Project import
diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..60102c5 --- /dev/null +++ b/Makefile
@@ -0,0 +1,139 @@ +# +# Copyright (c) 2010-2012 Nest, Inc. +# All rights reserved. +# +# This document is the property of Nest. It is considered +# confidential and proprietary information. +# +# This document may not be reproduced or transmitted in any form, +# in whole or in part, without the express written permission of +# Nest. +# +# Description: +# This file is the makefile for the Open Secure Socket Layer +# (SSL) library. +# + +.NOTPARALLEL: + +BuildConfigSpecialized := No + +include pre.mak + +PackageName := openssl + +PackageExtension := tar.gz +PackageSeparator := - + +PackagePatchArgs := -p1 + +PackageArchive := $(PackageName)$(PackageSeparator)$(PackageVersion).$(PackageExtension) +PackageSourceDir := $(PackageName)$(PackageSeparator)$(PackageVersion) + +PackageBuildMakefile = $(call GenerateBuildPaths,Makefile) + +CleanPaths += $(PackageLicenseFile) + +LinuxDir := sw/tps/linux +LinuxIncDir := $(call GenerateResultPaths,$(LinuxDir),include) + +ZlibDir := sw/tps/zlib +ZlibIncDir := $(call GenerateResultPaths,$(ZlibDir),usr/include) +ZlibLibDir := $(call GenerateResultPaths,$(ZlibDir),usr/lib) + +OpenSSLPackageOptions += experimental-jpake $(call ToolGenerateDefineArgument,OPENSSL_EXPERIMENTAL_JPAKE) + +OpenSSLTargets = all +OpenSSLInstallTargets = install + +# If the feature BUILD_FEATURE_OPENSSL_FORCE32_LONG is set, we're forcing OpenSSL to use a 32bit long +# We typically set this when building the simulator because our PASE code expects BN_BYTES == 4 +# We force 32bit by setting the TargetConfig to gcc +# Couple unfortunate side effects: +# 1) Assembly is not supported +# 2) This TargetConfig forces us to build as a static library (OpenSSL limitation) +# 3) We have to turn off compression. Zlib causes problems for other packages like curl +# whose configure script can't seem to realize that it needs to bring in zlib as well +# (might be a pkgconfig issue with openssl?) +# 4) We have to compile with -fPIC since other dylibs (curl) link openssl +ifeq ($(BUILD_FEATURE_OPENSSL_FORCE32_LONG),1) +OpenSSLPackageOptions += no-asm no-zlib +OpenSSLCCFlags = -fPIC +OpenSSLTargetConfig = gcc +else +OpenSSLPackageOptions += shared zlib +endif + +all: $(PackageDefaultGoal) + +# Generate the package license contents. + +$(PackageSourceDir)/LICENSE: source + +$(PackageLicenseFile): $(PackageSourceDir)/LICENSE + $(copy-result) + +# Extract the source from the archive and apply patches, if any. + +$(PackageSourceDir): $(PackageArchive) $(PackagePatchPaths) + $(expand-and-patch-package) + +# Prepare the sources. + +.PHONY: source +source: | $(PackageSourceDir) + +# Patch the sources, if necessary. + +.PHONY: patch +patch: source + +$(PackageBuildMakefile): | $(PackageSourceDir) $(BuildDirectory) + $(Verbose)$(call create-links,$(CURDIR)/$(PackageSourceDir),$(BuildDirectory)) ; \ + cd $(BuildDirectory) && \ + INSTALL="$(INSTALL) $(INSTALLFLAG)" \ + ./Configure \ + --prefix=/usr \ + --openssldir=/usr/lib/ssl \ + $(call ToolGenerateIncludeArgument,$(ZlibIncDir)) \ + $(call ToolGenerateLibraryPathArgument,$(ZlibLibDir)) \ + $(OpenSSLPackageOptions) \ + $(OpenSSLCCFlags) \ + $(OpenSSLTargetConfig) + +# Configure the source for building. + +.PHONY: configure +configure: source $(PackageBuildMakefile) + +# Build the source. +# +# We have to unset MAKEFLAGS since they confuse the package build otherwise. + +.PHONY: build +build: configure | $(BuildDirectory) + $(Verbose)unset MAKEFLAGS && \ + $(MAKE) $(JOBSFLAG) -C $(BuildDirectory) \ + CC="$(CC)" AR="$(AR) $(ARFLAGS)" RANLIB=$(RANLIB) \ + INSTALL_PREFIX=$(ResultDirectory) \ + $(OpenSSLTargets) + +# Stage the build to a temporary installation area. +# +# We have to unset MAKEFLAGS since they confuse the package build otherwise. + +.PHONY: stage +stage: build | $(ResultDirectory) + $(Verbose)unset MAKEFLAGS && \ + $(MAKE) -C $(BuildDirectory) \ + CC="$(CC)" AR="$(AR) $(ARFLAGS)" RANLIB=$(RANLIB) \ + INSTALL="$(INSTALL) $(INSTALLFLAGS)" \ + INSTALL_PREFIX=$(ResultDirectory) \ + $(OpenSSLInstallTargets) + +clean: + $(Verbose)$(RM) $(RMFLAGS) -r $(PackageSourceDir) + $(Verbose)$(RM) $(RMFLAGS) -r $(BuildDirectory) + $(Verbose)$(RM) $(RMFLAGS) -r $(ResultDirectory) + +include post.mak
diff --git a/openssl-1.0.1p.tar.gz b/openssl-1.0.1p.tar.gz new file mode 100644 index 0000000..db77eba --- /dev/null +++ b/openssl-1.0.1p.tar.gz Binary files differ
diff --git a/openssl.patches/openssl-50.description b/openssl.patches/openssl-50.description new file mode 100644 index 0000000..da8e579 --- /dev/null +++ b/openssl.patches/openssl-50.description
@@ -0,0 +1,3 @@ +This patch ensures that shared libraries are, at minimum, user writable +so that they may be successfully stripped when generating file system +and installation images.
diff --git a/openssl.patches/openssl-50.patch b/openssl.patches/openssl-50.patch new file mode 100644 index 0000000..653d97f --- /dev/null +++ b/openssl.patches/openssl-50.patch
@@ -0,0 +1,11 @@ +--- a/Makefile.org 2010-01-27 08:06:36.000000000 -0800 ++++ b/Makefile.org 2010-09-03 14:47:59.000000000 -0700 +@@ -527,7 +527,7 @@ + ( echo installing $$i; \ + if [ "$(PLATFORM)" != "Cygwin" ]; then \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ +- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ ++ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ + else \ + c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
diff --git a/openssl.patches/openssl-51.description b/openssl.patches/openssl-51.description new file mode 100644 index 0000000..7988986 --- /dev/null +++ b/openssl.patches/openssl-51.description
@@ -0,0 +1 @@ +This patch ensures that CHECKED_STACK_OF can successfully work with C++ classes that employs cast operators.
diff --git a/openssl.patches/openssl-51.patch b/openssl.patches/openssl-51.patch new file mode 100644 index 0000000..a0c4a69 --- /dev/null +++ b/openssl.patches/openssl-51.patch
@@ -0,0 +1,11 @@ +--- a/crypto/stack/safestack.h 2011-08-17 15:39:52.853888167 -0700 ++++ b/crypto/stack/safestack.h 2011-08-17 15:40:20.181928142 -0700 +@@ -68,7 +68,7 @@ + */ + + # define CHECKED_STACK_OF(type, p) \ +- ((_STACK*) (1 ? p : (STACK_OF(type)*)0)) ++ ((_STACK*) (1 ? (STACK_OF(type)*)p : (STACK_OF(type)*)0)) + + # define CHECKED_SK_FREE_FUNC(type, p) \ + ((void (*)(void *)) ((1 ? p : (void (*)(type *))0)))
diff --git a/openssl.patches/openssl-52.description b/openssl.patches/openssl-52.description new file mode 100644 index 0000000..8aba8cc --- /dev/null +++ b/openssl.patches/openssl-52.description
@@ -0,0 +1,3 @@ +Patch to allow parallel build of openssl. +Gathered from https://github.com/Alexpux/Qt-builds/blob/master/patches/openssl/openssl-1.0.1-parallel-build.patch +Licensed under BSD-3 http://www.opensource.org/licenses/BSD-3-Clause
diff --git a/openssl.patches/openssl-52.patch b/openssl.patches/openssl-52.patch new file mode 100644 index 0000000..5289d6c --- /dev/null +++ b/openssl.patches/openssl-52.patch
@@ -0,0 +1,346 @@ +--- a/Makefile.org ++++ b/Makefile.org +@@ -277,17 +277,17 @@ + build_libssl: build_ssl libssl.pc + + build_crypto: +- @dir=crypto; target=all; $(BUILD_ONE_CMD) ++ +@dir=crypto; target=all; $(BUILD_ONE_CMD) + build_ssl: build_crypto +- @dir=ssl; target=all; $(BUILD_ONE_CMD) ++ +@dir=ssl; target=all; $(BUILD_ONE_CMD) + build_engines: build_crypto +- @dir=engines; target=all; $(BUILD_ONE_CMD) ++ +@dir=engines; target=all; $(BUILD_ONE_CMD) + build_apps: build_libs +- @dir=apps; target=all; $(BUILD_ONE_CMD) ++ +@dir=apps; target=all; $(BUILD_ONE_CMD) + build_tests: build_libs +- @dir=test; target=all; $(BUILD_ONE_CMD) ++ +@dir=test; target=all; $(BUILD_ONE_CMD) + build_tools: build_libs +- @dir=tools; target=all; $(BUILD_ONE_CMD) ++ +@dir=tools; target=all; $(BUILD_ONE_CMD) + + all_testapps: build_libs build_testapps + build_testapps: +@@ -497,9 +497,9 @@ + dist_pem_h: + (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) + +-install: all install_docs install_sw ++install: install_docs install_sw + +-install_sw: ++install_dirs: + @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ +@@ -508,6 +508,13 @@ + $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/private ++ @$(PERL) $(TOP)/util/mkdir-p.pl \ ++ $(INSTALL_PREFIX)$(MANDIR)/man1 \ ++ $(INSTALL_PREFIX)$(MANDIR)/man3 \ ++ $(INSTALL_PREFIX)$(MANDIR)/man5 \ ++ $(INSTALL_PREFIX)$(MANDIR)/man7 ++ ++install_sw: install_dirs + @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +@@ -511,7 +511,7 @@ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; +- @set -e; target=install; $(RECURSIVE_BUILD_CMD) ++ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) + @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ + do \ + if [ -f "$$i" ]; then \ +@@ -593,12 +600,7 @@ + done; \ + done + +-install_docs: +- @$(PERL) $(TOP)/util/mkdir-p.pl \ +- $(INSTALL_PREFIX)$(MANDIR)/man1 \ +- $(INSTALL_PREFIX)$(MANDIR)/man3 \ +- $(INSTALL_PREFIX)$(MANDIR)/man5 \ +- $(INSTALL_PREFIX)$(MANDIR)/man7 ++install_docs: install_dirs + @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ + here="`pwd`"; \ + filecase=; \ +--- a/Makefile.shared ++++ b/Makefile.shared +@@ -105,6 +105,7 @@ LINK_SO= \ + SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ + LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ + LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ ++ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ + LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ + $${SHAREDCMD} $${SHAREDFLAGS} \ + -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ +@@ -122,6 +124,7 @@ SYMLINK_SO= \ + done; \ + fi; \ + if [ -n "$$SHLIB_SOVER" ]; then \ ++ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ + ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ + ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ + fi; \ +--- a/crypto/Makefile ++++ b/crypto/Makefile +@@ -85,11 +85,11 @@ + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + + subdirs: +- @target=all; $(RECURSIVE_MAKE) ++ +@target=all; $(RECURSIVE_MAKE) + + files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO +- @target=files; $(RECURSIVE_MAKE) ++ +@target=files; $(RECURSIVE_MAKE) + + links: + @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) +@@ -100,7 +100,7 @@ + # lib: $(LIB): are splitted to avoid end-less loop + lib: $(LIB) + @touch lib +-$(LIB): $(LIBOBJ) ++$(LIB): $(LIBOBJ) | subdirs + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + +@@ -110,7 +110,7 @@ + fi + + libs: +- @target=lib; $(RECURSIVE_MAKE) ++ +@target=lib; $(RECURSIVE_MAKE) + + install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... +@@ -119,7 +119,7 @@ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; +- @target=install; $(RECURSIVE_MAKE) ++ +@target=install; $(RECURSIVE_MAKE) + + lint: + @target=lint; $(RECURSIVE_MAKE) +--- a/engines/Makefile ++++ b/engines/Makefile +@@ -72,7 +72,7 @@ + + all: lib subdirs + +-lib: $(LIBOBJ) ++lib: $(LIBOBJ) | subdirs + @if [ -n "$(SHARED_LIBS)" ]; then \ + set -e; \ + for l in $(LIBNAMES); do \ +@@ -89,7 +89,7 @@ + + subdirs: + echo $(EDIRS) +- @target=all; $(RECURSIVE_MAKE) ++ +@target=all; $(RECURSIVE_MAKE) + + files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO +@@ -128,7 +128,7 @@ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ + done; \ + fi +- @target=install; $(RECURSIVE_MAKE) ++ +@target=install; $(RECURSIVE_MAKE) + + tags: + ctags $(SRC) +--- a/test/Makefile ++++ b/test/Makefile +@@ -131,7 +131,7 @@ + tags: + ctags $(SRC) + +-tests: exe apps $(TESTS) ++tests: exe $(TESTS) + + apps: + @(cd ..; $(MAKE) DIRS=apps all) +@@ -394,121 +394,121 @@ + link_app.