rpms/openssl-ibmca
6
0
Fork 0
Code Issues Pull Requests Releases Activity

make the libica dependecies versioned

Browse Source 
- fix segfaults in OFB mode (#749638)
This commit is contained in:
Dan Horák 2012-04-20 10:48:18 +02:00
parent bb331b8e00
commit 379d500d96
2 changed files with 70 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
openssl-ibmca-1.2.0-ofb.patch Normal file
View File

@ -0,0 +1,59 @@
--- e_ibmca.c.orig 2011-08-11 20:22:47.000000000 +0200
+++ e_ibmca.c 2011-08-11 20:24:42.000000000 +0200
@@ -883,8 +883,7 @@ typedef unsigned int (*ica_sha256_t)(uns
sha256_context_t *, unsigned char *);
typedef unsigned int (*ica_des_ofb_t)(const unsigned char *in_data, unsigned char *out_data,
unsigned long data_length, const unsigned char *key,
- unsigned int key_length, unsigned char *iv,
- unsigned int direction);
+ unsigned char *iv, unsigned int direction);
typedef unsigned int (*ica_des_cfb_t)(const unsigned char *in_data, unsigned char *out_data,
unsigned long data_length, const unsigned char *key,
unsigned char *iv, unsigned int lcfb,
@@ -894,8 +893,7 @@ typedef unsigned int (*ica_3des_cfb_t)(c
unsigned int, unsigned int);
typedef unsigned int (*ica_3des_ofb_t)(const unsigned char *in_data, unsigned char *out_data,
unsigned long data_length, const unsigned char *key,
- unsigned int key_length, unsigned char *iv,
- unsigned int direction);
+ unsigned char *iv, unsigned int direction);
typedef unsigned int (*ica_aes_ofb_t)(const unsigned char *in_data, unsigned char *out_data,
unsigned long data_length, const unsigned char *key,
unsigned int key_length, unsigned char *iv,
@@ -1192,7 +1190,7 @@ static int ibmca_des_cipher(EVP_CIPHER_C
rv = p_ica_des_cfb(in, out, len, pCtx->key, ctx->iv,
8, ICA_ENCRYPT);
} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
- rv = p_ica_des_ofb(in, out, len, pCtx->key, 8, ctx->iv,
+ rv = p_ica_des_ofb(in, out, len, pCtx->key, ctx->iv,
ICA_ENCRYPT);
} else {
rv = p_ica_des_encrypt(mode, len, (unsigned char *)in,
@@ -1218,7 +1216,7 @@ static int ibmca_des_cipher(EVP_CIPHER_C
rv = p_ica_des_cfb(in, out, len, pCtx->key, ctx->iv,
8, ICA_DECRYPT);
} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
- rv = p_ica_des_ofb(in, out, len, pCtx->key, 8, ctx->iv,
+ rv = p_ica_des_ofb(in, out, len, pCtx->key, ctx->iv,
ICA_DECRYPT);
} else {
/* Protect against decrypt in place */
@@ -1269,7 +1267,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_
ctx->iv, 8, ICA_ENCRYPT);
} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
rv = p_ica_3des_ofb(in, out, len, pCtx->key,
- 8, ctx->iv, ICA_ENCRYPT);
+ ctx->iv, ICA_ENCRYPT);
} else {
rv = p_ica_3des_encrypt(mode, len, (unsigned char *)in,
(ica_des_vector_t *) ctx->iv,
@@ -1295,7 +1293,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_
ctx->iv, 8, ICA_DECRYPT);
} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
rv = p_ica_3des_ofb(in, out, len, pCtx->key,
- 8, ctx->iv, ICA_DECRYPT);
+ ctx->iv, ICA_DECRYPT);
} else {
/* Protect against decrypt in place */
/* FIXME: Again, check if EVP_CIPHER_CTX_iv_length() should be used */

21
openssl-ibmca.spec
View File

@ -1,16 +1,18 @@
Summary: A dynamic OpenSSL engine for IBMCA Summary: A dynamic OpenSSL engine for IBMCA
Name: openssl-ibmca Name: openssl-ibmca
Version: 1.2.0 Version: 1.2.0
Release: 2%{?dist} Release: 3%{?dist}
License: OpenSSL License: OpenSSL
Group: System Environment/Libraries Group: System Environment/Libraries
URL: http://sourceforge.net/projects/opencryptoki URL: http://sourceforge.net/projects/opencryptoki
Source0: http://downloads.sourceforge.net/opencryptoki/%{name}-%{version}.tar.gz Source0: http://downloads.sourceforge.net/opencryptoki/%{name}-%{version}.tar.gz
# https://bugzilla.redhat.com/show_bug.cgi?id=584765 # https://bugzilla.redhat.com/show_bug.cgi?id=584765
Patch0: openssl-ibmca-1.2.0-libica-soname.patch Patch0: openssl-ibmca-1.2.0-libica-soname.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) # https://bugzilla.redhat.com/show_bug.cgi?id=749638
Requires: libica Patch1: openssl-ibmca-1.2.0-ofb.patch
BuildRequires: libica-devel automake libtool Requires: libica >= 2.1.0
BuildRequires: libica-devel >= 2.1.0
BuildRequires: automake libtool
ExclusiveArch: s390 s390x ExclusiveArch: s390 s390x
%description %description
@ -20,6 +22,7 @@ A dynamic OpenSSL engine for IBMCA crypto hardware on IBM zSeries machines.
%prep %prep
%setup -q %setup -q
%patch0 -p1 -b .libica-soname %patch0 -p1 -b .libica-soname
%patch1 -p0 -b .ofb
sh ./bootstrap.sh sh ./bootstrap.sh
@ -30,7 +33,6 @@ make %{?_smp_mflags}
%install %install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT
rm -f $RPM_BUILD_ROOT%{_libdir}/libibmca.la rm -f $RPM_BUILD_ROOT%{_libdir}/libibmca.la
@ -38,17 +40,16 @@ mkdir -p $RPM_BUILD_ROOT%{_libdir}/openssl/engines
mv $RPM_BUILD_ROOT%{_libdir}/*.so $RPM_BUILD_ROOT%{_libdir}/openssl/engines mv $RPM_BUILD_ROOT%{_libdir}/*.so $RPM_BUILD_ROOT%{_libdir}/openssl/engines
%clean
rm -rf $RPM_BUILD_ROOT
%files %files
%defattr(-,root,root,-)
%doc README openssl.cnf.sample %doc README openssl.cnf.sample
%{_libdir}/openssl/engines/libibmca.so %{_libdir}/openssl/engines/libibmca.so
%changelog %changelog
* Fri Apr 20 2012 Dan Horák <dan[at]danny.cz - 1.2.0-3
- make the libica dependecies versioned
- fix segfaults in OFB mode (#749638)
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.0-2 * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild