From 379d500d96ab4a7127dc71c0912722aad42d7a24 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Fri, 20 Apr 2012 10:48:18 +0200
Subject: [PATCH] make the libica dependecies versioned

- fix segfaults in OFB mode (#749638)
---
 openssl-ibmca-1.2.0-ofb.patch | 59 +++++++++++++++++++++++++++++++++++
 openssl-ibmca.spec            | 21 +++++++------
 2 files changed, 70 insertions(+), 10 deletions(-)
 create mode 100644 openssl-ibmca-1.2.0-ofb.patch

diff --git a/openssl-ibmca-1.2.0-ofb.patch b/openssl-ibmca-1.2.0-ofb.patch
new file mode 100644
index 0000000..5befc0f
--- /dev/null
+++ b/openssl-ibmca-1.2.0-ofb.patch
@@ -0,0 +1,59 @@
+--- e_ibmca.c.orig	2011-08-11 20:22:47.000000000 +0200
++++ e_ibmca.c	2011-08-11 20:24:42.000000000 +0200
+@@ -883,8 +883,7 @@ typedef unsigned int (*ica_sha256_t)(uns
+ 			sha256_context_t *, unsigned char *);
+ typedef unsigned int (*ica_des_ofb_t)(const unsigned char *in_data, unsigned char *out_data,
+ 			 unsigned long data_length, const unsigned char *key,
+-			 unsigned int key_length, unsigned char *iv,
+-			 unsigned int direction);
++			 unsigned char *iv, unsigned int direction);
+ typedef unsigned int (*ica_des_cfb_t)(const unsigned char *in_data, unsigned char *out_data,
+ 			 unsigned long data_length, const unsigned char *key,
+ 			 unsigned char *iv, unsigned int lcfb,
+@@ -894,8 +893,7 @@ typedef unsigned int (*ica_3des_cfb_t)(c
+ 			unsigned int, unsigned int);
+ typedef unsigned int (*ica_3des_ofb_t)(const unsigned char *in_data, unsigned char *out_data,
+ 			  unsigned long data_length, const unsigned char *key,
+-			  unsigned int key_length, unsigned char *iv,
+-			  unsigned int direction);
++			  unsigned char *iv, unsigned int direction);
+ typedef unsigned int (*ica_aes_ofb_t)(const unsigned char *in_data, unsigned char *out_data,
+ 			 unsigned long data_length, const unsigned char *key,
+ 			 unsigned int key_length, unsigned char *iv,
+@@ -1192,7 +1190,7 @@ static int ibmca_des_cipher(EVP_CIPHER_C
+ 			rv = p_ica_des_cfb(in, out, len, pCtx->key, ctx->iv,
+ 					   8, ICA_ENCRYPT);
+ 		} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
+-			rv = p_ica_des_ofb(in, out, len, pCtx->key, 8, ctx->iv,
++			rv = p_ica_des_ofb(in, out, len, pCtx->key, ctx->iv,
+ 					   ICA_ENCRYPT);
+ 		} else {
+ 			rv = p_ica_des_encrypt(mode, len, (unsigned char *)in,
+@@ -1218,7 +1216,7 @@ static int ibmca_des_cipher(EVP_CIPHER_C
+ 			rv = p_ica_des_cfb(in, out, len, pCtx->key, ctx->iv,
+ 					   8, ICA_DECRYPT);
+ 		} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
+-			rv = p_ica_des_ofb(in, out, len, pCtx->key, 8, ctx->iv,
++			rv = p_ica_des_ofb(in, out, len, pCtx->key, ctx->iv,
+ 					   ICA_DECRYPT);
+ 		} else {
+ 			/* Protect against decrypt in place */
+@@ -1269,7 +1267,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_
+ 					ctx->iv, 8, ICA_ENCRYPT);
+ 		} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
+ 			rv = p_ica_3des_ofb(in, out, len, pCtx->key,
+-					8, ctx->iv, ICA_ENCRYPT);
++					ctx->iv, ICA_ENCRYPT);
+ 		} else {
+ 			rv = p_ica_3des_encrypt(mode, len, (unsigned char *)in,
+ 						(ica_des_vector_t *) ctx->iv,
+@@ -1295,7 +1293,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_
+ 					ctx->iv, 8, ICA_DECRYPT);
+ 		} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
+ 			rv = p_ica_3des_ofb(in, out, len, pCtx->key,
+-					8, ctx->iv, ICA_DECRYPT);
++					ctx->iv, ICA_DECRYPT);
+ 		} else {
+ 			/* Protect against decrypt in place */
+ 			/* FIXME: Again, check if EVP_CIPHER_CTX_iv_length() should be used */
+
diff --git a/openssl-ibmca.spec b/openssl-ibmca.spec
index 9add1fd..34bc689 100644
--- a/openssl-ibmca.spec
+++ b/openssl-ibmca.spec
@@ -1,16 +1,18 @@
 Summary: A dynamic OpenSSL engine for IBMCA
 Name: openssl-ibmca
 Version: 1.2.0
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: OpenSSL
 Group: System Environment/Libraries
 URL: http://sourceforge.net/projects/opencryptoki
 Source0: http://downloads.sourceforge.net/opencryptoki/%{name}-%{version}.tar.gz
 # https://bugzilla.redhat.com/show_bug.cgi?id=584765
 Patch0: openssl-ibmca-1.2.0-libica-soname.patch
-Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Requires: libica
-BuildRequires: libica-devel automake libtool
+# https://bugzilla.redhat.com/show_bug.cgi?id=749638
+Patch1: openssl-ibmca-1.2.0-ofb.patch
+Requires: libica >= 2.1.0
+BuildRequires: libica-devel >= 2.1.0
+BuildRequires: automake libtool
 ExclusiveArch: s390 s390x
 
 %description
@@ -20,6 +22,7 @@ A dynamic OpenSSL engine for IBMCA crypto hardware on IBM zSeries machines.
 %prep
 %setup -q
 %patch0 -p1 -b .libica-soname
+%patch1 -p0 -b .ofb
 
 sh ./bootstrap.sh
 
@@ -30,7 +33,6 @@ make %{?_smp_mflags}
 
 
 %install
-rm -rf $RPM_BUILD_ROOT
 make install DESTDIR=$RPM_BUILD_ROOT
 
 rm -f $RPM_BUILD_ROOT%{_libdir}/libibmca.la
@@ -38,17 +40,16 @@ mkdir -p $RPM_BUILD_ROOT%{_libdir}/openssl/engines
 mv $RPM_BUILD_ROOT%{_libdir}/*.so $RPM_BUILD_ROOT%{_libdir}/openssl/engines
 
 
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-
 %files
-%defattr(-,root,root,-)
 %doc README openssl.cnf.sample
 %{_libdir}/openssl/engines/libibmca.so
 
 
 %changelog
+* Fri Apr 20 2012 Dan Horák <dan[at]danny.cz - 1.2.0-3
+- make the libica dependecies versioned
+- fix segfaults in OFB mode (#749638)
+
 * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild