + ecdh_doit[R_EC_P521] = 2; +- else if (strcmp(*argv, "ecdhk163") == 0) +- ecdh_doit[R_EC_K163] = 2; +- else if (strcmp(*argv, "ecdhk233") == 0) +- ecdh_doit[R_EC_K233] = 2; +- else if (strcmp(*argv, "ecdhk283") == 0) +- ecdh_doit[R_EC_K283] = 2; +- else if (strcmp(*argv, "ecdhk409") == 0) +- ecdh_doit[R_EC_K409] = 2; +- else if (strcmp(*argv, "ecdhk571") == 0) +- ecdh_doit[R_EC_K571] = 2; +- else if (strcmp(*argv, "ecdhb163") == 0) +- ecdh_doit[R_EC_B163] = 2; +- else if (strcmp(*argv, "ecdhb233") == 0) +- ecdh_doit[R_EC_B233] = 2; +- else if (strcmp(*argv, "ecdhb283") == 0) +- ecdh_doit[R_EC_B283] = 2; +- else if (strcmp(*argv, "ecdhb409") == 0) +- ecdh_doit[R_EC_B409] = 2; +- else if (strcmp(*argv, "ecdhb571") == 0) +- ecdh_doit[R_EC_B571] = 2; + else if (strcmp(*argv, "ecdh") == 0) { +- for (i = 0; i < EC_NUM; i++) ++ for (i = R_EC_P224; i <= R_EC_P521; i++) + ecdh_doit[i] = 1; + } else + # endif +@@ -1149,21 +1103,13 @@ int MAIN(int argc, char **argv) + BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n"); + # endif + # ifndef OPENSSL_NO_ECDSA +- BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 " ++ BIO_printf(bio_err, "ecdsap224 " + "ecdsap256 ecdsap384 ecdsap521\n"); +- BIO_printf(bio_err, +- "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n"); +- BIO_printf(bio_err, +- "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n"); + BIO_printf(bio_err, "ecdsa\n"); + # endif + # ifndef OPENSSL_NO_ECDH +- BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 " ++ BIO_printf(bio_err, "ecdhp224 " + "ecdhp256 ecdhp384 ecdhp521\n"); +- BIO_printf(bio_err, +- "ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n"); +- BIO_printf(bio_err, +- "ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n"); + BIO_printf(bio_err, "ecdh\n"); + # endif + +@@ -1242,11 +1188,11 @@ int MAIN(int argc, char **argv) + for (i = 0; i < DSA_NUM; i++) + dsa_doit[i] = 1; + # ifndef OPENSSL_NO_ECDSA +- for (i = 0; i < EC_NUM; i++) ++ for (i = R_EC_P224; i <= R_EC_P521; i++) + ecdsa_doit[i] = 1; + # endif + # ifndef OPENSSL_NO_ECDH +- for (i = 0; i < EC_NUM; i++) ++ for (i = R_EC_P224; i <= R_EC_P521; i++) + ecdh_doit[i] = 1; + # endif + } +--- a/crypto/ec/ecp_smpl.c ++++ b/crypto/ec/ecp_smpl.c +@@ -187,6 +187,11 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group, + return 0; + } + ++ if (BN_num_bits(p) < 224) { ++ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD); ++ return 0; ++ } ++ + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) +--- a/crypto/ecdh/ecdhtest.c ++++ b/crypto/ecdh/ecdhtest.c +@@ -501,11 +501,13 @@ int main(int argc, char *argv[]) + goto err; + + /* NIST PRIME CURVES TESTS */ ++# if 0 + if (!test_ecdh_curve + (NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) + goto err; + if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) + goto err; ++# endif + if (!test_ecdh_curve + (NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) + goto err; +@@ -536,13 +538,14 @@ int main(int argc, char *argv[]) + if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) + goto err; + # endif ++# if 0 + if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256)) + goto err; + if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384)) + goto err; + if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512)) + goto err; +- ++# endif + ret = 0; + + err: +--- a/crypto/ecdsa/ecdsatest.c ++++ b/crypto/ecdsa/ecdsatest.c +@@ -138,9 +138,12 @@ int restore_rand(void) + } + + static int fbytes_counter = 0, use_fake = 0; +-static const char *numbers[8] = { ++static const char *numbers[10] = { ++ "651056770906015076056810763456358567190100156695615665659", + "651056770906015076056810763456358567190100156695615665659", + "6140507067065001063065065565667405560006161556565665656654", ++ "8763001015071075675010661307616710783570106710677817767166" ++ "71676178726717", + "8763001015071075675010661307616710783570106710677817767166" + "71676178726717", + "7000000175690566466555057817571571075705015757757057795755" +@@ -163,7 +166,7 @@ int fbytes(unsigned char *buf, int num) + + use_fake = 0; + +- if (fbytes_counter >= 8) ++ if (fbytes_counter >= 10) + return 