forked from rpms/openssl
auto-import changelog data from openssl-0.9.7a-20.src.rpm
Wed Sep 24 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-20 - only parse a client cert if one was requested - temporarily exclusivearch for %{ix86} Tue Sep 23 2003 Nalin Dahyabhai <nalin@redhat.com> - add security fixes for protocol parsing bugs (CAN-2003-0543, CAN-2003-0544) and heap corruption (CAN-2003-0545) - update RHNS-CA-CERT files - ease back on the number of threads used in the threading test Wed Sep 17 2003 Matt Wilson <msw@redhat.com> 0.9.7a-19 - rebuild to fix gzipped file md5sums (#91211) Mon Aug 25 2003 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-18 - Updated libica to version 1.3.4. Thu Jul 17 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-17 - rebuild Tue Jul 15 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-10.9 - free the kssl_ctx structure when we free an SSL structure (#99066) Thu Jul 10 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-16 - rebuild Thu Jul 10 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-15 - lower thread test count on s390x Tue Jul 08 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-14 - rebuild Thu Jun 26 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-13 - disable assembly on arches where it seems to conflict with threading Thu Jun 26 2003 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-12 - Updated libica to latest upstream version 1.3.0
This commit is contained in:
parent
5b50ae8c7b
commit
321fa67e1c
@ -1 +1,2 @@
|
|||||||
|
libica-1.3.4.tar.gz
|
||||||
openssl-0.9.7a-usa.tar.bz2
|
openssl-0.9.7a-usa.tar.bz2
|
||||||
|
136
RHNS-CA-CERT
136
RHNS-CA-CERT
@ -66,3 +66,139 @@ kHESh1UK8lIbrfLTBx2vcJm7sM2AI8ntK3PpY7HQs4xgxUJkpsGVVpDFNQYDWPWO
|
|||||||
K9n5qaAQqZn3FUKSpVDXEQfxAtXgcORVbirOJfhdzQsvEGH49iBCzMOJ+IpPgiQS
|
K9n5qaAQqZn3FUKSpVDXEQfxAtXgcORVbirOJfhdzQsvEGH49iBCzMOJ+IpPgiQS
|
||||||
zzl/IagsjVKXUsX3X0KlhwlmsMw=
|
zzl/IagsjVKXUsX3X0KlhwlmsMw=
|
||||||
-----END CERTIFICATE-----
|
-----END CERTIFICATE-----
|
||||||
|
|
||||||
|
Certificate:
|
||||||
|
Data:
|
||||||
|
Version: 3 (0x2)
|
||||||
|
Serial Number: 0 (0x0)
|
||||||
|
Signature Algorithm: md5WithRSAEncryption
|
||||||
|
Issuer: C=US, ST=North Carolina, L=Raleigh, O=Red Hat, Inc., OU=Red Hat Network, CN=RHN Certificate Authority/Email=rhn-noc@redhat.com
|
||||||
|
Validity
|
||||||
|
Not Before: Sep 5 20:45:16 2002 GMT
|
||||||
|
Not After : Sep 9 20:45:16 2007 GMT
|
||||||
|
Subject: C=US, ST=North Carolina, L=Raleigh, O=Red Hat, Inc., OU=Red Hat Network, CN=RHN Certificate Authority/Email=rhn-noc@redhat.com
|
||||||
|
Subject Public Key Info:
|
||||||
|
Public Key Algorithm: rsaEncryption
|
||||||
|
RSA Public Key: (1024 bit)
|
||||||
|
Modulus (1024 bit):
|
||||||
|
00:b3:16:b7:c5:f5:b9:69:51:1f:cd:b4:3d:70:cf:
|
||||||
|
60:57:85:a4:2a:a7:5d:28:22:0e:ec:19:e2:92:f7:
|
||||||
|
48:97:a6:a6:1f:51:95:83:11:8f:9a:98:a2:90:e0:
|
||||||
|
cb:4a:24:19:94:a8:8a:4b:88:b4:06:6c:ce:77:d7:
|
||||||
|
15:3b:3c:cd:66:83:cf:23:1d:0d:bc:0a:0c:cb:1f:
|
||||||
|
cb:40:fb:f3:d9:fe:2a:b4:85:2c:7b:c9:a1:fe:f3:
|
||||||
|
8f:68:1d:f2:12:b1:a4:16:19:ce:0f:b8:9a:9c:d9:
|
||||||
|
bc:5f:49:62:b2:95:93:ce:5d:2e:dd:79:3c:f1:5b:
|
||||||
|
a6:b7:a2:b5:39:0d:8e:12:31
|
||||||
|
Exponent: 65537 (0x10001)
|
||||||
|
X509v3 extensions:
|
||||||
|
X509v3 Subject Key Identifier:
|
||||||
|
7F:1B:64:A1:2E:02:C5:A8:7D:B8:D1:B1:8B:06:9D:A3:A9:50:63:92
|
||||||
|
X509v3 Authority Key Identifier:
|
||||||
|
keyid:7F:1B:64:A1:2E:02:C5:A8:7D:B8:D1:B1:8B:06:9D:A3:A9:50:63:92
|
||||||
|
DirName:/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=RHN Certificate Authority/Email=rhn-noc@redhat.com
|
||||||
|
serial:00
|
||||||
|
|
||||||
|
X509v3 Basic Constraints:
|
||||||
|
CA:TRUE
|
||||||
|
Signature Algorithm: md5WithRSAEncryption
|
||||||
|
28:4d:42:e5:34:22:dd:c6:86:63:04:75:52:67:17:45:72:f2:
|
||||||
|
3b:21:2b:45:59:72:73:f7:59:36:9d:57:43:c6:dc:94:0f:0e:
|
||||||
|
ff:13:5c:4f:50:37:85:b2:e4:c2:1f:35:9f:74:f4:e7:53:fb:
|
||||||
|
a1:06:b8:39:ce:e4:0a:86:7b:5f:28:5d:c7:11:9e:12:a5:d6:
|
||||||
|
b9:6c:e9:18:09:d5:f0:42:e7:54:b5:91:9e:23:ad:12:7a:aa:
|
||||||
|
72:7c:39:3c:83:f8:75:a4:7b:03:92:ff:2a:d4:c5:76:19:12:
|
||||||
|
fa:b4:3b:b0:89:2c:95:8c:01:90:0d:d8:ba:06:05:61:00:ac:
|
||||||
|
95:da
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIID7jCCA1egAwIBAgIBADANBgkqhkiG9w0BAQQFADCBsTELMAkGA1UEBhMCVVMx
|
||||||
|
FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD
|
||||||
|
VQQKEw1SZWQgSGF0LCBJbmMuMRgwFgYDVQQLEw9SZWQgSGF0IE5ldHdvcmsxIjAg
|
||||||
|
BgNVBAMTGVJITiBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEW
|
||||||
|
EnJobi1ub2NAcmVkaGF0LmNvbTAeFw0wMjA5MDUyMDQ1MTZaFw0wNzA5MDkyMDQ1
|
||||||
|
MTZaMIGxMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAO
|
||||||
|
BgNVBAcTB1JhbGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xGDAWBgNVBAsT
|
||||||
|
D1JlZCBIYXQgTmV0d29yazEiMCAGA1UEAxMZUkhOIENlcnRpZmljYXRlIEF1dGhv
|
||||||
|
cml0eTEhMB8GCSqGSIb3DQEJARYScmhuLW5vY0ByZWRoYXQuY29tMIGfMA0GCSqG
|
||||||
|
SIb3DQEBAQUAA4GNADCBiQKBgQCzFrfF9blpUR/NtD1wz2BXhaQqp10oIg7sGeKS
|
||||||
|
90iXpqYfUZWDEY+amKKQ4MtKJBmUqIpLiLQGbM531xU7PM1mg88jHQ28CgzLH8tA
|
||||||
|
+/PZ/iq0hSx7yaH+849oHfISsaQWGc4PuJqc2bxfSWKylZPOXS7deTzxW6a3orU5
|
||||||
|
DY4SMQIDAQABo4IBEjCCAQ4wHQYDVR0OBBYEFH8bZKEuAsWofbjRsYsGnaOpUGOS
|
||||||
|
MIHeBgNVHSMEgdYwgdOAFH8bZKEuAsWofbjRsYsGnaOpUGOSoYG3pIG0MIGxMQsw
|
||||||
|
CQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcTB1Jh
|
||||||
|
bGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xGDAWBgNVBAsTD1JlZCBIYXQg
|
||||||
|
TmV0d29yazEiMCAGA1UEAxMZUkhOIENlcnRpZmljYXRlIEF1dGhvcml0eTEhMB8G
|
||||||
|
CSqGSIb3DQEJARYScmhuLW5vY0ByZWRoYXQuY29tggEAMAwGA1UdEwQFMAMBAf8w
|
||||||
|
DQYJKoZIhvcNAQEEBQADgYEAKE1C5TQi3caGYwR1UmcXRXLyOyErRVlyc/dZNp1X
|
||||||
|
Q8bclA8O/xNcT1A3hbLkwh81n3T051P7oQa4Oc7kCoZ7XyhdxxGeEqXWuWzpGAnV
|
||||||
|
8ELnVLWRniOtEnqqcnw5PIP4daR7A5L/KtTFdhkS+rQ7sIkslYwBkA3YugYFYQCs
|
||||||
|
ldo=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
||||||
|
Certificate:
|
||||||
|
Data:
|
||||||
|
Version: 3 (0x2)
|
||||||
|
Serial Number: 0 (0x0)
|
||||||
|
Signature Algorithm: md5WithRSAEncryption
|
||||||
|
Issuer: C=US, ST=North Carolina, L=Raleigh, O=Red Hat, Inc., OU=Red Hat Network, CN=RHN Certificate Authority/emailAddress=rhn-noc@redhat.com
|
||||||
|
Validity
|
||||||
|
Not Before: Aug 29 02:10:55 2003 GMT
|
||||||
|
Not After : Aug 26 02:10:55 2013 GMT
|
||||||
|
Subject: C=US, ST=North Carolina, L=Raleigh, O=Red Hat, Inc., OU=Red Hat Network, CN=RHN Certificate Authority/emailAddress=rhn-noc@redhat.com
|
||||||
|
Subject Public Key Info:
|
||||||
|
Public Key Algorithm: rsaEncryption
|
||||||
|
RSA Public Key: (1024 bit)
|
||||||
|
Modulus (1024 bit):
|
||||||
|
00:bf:61:63:eb:3d:8b:2b:45:48:e6:c2:fb:7c:d2:
|
||||||
|
21:21:b8:ec:90:93:41:30:7c:2c:8d:79:d5:14:e9:
|
||||||
|
0e:7e:3f:ef:d6:0a:9b:0a:a6:02:52:01:2d:26:96:
|
||||||
|
a4:ed:bd:a9:9e:aa:08:03:c1:61:0a:41:80:ea:ae:
|
||||||
|
74:cc:61:26:d0:05:91:55:3e:66:14:a2:20:b3:d6:
|
||||||
|
9d:71:0c:ab:77:cc:f4:f0:11:b5:25:33:8a:4e:22:
|
||||||
|
9a:10:36:67:fa:11:6d:48:76:3a:1f:d2:e3:44:7b:
|
||||||
|
89:66:be:b4:85:fb:2f:a6:aa:13:fa:9a:6d:c9:bb:
|
||||||
|
18:c4:04:af:4f:15:69:89:9b
|
||||||
|
Exponent: 65537 (0x10001)
|
||||||
|
X509v3 extensions:
|
||||||
|
X509v3 Subject Key Identifier:
|
||||||
|
69:44:27:05:DC:2E:ED:A5:F4:81:C4:D7:78:45:E7:44:5D:F8:87:47
|
||||||
|
X509v3 Authority Key Identifier:
|
||||||
|
keyid:69:44:27:05:DC:2E:ED:A5:F4:81:C4:D7:78:45:E7:44:5D:F8:87:47
|
||||||
|
DirName:/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=RHN Certificate Authority/emailAddress=rhn-noc@redhat.com
|
||||||
|
serial:00
|
||||||
|
|
||||||
|
X509v3 Basic Constraints:
|
||||||
|
CA:TRUE
|
||||||
|
Signature Algorithm: md5WithRSAEncryption
|
||||||
|
23:c9:ca:07:9f:5e:96:39:83:e0:4e:da:dd:47:84:30:ca:d4:
|
||||||
|
d5:38:86:f9:de:88:83:ca:2c:47:26:36:ab:f4:14:1e:28:29:
|
||||||
|
de:7d:10:4a:5e:91:3e:5a:99:07:0c:a9:2e:e3:fb:78:44:49:
|
||||||
|
c5:32:d6:e8:7a:97:ff:29:d0:33:ae:26:ba:76:06:7e:79:97:
|
||||||
|
17:0c:4f:2d:2a:8b:8a:ac:41:59:ae:e9:c4:55:2d:b9:88:df:
|
||||||
|
9b:7b:41:f8:32:2e:ee:c9:c0:59:e2:30:57:5e:37:47:29:c0:
|
||||||
|
2d:78:33:d3:ce:a3:2b:dc:84:da:bf:3b:2e:4b:b6:b3:b6:4e:
|
||||||
|
9e:80
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIID7jCCA1egAwIBAgIBADANBgkqhkiG9w0BAQQFADCBsTELMAkGA1UEBhMCVVMx
|
||||||
|
FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD
|
||||||
|
VQQKEw1SZWQgSGF0LCBJbmMuMRgwFgYDVQQLEw9SZWQgSGF0IE5ldHdvcmsxIjAg
|
||||||
|
BgNVBAMTGVJITiBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEW
|
||||||
|
EnJobi1ub2NAcmVkaGF0LmNvbTAeFw0wMzA4MjkwMjEwNTVaFw0xMzA4MjYwMjEw
|
||||||
|
NTVaMIGxMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAO
|
||||||
|
BgNVBAcTB1JhbGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xGDAWBgNVBAsT
|
||||||
|
D1JlZCBIYXQgTmV0d29yazEiMCAGA1UEAxMZUkhOIENlcnRpZmljYXRlIEF1dGhv
|
||||||
|
