From aa2f010f132f55699d580351d5d0cf80dfc75a87 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Fri, 6 Nov 2009 03:14:10 +0000 Subject: [PATCH] Switch from OpenSSL 0.9.8k to 0.9.8l --- README.pkcs11 | 16 ++++++++-------- ...openssl-0.9.8k-patch => openssl-0.9.8l-patch} | 6 +++--- lib/dns/win32/libdns.dsp | 8 ++++---- lib/dns/win32/libdns.mak | 12 ++++++------ win32utils/SetupLibs.bat | 4 ++-- win32utils/win32-build.txt | 10 +++++----- 6 files changed, 28 insertions(+), 28 deletions(-) rename bin/pkcs11/{openssl-0.9.8k-patch => openssl-0.9.8l-patch} (99%) diff --git a/README.pkcs11 b/README.pkcs11 index 89d9be21d8..72ce281e75 100644 --- a/README.pkcs11 +++ b/README.pkcs11 @@ -47,23 +47,23 @@ choice depends on the HSM hardware: intensive operations. The AEP Keyper is an example of such a device. The modified OpenSSL code is included in the BIND 9.7.0b1 release, in the -form of a context diff against OpenSSL 0.9.8k. Before building BIND 9 +form of a context diff against OpenSSL 0.9.8l. Before building BIND 9 with PKCS #11 support, it will be necessary to build OpenSSL with this patch in place and inform it of the path to the HSM-specific PKCS #11 provider library. -Obtain OpenSSL 0.9.8k: +Obtain OpenSSL 0.9.8l: - wget http://www.openssl.org/source/openssl-0.9.8k.tar.gz + wget http://www.openssl.org/source/openssl-0.9.8l.tar.gz Extract the tarball: - tar zxf openssl-0.9.8k.tar.gz + tar zxf openssl-0.9.8l.tar.gz Apply the patch from the BIND 9 release: - patch -p1 -d openssl-0.9.8k \ - < bind-9.7.0b1/bin/pkcs11/openssl-0.9.8k-patch + patch -p1 -d openssl-0.9.8l \ + < bind-9.7.0b1/bin/pkcs11/openssl-0.9.8l-patch (Note that the patch file may not be compatible with the "patch" utility on all operating systems. You may need to install GNU patch.) @@ -92,7 +92,7 @@ We will use this location when we configure BIND 9. Finally, the Keyper library requires threads, so we must specify -pthread. - cd openssl-0.9.8k + cd openssl-0.9.8l ./Configure linux-generic32 -m32 -pthread \ --pk11-libname=/opt/pkcs11/usr/lib/libpkcs11.so \ --pk11-flavor=sign-only \ @@ -110,7 +110,7 @@ We will use this location when we configure BIND 9. In this example, we are building on Solaris x86 on an AMD64 system. - cd openssl-0.9.8k + cd openssl-0.9.8l ./Configure solaris64-x86_64-cc \ --pk11-libname=/usr/lib/64/libpkcs11.so \ --pk11-flavor=crypto-accelerator \ diff --git a/bin/pkcs11/openssl-0.9.8k-patch b/bin/pkcs11/openssl-0.9.8l-patch similarity index 99% rename from bin/pkcs11/openssl-0.9.8k-patch rename to bin/pkcs11/openssl-0.9.8l-patch index f97396a6a9..0990825ada 100644 --- a/bin/pkcs11/openssl-0.9.8k-patch +++ b/bin/pkcs11/openssl-0.9.8l-patch @@ -11102,7 +11102,7 @@ diff -u /dev/null openssl/crypto/engine/pkcs11.h:1.1.1.1 +++ openssl/crypto/engine/pkcs11.h Wed Oct 24 23:27:09 2007 @@ -0,0 +1,299 @@ +/* pkcs11.h include file for PKCS #11. */ -+/* $Revision: 1.2 $ */ ++/* $Revision: 1.1 $ */ + +/* License to copy and use this software is granted provided that it is + * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface @@ -11406,7 +11406,7 @@ diff -u /dev/null openssl/crypto/engine/pkcs11f.h:1.1.1.1 +++ openssl/crypto/engine/pkcs11f.h Wed Oct 24 23:27:09 2007 @@ -0,0 +1,912 @@ +/* pkcs11f.h include file for PKCS #11. */ -+/* $Revision: 1.2 $ */ ++/* $Revision: 1.1 $ */ + +/* License to copy and use this software is granted provided that it is + * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface @@ -12323,7 +12323,7 @@ diff -u /dev/null openssl/crypto/engine/pkcs11t.h:1.2 +++ openssl/crypto/engine/pkcs11t.h Sat Aug 30 11:58:07 2008 @@ -0,0 +1,1885 @@ +/* pkcs11t.h include file for PKCS #11. */ -+/* $Revision: 1.2 $ */ ++/* $Revision: 1.1 $ */ + +/* License to copy and use this software is granted provided that it is + * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface diff --git a/lib/dns/win32/libdns.dsp b/lib/dns/win32/libdns.dsp index f736b897c1..1bfc110be5 100644 --- a/lib/dns/win32/libdns.dsp +++ b/lib/dns/win32/libdns.dsp @@ -43,7 +43,7 @@ RSC=rc.exe # PROP Ignore_Export_Lib 0 # PROP Target_Dir "" # ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "BIND9" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "libdns_EXPORTS" /YX /FD /c -# ADD CPP /nologo /MD /W3 /GX /O2 /I "../../../../../openssl-0.9.8k/inc32/openssl/include" /I "./" /I "../../../" /I "include" /I "../include" /I "../../isc/win32" /I "../../isc/win32/include" /I "../../isc/include" /I "../../isc/noatomic/include" /I "../../../../openssl-0.9.8k/inc32" /I "../../../../libxml2-2.7.3/include" /D "NDEBUG" /D "BIND9" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /D "_USRDLL" /D "USE_MD5" /D "OPENSSL" /D "DST_USE_PRIVATE_OPENSSL" /D "LIBDNS_EXPORTS" /YX /FD /c +# ADD CPP /nologo /MD /W3 /GX /O2 /I "../../../../../openssl-0.9.8l/inc32/openssl/include" /I "./" /I "../../../" /I "include" /I "../include" /I "../../isc/win32" /I "../../isc/win32/include" /I "../../isc/include" /I "../../isc/noatomic/include" /I "../../../../openssl-0.9.8l/inc32" /I "../../../../libxml2-2.7.3/include" /D "NDEBUG" /D "BIND9" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /D "_USRDLL" /D "USE_MD5" /D "OPENSSL" /D "DST_USE_PRIVATE_OPENSSL" /D "LIBDNS_EXPORTS" /YX /FD /c # SUBTRACT CPP /X # ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32 # ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32 @@ -54,7 +54,7 @@ BSC32=bscmake.exe # ADD BSC32 /nologo LINK32=link.exe # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /machine:I386 -# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../isc/win32/Release/libisc.lib ../../../../openssl-0.9.8k/out32dll/libeay32.lib /nologo /dll /machine:I386 /out:"../../../Build/Release/libdns.dll" +# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../isc/win32/Release/libisc.lib ../../../../openssl-0.9.8l/out32dll/libeay32.lib /nologo /dll /machine:I386 /out:"../../../Build/Release/libdns.dll" !ELSEIF "$(CFG)" == "libdns - Win32 Debug" @@ -70,7 +70,7 @@ LINK32=link.exe # PROP Ignore_Export_Lib 0 # PROP Target_Dir "" # ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "BIND9" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "libdns_EXPORTS" /YX /FD /GZ /c -# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "include" /I "../include" /I "../../isc/win32" /I "../../isc/win32/include" /I "../../isc/include" /I "../../isc/noatomic/include" /I "../../../../openssl-0.9.8k/inc32" /I "../../../../libxml2-2.7.3/include" /D "_DEBUG" /D "BIND9" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /D "_USRDLL" /D "USE_MD5" /D "OPENSSL" /D "DST_USE_PRIVATE_OPENSSL" /D "LIBDNS_EXPORTS" /FR /YX /FD /GZ /c +# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "include" /I "../include" /I "../../isc/win32" /I "../../isc/win32/include" /I "../../isc/include" /I "../../isc/noatomic/include" /I "../../../../openssl-0.9.8l/inc32" /I "../../../../libxml2-2.7.3/include" /D "_DEBUG" /D "BIND9" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /D "_USRDLL" /D "USE_MD5" /D "OPENSSL" /D "DST_USE_PRIVATE_OPENSSL" /D "LIBDNS_EXPORTS" /FR /YX /FD /GZ /c # SUBTRACT CPP /X # ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32 # ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32 @@ -81,7 +81,7 @@ BSC32=bscmake.exe # ADD BSC32 /nologo LINK32=link.exe # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /debug /machine:I386 /pdbtype:sept -# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../isc/win32/debug/libisc.lib ../../../../openssl-0.9.8k/out32dll/libeay32.lib /nologo /dll /map /debug /machine:I386 /out:"../../../Build/Debug/libdns.dll" /pdbtype:sept +# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../isc/win32/debug/libisc.lib ../../../../openssl-0.9.8l/out32dll/libeay32.lib /nologo /dll /map /debug /machine:I386 /out:"../../../Build/Debug/libdns.dll" /pdbtype:sept !ENDIF diff --git a/lib/dns/win32/libdns.mak b/lib/dns/win32/libdns.mak index 2ae1c7cb3f..f26e89a9f4 100644 --- a/lib/dns/win32/libdns.mak +++ b/lib/dns/win32/libdns.mak @@ -208,7 +208,7 @@ CLEAN : if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" CPP=cl.exe -CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "../../../../../openssl-0.9.8k/inc32/openssl/include" /I "./" /I "../../../" /I "include" /I "../include" /I "../../isc/win32" /I "../../isc/win32/include" /I "../../isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../../openssl-0.9.8k/inc32" /I "../../../../libxml2-2.7.3/include" /D "NDEBUG" /D "BIND9" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /D "_USRDLL" /D "USE_MD5" /D "OPENSSL" /D "DST_USE_PRIVATE_OPENSSL" /D "LIBDNS_EXPORTS" /Fp"$(INTDIR)\libdns.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c +CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "../../../../../openssl-0.9.8l/inc32/openssl/include" /I "./" /I "../../../" /I "include" /I "../include" /I "../../isc/win32" /I "../../isc/win32/include" /I "../../isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../../openssl-0.9.8l/inc32" /I "../../../../libxml2-2.7.3/include" /D "NDEBUG" /D "BIND9" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /D "_USRDLL" /D "USE_MD5" /D "OPENSSL" /D "DST_USE_PRIVATE_OPENSSL" /D "LIBDNS_EXPORTS" /Fp"$(INTDIR)\libdns.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c .c{$(INTDIR)}.obj:: $(CPP) @<< @@ -248,7 +248,7 @@ BSC32_FLAGS=/nologo /o"$(OUTDIR)\libdns.bsc" BSC32_SBRS= \ LINK32=link.exe -LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../isc/win32/Release/libisc.lib ../../../../openssl-0.9.8k/out32dll/libeay32.lib /nologo /dll /incremental:no /pdb:"$(OUTDIR)\libdns.pdb" /machine:I386 /def:".\libdns.def" /out:"../../../Build/Release/libdns.dll" /implib:"$(OUTDIR)\libdns.lib" +LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../isc/win32/Release/libisc.lib ../../../../openssl-0.9.8l/out32dll/libeay32.lib /nologo /dll /incremental:no /pdb:"$(OUTDIR)\libdns.pdb" /machine:I386 /def:".\libdns.def" /out:"../../../Build/Release/libdns.dll" /implib:"$(OUTDIR)\libdns.lib" DEF_FILE= \ ".