add support for newest Intel acceleration improvements backported

from upstream by Intel in form of a separate engine
This commit is contained in:
Tomas Mraz 2011-07-20 14:56:21 +02:00
parent f4fb8490a9
commit 5c4fc08e4d
4 changed files with 59 additions and 2 deletions

1
.gitignore vendored
View File

@ -2,3 +2,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.0.0b-usa.tar.bz2
/openssl-1.0.0c-usa.tar.bz2
/openssl-1.0.0d-usa.tar.bz2
/intel-accel-1.3.tar.gz

View File

@ -0,0 +1,33 @@
diff -up intel-accel-1.3/e_intelx.c.iabuild intel-accel-1.3/e_intelx.c
--- intel-accel-1.3/e_intelx.c.iabuild 2011-07-12 16:40:07.000000000 +0200
+++ intel-accel-1.3/e_intelx.c 2011-07-20 14:02:22.000000000 +0200
@@ -318,7 +318,7 @@ intelx_digests (ENGINE *e, const EVP_MD
*/
size_t OPENSSL_ia32_rdrand(void);
-static int intelx_get_random_bytes (unsigned char *buf, size_t num)
+static int intelx_get_random_bytes (unsigned char *buf, int num)
{
size_t rnd;
diff -up intel-accel-1.3/Makefile.iabuild intel-accel-1.3/Makefile
--- intel-accel-1.3/Makefile.iabuild 2011-07-11 17:01:31.000000000 +0200
+++ intel-accel-1.3/Makefile 2011-07-20 14:06:33.000000000 +0200
@@ -4,7 +4,7 @@
CC=$(CC) perl $< elf > $@
CC=gcc
-CFLAGS=-fPIC -O -fomit-frame-pointer -Wall
+CFLAGS=-fPIC $(RPM_OPT_FLAGS) -I../include
AS=$(CC) -c -Wa,-noexecstack
OBJ=e_intelx.o e_rc4_hmac_md5.o e_aes_cbc_hmac_sha1.o
@@ -16,7 +16,7 @@ OBJ+=sha1-586.o rc4-586.o aesni-x86.o x8
endif
libintel-accel.so: $(OBJ) Makefile
- $(CC) -shared -o $@ $(OBJ) -Wl,-Bsymbolic,--version-script=libintelx.map
+ $(CC) -shared -fPIC $(RPM_OPT_FLAGS) -o $@ $(OBJ) -Wl,-Bsymbolic,--version-script=libintelx.map
sha1-%.s: sha1-%.pl
rc4-%.s: rc4-%.pl

View File

@ -21,7 +21,7 @@
Summary: A general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.0.0d
Release: 5%{?dist}
Release: 6%{?dist}
# We remove certain patented algorithms from the openssl source tarball
# with the hobble-openssl script which is included below.
Source: openssl-%{version}-usa.tar.bz2
@ -32,6 +32,8 @@ Source8: openssl-thread-test.c
Source9: opensslconf-new.h
Source10: opensslconf-new-warning.h
Source11: README.FIPS
# Intel acceleration engine backported from upstream by Intel
Source12: intel-accel-1.3.tar.gz
# Build changes
Patch0: openssl-1.0.0-beta4-redhat.patch
Patch1: openssl-1.0.0-beta3-defaults.patch
@ -40,6 +42,7 @@ Patch4: openssl-1.0.0-beta5-enginesdir.patch
Patch5: openssl-0.9.8a-no-rpath.patch
Patch6: openssl-0.9.8b-test-use-localhost.patch
Patch7: openssl-1.0.0-timezone.patch
Patch10: intel-accel-1.3-build.patch
# Bug fixes
Patch23: openssl-1.0.0-beta4-default-paths.patch
Patch24: openssl-0.9.8j-bad-mime.patch
@ -123,7 +126,7 @@ package provides Perl scripts for converting certificates and keys
from other formats to the formats used by the OpenSSL toolkit.
%prep
%setup -q -n %{name}-%{version}
%setup -q -n %{name}-%{version} -a 12
%{SOURCE1} > /dev/null
%patch0 -p1 -b .redhat
@ -133,6 +136,9 @@ from other formats to the formats used by the OpenSSL toolkit.
%patch5 -p1 -b .no-rpath
%patch6 -p1 -b .use-localhost
%patch7 -p1 -b .timezone
pushd intel-accel-1.3
%patch10 -p1 -b .iabuild
popd
%patch23 -p1 -b .default-paths
%patch24 -p1 -b .bad-mime
@ -228,6 +234,12 @@ make rehash
# Overwrite FIPS README
cp -f %{SOURCE11} .
%ifarch %ix86 x86_64
pushd intel-accel-1.3
make
popd
%endif
%check
# Verify that what was compiled actually works.
@ -355,6 +367,12 @@ rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint
rm -rf $RPM_BUILD_ROOT/%{_libdir}/fips_premain.*
rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%ifarch %ix86 x86_64
pushd intel-accel-1.3
install -m755 libintel-accel.so $RPM_BUILD_ROOT%{_libdir}/openssl/engines
popd
%endif
%clean
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
@ -416,6 +434,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun -p /sbin/ldconfig
%changelog
* Wed Jul 20 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-6
- add support for newest Intel acceleration improvements backported
from upstream by Intel in form of a separate engine
* Thu Jun 9 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-5
- allow the AES-NI engine in the FIPS mode

View File

@ -1 +1,2 @@
531c1627ff9701cb8540ee3bd03de5d7 openssl-1.0.0d-usa.tar.bz2
e91fe2d35b6169793dd3b46e0526925b intel-accel-1.3.tar.gz