cml0eTEhMB8GCSqGSIb3DQEJARYScmhuLW5vY0ByZWRoYXQuY29tMIGfMA0GCSqG
|
||||||
|
SIb3DQEBAQUAA4GNADCBiQKBgQC/YWPrPYsrRUjmwvt80iEhuOyQk0EwfCyNedUU
|
||||||
|
6Q5+P+/WCpsKpgJSAS0mlqTtvameqggDwWEKQYDqrnTMYSbQBZFVPmYUoiCz1p1x
|
||||||
|
DKt3zPTwEbUlM4pOIpoQNmf6EW1Idjof0uNEe4lmvrSF+y+mqhP6mm3JuxjEBK9P
|
||||||
|
FWmJmwIDAQABo4IBEjCCAQ4wHQYDVR0OBBYEFGlEJwXcLu2l9IHE13hF50Rd+IdH
|
||||||
|
MIHeBgNVHSMEgdYwgdOAFGlEJwXcLu2l9IHE13hF50Rd+IdHoYG3pIG0MIGxMQsw
|
||||||
|
CQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcTB1Jh
|
||||||
|
bGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xGDAWBgNVBAsTD1JlZCBIYXQg
|
||||||
|
TmV0d29yazEiMCAGA1UEAxMZUkhOIENlcnRpZmljYXRlIEF1dGhvcml0eTEhMB8G
|
||||||
|
CSqGSIb3DQEJARYScmhuLW5vY0ByZWRoYXQuY29tggEAMAwGA1UdEwQFMAMBAf8w
|
||||||
|
DQYJKoZIhvcNAQEEBQADgYEAI8nKB59eljmD4E7a3UeEMMrU1TiG+d6Ig8osRyY2
|
||||||
|
q/QUHigp3n0QSl6RPlqZBwypLuP7eERJxTLW6HqX/ynQM64munYGfnmXFwxPLSqL
|
||||||
|
iqxBWa7pxFUtuYjfm3tB+DIu7snAWeIwV143RynALXgz086jK9yE2r87Lku2s7ZO
|
||||||
|
noA=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
7
RHNS-CA-CERT.asc
Normal file
7
RHNS-CA-CERT.asc
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
Version: GnuPG v1.0.7 (GNU/Linux)
|
||||||
|
|
||||||
|
iD8DBQE/TsIqIZGAzdtCpg4RAj03AJ9Y+fj8UWEepsewkz+FvCqK19Ap3QCgmtwj
|
||||||
|
xkb8E4gRJAgmjON/Xm/qr5k=
|
||||||
|
=qpvb
|
||||||
|
-----END PGP SIGNATURE-----
|
399
openssl-thread-test.c
Normal file
399
openssl-thread-test.c
Normal file
@ -0,0 +1,399 @@
|
|||||||
|
/* Test program to verify that RSA signing is thread-safe in OpenSSL. */
|
||||||
|
|
||||||
|
#include <assert.h>
|
||||||
|
#include <errno.h>
|
||||||
|
#include <fcntl.h>
|
||||||
|
#include <limits.h>
|
||||||
|
#include <pthread.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
|
||||||
|
#include <openssl/crypto.h>
|
||||||
|
#include <openssl/err.h>
|
||||||
|
#include <openssl/objects.h>
|
||||||
|
#include <openssl/rand.h>
|
||||||
|
#include <openssl/rsa.h>
|
||||||
|
#include <openssl/ssl.h>
|
||||||
|
|
||||||
|
/* Just assume we want to do engine stuff if we're using 0.9.6b or
|
||||||
|
* higher. This assumption is only valid for versions bundled with RHL. */
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x0090602fL
|
||||||
|
#include <openssl/engine.h>
|
||||||
|
#define USE_ENGINE
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#define MAX_THREAD_COUNT 10000
|
||||||
|
#define ITERATION_COUNT 10
|
||||||
|
#define MAIN_COUNT 100
|
||||||
|
|
||||||
|
/* OpenSSL requires us to provide thread ID and locking primitives. */
|
||||||
|
pthread_mutex_t *mutex_locks = NULL;
|
||||||
|
static unsigned long
|
||||||
|
thread_id_cb(void)
|
||||||
|
{
|
||||||
|
return (unsigned long) pthread_self();
|
||||||
|
}
|
||||||
|
static void
|
||||||
|
lock_cb(int mode, int n, const char *file, int line)
|
||||||
|
{
|
||||||
|
if (mode & CRYPTO_LOCK) {
|
||||||
|
pthread_mutex_lock(&mutex_locks[n]);
|
||||||
|
} else {
|
||||||
|
pthread_mutex_unlock(&mutex_locks[n]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
struct thread_args {
|
||||||
|
RSA *rsa;
|
||||||
|
int digest_type;
|
||||||
|
unsigned char *digest;
|
||||||
|
unsigned int digest_len;
|
||||||
|
unsigned char *signature;
|
||||||
|
unsigned int signature_len;
|
||||||
|
pthread_t main_thread;
|
||||||
|
};
|
||||||
|
|
||||||
|
static int print = 0;
|
||||||
|
|
||||||
|
pthread_mutex_t sign_lock = PTHREAD_MUTEX_INITIALIZER;
|
||||||
|
static int locked_sign = 0;
|
||||||
|
static void SIGN_LOCK() {if (locked_sign) pthread_mutex_lock(&sign_lock);}
|
||||||
|
static void SIGN_UNLOCK() {if (locked_sign) pthread_mutex_unlock(&sign_lock);}
|
||||||
|
|
||||||
|
pthread_mutex_t verify_lock = PTHREAD_MUTEX_INITIALIZER;
|
||||||
|
static int locked_verify = 0;
|
||||||
|
static void VERIFY_LOCK() {if (locked_verify) pthread_mutex_lock(&verify_lock);}
|
||||||
|
static void VERIFY_UNLOCK() {if (locked_verify) pthread_mutex_unlock(&verify_lock);}
|
||||||
|
|
||||||
|
pthread_mutex_t failure_count_lock = PTHREAD_MUTEX_INITIALIZER;
|
||||||
|
long failure_count = 0;
|
||||||
|
static void
|
||||||
|
failure()
|
||||||
|
{
|
||||||
|
pthread_mutex_lock(&failure_count_lock);
|
||||||
|
failure_count++;
|
||||||
|
pthread_mutex_unlock(&failure_count_lock);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void *
|
||||||
|
thread_main(void *argp)
|
||||||
|
{
|
||||||
|
struct thread_args *args = argp;
|
||||||
|
unsigned char *signature;
|
||||||
|
unsigned int signature_len, signature_alloc_len;