\libdns.def" LINK32_OBJS= \ @@ -538,7 +538,7 @@ CLEAN : if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" CPP=cl.exe -CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "include" /I "../include" /I "../../isc/win32" /I "../../isc/win32/include" /I "../../isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../../openssl-0.9.8k/inc32" /I "../../../../libxml2-2.7.3/include" /D "_DEBUG" /D "BIND9" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /D "_USRDLL" /D "USE_MD5" /D "OPENSSL" /D "DST_USE_PRIVATE_OPENSSL" /D "LIBDNS_EXPORTS" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\libdns.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c +CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "include" /I "../include" /I "../../isc/win32" /I "../../isc/win32/include" /I "../../isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../../openssl-0.9.8l/inc32" /I "../../../../libxml2-2.7.3/include" /D "_DEBUG" /D "BIND9" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /D "_USRDLL" /D "USE_MD5" /D "OPENSSL" /D "DST_USE_PRIVATE_OPENSSL" /D "LIBDNS_EXPORTS" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\libdns.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c .c{$(INTDIR)}.obj:: $(CPP) @<< @@ -663,7 +663,7 @@ BSC32_SBRS= \ << LINK32=link.exe -LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../isc/win32/debug/libisc.lib ../../../../openssl-0.9.8k/out32dll/libeay32.lib /nologo /dll /incremental:yes /pdb:"$(OUTDIR)\libdns.pdb" /map:"$(INTDIR)\libdns.map" /debug /machine:I386 /def:".\libdns.def" /out:"../../../Build/Debug/libdns.dll" /implib:"$(OUTDIR)\libdns.lib" /pdbtype:sept +LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../isc/win32/debug/libisc.lib ../../../../openssl-0.9.8l/out32dll/libeay32.lib /nologo /dll /incremental:yes /pdb:"$(OUTDIR)\libdns.pdb" /map:"$(INTDIR)\libdns.map" /debug /machine:I386 /def:".\libdns.def" /out:"../../../Build/Debug/libdns.dll" /implib:"$(OUTDIR)\libdns.lib" /pdbtype:sept DEF_FILE= \ ".\libdns.def" LINK32_OBJS= \ @@ -970,7 +970,7 @@ SOURCE=..\dispatch.c !IF "$(CFG)" == "libdns - Win32 Release" -CPP_SWITCHES=/nologo /MD /W3 /GX /O2 /I "../../../../../openssl-0.9.8k/inc32/openssl/include" /I "./" /I "../../../" /I "include" /I "../include" /I "../../isc/win32" /I "../../isc/win32/include" /I "../../isc/include" /I "../../isc/noatomic/include" /I "../../../../openssl-0.9.8k/inc32" /I "../../../../libxml2-2.7.3/include" /D "NDEBUG" /D "BIND9" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /D "_USRDLL" /D "USE_MD5" /D "OPENSSL" /D "DST_USE_PRIVATE_OPENSSL" /D "LIBDNS_EXPORTS" /Fp"$(INTDIR)\libdns.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c +CPP_SWITCHES=/nologo /MD /W3 /GX /O2 /I "../../../../../openssl-0.9.8l/inc32/openssl/include" /I "./" /I "../../../" /I "include" /I "../include" /I "../../isc/win32" /I "../../isc/win32/include" /I "../../isc/include" /I "../../isc/noatomic/include" /I "../../../../openssl-0.9.8l/inc32" /I "../../../../libxml2-2.7.3/include" /D "NDEBUG" /D "BIND9" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /D "_USRDLL" /D "USE_MD5" /D "OPENSSL" /D "DST_USE_PRIVATE_OPENSSL" /D "LIBDNS_EXPORTS" /Fp"$(INTDIR)\libdns.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c "$(INTDIR)\dispatch.obj" : $(SOURCE) "$(INTDIR)" $(CPP) @<< @@ -980,7 +980,7 @@ CPP_SWITCHES=/nologo /MD /W3 /GX /O2 /I "../../../../../openssl-0.9.8k/inc32/ope !ELSEIF "$(CFG)" == "libdns - Win32 Debug" -CPP_SWITCHES=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "include" /I "../include" /I "../../isc/win32" /I "../../isc/win32/include" /I "../../isc/include" /I "../../isc/noatomic/include" /I "../../../../openssl-0.9.8k/inc32" /I "../../../../libxml2-2.7.3/include" /D "_DEBUG" /D "BIND9" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /D "_USRDLL" /D "USE_MD5" /D "OPENSSL" /D "DST_USE_PRIVATE_OPENSSL" /D "LIBDNS_EXPORTS" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\libdns.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c +CPP_SWITCHES=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "include" /I "../include" /I "../../isc/win32" /I "../../isc/win32/include" /I "../../isc/include" /I "../../isc/noatomic/include" /I "../../../../openssl-0.9.8l/inc32" /I "../../../../libxml2-2.7.3/include" /D "_DEBUG" /D "BIND9" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /D "_USRDLL" /D "USE_MD5" /D "OPENSSL" /D "DST_USE_PRIVATE_OPENSSL" /D "LIBDNS_EXPORTS" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\libdns.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c "$(INTDIR)\dispatch.obj" "$(INTDIR)\dispatch.sbr" : $(SOURCE) "$(INTDIR)" $(CPP) @<< diff --git a/win32utils/SetupLibs.bat b/win32utils/SetupLibs.bat index b1b8f2738e..d2dd7ca1cd 100644 --- a/win32utils/SetupLibs.bat +++ b/win32utils/SetupLibs.bat @@ -20,8 +20,8 @@ rem This script may be modified by updateopenssl.pl and/or updatelibxml2.pl. echo Copying the OpenSSL DLL. -copy ..\..\openssl-0.9.8k\out32dll\libeay32.dll ..\Build\Release\ -copy ..\..\openssl-0.9.8k\out32dll\libeay32.dll ..\Build\Debug\ +copy ..\..\openssl-0.9.8l\out32dll\libeay32.dll ..\Build\Release\ +copy ..\..\openssl-0.9.8l\out32dll\libeay32.dll ..\Build\Debug\ echo Copying the libxml DLL. diff --git a/win32utils/win32-build.txt b/win32utils/win32-build.txt index 5f005b1de9..08b1e6f922 100644 --- a/win32utils/win32-build.txt +++ b/win32utils/win32-build.txt @@ -2,7 +2,7 @@ Copyright (C) 2004, 2005, 2008, 2009 Internet Systems Consortium, Inc. ("ISC") Copyright (C) 2001, 2002 Internet Software Consortium. See COPYRIGHT in the source root or http://isc.org/copyright.html for terms. -$Id: win32-build.txt,v 1.18 2009/10/12 16:41:13 each Exp $ +$Id: win32-build.txt,v 1.19 2009/11/06 03:14:10 each Exp $ BIND 9.7 for Win32 Source Build Instructions. 02-Jul-2009 @@ -54,21 +54,21 @@ Step 1: Download and build OpenSSL Download and untar the OpenSSL sources from http://www.openssl.org/. Extract them at in the same directory in which you extracted the BIND9 source: If BIND9 is in \build\bind-9.7.0, for instance, OpenSSL should be -in \build\openssl-0.9.8k (subject to version number changes). +in \build\openssl-0.9.8l (subject to version number changes). Note: Building OpenSSL requires that you install Perl as it uses it during its build process. The following commands work as of -openssl-0.9.8k, but you should check the OpenSSL distribution +openssl-0.9.8l, but you should check the OpenSSL distribution to see if the build instructions have changed: - cd openssl-0.9.8k + cd openssl-0.9.8l perl Configure VC-WIN32 --prefix=c:/openssl ms\do_masm nmake /f ms\ntdll.mak If you wish to use PKCS #11 to control a cryptographic hardware service module, please see bind9\README.pkcs11. You will need to apply the patch -in bind9\bin\pkcs11\openssl-0.9.8k-patch (this can be done using the Cygwin +in bind9\bin\pkcs11\openssl-0.9.8l-patch (this can be done using the Cygwin 'patch' utility) and add --pk11-libname and --pk11-flavor to the Configure command above.