rpms/openssl/devel openssl-0.9.8a-ICA_engine-sep142005.patch, NONE, 1.1 openssl-0.9.8a-defaults.patch, NONE, 1.1 openssl-0.9.8a-enginesdir.patch, NONE, 1.1 openssl-0.9.8a-link-krb5.patch, NONE, 1.1 openssl-0.9.8a-redhat.patch, NONE, 1.1 openssl-0.9.8a-soversion.patch, NONE, 1.1 openssl-0.9.8a-use-poll.patch, NONE, 1.1 .cvsignore, 1.11, 1.12 hobble-openssl, 1.6, 1.7 openssl-thread-test.c, 1.1, 1.2 openssl.spec, 1.61, 1.62 sources, 1.13, 1.14 openssl-0.9.7a-can-2005-2969.patch, 1.1, NONE openssl-0.9.7a-krb5-1.3.patch, 1.1, NONE openssl-0.9.7d-ICA_engine-sep142005.patch, 1.1, NONE openssl-0.9.7e-abi-compat.patch, 1.1, NONE openssl-0.9.7e-krb5.patch, 1.1, NONE openssl-0.9.7e-soversion.patch, 1.1, NONE openssl-0.9.7f-apps-initialize.patch, 1.1, NONE openssl-0.9.7f-backport-097g.patch, 1.1, NONE openssl-0.9.7f-bn-asm-uninitialized.patch, 1.1, NONE openssl-0.9.7f-bn-ppc-div.patch, 1.1, NONE openssl-0.9.7f-can-2005-0109.patch, 1.2, NONE openssl-0.9.7f-defaults.patch, 1.2, NONE openssl-0.9.7f-dsa-consttime.patch, 1.1, NONE ! openssl-0.9.7f-redhat.patch, 1.3, NONE openssl-0.9.7f-use-poll.patch, 1.1, NONE
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Nov 8 13:52:32 UTC 2005
Author: tmraz
Update of /cvs/dist/rpms/openssl/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv14243
Modified Files:
.cvsignore hobble-openssl openssl-thread-test.c openssl.spec
sources
Added Files:
openssl-0.9.8a-ICA_engine-sep142005.patch
openssl-0.9.8a-defaults.patch openssl-0.9.8a-enginesdir.patch
openssl-0.9.8a-link-krb5.patch openssl-0.9.8a-redhat.patch
openssl-0.9.8a-soversion.patch openssl-0.9.8a-use-poll.patch
Removed Files:
openssl-0.9.7a-can-2005-2969.patch
openssl-0.9.7a-krb5-1.3.patch
openssl-0.9.7d-ICA_engine-sep142005.patch
openssl-0.9.7e-abi-compat.patch openssl-0.9.7e-krb5.patch
openssl-0.9.7e-soversion.patch
openssl-0.9.7f-apps-initialize.patch
openssl-0.9.7f-backport-097g.patch
openssl-0.9.7f-bn-asm-uninitialized.patch
openssl-0.9.7f-bn-ppc-div.patch
openssl-0.9.7f-can-2005-0109.patch
openssl-0.9.7f-defaults.patch
openssl-0.9.7f-dsa-consttime.patch openssl-0.9.7f-redhat.patch
openssl-0.9.7f-use-poll.patch
Log Message:
* Tue Nov 8 2005 Tomas Mraz <tmraz at redhat.com> 0.9.8a-1
- new upstream version
- patches partially renumbered
openssl-0.9.8a-ICA_engine-sep142005.patch:
openssl-0.9.7d-libica-aes/crypto/engine/hw_ibmca.c | 1834 ++++++++++
openssl-0.9.7d-libica-aes/crypto/engine/hw_ibmca_err.c | 160
openssl-0.9.7d-libica-aes/crypto/engine/hw_ibmca_err.h | 51
openssl-0.9.7d-libica-aes/crypto/engine/vendor_defns/ica_openssl_api.h | 242 +
openssl-0.9.8a/crypto/engine/Makefile | 4
openssl-0.9.8a/crypto/engine/eng_all.c | 3
openssl-0.9.8a/crypto/engine/eng_err.c | 15
openssl-0.9.8a/crypto/engine/engine.h | 15
8 files changed, 2322 insertions(+), 2 deletions(-)
--- NEW FILE openssl-0.9.8a-ICA_engine-sep142005.patch ---
--- openssl-0.9.8a/crypto/engine/eng_all.c.ibmca 2005-04-19 15:24:44.000000000 +0200
+++ openssl-0.9.8a/crypto/engine/eng_all.c 2005-11-07 17:52:17.000000000 +0100
@@ -69,6 +69,9 @@
ENGINE_load_openssl();
#endif
ENGINE_load_dynamic();
+#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_IBMCA)
+ ENGINE_load_ibmca();
+#endif
#ifndef OPENSSL_NO_STATIC_ENGINE
#ifndef OPENSSL_NO_HW
#ifndef OPENSSL_NO_HW_4758_CCA
--- openssl-0.9.8a/crypto/engine/Makefile.ibmca 2005-07-16 13:13:05.000000000 +0200
+++ openssl-0.9.8a/crypto/engine/Makefile 2005-11-07 15:47:58.000000000 +0100
@@ -20,12 +20,12 @@
LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
eng_table.c eng_pkey.c eng_fat.c eng_all.c \
tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
- tb_cipher.c tb_digest.c \
+ tb_cipher.c tb_digest.c hw_ibmca.c \
eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c eng_padlock.c
LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
eng_table.o eng_pkey.o eng_fat.o eng_all.o \
tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
- tb_cipher.o tb_digest.o \
+ tb_cipher.o tb_digest.o hw_ibmca.o \
eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o eng_padlock.o
SRC= $(LIBSRC)
--- openssl-0.9.8a/crypto/engine/engine.h.ibmca 2005-11-07 15:36:50.000000000 +0100
+++ openssl-0.9.8a/crypto/engine/engine.h 2005-11-07 16:03:18.000000000 +0100
@@ -726,6 +726,16 @@
#define ENGINE_F_ENGINE_UNLOAD_KEY 152
#define ENGINE_F_ENGINE_UNLOCKED_FINISH 191
#define ENGINE_F_ENGINE_UP_REF 190
+#define ENGINE_F_IBMCA_FINISH 201
+#define ENGINE_F_IBMCA_INIT 192
+#define ENGINE_F_IBMCA_MOD_EXP 193
+#define ENGINE_F_IBMCA_MOD_EXP_CRT 194
+#define ENGINE_F_IBMCA_RAND_BYTES 195
+#define ENGINE_F_IBMCA_RSA_MOD_EXP 196
+#define ENGINE_F_IBMCA_DES_CIPHER 197
+#define ENGINE_F_IBMCA_TDES_CIPHER 198
+#define ENGINE_F_IBMCA_SHA1_UPDATE 199
+#define ENGINE_F_IBMCA_SHA1_FINAL 200
#define ENGINE_F_INT_CTRL_HELPER 172
#define ENGINE_F_INT_ENGINE_CONFIGURE 188
#define ENGINE_F_INT_ENGINE_MODULE_INIT 187
@@ -734,6 +744,8 @@
/* Reason codes. */
#define ENGINE_R_ALREADY_LOADED 100
#define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133
+#define ENGINE_R_BN_CTX_FULL 156
+#define ENGINE_R_BN_EXPAND_FAIL 152
#define ENGINE_R_CMD_NOT_EXECUTABLE 134
#define ENGINE_R_COMMAND_TAKES_INPUT 135
#define ENGINE_R_COMMAND_TAKES_NO_INPUT 136
@@ -758,6 +770,7 @@
#define ENGINE_R_INVALID_CMD_NUMBER 138
#define ENGINE_R_INVALID_INIT_VALUE 151
#define ENGINE_R_INVALID_STRING 150
+#define ENGINE_R_MISSING_KEY_COMPONENTS 153
#define ENGINE_R_NOT_INITIALISED 117
#define ENGINE_R_NOT_LOADED 112
#define ENGINE_R_NO_CONTROL_FUNCTION 120
@@ -767,9 +780,11 @@
#define ENGINE_R_NO_SUCH_ENGINE 116
#define ENGINE_R_NO_UNLOAD_FUNCTION 126
#define ENGINE_R_PROVIDE_PARAMETERS 113
+#define ENGINE_R_REQUEST_FAILED 154
#define ENGINE_R_RSA_NOT_IMPLEMENTED 141
#define ENGINE_R_UNIMPLEMENTED_CIPHER 146
#define ENGINE_R_UNIMPLEMENTED_DIGEST 147
+#define ENGINE_R_UNIT_FAILURE 155
#define ENGINE_R_VERSION_INCOMPATIBILITY 145
#ifdef __cplusplus
--- openssl-0.9.8a/crypto/engine/eng_err.c.ibmca 2005-05-11 05:45:27.000000000 +0200
+++ openssl-0.9.8a/crypto/engine/eng_err.c 2005-11-07 15:53:42.000000000 +0100
@@ -102,6 +102,16 @@
{ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY), "ENGINE_UNLOAD_KEY"},
{ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH), "ENGINE_UNLOCKED_FINISH"},
{ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"},
+{ERR_FUNC(ENGINE_F_IBMCA_FINISH), "IBMCA_FINISH"},
+{ERR_FUNC(ENGINE_F_IBMCA_INIT), "IBMCA_INIT"},
+{ERR_FUNC(ENGINE_F_IBMCA_MOD_EXP), "IBMCA_MOD_EXP"},
+{ERR_FUNC(ENGINE_F_IBMCA_MOD_EXP_CRT), "IBMCA_MOD_EXP_CRT"},
+{ERR_FUNC(ENGINE_F_IBMCA_RAND_BYTES), "IBMCA_RAND_BYTES"},
+{ERR_FUNC(ENGINE_F_IBMCA_RSA_MOD_EXP), "IBMCA_RSA_MOD_EXP"},
+{ERR_FUNC(ENGINE_F_IBMCA_DES_CIPHER), "IBMCA_DES_CIPHER"},
+{ERR_FUNC(ENGINE_F_IBMCA_TDES_CIPHER), "IBMCA_TDES_CIPHER"},
+{ERR_FUNC(ENGINE_F_IBMCA_SHA1_UPDATE), "IBMCA_SHA1_UPDATE"},
+{ERR_FUNC(ENGINE_F_IBMCA_SHA1_FINAL), "IBMCA_SHA1_FINAL"},
{ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "INT_CTRL_HELPER"},
{ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "INT_ENGINE_CONFIGURE"},
{ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT), "INT_ENGINE_MODULE_INIT"},
@@ -113,6 +123,8 @@
{
{ERR_REASON(ENGINE_R_ALREADY_LOADED) ,"already loaded"},
{ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),"argument is not a number"},
+{ERR_REASON(ENGINE_R_BN_CTX_FULL) ,"bn ctx full"},
+{ERR_REASON(ENGINE_R_BN_EXPAND_FAIL) ,"bn expand fail"},
{ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE) ,"cmd not executable"},
{ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT),"command takes input"},
{ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT),"command takes no input"},
@@ -137,6 +149,7 @@
{ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER) ,"invalid cmd number"},
{ERR_REASON(ENGINE_R_INVALID_INIT_VALUE) ,"invalid init value"},
{ERR_REASON(ENGINE_R_INVALID_STRING) ,"invalid string"},
+{ERR_REASON(ENGINE_R_MISSING_KEY_COMPONENTS) ,"missing key components"},
{ERR_REASON(ENGINE_R_NOT_INITIALISED) ,"not initialised"},
{ERR_REASON(ENGINE_R_NOT_LOADED) ,"not loaded"},
{ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION),"no control function"},
@@ -146,9 +159,11 @@
{ERR_REASON(ENGINE_R_NO_SUCH_ENGINE) ,"no such engine"},
{ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION) ,"no unload function"},
{ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS) ,"provide parameters"},
+{ERR_REASON(ENGINE_R_REQUEST_FAILED) ,"request failed"},
{ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED),"rsa not implemented"},
{ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER),"unimplemented cipher"},
{ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST),"unimplemented digest"},
+{ERR_REASON(ENGINE_R_UNIT_FAILURE) ,"unit failure"},
{ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY),"version incompatibility"},
{0,NULL}
};
diff -x tools -x opensslconf.h -x 'Makefile*' -x test -x cscope.out -x '*.txt' -x '*~' -x certs -x apps -Naur openssl-0.9.7d/crypto/engine/hw_ibmca.c openssl-0.9.7d-libica-aes/crypto/engine/hw_ibmca.c
--- openssl-0.9.7d/crypto/engine/hw_ibmca.c 1969-12-31 18:00:00.000000000 -0600
+++ openssl-0.9.7d-libica-aes/crypto/engine/hw_ibmca.c 2005-08-30 16:06:47.000000000 -0500
@@ -0,0 +1,1834 @@
+/* crypto/engine/hw_ibmca.c */
+/* Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ * Digest and Cipher support added by Robert H Burroughs (burrough at us.ibm.com).
