jonathan/openssl
1
0
Fork 0
forked from rpms/openssl
Code Pull Requests Activity

- update to final 1.0.0 upstream release

Browse Source
This commit is contained in:
Tomáš Mráz 2010-03-30 09:57:36 +00:00
parent 129cd80b24
commit f07ff38d38
7 changed files with 439 additions and 611 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cvsignore
View File

@ -1 +1 @@
openssl-1.0.0-beta5-usa.tar.bz2 openssl-1.0.0-usa.tar.bz2

109
openssl-1.0.0-beta5-cleanse.patch
View File

@ -1,109 +0,0 @@
Gracefully handle zero length in assembler implementations of OPENSSL_cleanse.
diff -up openssl-1.0.0-beta5/crypto/ia64cpuid.S.cleanse openssl-1.0.0-beta5/crypto/ia64cpuid.S
--- openssl-1.0.0-beta5/crypto/ia64cpuid.S.cleanse 2007-07-27 20:03:27.000000000 +0200
+++ openssl-1.0.0-beta5/crypto/ia64cpuid.S 2010-02-12 18:13:52.000000000 +0100
@@ -130,9 +130,11 @@ OPENSSL_wipe_cpu:
.global OPENSSL_cleanse#
.proc OPENSSL_cleanse#
OPENSSL_cleanse:
+{ .mib; cmp.eq p6,p0=0,r33 // len==0
#if defined(_HPUX_SOURCE) && !defined(_LP64)
-{ .mmi; addp4 r32=0,r32 };;
+ addp4 r32=0,r32
#endif
+(p6) br.ret.spnt b0 };;
{ .mib; and r2=7,r32
cmp.leu p6,p0=15,r33 // len>=15
(p6) br.cond.dptk .Lot };;
diff -up openssl-1.0.0-beta5/crypto/perlasm/ppc-xlate.pl.cleanse openssl-1.0.0-beta5/crypto/perlasm/ppc-xlate.pl
--- openssl-1.0.0-beta5/crypto/perlasm/ppc-xlate.pl.cleanse 2008-01-13 23:01:29.000000000 +0100
+++ openssl-1.0.0-beta5/crypto/perlasm/ppc-xlate.pl 2010-02-12 18:13:52.000000000 +0100
@@ -101,6 +101,13 @@ my $bnelr = sub {
" .long ".sprintf "0x%x",19<<26|$bo<<21|2<<16|16<<1 :
" bclr $bo,2";
};
+my $beqlr = sub {
+ my $f = shift;
+ my $bo = $f=~/-/ ? 12+2 : 12; # optional "not to be taken" hint
+ ($flavour =~ /linux/) ? # GNU as doesn't allow most recent hints
+ " .long ".sprintf "0x%X",19<<26|$bo<<21|2<<16|16<<1 :
+ " bclr $bo,2";
+};
# GNU assembler can't handle extrdi rA,rS,16,48, or when sum of last two
# arguments is 64, with "operand out of range" error.
my $extrdi = sub {
diff -up openssl-1.0.0-beta5/crypto/ppccpuid.pl.cleanse openssl-1.0.0-beta5/crypto/ppccpuid.pl
--- openssl-1.0.0-beta5/crypto/ppccpuid.pl.cleanse 2008-09-12 16:45:53.000000000 +0200
+++ openssl-1.0.0-beta5/crypto/ppccpuid.pl 2010-02-12 18:13:52.000000000 +0100
@@ -67,6 +67,8 @@ Loop: lwarx r5,0,r3
$CMPLI r4,7
li r0,0
bge Lot
+ $CMPLI r4,0
+ beqlr-
Little: mtctr r4
stb r0,0(r3)
addi r3,r3,1
diff -up openssl-1.0.0-beta5/crypto/sparccpuid.S.cleanse openssl-1.0.0-beta5/crypto/sparccpuid.S
--- openssl-1.0.0-beta5/crypto/sparccpuid.S.cleanse 2007-05-19 19:26:48.000000000 +0200
+++ openssl-1.0.0-beta5/crypto/sparccpuid.S 2010-02-12 18:13:52.000000000 +0100
@@ -242,6 +242,10 @@ OPENSSL_cleanse:
#else
bgu .Lot
#endif
+ cmp %o1,0
+ bne .Little
+ nop
+ retl
nop
.Little:
diff -up openssl-1.0.0-beta5/crypto/s390xcpuid.S.cleanse openssl-1.0.0-beta5/crypto/s390xcpuid.S
--- openssl-1.0.0-beta5/crypto/s390xcpuid.S.cleanse 2010-01-19 22:40:56.000000000 +0100
+++ openssl-1.0.0-beta5/crypto/s390xcpuid.S 2010-02-12 18:13:52.000000000 +0100
@@ -62,6 +62,8 @@ OPENSSL_cleanse:
lghi %r0,0
clgr %r3,%r4
jh .Lot
+ clgr %r3,%r0
+ bcr 8,%r14
.Little:
stc %r0,0(%r2)
la %r2,1(%r2)
diff -up openssl-1.0.0-beta5/crypto/x86cpuid.pl.cleanse openssl-1.0.0-beta5/crypto/x86cpuid.pl
--- openssl-1.0.0-beta5/crypto/x86cpuid.pl.cleanse 2009-05-14 20:25:29.000000000 +0200
+++ openssl-1.0.0-beta5/crypto/x86cpuid.pl 2010-02-12 18:13:52.000000000 +0100
@@ -279,11 +279,14 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
&xor ("eax","eax");
&cmp ("ecx",7);
&jae (&label("lot"));
+ &cmp ("ecx",0);
+ &je (&label("ret"));
&set_label("little");
&mov (&BP(0,"edx"),"al");
&sub ("ecx",1);
&lea ("edx",&DWP(1,"edx"));
&jnz (&label("little"));
+&set_label("ret");
&ret ();
&set_label("lot",16);
diff -up openssl-1.0.0-beta5/crypto/x86_64cpuid.pl.cleanse openssl-1.0.0-beta5/crypto/x86_64cpuid.pl
--- openssl-1.0.0-beta5/crypto/x86_64cpuid.pl.cleanse 2009-05-14 20:25:29.000000000 +0200
+++ openssl-1.0.0-beta5/crypto/x86_64cpuid.pl 2010-02-12 18:13:52.000000000 +0100
@@ -145,12 +145,14 @@ OPENSSL_cleanse:
xor %rax,%rax
cmp \$15,$arg2
jae .Lot
+ cmp \$0,$arg2
+ je .Lret
.Little:
mov %al,($arg1)
sub \$1,$arg2
lea 1($arg1),$arg1
jnz .Little
- ret
+.Lret: ret
.align 16
.Lot:
test \$7,$arg1

14
openssl-1.0.0-beta5-version.patch
View File

@ -1,14 +0,0 @@
We have to keep the beta status on 3 as some applications (OpenSSH) incorrectly insist
on having the same beta status of OpenSSL library as they were built against.
diff -up openssl-1.0.0-beta5/crypto/opensslv.h.version openssl-1.0.0-beta5/crypto/opensslv.h
--- openssl-1.0.0-beta5/crypto/opensslv.h.version 2010-01-20 18:16:43.000000000 +0100
+++ openssl-1.0.0-beta5/crypto/opensslv.h 2010-01-20 20:20:23.000000000 +0100
@@ -25,7 +25,7 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x10000005L
+#define OPENSSL_VERSION_NUMBER 0x10000003L
#ifdef OPENSSL_FIPS
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0-fips-beta5 20 Jan 2010"
#else

893
openssl-1.0.0-beta5-fips.patch → openssl-1.0.0-fips.patch
View File

File diff suppressed because it is too large Load Diff

13
openssl-1.0.0-version.patch Normal file
View File

@ -0,0 +1,13 @@
diff -up openssl-1.0.0/crypto/opensslv.h.version openssl-1.0.0/crypto/opensslv.h
--- openssl-1.0.0/crypto/opensslv.h.version 2010-03-30 10:59:26.000000000 +0200
+++ openssl-1.0.0/crypto/opensslv.h 2010-03-30 11:00:52.000000000 +0200
@@ -25,7 +25,8 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x1000000fL
+/* we have to keep the version number to not break the abi */
+#define OPENSSL_VERSION_NUMBER 0x10000003L
#ifdef OPENSSL_FIPS
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0-fips 29 Mar 2010"
#else