$${shlib_target} + + $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) +- @target=$(RSATEST); $(BUILD_CMD) ++ +@target=$(RSATEST); $(BUILD_CMD) + + $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) +- @target=$(BNTEST); $(BUILD_CMD) ++ +@target=$(BNTEST); $(BUILD_CMD) + + $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) +- @target=$(ECTEST); $(BUILD_CMD) ++ +@target=$(ECTEST); $(BUILD_CMD) + + $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) +- @target=$(EXPTEST); $(BUILD_CMD) ++ +@target=$(EXPTEST); $(BUILD_CMD) + + $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) +- @target=$(IDEATEST); $(BUILD_CMD) ++ +@target=$(IDEATEST); $(BUILD_CMD) + + $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) +- @target=$(MD2TEST); $(BUILD_CMD) ++ +@target=$(MD2TEST); $(BUILD_CMD) + + $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) +- @target=$(SHATEST); $(BUILD_CMD) ++ +@target=$(SHATEST); $(BUILD_CMD) + + $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) +- @target=$(SHA1TEST); $(BUILD_CMD) ++ +@target=$(SHA1TEST); $(BUILD_CMD) + + $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) +- @target=$(SHA256TEST); $(BUILD_CMD) ++ +@target=$(SHA256TEST); $(BUILD_CMD) + + $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) +- @target=$(SHA512TEST); $(BUILD_CMD) ++ +@target=$(SHA512TEST); $(BUILD_CMD) + + $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) +- @target=$(RMDTEST); $(BUILD_CMD) ++ +@target=$(RMDTEST); $(BUILD_CMD) + + $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) +- @target=$(MDC2TEST); $(BUILD_CMD) ++ +@target=$(MDC2TEST); $(BUILD_CMD) + + $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) +- @target=$(MD4TEST); $(BUILD_CMD) ++ +@target=$(MD4TEST); $(BUILD_CMD) + + $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) +- @target=$(MD5TEST); $(BUILD_CMD) ++ +@target=$(MD5TEST); $(BUILD_CMD) + + $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) +- @target=$(HMACTEST); $(BUILD_CMD) ++ +@target=$(HMACTEST); $(BUILD_CMD) + + $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO) +- @target=$(WPTEST); $(BUILD_CMD) ++ +@target=$(WPTEST); $(BUILD_CMD) + + $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) +- @target=$(RC2TEST); $(BUILD_CMD) ++ +@target=$(RC2TEST); $(BUILD_CMD) + + $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) +- @target=$(BFTEST); $(BUILD_CMD) ++ +@target=$(BFTEST); $(BUILD_CMD) + + $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) +- @target=$(CASTTEST); $(BUILD_CMD) ++ +@target=$(CASTTEST); $(BUILD_CMD) + + $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) +- @target=$(RC4TEST); $(BUILD_CMD) ++ +@target=$(RC4TEST); $(BUILD_CMD) + + $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) +- @target=$(RC5TEST); $(BUILD_CMD) ++ +@target=$(RC5TEST); $(BUILD_CMD) + + $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) +- @target=$(DESTEST); $(BUILD_CMD) ++ +@target=$(DESTEST); $(BUILD_CMD) + + $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) +- @target=$(RANDTEST); $(BUILD_CMD) ++ +@target=$(RANDTEST); $(BUILD_CMD) + + $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) +- @target=$(DHTEST); $(BUILD_CMD) ++ +@target=$(DHTEST); $(BUILD_CMD) + + $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) +- @target=$(DSATEST); $(BUILD_CMD) ++ +@target=$(DSATEST); $(BUILD_CMD) + + $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) +- @target=$(METHTEST); $(BUILD_CMD) ++ +@target=$(METHTEST); $(BUILD_CMD) + + $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) +- @target=$(SSLTEST); $(FIPS_BUILD_CMD) ++ +@target=$(SSLTEST); $(FIPS_BUILD_CMD) + + $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) +- @target=$(ENGINETEST); $(BUILD_CMD) ++ +@target=$(ENGINETEST); $(BUILD_CMD) + + $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) +- @target=$(EVPTEST); $(BUILD_CMD) ++ +@target=$(EVPTEST); $(BUILD_CMD) + + $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO) +- @target=$(EVPEXTRATEST); $(BUILD_CMD) ++ +@target=$(EVPEXTRATEST); $(BUILD_CMD) + + $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) +- @target=$(ECDSATEST); $(BUILD_CMD) ++ +@target=$(ECDSATEST); $(BUILD_CMD) + + $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) +- @target=$(ECDHTEST); $(BUILD_CMD) ++ +@target=$(ECDHTEST); $(BUILD_CMD) + + $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) +- @target=$(IGETEST); $(BUILD_CMD) ++ +@target=$(IGETEST); $(BUILD_CMD) + + $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) +- @target=$(JPAKETEST); $(BUILD_CMD) ++ +@target=$(JPAKETEST); $(BUILD_CMD) + + $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) +- @target=$(ASN1TEST); $(BUILD_CMD) ++ +@target=$(ASN1TEST); $(BUILD_CMD) + + $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO) +- @target=$(SRPTEST); $(BUILD_CMD) ++ +@target=$(SRPTEST); $(BUILD_CMD) + + $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO) +- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) ++ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) + + $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o +- @target=$(CONSTTIMETEST) $(BUILD_CMD) ++ +@target=$(CONSTTIMETEST) $(BUILD_CMD) + + $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o +- @target=$(VERIFYEXTRATEST) $(BUILD_CMD) ++ +@target=$(VERIFYEXTRATEST) $(BUILD_CMD) + + #$(AESTEST).o: $(AESTEST).c + # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c +@@ -521,7 +521,7 @@ + # fi + + dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) +- @target=dummytest; $(BUILD_CMD) ++ +@target=dummytest; $(BUILD_CMD) + + # DO NOT DELETE THIS LINE -- make depend depends on it. +
diff --git a/openssl.patches/openssl-53.description b/openssl.patches/openssl-53.description new file mode 100644 index 0000000..722d6f6 --- /dev/null +++ b/openssl.patches/openssl-53.description
@@ -0,0 +1 @@ +Patch to have Openssl use /usr/bin/install
diff --git a/openssl.patches/openssl-53.patch b/openssl.patches/openssl-53.patch new file mode 100644 index 0000000..4cf8b05 --- /dev/null +++ b/openssl.patches/openssl-53.patch
@@ -0,0 +1,960 @@ +diff -aruN a/apps/Makefile b/apps/Makefile +--- a/apps/Makefile 2014-04-07 09:55:44.000000000 -0700 ++++ b/apps/Makefile 2014-06-11 13:39:01.206044045 -0700 +@@ -102,20 +102,14 @@ + @set -e; for i in $(EXE); \ + do \ + (echo installing $$i; \ +- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ +- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ +- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ ++ $(INSTALL) -m 755 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ + done; + @set -e; for i in $(SCRIPTS); \ + do \ + (echo installing $$i; \ +- cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \ +- chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \ +- mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \ ++ $(INSTALL) -m 755 $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \ + done +- @cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \ +- chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \ +- mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf ++ @$(INSTALL) openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf; \ + + tags: + ctags $(SRC) +diff -aruN a/crypto/aes/Makefile b/crypto/aes/Makefile +--- a/crypto/aes/Makefile 2014-04-07 09:55:27.000000000 -0700 ++++ b/crypto/aes/Makefile 2014-06-11 13:46:43.547397933 -0700 +@@ -94,8 +94,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/asn1/Makefile b/crypto/asn1/Makefile +--- a/crypto/asn1/Makefile 2014-04-07 09:55:35.000000000 -0700 ++++ b/crypto/asn1/Makefile 2014-06-11 14:04:27.899675150 -0700 +@@ -81,8 +81,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/bf/Makefile b/crypto/bf/Makefile +--- a/crypto/bf/Makefile 2014-04-07 09:55:27.000000000 -0700 ++++ b/crypto/bf/Makefile 2014-06-11 13:50:59.870800614 -0700 +@@ -60,8 +60,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/bio/Makefile b/crypto/bio/Makefile +--- a/crypto/bio/Makefile 2014-04-07 09:55:31.000000000 -0700 ++++ b/crypto/bio/Makefile 2014-06-11 13:49:31.285958273 -0700 +@@ -61,8 +61,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/bn/Makefile b/crypto/bn/Makefile +--- a/crypto/bn/Makefile 2014-04-07 09:55:28.000000000 -0700 ++++ b/crypto/bn/Makefile 2014-06-11 13:43:42.741340785 -0700 +@@ -147,8 +147,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + exptest: +diff -aruN a/crypto/buffer/Makefile b/crypto/buffer/Makefile +--- a/crypto/buffer/Makefile 2014-04-07 09:55:31.000000000 -0700 ++++ b/crypto/buffer/Makefile 2014-06-11 13:42:26.316781813 -0700 +@@ -49,8 +49,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/camellia/Makefile b/crypto/camellia/Makefile +--- a/crypto/camellia/Makefile 2014-04-07 09:55:27.000000000 -0700 ++++ b/crypto/camellia/Makefile 2014-06-11 14:02:08.982642071 -0700 +@@ -61,8 +61,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/cast/Makefile b/crypto/cast/Makefile +--- a/crypto/cast/Makefile 2014-04-07 09:55:27.000000000 -0700 ++++ b/crypto/cast/Makefile 2014-06-11 13:48:36.426856633 -0700 +@@ -57,8 +57,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/cmac/Makefile b/crypto/cmac/Makefile +--- a/crypto/cmac/Makefile 2014-04-07 09:55:39.000000000 -0700 ++++ b/crypto/cmac/Makefile 2014-06-11 13:51:21.993551302 -0700 +@@ -49,8 +49,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/cms/Makefile b/crypto/cms/Makefile +--- a/crypto/cms/Makefile 2014-04-07 09:55:39.000000000 -0700 ++++ b/crypto/cms/Makefile 2014-06-11 13:53:34.699854344 -0700 +@@ -55,8 +55,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/comp/Makefile b/crypto/comp/Makefile +--- a/crypto/comp/Makefile 2014-04-07 09:55:38.000000000 -0700 ++++ b/crypto/comp/Makefile 2014-06-11 13:46:10.786827825 -0700 +@@ -52,8 +52,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/conf/Makefile b/crypto/conf/Makefile +--- a/crypto/conf/Makefile 2014-04-07 09:55:37.000000000 -0700 ++++ b/crypto/conf/Makefile 2014-06-11 13:56:14.764697941 -0700 +@@ -52,8 +52,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/des/Makefile b/crypto/des/Makefile +--- a/crypto/des/Makefile 2014-04-07 09:55:27.000000000 -0700 ++++ b/crypto/des/Makefile 2014-06-11 14:06:57.431837553 -0700 +@@ -82,8 +82,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/dh/Makefile b/crypto/dh/Makefile +--- a/crypto/dh/Makefile 2014-04-07 09:55:30.000000000 -0700 ++++ b/crypto/dh/Makefile 2014-06-11 13:47:28.927456463 -0700 +@@ -51,8 +51,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/dsa/Makefile b/crypto/dsa/Makefile +--- a/crypto/dsa/Makefile 2014-04-07 09:55:29.000000000 -0700 ++++ b/crypto/dsa/Makefile 2014-06-11 13:42:04.823299123 -0700 +@@ -51,8 +51,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/dso/Makefile b/crypto/dso/Makefile +--- a/crypto/dso/Makefile 2014-04-07 09:55:30.000000000 -0700 ++++ b/crypto/dso/Makefile 2014-06-11 14:11:50.062940325 -0700 +@@ -51,8 +51,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/ec/Makefile b/crypto/ec/Makefile +--- a/crypto/ec/Makefile 2014-04-07 09:55:29.000000000 -0700 ++++ b/crypto/ec/Makefile 2014-06-11 13:39:44.765969069 -0700 +@@ -58,8 +58,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/ecdh/Makefile b/crypto/ecdh/Makefile +--- a/crypto/ecdh/Makefile 2014-04-07 09:55:30.000000000 -0700 ++++ b/crypto/ecdh/Makefile 2014-06-11 13:47:06.515665143 -0700 +@@ -50,8 +50,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/ecdsa/Makefile b/crypto/ecdsa/Makefile +--- a/crypto/ecdsa/Makefile 2014-04-07 09:55:30.000000000 -0700 ++++ b/crypto/ecdsa/Makefile 2014-06-11 13:58:43.793131492 -0700 +@@ -50,8 +50,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/engine/Makefile b/crypto/engine/Makefile +--- a/crypto/engine/Makefile 2014-04-07 09:55:31.000000000 -0700 ++++ b/crypto/engine/Makefile 2014-06-11 13:40:25.650744785 -0700 +@@ -59,8 +59,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/err/Makefile b/crypto/err/Makefile +--- a/crypto/err/Makefile 2014-04-07 09:55:32.000000000 -0700 ++++ b/crypto/err/Makefile 2014-06-11 13:50:16.228708297 -0700 +@@ -49,8 +49,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/evp/Makefile b/crypto/evp/Makefile +--- a/crypto/evp/Makefile 2014-04-07 09:55:33.000000000 -0700 ++++ b/crypto/evp/Makefile 2014-06-11 14:09:00.133453079 -0700 +@@ -74,8 +74,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/hmac/Makefile b/crypto/hmac/Makefile +--- a/crypto/hmac/Makefile 2014-04-07 09:55:26.000000000 -0700 ++++ b/crypto/hmac/Makefile 2014-06-11 13:55:01.044141828 -0700 +@@ -49,8 +49,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/idea/Makefile b/crypto/idea/Makefile +--- a/crypto/idea/Makefile 2014-04-07 09:55:27.000000000 -0700 ++++ b/crypto/idea/Makefile 2014-06-11 14:08:09.671197576 -0700 +@@ -49,8 +49,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/jpake/Makefile b/crypto/jpake/Makefile +--- a/crypto/jpake/Makefile 2014-03-17 09:14:20.000000000 -0700 ++++ b/crypto/jpake/Makefile 2014-06-11 13:56:54.540624511 -0700 +@@ -28,8 +28,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + depend: +diff -aruN a/crypto/krb5/Makefile b/crypto/krb5/Makefile +--- a/crypto/krb5/Makefile 2014-04-07 09:55:39.000000000 -0700 ++++ b/crypto/krb5/Makefile 2014-06-11 14:12:56.833039499 -0700 +@@ -50,8 +50,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/lhash/Makefile b/crypto/lhash/Makefile +--- a/crypto/lhash/Makefile 2014-04-07 09:55:31.000000000 -0700 ++++ b/crypto/lhash/Makefile 2014-06-11 13:56:41.079261923 -0700 +@@ -49,8 +49,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/Makefile b/crypto/Makefile +--- a/crypto/Makefile 2014-06-11 13:02:39.380535040 -0700 ++++ b/crypto/Makefile 2014-06-11 13:47:53.230872775 -0700 +@@ -120,8 +120,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ;\ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +@target=install; $(RECURSIVE_MAKE) + +diff -aruN a/crypto/Makefile.orig b/crypto/Makefile.orig +--- a/crypto/Makefile.orig 2014-04-07 09:55:26.000000000 -0700 ++++ b/crypto/Makefile.orig 2014-06-11 13:39:57.026776154 -0700 +@@ -120,8 +120,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ;\ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + @target=install; $(RECURSIVE_MAKE) + +diff -aruN a/crypto/md2/Makefile b/crypto/md2/Makefile +--- a/crypto/md2/Makefile 2014-03-17 09:14:20.000000000 -0700 ++++ b/crypto/md2/Makefile 2014-06-11 13:54:14.945895895 -0700 +@@ -49,8 +49,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/md4/Makefile b/crypto/md4/Makefile +--- a/crypto/md4/Makefile 2014-04-07 09:55:26.000000000 -0700 ++++ b/crypto/md4/Makefile 2014-06-11 13:54:00.092521963 -0700 +@@ -50,8 +50,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/md5/Makefile b/crypto/md5/Makefile +--- a/crypto/md5/Makefile 2014-04-07 09:55:26.000000000 -0700 ++++ b/crypto/md5/Makefile 2014-06-11 13:55:55.937685997 -0700 +@@ -64,8 +64,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/mdc2/Makefile b/crypto/mdc2/Makefile +--- a/crypto/mdc2/Makefile 2014-04-07 09:55:26.000000000 -0700 ++++ b/crypto/mdc2/Makefile 2014-06-11 14:12:34.196368264 -0700 +@@ -49,8 +49,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/modes/Makefile b/crypto/modes/Makefile +--- a/crypto/modes/Makefile 2014-04-07 09:55:28.000000000 -0700 ++++ b/crypto/modes/Makefile 2014-06-11 13:52:08.997894428 -0700 +@@ -77,8 +77,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/objects/Makefile b/crypto/objects/Makefile +--- a/crypto/objects/Makefile 2014-04-07 09:55:26.000000000 -0700 ++++ b/crypto/objects/Makefile 2014-06-11 13:55:28.402856592 -0700 +@@ -62,8 +62,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/ocsp/Makefile b/crypto/ocsp/Makefile +--- a/crypto/ocsp/Makefile 2014-04-07 09:55:38.000000000 -0700 ++++ b/crypto/ocsp/Makefile 2014-06-11 13:48:15.287102311 -0700 +@@ -52,8 +52,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/pem/Makefile b/crypto/pem/Makefile +--- a/crypto/pem/Makefile 2014-04-07 09:55:35.000000000 -0700 ++++ b/crypto/pem/Makefile 2014-06-11 13:41:41.493726266 -0700 +@@ -52,8 +52,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/pkcs12/Makefile b/crypto/pkcs12/Makefile +--- a/crypto/pkcs12/Makefile 2014-04-07 09:55:38.000000000 -0700 ++++ b/crypto/pkcs12/Makefile 2014-06-11 13:41:19.128249482 -0700 +@@ -55,8 +55,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/pkcs7/Makefile b/crypto/pkcs7/Makefile +--- a/crypto/pkcs7/Makefile 2014-04-07 09:55:38.000000000 -0700 ++++ b/crypto/pkcs7/Makefile 2014-06-11 13:54:39.150252800 -0700 +@@ -70,8 +70,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/pqueue/Makefile b/crypto/pqueue/Makefile +--- a/crypto/pqueue/Makefile 2014-04-07 09:55:39.000000000 -0700 ++++ b/crypto/pqueue/Makefile 2014-06-11 13:43:08.489534434 -0700 +@@ -49,8 +49,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/rand/Makefile b/crypto/rand/Makefile +--- a/crypto/rand/Makefile 2014-04-07 09:55:32.000000000 -0700 ++++ b/crypto/rand/Makefile 2014-06-11 13:49:06.071946738 -0700 +@@ -51,8 +51,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/rc2/Makefile b/crypto/rc2/Makefile +--- a/crypto/rc2/Makefile 2014-04-07 09:55:27.000000000 -0700 ++++ b/crypto/rc2/Makefile 2014-06-11 13:51:45.103805991 -0700 +@@ -49,8 +49,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/rc4/Makefile b/crypto/rc4/Makefile +--- a/crypto/rc4/Makefile 2014-04-07 09:55:27.000000000 -0700 ++++ b/crypto/rc4/Makefile 2014-06-11 14:09:50.071968921 -0700 +@@ -77,8 +77,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/rc5/Makefile b/crypto/rc5/Makefile +--- a/crypto/rc5/Makefile 2014-03-17 09:14:20.000000000 -0700 ++++ b/crypto/rc5/Makefile 2014-06-11 14:10:23.714735068 -0700 +@@ -57,8 +57,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/ripemd/Makefile b/crypto/ripemd/Makefile +--- a/crypto/ripemd/Makefile 2014-04-07 09:55:26.000000000 -0700 ++++ b/crypto/ripemd/Makefile 2014-06-11 14:11:30.676651703 -0700 +@@ -57,8 +57,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/rsa/Makefile b/crypto/rsa/Makefile +--- a/crypto/rsa/Makefile 2014-04-07 09:55:29.000000000 -0700 ++++ b/crypto/rsa/Makefile 2014-06-11 14:01:44.289334721 -0700 +@@ -55,8 +55,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/seed/Makefile b/crypto/seed/Makefile +--- a/crypto/seed/Makefile 2014-04-07 09:55:27.000000000 -0700 ++++ b/crypto/seed/Makefile 2014-06-11 14:12:15.094418677 -0700 +@@ -50,8 +50,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/sha/Makefile b/crypto/sha/Makefile +--- a/crypto/sha/Makefile 2014-04-07 09:55:26.000000000 -0700 ++++ b/crypto/sha/Makefile 2014-06-11 14:09:22.645821412 -0700 +@@ -105,8 +105,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/srp/Makefile b/crypto/srp/Makefile +--- a/crypto/srp/Makefile 2014-04-07 09:55:39.000000000 -0700 ++++ b/crypto/srp/Makefile 2014-06-11 14:05:00.823176148 -0700 +@@ -46,8 +46,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/stack/Makefile b/crypto/stack/Makefile +--- a/crypto/stack/Makefile 2014-04-07 09:55:31.000000000 -0700 ++++ b/crypto/stack/Makefile 2014-06-11 13:42:49.561969066 -0700 +@@ -49,8 +49,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/store/Makefile b/crypto/store/Makefile +--- a/crypto/store/Makefile 2014-03-17 09:14:20.000000000 -0700 ++++ b/crypto/store/Makefile 2014-06-11 13:43:17.929014163 -0700 +@@ -51,8 +51,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/ts/Makefile b/crypto/ts/Makefile +--- a/crypto/ts/Makefile 2014-04-07 09:55:39.000000000 -0700 ++++ b/crypto/ts/Makefile 2014-06-11 13:59:56.784110542 -0700 +@@ -63,8 +63,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/txt_db/Makefile b/crypto/txt_db/Makefile +--- a/crypto/txt_db/Makefile 2014-04-07 09:55:37.000000000 -0700 ++++ b/crypto/txt_db/Makefile 2014-06-11 13:49:53.869284854 -0700 +@@ -49,8 +49,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/ui/Makefile b/crypto/ui/Makefile +--- a/crypto/ui/Makefile 2014-04-07 09:55:39.000000000 -0700 ++++ b/crypto/ui/Makefile 2014-06-11 13:44:10.289357761 -0700 +@@ -53,8 +53,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/whrlpool/Makefile b/crypto/whrlpool/Makefile +--- a/crypto/whrlpool/Makefile 2014-04-07 09:55:26.000000000 -0700 ++++ b/crypto/whrlpool/Makefile 2014-06-11 14:07:47.522277623 -0700 +@@ -62,8 +62,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/x509/Makefile b/crypto/x509/Makefile +--- a/crypto/x509/Makefile 2014-04-07 09:55:36.000000000 -0700 ++++ b/crypto/x509/Makefile 2014-06-11 14:10:12.300848773 -0700 +@@ -59,8 +59,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/crypto/x509v3/Makefile b/crypto/x509v3/Makefile +--- a/crypto/x509v3/Makefile 2014-04-07 09:55:37.000000000 -0700 ++++ b/crypto/x509v3/Makefile 2014-06-11 13:40:46.808848902 -0700 +@@ -59,8 +59,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/engines/ccgost/Makefile b/engines/ccgost/Makefile +--- a/engines/ccgost/Makefile 2014-04-07 09:55:42.000000000 -0700 ++++ b/engines/ccgost/Makefile 2014-06-11 13:03:28.527470520 -0700 +@@ -53,13 +53,11 @@ + *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ + *) sfx=".bad";; \ + esac; \ +- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ ++ $(INSTALL) -m 555 $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ + else \ + sfx=".so"; \ +- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ ++ $(INSTALL) -m 555 cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ + fi; \ +- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ +- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ + fi + + links: +diff -aruN a/engines/Makefile b/engines/Makefile +--- a/engines/Makefile 2014-06-11 13:02:39.380535040 -0700 ++++ b/engines/Makefile 2014-06-11 13:03:28.527470520 -0700 +@@ -119,13 +119,12 @@ + *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ + *) sfx=".bad";; \ + esac; \ +- cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ ++ $(INSTALL) -m 555 $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx; \ + else \ + sfx=".so"; \ +- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ ++ $(INSTALL) -m 555 cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx; \ + fi; \ +- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ +- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ ++ ); \ + done; \ + fi + +@target=install; $(RECURSIVE_MAKE) +diff -aruN a/Makefile b/Makefile +--- a/Makefile 2014-04-07 09:55:45.000000000 -0700 ++++ b/Makefile 2014-06-11 14:50:49.899378498 -0700 +@@ -553,18 +553,14 @@ + $(INSTALL_PREFIX)$(OPENSSLDIR)/private + @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + @set -e; target=install; $(RECURSIVE_BUILD_CMD) + @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ + do \ + if [ -f "$$i" ]; then \ + ( echo installing $$i; \ +- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ +- $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ +- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \ ++ $(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \ + fi; \ + done; + @set -e; if [ -n "$(SHARED_LIBS)" ]; then \ +@@ -574,9 +570,7 @@ + if [ -f "$$i" -o -f "$$i.a" ]; then \ + ( echo installing $$i; \ + if [ "$(PLATFORM)" != "Cygwin" ]; then \ +- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ +- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ +- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ ++ $(INSTALL) -m 555 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ + else \ + c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \ + cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ +@@ -608,12 +602,9 @@ + sed -e '1,/^$$/d' doc/openssl-shared.txt; \ + fi; \ + fi +- cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc +- cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc +- cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc ++ $(INSTALL) -m 644 libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig ++ $(INSTALL) -m 644 libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig ++ $(INSTALL) -m 644 openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig + + install_html_docs: + here="`pwd`"; \ +diff -aruN a/Makefile.org b/Makefile.org +--- a/Makefile.org 2014-06-11 13:02:39.376537077 -0700 ++++ b/Makefile.org 2014-06-11 13:24:59.134799293 -0700 +@@ -538,7 +538,7 @@ + dist_pem_h: + (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) + +-install: install_docs install_sw ++install: install_sw + + install_dirs: + @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ +@@ -558,18 +558,14 @@ + install_sw: install_dirs + @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +@set -e; target=install; $(RECURSIVE_BUILD_CMD) + @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ + do \ + if [ -f "$$i" ]; then \ + ( echo installing $$i; \ +- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ +- $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ +- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \ ++ $(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \ + fi; \ + done; + @set -e; if [ -n "$(SHARED_LIBS)" ]; then \ +@@ -579,9 +575,7 @@ + if [ -f "$$i" -o -f "$$i.a" ]; then \ + ( echo installing $$i; \ + if [ "$(PLATFORM)" != "Cygwin" ]; then \ +- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ +- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ +- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ ++ $(INSTALL) -m 755 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ + else \ + c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \ + cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ +@@ -613,12 +607,9 @@ + sed -e '1,/^$$/d' doc/openssl-shared.txt; \ + fi; \ + fi +- cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc +- cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc +- cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc ++ $(INSTALL) -m 644 libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig ++ $(INSTALL) -m 644 libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig ++ $(INSTALL) -m 644 openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig + + install_html_docs: + here="`pwd`"; \ +diff -aruN a/ssl/Makefile b/ssl/Makefile +--- a/ssl/Makefile 2014-04-07 09:55:41.000000000 -0700 ++++ b/ssl/Makefile 2014-06-11 13:26:18.056426238 -0700 +@@ -77,8 +77,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + + tags: +diff -aruN a/tools/Makefile b/tools/Makefile +--- a/tools/Makefile 2014-03-17 09:14:20.000000000 -0700 ++++ b/tools/Makefile 2014-06-11 14:29:33.165313421 -0700 +@@ -8,6 +8,7 @@ + INCLUDES= -I$(TOP) -I../../include + CFLAG=-g + MAKEFILE= Makefile ++INSTALL=/usr/bin/install -c -C + + CFLAGS= $(INCLUDES) $(CFLAG) + +@@ -22,15 +23,11 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @for i in $(APPS) ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ +- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ +- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ ++ ($(INSTALL) -m 755 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ + done; + @for i in $(MISC_APPS) ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \ +- chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \ +- mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \ ++ ($(INSTALL) -m 755 $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \ + done; + + files:
diff --git a/openssl.patches/openssl-54.description b/openssl.patches/openssl-54.description new file mode 100644 index 0000000..964c33a --- /dev/null +++ b/openssl.patches/openssl-54.description
@@ -0,0 +1,2 @@ +Fix openssl parallel build problem. Applying the fix provided here: +http://rt.openssl.org/Ticket/Display.html?id=3780&user=guest&pass=guest
diff --git a/openssl.patches/openssl-54.patch b/openssl.patches/openssl-54.patch new file mode 100644 index 0000000..660d504 --- /dev/null +++ b/openssl.patches/openssl-54.patch
@@ -0,0 +1,15 @@ +diff -Naur a/Makefile.org b/Makefile.org +--- a/Makefile.org 2015-04-17 16:31:06.448921145 -0700 ++++ b/Makefile.org 2015-04-20 13:48:08.654093777 -0700 +@@ -340,7 +340,10 @@ + libs="$$libs -l$$i"; \ + done + +-build-shared: do_$(SHLIB_TARGET) link-shared ++# The link target in Makefile.shared will create the symlink for us, so no need ++# to call link-shared directly. Doing so will cause races with two processes ++# trying to symlink the lib. ++build-shared: do_$(SHLIB_TARGET) + + do_$(SHLIB_TARGET): + @ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
diff --git a/openssl.patches/openssl-55.description b/openssl.patches/openssl-55.description new file mode 100644 index 0000000..92bfe6a --- /dev/null +++ b/openssl.patches/openssl-55.description
@@ -0,0 +1,2 @@ +An implementation of the J-PAKE cryptographic protocol based on elliptic curves. +This protocol is implemented by Nest Labs.
diff --git a/openssl.patches/openssl-55.patch b/openssl.patches/openssl-55.patch new file mode 100644 index 0000000..2fb25ed --- /dev/null +++ b/openssl.patches/openssl-55.patch
@@ -0,0 +1,1702 @@ +diff -ruaN --no-dereference openssl-1.0.1m/Configure openssl/Configure +--- openssl-1.0.1m/Configure 2015-08-17 15:44:12.275201194 -0700 ++++ openssl/Configure 2015-08-17 15:44:34.818599289 -0700 +@@ -718,6 +718,7 @@ + "ec_nistp_64_gcc_128" => "default", + "gmp" => "default", + "jpake" => "experimental", ++ "ecjpake" => "experimental", + "md2" => "default", + "rc5" => "default", + "rfc3779" => "default", +@@ -732,7 +733,7 @@ + + # This is what $depflags will look like with the above defaults + # (we need this to see if we should advise the user to run "make depend"): +-my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST"; ++my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_ECJPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST"; + + # Explicit "no-..." options will be collected in %disabled along with the defaults. + # To remove something from %disabled, use "enable-foo" (unless it's experimental). +diff -ruaN --no-dereference openssl-1.0.1m/crypto/ecjpake/ecjpake.c openssl/crypto/ecjpake/ecjpake.c +--- openssl-1.0.1m/crypto/ecjpake/ecjpake.c 1969-12-31 16:00:00.000000000 -0800 ++++ openssl/crypto/ecjpake/ecjpake.c 2015-08-17 16:31:00.241703253 -0700 +@@ -0,0 +1,792 @@ ++/* ecjpake.c */ ++/* ++ * Written by Evgeny Margolis (emargolis@nestlabs.com) for the OpenSSL project ++ * 2015. ++ */ ++ ++#include "ecjpake.h" ++ ++#include <openssl/crypto.h> ++#include <openssl/err.h> ++#include <memory.h> ++ ++/* ++ * In the definition, (xa, xb, xc, xd) are Alice's (x1, x2, x3, x4) or ++ * Bob's (x3, x4, x1, x2). ++ */ ++ ++typedef struct { ++ unsigned char *num; /* Must be unique */ ++ size_t len; ++} ECJPAKE_ID; ++ ++struct ECJPAKE_CTX { ++ /* public values */ ++ ECJPAKE_ID local_id; ++ ECJPAKE_ID peer_id; ++ const EC_GROUP *group; /* Elliptic Curve Group */ ++ EC_POINT *Gxc; /* Alice's G*x3 or Bob's G*x1 */ ++ EC_POINT *Gxd; /* Alice's G*x4 or Bob's G*x2 */ ++ /* secret values - should not be revealed publicly and ++ should be cleared when released */ ++ BIGNUM *secret; /* The shared secret */ ++ BN_CTX *ctx; ++ BIGNUM *xa; /* Alice's x1 or Bob's x3 */ ++ BIGNUM *xb; /* Alice's x2 or Bob's x4 */ ++ unsigned char key[SHA256_DIGEST_LENGTH]; /* The calculated (shared) key */ ++}; ++ ++static int zkp_init(ECJPAKE_ZKP *zkp, const EC_GROUP *group) ++{ ++ zkp->Gr = EC_POINT_new(group); ++ if (zkp->Gr == NULL) ++ return 0; ++ zkp->b = BN_new(); ++ if (zkp->b == NULL) ++ return 0; ++ return 1; ++} ++ ++static void zkp_release(ECJPAKE_ZKP *zkp) ++{ ++ if (zkp->b != NULL) ++ BN_free(zkp->b); ++ if (zkp->Gr != NULL) ++ EC_POINT_free(zkp->Gr); ++} ++ ++#define step_part_init ECJPAKE_STEP2_init ++#define step_part_release ECJPAKE_STEP2_release ++ ++int step_part_init(ECJPAKE_STEP_PART *p, const ECJPAKE_CTX *ctx) ++{ ++ memset(p, 0, sizeof(*p)); ++ p->Gx = EC_POINT_new(ctx->group); ++ if (p->Gx == NULL) ++ goto err; ++ if (!zkp_init(&p->zkpx, ctx->group)) ++ goto err; ++ return 1; ++ ++err: ++ ECJPAKEerr(ECJPAKE_F_STEP_PART_INIT, ERR_R_MALLOC_FAILURE); ++ step_part_release(p); ++ return 0; ++} ++ ++void step_part_release(ECJPAKE_STEP_PART *p) ++{ ++ zkp_release(&p->zkpx); ++ if (p->Gx != NULL) ++ EC_POINT_free(p->Gx); ++} ++ ++int ECJPAKE_STEP1_init(ECJPAKE_STEP1 *s1, const ECJPAKE_CTX *ctx) ++{ ++ if (!step_part_init(&s1->p1, ctx)) ++ return 0; ++ if (!step_part_init(&s1->p2, ctx)) ++ return 0; ++ return 1; ++} ++ ++void ECJPAKE_STEP1_release(ECJPAKE_STEP1 *s1) ++{ ++ step_part_release(&s1->p2); ++ step_part_release(&s1->p1); ++} ++ ++ECJPAKE_CTX *ECJPAKE_CTX_new(const EC_GROUP *group, const BIGNUM *secret, ++ const unsigned char *local_id_num, ++ const size_t local_id_len, ++ const unsigned char *peer_id_num, ++ const size_t peer_id_len) ++{ ++ ECJPAKE_CTX *ctx = NULL; ++ ++ /* init ecjpake context */ ++ ctx = OPENSSL_malloc(sizeof(*ctx)); ++ if (ctx == NULL) ++ goto err; ++ memset(ctx, 0, sizeof(*ctx)); ++ ++ /* init elliptic curve group */ ++ if (group == NULL) ++ goto err; ++ ctx->group = group; ++ ++ /* init local id */ ++ ctx->local_id.num = (unsigned char *)OPENSSL_malloc(local_id_len); ++ if (ctx->local_id.num == NULL) ++ goto err; ++ memcpy(ctx->local_id.num, local_id_num, local_id_len); ++ ctx->local_id.len = local_id_len; ++ ++ /* init peer id */ ++ ctx->peer_id.num = (unsigned char *)OPENSSL_malloc(peer_id_len); ++ if (ctx->peer_id.num == NULL) ++ goto err; ++ memcpy(ctx->peer_id.num, peer_id_num, peer_id_len); ++ ctx->peer_id.len = peer_id_len; ++ ++ /* init secret */ ++ ctx->secret = BN_dup(secret); ++ if (ctx->secret == NULL) ++ goto err; ++ ++ /* init remaining ecjpake context fields */ ++ ctx->Gxc = EC_POINT_new(ctx->group); ++ if (ctx->Gxc == NULL) ++ goto err; ++ ctx->Gxd = EC_POINT_new(ctx->group); ++ if (ctx->Gxd == NULL) ++ goto err; ++ ctx->xa = BN_new(); ++ if (ctx->xa == NULL) ++ goto err; ++ ctx->xb = BN_new(); ++ if (ctx->xb == NULL) ++ goto err; ++ ctx->ctx = BN_CTX_new(); ++ if (ctx->ctx == NULL) ++ goto err; ++ ++ return ctx; ++ ++err: ++ ECJPAKEerr(ECJPAKE_F_ECJPAKE_CTX_NEW, ERR_R_MALLOC_FAILURE); ++ ECJPAKE_CTX_free(ctx); ++ return NULL; ++} ++ ++void ECJPAKE_CTX_free(ECJPAKE_CTX *ctx) ++{ ++ if (ctx != NULL) { ++ if (ctx->ctx != NULL) ++ BN_CTX_free(ctx->ctx); ++ if (ctx->xb != NULL) ++ BN_clear_free(ctx->xb); ++ if (ctx->xa != NULL) ++ BN_clear_free(ctx->xa); ++ if (ctx->Gxd != NULL) ++ EC_POINT_free(ctx->Gxd); ++ if (ctx->Gxc != NULL) ++ EC_POINT_free(ctx->Gxc); ++ if (ctx->secret != NULL) ++ BN_clear_free(ctx->secret); ++ if (ctx->peer_id.num != NULL) ++ OPENSSL_free(ctx->peer_id.num); ++ if (ctx->local_id.num != NULL) ++ OPENSSL_free(ctx->local_id.num); ++ OPENSSL_free(ctx); ++ } ++} ++ ++static void hashlength(SHA256_CTX *sha, size_t l) ++{ ++ unsigned char b[2]; ++ ++ OPENSSL_assert(l <= 0xffff); ++ b[0] = l >> 8; ++ b[1] = l & 0xff; ++ SHA256_Update(sha, b, 2); ++} ++ ++static int hashpoint_default(ECJPAKE_CTX *ctx, SHA256_CTX *sha, ++ const EC_POINT *point) ++{ ++ size_t point_len; ++ unsigned char *point_oct = NULL; ++ int ret = 0; ++ ++ point_len = EC_POINT_point2oct(ctx->group, point, ++ POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL); ++ if (point_len == 0) ++ goto err; ++ ++ point_oct = (unsigned char *)OPENSSL_malloc(point_len); ++ if (point_oct == NULL) ++ goto err; ++ ++ point_len = EC_POINT_point2oct(ctx->group, point, ++ POINT_CONVERSION_UNCOMPRESSED, point_oct, ++ point_len, ctx->ctx); ++ if (point_len == 0) ++ goto err; ++ ++ hashlength(sha, point_len); ++ SHA256_Update(sha, point_oct, point_len); ++ ret = 1; ++ ++err: ++ if (point_oct != NULL) ++ OPENSSL_free(point_oct); ++ return ret; ++} ++ ++static ECJPAKE_HASHPOINT_FUNC_PTR hashpoint = &hashpoint_default; ++ ++void ECJPAKE_Set_HashECPoint(ECJPAKE_HASHPOINT_FUNC_PTR hashpoint_custom) ++{ ++ hashpoint = hashpoint_custom; ++} ++ ++/* h = hash(G, G*r, G*x, ecjpake_id) */ ++static int zkp_hash(ECJPAKE_CTX *ctx, BIGNUM *h, const EC_POINT *zkpG, ++ const ECJPAKE_STEP_PART *p, const int use_local_id) ++{ ++ unsigned char md[SHA256_DIGEST_LENGTH]; ++ SHA256_CTX sha; ++ ++ SHA256_Init(&sha); ++ if (!hashpoint(ctx, &sha, zkpG)) ++ goto err; ++ if (!hashpoint(ctx, &sha, p->zkpx.Gr)) ++ goto err; ++ if (!hashpoint(ctx, &sha, p->Gx)) ++ goto err; ++ if (use_local_id) ++ SHA256_Update(&sha, ctx->local_id.num, ctx->local_id.len); ++ else ++ SHA256_Update(&sha, ctx->peer_id.num, ctx->peer_id.len); ++ SHA256_Final(md, &sha); ++ if (BN_bin2bn(md, SHA256_DIGEST_LENGTH, h) == NULL) ++ goto err; ++ return 1; ++ ++err: ++ ECJPAKEerr(ECJPAKE_F_ZKP_HASH, ERR_R_MALLOC_FAILURE); ++ return 0; ++} ++ ++/* Generate random number in [1, n - 1] ( i.e. [1, n) ) */ ++static int genrand(BIGNUM *rnd, const BIGNUM *n) ++{ ++ BIGNUM *nm1 = NULL; ++ int ret = 0; ++ ++ nm1 = BN_new(); ++ if (nm1 == NULL) ++ goto err; ++ /* n - 1 */ ++ if (!BN_copy(nm1, n)) ++ goto err; ++ if (!BN_sub_word(nm1, 1)) ++ goto err; ++ /* random number in [0, n - 1) */ ++ if (!BN_rand_range(rnd, nm1)) ++ goto err; ++ /* [1, n) */ ++ if (!BN_add_word(rnd, 1)) ++ goto err; ++ ret = 1; ++ ++err: ++ if (!ret) ++ ECJPAKEerr(ECJPAKE_F_GENRAND, ERR_R_MALLOC_FAILURE); ++ if (nm1 != NULL) ++ BN_free(nm1); ++ return ret; ++} ++ ++/* Prove knowledge of x. (Note that p->Gx has already been calculated) */ ++static int generate_zkp(ECJPAKE_STEP_PART *p, const BIGNUM *x, ++ const EC_POINT *zkpG, ECJPAKE_CTX *ctx) ++{ ++ BIGNUM *order = NULL; ++ BIGNUM *r = NULL; ++ BIGNUM *h = NULL; ++ BIGNUM *t = NULL; ++ int ret = 0; ++ ++ order = BN_new(); ++ if (order == NULL) ++ goto err; ++ if (!EC_GROUP_get_order(ctx->group, order, ctx->ctx)) ++ goto err; ++ /* r in [1,n-1] */ ++ r = BN_new(); ++ if (r == NULL) ++ goto err; ++ if (!genrand(r, order)) ++ goto err; ++ /* G * r */ ++ if (!EC_POINT_mul(ctx->group, p->zkpx.Gr, NULL, zkpG, r, ctx->ctx)) ++ goto err; ++ /* h = hash(G, G * r, G * x, ecjpake_id) */ ++ h = BN_new(); ++ if (h == NULL) ++ goto err; ++ if (!zkp_hash(ctx, h, zkpG, p, 1)) ++ goto err; ++ /* b = r - x*h */ ++ t = BN_new(); ++ if (t == NULL) ++ goto err; ++ if (!BN_mod_mul(t, x, h, order, ctx->ctx)) ++ goto err; ++ if (!BN_mod_sub(p->zkpx.b, r, t, order, ctx->ctx)) ++ goto err; ++ ret = 1; ++ ++err: ++ if (!ret) ++ ECJPAKEerr(ECJPAKE_F_GENERATE_ZKP, ERR_R_MALLOC_FAILURE); ++ if (t != NULL) ++ BN_free(t); ++ if (h != NULL) ++ BN_free(h); ++ if (r != NULL) ++ BN_free(r); ++ if (order != NULL) ++ BN_free(order); ++ return ret; ++} ++ ++static int verify_zkp(const ECJPAKE_STEP_PART *p, const EC_POINT *zkpG, ++ ECJPAKE_CTX *ctx) ++{ ++ BIGNUM *h = NULL; ++ EC_POINT *point1 = NULL; ++ EC_POINT *point2 = NULL; ++ int ret = 0; ++ ++ /* h = hash(G, G * r, G * x, ecjpake_id) */ ++ h = BN_new(); ++ if (h == NULL) ++ goto err; ++ if (!zkp_hash(ctx, h, zkpG, p, 0)) ++ goto err; ++ /* point1 = G * b */ ++ point1 = EC_POINT_new(ctx->group); ++ if (point1 == NULL) ++ goto err; ++ if (!EC_POINT_mul(ctx->group, point1, NULL, zkpG, p->zkpx.b, ctx->ctx)) ++ goto err; ++ /* point2 = (G * x) * h = G * {h * x} */ ++ point2 = EC_POINT_new(ctx->group); ++ if (point2 == NULL) ++ goto err; ++ if (!EC_POINT_mul(ctx->group, point2, NULL, p->Gx, h, ctx->ctx)) ++ goto err; ++ /* point2 = point1 + point2 = G*{hx} + G*b = G*{hx+b} = G*r (allegedly) */ ++ if (!EC_POINT_add(ctx->group, point2, point1, point2, ctx->ctx)) ++ goto err; ++ /* verify (point2 == G * r) */ ++ if (0 != EC_POINT_cmp(ctx->group, point2, p->zkpx.Gr, ctx->ctx)) ++ { ++ ECJPAKEerr(ECJPAKE_F_VERIFY_ZKP, ECJPAKE_R_ZKP_VERIFY_FAILED); ++ goto clean; ++ } ++ ++ ret = 1; ++ goto clean; ++ ++err: ++ ECJPAKEerr(ECJPAKE_F_VERIFY_ZKP, ERR_R_MALLOC_FAILURE); ++clean: ++ if (point2 != NULL) ++ EC_POINT_free(point2); ++ if (point1 != NULL) ++ EC_POINT_free(point1); ++ if (h != NULL) ++ BN_free(h); ++ return ret; ++} ++ ++static int step_part_generate(ECJPAKE_STEP_PART *p, const BIGNUM *x, ++ const EC_POINT *G, ECJPAKE_CTX *ctx) ++{ ++ if (!EC_POINT_mul(ctx->group, p->Gx, NULL, G, x, ctx->ctx)) ++ goto err; ++ if (!generate_zkp(p, x, G, ctx)) ++ goto err; ++ return 1; ++ ++err: ++ ECJPAKEerr(ECJPAKE_F_STEP_PART_GENERATE, ERR_R_MALLOC_FAILURE); ++ return 0; ++} ++ ++int ECJPAKE_STEP1_generate(ECJPAKE_STEP1 *send, ECJPAKE_CTX *ctx) ++{ ++ BIGNUM *order = NULL; ++ const EC_POINT *generator = NULL; ++ int ret = 0; ++ ++ order = BN_new(); ++ if (order == NULL) ++ goto err; ++ if (!EC_GROUP_get_order(ctx->group, order, ctx->ctx)) ++ goto err; ++ ++ if (!genrand(ctx->xa, order)) ++ goto err; ++ if (!genrand(ctx->xb, order)) ++ goto err; ++ ++ generator = EC_GROUP_get0_generator(ctx->group); ++ if (!step_part_generate(&send->p1, ctx->xa, generator, ctx)) ++ goto err; ++ if (!step_part_generate(&send->p2, ctx->xb, generator, ctx)) ++ goto err; ++ ++ ret = 1; ++ ++err: ++ if (!ret) ++ ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP1_GENERATE, ERR_R_MALLOC_FAILURE); ++ if (order != NULL) ++ BN_free(order); ++ return ret; ++} ++ ++/*- ++ * Elliptic Curve Point Validity Check based on p. 25 ++ * http://cs.ucsb.edu/~koc/ccs130h/notes/ecdsa-cert.pdf ++ */ ++static int EC_POINT_is_legal(const EC_POINT *point, const ECJPAKE_CTX *ctx) ++{ ++ BIGNUM *point_x = NULL; ++ BIGNUM *point_y = NULL; ++ BIGNUM *p = NULL; ++ BIGNUM *order = NULL; ++ EC_POINT *tmp_point = NULL; ++ int res = 0; ++ ++ /* 1. Verify that point is not at Infinity */ ++ if (EC_POINT_is_at_infinity(ctx->group, point)) ++ goto illegal_point; ++ ++ /* 2. Verify that point.X and point.Y are in the prime field */ ++ point_x = BN_new(); ++ if (point_x == NULL) ++ goto err; ++ point_y = BN_new(); ++ if (point_y == NULL) ++ goto err; ++ p = BN_new(); ++ if (p == NULL) ++ goto err; ++ if (!EC_POINT_get_affine_coordinates_GFp(ctx->group, point, point_x, ++ point_y, ctx->ctx)) ++ goto err; ++ if (!EC_GROUP_get_curve_GFp(ctx->group, p, NULL, NULL, ctx->ctx)) ++ goto err; ++ if (BN_is_negative(point_x) || BN_is_negative(point_y) || ++ BN_cmp(point_x, p) >= 0 || BN_cmp(point_y, p) >= 0) ++ goto illegal_point; ++ ++ /* 3. Check point lies on the curve */ ++ if (!EC_POINT_is_on_curve(ctx->group, point, ctx->ctx)) ++ goto illegal_point; ++ ++ /* 4. Check that point*n is at Infinity */ ++ order = BN_new(); ++ if (order == NULL) ++ goto err; ++ tmp_point = EC_POINT_new(ctx->group); ++ if (tmp_point == NULL) ++ goto err; ++ if (!EC_GROUP_get_order(ctx->group, order, ctx->ctx)) ++ goto err; ++ if (!EC_POINT_mul(ctx->group, tmp_point, NULL, point, order, ctx->ctx)) ++ goto err; ++ if (!EC_POINT_is_at_infinity(ctx->group, tmp_point)) ++ goto illegal_point; ++ ++ res = 1; ++ goto clean; ++ ++err: ++ ECJPAKEerr(ECJPAKE_F_EC_POINT_IS_LEGAL, ERR_R_MALLOC_FAILURE); ++ goto clean; ++illegal_point: ++ ECJPAKEerr(ECJPAKE_F_EC_POINT_IS_LEGAL, ECJPAKE_R_G_IS_NOT_LEGAL); ++clean: ++ if (tmp_point != NULL) ++ EC_POINT_free(tmp_point); ++ if (order != NULL) ++ BN_free(order); ++ if (p != NULL) ++ BN_free(p); ++ if (point_y != NULL) ++ BN_free(point_y); ++ if (point_x != NULL) ++ BN_free(point_x); ++ return res; ++} ++ ++int ECJPAKE_STEP1_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP1 *received) ++{ ++ ++ /* check Gxc is a legal point on Elliptic Curve */ ++ if (!EC_POINT_is_legal(received->p1.Gx, ctx)) ++ { ++ ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP1_PROCESS, ++ ECJPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL); ++ return 0; ++ } ++ ++ /* check Gxd is a legal point on Elliptic Curve */ ++ if (!EC_POINT_is_legal(received->p2.Gx, ctx)) ++ { ++ ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP1_PROCESS, ++ ECJPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL); ++ return 0; ++ } ++ ++ /* verify ZKP(xc) */ ++ if (!verify_zkp(&received->p1, EC_GROUP_get0_generator(ctx->group), ctx)) ++ { ++ ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP1_PROCESS, ++ ECJPAKE_R_VERIFY_X3_FAILED); ++ return 0; ++ } ++ ++ /* verify ZKP(xd) */ ++ if (!verify_zkp(&received->p2, EC_GROUP_get0_generator(ctx->group), ctx)) ++ { ++ ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP1_PROCESS, ++ ECJPAKE_R_VERIFY_X4_FAILED); ++ return 0; ++ } ++ ++ /* Save the points we need for later */ ++ if (!EC_POINT_copy(ctx->Gxc, received->p1.Gx) || ++ !EC_POINT_copy(ctx->Gxd, received->p2.Gx)) ++ { ++ ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP1_PROCESS, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++int ECJPAKE_STEP2_generate(ECJPAKE_STEP2 *send, ECJPAKE_CTX *ctx) ++{ ++ EC_POINT *point = NULL; ++ BIGNUM *order = NULL; ++ BIGNUM *xbs = NULL; ++ int ret = 0; ++ ++ /*- ++ * X = G * {(xa + xc + xd) * xb * s} ++ */ ++ point = EC_POINT_new(ctx->group); ++ if (point == NULL) ++ goto err; ++ /* point = G * xa */ ++ if (!EC_POINT_mul(ctx->group, point, NULL, ++ EC_GROUP_get0_generator(ctx->group), ctx->xa, ctx->ctx)) ++ goto err; ++ /* point = G * xa + G * xc = G * {xa + xc} */ ++ if (!EC_POINT_add(ctx->group, point, point, ctx->Gxc, ctx->ctx)) ++ goto err; ++ /* point = G * {xa + xc} + G * xd = G * {xa + xc + xd} */ ++ if (!EC_POINT_add(ctx->group, point, point, ctx->Gxd, ctx->ctx)) ++ goto err; ++ /* xbs = xb * s */ ++ order = BN_new(); ++ if (order == NULL) ++ goto err; ++ xbs = BN_new(); ++ if (xbs == NULL) ++ goto err; ++ if (!EC_GROUP_get_order(ctx->group, order, ctx->ctx)) ++ goto err; ++ if (!BN_mod_mul(xbs, ctx->xb, ctx->secret, order, ctx->ctx)) ++ goto err; ++ ++ /*- ++ * ZKP(xb * s) ++ * For STEP2 the generator is: ++ * G' = G * {xa + xc + xd} ++ * which means X is G' * {xb * s} ++ * X = G' * {xb * s} = G * {(xa + xc + xd) * xb * s} ++ */ ++ if (!step_part_generate(send, xbs, point, ctx)) ++ goto err; ++ ret = 1; ++ ++err: ++ if (!ret) ++ ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP2_GENERATE, ERR_R_MALLOC_FAILURE); ++ if (xbs != NULL) ++ BN_clear_free(xbs); ++ if (order != NULL) ++ BN_free(order); ++ if (point != NULL) ++ EC_POINT_free(point); ++ return ret; ++} ++ ++/* Gx = G * {(xc + xa + xb) * xd * secret} */ ++static int compute_key(ECJPAKE_CTX *ctx, const EC_POINT *Gx) ++{ ++ EC_POINT *point = NULL; ++ SHA256_CTX sha; ++ int ret = 0; ++ ++ /*- ++ * K = (Gx - G * {xb * xd * secret}) * xb ++ * = (G * {(xc + xa + xb) * xd * secret - xb * xd * secret}) * xb ++ * = (G * {(xc + xa) * xd * secret}) * xb ++ * = G * {(xa + xc) * xb * xd * secret} ++ * [which is the same regardless of who calculates it] ++ */ ++ ++ /* point = (G * xd) * xb = G * {xb * xd} */ ++ point = EC_POINT_new(ctx->group); ++ if (point == NULL) ++ goto err; ++ if (!EC_POINT_mul(ctx->group, point, NULL, ctx->Gxd, ctx->xb, ctx->ctx)) ++ goto err; ++ /* point = - G * {xb * xd} */ ++ if (!EC_POINT_invert(ctx->group, point, ctx->ctx)) ++ goto err; ++ /* point = - G * {xb * xd * secret} */ ++ if (!EC_POINT_mul(ctx->group, point, NULL, point, ctx->secret, ctx->ctx)) ++ goto err; ++ /* point = Gx - G * {xb * xd * secret} */ ++ if (!EC_POINT_add(ctx->group, point, Gx, point, ctx->ctx)) ++ goto err; ++ /* point = point * xb */ ++ if (!EC_POINT_mul(ctx->group, point, NULL, point, ctx->xb, ctx->ctx)) ++ goto err; ++ /* Hash point to generate shared secret key */ ++ SHA256_Init(&sha); ++ if (!hashpoint(ctx, &sha, point)) ++ goto err; ++ SHA256_Final(ctx->key, &sha); ++ ret = 1; ++ ++err: ++ if (!ret) ++ ECJPAKEerr(ECJPAKE_F_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); ++ if (point != NULL) ++ EC_POINT_clear_free(point); ++ return ret; ++} ++ ++int ECJPAKE_STEP2_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP2 *received) ++{ ++ BIGNUM *order = NULL; ++ BIGNUM *tmp = NULL; ++ EC_POINT *point = NULL; ++ int ret = 0; ++ ++ /* Get Order */ ++ order = BN_new(); ++ if (order == NULL) ++ goto err; ++ if (!EC_GROUP_get_order(ctx->group, order, ctx->ctx)) ++ goto err; ++ /* G' = G * {xc + xa + xb} */ ++ /* tmp = xa + xb */ ++ tmp = BN_new(); ++ if (tmp == NULL) ++ goto err; ++ if (!BN_mod_add(tmp, ctx->xa, ctx->xb, order, ctx->ctx)) ++ goto err; ++ /* point = G * {xa + xb} */ ++ point = EC_POINT_new(ctx->group); ++ if (point == NULL) ++ goto err; ++ if (!EC_POINT_mul(ctx->group, point, NULL, ++ EC_GROUP_get0_generator(ctx->group), tmp, ctx->ctx)) ++ goto err; ++ /* point = G * {xc + xa + xb} */ ++ if (!EC_POINT_add(ctx->group, point, ctx->Gxc, point, ctx->ctx)) ++ goto err; ++ /* Verify ZKP */ ++ if (!verify_zkp(received, point, ctx)) ++ { ++ ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP2_PROCESS, ECJPAKE_R_VERIFY_X4S_FAILED); ++ goto clean; ++ } ++ /* calculate shared secret (key) */ ++ if (!compute_key(ctx, received->Gx)) ++ goto err; ++ ++ ret = 1; ++ goto clean; ++ ++err: ++ ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP2_PROCESS, ERR_R_MALLOC_FAILURE); ++clean: ++ if (point != NULL) ++ EC_POINT_free(point); ++ if (tmp != NULL) ++ BN_free(tmp); ++ if (order != NULL) ++ BN_free(order); ++ return ret; ++} ++ ++void ECJPAKE_STEP3A_init(ECJPAKE_STEP3A *s3a) ++{ ++} ++ ++int ECJPAKE_STEP3A_generate(ECJPAKE_STEP3A *send, ECJPAKE_CTX *ctx) ++{ ++ SHA256(ctx->key, sizeof ctx->key, send->hhk); ++ SHA256(send->hhk, sizeof send->hhk, send->hhk); ++ ++ return 1; ++} ++ ++int ECJPAKE_STEP3A_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP3A *received) ++{ ++ unsigned char hhk[SHA256_DIGEST_LENGTH]; ++ ++ SHA256(ctx->key, sizeof ctx->key, hhk); ++ SHA256(hhk, sizeof hhk, hhk); ++ if (memcmp(hhk, received->hhk, sizeof hhk)) { ++ ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP3A_PROCESS, ++ ECJPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH); ++ return 0; ++ } ++ return 1; ++} ++ ++void ECJPAKE_STEP3A_release(ECJPAKE_STEP3A *s3a) ++{ ++} ++ ++void ECJPAKE_STEP3B_init(ECJPAKE_STEP3B *s3b) ++{ ++} ++ ++int ECJPAKE_STEP3B_generate(ECJPAKE_STEP3B *send, ECJPAKE_CTX *ctx) ++{ ++ SHA256(ctx->key, sizeof(ctx->key), send->hk); ++ return 1; ++} ++ ++int ECJPAKE_STEP3B_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP3B *received) ++{ ++ unsigned char hk[SHA256_DIGEST_LENGTH]; ++ ++ SHA256(ctx->key, sizeof(ctx->key), hk); ++ if (memcmp(hk, received->hk, sizeof(hk))) { ++ ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP3B_PROCESS, ++ ECJPAKE_R_HASH_OF_KEY_MISMATCH); ++ return 0; ++ } ++ return 1; ++} ++ ++void ECJPAKE_STEP3B_release(ECJPAKE_STEP3B *s3b) ++{ ++} ++ ++const EC_GROUP *ECJPAKE_get_ecGroup(const ECJPAKE_CTX *ctx) ++{ ++ return ctx->group; ++} ++ ++const unsigned char *ECJPAKE_get_shared_key(const ECJPAKE_CTX *ctx) ++{ ++ return ctx->key; ++} +diff -ruaN --no-dereference openssl-1.0.1m/crypto/ecjpake/ecjpake_err.c openssl/crypto/ecjpake/ecjpake_err.c +--- openssl-1.0.1m/crypto/ecjpake/ecjpake_err.c 1969-12-31 16:00:00.000000000 -0800 ++++ openssl/crypto/ecjpake/ecjpake_err.c 2015-08-17 15:44:34.818599289 -0700 +@@ -0,0 +1,118 @@ ++/* crypto/ecjpake/ecjpake_err.c */ ++/* ==================================================================== ++ * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes ++ * made to it will be overwritten when the script next updates this file, ++ * only reason strings will be preserved. ++ */ ++ ++#include <stdio.h> ++#include <openssl/err.h> ++#include <openssl/ecjpake.h> ++ ++/* BEGIN ERROR CODES */ ++#ifndef OPENSSL_NO_ERR ++ ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECJPAKE,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECJPAKE,0,reason) ++ ++static ERR_STRING_DATA ECJPAKE_str_functs[] = { ++ {ERR_FUNC(ECJPAKE_F_COMPUTE_KEY), "compute_key"}, ++ {ERR_FUNC(ECJPAKE_F_EC_POINT_IS_LEGAL), "EC_POINT_is_legal"}, ++ {ERR_FUNC(ECJPAKE_F_ECJPAKE_CTX_NEW), "ECJPAKE_CTX_new"}, ++ {ERR_FUNC(ECJPAKE_F_ECJPAKE_STEP1_GENERATE), "ECJPAKE_STEP1_generate"}, ++ {ERR_FUNC(ECJPAKE_F_ECJPAKE_STEP1_PROCESS), "ECJPAKE_STEP1_process"}, ++ {ERR_FUNC(ECJPAKE_F_ECJPAKE_STEP2_GENERATE), "ECJPAKE_STEP2_generate"}, ++ {ERR_FUNC(ECJPAKE_F_ECJPAKE_STEP2_PROCESS), "ECJPAKE_STEP2_process"}, ++ {ERR_FUNC(ECJPAKE_F_ECJPAKE_STEP3A_PROCESS), "ECJPAKE_STEP3A_process"}, ++ {ERR_FUNC(ECJPAKE_F_ECJPAKE_STEP3B_PROCESS), "ECJPAKE_STEP3B_process"}, ++ {ERR_FUNC(ECJPAKE_F_GENERATE_ZKP), "generate_zkp"}, ++ {ERR_FUNC(ECJPAKE_F_GENRAND), "genrand"}, ++ {ERR_FUNC(ECJPAKE_F_STEP_PART_GENERATE), "step_part_generate"}, ++ {ERR_FUNC(ECJPAKE_F_STEP_PART_INIT), "step_part_init"}, ++ {ERR_FUNC(ECJPAKE_F_VERIFY_ZKP), "verify_zkp"}, ++ {ERR_FUNC(ECJPAKE_F_ZKP_HASH), "zkp_hash"}, ++ {0,NULL} ++}; ++ ++static ERR_STRING_DATA ECJPAKE_str_reasons[] = { ++ {ERR_REASON(ECJPAKE_R_G_IS_NOT_LEGAL), "Gx is not legal"}, ++ {ERR_REASON(ECJPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL), ++ "Gx to the x3 is not legal"}, ++ {ERR_REASON(ECJPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL), ++ "Gx to the x4 is not legal"}, ++ {ERR_REASON(ECJPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH), ++ "hash of hash of key mismatch"}, ++ {ERR_REASON(ECJPAKE_R_HASH_OF_KEY_MISMATCH), "hash of key mismatch"}, ++ {ERR_REASON(ECJPAKE_R_VERIFY_X3_FAILED), "verify x3 failed"}, ++ {ERR_REASON(ECJPAKE_R_VERIFY_X4_FAILED), "verify x4 failed"}, ++ {ERR_REASON(ECJPAKE_R_VERIFY_X4S_FAILED), "verify x4*s failed"}, ++ {ERR_REASON(ECJPAKE_R_ZKP_VERIFY_FAILED), "zkp verify failed"}, ++ {0,NULL} ++}; ++ ++#endif ++ ++void ERR_load_ECJPAKE_strings(void) ++{ ++#ifndef OPENSSL_NO_ERR ++ ++ if (ERR_func_error_string(ECJPAKE_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, ECJPAKE_str_functs); ++ ERR_load_strings(0, ECJPAKE_str_reasons); ++ } ++#endif ++} +diff -ruaN --no-dereference openssl-1.0.1m/crypto/ecjpake/ecjpake.h openssl/crypto/ecjpake/ecjpake.h +--- openssl-1.0.1m/crypto/ecjpake/ecjpake.h 1969-12-31 16:00:00.000000000 -0800 ++++ openssl/crypto/ecjpake/ecjpake.h 2015-08-17 16:29:40.405982099 -0700 +@@ -0,0 +1,169 @@ ++/* ++ * Implement EC J-PAKE, based on J-PAKE as described in ++ * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf ++ * ++ * Useful J-PAKE Java Demo: ++ * http://homepages.cs.ncl.ac.uk/feng.hao/files/JPAKEDemo.java ++ * ++ * Useful Elliptic Curve (EC) J-PAKE Java Demo: ++ * http://homepages.cs.ncl.ac.uk/feng.hao/files/EllipticCurveJPAKEDemo.java ++ */ ++ ++#ifndef HEADER_ECJPAKE_H ++# define HEADER_ECJPAKE_H ++ ++# include <openssl/opensslconf.h> ++ ++# ifdef OPENSSL_NO_ECJPAKE ++# error ECJPAKE is disabled. ++# endif ++ ++# ifdef __cplusplus ++extern "C" { ++# endif ++ ++# include <openssl/ec.h> ++# include <openssl/bn.h> ++# include <openssl/sha.h> ++ ++typedef struct ECJPAKE_CTX ECJPAKE_CTX; ++ ++typedef struct { ++ EC_POINT *Gr; /* G * r (r random) */ ++ BIGNUM *b; /* b = r - x * h, ++ h = hash(G, G * r, G * x, name) */ ++} ECJPAKE_ZKP; ++ ++typedef struct { ++ EC_POINT *Gx; /* G * x in step 1, ++ G * ((xa + xc + xd) * xb * s) in step 2 */ ++ ECJPAKE_ZKP zkpx; /* ZKP(x) or ZKP(xb * s) */ ++} ECJPAKE_STEP_PART; ++ ++typedef struct { ++ ECJPAKE_STEP_PART p1; /* {G * x3, ZKP(x3)} or {G * x1, ZKP(x1)} */ ++ ECJPAKE_STEP_PART p2; /* {G * x4, ZKP(x4)} or {G * x2, ZKP(x2)} */ ++} ECJPAKE_STEP1; ++ ++typedef ECJPAKE_STEP_PART ECJPAKE_STEP2; ++ ++typedef struct { ++ unsigned char hhk[SHA256_DIGEST_LENGTH]; ++} ECJPAKE_STEP3A; ++ ++typedef struct { ++ unsigned char hk[SHA256_DIGEST_LENGTH]; ++} ECJPAKE_STEP3B; ++ ++/* ++ * Defines pointer to the function that calculates SHA256 hash of elliptic curve ++ * point. ECJPAKE implements it's own point hash function. ++ * Use ECJPAKE_Set_HashECPoint() to provide alternative implementation of the ++ * point hash. ++ */ ++typedef int(*ECJPAKE_HASHPOINT_FUNC_PTR)(ECJPAKE_CTX *, SHA256_CTX *, ++ const EC_POINT *); ++ ++/* ++ * Sets the function that will be used to hash elliptic curve point. ++ * If this function is not called the ecjpake uses it's own (default) ++ * implementation of the point hash function. ++ */ ++void ECJPAKE_Set_HashECPoint(ECJPAKE_HASHPOINT_FUNC_PTR hashpoint_custom); ++ ++/* Initializes ECJPAKE_CTX with protocol parameters */ ++ECJPAKE_CTX *ECJPAKE_CTX_new(const EC_GROUP *group, const BIGNUM *secret, ++ const unsigned char *local_id_num, ++ const size_t local_id_len, ++ const unsigned char *peer_id_num, ++ const size_t peer_id_len); ++ ++/* Releases ECJPAKE_CTX */ ++void ECJPAKE_CTX_free(ECJPAKE_CTX *ctx); ++ ++/* ++ * Functions to initialize, generate, process, and release ECJPAKE_STEP1 data. ++ * Note that ECJPAKE_STEP1 can be used multiple times before release ++ * without another init. ++ */ ++int ECJPAKE_STEP1_init(ECJPAKE_STEP1 *s1, const ECJPAKE_CTX *ctx); ++int ECJPAKE_STEP1_generate(ECJPAKE_STEP1 *send, ECJPAKE_CTX *ctx); ++int ECJPAKE_STEP1_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP1 *received); ++void ECJPAKE_STEP1_release(ECJPAKE_STEP1 *s1); ++ ++/* ++ * Functions to initialize, generate, process, and release ECJPAKE_STEP2 data. ++ * Note that ECJPAKE_STEP2 can be used multiple times before release ++ * without another init. ++ */ ++int ECJPAKE_STEP2_init(ECJPAKE_STEP2 *s2, const ECJPAKE_CTX *ctx); ++int ECJPAKE_STEP2_generate(ECJPAKE_STEP2 *send, ECJPAKE_CTX *ctx); ++int ECJPAKE_STEP2_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP2 *received); ++void ECJPAKE_STEP2_release(ECJPAKE_STEP2 *s2); ++ ++/* ++ * Optionally verify the shared key. If the shared secrets do not ++ * match, the two ends will disagree about the shared key, but ++ * otherwise the protocol will succeed. ++ */ ++void ECJPAKE_STEP3A_init(ECJPAKE_STEP3A *s3a); ++int ECJPAKE_STEP3A_generate(ECJPAKE_STEP3A *send, ECJPAKE_CTX *ctx); ++int ECJPAKE_STEP3A_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP3A *received); ++void ECJPAKE_STEP3A_release(ECJPAKE_STEP3A *s3a); ++ ++void ECJPAKE_STEP3B_init(ECJPAKE_STEP3B *s3b); ++int ECJPAKE_STEP3B_generate(ECJPAKE_STEP3B *send, ECJPAKE_CTX *ctx); ++int ECJPAKE_STEP3B_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP3B *received); ++void ECJPAKE_STEP3B_release(ECJPAKE_STEP3B *s3b); ++ ++/* ++ * Returns shared secret value. The value belongs to the library and will be ++ * released when ctx is released, and will change when a new handshake is ++ * performed. ++ */ ++const unsigned char *ECJPAKE_get_shared_key(const ECJPAKE_CTX *ctx); ++ ++/* Returns elliptic curve group used in the current ECJPAKE handshake. */ ++const EC_GROUP *ECJPAKE_get_ecGroup(const ECJPAKE_CTX *ctx); ++ ++/* BEGIN ERROR CODES */ ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes ++ * made after this point may be overwritten when the script is next run. ++ */ ++void ERR_load_ECJPAKE_strings(void); ++ ++/* Error codes for the ECJPAKE functions. */ ++ ++/* Function codes. */ ++# define ECJPAKE_F_COMPUTE_KEY 100 ++# define ECJPAKE_F_EC_POINT_IS_LEGAL 101 ++# define ECJPAKE_F_ECJPAKE_CTX_NEW 102 ++# define ECJPAKE_F_ECJPAKE_STEP1_GENERATE 103 ++# define ECJPAKE_F_ECJPAKE_STEP1_PROCESS 104 ++# define ECJPAKE_F_ECJPAKE_STEP2_GENERATE 105 ++# define ECJPAKE_F_ECJPAKE_STEP2_PROCESS 106 ++# define ECJPAKE_F_ECJPAKE_STEP3A_PROCESS 107 ++# define ECJPAKE_F_ECJPAKE_STEP3B_PROCESS 108 ++# define ECJPAKE_F_GENERATE_ZKP 109 ++# define ECJPAKE_F_GENRAND 110 ++# define ECJPAKE_F_STEP_PART_GENERATE 111 ++# define ECJPAKE_F_STEP_PART_INIT 112 ++# define ECJPAKE_F_VERIFY_ZKP 113 ++# define ECJPAKE_F_ZKP_HASH 114 ++ ++/* Reason codes. */ ++# define ECJPAKE_R_G_IS_NOT_LEGAL 100 ++# define ECJPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL 101 ++# define ECJPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL 102 ++# define ECJPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 103 ++# define ECJPAKE_R_HASH_OF_KEY_MISMATCH 104 ++# define ECJPAKE_R_VERIFY_X3_FAILED 105 ++# define ECJPAKE_R_VERIFY_X4_FAILED 106 ++# define ECJPAKE_R_VERIFY_X4S_FAILED 107 ++# define ECJPAKE_R_ZKP_VERIFY_FAILED 108 ++ ++# ifdef __cplusplus ++} ++# endif ++#endif +diff -ruaN --no-dereference openssl-1.0.1m/crypto/ecjpake/ecjpaketest.c openssl/crypto/ecjpake/ecjpaketest.c +--- openssl-1.0.1m/crypto/ecjpake/ecjpaketest.c 1969-12-31 16:00:00.000000000 -0800 ++++ openssl/crypto/ecjpake/ecjpaketest.c 2015-08-17 16:29:40.405982099 -0700 +@@ -0,0 +1,358 @@ ++#include <openssl/opensslconf.h> ++ ++#ifdef OPENSSL_NO_ECJPAKE ++ ++# include <stdio.h> ++ ++int main(int argc, char *argv[]) ++{ ++ printf("No EC J-PAKE support\n"); ++ return(0); ++} ++ ++#else ++ ++# include "../e_os.h" ++# include <openssl/ecjpake.h> ++# include <openssl/crypto.h> ++# include <openssl/bio.h> ++# include <openssl/rand.h> ++# include <openssl/obj_mac.h> ++# include <openssl/err.h> ++# include <memory.h> ++ ++static void showkey(const char *name, const unsigned char *key) ++{ ++ int i; ++ ++ fputs(name, stdout); ++ fputs(" = ", stdout); ++ for (i = 0; i < SHA256_DIGEST_LENGTH; i++) ++ fprintf(stdout, "%02X", key[i]); ++ putc('\n', stdout); ++} ++ ++# if 0 ++static void showbn(const char *name, const BIGNUM *bn) ++{ ++ fputs(name, stdout); ++ fputs(" = ", stdout); ++ BN_print_fp(stdout, bn); ++ putc('\n', stdout); ++} ++ ++static void showpoint(const char *name, const EC_POINT *point, ECJPAKE_CTX *ctx) ++{ ++ BIGNUM *point_x = BN_new(); ++ BIGNUM *point_y = BN_new(); ++ BN_CTX *bn_ctx = BN_CTX_new(); ++ const EC_GROUP *group = ECJPAKE_get_ecGroup(ctx); ++ ++ if (bn_ctx == NULL || point_y == NULL || point_x == NULL) ++ goto err; ++ ++ EC_POINT_get_affine_coordinates_GFp(group, point, point_x, point_y, bn_ctx); ++ ++ fputs(name, stdout); ++ showbn(" X:", point_x); ++ fputs(name, stdout); ++ showbn(" Y:", point_y); ++ ++err: ++ if (bn_ctx != NULL) ++ BN_CTX_free(bn_ctx); ++ if (point_y != NULL) ++ BN_free(point_y); ++ if (point_x != NULL) ++ BN_free(point_x); ++} ++# endif ++ ++static const char rnd_seed[] = ++ "string to make the random number generator think it has entropy"; ++ ++/* generates random length value in a range [len_bottom, len_top] */ ++static int generate_rand_len(size_t *rand_len, ++ unsigned int len_bottom, ++ unsigned int len_top) ++{ ++ if (len_top > 0xffff || len_bottom > len_top) ++ return 0; ++ ++ if (!RAND_bytes((unsigned char *)(rand_len), sizeof(size_t))) ++ return 0; ++ ++ *rand_len = *rand_len % (len_top - len_bottom + 1) + len_bottom; ++ ++ return 1; ++} ++ ++static int run_ecjpake(ECJPAKE_CTX *alice, ECJPAKE_CTX *bob) ++{ ++ ECJPAKE_STEP1 alice_s1; ++ ECJPAKE_STEP1 bob_s1; ++ ECJPAKE_STEP2 alice_s2; ++ ECJPAKE_STEP2 bob_s2; ++ ECJPAKE_STEP3A alice_s3a; ++ ECJPAKE_STEP3B bob_s3b; ++ ++ /* Alice --> Bob: Step 1 */ ++ fputs("\tAlice --> Bob: Step 1\n", stdout); ++ ECJPAKE_STEP1_init(&alice_s1, alice); ++ ECJPAKE_STEP1_generate(&alice_s1, alice); ++ ++ if (!ECJPAKE_STEP1_process(bob, &alice_s1)) { ++ ECJPAKE_STEP1_release(&alice_s1); ++ fprintf(stderr, "Bob fails to process Alice's step 1\n"); ++ ERR_print_errors_fp(stdout); ++ return 1; ++ } ++ ECJPAKE_STEP1_release(&alice_s1); ++ ++ /* Bob --> Alice: Step 1 */ ++ fputs("\tBob --> Alice: Step 1\n", stdout); ++ ECJPAKE_STEP1_init(&bob_s1, bob); ++ ECJPAKE_STEP1_generate(&bob_s1, bob); ++ if (!ECJPAKE_STEP1_process(alice, &bob_s1)) { ++ ECJPAKE_STEP1_release(&bob_s1); ++ fprintf(stderr, "Alice fails to process Bob's step 1\n"); ++ ERR_print_errors_fp(stdout); ++ return 2; ++ } ++ ECJPAKE_STEP1_release(&bob_s1); ++ ++ /* Alice --> Bob: Step 2 */ ++ fputs("\tAlice --> Bob: Step 2\n", stdout); ++ ECJPAKE_STEP2_init(&alice_s2, alice); ++ ECJPAKE_STEP2_generate(&alice_s2, alice); ++ if (!ECJPAKE_STEP2_process(bob, &alice_s2)) { ++ ECJPAKE_STEP2_release(&alice_s2); ++ fprintf(stderr, "Bob fails to process Alice's step 2\n"); ++ ERR_print_errors_fp(stdout); ++ return 3; ++ } ++ ECJPAKE_STEP2_release(&alice_s2); ++ ++ /* Bob --> Alice: Step 2 */ ++ fputs("\tBob --> Alice: Step 2\n", stdout); ++ ECJPAKE_STEP2_init(&bob_s2, bob); ++ ECJPAKE_STEP2_generate(&bob_s2, bob); ++ if (!ECJPAKE_STEP2_process(alice, &bob_s2)) { ++ ECJPAKE_STEP2_release(&bob_s2); ++ fprintf(stderr, "Alice fails to process Bob's step 2\n"); ++ ERR_print_errors_fp(stdout); ++ return 4; ++ } ++ ECJPAKE_STEP2_release(&bob_s2); ++ ++ showkey("\tAlice's key", ECJPAKE_get_shared_key(alice)); ++ showkey("\tBob's key ", ECJPAKE_get_shared_key(bob)); ++ ++ /* Alice --> Bob: Step 3A */ ++ fputs("\tAlice --> Bob: Step 3A\n", stdout); ++ ECJPAKE_STEP3A_init(&alice_s3a); ++ ECJPAKE_STEP3A_generate(&alice_s3a, alice); ++ if (!ECJPAKE_STEP3A_process(bob, &alice_s3a)) { ++ ECJPAKE_STEP3A_release(&alice_s3a); ++ return 5; ++ } ++ ECJPAKE_STEP3A_release(&alice_s3a); ++ ++ /* Bob --> Alice: Step 3B */ ++ fputs("\tBob --> Alice: Step 3B\n", stdout); ++ ECJPAKE_STEP3B_init(&bob_s3b); ++ ECJPAKE_STEP3B_generate(&bob_s3b, bob); ++ if (!ECJPAKE_STEP3B_process(alice, &bob_s3b)) { ++ ECJPAKE_STEP3B_release(&bob_s3b); ++ return 6; ++ } ++ ECJPAKE_STEP3B_release(&bob_s3b); ++ ++ return 0; ++} ++ ++int main(int argc, char **argv) ++{ ++ ECJPAKE_CTX *alice = NULL; ++ ECJPAKE_CTX *bob = NULL; ++ unsigned char *alice_id_num = NULL; ++ unsigned char *bob_id_num = NULL; ++ size_t alice_id_len; ++ size_t bob_id_len; ++ BIGNUM *secret = NULL;; ++ BIGNUM *secret_wrong = NULL; ++ size_t secret_len; ++ EC_GROUP *group = NULL; ++ BIO *bio_err; ++ int i; ++ int ret = 1; ++ ++ typedef struct test_curve { ++ int nid; ++ char *name; ++ } test_curve; ++ ++ test_curve test_curves[] = { ++ /* SECG PRIME CURVES TESTS */ ++ {NID_secp160r1, "SECG Prime-Curve P-160"}, ++ /* NIST PRIME CURVES TESTS */ ++ {NID_X9_62_prime192v1, "NIST Prime-Curve P-192"}, ++ {NID_secp224r1, "NIST Prime-Curve P-224"}, ++ {NID_X9_62_prime256v1, "NIST Prime-Curve P-256"}, ++ {NID_secp384r1, "NIST Prime-Curve P-384"}, ++ {NID_secp521r1, "NIST Prime-Curve P-521"}, ++# ifndef OPENSSL_NO_EC2M ++ /* NIST BINARY CURVES TESTS */ ++ {NID_sect163k1, "NIST Binary-Curve K-163"}, ++ {NID_sect163r2, "NIST Binary-Curve B-163"}, ++ {NID_sect233k1, "NIST Binary-Curve K-233"}, ++ {NID_sect233r1, "NIST Binary-Curve B-233"}, ++ {NID_sect283k1, "NIST Binary-Curve K-283"}, ++ {NID_sect283r1, "NIST Binary-Curve B-283"}, ++ {NID_sect409k1, "NIST Binary-Curve K-409"}, ++ {NID_sect409r1, "NIST Binary-Curve B-409"}, ++ {NID_sect571k1, "NIST Binary-Curve K-571"}, ++ {NID_sect571r1, "NIST Binary-Curve B-571"}, ++# endif ++ }; ++ ++ CRYPTO_malloc_debug_init(); ++ CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); ++ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); ++ ++# ifdef OPENSSL_SYS_WIN32 ++ CRYPTO_malloc_init(); ++# endif ++ ++ RAND_seed(rnd_seed, sizeof rnd_seed); ++ ++ bio_err = BIO_new(BIO_s_file()); ++ if (bio_err == NULL) ++ EXIT(1); ++ BIO_set_fp(bio_err, stdout, BIO_NOCLOSE); ++ ++ for (i = 0; i < sizeof(test_curves)/sizeof(test_curve); i++) { ++ ++ fprintf(stdout, "\nTesting ECJPAKE protocol for %s\n", ++ test_curves[i].name); ++ ++ group = EC_GROUP_new_by_curve_name(test_curves[i].nid); ++ if (group == NULL) ++ goto err; ++ ++ /* randomize length of a secret in a range [32, 1024] bits */ ++ if (!generate_rand_len(&secret_len, 32, 512)) ++ goto err; ++ /* randomize secret of secret_len bits */ ++ secret = BN_new(); ++ if (secret == NULL) ++ goto err; ++ if (!BN_rand(secret, secret_len, 0, 0)) ++ goto err; ++ /* randomize alice_id_len in a range [4, 128] bytes */ ++ if (!generate_rand_len(&alice_id_len, 4, 128)) ++ goto err; ++ /* randomize alice_id_num of alice_id_len bytes */ ++ alice_id_num = (unsigned char *)OPENSSL_malloc(alice_id_len); ++ if (alice_id_num == NULL) ++ goto err; ++ if (!RAND_bytes(alice_id_num, alice_id_len)) ++ goto err; ++ /* randomize bob_id_len in a range [4, 128] bytes */ ++ if (!generate_rand_len(&bob_id_len, 4, 128)) ++ goto err; ++ /* randomize bob_id_num of bob_id_len bytes */ ++ bob_id_num = (unsigned char *)OPENSSL_malloc(bob_id_len); ++ if (bob_id_num == NULL) ++ goto err; ++ if (!RAND_bytes(bob_id_num, bob_id_len)) ++ goto err; ++ ++ /* Initialize ECJPAKE_CTX for Alice and Bob */ ++ alice = ECJPAKE_CTX_new(group, secret, alice_id_num, alice_id_len, ++ bob_id_num, bob_id_len); ++ if (alice == NULL) ++ goto err; ++ bob = ECJPAKE_CTX_new(group, secret, bob_id_num, bob_id_len, ++ alice_id_num, alice_id_len); ++ if (bob == NULL) ++ goto err; ++ ++ fprintf(stdout, "Plain EC J-PAKE run\n"); ++ if (run_ecjpake(alice, bob) != 0) { ++ fprintf(stderr, "Plain EC J-PAKE run failed\n"); ++ goto err; ++ } ++ ++ ECJPAKE_CTX_free(bob); ++ bob = NULL; ++ ECJPAKE_CTX_free(alice); ++ alice = NULL; ++ ++ /* Now give Alice and Bob different secrets */ ++ alice = ECJPAKE_CTX_new(group, secret, alice_id_num, alice_id_len, ++ bob_id_num, bob_id_len); ++ if (alice == NULL) ++ goto err; ++ /* randomize secret_wrong of secret_len bits */ ++ secret_wrong = BN_new(); ++ if (secret_wrong == NULL) ++ goto err; ++ if (!BN_rand(secret_wrong, secret_len, 0, 0)) ++ goto err; ++ if (!BN_add(secret_wrong, secret_wrong, secret)) ++ goto err; ++ bob = ECJPAKE_CTX_new(group, secret_wrong, bob_id_num, bob_id_len, ++ alice_id_num, alice_id_len); ++ if (bob == NULL) ++ goto err; ++ ++ fprintf(stdout, "Mismatch secret EC J-PAKE run\n"); ++ if (run_ecjpake(alice, bob) != 5) { ++ fprintf(stderr, "Mismatched secret EC J-PAKE run failed\n"); ++ goto err; ++ } ++ ++ ECJPAKE_CTX_free(bob); ++ bob = NULL; ++ ECJPAKE_CTX_free(alice); ++ alice = NULL; ++ BN_free(secret); ++ secret = NULL; ++ BN_free(secret_wrong); ++ secret_wrong = NULL; ++ OPENSSL_free(alice_id_num); ++ alice_id_num = NULL; ++ OPENSSL_free(bob_id_num); ++ bob_id_num = NULL; ++ EC_GROUP_free(group); ++ group = NULL; ++ } ++ ++ ret = 0; ++ ++err: ++ if (ret) ++ fprintf(stderr, "Exiting ecjpaketest with error.