+ *
+ *
+ *
+ */
+
+/* (C) COPYRIGHT International Business Machines Corp. 2001 */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+#include <openssl/evp.h>
[...2029 lines suppressed...]
+typedef unsigned char ICA_DES_VECTOR[8];
+
+typedef unsigned char ICA_KEY_DES_SINGLE[8];
+
+typedef struct _ICA_KEY_DES_TRIPLE{
+ ICA_KEY_DES_SINGLE key1;
+ ICA_KEY_DES_SINGLE key2;
+ ICA_KEY_DES_SINGLE key3;
+} ICA_KEY_DES_TRIPLE;
+
+/*------------------------------------------------*
+ | SHA defines and typedefs from ica_api.h |
+ *------------------------------------------------*/
+#define SHA_MSG_PART_ONLY 0
+#define SHA_MSG_PART_FIRST 1
+#define SHA_MSG_PART_MIDDLE 2
+#define SHA_MSG_PART_FINAL 3
+#define LENGTH_SHA_HASH 20
+#define SHA_BLOCK_SIZE 64
+#define LENGTH_SHA_CONTEXT sizeof(ICA_SHA_CONTEXT)
+typedef struct _ICA_SHA_CONTEXT{
+#ifdef __s390__
+ unsigned long long runningLength;
+#else
+ unsigned long runningLength;
+#endif
+ unsigned char sha_hash[LENGTH_SHA_HASH];
+} ICA_SHA_CONTEXT;
+
+/*------------------------------------------------*
+ | RSA defines and typedefs |
+ *------------------------------------------------*/
+ /*
+ * All data elements of the RSA key are in big-endian format
+ * Modulus-Exponent form of key
+ *
+ */
+ #define MAX_EXP_SIZE 256
+ #define MAX_MODULUS_SIZE 256
+ #define MAX_MODEXP_SIZE (MAX_EXP_SIZE + MAX_MODULUS_SIZE)
+
+ #define MAX_OPERAND_SIZE MAX_EXP_SIZE
+
+ typedef unsigned char ICA_KEY_RSA_MODEXPO_REC[MAX_MODEXP_SIZE];
+ /*
+ * All data elements of the RSA key are in big-endian format
+ * Chinese Remainder Thereom(CRT) form of key
+ * Used only for Decrypt, the encrypt form is typically Modulus-Exponent
+ *
+ */
+ #define MAX_BP_SIZE 136
+ #define MAX_BQ_SIZE 128
+ #define MAX_NP_SIZE 136
+ #define MAX_NQ_SIZE 128
+ #define MAX_QINV_SIZE 136
+ #define MAX_RSACRT_SIZE (MAX_BP_SIZE+MAX_BQ_SIZE+MAX_NP_SIZE+MAX_NQ_SIZE+MAX_QINV_SIZE)
+
+#define RSA_GEN_OPERAND_MAX 256 /* bytes */
+
+typedef unsigned char ICA_KEY_RSA_CRT_REC[MAX_RSACRT_SIZE];
+/*------------------------------------------------*
+ | RSA key token types |
+ *------------------------------------------------*/
+
+#define RSA_PUBLIC_MODULUS_EXPONENT 3
+#define RSA_PKCS_PRIVATE_CHINESE_REMAINDER 6
+
+#define KEYTYPE_MODEXPO 1
+#define KEYTYPE_PKCSCRT 2
+
+
+/*------------------------------------------------*
+ | RSA Key Token format |
+ *------------------------------------------------*/
+
+/*
+ * NOTE: All the fields in the ICA_KEY_RSA_MODEXPO structure
+ * (lengths, offsets, exponents, modulus, etc.) are
+ * stored in big-endian format
+ */
+
+typedef struct _ICA_KEY_RSA_MODEXPO
+{ unsigned int keyType; /* RSA key type. */
+ unsigned int keyLength; /* Total length of the token. */
+ unsigned int modulusBitLength; /* Modulus n bit length. */
+ /* -- Start of the data length.*/
+ unsigned int nLength; /* Modulus n = p * q */
+ unsigned int expLength; /* exponent (public or private)*/
+ /* e = 1/d * mod(p-1)(q-1) */
+ /* -- Start of the data offsets*/
+ unsigned int nOffset; /* Modulus n . */
+ unsigned int expOffset; /* exponent (public or private)*/
+ unsigned char reserved[112]; /* reserved area */
+ /* -- Start of the variable -- */
+ /* -- length token data. -- */
+ ICA_KEY_RSA_MODEXPO_REC keyRecord;
+} ICA_KEY_RSA_MODEXPO;
+#define SZ_HEADER_MODEXPO (sizeof(ICA_KEY_RSA_MODEXPO) - sizeof(ICA_KEY_RSA_MODEXPO_REC))
+
+/*
+ * NOTE: All the fields in the ICA_KEY_RSA_CRT structure
+ * (lengths, offsets, exponents, modulus, etc.) are
+ * stored in big-endian format
+ */
+
+typedef struct _ICA_KEY_RSA_CRT
+{ unsigned int keyType; /* RSA key type. */
+ unsigned int keyLength; /* Total length of the token. */
+ unsigned int modulusBitLength; /* Modulus n bit length. */
+ /* -- Start of the data length.*/
+#if _AIX
+ unsigned int nLength; /* Modulus n = p * q */
+#endif
+ unsigned int pLength; /* Prime number p . */
+ unsigned int qLength; /* Prime number q . */
+ unsigned int dpLength; /* dp = d * mod(p-1) . */
+ unsigned int dqLength; /* dq = d * mod(q-1) . */
+ unsigned int qInvLength; /* PKCS: qInv = Ap/q */
+ /* -- Start of the data offsets*/
+#if _AIX
+ unsigned int nOffset; /* Modulus n . */
+#endif
+ unsigned int pOffset; /* Prime number p . */
+ unsigned int qOffset; /* Prime number q . */
+ unsigned int dpOffset; /* dp . */
+ unsigned int dqOffset; /* dq . */
+ unsigned int qInvOffset; /* qInv for PKCS */
+#if _AIX
+ unsigned char reserved[80]; /* reserved area */
+#else
+ unsigned char reserved[88]; /* reserved area */
+#endif
+ /* -- Start of the variable -- */
+ /* -- length token data. -- */
+ ICA_KEY_RSA_CRT_REC keyRecord;
+} ICA_KEY_RSA_CRT;
+#define SZ_HEADER_CRT (sizeof(ICA_KEY_RSA_CRT) - sizeof(ICA_KEY_RSA_CRT_REC))
+
+unsigned int
+icaOpenAdapter( unsigned int adapterId,
+ ICA_ADAPTER_HANDLE *pAdapterHandle );
+
+unsigned int
+icaCloseAdapter( ICA_ADAPTER_HANDLE adapterHandle );
+
+unsigned int
+icaRsaModExpo( ICA_ADAPTER_HANDLE hAdapterHandle,
+ unsigned int inputDataLength,
+ unsigned char *pInputData,
+ ICA_KEY_RSA_MODEXPO *pKeyModExpo,
+ unsigned int *pOutputDataLength,
+ unsigned char *pOutputData );
+
+unsigned int
+icaRsaCrt( ICA_ADAPTER_HANDLE hAdapterHandle,
+ unsigned int inputDataLength,
+ unsigned char *pInputData,
+ ICA_KEY_RSA_CRT *pKeyCrt,
+ unsigned int *pOutputDataLength,
+ unsigned char *pOutputData );
+
+unsigned int
+icaRandomNumberGenerate( ICA_ADAPTER_HANDLE hAdapterHandle,
+ unsigned int outputDataLength,
+ unsigned char *pOutputData );
+
+/* Specific macros and definitions to not have IFDEF;s all over the
+ main code */
+
+#if (_AIX)
+static const char *IBMCA_LIBNAME = "/lib/libica.a(shr.o)";
+#elif (WIN32)
+static const char *IBMCA_LIBNAME = "cryptica";
+#else
+static const char *IBMCA_LIBNAME = "ica";
+#endif
+
+#if (WIN32)
+/*
+ The ICA_KEY_RSA_MODEXPO & ICA_KEY_RSA_CRT lengths and
+ offsets must be in big-endian format.
+
+*/
+#define CORRECT_ENDIANNESS(b) ( \
+ (((unsigned long) (b) & 0x000000ff) << 24) | \
+ (((unsigned long) (b) & 0x0000ff00) << 8) | \
+ (((unsigned long) (b) & 0x00ff0000) >> 8) | \
+ (((unsigned long) (b) & 0xff000000) >> 24) \
+ )
+#define CRT_KEY_TYPE RSA_PKCS_PRIVATE_CHINESE_REMAINDER
+#define ME_KEY_TYPE RSA_PUBLIC_MODULUS_EXPONENT
+#else
+#define CORRECT_ENDIANNESS(b) (b)
+#define CRT_KEY_TYPE KEYTYPE_PKCSCRT
+#define ME_KEY_TYPE KEYTYPE_MODEXPO
+#endif
+
+
+
+#endif /* __ICA_OPENSSL_API_H__ */
openssl-0.9.8a-defaults.patch:
openssl.cnf | 14 +++++++++-----
1 files changed, 9 insertions(+), 5 deletions(-)
--- NEW FILE openssl-0.9.8a-defaults.patch ---
--- openssl-0.9.8a/apps/openssl.cnf.defaults 2005-09-16 14:20:24.000000000 +0200
+++ openssl-0.9.8a/apps/openssl.cnf 2005-11-04 11:00:37.000000000 +0100
@@ -99,6 +99,7 @@
####################################################################
[ req ]
default_bits = 1024
+default_md = sha1
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
@@ -116,23 +117,26 @@
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
-string_mask = nombstr
+# we use PrintableString+UTF8String mask so if pure ASCII texts are used
+# the resulting certificates are compatible with Netscape
+string_mask = MASK:0x2002
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
-countryName_default = AU
+countryName_default = GB
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
+stateOrProvinceName_default = Berkshire
localityName = Locality Name (eg, city)
+localityName_default = Newbury
0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
+0.organizationName_default = My Company Ltd
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
@@ -141,7 +145,7 @@
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
-commonName = Common Name (eg, YOUR name)
+commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
openssl-0.9.8a-enginesdir.patch:
Configure | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
--- NEW FILE openssl-0.9.8a-enginesdir.patch ---
--- openssl-0.9.8a/Configure.enginesdir 2005-11-04 15:06:37.000000000 +0100
+++ openssl-0.9.8a/Configure 2005-11-07 14:15:12.000000000 +0100
@@ -560,6 +560,7 @@
my $prefix="";
my $openssldir="";
+my $enginesdir="";
my $exe_ext="";
my $install_prefix="";
my $no_threads=0;
@@ -739,6 +740,10 @@
{
$openssldir=$1;
}
+ elsif (/^--enginesdir=(.*)$/)
+ {
+ $enginesdir=$1;
+ }
elsif (/^--install.prefix=(.*)$/)
{
$install_prefix=$1;
@@ -923,7 +928,7 @@
$openssldir=$prefix . "/ssl" if $openssldir eq "";
$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
-
+$enginesdir="$prefix/lib/engines" if $enginesdir eq "";
print "IsMK1MF=$IsMK1MF\n";
@@ -1430,7 +1435,7 @@
if (/^#define\s+OPENSSLDIR/)
{ print OUT "#define OPENSSLDIR \"$openssldir\"\n"; }
elsif (/^#define\s+ENGINESDIR/)
- { print OUT "#define ENGINESDIR \"$prefix/lib/engines\"\n"; }
+ { print OUT "#define ENGINESDIR \"$enginesdir\"\n"; }
elsif (/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/)
{ printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n"
if $export_var_as_fn;
openssl-0.9.8a-link-krb5.patch:
Makefile.org | 2 +-
1 files changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE openssl-0.9.8a-link-krb5.patch ---
--- openssl-0.9.8a/Makefile.org.link-krb5 2005-07-05 07:14:21.000000000 +0200
+++ openssl-0.9.8a/Makefile.org 2005-11-07 18:00:08.000000000 +0100
@@ -266,7 +266,7 @@
do_$(SHLIB_TARGET):
@ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
openssl-0.9.8a-redhat.patch:
Configure | 26 +++++++++++++-------------
1 files changed, 13 insertions(+), 13 deletions(-)