17
openssl.spec
View File

@ -11,8 +11,6 @@
# 1.0.0 soversion = 10 # 1.0.0 soversion = 10
%define soversion 10 %define soversion 10
%define beta beta5
# Number of threads to spawn when testing some threading fixes. # Number of threads to spawn when testing some threading fixes.
%define thread_test_threads %{?threads:%{threads}}%{!?threads:1} %define thread_test_threads %{?threads:%{threads}}%{!?threads:1}
@ -23,10 +21,10 @@
Summary: A general purpose cryptography library with TLS implementation Summary: A general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 1.0.0 Version: 1.0.0
Release: 0.22.%{beta}%{?dist} Release: 1%{?dist}
# We remove certain patented algorithms from the openssl source tarball # We remove certain patented algorithms from the openssl source tarball
# with the hobble-openssl script which is included below. # with the hobble-openssl script which is included below.
Source: openssl-%{version}-%{beta}-usa.tar.bz2 Source: openssl-%{version}-usa.tar.bz2
Source1: hobble-openssl Source1: hobble-openssl
Source2: Makefile.certificate Source2: Makefile.certificate
Source6: make-dummy-cert Source6: make-dummy-cert
@ -51,7 +49,7 @@ Patch34: openssl-0.9.6-x509.patch
Patch35: openssl-0.9.8j-version-add-engines.patch Patch35: openssl-0.9.8j-version-add-engines.patch
Patch38: openssl-1.0.0-beta5-cipher-change.patch Patch38: openssl-1.0.0-beta5-cipher-change.patch
Patch39: openssl-1.0.0-beta5-ipv6-apps.patch Patch39: openssl-1.0.0-beta5-ipv6-apps.patch
Patch40: openssl-1.0.0-beta5-fips.patch Patch40: openssl-1.0.0-fips.patch
Patch41: openssl-1.0.0-beta3-fipscheck.patch Patch41: openssl-1.0.0-beta3-fipscheck.patch
Patch43: openssl-1.0.0-beta3-fipsmode.patch Patch43: openssl-1.0.0-beta3-fipsmode.patch
Patch44: openssl-1.0.0-beta3-fipsrng.patch Patch44: openssl-1.0.0-beta3-fipsrng.patch
@ -59,10 +57,9 @@ Patch45: openssl-0.9.8j-env-nozlib.patch
Patch47: openssl-1.0.0-beta5-readme-warning.patch Patch47: openssl-1.0.0-beta5-readme-warning.patch
Patch49: openssl-1.0.0-beta4-algo-doc.patch Patch49: openssl-1.0.0-beta4-algo-doc.patch
Patch50: openssl-1.0.0-beta4-dtls1-abi.patch Patch50: openssl-1.0.0-beta4-dtls1-abi.patch
Patch51: openssl-1.0.0-beta5-version.patch Patch51: openssl-1.0.0-version.patch
Patch52: openssl-1.0.0-beta4-aesni.patch Patch52: openssl-1.0.0-beta4-aesni.patch
# Backported fixes including security fixes # Backported fixes including security fixes
Patch53: openssl-1.0.0-beta5-cleanse.patch
License: OpenSSL License: OpenSSL
Group: System Environment/Libraries Group: System Environment/Libraries
@ -112,7 +109,7 @@ package provides Perl scripts for converting certificates and keys
from other formats to the formats used by the OpenSSL toolkit. from other formats to the formats used by the OpenSSL toolkit.
%prep %prep
%setup -q -n %{name}-%{version}-%{beta} %setup -q -n %{name}-%{version}
%{SOURCE1} > /dev/null %{SOURCE1} > /dev/null
%patch0 -p1 -b .redhat %patch0 -p1 -b .redhat
@ -141,7 +138,6 @@ from other formats to the formats used by the OpenSSL toolkit.
%patch50 -p1 -b .dtls1-abi %patch50 -p1 -b .dtls1-abi
%patch51 -p1 -b .version %patch51 -p1 -b .version
%patch52 -p1 -b .aesni %patch52 -p1 -b .aesni
%patch53 -p1 -b .cleanse
# Modify the various perl scripts to reference perl in the right location. # Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}` perl util/perlpath.pl `dirname %{__perl}`
@ -387,6 +383,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun -p /sbin/ldconfig %postun -p /sbin/ldconfig
%changelog %changelog
* Tue Mar 30 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-1
- update to final 1.0.0 upstream release
* Tue Feb 16 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.22.beta5 * Tue Feb 16 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.22.beta5
- make TLS work in the FIPS mode - make TLS work in the FIPS mode

2
sources
View File

@ -1 +1 @@
531160d84017cb52e3c23b52cca0d5cf openssl-1.0.0-beta5-usa.tar.bz2 f1d0d73327d74b302f503763bddf1cf8 openssl-1.0.0-usa.tar.bz2