make the libica dependecies versioned
- fix segfaults in OFB mode (#749638)
This commit is contained in:
Dan Horák
parent
bb331b8e00
commit
379d500d96
59
openssl-ibmca-1.2.0-ofb.patch
Normal file
59
openssl-ibmca-1.2.0-ofb.patch
Normal file
@ -0,0 +1,59 @@
|
||||
--- e_ibmca.c.orig 2011-08-11 20:22:47.000000000 +0200
|
||||
+++ e_ibmca.c 2011-08-11 20:24:42.000000000 +0200
|
||||
@@ -883,8 +883,7 @@ typedef unsigned int (*ica_sha256_t)(uns
|
||||
sha256_context_t *, unsigned char *);
|
||||
typedef unsigned int (*ica_des_ofb_t)(const unsigned char *in_data, unsigned char *out_data,
|
||||
unsigned long data_length, const unsigned char *key,
|
||||
- unsigned int key_length, unsigned char *iv,
|
||||
- unsigned int direction);
|
||||
+ unsigned char *iv, unsigned int direction);
|
||||
typedef unsigned int (*ica_des_cfb_t)(const unsigned char *in_data, unsigned char *out_data,
|
||||
unsigned long data_length, const unsigned char *key,
|
||||
unsigned char *iv, unsigned int lcfb,
|
||||
@@ -894,8 +893,7 @@ typedef unsigned int (*ica_3des_cfb_t)(c
|
||||
unsigned int, unsigned int);
|
||||
typedef unsigned int (*ica_3des_ofb_t)(const unsigned char *in_data, unsigned char *out_data,
|
||||
unsigned long data_length, const unsigned char *key,
|
||||
- unsigned int key_length, unsigned char *iv,
|
||||
- unsigned int direction);
|
||||
+ unsigned char *iv, unsigned int direction);
|
||||
typedef unsigned int (*ica_aes_ofb_t)(const unsigned char *in_data, unsigned char *out_data,
|
||||
unsigned long data_length, const unsigned char *key,
|
||||
unsigned int key_length, unsigned char *iv,
|
||||
@@ -1192,7 +1190,7 @@ static int ibmca_des_cipher(EVP_CIPHER_C
|
||||
rv = p_ica_des_cfb(in, out, len, pCtx->key, ctx->iv,
|
||||
8, ICA_ENCRYPT);
|
||||
} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
|
||||
- rv = p_ica_des_ofb(in, out, len, pCtx->key, 8, ctx->iv,
|
||||
+ rv = p_ica_des_ofb(in, out, len, pCtx->key, ctx->iv,
|
||||
ICA_ENCRYPT);
|
||||
} else {
|
||||
rv = p_ica_des_encrypt(mode, len, (unsigned char *)in,
|
||||
@@ -1218,7 +1216,7 @@ static int ibmca_des_cipher(EVP_CIPHER_C
|
||||
rv = p_ica_des_cfb(in, out, len, pCtx->key, ctx->iv,
|
||||
8, ICA_DECRYPT);
|
||||
} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
|
||||
- rv = p_ica_des_ofb(in, out, len, pCtx->key, 8, ctx->iv,
|
||||
+ rv = p_ica_des_ofb(in, out, len, pCtx->key, ctx->iv,
|
||||
ICA_DECRYPT);
|
||||
} else {
|
||||
/* Protect against decrypt in place */
|
||||
@@ -1269,7 +1267,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_
|
||||
ctx->iv, 8, ICA_ENCRYPT);
|
||||
} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
|
||||
rv = p_ica_3des_ofb(in, out, len, pCtx->key,
|
||||
- 8, ctx->iv, ICA_ENCRYPT);
|
||||
+ ctx->iv, ICA_ENCRYPT);
|
||||
} else {
|
||||
rv = p_ica_3des_encrypt(mode, len, (unsigned char *)in,
|
||||
(ica_des_vector_t *) ctx->iv,
|
||||
@@ -1295,7 +1293,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_
|
||||
ctx->iv, 8, ICA_DECRYPT);
|
||||
} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
|
||||
rv = p_ica_3des_ofb(in, out, len, pCtx->key,
|
||||
- 8, ctx->iv, ICA_DECRYPT);
|
||||
+ ctx->iv, ICA_DECRYPT);
|
||||
} else {
|
||||
/* Protect against decrypt in place */
|
||||
/* FIXME: Again, check if EVP_CIPHER_CTX_iv_length() should be used */
|
||||
|
||||
@ -1,16 +1,18 @@
|
||||
Summary: A dynamic OpenSSL engine for IBMCA
|
||||
Name: openssl-ibmca
|
||||
Version: 1.2.0
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: OpenSSL
|
||||
Group: System Environment/Libraries
|
||||
URL: http://sourceforge.net/projects/opencryptoki
|
||||
Source0: http://downloads.sourceforge.net/opencryptoki/%{name}-%{version}.tar.gz
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=584765
|
||||
Patch0: openssl-ibmca-1.2.0-libica-soname.patch
|
||||
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
Requires: libica
|
||||
BuildRequires: libica-devel automake libtool
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=749638
|
||||
Patch1: openssl-ibmca-1.2.0-ofb.patch
|
||||
Requires: libica >= 2.1.0
|
||||
BuildRequires: libica-devel >= 2.1.0
|
||||
BuildRequires: automake libtool
|
||||
ExclusiveArch: s390 s390x
|
||||
|
||||
%description
|
||||
@ -20,6 +22,7 @@ A dynamic OpenSSL engine for IBMCA crypto hardware on IBM zSeries machines.
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1 -b .libica-soname
|
||||
%patch1 -p0 -b .ofb
|
||||
|
||||
sh ./bootstrap.sh
|
||||
|
||||
@ -30,7 +33,6 @@ make %{?_smp_mflags}
|
||||
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
make install DESTDIR=$RPM_BUILD_ROOT
|
||||
|
||||
rm -f $RPM_BUILD_ROOT%{_libdir}/libibmca.la
|
||||
@ -38,17 +40,16 @@ mkdir -p $RPM_BUILD_ROOT%{_libdir}/openssl/engines
|
||||
mv $RPM_BUILD_ROOT%{_libdir}/*.so $RPM_BUILD_ROOT%{_libdir}/openssl/engines
|
||||
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
|
||||
%files
|
||||
%defattr(-,root,root,-)
|
||||
%doc README openssl.cnf.sample
|
||||
%{_libdir}/openssl/engines/libibmca.so
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Apr 20 2012 Dan Horák <dan[at]danny.cz - 1.2.0-3
|
||||
- make the libica dependecies versioned
|
||||
- fix segfaults in OFB mode (#749638)
|
||||
|
||||
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user