--- NEW FILE openssl-0.9.8a-redhat.patch ---
--- openssl-0.9.8a/Configure.redhat 2005-11-08 01:50:41.000000000 +0100
+++ openssl-0.9.8a/Configure 2005-11-08 10:23:38.000000000 +0100
@@ -313,29 +313,29 @@
####
# *-generic* is endian-neutral target, but ./config is free to
# throw in -D[BL]_ENDIAN, whichever appropriate...
-"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-generic32","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
#### IA-32 targets...
"linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
####
-"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
# -bpowerpc64-linux is transient option, -m64 should be the one to use...
-"linux-ppc64", "gcc:-bpowerpc64-linux -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-bpowerpc64-linux:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc64", "gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-x86_64", "gcc:-DL_ENDIAN -DTERMIO -Wall -DMD32_REG_T=int \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
#### SPARC Linux setups
# Ray Miller <ray.miller at computing-services.oxford.ac.uk> has patiently
# assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv8","gcc:-DB_ENDIAN -DTERMIO -Wall -DBN_DIV2W \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
# it's a real mess with -mcpu=ultrasparc option under Linux, but
# -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall -Wa,-Av8plus -DBN_DIV2W \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
# GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
#### Alpha Linux with GNU C and Compaq C setups
# Special notes:
# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
@@ -349,8 +349,8 @@
#
# <appro at fy.chalmers.se>
#
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-gcc","gcc:-DL_ENDIAN -DTERMIO -mcpu=ev5 \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+"linux-alpha+bwx-gcc","gcc:-DL_ENDIAN -DTERMIO -mcpu=ev5 \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
openssl-0.9.8a-soversion.patch:
Configure | 2 +-
Makefile.org | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
--- NEW FILE openssl-0.9.8a-soversion.patch ---
Define and use a soname -- because we have to care about binary
compatibility, we have to increment the soname in order to allow
this version to co-exist with another versions and have everything
work right.
--- openssl-0.9.8a/Makefile.org.soversion 2005-07-05 07:14:21.000000000 +0200
+++ openssl-0.9.8a/Makefile.org 2005-11-04 14:43:24.000000000 +0100
@@ -10,6 +10,7 @@
SHLIB_MAJOR=
SHLIB_MINOR=
SHLIB_EXT=
+SHLIB_SONAMEVER=6
PLATFORM=dist
OPTIONS=
CONFIGURE_ARGS=
@@ -256,10 +257,9 @@
link-shared:
@ set -e; for i in ${SHLIBDIRS}; do \
$(MAKE) -f $(HERE)/Makefile.shared \
- LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ LIBNAME=$$i LIBVERSION=${SHLIB_SONAMEVER} \
LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
symlink.$(SHLIB_TARGET); \
- libs="$$libs -l$$i"; \
done
build-shared: do_$(SHLIB_TARGET) link-shared
@@ -270,7 +270,7 @@
libs="$(LIBKRB5) $$libs"; \
fi; \
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
- LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ LIBNAME=$$i LIBVERSION=${SHLIB_SONAMEVER} \
LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
LIBDEPS="$$libs $(EX_LIBS)" \
link_a.$(SHLIB_TARGET); \
--- openssl-0.9.8a/Configure.soversion 2005-11-04 14:35:38.000000000 +0100
+++ openssl-0.9.8a/Configure 2005-11-04 14:35:38.000000000 +0100
@@ -1311,7 +1311,7 @@
elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
{
my $sotmp = $1;
- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_SONAMEVER) .s$sotmp/;
}
elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
{
openssl-0.9.8a-use-poll.patch:
rand_unix.c | 32 ++++++++++++++------------------
1 files changed, 14 insertions(+), 18 deletions(-)
--- NEW FILE openssl-0.9.8a-use-poll.patch ---
--- openssl-0.9.8a/crypto/rand/rand_unix.c.use-poll 2005-08-29 01:20:48.000000000 +0200
+++ openssl-0.9.8a/crypto/rand/rand_unix.c 2005-11-08 01:28:35.000000000 +0100
@@ -125,6 +125,7 @@
#include <fcntl.h>
#include <unistd.h>
#include <time.h>
+#include <sys/poll.h>
#ifdef __OpenBSD__
int RAND_poll(void)
@@ -157,6 +158,7 @@
struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])];
int fd;
size_t i;
+ struct pollfd pfd;
#endif
#ifdef DEVRANDOM_EGD
static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
@@ -184,11 +186,10 @@
#endif
)) >= 0)
{
- struct timeval t = { 0, 10*1000 }; /* Spend 10ms on
+ int t = 10; /* Spend 10ms on
each file. */
int r;
size_t j;
- fd_set fset;
struct stat *st=&randomstats[i];
/* Avoid using same input... Used to be O_NOFOLLOW
@@ -204,30 +205,25 @@
do
{
- FD_ZERO(&fset);
- FD_SET(fd, &fset);
- r = -1;
-
- if (select(fd+1,&fset,NULL,NULL,&t) < 0)
- t.tv_usec=0;
- else if (FD_ISSET(fd, &fset))
+ pfd.fd = fd;
+ pfd.events = POLLIN;
+ pfd.revents = 0;
+
+ if ((r=poll(&pfd,1,t)) == 0)
+ t = 0;
+ else if (r > 0 && (pfd.revents & POLLIN))
{
r=read(fd,(unsigned char *)tmpbuf+n,
ENTROPY_NEEDED-n);
if (r > 0)
n += r;
}
-
- /* Some Unixen will update t, some
- won't. For those who won't, give
- up here, otherwise, we will do
- this once again for the remaining
- time. */
- if (t.tv_usec == 10*1000)
- t.tv_usec=0;
+ /* we don't know how big part of the timeout elapsed
+ wait half the original timeout next time */
+ t >>= 1;
}
while ((r > 0 || (errno == EINTR || errno == EAGAIN))
- && t.tv_usec != 0 && n < ENTROPY_NEEDED);
+ && t != 0 && n < ENTROPY_NEEDED);
close(fd);
}
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/openssl/devel/.cvsignore,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- .cvsignore 21 Oct 2005 13:48:38 -0000 1.11
+++ .cvsignore 8 Nov 2005 13:52:28 -0000 1.12
@@ -1,2 +1,2 @@
-openssl-0.9.7f-usa.tar.bz2
libica-1.3.6-rc2.tar.bz2
+openssl-0.9.8a-usa.tar.bz2
Index: hobble-openssl
===================================================================
RCS file: /cvs/dist/rpms/openssl/devel/hobble-openssl,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- hobble-openssl 9 Sep 2004 09:45:17 -0000 1.6
+++ hobble-openssl 8 Nov 2005 13:52:28 -0000 1.7
@@ -13,14 +13,14 @@
(find crypto/{idea,mdc2,rc5}/asm -type f | xargs -r rm -fv)
# IDEA, MDC2, RC5, EC.
-for a in idea mdc2 rc5 ec; do
+for a in idea mdc2 rc5 ec ecdh ecdsa; do
for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do
echo Destroying $c
> $c
done
done
-for c in `find crypto/evp -name "*_rc5.c" -o -name "*_idea.c" -o -name "*_mdc2.c" `; do
+for c in `find crypto/evp -name "*_rc5.c" -o -name "*_idea.c" -o -name "*_mdc2.c" -o -name "*_ecdsa.c"`; do
echo Destroying $c
> $c
done
@@ -29,13 +29,15 @@
echo Removing IDEA, MDC2, RC5, and EC references from $h
cat $h | \
awk 'BEGIN {ech=1;} \
- /#[ \t]*if/ {if(ech < 1) ech--;} \
- /#[ \t]*ifndef.*NO_IDEA/ {ech--;} \
- /#[ \t]*ifndef.*NO_MDC2/ {ech--;} \
- /#[ \t]*ifndef.*NO_RC5/ {ech--;} \
- /#[ \t]*ifndef.*NO_EC/ {ech--;} \
+ /^#[ \t]*ifndef.*NO_IDEA/ {ech--; next;} \
+ /^#[ \t]*ifndef.*NO_MDC2/ {ech--; next;} \
+ /^#[ \t]*ifndef.*NO_RC5/ {ech--; next;} \
+ /^#[ \t]*ifndef.*NO_EC/ {ech--; next;} \
+ /^#[ \t]*ifndef.*NO_ECDH/ {ech--; next;} \
+ /^#[ \t]*ifndef.*NO_ECDSA/ {ech--; next;} \
+ /^#[ \t]*if/ {if(ech < 1) ech--;} \
{if(ech>0) {;print $0};} \
- /#endif/ {if(ech < 1) ech++;}' > $h.hobbled && \
+ /^#[ \t]*endif/ {if(ech < 1) ech++;}' > $h.hobbled && \
mv $h.hobbled $h
done
Index: openssl-thread-test.c
===================================================================
RCS file: /cvs/dist/rpms/openssl/devel/openssl-thread-test.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- openssl-thread-test.c 9 Sep 2004 09:45:46 -0000 1.1
+++ openssl-thread-test.c 8 Nov 2005 13:52:29 -0000 1.2
@@ -14,6 +14,7 @@
#include <openssl/objects.h>
#include <openssl/rand.h>
#include <openssl/rsa.h>
+#include <openssl/md5.h>
#include <openssl/ssl.h>
/* Just assume we want to do engine stuff if we're using 0.9.6b or
Index: openssl.spec
===================================================================
RCS file: /cvs/dist/rpms/openssl/devel/openssl.spec,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -r1.61 -r1.62
--- openssl.spec 21 Oct 2005 13:48:38 -0000 1.61
+++ openssl.spec 8 Nov 2005 13:52:29 -0000 1.62
@@ -5,7 +5,8 @@
# 0.9.6c soversion = 3
# 0.9.7a soversion = 4
# 0.9.7ef soversion = 5
-%define soversion 5
+# 0.9.8a soversion = 6
+%define soversion 6
# Number of threads to spawn when testing some threading fixes.
#%define thread_test_threads %{?threads:%{threads}}%{!?threads:1}
@@ -21,8 +22,8 @@
Summary: The OpenSSL toolkit.
