- enable some new crypto algorithms and features
- add some more important bug fixes from openssl CVS
This commit is contained in:
parent
139aecb45e
commit
2a80bfda1d
64
openssl-0.9.8g-bn-mul-bug.patch
Normal file
64
openssl-0.9.8g-bn-mul-bug.patch
Normal file
@ -0,0 +1,64 @@
|
||||
openssl/crypto/bn/bn_mul.c 1.36.2.1 -> 1.36.2.2
|
||||
|
||||
--- openssl/crypto/bn/bn_mul.c 2007/07/08 18:54:30 1.36.2.1
|
||||
+++ openssl/crypto/bn/bn_mul.c 2007/11/03 20:09:29 1.36.2.2
|
||||
@@ -389,6 +389,7 @@
|
||||
* a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
|
||||
* a[1]*b[1]
|
||||
*/
|
||||
+/* dnX may not be positive, but n2/2+dnX has to be */
|
||||
void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
|
||||
int dna, int dnb, BN_ULONG *t)
|
||||
{
|
||||
@@ -398,7 +399,7 @@
|
||||
BN_ULONG ln,lo,*p;
|
||||
|
||||
# ifdef BN_COUNT
|
||||
- fprintf(stderr," bn_mul_recursive %d * %d\n",n2,n2);
|
||||
+ fprintf(stderr," bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb);
|
||||
# endif
|
||||
# ifdef BN_MUL_COMBA
|
||||
# if 0
|
||||
@@ -545,6 +546,7 @@
|
||||
|
||||
/* n+tn is the word length
|
||||
* t needs to be n*4 is size, as does r */
|
||||
+/* tnX may not be negative but less than n */
|
||||
void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
|
||||
int tna, int tnb, BN_ULONG *t)
|
||||
{
|
||||
@@ -553,8 +555,8 @@
|
||||
BN_ULONG ln,lo,*p;
|
||||
|
||||
# ifdef BN_COUNT
|
||||
- fprintf(stderr," bn_mul_part_recursive (%d+%d) * (%d+%d)\n",
|
||||
- tna, n, tnb, n);
|
||||
+ fprintf(stderr," bn_mul_part_recursive (%d%+d) * (%d%+d)\n",
|
||||
+ n, tna, n, tnb);
|
||||
# endif
|
||||
if (n < 8)
|
||||
{
|
||||
@@ -655,16 +657,19 @@
|
||||
for (;;)
|
||||
{
|
||||
i/=2;
|
||||
- if (i <= tna && tna == tnb)
|
||||
+ /* these simplified conditions work
|
||||
+ * exclusively because difference
|
||||
+ * between tna and tnb is 1 or 0 */
|
||||
+ if (i < tna || i < tnb)
|
||||
{
|
||||
- bn_mul_recursive(&(r[n2]),
|
||||
+ bn_mul_part_recursive(&(r[n2]),
|
||||
&(a[n]),&(b[n]),
|
||||
i,tna-i,tnb-i,p);
|
||||
break;
|
||||
}
|
||||
- else if (i < tna || i < tnb)
|
||||
+ else if (i == tna || i == tnb)
|
||||
{
|
||||
- bn_mul_part_recursive(&(r[n2]),
|
||||
+ bn_mul_recursive(&(r[n2]),
|
||||
&(a[n]),&(b[n]),
|
||||
i,tna-i,tnb-i,p);
|
||||
break;
|
13
openssl-0.9.8g-speed-bug.patch
Normal file
13
openssl-0.9.8g-speed-bug.patch
Normal file
@ -0,0 +1,13 @@
|
||||
openssl/apps/speed.c 1.126.2.8 -> 1.126.2.9
|
||||
|
||||
--- openssl/apps/speed.c 2007/05/13 15:04:14 1.126.2.8
|
||||
+++ openssl/apps/speed.c 2007/11/15 13:33:47 1.126.2.9
|
||||
@@ -577,7 +577,7 @@
|
||||
#define MAX_BLOCK_SIZE 64
|
||||
#endif
|
||||
unsigned char DES_iv[8];
|
||||
- unsigned char iv[MAX_BLOCK_SIZE/8];
|
||||
+ unsigned char iv[2*MAX_BLOCK_SIZE/8];
|
||||
#ifndef OPENSSL_NO_DES
|
||||
DES_cblock *buf_as_des_cblock = NULL;
|
||||
static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
|
14
openssl.spec
14
openssl.spec
@ -22,7 +22,7 @@
|
||||
Summary: The OpenSSL toolkit
|
||||
Name: openssl
|
||||
Version: 0.9.8g
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Source: openssl-%{version}-usa.tar.bz2
|
||||
Source1: hobble-openssl
|
||||
Source2: Makefile.certificate
|
||||
@ -52,7 +52,8 @@ Patch35: openssl-0.9.7-beta5-version-add-engines.patch
|
||||
Patch38: openssl-0.9.8a-reuse-cipher-change.patch
|
||||
Patch39: openssl-0.9.8g-ipv6-apps.patch
|
||||
# Backported fixes including security fixes
|
||||
# None yet
|
||||
Patch50: openssl-0.9.8g-speed-bug.patch
|
||||
Patch51: openssl-0.9.8g-bn-mul-bug.patch
|
||||
|
||||
License: OpenSSL
|
||||
Group: System Environment/Libraries
|
||||
@ -112,6 +113,8 @@ from other formats to the formats used by the OpenSSL toolkit.
|
||||
%patch35 -p1 -b .version-add-engines
|
||||
%patch38 -p1 -b .cipher-change
|
||||
%patch39 -p1 -b .ipv6-apps
|
||||
%patch50 -p1 -b .speed-bug
|
||||
%patch51 -p1 -b .bn-mul-bug
|
||||
|
||||
# Modify the various perl scripts to reference perl in the right location.
|
||||
perl util/perlpath.pl `dirname %{__perl}`
|
||||
@ -153,7 +156,8 @@ sslarch=linux-generic32
|
||||
# RPM_OPT_FLAGS, so we can skip specifiying them here.
|
||||
./Configure \
|
||||
--prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
|
||||
zlib no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa shared \
|
||||
zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
|
||||
no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa shared \
|
||||
--with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \
|
||||
-I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib} \
|
||||
${sslarch}
|
||||
@ -352,6 +356,10 @@ rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Tue Dec 4 2007 Tomas Mraz <tmraz@redhat.com> 0.9.8g-2
|
||||
- enable some new crypto algorithms and features
|
||||
- add some more important bug fixes from openssl CVS
|
||||
|
||||
* Mon Dec 3 2007 Tomas Mraz <tmraz@redhat.com> 0.9.8g-1
|
||||
- update to latest upstream release, SONAME bumped to 7
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user