0; + tmp = BN_new(); + if (!tmp) +@@ -539,8 +542,10 @@ int main(void) + RAND_seed(rnd_seed, sizeof(rnd_seed)); + + /* the tests */ ++# if 0 + if (!x9_62_tests(out)) + goto err; ++# endif + if (!test_builtin(out)) + goto err; + +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -271,10 +271,7 @@ static const unsigned char eccurves_auto[] = { + 0, 23, /* secp256r1 (23) */ + /* Other >= 256-bit prime curves. */ + 0, 25, /* secp521r1 (25) */ +- 0, 28, /* brainpool512r1 (28) */ +- 0, 27, /* brainpoolP384r1 (27) */ + 0, 24, /* secp384r1 (24) */ +- 0, 26, /* brainpoolP256r1 (26) */ + 0, 22, /* secp256k1 (22) */ + # ifndef OPENSSL_NO_EC2M + /* >= 256-bit binary curves. */ +@@ -292,10 +289,7 @@ static const unsigned char eccurves_all[] = { + 0, 23, /* secp256r1 (23) */ + /* Other >= 256-bit prime curves. */ + 0, 25, /* secp521r1 (25) */ +- 0, 28, /* brainpool512r1 (28) */ +- 0, 27, /* brainpoolP384r1 (27) */ + 0, 24, /* secp384r1 (24) */ +- 0, 26, /* brainpoolP256r1 (26) */ + 0, 22, /* secp256k1 (22) */ + # ifndef OPENSSL_NO_EC2M + /* >= 256-bit binary curves. */ +@@ -310,13 +304,6 @@ static const unsigned char eccurves_all[] = { + * Remaining curves disabled by default but still permitted if set + * via an explicit callback or parameters. + */ +- 0, 20, /* secp224k1 (20) */ +- 0, 21, /* secp224r1 (21) */ +- 0, 18, /* secp192k1 (18) */ +- 0, 19, /* secp192r1 (19) */ +- 0, 15, /* secp160k1 (15) */ +- 0, 16, /* secp160r1 (16) */ +- 0, 17, /* secp160r2 (17) */ + # ifndef OPENSSL_NO_EC2M + 0, 8, /* sect239k1 (8) */ + 0, 6, /* sect233k1 (6) */ +@@ -351,29 +338,21 @@ static const unsigned char fips_curves_default[] = { + 0, 9, /* sect283k1 (9) */ + 0, 10, /* sect283r1 (10) */ + # endif +- 0, 22, /* secp256k1 (22) */ + 0, 23, /* secp256r1 (23) */ + # ifndef OPENSSL_NO_EC2M + 0, 8, /* sect239k1 (8) */ + 0, 6, /* sect233k1 (6) */ + 0, 7, /* sect233r1 (7) */ + # endif +- 0, 20, /* secp224k1 (20) */ +- 0, 21, /* secp224r1 (21) */ + # ifndef OPENSSL_NO_EC2M + 0, 4, /* sect193r1 (4) */ + 0, 5, /* sect193r2 (5) */ + # endif +- 0, 18, /* secp192k1 (18) */ +- 0, 19, /* secp192r1 (19) */ + # ifndef OPENSSL_NO_EC2M + 0, 1, /* sect163k1 (1) */ + 0, 2, /* sect163r1 (2) */ + 0, 3, /* sect163r2 (3) */ + # endif +- 0, 15, /* secp160k1 (15) */ +- 0, 16, /* secp160r1 (16) */ +- 0, 17, /* secp160r2 (17) */ + }; + # endif + diff --git a/dev-libs/openssl-compat/metadata.xml b/dev-libs/openssl-compat/metadata.xml new file mode 100644 index 000000000000..8419c576d834 --- /dev/null +++ b/dev-libs/openssl-compat/metadata.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<maintainer type="project"> + <email>base-system@gentoo.org</email> + <name>Gentoo Base System</name> +</maintainer> +<use> + <flag name="asm">Support assembly hand optimized crypto functions (i.e. faster run time)</flag> + <flag name="bindist">Disable/Restrict EC algorithms (as they seem to be patented) -- note: changes the ABI</flag> + <flag name="rfc3779">Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)</flag> + <flag name="sslv2">Support for the old/insecure SSLv2 protocol -- note: not required for TLS/https</flag> + <flag name="sslv3">Support for the old/insecure SSLv3 protocol -- note: not required for TLS/https</flag> + <flag name="tls-heartbeat">Enable the Heartbeat Extension in TLS and DTLS</flag> +</use> +<upstream> + <remote-id type="cpe">cpe:/a:openssl:openssl</remote-id> +</upstream> +</pkgmetadata> diff --git a/dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r1.ebuild b/dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r1.ebuild new file mode 100644 index 000000000000..26730ec90fe6 --- /dev/null +++ b/dev-libs/openssl-compat/openssl-compat-0.9.8z_p8-r1.ebuild @@ -0,0 +1,164 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +# this ebuild is only for the libcrypto.so.0.9.8 and libssl.so.0.9.8 SONAME for ABI compat + +EAPI="6" + +inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal + +#PLEVEL=$(printf "\\$(printf '%03o' $((${PV##*_p} + 96)))") +PLEVEL='h' # _p8 -> tr '[1-9]' '[a-i]' -> 'h' +MY_PV=${PV/_p*/${PLEVEL}} +MY_P=openssl-${MY_PV} +S="${WORKDIR}/${MY_P}" +DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1" +HOMEPAGE="https://www.openssl.org/" +SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" + +LICENSE="openssl" +SLOT="0.9.8" +KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~x86-fbsd" +IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib" +RESTRICT="!bindist? ( bindist )" + +RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] ) + zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] ) + kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] ) + !=dev-libs/openssl-0.9.8*:0 + !dev-libs/openssl:0.9.8" +DEPEND="${RDEPEND} + >=dev-lang/perl-5 + test? ( + sys-apps/diffutils + sys-devel/bc + )" + +# Do not install any docs +DOCS=() + +PATCHES=( + "${FILESDIR}"/openssl-0.9.8e-bsd-sparc64.patch + "${FILESDIR}"/openssl-0.9.8h-ldflags.patch #181438 + "${FILESDIR}"/openssl-0.9.8m-binutils.patch #289130 + "${FILESDIR}"/openssl-0.9.8z_p8-perl-5.26.patch +) + +src_prepare() { + default + + # disable fips in the build + # make sure the man pages are suffixed #302165 + # don't bother building man pages if they're disabled + sed -i \ + -e '/DIRS/s: fips : :g' \ + -e '/^MANSUFFIX/s:=.*:=ssl:' \ + -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ + -e $(has noman FEATURES \ + && echo '/^install:/s:install_docs::' \ + || echo '/^MANDIR=/s:=.*:=/usr/share/man:') \ + Makefile{,.org} \ + || die + # show the actual commands in the log + sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared || die + # update the enginedir path. + # punt broken config we don't care about as it fails sanity check. + sed -i \ + -e '/^"debug-ben-debug-64"/d' \ + -e "/foo.*engines/s|/lib/engines|/$(get_libdir)/engines|" \ + Configure || die + + # since we're forcing $(CC) as makedep anyway, just fix + # the conditional as always-on + # helps clang (#417795), and versioned gcc (#499818) + sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die + + # quiet out unknown driver argument warnings since openssl + # doesn't have well-split CFLAGS and we're making it even worse + # and 'make depend' uses -Werror for added fun (#417795 again) + [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments + + # allow openssl to be cross-compiled + cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed" + chmod a+rx gentoo.config || die + + append-flags -fno-strict-aliasing + append-flags -Wa,--noexecstack + + sed -i '1s,^:$,#!/usr/bin/perl,' Configure || die #141906 + sed -i '/^"debug-bodo/d' Configure || die # 0.9.8za shipped broken + ./config --test-sanity || die "I AM NOT SANE" + + multilib_copy_sources +} + +multilib_src_configure() { + unset APPS #197996 + unset SCRIPTS #312551 + + tc-export CC AR RANLIB + + # Clean out patent-or-otherwise-encumbered code + # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher) + # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm + # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography + # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2 + # RC5: 5,724,428 03/03/2015 https://en.wikipedia.org/wiki/RC5 + + use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; } + echoit() { echo "$@" ; "$@" ; } + + local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") + + local sslout=$(./gentoo.config) + einfo "Use configuration ${sslout:-(openssl knows best)}" + local config="Configure" + [[ -z ${sslout} ]] && config="config" + + echoit \ + ./${config} \ + ${sslout} \ + $(use cpu_flags_x86_sse2 || echo "no-sse2") \ + enable-camellia \ + $(use_ssl !bindist ec) \ + enable-idea \ + enable-mdc2 \ + $(use_ssl !bindist rc5) \ + enable-tlsext \ + $(use_ssl gmp gmp -lgmp) \ + $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ + $(use_ssl zlib) \ + --prefix=/usr \ + --openssldir=/etc/ssl \ + shared threads \ + || die "Configure failed" + + # Clean out hardcoded flags that openssl uses + local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ + -e 's:^CFLAG=::' \ + -e 's:-fomit-frame-pointer ::g' \ + -e 's:-O[0-9] ::g' \ + -e 's:-march=[-a-z0-9]* ::g' \ + -e 's:-mcpu=[-a-z0-9]* ::g' \ + -e 's:-m[a-z0-9]* ::g' \ + ) + sed -i \ + -e "/^LIBDIR=/s|=.