OpenSolaris_b135/common/openssl/README.SUNW
#
# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
The version of OpenSSL found in this directory was created by taking the
stock version of OpenSSL 0.9.8a from www.openssl.org and modifying some of
the files to conform to Sun standards.
This work is based on previous work done on stock version of OpenSSL 0.9.7d
shipped with Solaris 10.
===================
Configure options
===================
Below are the options and the targets given to the Configure script.
To build shared objects,
./Configure \
no-ec \
no-ecdh \
no-ecdsa \
no-rc3 \
no-rc5 \
no-mdc2 \
no-idea \
no-hw_cswift \
no-hw_ncipher \
no-hw_atalla \
no-hw_nuron \
no-hw_ubsec \
no-hw_aep \
no-hw_sureware \
no-hw_4758-cca \
no-hw_chil \
no-hw_gmp \
threads \
shared \
$TARGET
, where TARGET is one of the three, depending on the target architecture:
solaris-sparcv8-cc (sparc)
solaris64-sparcv9-cc (sparcv9)
solaris-x86-cc (i386)
For libcrypto.a and libssl.a used by wanboot,
./Configure \
no-aes \
no-cast \
no-dso \
no-ec \
no-ecdh \
no-ecdsa \
no-mdc2 \
no-rc3 \
no-rc4 \
no-rc5 \
no-ripemd \
no-idea \
no-hw \
no-threads \
solaris64-sparcv9-cc
===============================================
The files differ from the original distribution
===============================================
The following files are different from the OpenSSL 0.9.8a release.
1. This header file is generated by Configure. We combined four versions of
this file generated by four runs of Configure.
crypto/opensslconf.h
2. Solaris OpenSSL supports PKCS#11 engine.
This code may go back to the open-source community in the future.
The following files were created.
crypto/engine/hw_pk11_err.h
crypto/engine/hw_pk11.c
crypto/engine/hw_pk11_err.c
crypto/engine/hw_pk11_pub.c
The following files were modified.
crypto/engine/engine.h
3. These files were modified to load the PKCS#11 engine.
Added code is surrounded by "#ifdef SOLARIS_OPENSSL".
crypto/engine/eng_cnf.c
crypto/engine/hw_pk11.c
4. We have a special case where OpenSSL is used by the "wanboot" binary
program, that is run to boot the wanboot client.
The following files are modified for this purpose. Added code is
surrounded by "#ifdef _BOOT".
crypto/opensslconf.h
crypto/err/err_all.c
crypto/evp/evp_key.c
crypto/rand/rand_unix.c
crypto/rand/randfile.c
crypto/x509v3/v3_utl.c
e_os.h
5. The configuration file was modified to ship with Solaris defaults.
$SRC/cmd/openssl/openssl.cnf
(Note: apps/openssl.cnf is unused.)
6. Two files were added for a clean ON build even though the majority
if OpenSSL code itself is not subject to lint checks (with the exception
of crypto/engine/hw_pk11*.[ch] files).
crypto/llib-lcrypto
ssl/llib-lssl
7. OpenSSL version string was modified. Due to the fact that we don't upgrade
OpenSSL frequently we are forced to patch the currently shipped version. The
problem with this aproach is that normally, every security vulnerability fix
triggers a new release of OpenSSL so people can easily check whether their
currently installed version is vulnerable or not. That is not possible with a
patched older version. So, we decided to put the security bug tags into the
version string, like this:
OpenSSL 0.9.8a 11 Oct 2005 (+ security fixes for: CAN-2005-2969 CVE-2006-3738
CVE-2006-4343 CVE-2007-3108 CVE-2007-5135 CVE-2008-5077)
Note that actually it's all on the same line because we want to avoid
problems with Configure scripts that might rely on the fact that the original
OpenSSL version string consists of one line only.
Be aware that the version string is not considered a stable interface and
that all security vulnerability reports are available via SunAlert
notifications.
8. And, finally, this file was added.
README.SUNW