rpms/openssl
8
1
Fork 1
Code Issues Pull Requests Releases Activity

add support for newest Intel acceleration improvements backported

Browse Source 
from upstream by Intel in form of a separate engine
This commit is contained in:
Tomas Mraz 2011-07-20 14:56:21 +02:00
parent f4fb8490a9
commit 5c4fc08e4d
4 changed files with 59 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -2,3 +2,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.0.0b-usa.tar.bz2 /openssl-1.0.0b-usa.tar.bz2
/openssl-1.0.0c-usa.tar.bz2 /openssl-1.0.0c-usa.tar.bz2
/openssl-1.0.0d-usa.tar.bz2 /openssl-1.0.0d-usa.tar.bz2
/intel-accel-1.3.tar.gz

33
intel-accel-1.3-build.patch Normal file
View File

@ -0,0 +1,33 @@
diff -up intel-accel-1.3/e_intelx.c.iabuild intel-accel-1.3/e_intelx.c
--- intel-accel-1.3/e_intelx.c.iabuild 2011-07-12 16:40:07.000000000 +0200
+++ intel-accel-1.3/e_intelx.c 2011-07-20 14:02:22.000000000 +0200
@@ -318,7 +318,7 @@ intelx_digests (ENGINE *e, const EVP_MD
*/
size_t OPENSSL_ia32_rdrand(void);
-static int intelx_get_random_bytes (unsigned char *buf, size_t num)
+static int intelx_get_random_bytes (unsigned char *buf, int num)
{
size_t rnd;
diff -up intel-accel-1.3/Makefile.iabuild intel-accel-1.3/Makefile
--- intel-accel-1.3/Makefile.iabuild 2011-07-11 17:01:31.000000000 +0200
+++ intel-accel-1.3/Makefile 2011-07-20 14:06:33.000000000 +0200
@@ -4,7 +4,7 @@
CC=$(CC) perl $< elf > $@
CC=gcc
-CFLAGS=-fPIC -O -fomit-frame-pointer -Wall
+CFLAGS=-fPIC $(RPM_OPT_FLAGS) -I../include
AS=$(CC) -c -Wa,-noexecstack
OBJ=e_intelx.o e_rc4_hmac_md5.o e_aes_cbc_hmac_sha1.o
@@ -16,7 +16,7 @@ OBJ+=sha1-586.o rc4-586.o aesni-x86.o x8
endif
libintel-accel.so: $(OBJ) Makefile
- $(CC) -shared -o $@ $(OBJ) -Wl,-Bsymbolic,--version-script=libintelx.map
+ $(CC) -shared -fPIC $(RPM_OPT_FLAGS) -o $@ $(OBJ) -Wl,-Bsymbolic,--version-script=libintelx.map
sha1-%.s: sha1-%.pl
rc4-%.s: rc4-%.pl

26
openssl.spec
View File

@ -21,7 +21,7 @@
Summary: A general purpose cryptography library with TLS implementation Summary: A general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 1.0.0d Version: 1.0.0d
Release: 5%{?dist} Release: 6%{?dist}
# We remove certain patented algorithms from the openssl source tarball # We remove certain patented algorithms from the openssl source tarball
# with the hobble-openssl script which is included below. # with the hobble-openssl script which is included below.
Source: openssl-%{version}-usa.tar.bz2 Source: openssl-%{version}-usa.tar.bz2
@ -32,6 +32,8 @@ Source8: openssl-thread-test.c
Source9: opensslconf-new.h Source9: opensslconf-new.h
Source10: opensslconf-new-warning.h Source10: opensslconf-new-warning.h
Source11: README.FIPS Source11: README.FIPS
# Intel acceleration engine backported from upstream by Intel
Source12: intel-accel-1.3.tar.gz
# Build changes # Build changes
Patch0: openssl-1.0.0-beta4-redhat.patch Patch0: openssl-1.0.0-beta4-redhat.patch
Patch1: openssl-1.0.0-beta3-defaults.patch Patch1: openssl-1.0.0-beta3-defaults.patch
@ -40,6 +42,7 @@ Patch4: openssl-1.0.0-beta5-enginesdir.patch
Patch5: openssl-0.9.8a-no-rpath.patch Patch5: openssl-0.9.8a-no-rpath.patch
Patch6: openssl-0.9.8b-test-use-localhost.patch Patch6: openssl-0.9.8b-test-use-localhost.patch
Patch7: openssl-1.0.0-timezone.patch Patch7: openssl-1.0.0-timezone.patch
Patch10: intel-accel-1.3-build.patch
# Bug fixes # Bug fixes
Patch23: openssl-1.0.0-beta4-default-paths.patch Patch23: openssl-1.0.0-beta4-default-paths.patch
Patch24: openssl-0.9.8j-bad-mime.patch Patch24: openssl-0.9.8j-bad-mime.patch
@ -123,7 +126,7 @@ package provides Perl scripts for converting certificates and keys
from other formats to the formats used by the OpenSSL toolkit. from other formats to the formats used by the OpenSSL toolkit.
%prep %prep
%setup -q -n %{name}-%{version} %setup -q -n %{name}-%{version} -a 12
%{SOURCE1} > /dev/null %{SOURCE1} > /dev/null
%patch0 -p1 -b .redhat %patch0 -p1 -b .redhat
@ -133,6 +136,9 @@ from other formats to the formats used by the OpenSSL toolkit.
%patch5 -p1 -b .no-rpath %patch5 -p1 -b .no-rpath
%patch6 -p1 -b .use-localhost %patch6 -p1 -b .use-localhost
%patch7 -p1 -b .timezone %patch7 -p1 -b .timezone
pushd intel-accel-1.3
%patch10 -p1 -b .iabuild
popd
%patch23 -p1 -b .default-paths %patch23 -p1 -b .default-paths
%patch24 -p1 -b .bad-mime %patch24 -p1 -b .bad-mime
@ -228,6 +234,12 @@ make rehash
# Overwrite FIPS README # Overwrite FIPS README
cp -f %{SOURCE11} . cp -f %{SOURCE11} .
%ifarch %ix86 x86_64
pushd intel-accel-1.3
make
popd
%endif
%check %check
# Verify that what was compiled actually works. # Verify that what was compiled actually works.
@ -355,6 +367,12 @@ rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint
rm -rf $RPM_BUILD_ROOT/%{_libdir}/fips_premain.* rm -rf $RPM_BUILD_ROOT/%{_libdir}/fips_premain.*
rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%ifarch %ix86 x86_64
pushd intel-accel-1.3
install -m755 libintel-accel.so $RPM_BUILD_ROOT%{_libdir}/openssl/engines
popd
%endif
%clean %clean
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
@ -416,6 +434,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun -p /sbin/ldconfig %postun -p /sbin/ldconfig
%changelog %changelog
* Wed Jul 20 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-6
- add support for newest Intel acceleration improvements backported
from upstream by Intel in form of a separate engine
* Thu Jun 9 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-5 * Thu Jun 9 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-5
- allow the AES-NI engine in the FIPS mode - allow the AES-NI engine in the FIPS mode

1
sources
View File

@ -1 +1,2 @@
531c1627ff9701cb8540ee3bd03de5d7 openssl-1.0.0d-usa.tar.bz2 531c1627ff9701cb8540ee3bd03de5d7 openssl-1.0.0d-usa.tar.bz2
e91fe2d35b6169793dd3b46e0526925b intel-accel-1.3.tar.gz