rpms/openssl
8
1
Fork 1
Code Issues Pull Requests Releases Activity

enable RC5 with permission from Legal

Browse Source
This commit is contained in:
Tom Callaway 2016-03-07 21:56:55 -06:00
parent 8f6be98bf7
commit 589d3ee15b
3 changed files with 12 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
hobble-openssl
View File

@ -6,26 +6,21 @@ set -e
# Clean out patent-or-otherwise-encumbered code. # Clean out patent-or-otherwise-encumbered code.
# MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway # MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway
# IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore # IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore
# RC5: 5,724,428 01/11/2015 # RC5: 5,724,428 01/11/2015 - expired, we do not remove it anymore
# EC: ????????? ??/??/2020 # EC: ????????? ??/??/2020
# SRP: ????????? ??/??/20?? # SRP: ????????? ??/??/20??
# Remove assembler portions of IDEA, MDC2, and RC5. # Remove assembler portions of IDEA, MDC2, and RC5.
(find crypto/rc5/asm -type f | xargs -r rm -fv) # (find crypto/rc5/asm -type f | xargs -r rm -fv)
# RC5, SRP. # SRP.
for a in rc5 srp; do for a in srp; do
for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do
echo Destroying $c echo Destroying $c
> $c > $c
done done
done done
for c in `find crypto/evp -name "*_rc5.c"`; do
echo Destroying $c
> $c
done
for c in `find crypto/bn -name "*gf2m.c"`; do for c in `find crypto/bn -name "*gf2m.c"`; do
echo Destroying $c echo Destroying $c
> $c > $c
@ -37,11 +32,10 @@ for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c" -o -name "ecp_nist
done done
for h in `find crypto ssl apps test -name "*.h"` ; do for h in `find crypto ssl apps test -name "*.h"` ; do
echo Removing RC5, SRP and EC2M references from $h echo Removing SRP and EC2M references from $h
cat $h | \ cat $h | \
awk 'BEGIN {ech=1;} \ awk 'BEGIN {ech=1;} \
/^#[ \t]*ifndef.*NO_SRP/ {ech--; next;} \ /^#[ \t]*ifndef.*NO_SRP/ {ech--; next;} \
/^#[ \t]*ifndef.*NO_RC5/ {ech--; next;} \
/^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \ /^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \
/^#[ \t]*if/ {if(ech < 1) ech--;} \ /^#[ \t]*if/ {if(ech < 1) ech--;} \
{if(ech>0) {;print $0};} \ {if(ech>0) {;print $0};} \
@ -50,4 +44,4 @@ for h in `find crypto ssl apps test -name "*.h"` ; do
done done
# Make the makefiles happy. # Make the makefiles happy.
touch crypto/rc5/asm/rc5-586.pl # touch crypto/rc5/asm/rc5-586.pl

7
openssl.spec
View File

@ -23,7 +23,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 1.0.2g Version: 1.0.2g
Release: 2%{?dist} Release: 3%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -288,7 +288,7 @@ sslflags=enable-ec_nistp_64_gcc_128
--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \ --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
zlib sctp enable-camellia enable-seed enable-tlsext enable-rfc3779 \ zlib sctp enable-camellia enable-seed enable-tlsext enable-rfc3779 \
enable-cms enable-md2 enable-ssl2 \ enable-cms enable-md2 enable-ssl2 \
no-mdc2 no-rc5 no-ec2m no-gost no-srp \ no-mdc2 enable-rc5 no-ec2m no-gost no-srp \
--with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \ --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \
--with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips} --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}
@ -502,6 +502,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig
%changelog %changelog
* Mon Mar 7 2016 Tom Callaway <spot@fedoraproject.org> - 1.0.2g-3
- enable RC5
* Wed Mar 2 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2g-2 * Wed Mar 2 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2g-2
- reenable SSL2 in the build to avoid ABI break (it does not - reenable SSL2 in the build to avoid ABI break (it does not
make the openssl vulnerable to DROWN attack) make the openssl vulnerable to DROWN attack)

2
sources
View File

@ -1 +1 @@
f65cb1be46b1d6364b3c779785cb323e openssl-1.0.2g-hobbled.tar.xz f32fd979486600e102b77fbc1f88787c openssl-1.0.2g-hobbled.tar.xz