d74d6c4522
This fixes the following security problems: * CVE-2018-0732: Client DoS due to large DH parameter * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
184 lines
5.2 KiB
Diff
184 lines
5.2 KiB
Diff
--- a/Makefile.org
|
|
+++ b/Makefile.org
|
|
@@ -282,17 +282,17 @@ build_libcrypto: build_crypto build_engi
|
|
build_libssl: build_ssl libssl.pc
|
|
|
|
build_crypto:
|
|
- @dir=crypto; target=all; $(BUILD_ONE_CMD)
|
|
+ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
|
|
build_ssl: build_crypto
|
|
- @dir=ssl; target=all; $(BUILD_ONE_CMD)
|
|
+ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
|
|
build_engines: build_crypto
|
|
- @dir=engines; target=all; $(BUILD_ONE_CMD)
|
|
+ +@dir=engines; target=all; $(BUILD_ONE_CMD)
|
|
build_apps: build_libs
|
|
- @dir=apps; target=all; $(BUILD_ONE_CMD)
|
|
+ +@dir=apps; target=all; $(BUILD_ONE_CMD)
|
|
build_tests: build_libs
|
|
- @dir=test; target=all; $(BUILD_ONE_CMD)
|
|
+ +@dir=test; target=all; $(BUILD_ONE_CMD)
|
|
build_tools: build_libs
|
|
- @dir=tools; target=all; $(BUILD_ONE_CMD)
|
|
+ +@dir=tools; target=all; $(BUILD_ONE_CMD)
|
|
|
|
all_testapps: build_libs build_testapps
|
|
build_testapps:
|
|
@@ -473,7 +473,7 @@ update: errors stacks util/libeay.num ut
|
|
@set -e; target=update; $(RECURSIVE_BUILD_CMD)
|
|
|
|
depend:
|
|
- @set -e; target=depend; $(RECURSIVE_BUILD_CMD)
|
|
+ +@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
|
|
|
|
lint:
|
|
@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
|
|
@@ -535,9 +535,9 @@ dist:
|
|
@$(MAKE) SDIRS='$(SDIRS)' clean
|
|
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
|
|
|
|
-install: all install_sw
|
|
+install: install_sw
|
|
|
|
-install_sw:
|
|
+install_dirs:
|
|
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
|
|
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
|
|
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
|
|
@@ -546,12 +546,19 @@ install_sw:
|
|
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
|
|
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
|
|
$(INSTALL_PREFIX)$(OPENSSLDIR)/private
|
|
+ @$(PERL) $(TOP)/util/mkdir-p.pl \
|
|
+ $(INSTALL_PREFIX)$(MANDIR)/man1 \
|
|
+ $(INSTALL_PREFIX)$(MANDIR)/man3 \
|
|
+ $(INSTALL_PREFIX)$(MANDIR)/man5 \
|
|
+ $(INSTALL_PREFIX)$(MANDIR)/man7
|
|
+
|
|
+install_sw: install_dirs
|
|
@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
|
|
do \
|
|
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
|
|
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
|
|
done;
|
|
- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
|
|
+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
|
|
@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
|
|
do \
|
|
if [ -f "$$i" ]; then \
|
|
@@ -635,12 +642,7 @@ install_html_docs:
|
|
done; \
|
|
done
|
|
|
|
-install_docs:
|
|
- @$(PERL) $(TOP)/util/mkdir-p.pl \
|
|
- $(INSTALL_PREFIX)$(MANDIR)/man1 \
|
|
- $(INSTALL_PREFIX)$(MANDIR)/man3 \
|
|
- $(INSTALL_PREFIX)$(MANDIR)/man5 \
|
|
- $(INSTALL_PREFIX)$(MANDIR)/man7
|
|
+install_docs: install_dirs
|
|
@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
|
|
here="`pwd`"; \
|
|
filecase=; \
|
|
--- a/Makefile.shared
|
|
+++ b/Makefile.shared
|
|
@@ -120,6 +120,7 @@ SYMLINK_SO= \
|
|
done; \
|
|
fi; \
|
|
if [ -n "$$SHLIB_SOVER" ]; then \
|
|
+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
|
|
( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
|
|
ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
|
|
fi; \
|
|
--- a/crypto/Makefile
|
|
+++ b/crypto/Makefile
|
|
@@ -85,11 +85,11 @@ testapps:
|
|
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
|
|
|
|
subdirs:
|
|
- @target=all; $(RECURSIVE_MAKE)
|
|
+ +@target=all; $(RECURSIVE_MAKE)
|
|
|
|
files:
|
|
$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
|
|
- @target=files; $(RECURSIVE_MAKE)
|
|
+ +@target=files; $(RECURSIVE_MAKE)
|
|
|
|
links:
|
|
@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
|
|
@@ -100,7 +100,7 @@ links:
|
|
# lib: $(LIB): are splitted to avoid end-less loop
|
|
lib: $(LIB)
|
|
@touch lib
|
|
-$(LIB): $(LIBOBJ)
|
|
+$(LIB): $(LIBOBJ) | subdirs
|
|
$(AR) $(LIB) $(LIBOBJ)
|
|
test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
|
|
$(RANLIB) $(LIB) || echo Never mind.
|
|
@@ -111,7 +111,7 @@ shared: buildinf.h lib subdirs
|
|
fi
|
|
|
|
libs:
|
|
- @target=lib; $(RECURSIVE_MAKE)
|
|
+ +@target=lib; $(RECURSIVE_MAKE)
|
|
|
|
install:
|
|
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
|
|
@@ -120,7 +120,7 @@ install:
|
|
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
|
|
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
|
|
done;
|
|
- @target=install; $(RECURSIVE_MAKE)
|
|
+ +@target=install; $(RECURSIVE_MAKE)
|
|
|
|
lint:
|
|
@target=lint; $(RECURSIVE_MAKE)
|
|
--- a/engines/Makefile
|
|
+++ b/engines/Makefile
|
|
@@ -72,7 +72,7 @@ top:
|
|
|
|
all: lib subdirs
|
|
|
|
-lib: $(LIBOBJ)
|
|
+lib: $(LIBOBJ) | subdirs
|
|
@if [ -n "$(SHARED_LIBS)" ]; then \
|
|
set -e; \
|
|
for l in $(LIBNAMES); do \
|
|
@@ -89,7 +89,7 @@ lib: $(LIBOBJ)
|
|
|
|
subdirs:
|
|
echo $(EDIRS)
|
|
- @target=all; $(RECURSIVE_MAKE)
|
|
+ +@target=all; $(RECURSIVE_MAKE)
|
|
|
|
files:
|
|
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
|
|
@@ -128,7 +128,7 @@ install:
|
|
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
|
|
done; \
|
|
fi
|
|
- @target=install; $(RECURSIVE_MAKE)
|
|
+ +@target=install; $(RECURSIVE_MAKE)
|
|
|
|
tags:
|
|
ctags $(SRC)
|
|
--- a/test/Makefile
|
|
+++ b/test/Makefile
|
|
@@ -145,7 +145,7 @@ install:
|
|
tags:
|
|
ctags $(SRC)
|
|
|
|
-tests: exe apps $(TESTS)
|
|
+tests: exe $(TESTS)
|
|
|
|
apps:
|
|
@(cd ..; $(MAKE) DIRS=apps all)
|
|
@@ -593,7 +593,7 @@ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssl
|
|
# fi
|
|
|
|
dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
|
|
- @target=dummytest; $(BUILD_CMD)
|
|
+ +@target=dummytest; $(BUILD_CMD)
|
|
|
|
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
|
|