\n"); ++ if (bob != NULL) ++ ECJPAKE_CTX_free(bob); ++ if (alice != NULL) ++ ECJPAKE_CTX_free(alice); ++ if (secret != NULL) ++ BN_free(secret); ++ if (secret_wrong != NULL) ++ BN_free(secret_wrong); ++ if (alice_id_num != NULL) ++ OPENSSL_free(alice_id_num); ++ if (bob_id_num != NULL) ++ OPENSSL_free(bob_id_num); ++ if (group != NULL) ++ EC_GROUP_free(group); ++ BIO_free(bio_err); ++ CRYPTO_cleanup_all_ex_data(); ++ ERR_remove_thread_state(NULL); ++ CRYPTO_mem_leaks_fp(stderr); ++ return ret; ++} ++ ++#endif +diff -ruaN --no-dereference openssl-1.0.1m/crypto/ecjpake/Makefile openssl/crypto/ecjpake/Makefile +--- openssl-1.0.1m/crypto/ecjpake/Makefile 1969-12-31 16:00:00.000000000 -0800 ++++ openssl/crypto/ecjpake/Makefile 2015-08-17 15:44:34.818599289 -0700 +@@ -0,0 +1,81 @@ ++# ++# crypto/ecjpake/Makefile ++# ++ ++DIR=ecjpake ++TOP=../.. ++CC= cc ++INCLUDES= -I.. -I$(TOP) -I../../include ++CFLAG=-g -Wall ++MAKEFILE= Makefile ++AR= ar r ++ ++CFLAGS= $(INCLUDES) $(CFLAG) ++ ++LIB=$(TOP)/libcrypto.a ++LIBOBJ=ecjpake.o ecjpake_err.o ++LIBSRC=ecjpake.c ecjpake_err.c ++ ++SRC= $(LIBSRC) ++ ++EXHEADER=ecjpake.h ++TEST=ecjpaketest.c ++ ++ ++top: ++ (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) ++ ++all: lib ++ ++lib: $(LIBOBJ) ++ $(AR) $(LIB) $(LIBOBJ) ++ $(RANLIB) $(LIB) || echo Never mind. ++ @touch lib ++ ++links: ++ @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) ++ @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) ++ ++install: ++ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... ++ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ ++ do \ ++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ done; ++ ++update: depend ++ ++depend: ++ @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... ++ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) ++ ++dclean: ++ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new ++ mv -f Makefile.new $(MAKEFILE) ++ ++clean: ++ rm -f *.s *.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff ++ ++ecjpaketest: top ecjpaketest.c $(LIB) ++ $(CC) $(CFLAGS) -Wall -Werror -g -o ecjpaketest ecjpaketest.c $(LIB) ++# DO NOT DELETE THIS LINE -- make depend depends on it. ++ ++ecjpake.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ++ecjpake.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ++ecjpake.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ++ecjpake.o: ../../include/openssl/err.h ../../include/openssl/lhash.h ++ecjpake.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h ++ecjpake.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ++ecjpake.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ++ecjpake.o: ../../include/openssl/symhacks.h ecjpake.c ecjpake.h ++ecjpake_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ++ecjpake_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ++ecjpake_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ++ecjpake_err.o: ../../include/openssl/ecjpake.h ../../include/openssl/err.h ++ecjpake_err.o: ../../include/openssl/lhash.h ++ecjpake_err.o: ../../include/openssl/opensslconf.h ++ecjpake_err.o: ../../include/openssl/opensslv.h ++ecjpake_err.o: ../../include/openssl/ossl_typ.h ++ecjpake_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ++ecjpake_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ++ecjpake_err.o: ecjpake_err.c +diff -ruaN --no-dereference openssl-1.0.1m/crypto/err/err_all.c openssl/crypto/err/err_all.c +--- openssl-1.0.1m/crypto/err/err_all.c 2015-08-17 15:44:12.631191688 -0700 ++++ openssl/crypto/err/err_all.c 2015-08-17 15:44:34.818599289 -0700 +@@ -107,6 +107,9 @@ + #ifndef OPENSSL_NO_JPAKE + # include <openssl/jpake.h> + #endif ++#ifndef OPENSSL_NO_ECJPAKE ++# include <openssl/ecjpake.h> ++#endif + + void ERR_load_crypto_strings(void) + { +@@ -164,5 +167,8 @@ + # ifndef OPENSSL_NO_JPAKE + ERR_load_JPAKE_strings(); + # endif ++# ifndef OPENSSL_NO_ECJPAKE ++ ERR_load_ECJPAKE_strings(); ++# endif + #endif + } +diff -ruaN --no-dereference openssl-1.0.1m/crypto/err/err.h openssl/crypto/err/err.h +--- openssl-1.0.1m/crypto/err/err.h 2015-08-17 15:44:12.631191688 -0700 ++++ openssl/crypto/err/err.h 2015-08-17 15:44:34.818599289 -0700 +@@ -197,6 +197,7 @@ + # define ERR_LIB_TS 47 + # define ERR_LIB_HMAC 48 + # define ERR_LIB_JPAKE 49 ++# define ERR_LIB_ECJPAKE 50 + + # define ERR_LIB_USER 128 + +@@ -233,6 +234,7 @@ + # define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__) + # define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__) + # define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__) ++# define ECJPAKEerr(f,r) ERR_PUT_error(ERR_LIB_ECJPAKE,(f),(r),__FILE__,__LINE__) + + /* + * Borland C seems too stupid to be able to shift and do longs in the +diff -ruaN --no-dereference openssl-1.0.1m/crypto/err/openssl.ec openssl/crypto/err/openssl.ec +--- openssl-1.0.1m/crypto/err/openssl.ec 2015-08-17 15:44:12.635191581 -0700 ++++ openssl/crypto/err/openssl.ec 2015-08-17 15:44:34.818599289 -0700 +@@ -35,6 +35,7 @@ + L HMAC crypto/hmac/hmac.h crypto/hmac/hmac_err.c + L CMS crypto/cms/cms.h crypto/cms/cms_err.c + L JPAKE crypto/jpake/jpake.h crypto/jpake/jpake_err.c ++L ECJPAKE crypto/ecjpake/ecjpake.h crypto/ecjpake/ecjpake_err.c + + # additional header files to be scanned for function names + L NONE crypto/x509/x509_vfy.h NONE +diff -ruaN --no-dereference openssl-1.0.1m/Makefile.org openssl/Makefile.org +--- openssl-1.0.1m/Makefile.org 2015-08-17 15:44:12.715189445 -0700 ++++ openssl/Makefile.org 2015-08-17 15:44:34.818599289 -0700 +@@ -147,7 +147,7 @@ + bn ec rsa dsa ecdsa dh ecdh dso engine \ + buffer bio stack lhash rand err \ + evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ +- cms pqueue ts jpake srp store cmac ++ cms pqueue ts jpake ecjpake srp store cmac + # keep in mind that the above list is adjusted by ./Configure + # according to no-xxx arguments... + +diff -ruaN --no-dereference openssl-1.0.1m/test/Makefile openssl/test/Makefile +--- openssl-1.0.1m/test/Makefile 2015-08-17 15:44:12.759188270 -0700 ++++ openssl/test/Makefile 2015-08-17 16:50:00.574984277 -0700 +@@ -62,6 +62,7 @@ + EVPEXTRATEST=evp_extra_test + IGETEST= igetest + JPAKETEST= jpaketest ++ECJPAKETEST= ecjpaketest + SRPTEST= srptest + ASN1TEST= asn1test + HEARTBEATTEST= heartbeat_test +@@ -71,7 +72,7 @@ + + EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) \ + $(MD2TEST)$(EXE_EXT) $(MD4TEST)$(EXE_EXT) $(MD5TEST)$(EXE_EXT) $(HMACTEST)$(EXE_EXT) $(WPTEST)$(EXE_EXT) \ +- $(RC2TEST)$(EXE_EXT) $(RC4TEST)$(EXE_EXT) $(RC5TEST)$(EXE_EXT) \ ++ $(RC2TEST)$(EXE_EXT) $(RC4TEST)$(EXE_EXT) $(RC5TEST)$(EXE_EXT) $(ECJPAKETEST)$(EXE_EXT) \ + $(DESTEST)$(EXE_EXT) $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT) \ + $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \ + $(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \ +@@ -86,7 +87,7 @@ + $(HMACTEST).o $(WPTEST).o \ + $(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \ + $(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(SHA256TEST).o $(SHA512TEST).o \ +- $(MDC2TEST).o $(RMDTEST).o \ ++ $(MDC2TEST).o $(RMDTEST).o $(ECJPAKETEST).o \ + $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ + $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ + $(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o \ +@@ -94,7 +95,7 @@ + + SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ + $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ +- $(HMACTEST).c $(WPTEST).c \ ++ $(HMACTEST).c $(WPTEST).c $(ECJPAKETEST).c \ + $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \ + $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \ + $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \ +@@ -137,7 +138,7 @@ + + alltests: \ + test_des test_idea test_sha test_md4 test_md5 test_hmac \ +- test_md2 test_mdc2 test_wp \ ++ test_md2 test_mdc2 test_wp test_ecjpake \ + test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \ + test_rand test_bn test_ec test_ecdsa test_ecdh \ + test_enc test_x509 test_rsa test_crl test_sid \ +@@ -319,6 +320,10 @@ + @echo "Test JPAKE" + ../util/shlib_wrap.sh ./$(JPAKETEST) + ++test_ecjpake: $(ECJPAKETEST)$(EXE_EXT) ++ @echo "Test ECJPAKE" ++ ../util/shlib_wrap.sh ./$(ECJPAKETEST) ++ + test_cms: + @echo "CMS consistency test" + $(PERL) cms-test.pl +@@ -489,6 +494,9 @@ + $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) + @target=$(JPAKETEST); $(BUILD_CMD) + ++$(ECJPAKETEST)$(EXE_EXT): $(ECJPAKETEST).o $(DLIBCRYPTO) ++ @target=$(ECJPAKETEST); $(BUILD_CMD) ++ + $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) + @target=$(ASN1TEST); $(BUILD_CMD) + +@@ -593,6 +601,11 @@ + ecdsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h + ecdsatest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h + ecdsatest.o: ecdsatest.c ++ecjpaketest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h ++ecjpaketest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h ++ecjpaketest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h ++ecjpaketest.o: ../include/openssl/safestack.h ../include/openssl/stack.h ++ecjpaketest.o: ../include/openssl/symhacks.h ecjpaketest.c + ectest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h + ectest.o: ../include/openssl/bn.h ../include/openssl/buffer.h + ectest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
diff --git a/openssl.url b/openssl.url new file mode 100644 index 0000000..aa445e9 --- /dev/null +++ b/openssl.url
@@ -0,0 +1 @@ +https://www.openssl.org/source/openssl-1.0.1p.tar.gz
diff --git a/openssl.version b/openssl.version new file mode 100644 index 0000000..c94b8ea --- /dev/null +++ b/openssl.version
@@ -0,0 +1 @@ +1.0.1p