|
||||||
|
int ret, i;
|
||||||
|
|
||||||
|
signature_alloc_len = args->signature_len;
|
||||||
|
if (RSA_size(args->rsa) > signature_alloc_len) {
|
||||||
|
signature_alloc_len = RSA_size(args->rsa);
|
||||||
|
}
|
||||||
|
signature = malloc(signature_alloc_len);
|
||||||
|
if (signature == NULL) {
|
||||||
|
fprintf(stderr, "Skipping checks in thread %lu -- %s.\n",
|
||||||
|
(unsigned long) pthread_self(), strerror(errno));
|
||||||
|
pthread_exit(0);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
for (i = 0; i < ITERATION_COUNT; i++) {
|
||||||
|
signature_len = signature_alloc_len;
|
||||||
|
SIGN_LOCK();
|
||||||
|
ret = RSA_check_key(args->rsa);
|
||||||
|
ERR_print_errors_fp(stdout);
|
||||||
|
if (ret != 1) {
|
||||||
|
failure();
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
ret = RSA_sign(args->digest_type,
|
||||||
|
args->digest,
|
||||||
|
args->digest_len,
|
||||||
|
signature, &signature_len,
|
||||||
|
args->rsa);
|
||||||
|
SIGN_UNLOCK();
|
||||||
|
ERR_print_errors_fp(stdout);
|
||||||
|
if (ret != 1) {
|
||||||
|
failure();
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
VERIFY_LOCK();
|
||||||
|
ret = RSA_verify(args->digest_type,
|
||||||
|
args->digest,
|
||||||
|
args->digest_len,
|
||||||
|
signature, signature_len,
|
||||||
|
args->rsa);
|
||||||
|
VERIFY_UNLOCK();
|
||||||
|
if (ret != 1) {
|
||||||
|
fprintf(stderr,
|
||||||
|
"Signature from thread %lu(%d) fails "
|
||||||
|
"verification (passed in thread #%lu)!\n",
|
||||||
|
(long) pthread_self(), i,
|
||||||
|
(long) args->main_thread);
|
||||||
|
ERR_print_errors_fp(stdout);
|
||||||
|
failure();
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (print) {
|
||||||
|
fprintf(stderr, ">%d\n", i);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
free(signature);
|
||||||
|
|
||||||
|
pthread_exit(0);
|
||||||
|
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
unsigned char *
|
||||||
|
xmemdup(unsigned char *s, size_t len)
|
||||||
|
{
|
||||||
|
unsigned char *r;
|
||||||
|
r = malloc(len);
|
||||||
|
if (r == NULL) {
|
||||||
|
fprintf(stderr, "Out of memory.\n");
|
||||||
|
ERR_print_errors_fp(stdout);
|
||||||
|
assert(r != NULL);
|
||||||
|
}
|
||||||
|
memcpy(r, s, len);
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
main(int argc, char **argv)
|
||||||
|
{
|
||||||
|
RSA *rsa;
|
||||||
|
MD5_CTX md5;
|
||||||
|
int fd, i;
|
||||||
|
pthread_t threads[MAX_THREAD_COUNT];
|
||||||
|
int thread_count = 1000;
|
||||||
|
unsigned char *message, *digest;
|
||||||
|
unsigned int message_len, digest_len;
|
||||||
|
unsigned char *correct_signature;
|
||||||
|
unsigned int correct_siglen, ret;
|
||||||
|
struct thread_args master_args, *args;
|
||||||
|
int sync = 0, seed = 0;
|
||||||
|
int again = 1;
|
||||||
|
#ifdef USE_ENGINE
|
||||||
|
char *engine = NULL;
|
||||||
|
ENGINE *e = NULL;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
pthread_mutex_init(&failure_count_lock, NULL);
|
||||||
|
|
||||||
|
for (i = 1; i < argc; i++) {
|
||||||
|
if (strcmp(argv[i], "--seed") == 0) {
|
||||||
|
printf("Seeding PRNG.\n");
|
||||||
|
seed++;
|
||||||
|
} else
|
||||||
|
if (strcmp(argv[i], "--sync") == 0) {
|
||||||
|
printf("Running synchronized.\n");
|
||||||
|
sync++;
|
||||||
|
} else
|
||||||
|
if ((strcmp(argv[i], "--threads") == 0) && (i < argc - 1)) {
|
||||||
|
i++;
|
||||||
|
thread_count = atol(argv[i]);
|
||||||
|
if (thread_count > MAX_THREAD_COUNT) {
|
||||||
|
thread_count = MAX_THREAD_COUNT;
|
||||||
|
}
|
||||||
|
printf("Starting %d threads.\n", thread_count);
|
||||||
|
sync++;
|
||||||
|
} else
|
||||||
|
if (strcmp(argv[i], "--sign") == 0) {
|
||||||
|
printf("Locking signing.\n");
|
||||||
|
locked_sign++;
|
||||||
|
} else
|
||||||
|
if (strcmp(argv[i], "--verify") == 0) {
|
||||||
|
printf("Locking verifies.\n");
|
||||||
|
locked_verify++;
|
||||||
|
} else
|
||||||
|
if (strcmp(argv[i], "--print") == 0) {
|
||||||
|
printf("Tracing.\n");
|
||||||
|
print++;
|
||||||
|
#ifdef USE_ENGINE
|
||||||
|
} else
|
||||||
|
if ((strcmp(argv[i], "--engine") == 0) && (i < argc - 1)) {
|
||||||
|
printf("Using engine \"%s\".\n", argv[i + 1]);
|
||||||
|
engine = argv[i + 1];
|
||||||
|
i++;
|
||||||
|
#endif
|
||||||
|
} else {
|
||||||
|
printf("Bad argument: %s\n", argv[i]);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Get some random data to sign. */
|
||||||
|
fd = open("/dev/urandom", O_RDONLY);
|
||||||
|
if (fd == -1) {
|
||||||
|
