[openssl-ibmca] make the libica dependecies versioned
Dan Horák
sharkcz at fedoraproject.org
Fri Apr 20 08:48:23 UTC 2012
commit 379d500d96ab4a7127dc71c0912722aad42d7a24
Author: Dan Horák <dan at danny.cz>
Date: Fri Apr 20 10:48:18 2012 +0200
make the libica dependecies versioned
- fix segfaults in OFB mode (#749638)
openssl-ibmca-1.2.0-ofb.patch | 59 +++++++++++++++++++++++++++++++++++++++++
openssl-ibmca.spec | 21 +++++++-------
2 files changed, 70 insertions(+), 10 deletions(-)
---
diff --git a/openssl-ibmca-1.2.0-ofb.patch b/openssl-ibmca-1.2.0-ofb.patch
new file mode 100644
index 0000000..5befc0f
--- /dev/null
+++ b/openssl-ibmca-1.2.0-ofb.patch
@@ -0,0 +1,59 @@
+--- e_ibmca.c.orig 2011-08-11 20:22:47.000000000 +0200
++++ e_ibmca.c 2011-08-11 20:24:42.000000000 +0200
+@@ -883,8 +883,7 @@ typedef unsigned int (*ica_sha256_t)(uns
+ sha256_context_t *, unsigned char *);
+ typedef unsigned int (*ica_des_ofb_t)(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, const unsigned char *key,
+- unsigned int key_length, unsigned char *iv,
+- unsigned int direction);
++ unsigned char *iv, unsigned int direction);
+ typedef unsigned int (*ica_des_cfb_t)(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, const unsigned char *key,
+ unsigned char *iv, unsigned int lcfb,
+@@ -894,8 +893,7 @@ typedef unsigned int (*ica_3des_cfb_t)(c
+ unsigned int, unsigned int);
+ typedef unsigned int (*ica_3des_ofb_t)(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, const unsigned char *key,
+- unsigned int key_length, unsigned char *iv,
+- unsigned int direction);
++ unsigned char *iv, unsigned int direction);
+ typedef unsigned int (*ica_aes_ofb_t)(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, const unsigned char *key,
+ unsigned int key_length, unsigned char *iv,
+@@ -1192,7 +1190,7 @@ static int ibmca_des_cipher(EVP_CIPHER_C
+ rv = p_ica_des_cfb(in, out, len, pCtx->key, ctx->iv,
+ 8, ICA_ENCRYPT);
+ } else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
+- rv = p_ica_des_ofb(in, out, len, pCtx->key, 8, ctx->iv,
++ rv = p_ica_des_ofb(in, out, len, pCtx->key, ctx->iv,
+ ICA_ENCRYPT);
+ } else {
+ rv = p_ica_des_encrypt(mode, len, (unsigned char *)in,
+@@ -1218,7 +1216,7 @@ static int ibmca_des_cipher(EVP_CIPHER_C
+ rv = p_ica_des_cfb(in, out, len, pCtx->key, ctx->iv,
+ 8, ICA_DECRYPT);
+ } else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
+- rv = p_ica_des_ofb(in, out, len, pCtx->key, 8, ctx->iv,
++ rv = p_ica_des_ofb(in, out, len, pCtx->key, ctx->iv,
+ ICA_DECRYPT);
+ } else {
+ /* Protect against decrypt in place */
+@@ -1269,7 +1267,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_
+ ctx->iv, 8, ICA_ENCRYPT);
+ } else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
+ rv = p_ica_3des_ofb(in, out, len, pCtx->key,
+- 8, ctx->iv, ICA_ENCRYPT);
++ ctx->iv, ICA_ENCRYPT);
+ } else {
+ rv = p_ica_3des_encrypt(mode, len, (unsigned char *)in,
+ (ica_des_vector_t *) ctx->iv,
+@@ -1295,7 +1293,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_
+ ctx->iv, 8, ICA_DECRYPT);
+ } else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) {
+ rv = p_ica_3des_ofb(in, out, len, pCtx->key,
+- 8, ctx->iv, ICA_DECRYPT);
++ ctx->iv, ICA_DECRYPT);
+ } else {
+ /* Protect against decrypt in place */
+ /* FIXME: Again, check if EVP_CIPHER_CTX_iv_length() should be used */
+
diff --git a/openssl-ibmca.spec b/openssl-ibmca.spec
index 9add1fd..34bc689 100644
--- a/openssl-ibmca.spec
+++ b/openssl-ibmca.spec
@@ -1,16 +1,18 @@
Summary: A dynamic OpenSSL engine for IBMCA
Name: openssl-ibmca
Version: 1.2.0
-Release: 2%{?dist}
+Release: 3%{?dist}
License: OpenSSL
Group: System Environment/Libraries
URL: http://sourceforge.net/projects/opencryptoki
Source0: http://downloads.sourceforge.net/opencryptoki/%{name}-%{version}.tar.gz
# https://bugzilla.redhat.com/show_bug.cgi?id=584765
Patch0: openssl-ibmca-1.2.0-libica-soname.patch
-Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Requires: libica
-BuildRequires: libica-devel automake libtool
+# https://bugzilla.redhat.com/show_bug.cgi?id=749638
+Patch1: openssl-ibmca-1.2.0-ofb.patch
+Requires: libica >= 2.1.0
+BuildRequires: libica-devel >= 2.1.0
+BuildRequires: automake libtool
ExclusiveArch: s390 s390x
%description
@@ -20,6 +22,7 @@ A dynamic OpenSSL engine for IBMCA crypto hardware on IBM zSeries machines.
%prep
%setup -q
%patch0 -p1 -b .libica-soname
+%patch1 -p0 -b .ofb
sh ./bootstrap.sh
@@ -30,7 +33,6 @@ make %{?_smp_mflags}
%install
-rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
rm -f $RPM_BUILD_ROOT%{_libdir}/libibmca.la
@@ -38,17 +40,16 @@ mkdir -p $RPM_BUILD_ROOT%{_libdir}/openssl/engines
mv $RPM_BUILD_ROOT%{_libdir}/*.so $RPM_BUILD_ROOT%{_libdir}/openssl/engines
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-
%files
-%defattr(-,root,root,-)
%doc README openssl.cnf.sample
%{_libdir}/openssl/engines/libibmca.so
%changelog
+* Fri Apr 20 2012 Dan Horák <dan[at]danny.cz - 1.2.0-3
+- make the libica dependecies versioned
+- fix segfaults in OFB mode (#749638)
+
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
More information about the scm-commits
mailing list