Name: openssl
-Version: 0.9.7f
-Release: 11
+Version: 0.9.8a
+Release: 1
Source: openssl-%{version}-usa.tar.bz2
Source1: hobble-openssl
Source2: Makefile.certificate
@@ -35,27 +36,24 @@
Source8: openssl-thread-test.c
Source9: opensslconf-new.h
Source10: opensslconf-new-warning.h
-Patch0: openssl-0.9.7f-redhat.patch
-Patch1: openssl-0.9.7f-defaults.patch
-Patch2: openssl-0.9.7-beta6-ia64.patch
-Patch3: openssl-0.9.7e-soversion.patch
-Patch4: openssl-0.9.6-x509.patch
-Patch5: openssl-0.9.7-beta5-version-add-engines.patch
-Patch6: openssl-0.9.7d-ICA_engine-sep142005.patch
-Patch10: libica-1.3.4-urandom.patch
-Patch11: libica-1.2-cleanup.patch
-Patch12: openssl-0.9.7a-libica-autoconf.patch
-Patch18: openssl-0.9.7a-krb5-1.3.patch
-Patch42: openssl-0.9.7e-krb5.patch
-Patch43: openssl-0.9.7f-bn-asm-uninitialized.patch
-Patch44: openssl-0.9.7f-ca-dir.patch
-Patch45: openssl-0.9.7f-use-poll.patch
-Patch46: openssl-0.9.7f-backport-097g.patch
-Patch47: openssl-0.9.7f-can-2005-0109.patch
-Patch48: openssl-0.9.7f-dsa-consttime.patch
-Patch49: openssl-0.9.7f-bn-ppc-div.patch
-Patch50: openssl-0.9.7f-apps-initialize.patch
-Patch51: openssl-0.9.7a-can-2005-2969.patch
+# Build changes
+Patch0: openssl-0.9.8a-redhat.patch
+Patch1: openssl-0.9.8a-defaults.patch
+Patch2: openssl-0.9.8a-link-krb5.patch
+Patch3: openssl-0.9.8a-soversion.patch
+Patch4: openssl-0.9.8a-enginesdir.patch
+Patch6: openssl-0.9.7a-libica-autoconf.patch
+# Added engines
+Patch20: libica-1.3.4-urandom.patch
+Patch21: libica-1.2-cleanup.patch
+Patch22: openssl-0.9.8a-ICA_engine-sep142005.patch
+# Functionality changes
+Patch32: openssl-0.9.7-beta6-ia64.patch
+Patch33: openssl-0.9.7f-ca-dir.patch
+Patch34: openssl-0.9.6-x509.patch
+Patch35: openssl-0.9.7-beta5-version-add-engines.patch
+Patch36: openssl-0.9.8a-use-poll.patch
+# Backported fixes including security fixes
License: BSDish
Group: System Environment/Libraries
@@ -64,8 +62,6 @@
BuildPreReq: mktemp, krb5-devel, perl, sed, zlib-devel, /usr/bin/cmp
Requires: mktemp
-%define solibbase %(echo %version | sed 's/[[:alpha:]]//g')
-
%description
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
@@ -100,17 +96,17 @@
%{SOURCE1} > /dev/null
%patch0 -p1 -b .redhat
%patch1 -p1 -b .defaults
-%patch2 -p1 -b .ia64
+# Fix link line for libssl (bug #111154).
+%patch2 -p1 -b .krb5
%patch3 -p1 -b .soversion
-%patch4 -p1 -b .x509
-%patch5 -p1 -b .version-add-engines
-%patch6 -p1 -b .ibmca
+%patch4 -p1 -b .enginesdir
+%patch6 -p1 -b .libica-autoconf
pushd libica-%{libicaversion}
# Patch for libica to use /dev/urandom instead of internal pseudo random number
# generator.
-%patch10 -p2 -b .urandom
-%patch11 -p1 -b .cleanup
+%patch20 -p2 -b .urandom
+%patch21 -p1 -b .cleanup
%ifarch s390 s390x
if [[ $RPM_BUILD_ROOT ]] ; then
export INSROOT=$RPM_BUILD_ROOT
@@ -122,27 +118,13 @@
libtoolize --copy --force
%endif
popd
+%patch22 -p1 -b .ibmca
-%patch12 -p1 -b .libica-autoconf
-%patch18 -p1 -b .krb5-1.3
-
-
-# Fix link line for libssl (bug #111154).
-%patch42 -p1 -b .krb5
-
-# Additional fixes
-%patch43 -p1 -b .uninitialized
-#patch44 is applied after make test
-%patch45 -p1 -b .use-poll
-
-%patch46 -p1 -b .backport-097g
-# CAN-2005-0109
-%patch47 -p1 -b .modexp-consttime
-%patch48 -p1 -b .dsa-consttime
-%patch49 -p1 -b .ppc-div
-%patch50 -p1 -b .apps-initialize
-# CAN-2005-2969
-%patch51 -p0 -b .ssl2-rollback
+%patch32 -p1 -b .ia64
+#patch33 is applied after make test
+%patch34 -p1 -b .x509
+%patch35 -p1 -b .version-add-engines
+%patch36 -p1 -b .use-poll
# Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}`
@@ -162,8 +144,8 @@
popd
%endif
-# Figure out which flags we want to use. Set the number of threads to use to
-# the maximum we've managed to run without running afoul of the OOM killer.
+# Figure out which flags we want to use.
+# default
sslarch=%{_os}-%{_arch}
%ifarch %ix86
sslarch=linux-elf
@@ -175,34 +157,23 @@
sslarch=linux-sparcv9
sslflags=no-asm
%endif
-%ifarch ia64
-sslarch=linux-ia64
-%endif
%ifarch alpha
sslarch=linux-alpha-gcc
%endif
%ifarch s390
-sslarch=linux-s390
+sslarch="linux-generic32 -DB_ENDIAN -DNO_ASM"
%endif
%ifarch s390x
-sslarch=linux-s390x
-%endif
-%ifarch x86_64
-sslarch=linux-x86_64
-%endif
-%ifarch ppc
-sslarch=linux-ppc
-%endif
-%ifarch ppc64
-sslarch=linux-ppc64
+sslarch="linux-generic64 -DB_ENDIAN -DNO_ASM"