fprintf(stderr, "Error opening /dev/urandom: %s\n",
|
||||||
|
strerror(errno));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (print) {
|
||||||
|
fprintf(stderr, "Reading random data.\n");
|
||||||
|
}
|
||||||
|
message = malloc(message_len = 9371);
|
||||||
|
read(fd, message, message_len);
|
||||||
|
close(fd);
|
||||||
|
|
||||||
|
/* Initialize the SSL library and set up thread-safe locking. */
|
||||||
|
ERR_load_crypto_strings();
|
||||||
|
SSL_library_init();
|
||||||
|
mutex_locks = malloc(sizeof(pthread_mutex_t) * CRYPTO_num_locks());
|
||||||
|
for (i = 0; i < CRYPTO_num_locks(); i++) {
|
||||||
|
pthread_mutex_init(&mutex_locks[i], NULL);
|
||||||
|
}
|
||||||
|
CRYPTO_set_id_callback(thread_id_cb);
|
||||||
|
CRYPTO_set_locking_callback(lock_cb);
|
||||||
|
ERR_print_errors_fp(stdout);
|
||||||
|
|
||||||
|
/* Seed the PRNG if we were asked to do so. */
|
||||||
|
if (seed) {
|
||||||
|
if (print) {
|
||||||
|
fprintf(stderr, "Seeding PRNG.\n");
|
||||||
|
}
|
||||||
|
RAND_add(message, message_len, message_len);
|
||||||
|
ERR_print_errors_fp(stdout);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Turn on a hardware crypto device if asked to do so. */
|
||||||
|
#ifdef USE_ENGINE
|
||||||
|
if (engine) {
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
|
||||||
|
ENGINE_load_builtin_engines();
|
||||||
|
#endif
|
||||||
|
if (print) {
|
||||||
|
fprintf(stderr, "Initializing \"%s\" engine.\n",
|
||||||
|
engine);
|
||||||
|
}
|
||||||
|
e = ENGINE_by_id(engine);
|
||||||
|
ERR_print_errors_fp(stdout);
|
||||||
|
if (e) {
|
||||||
|
i = ENGINE_init(e);
|
||||||
|
ERR_print_errors_fp(stdout);
|
||||||
|
i = ENGINE_set_default_RSA(e);
|
||||||
|
ERR_print_errors_fp(stdout);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* Compute the digest for the signature. */
|
||||||
|
if (print) {
|
||||||
|
fprintf(stderr, "Computing digest.\n");
|
||||||
|
}
|
||||||
|
digest = malloc(digest_len = MD5_DIGEST_LENGTH);
|
||||||
|
MD5_Init(&md5);
|
||||||
|
MD5_Update(&md5, message, message_len);
|
||||||
|
MD5_Final(digest, &md5);
|
||||||
|
|
||||||
|
/* Generate a signing key. */
|
||||||
|
if (print) {
|
||||||
|
fprintf(stderr, "Generating key.\n");
|
||||||
|
}
|
||||||
|
rsa = RSA_generate_key(4096, 3, NULL, NULL);
|
||||||
|
ERR_print_errors_fp(stdout);
|
||||||
|
if (rsa == NULL) {
|
||||||
|
_exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Sign the data. */
|
||||||
|
correct_siglen = RSA_size(rsa);
|
||||||
|
correct_signature = malloc(correct_siglen);
|
||||||
|
for (i = 0; i < MAIN_COUNT; i++) {
|
||||||
|
if (print) {
|
||||||
|
fprintf(stderr, "Signing data (%d).\n", i);
|
||||||
|
}
|
||||||
|
ret = RSA_check_key(rsa);
|
||||||
|
ERR_print_errors_fp(stdout);
|
||||||
|
if (ret != 1) {
|
||||||
|
failure();
|
||||||
|
}
|
||||||
|
correct_siglen = RSA_size(rsa);
|
||||||
|
ret = RSA_sign(NID_md5, digest, digest_len,
|
||||||
|
correct_signature, &correct_siglen,
|
||||||
|
rsa);
|
||||||
|
ERR_print_errors_fp(stdout);
|
||||||
|
if (ret != 1) {
|
||||||
|
_exit(2);
|
||||||
|
}
|
||||||
|
if (print) {
|
||||||
|
fprintf(stderr, "Verifying data (%d).\n", i);
|
||||||
|
}
|
||||||
|
ret = RSA_verify(NID_md5, digest, digest_len,
|
||||||
|
correct_signature, correct_siglen,
|
||||||
|
rsa);
|
||||||
|
if (ret != 1) {
|
||||||
|
_exit(2);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Collect up the inforamtion which other threads will need for
|
||||||
|
* comparing their signature results with ours. */
|
||||||
|
master_args.rsa = rsa;
|
||||||
|
master_args.digest_type = NID_md5;
|
||||||
|
master_args.digest = digest;
|
||||||
|
master_args.digest_len = digest_len;
|
||||||
|
master_args.signature = correct_signature;
|
||||||
|
master_args.signature_len = correct_siglen;
|
||||||
|
master_args.main_thread = pthread_self();
|
||||||
|
|
||||||
|
fprintf(stdout, "Performing %d signatures in each of %d threads "
|
||||||
|
"(%d, %d).\n", ITERATION_COUNT, thread_count,
|
||||||
|
digest_len, correct_siglen);
|
||||||
|
fflush(NULL);
|
||||||
|
|
||||||
|
/* Start up all of the threads. */
|
||||||
|
for (i = 0; i < thread_count; i++) {
|
||||||
|
args = malloc(sizeof(struct thread_args));
|
||||||
|
args->rsa = RSAPrivateKey_dup(master_args.rsa);
|
||||||
|
args->digest_type = master_args.digest_type;
|
||||||
|
args->digest_len = master_args.digest_len;
|
||||||
|
args->digest = xmemdup(master_args.digest, args->digest_len);
|
||||||
|