*|=$(get_libdir)|" \ + -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ + -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ + Makefile || die +} + +multilib_src_compile() { + # depend is needed to use $confopts + emake -j1 depend + emake -j1 build_libs +} + +multilib_src_test() { + emake -j1 test +} + +multilib_src_install() { + dolib.so lib{crypto,ssl}.so.0.9.8 +} diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2r.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2r.ebuild new file mode 100644 index 000000000000..7aef40f273d2 --- /dev/null +++ b/dev-libs/openssl-compat/openssl-compat-1.0.2r.ebuild @@ -0,0 +1,249 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal + +# openssl-1.0.2-patches-1.6 contain additional CVE patches +# which got fixed with this release. +# Please use 1.7 version number when rolling a new tarball! +PATCH_SET="openssl-1.0.2-patches-1.5" +MY_P=openssl-${PV/_/-} +DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" +HOMEPAGE="https://www.openssl.org/" +SRC_URI="mirror://openssl/source/${MY_P}.tar.gz + !vanilla? ( + mirror://gentoo/${PATCH_SET}.tar.xz + https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz + https://dev.gentoo.org/~whissi/dist/openssl/${PATCH_SET}.tar.xz + https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz + )" + +LICENSE="openssl" +SLOT="1.0.0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux" +IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" +RESTRICT="!bindist? ( bindist )" + +RDEPEND=">=app-misc/c_rehash-1.7-r1 + gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) + zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) + kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] ) + !=dev-libs/openssl-1.0.2*:0 + !dev-libs/openssl:1.0.0" +DEPEND="${RDEPEND} + >=dev-lang/perl-5 + sctp? ( >=net-misc/lksctp-tools-1.0.12 ) + test? ( + sys-apps/diffutils + sys-devel/bc + )" + +RESTRICT="test" + +# Do not install any docs +DOCS=() + +# This does not copy the entire Fedora patchset, but JUST the parts that +# are needed to make it safe to use EC with RESTRICT=bindist. +# See openssl.spec for the matching numbering of SourceNNN, PatchNNN +SOURCE1=hobble-openssl +SOURCE12=ec_curve.c +SOURCE13=ectest.c +# These are ported instead +#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC +#PATCH37=openssl-1.1.0-ec-curves.patch +FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/' +FEDORA_GIT_BRANCH='f25' +FEDORA_SRC_URI=() +FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 ) +FEDORA_PATCH=( $PATCH1 $PATCH37 ) +for i in "${FEDORA_SOURCE[@]}" ; do + FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> openssl-${PV}_${i}" ) +done +for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix + FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" ) +done +SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )" + +S="${WORKDIR}/${MY_P}" + +MULTILIB_WRAPPED_HEADERS=( + usr/include/openssl/opensslconf.h +) + +src_prepare() { + if use bindist; then + # This just removes the prefix, and puts it into WORKDIR like the RPM. + for i in "${FEDORA_SOURCE[@]}" ; do + cp -f "${DISTDIR}"/"openssl-${PV}_${i}" "${WORKDIR}"/"${i}" || die + done + # .spec %prep + bash "${WORKDIR}"/"${SOURCE1}" || die + cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die + cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1 + for i in "${FEDORA_PATCH[@]}" ; do + eapply "${DISTDIR}"/"${i}" + done + eapply "${FILESDIR}"/openssl-1.0.2p-hobble-ecc.patch + # Also see the configure parts below: + # enable-ec \ + # $(use_ssl !bindist ec2m) \ + # $(use_ssl !bindist srp) \ + fi + + # keep this in sync with app-misc/c_rehash + SSL_CNF_DIR="/etc/ssl" + + # Make sure we only ever touch Makefile.org and avoid patching a file + # that gets blown away anyways by the Configure script in src_configure + rm -f Makefile + + if ! use vanilla ; then + eapply "${WORKDIR}"/patch/*.patch + fi + + eapply_user + + # disable fips in the build + # make sure the man pages are suffixed #302165 + # don't bother building man pages if they're disabled + sed -i \ + -e '/DIRS/s: fips : :g' \ + -e '/^MANSUFFIX/s:=.