[openssl] update to version 1.0.2o Fixes MER#1898

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "openssl"]
+	path = openssl
+	url = https://github.com/openssl/openssl.git

openssl-1.0.2a-ipv6-apps.patch → rpm/openssl-1.0.2a-ipv6-apps.patch

@@ -123,7 +123,7 @@ diff -up openssl-1.0.2a/apps/s_socket.c.ipv6-apps openssl-1.0.2a/apps/s_socket.c
  {
 -    unsigned char ip[4];
 -
--    memset(ip, '\0', sizeof ip);
+-    memset(ip, '\0', sizeof(ip));
 -    if (!host_ip(host, &(ip[0])))
 -        return 0;
 -    return init_client_ip(sock, ip, port, type);
@@ -295,7 +295,7 @@ diff -up openssl-1.0.2a/apps/s_socket.c.ipv6-apps openssl-1.0.2a/apps/s_socket.c
  # if defined SOL_SOCKET && defined SO_REUSEADDR
 -    {
 -        int j = 1;
--        setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);
+-        setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof(j));
 -    }
 -# endif
 -    if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {

openssl-1.0.2a-system-cipherlist.patch → rpm/openssl-1.0.2a-system-cipherlist.patch

@@ -47,10 +47,10 @@ diff -up openssl-1.0.2a/Configure.system openssl-1.0.2a/Configure
 
  foreach (sort (keys %disabled))
  	{
-@@ -1667,6 +1676,7 @@ while (<IN>)
- 	s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
+@@ -1668,6 +1677,7 @@ while (<IN>)
  	s/^MULTILIB=.*$/MULTILIB=$multilib/;
  	s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
+ 	s/^ENGINESDIR=.*$/ENGINESDIR=$enginesdir/;
 +	s/^SYSTEM_CIPHERS_FILE=.*$/SYSTEM_CIPHERS_FILE=$system_ciphers_file/;
  	s/^LIBDIR=.*$/LIBDIR=$libdir/;
  	s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;

openssl-1.0.2a-test-use-localhost.patch → rpm/openssl-1.0.2a-test-use-localhost.patch

@@ -7,9 +7,9 @@ diff -up openssl-1.0.2a/ssl/ssltest.c.use-localhost openssl-1.0.2a/ssl/ssltest.c
      if (c_ssl && c_ssl->kssl_ctx) {
 -        char localhost[MAXHOSTNAMELEN + 2];
 -
--        if (gethostname(localhost, sizeof localhost - 1) == 0) {
--            localhost[sizeof localhost - 1] = '\0';
--            if (strlen(localhost) == sizeof localhost - 1) {
+-        if (gethostname(localhost, sizeof(localhost) - 1) == 0) {
+-            localhost[sizeof(localhost) - 1] = '\0';
+-            if (strlen(localhost) == sizeof(localhost) - 1) {
 -                BIO_printf(bio_err, "localhost name too long\n");
 -                goto end;
 -            }

openssl-1.0.2e-wrap-pad.patch → rpm/openssl-1.0.2e-wrap-pad.patch

@@ -60,13 +60,6 @@ diff -up openssl-1.0.2e/crypto/evp/c_allc.c.wrap openssl-1.0.2e/crypto/evp/c_all
 diff -up openssl-1.0.2e/crypto/evp/e_aes.c.wrap openssl-1.0.2e/crypto/evp/e_aes.c
 --- openssl-1.0.2e/crypto/evp/e_aes.c.wrap	2015-12-04 13:33:42.119550059 +0100
 +++ openssl-1.0.2e/crypto/evp/e_aes.c	2015-12-04 13:33:42.190551722 +0100
-@@ -1,5 +1,5 @@
- /* ====================================================================
-- * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
-+ * Copyright (c) 2001-2014 The OpenSSL Project.  All rights reserved.
-  *
-  * Redistribution and use in source and binary forms, with or without
-  * modification, are permitted provided that the following conditions
 @@ -1953,7 +1953,7 @@ static int aes_wrap_init_key(EVP_CIPHER_
              wctx->iv = NULL;
      }

openssl-1.0.2a-pkgconfig-krb5.patch → rpm/openssl-1.0.2h-pkgconfig.patch

@@ -1,7 +1,7 @@
-diff -up openssl-1.0.2a/Makefile.org.krb5 openssl-1.0.2a/Makefile.org
---- openssl-1.0.2a/Makefile.org.krb5	2015-04-21 17:08:41.157464459 +0200
-+++ openssl-1.0.2a/Makefile.org	2015-04-21 17:11:56.887039005 +0200
-@@ -372,7 +372,7 @@ libcrypto.pc: Makefile
+diff -up openssl-1.0.2h/Makefile.org.pkgconfig openssl-1.0.2h/Makefile.org
+--- openssl-1.0.2h/Makefile.org.pkgconfig	2016-05-03 18:06:45.869834730 +0200
++++ openssl-1.0.2h/Makefile.org	2016-06-27 12:04:15.444245018 +0200
+@@ -377,7 +377,7 @@ libcrypto.pc: Makefile
  	    echo 'Requires: '; \
  	    echo 'Libs: -L$${libdir} -lcrypto'; \
  	    echo 'Libs.private: $(EX_LIBS)'; \
@@ -10,9 +10,12 @@ diff -up openssl-1.0.2a/Makefile.org.krb5 openssl-1.0.2a/Makefile.org
 
  libssl.pc: Makefile
  	@ ( echo 'prefix=$(INSTALLTOP)'; \
-@@ -385,7 +385,7 @@ libssl.pc: Makefile
+@@ -388,9 +388,9 @@ libssl.pc: Makefile
+ 	    echo 'Name: OpenSSL-libssl'; \
+ 	    echo 'Description: Secure Sockets Layer and cryptography libraries'; \
  	    echo 'Version: '$(VERSION); \
- 	    echo 'Requires.private: libcrypto'; \
+-	    echo 'Requires.private: libcrypto'; \
++	    echo 'Requires: libcrypto'; \
  	    echo 'Libs: -L$${libdir} -lssl'; \
 -	    echo 'Libs.private: $(EX_LIBS)'; \
 +	    echo 'Libs.private: $(EX_LIBS) $(LIBKRB5)'; \

rpm/openssl-1.0.2i-chil-fixes.patch

@@ -0,0 +1,15 @@
+diff -up openssl-1.0.2i/engines/e_chil.c.chil openssl-1.0.2i/engines/e_chil.c
+--- openssl-1.0.2i/engines/e_chil.c.chil	2016-09-22 12:23:06.000000000 +0200
++++ openssl-1.0.2i/engines/e_chil.c	2016-09-22 13:49:32.532017102 +0200
+@@ -1274,6 +1274,11 @@ static int hwcrhk_insert_card(const char
+     UI *ui;
+     void *callback_data = NULL;
+     UI_METHOD *ui_method = NULL;
++    /* Despite what the documentation says prompt_info can be
++     * an empty string.
++     */
++    if (prompt_info && !*prompt_info)
++        prompt_info = NULL;
+
+     if (cactx) {
+         if (cactx->ui_method)

rpm/openssl-1.0.2i-enc-fail.patch

@@ -0,0 +1,25 @@
+diff -up openssl-1.0.2i/crypto/evp/bio_enc.c.enc-fail openssl-1.0.2i/crypto/evp/bio_enc.c
+--- openssl-1.0.2i/crypto/evp/bio_enc.c.enc-fail	2016-09-22 12:23:06.000000000 +0200
++++ openssl-1.0.2i/crypto/evp/bio_enc.c	2016-09-22 13:58:24.592381002 +0200
+@@ -307,8 +307,9 @@ static long enc_ctrl(BIO *b, int cmd, lo
+     case BIO_CTRL_RESET:
+         ctx->ok = 1;
+         ctx->finished = 0;
+-        EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL,
+-                          ctx->cipher.encrypt);
++        if (!EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL,
++                               ctx->cipher.encrypt))
++             ctx->ok = 0;
+         ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+         break;
+     case BIO_CTRL_EOF:         /* More to read */
+@@ -430,7 +431,8 @@ void BIO_set_cipher(BIO *b, const EVP_CI
+
+     b->init = 1;
+     ctx = (BIO_ENC_CTX *)b->ptr;
+-    EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e);
++    if (!EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e))
++        ctx->ok = 0;
+
+     if (b->callback != NULL)
+         b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L);

rpm/openssl-1.0.2i-enginesdir.patch

@@ -0,0 +1,83 @@
+diff --git a/Configure b/Configure
+index c39f71a..7f3d905 100755
+--- a/Configure
++++ b/Configure
+@@ -727,6 +727,7 @@ my $idx_multilib = $idx++;
+ my $prefix="";
+ my $libdir="";
+ my $openssldir="";
++my $enginesdir="";
+ my $exe_ext="";
+ my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
+ my $cross_compile_prefix="";
+@@ -956,6 +957,10 @@ PROCESS_ARGS:
+ 				{
+ 				$openssldir=$1;
+ 				}
++			elsif (/^--enginesdir=(.*)$/)
++				{
++				$enginesdir=$1;
++				}
+ 			elsif (/^--install.prefix=(.*)$/)
+ 				{
+ 				$install_prefix=$1;
+@@ -1207,7 +1212,7 @@ chop $prefix if $prefix =~ /.\/$/;
+
+ $openssldir=$prefix . "/ssl" if $openssldir eq "";
+ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
+-
++$enginesdir="$prefix/lib/engines" if $enginesdir eq "";
+
+ print "IsMK1MF=$IsMK1MF\n";
+
+@@ -1709,6 +1714,7 @@ while (<IN>)
+ 	s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
+ 	s/^MULTILIB=.*$/MULTILIB=$multilib/;
+ 	s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
++	s/^ENGINESDIR=.*$/ENGINESDIR=$enginesdir/;
+ 	s/^LIBDIR=.*$/LIBDIR=$libdir/;
+ 	s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
+ 	s/^PLATFORM=.*$/PLATFORM=$target/;
+@@ -1915,7 +1921,7 @@ while (<IN>)
+ 		}
+ 	elsif	(/^#define\s+ENGINESDIR/)
+ 		{
+-		my $foo = "$prefix/$libdir/engines";
++		my $foo = "$enginesdir";
+ 		$foo =~ s/\\/\\\\/g;
+ 		print OUT "#define ENGINESDIR \"$foo\"\n";
+ 		}
+diff --git a/Makefile.org b/Makefile.org
+index 2377f50..fe8d54c 100644
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -28,6 +28,7 @@ INSTALLTOP=/usr/local/ssl
+
+ # Do not edit this manually. Use Configure --openssldir=DIR do change this!
+ OPENSSLDIR=/usr/local/ssl
++ENGINESDIR=$${libdir}/engines
+
+ # NO_IDEA - Define to build without the IDEA algorithm
+ # NO_RC4  - Define to build without the RC4 algorithm
+@@ -368,7 +369,7 @@ libcrypto.pc: Makefile
+ 	    echo 'exec_prefix=$${prefix}'; \
+ 	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+ 	    echo 'includedir=$${prefix}/include'; \
+-	    echo 'enginesdir=$${libdir}/engines'; \
++	    echo 'enginesdir=$(ENGINESDIR)'; \
+ 	    echo ''; \
+ 	    echo 'Name: OpenSSL-libcrypto'; \
+ 	    echo 'Description: OpenSSL cryptography library'; \
+diff --git a/engines/Makefile b/engines/Makefile
+index 2058ff4..a2c407b 100644
+--- a/engines/Makefile
++++ b/engines/Makefile
+@@ -124,7 +124,7 @@ install:
+ 				esac; \
+ 				cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+ 			  fi; \
+-			  chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++			  chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+ 			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+ 		done; \
+ 	fi