args->signature_len = master_args.signature_len;
|
||||||
|
args->signature = xmemdup(master_args.signature,
|
||||||
|
args->signature_len);
|
||||||
|
args->main_thread = pthread_self();
|
||||||
|
ret = pthread_create(&threads[i], NULL, thread_main, args);
|
||||||
|
while ((ret != 0) && (errno == EAGAIN)) {
|
||||||
|
ret = pthread_create(&threads[i], NULL,
|
||||||
|
thread_main, &args);
|
||||||
|
fprintf(stderr, "Thread limit hit at %d.\n", i);
|
||||||
|
}
|
||||||
|
if (ret != 0) {
|
||||||
|
fprintf(stderr, "Unable to create thread %d: %s.\n",
|
||||||
|
i, strerror(errno));
|
||||||
|
threads[i] = -1;
|
||||||
|
} else {
|
||||||
|
if (sync) {
|
||||||
|
ret = pthread_join(threads[i], NULL);
|
||||||
|
assert(ret == 0);
|
||||||
|
}
|
||||||
|
if (print) {
|
||||||
|
fprintf(stderr, "%d\n", i);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Wait for all threads to complete. So long as we can find an
|
||||||
|
* unjoined thread, keep joining threads. */
|
||||||
|
do {
|
||||||
|
again = 0;
|
||||||
|
for (i = 0; i < thread_count; i++) {
|
||||||
|
/* If we have an unterminated thread, join it. */
|
||||||
|
if (threads[i] != -1) {
|
||||||
|
again = 1;
|
||||||
|
if (print) {
|
||||||
|
fprintf(stderr, "Joining thread %d.\n",
|
||||||
|
i);
|
||||||
|
}
|
||||||
|
pthread_join(threads[i], NULL);
|
||||||
|
threads[i] = -1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} while (again == 1);
|
||||||
|
|
||||||
|
fprintf(stderr, "%ld failures\n", failure_count);
|
||||||
|
|
||||||
|
return (failure_count != 0);
|
||||||
|
}
|
163
openssl.spec
163
openssl.spec
@ -5,17 +5,21 @@
|
|||||||
# 0.9.6c soversion = 3
|
# 0.9.6c soversion = 3
|
||||||
# 0.9.7a soversion = 4
|
# 0.9.7a soversion = 4
|
||||||
%define soversion 4
|
%define soversion 4
|
||||||
|
%define thread_test_threads %{?threads:%{threads}}%{!?threads:100}
|
||||||
|
|
||||||
Summary: The OpenSSL toolkit.
|
Summary: The OpenSSL toolkit.
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 0.9.7a
|
Version: 0.9.7a
|
||||||
Release: 5
|
Release: 20
|
||||||
Source: openssl-%{version}-usa.tar.bz2
|
Source: openssl-%{version}-usa.tar.bz2
|
||||||
Source1: hobble-openssl
|
Source1: hobble-openssl
|
||||||
Source2: Makefile.certificate
|
Source2: Makefile.certificate
|
||||||
Source3: ca-bundle.crt
|
Source3: ca-bundle.crt
|
||||||
Source4: RHNS-CA-CERT
|
Source4: https://rhn.redhat.com/help/RHNS-CA-CERT
|
||||||
Source5: make-dummy-cert
|
Source5: https://rhn.redhat.com/help/RHNS-CA-CERT.asc
|
||||||
|
Source6: make-dummy-cert
|
||||||
|
Source7: libica-1.3.4.tar.gz
|
||||||
|
Source8: openssl-thread-test.c
|
||||||
Patch0: openssl-0.9.7a-redhat.patch
|
Patch0: openssl-0.9.7a-redhat.patch
|
||||||
Patch1: openssl-0.9.7-beta5-defaults.patch
|
Patch1: openssl-0.9.7-beta5-defaults.patch
|
||||||
Patch2: openssl-0.9.7-beta6-ia64.patch
|
Patch2: openssl-0.9.7-beta6-ia64.patch
|
||||||
@ -26,11 +30,23 @@ Patch6: openssl-0.9.7-ibmca.patch
|
|||||||
Patch7: openssl-0.9.7-ppc64.patch
|
Patch7: openssl-0.9.7-ppc64.patch
|
||||||
Patch8: openssl-sec3-blinding-0.9.7.patch
|
Patch8: openssl-sec3-blinding-0.9.7.patch
|
||||||
Patch9: openssl-0.9.7a-klima-pokorny-rosa.patch
|
Patch9: openssl-0.9.7a-klima-pokorny-rosa.patch
|
||||||
|
Patch10: libica-1.2-struct.patch
|
||||||
|
Patch11: libica-1.2-cleanup.patch
|
||||||
|
Patch12: openssl-0.9.7a-libica-autoconf.patch
|
||||||
|
Patch13: openssl-0.9.7a-blinding-threads.patch
|
||||||
|
Patch14: openssl-0.9.7a-specific-engine.patch
|
||||||
|
Patch15: openssl-0.9.7a-blinding-rng.patch
|
||||||
|
Patch16: openssl-0.9.7a-ubsec-stomp.patch
|
||||||
|
Patch17: openssl-0.9.7a-krb5-leak.patch
|
||||||
|
Patch18: openssl-0.9.7a-krb5-1.3.patch
|
||||||
|
Patch19: niscc-097.txt
|
||||||
|
Patch20: openssl-0.9.6c-ccert.patch
|
||||||
License: BSDish
|
License: BSDish
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
URL: http://www.openssl.org/
|
URL: http://www.openssl.org/
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
||||||
BuildPreReq: mktemp, krb5-devel, perl, sed, zlib-devel
|
BuildPreReq: mktemp, krb5-devel, perl, sed, zlib-devel
|
||||||
|
ExclusiveArch: %{ix86}
|
||||||
Requires: mktemp
|
Requires: mktemp
|
||||||
|
|
||||||
%define solibbase %(echo %version | sed 's/[[:alpha:]]//g')
|
%define solibbase %(echo %version | sed 's/[[:alpha:]]//g')
|
||||||
@ -64,7 +80,8 @@ package provides Perl scripts for converting certificates and keys
|
|||||||
from other formats to the formats used by the OpenSSL toolkit.