%endif
+# ia64, x86_64, ppc, ppc64 are OK by default
# Configure the build tree. Override OpenSSL defaults with known-good defaults
# usable on all platforms. The Configure script already knows to use -fPIC and
# RPM_OPT_FLAGS, so we can skip specifiying them here.
./Configure \
--prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
- zlib no-idea no-mdc2 no-rc5 no-ec shared \
- --with-krb5-flavor=MIT \
+ zlib no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa shared \
+ --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \
-I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib} \
${sslarch}
@@ -223,25 +194,27 @@
`krb5-config --cflags` \
-I./include \
$RPM_OPT_FLAGS \
- $RPM_SOURCE_DIR/openssl-thread-test.c \
- libssl.a libcrypto.a \
+ %{SOURCE8} \
+ -L. \
+ -lssl -lcrypto \
`krb5-config --libs` \
-lpthread -lz -ldl
-#./openssl-thread-test --threads %{thread_test_threads}
+./openssl-thread-test --threads %{thread_test_threads}
-# Patch44 must be patched after tests otherwise they will fail
-patch -p1 -b -z .ca-dir < %{PATCH44}
+# Patch33 must be patched after tests otherwise they will fail
+patch -p1 -b -z .ca-dir < %{PATCH33}
%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
# Install OpenSSL.
-install -d $RPM_BUILD_ROOT/{%{_lib},%{_bindir},%{_includedir},%{_libdir},%{_mandir}}
+install -d $RPM_BUILD_ROOT/{%{_lib},%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl}
make INSTALL_PREFIX=$RPM_BUILD_ROOT install build-shared
-mv $RPM_BUILD_ROOT/usr/lib/lib*.so.%{solibbase} $RPM_BUILD_ROOT/%{_lib}/
+mv $RPM_BUILD_ROOT/usr/lib/lib*.so.%{soversion} $RPM_BUILD_ROOT/%{_lib}/
+mv $RPM_BUILD_ROOT/usr/lib/engines $RPM_BUILD_ROOT/%{_libdir}/openssl
mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man/* $RPM_BUILD_ROOT%{_mandir}/
rmdir $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man
mv $RPM_BUILD_ROOT/usr/lib/* $RPM_BUILD_ROOT%{_libdir}/ || :
-rename so.%{solibbase} so.%{version} $RPM_BUILD_ROOT/%{_lib}/*.so.%{solibbase}
+rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT/%{_lib}/*.so.%{soversion}
for lib in $RPM_BUILD_ROOT/%{_lib}/*.so.%{version} ; do
chmod 755 ${lib}
ln -s -f ../../%{_lib}/`basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`
@@ -295,12 +268,14 @@
ln -s certs/ca-bundle.crt $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/cert.pem
# Fix libdir.
-sed 's,^libdir=${exec_prefix}/lib,libdir=${exec_prefix}/%{_lib},g' \
- $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/openssl.pc > \
- $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/openssl.pc.tmp && \
-cat $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/openssl.pc.tmp > \
- $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/openssl.pc && \
-rm -f $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/openssl.pc.tmp
+pushd $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
+for i in *.pc ; do
+ sed 's,^libdir=${exec_prefix}/lib,libdir=${exec_prefix}/%{_lib},g' \
+ $i >$i.tmp && \
+ cat $i.tmp >$i && \
+ rm -f $i.tmp
+done
+popd
# Determine which arch opensslconf.h is going to try to #include.
basearch=%{_arch}
@@ -378,6 +353,7 @@
%attr(0755,root,root) %{_bindir}/openssl
%attr(0755,root,root) /%{_lib}/*.so.%{version}
%attr(0755,root,root) /%{_lib}/*.so.%{soversion}
+%attr(0755,root,root) %{_libdir}/openssl
%attr(0644,root,root) %{_mandir}/man1*/[ABD-Zabcd-z]*
%attr(0644,root,root) %{_mandir}/man5*/*
%attr(0644,root,root) %{_mandir}/man7*/*
@@ -395,7 +371,7 @@
%attr(0644,root,root) %{_libdir}/*.a
%attr(0755,root,root) %{_libdir}/*.so
%attr(0644,root,root) %{_mandir}/man3*/*
-%attr(0644,root,root) %{_libdir}/pkgconfig/openssl.pc
+%attr(0644,root,root) %{_libdir}/pkgconfig/*.pc
%files perl
%defattr(-,root,root)
@@ -410,6 +386,10 @@
%postun -p /sbin/ldconfig
%changelog
+* Tue Nov 8 2005 Tomas Mraz <tmraz at redhat.com> 0.9.8a-1
+- new upstream version
+- patches partially renumbered
+
* Fri Oct 21 2005 Tomas Mraz <tmraz at redhat.com> 0.9.7f-11
- updated IBM ICA engine library and patch to latest upstream version
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/openssl/devel/sources,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- sources 21 Oct 2005 13:48:38 -0000 1.13
+++ sources 8 Nov 2005 13:52:29 -0000 1.14
@@ -1,2 +1,2 @@
-1f93cf2986593d14b2a64983e4e347e3 openssl-0.9.7f-usa.tar.bz2
a915bcff41b687cb5a4f0091374b421d libica-1.3.6-rc2.tar.bz2
+7c17a9014e33507d1c2721b66baccd30 openssl-0.9.8a-usa.tar.bz2
--- openssl-0.9.7a-can-2005-2969.patch DELETED ---
--- openssl-0.9.7a-krb5-1.3.patch DELETED ---
--- openssl-0.9.7d-ICA_engine-sep142005.patch DELETED ---
--- openssl-0.9.7e-abi-compat.patch DELETED ---
--- openssl-0.9.7e-krb5.patch DELETED ---
--- openssl-0.9.7e-soversion.patch DELETED ---
--- openssl-0.9.7f-apps-initialize.patch DELETED ---
--- openssl-0.9.7f-backport-097g.patch DELETED ---
--- openssl-0.9.7f-bn-asm-uninitialized.patch DELETED ---
--- openssl-0.9.7f-bn-ppc-div.patch DELETED ---
--- openssl-0.9.7f-can-2005-0109.patch DELETED ---
--- openssl-0.9.7f-defaults.patch DELETED ---
--- openssl-0.9.7f-dsa-consttime.patch DELETED ---
--- openssl-0.9.7f-redhat.patch DELETED ---
--- openssl-0.9.7f-use-poll.patch DELETED ---
More information about the fedora-cvs-commits
mailing list