rpms/openssl
8
1
Fork 1
Code Issues Pull Requests Releases Activity

- enable some new crypto algorithms and features

Browse Source 
- add some more important bug fixes from openssl CVS
This commit is contained in:
Tomáš Mráz 2007-12-03 19:57:11 +00:00
parent 139aecb45e
commit 2a80bfda1d
3 changed files with 88 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
openssl-0.9.8g-bn-mul-bug.patch Normal file
View File

@ -0,0 +1,64 @@
openssl/crypto/bn/bn_mul.c 1.36.2.1 -> 1.36.2.2
--- openssl/crypto/bn/bn_mul.c 2007/07/08 18:54:30 1.36.2.1
+++ openssl/crypto/bn/bn_mul.c 2007/11/03 20:09:29 1.36.2.2
@@ -389,6 +389,7 @@
* a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
* a[1]*b[1]
*/
+/* dnX may not be positive, but n2/2+dnX has to be */
void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
int dna, int dnb, BN_ULONG *t)
{
@@ -398,7 +399,7 @@
BN_ULONG ln,lo,*p;
# ifdef BN_COUNT
- fprintf(stderr," bn_mul_recursive %d * %d\n",n2,n2);
+ fprintf(stderr," bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb);
# endif
# ifdef BN_MUL_COMBA
# if 0
@@ -545,6 +546,7 @@
/* n+tn is the word length
* t needs to be n*4 is size, as does r */
+/* tnX may not be negative but less than n */
void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
int tna, int tnb, BN_ULONG *t)
{
@@ -553,8 +555,8 @@
BN_ULONG ln,lo,*p;
# ifdef BN_COUNT
- fprintf(stderr," bn_mul_part_recursive (%d+%d) * (%d+%d)\n",
- tna, n, tnb, n);
+ fprintf(stderr," bn_mul_part_recursive (%d%+d) * (%d%+d)\n",
+ n, tna, n, tnb);
# endif
if (n < 8)
{
@@ -655,16 +657,19 @@
for (;;)
{
i/=2;
- if (i <= tna && tna == tnb)
+ /* these simplified conditions work
+ * exclusively because difference
+ * between tna and tnb is 1 or 0 */
+ if (i < tna || i < tnb)
{
- bn_mul_recursive(&(r[n2]),
+ bn_mul_part_recursive(&(r[n2]),
&(a[n]),&(b[n]),
i,tna-i,tnb-i,p);
break;
}
- else if (i < tna || i < tnb)
+ else if (i == tna || i == tnb)
{
- bn_mul_part_recursive(&(r[n2]),
+ bn_mul_recursive(&(r[n2]),
&(a[n]),&(b[n]),
i,tna-i,tnb-i,p);
break;

13
openssl-0.9.8g-speed-bug.patch Normal file
View File

@ -0,0 +1,13 @@
openssl/apps/speed.c 1.126.2.8 -> 1.126.2.9
--- openssl/apps/speed.c 2007/05/13 15:04:14 1.126.2.8
+++ openssl/apps/speed.c 2007/11/15 13:33:47 1.126.2.9
@@ -577,7 +577,7 @@
#define MAX_BLOCK_SIZE 64
#endif
unsigned char DES_iv[8];
- unsigned char iv[MAX_BLOCK_SIZE/8];
+ unsigned char iv[2*MAX_BLOCK_SIZE/8];
#ifndef OPENSSL_NO_DES
DES_cblock *buf_as_des_cblock = NULL;
static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};

14
openssl.spec
View File

@ -22,7 +22,7 @@
Summary: The OpenSSL toolkit Summary: The OpenSSL toolkit
Name: openssl Name: openssl
Version: 0.9.8g Version: 0.9.8g
Release: 1%{?dist} Release: 2%{?dist}
Source: openssl-%{version}-usa.tar.bz2 Source: openssl-%{version}-usa.tar.bz2
Source1: hobble-openssl Source1: hobble-openssl
Source2: Makefile.certificate Source2: Makefile.certificate
@ -52,7 +52,8 @@ Patch35: openssl-0.9.7-beta5-version-add-engines.patch
Patch38: openssl-0.9.8a-reuse-cipher-change.patch Patch38: openssl-0.9.8a-reuse-cipher-change.patch
Patch39: openssl-0.9.8g-ipv6-apps.patch Patch39: openssl-0.9.8g-ipv6-apps.patch
# Backported fixes including security fixes # Backported fixes including security fixes
# None yet Patch50: openssl-0.9.8g-speed-bug.patch
Patch51: openssl-0.9.8g-bn-mul-bug.patch
License: OpenSSL License: OpenSSL
Group: System Environment/Libraries Group: System Environment/Libraries
@ -112,6 +113,8 @@ from other formats to the formats used by the OpenSSL toolkit.
%patch35 -p1 -b .version-add-engines %patch35 -p1 -b .version-add-engines
%patch38 -p1 -b .cipher-change %patch38 -p1 -b .cipher-change
%patch39 -p1 -b .ipv6-apps %patch39 -p1 -b .ipv6-apps
%patch50 -p1 -b .speed-bug
%patch51 -p1 -b .bn-mul-bug
# Modify the various perl scripts to reference perl in the right location. # Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}` perl util/perlpath.pl `dirname %{__perl}`
@ -153,7 +156,8 @@ sslarch=linux-generic32
# RPM_OPT_FLAGS, so we can skip specifiying them here. # RPM_OPT_FLAGS, so we can skip specifiying them here.
./Configure \ ./Configure \
--prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
zlib no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa shared \ zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa shared \
--with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \ --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \
-I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib} \ -I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib} \
${sslarch} ${sslarch}
@ -352,6 +356,10 @@ rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint
%postun -p /sbin/ldconfig %postun -p /sbin/ldconfig
%changelog %changelog
* Tue Dec 4 2007 Tomas Mraz <tmraz@redhat.com> 0.9.8g-2
- enable some new crypto algorithms and features
- add some more important bug fixes from openssl CVS
* Mon Dec 3 2007 Tomas Mraz <tmraz@redhat.com> 0.9.8g-1 * Mon Dec 3 2007 Tomas Mraz <tmraz@redhat.com> 0.9.8g-1
- update to latest upstream release, SONAME bumped to 7 - update to latest upstream release, SONAME bumped to 7