|
from other formats to the formats used by the OpenSSL toolkit.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q -a 7
|
||||||
|
|
||||||
%{SOURCE1} > /dev/null
|
%{SOURCE1} > /dev/null
|
||||||
%patch0 -p1 -b .redhat
|
%patch0 -p1 -b .redhat
|
||||||
%patch1 -p1 -b .defaults
|
%patch1 -p1 -b .defaults
|
||||||
@ -79,6 +96,30 @@ pushd ssl
|
|||||||
%patch9 -p0 -b .klima-pokorny-rosa
|
%patch9 -p0 -b .klima-pokorny-rosa
|
||||||
popd
|
popd
|
||||||
|
|
||||||
|
%ifarch s390 s390x
|
||||||
|
pushd libica-1.3.4
|
||||||
|
#%patch10 -p1 -b .struct
|
||||||
|
%patch11 -p1 -b .cleanup
|
||||||
|
if [[ $RPM_BUILD_ROOT ]] ; then
|
||||||
|
export INSROOT=$RPM_BUILD_ROOT
|
||||||
|
fi
|
||||||
|
aclocal
|
||||||
|
touch Makefile.macros
|
||||||
|
automake --gnu -acf
|
||||||
|
autoconf
|
||||||
|
popd
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%patch12 -p1 -b .libica-autoconf
|
||||||
|
%patch13 -p1 -b .blinding-threads
|
||||||
|
%patch14 -p1 -b .specific-engine
|
||||||
|
%patch15 -p1 -b .blinding-rng
|
||||||
|
%patch16 -p1 -b .ubsec-stomp
|
||||||
|
%patch17 -p1 -b .krb5-leak
|
||||||
|
%patch18 -p1 -b .krb5-1.3
|
||||||
|
%patch19 -p1 -b .niscc
|
||||||
|
%patch20 -p1 -b .ccert
|
||||||
|
|
||||||
# Modify the various perl scripts to reference perl in the right location.
|
# Modify the various perl scripts to reference perl in the right location.
|
||||||
perl util/perlpath.pl `dirname %{__perl}`
|
perl util/perlpath.pl `dirname %{__perl}`
|
||||||
|
|
||||||
@ -86,7 +127,19 @@ perl util/perlpath.pl `dirname %{__perl}`
|
|||||||
make TABLE PERL=%{__perl}
|
make TABLE PERL=%{__perl}
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# Figure out which flags we want to use.
|
%ifarch s390 s390x
|
||||||
|
pushd libica-1.3.4
|
||||||
|
if [[ $RPM_BUILD_ROOT ]] ; then
|
||||||
|
export INSROOT=$RPM_BUILD_ROOT
|
||||||
|
fi
|
||||||
|
%configure
|
||||||
|
make
|
||||||
|
popd
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# Figure out which flags we want to use. Set the number of threads to use to
|
||||||
|
# the maximum we've managed to run without running afoul of the OOM killer.
|
||||||
|
sslarch=%{_os}-%{_arch}
|
||||||
%ifarch %ix86
|
%ifarch %ix86
|
||||||
sslarch=linux-elf
|
sslarch=linux-elf
|
||||||
if ! echo %{_target} | grep -q i686 ; then
|
if ! echo %{_target} | grep -q i686 ; then
|
||||||
@ -99,6 +152,7 @@ sslflags=no-asm
|
|||||||
%endif
|
%endif
|
||||||
%ifarch ia64
|
%ifarch ia64
|
||||||
sslarch=linux-ia64
|
sslarch=linux-ia64
|
||||||
|
sslflags=no-asm
|
||||||
%endif
|
%endif
|
||||||
%ifarch alpha
|
%ifarch alpha
|
||||||
sslarch=alpha-gcc
|
sslarch=alpha-gcc
|
||||||
@ -117,17 +171,17 @@ sslarch=linux-ppc
|
|||||||
%endif
|
%endif
|
||||||
%ifarch ppc64
|
%ifarch ppc64
|
||||||
sslarch=linux-ppc64
|
sslarch=linux-ppc64
|
||||||
|
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -O0"
