Skip to content

Instantly share code, notes, and snippets.

@mpenick

mpenick/openssl.md

Last active November 18, 2016 10:52
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mpenick/9bd0707096dd8dc64996 to your computer and use it in GitHub Desktop.
Save mpenick/9bd0707096dd8dc64996 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
openssl.md

==== Rebuilding OpenSSL w/ -DPURIFY on Ubuntu 14.04

==== References:

https://help.ubuntu.com/community/UpdatingADeb

==== Instructions:

You may have to add this patch: http://marc.info/?l=openssl-dev&m=140442413928078&w=2

sudo apt-get build-dep libssl-dev
sudo apt-get install build-essential fakeroot devscripts
mkdir libssl; cd libssl
sudo apt-get update
sudo apt-get source libssl-dev
cd openssl_*
debchange -i
dpkg-source --commit # This needs to be run if you applied the above patch
DEB_CFLAGS_APPEND="-DPURIFY" debuild -us -uc -i -I
sudo debi
@amy-phillips
Copy link

I found that even with -DPURIFY openssl.1.0.1f caused valgrind warnings stemming from aesni_cbc_encrypt()
When I built and used openssl.1.0.2g with -DPURIFY the warnings stopped. I followed these instructions http://www.miguelvallejo.com/updating-to-openssl-1-0-2g-on-ubuntu-server-12-04-14-04-lts-to-stop-cve-2016-0800-drown-attack/, but ran './config shared' so that I got the libcrypto.so lib built, and edited the Makefile to add -DPURIFY to the CFLAGS.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment