add support for newest Intel acceleration improvements backported
from upstream by Intel in form of a separate engine
This commit is contained in:
Tomas Mraz
parent
f4fb8490a9
commit
5c4fc08e4d
1
.gitignore
vendored
1
.gitignore
vendored
@ -2,3 +2,4 @@ openssl-1.0.0a-usa.tar.bz2
|
||||
/openssl-1.0.0b-usa.tar.bz2
|
||||
/openssl-1.0.0c-usa.tar.bz2
|
||||
/openssl-1.0.0d-usa.tar.bz2
|
||||
/intel-accel-1.3.tar.gz
|
||||
|
||||
33
intel-accel-1.3-build.patch
Normal file
33
intel-accel-1.3-build.patch
Normal file
@ -0,0 +1,33 @@
|
||||
diff -up intel-accel-1.3/e_intelx.c.iabuild intel-accel-1.3/e_intelx.c
|
||||
--- intel-accel-1.3/e_intelx.c.iabuild 2011-07-12 16:40:07.000000000 +0200
|
||||
+++ intel-accel-1.3/e_intelx.c 2011-07-20 14:02:22.000000000 +0200
|
||||
@@ -318,7 +318,7 @@ intelx_digests (ENGINE *e, const EVP_MD
|
||||
*/
|
||||
size_t OPENSSL_ia32_rdrand(void);
|
||||
|
||||
-static int intelx_get_random_bytes (unsigned char *buf, size_t num)
|
||||
+static int intelx_get_random_bytes (unsigned char *buf, int num)
|
||||
{
|
||||
size_t rnd;
|
||||
|
||||
diff -up intel-accel-1.3/Makefile.iabuild intel-accel-1.3/Makefile
|
||||
--- intel-accel-1.3/Makefile.iabuild 2011-07-11 17:01:31.000000000 +0200
|
||||
+++ intel-accel-1.3/Makefile 2011-07-20 14:06:33.000000000 +0200
|
||||
@@ -4,7 +4,7 @@
|
||||
CC=$(CC) perl $< elf > $@
|
||||
|
||||
CC=gcc
|
||||
-CFLAGS=-fPIC -O -fomit-frame-pointer -Wall
|
||||
+CFLAGS=-fPIC $(RPM_OPT_FLAGS) -I../include
|
||||
AS=$(CC) -c -Wa,-noexecstack
|
||||
|
||||
OBJ=e_intelx.o e_rc4_hmac_md5.o e_aes_cbc_hmac_sha1.o
|
||||
@@ -16,7 +16,7 @@ OBJ+=sha1-586.o rc4-586.o aesni-x86.o x8
|
||||
endif
|
||||
|
||||
libintel-accel.so: $(OBJ) Makefile
|
||||
- $(CC) -shared -o $@ $(OBJ) -Wl,-Bsymbolic,--version-script=libintelx.map
|
||||
+ $(CC) -shared -fPIC $(RPM_OPT_FLAGS) -o $@ $(OBJ) -Wl,-Bsymbolic,--version-script=libintelx.map
|
||||
|
||||
sha1-%.s: sha1-%.pl
|
||||
rc4-%.s: rc4-%.pl
|
||||
26
openssl.spec
26
openssl.spec
@ -21,7 +21,7 @@
|
||||
Summary: A general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 1.0.0d
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
# We remove certain patented algorithms from the openssl source tarball
|
||||
# with the hobble-openssl script which is included below.
|
||||
Source: openssl-%{version}-usa.tar.bz2
|
||||
@ -32,6 +32,8 @@ Source8: openssl-thread-test.c
|
||||
Source9: opensslconf-new.h
|
||||
Source10: opensslconf-new-warning.h
|
||||
Source11: README.FIPS
|
||||
# Intel acceleration engine backported from upstream by Intel
|
||||
Source12: intel-accel-1.3.tar.gz
|
||||
# Build changes
|
||||
Patch0: openssl-1.0.0-beta4-redhat.patch
|
||||
Patch1: openssl-1.0.0-beta3-defaults.patch
|
||||
@ -40,6 +42,7 @@ Patch4: openssl-1.0.0-beta5-enginesdir.patch
|
||||
Patch5: openssl-0.9.8a-no-rpath.patch
|
||||
Patch6: openssl-0.9.8b-test-use-localhost.patch
|
||||
Patch7: openssl-1.0.0-timezone.patch
|
||||
Patch10: intel-accel-1.3-build.patch
|
||||
# Bug fixes
|
||||
Patch23: openssl-1.0.0-beta4-default-paths.patch
|
||||
Patch24: openssl-0.9.8j-bad-mime.patch
|
||||
@ -123,7 +126,7 @@ package provides Perl scripts for converting certificates and keys
|
||||
from other formats to the formats used by the OpenSSL toolkit.
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{version}
|
||||
%setup -q -n %{name}-%{version} -a 12
|
||||
|
||||
%{SOURCE1} > /dev/null
|
||||
%patch0 -p1 -b .redhat
|
||||
@ -133,6 +136,9 @@ from other formats to the formats used by the OpenSSL toolkit.
|
||||
%patch5 -p1 -b .no-rpath
|
||||
%patch6 -p1 -b .use-localhost
|
||||
%patch7 -p1 -b .timezone
|
||||
pushd intel-accel-1.3
|
||||
%patch10 -p1 -b .iabuild
|
||||
popd
|
||||
|
||||
%patch23 -p1 -b .default-paths
|
||||
%patch24 -p1 -b .bad-mime
|
||||
@ -228,6 +234,12 @@ make rehash
|
||||
# Overwrite FIPS README
|
||||
cp -f %{SOURCE11} .
|
||||
|
||||
%ifarch %ix86 x86_64
|
||||
pushd intel-accel-1.3
|
||||
make
|
||||
popd
|
||||
%endif
|
||||
|
||||
%check
|
||||
# Verify that what was compiled actually works.
|
||||
|
||||
@ -355,6 +367,12 @@ rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint
|
||||
rm -rf $RPM_BUILD_ROOT/%{_libdir}/fips_premain.*
|
||||
rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
|
||||
|
||||
%ifarch %ix86 x86_64
|
||||
pushd intel-accel-1.3
|
||||
install -m755 libintel-accel.so $RPM_BUILD_ROOT%{_libdir}/openssl/engines
|
||||
popd
|
||||
%endif
|
||||
|
||||
%clean
|
||||
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
@ -416,6 +434,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Wed Jul 20 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-6
|
||||
- add support for newest Intel acceleration improvements backported
|
||||
from upstream by Intel in form of a separate engine
|
||||
|
||||
* Thu Jun 9 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-5
|
||||
- allow the AES-NI engine in the FIPS mode
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user