resolve bugzilla 319901 (phew! only took 6 years & 9 days)

2013-10-15 02:08:35 +01:00 · 2013-10-15 02:08:35 +01:00 · 1f19ac14f9
commit 1f19ac14f9
parent 7ae1dc1df9
4 changed files with 2064 additions and 16 deletions
--- a/17
+++ b/17
@ -7,39 +7,30 @@ set -e
 # MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway
 # IDEA:  5,214,703 07/01/2012 - expired, we do not remove it anymore
 # RC5:   5,724,428 01/11/2015
-# EC:    ????????? ??/??/2020
 # SRP:   ????????? ??/??/20??

 # Remove assembler portions of IDEA, MDC2, and RC5.
 (find crypto/rc5/asm -type f | xargs -r rm -fv)

-# RC5, EC, SRP.
-for a in rc5 ec ecdh ecdsa srp; do
+# RC5, SRP.
+for a in rc5 srp; do
  for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do
 	echo Destroying $c
 	> $c
  done
 done

-for c in `find crypto/evp -name "*_rc5.c" -o -name "*_ecdsa.c"`; do
-	echo Destroying $c
-	> $c
-done
-
-for c in `find crypto/bn -name "*gf2m.c"`; do
+for c in `find crypto/evp -name "*_rc5.c"`; do
 	echo Destroying $c
 	> $c
 done

 for h in `find crypto ssl apps test -name "*.h"` ; do
-	echo Removing RC5, SRP and EC references from $h
+	echo Removing RC5, SRP references from $h
 	cat $h | \
 	awk    'BEGIN {ech=1;} \
 		/^#[ \t]*ifndef.*NO_SRP/ {ech--; next;} \
 		/^#[ \t]*ifndef.*NO_RC5/ {ech--; next;} \
-		/^#[ \t]*ifndef.*NO_EC/ {ech--; next;} \
-		/^#[ \t]*ifndef.*NO_ECDH/ {ech--; next;} \
-		/^#[ \t]*ifndef.*NO_ECDSA/ {ech--; next;} \
                /^#[ \t]*if/ {if(ech < 1) ech--;} \
 		{if(ech>0) {;print $0};} \
 		/^#[ \t]*endif/ {if(ech < 1) ech++;}' > $h.hobbled && \
--- a/openssl-1.0.1e-fips-ec.patch
+++ b/openssl-1.0.1e-fips-ec.patch
--- a/openssl.spec
+++ b/openssl.spec
@ -21,7 +21,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.1e
-Release: 26%{?dist}
+Release: 27%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@ -77,6 +77,7 @@ Patch82: openssl-1.0.1e-backports.patch
 Patch83: openssl-1.0.1e-bad-mac.patch
 Patch84: openssl-1.0.1e-trusted-first.patch
 Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch
+Patch86: openssl-1.0.1e-fips-ec.patch

 License: OpenSSL
 Group: System Environment/Libraries
@ -197,6 +198,7 @@ OpenSSL FIPS module.
 %patch83 -p1 -b .bad-mac
 %patch84 -p1 -b .trusted-first
 %patch85 -p1 -b .armcap
+%patch86 -p1 -b .fips-ec

 sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h

@ -251,7 +253,7 @@ sslarch=linux-ppc64
 ./Configure \
 	--prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
 	zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
-	enable-cms enable-md2 no-mdc2 no-rc5 no-ec no-ec2m no-ecdh no-ecdsa no-srp \
+	enable-cms enable-md2 no-mdc2 no-rc5 no-srp \
 	--with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \
 	--with-krb5-dir=/usr shared  ${sslarch} %{?!nofips:fips}

@ -473,6 +475,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 prelink -u %{_libdir}/libcrypto.so.%{version} %{_libdir}/libssl.so.%{version} 2>/dev/null || :

 %changelog
+* Mon Oct 14 2013 Tom Callaway <spot@fedoraproject.org> - 1.0.1e-27
+- resolve bugzilla 319901 (phew! only took 6 years & 9 days)
+
 * Fri Sep 27 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-26
 - make DTLS1 work in FIPS mode
 - avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode
--- a/2
+++ b/2
@ -1 +1 @@
-641677c116865e60601677329b514e2d  openssl-1.0.1e-usa.tar.xz
+3b0845cfbbb2af350ef3b026f8dfcd5f  openssl-1.0.1e-usa.tar.xz