*:=ssl:' \ + -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ + -e $(has noman FEATURES \ + && echo '/^install:/s:install_docs::' \ + || echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \ + Makefile.org \ + || die + # show the actual commands in the log + sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared + + # since we're forcing $(CC) as makedep anyway, just fix + # the conditional as always-on + # helps clang (#417795), and versioned gcc (#499818) + # this breaks build with 1.0.2p, not sure if it is needed anymore + #sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die + + # quiet out unknown driver argument warnings since openssl + # doesn't have well-split CFLAGS and we're making it even worse + # and 'make depend' uses -Werror for added fun (#417795 again) + [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments + + # allow openssl to be cross-compiled + cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die + chmod a+rx gentoo.config || die + + append-flags -fno-strict-aliasing + append-flags $(test-flags-CC -Wa,--noexecstack) + append-cppflags -DOPENSSL_NO_BUF_FREELISTS + + sed -i '1s,^:$,#!'${EPREFIX%/}'/usr/bin/perl,' Configure #141906 + # The config script does stupid stuff to prompt the user. Kill it. + sed -i '/stty -icanon min 0 time 50; read waste/d' config || die + ./config --test-sanity || die "I AM NOT SANE" + + multilib_copy_sources +} + +multilib_src_configure() { + unset APPS #197996 + unset SCRIPTS #312551 + unset CROSS_COMPILE #311473 + + tc-export CC AR RANLIB RC + + # Clean out patent-or-otherwise-encumbered code + # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher) + # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm + # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography + # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2 + # RC5: Expired https://en.wikipedia.org/wiki/RC5 + + use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } + echoit() { echo "$@" ; "$@" ; } + + local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") + + # See if our toolchain supports __uint128_t. If so, it's 64bit + # friendly and can use the nicely optimized code paths. #460790 + local ec_nistp_64_gcc_128 + # Disable it for now though #469976 + #if ! use bindist ; then + # echo "__uint128_t i;" > "${T}"/128.c + # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then + # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" + # fi + #fi + + # https://github.com/openssl/openssl/issues/2286 + if use ia64 ; then + replace-flags -g3 -g2 + replace-flags -ggdb3 -ggdb2 + fi + + local sslout=$(./gentoo.config) + einfo "Use configuration ${sslout:-(openssl knows best)}" + local config="Configure" + [[ -z ${sslout} ]] && config="config" + + # Fedora hobbled-EC needs 'no-ec2m', 'no-srp' + echoit \ + ./${config} \ + ${sslout} \ + $(use cpu_flags_x86_sse2 || echo "no-sse2") \ + enable-camellia \ + enable-ec \ + $(use_ssl !bindist ec2m) \ + $(use_ssl !bindist srp) \ + ${ec_nistp_64_gcc_128} \ + enable-idea \ + enable-mdc2 \ + enable-rc5 \ + enable-tlsext \ + $(use_ssl asm) \ + $(use_ssl gmp gmp -lgmp) \ + $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ + $(use_ssl rfc3779) \ + $(use_ssl sctp) \ + $(use_ssl sslv2 ssl2) \ + $(use_ssl sslv3 ssl3) \ + $(use_ssl tls-heartbeat heartbeats) \ + $(use_ssl zlib) \ + --prefix="${EPREFIX%/}"/usr \ + --openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \ + --libdir=$(get_libdir) \ + shared threads \ + || die + + # Clean out hardcoded flags that openssl uses + local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ + -e 's:^CFLAG=::' \ + -e 's:-fomit-frame-pointer ::g' \ + -e 's:-O[0-9] ::g' \ + -e 's:-march=[-a-z0-9]* ::g' \ + -e 's:-mcpu=[-a-z0-9]* ::g' \ + -e 's:-m[a-z0-9]* ::g' \ + ) + sed -i \ + -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ + -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ + Makefile || die +} + +multilib_src_compile() { + # depend is needed to use $confopts; it also doesn't matter + # that it's -j1 as the code itself serializes subdirs + emake -j1 V=1 depend + emake build_libs +} + +multilib_src_test() { + emake -j1 test +} + +multilib_src_install() { + dolib.so lib{crypto,ssl}.so.${SLOT} +} |