|
||||||
%endif
|
%endif
|
||||||
# Configure the build tree. Override OpenSSL defaults with known-good defaults
|
# Configure the build tree. Override OpenSSL defaults with known-good defaults
|
||||||
# usable on all platforms. The Configure script already knows to use -fPIC and
|
# usable on all platforms. The Configure script already knows to use -fPIC and
|
||||||
# RPM_OPT_FLAGS, so we can skip specifiying them here.
|
# RPM_OPT_FLAGS, so we can skip specifiying them here.
|
||||||
./config \
|
./Configure \
|
||||||
--prefix=%{_prefix} --openssldir=%{_datadir}/ssl ${sslflags} \
|
--prefix=%{_prefix} --openssldir=%{_datadir}/ssl ${sslflags} \
|
||||||
zlib no-idea no-mdc2 no-rc5 no-ec shared \
|
zlib no-idea no-mdc2 no-rc5 no-ec shared \
|
||||||
--with-krb5-include=`%{_prefix}/kerberos/bin/krb5-config --cflags` \
|
|
||||||
--with-krb5-lib=`%{_prefix}/kerberos/bin/krb5-config --libs gssapi` \
|
|
||||||
--with-krb5-flavor=MIT \
|
--with-krb5-flavor=MIT \
|
||||||
-I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib}
|
-I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib} \
|
||||||
|
${sslarch}
|
||||||
make depend
|
make depend
|
||||||
make all build-shared
|
make all build-shared
|
||||||
|
|
||||||
@ -135,7 +189,17 @@ make all build-shared
|
|||||||
make rehash build-shared
|
make rehash build-shared
|
||||||
|
|
||||||
# Verify that what was compiled actually works.
|
# Verify that what was compiled actually works.
|
||||||
|
LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
|
||||||
|
export LD_LIBRARY_PATH
|
||||||
make -C test apps tests
|
make -C test apps tests
|
||||||
|
%{__cc} -o openssl-thread-test \
|
||||||
|
`krb5-config --cflags` \
|
||||||
|
-I./include \
|
||||||
|
$RPM_SOURCE_DIR/openssl-thread-test.c \
|
||||||
|
libssl.a libcrypto.a \
|
||||||
|
`krb5-config --libs` \
|
||||||
|
-lpthread -lz -ldl
|
||||||
|
./openssl-thread-test --threads %{thread_test_threads}
|
||||||
|
|
||||||
%install
|
%install
|
||||||
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
|
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
|
||||||
@ -219,6 +283,17 @@ rm -rf $RPM_BUILD_ROOT/%{_mandir}/man1*/*.pl*
|
|||||||
rm -rf $RPM_BUILD_ROOT/%{_datadir}/ssl/misc/*.pl
|
rm -rf $RPM_BUILD_ROOT/%{_datadir}/ssl/misc/*.pl
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
%ifarch s390 s390x
|
||||||
|
pushd libica-1.3.4
|
||||||
|
if [[ $RPM_BUILD_ROOT ]] ;
|
||||||
|
then
|
||||||
|
export INSROOT=$RPM_BUILD_ROOT
|
||||||
|
fi
|
||||||
|
%makeinstall
|
||||||
|
mkdir -p $RPM_BUILD_ROOT/%{_libdir}
|
||||||
|
mv $RPM_BUILD_ROOT/%{_bindir}/libica.so $RPM_BUILD_ROOT/%{_libdir}
|
||||||
|
%endif
|
||||||
|
|
||||||
%clean
|
%clean
|
||||||
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
|
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
|
||||||
|
|
||||||
@ -246,6 +321,9 @@ rm -rf $RPM_BUILD_ROOT/%{_datadir}/ssl/misc/*.pl
|
|||||||
%attr(0644,root,root) %{_mandir}/man1*/[ABD-Zabcd-z]*
|
%attr(0644,root,root) %{_mandir}/man1*/[ABD-Zabcd-z]*
|
||||||
%attr(0644,root,root) %{_mandir}/man5*/*
|
%attr(0644,root,root) %{_mandir}/man5*/*
|
||||||
%attr(0644,root,root) %{_mandir}/man7*/*
|
%attr(0644,root,root) %{_mandir}/man7*/*
|
||||||
|
%ifarch s390 s390x
|
||||||
|
%attr(0755,root,root) %{_libdir}/libica.so
|
||||||
|
%endif
|
||||||
|
|
||||||
%ifnarch i686
|
%ifnarch i686
|
||||||
%files devel
|
%files devel
|
||||||
@ -269,6 +347,73 @@ rm -rf $RPM_BUILD_ROOT/%{_datadir}/ssl/misc/*.pl
|
|||||||
%postun -p /sbin/ldconfig
|
%postun -p /sbin/ldconfig
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Sep 24 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-20
|
||||||
|
- only parse a client cert if one was requested
|
||||||
|
- temporarily exclusivearch for %%{ix86}
|
||||||
|
|
||||||
|
* Tue Sep 23 2003 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- add security fixes for protocol parsing bugs (CAN-2003-0543, CAN-2003-0544)
|
||||||
|
and heap corruption (CAN-2003-0545)
|
||||||
|
- update RHNS-CA-CERT files
|
||||||
|
- ease back on the number of threads used in the threading test
|
||||||
|
|
||||||
|
* Wed Sep 17 2003 Matt Wilson <msw@redhat.com> 0.9.7a-19
|
||||||
|
- rebuild to fix gzipped file md5sums (#91211)
|
||||||
|
|
||||||
|
* Mon Aug 25 2003 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-18
|
||||||
|
- Updated libica to version 1.3.4.
|
||||||
|
|
||||||
|
* Thu Jul 17 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-17
|
||||||
|
- rebuild
|
||||||
|
|
||||||
|
* Tue Jul 15 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-10.9
|
||||||
|
- free the kssl_ctx structure when we free an SSL structure (#99066)
|
||||||
|
|
||||||
|
* Fri Jul 10 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-16
|
||||||
|
- rebuild
|
||||||
|
|
||||||
|
* Thu Jul 10 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-15
|
||||||
|
- lower thread test count on s390x
|
||||||
|
|
||||||
|
* Tue Jul 8 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-14
|
||||||
|
- rebuild
|
||||||
|
|
||||||
|
* Thu Jun 26 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-13
|
||||||
|
- disable assembly on arches where it seems to conflict with threading
|
||||||
|
|
||||||
|
* Thu Jun 26 2003 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-12
|
||||||
|
- Updated libica to latest upstream version 1.3.0
|
||||||
|
|
||||||
|
* Wed Jun 11 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-9.9
|
||||||
|
- rebuild
|
||||||
|
|
||||||
|
* Wed Jun 11 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-11
|
||||||
|
- rebuild
|
||||||
|
|
||||||
|
* Tue Jun 10 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-10
|
||||||
|
- ubsec: don't stomp on output data which might also be input data
|
||||||
|
|
||||||
|
* Tue Jun 10 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-9
|
||||||
|
- temporarily disable optimizations on ppc64
|
||||||
|
|
||||||
|
* Mon Jun 9 2003 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- backport fix for engine-used-for-everything from 0.9.7b
|
||||||
|
- backport fix for prng not being seeded causing problems, also from 0.9.7b
|
||||||
|
- add a check at build-time to ensure that RSA is thread-safe
|
||||||
|
- keep perlpath from stomping on the libica configure scripts
|
||||||
|
|
||||||
|
* Fri Jun 6 2003 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- thread-safety fix for RSA blinding
|
||||||
|
|
||||||
|
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com> 0.9.7a-8
|
||||||
|
- rebuilt
|
||||||
|
|
||||||
|
* Fri May 30 2003 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-7
|
||||||
|
- Added libica-1.2 to openssl (featurerequest).
|
||||||
|
|
||||||
|
* Wed Apr 16 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-6
|
||||||
|
- fix building with incorrect flags on ppc64
|
||||||
|
|
||||||
* Wed Mar 19 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-5
|
* Wed Mar 19 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-5
|
||||||
- add patch to harden against Klima-Pokorny-Rosa extension of Bleichenbacher's
|
- add patch to harden against Klima-Pokorny-Rosa extension of Bleichenbacher's
|
||||||
attack (CAN-2003-0131)
|
attack (CAN-2003-0131)
|
||||||
|
Loading…
Reference in New Issue
Block a user