diff --git a/openssl-0.9.8g-bn-mul-bug.patch b/openssl-0.9.8g-bn-mul-bug.patch new file mode 100644 index 0000000..dd3598d --- /dev/null +++ b/openssl-0.9.8g-bn-mul-bug.patch @@ -0,0 +1,64 @@ +openssl/crypto/bn/bn_mul.c 1.36.2.1 -> 1.36.2.2 + +--- openssl/crypto/bn/bn_mul.c 2007/07/08 18:54:30 1.36.2.1 ++++ openssl/crypto/bn/bn_mul.c 2007/11/03 20:09:29 1.36.2.2 +@@ -389,6 +389,7 @@ + * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0]) + * a[1]*b[1] + */ ++/* dnX may not be positive, but n2/2+dnX has to be */ + void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, + int dna, int dnb, BN_ULONG *t) + { +@@ -398,7 +399,7 @@ + BN_ULONG ln,lo,*p; + + # ifdef BN_COUNT +- fprintf(stderr," bn_mul_recursive %d * %d\n",n2,n2); ++ fprintf(stderr," bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb); + # endif + # ifdef BN_MUL_COMBA + # if 0 +@@ -545,6 +546,7 @@ + + /* n+tn is the word length + * t needs to be n*4 is size, as does r */ ++/* tnX may not be negative but less than n */ + void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, + int tna, int tnb, BN_ULONG *t) + { +@@ -553,8 +555,8 @@ + BN_ULONG ln,lo,*p; + + # ifdef BN_COUNT +- fprintf(stderr," bn_mul_part_recursive (%d+%d) * (%d+%d)\n", +- tna, n, tnb, n); ++ fprintf(stderr," bn_mul_part_recursive (%d%+d) * (%d%+d)\n", ++ n, tna, n, tnb); + # endif + if (n < 8) + { +@@ -655,16 +657,19 @@ + for (;;) + { + i/=2; +- if (i <= tna && tna == tnb) ++ /* these simplified conditions work ++ * exclusively because difference ++ * between tna and tnb is 1 or 0 */ ++ if (i < tna || i < tnb) + { +- bn_mul_recursive(&(r[n2]), ++ bn_mul_part_recursive(&(r[n2]), + &(a[n]),&(b[n]), + i,tna-i,tnb-i,p); + break; + } +- else if (i < tna || i < tnb) ++ else if (i == tna || i == tnb) + { +- bn_mul_part_recursive(&(r[n2]), ++ bn_mul_recursive(&(r[n2]), + &(a[n]),&(b[n]), + i,tna-i,tnb-i,p); + break; diff --git a/openssl-0.9.8g-speed-bug.patch b/openssl-0.9.8g-speed-bug.patch new file mode 100644 index 0000000..939facc --- /dev/null +++ b/openssl-0.9.8g-speed-bug.patch @@ -0,0 +1,13 @@ +openssl/apps/speed.c 1.126.2.8 -> 1.126.2.9 + +--- openssl/apps/speed.c 2007/05/13 15:04:14 1.126.2.8 ++++ openssl/apps/speed.c 2007/11/15 13:33:47 1.126.2.9 +@@ -577,7 +577,7 @@ + #define MAX_BLOCK_SIZE 64 + #endif + unsigned char DES_iv[8]; +- unsigned char iv[MAX_BLOCK_SIZE/8]; ++ unsigned char iv[2*MAX_BLOCK_SIZE/8]; + #ifndef OPENSSL_NO_DES + DES_cblock *buf_as_des_cblock = NULL; + static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; diff --git a/openssl.spec b/openssl.spec index 2e27f51..62340ca 100644 --- a/openssl.spec +++ b/openssl.spec @@ -22,7 +22,7 @@ Summary: The OpenSSL toolkit Name: openssl Version: 0.9.8g -Release: 1%{?dist} +Release: 2%{?dist} Source: openssl-%{version}-usa.tar.bz2 Source1: hobble-openssl Source2: Makefile.certificate @@ -52,7 +52,8 @@ Patch35: openssl-0.9.7-beta5-version-add-engines.patch Patch38: openssl-0.9.8a-reuse-cipher-change.patch Patch39: openssl-0.9.8g-ipv6-apps.patch # Backported fixes including security fixes -# None yet +Patch50: openssl-0.9.8g-speed-bug.patch +Patch51: openssl-0.9.8g-bn-mul-bug.patch License: OpenSSL Group: System Environment/Libraries @@ -112,6 +113,8 @@ from other formats to the formats used by the OpenSSL toolkit. %patch35 -p1 -b .version-add-engines %patch38 -p1 -b .cipher-change %patch39 -p1 -b .ipv6-apps +%patch50 -p1 -b .speed-bug +%patch51 -p1 -b .bn-mul-bug # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -153,7 +156,8 @@ sslarch=linux-generic32 # RPM_OPT_FLAGS, so we can skip specifiying them here. ./Configure \ --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ - zlib no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa shared \ + zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \ + no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa shared \ --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \ -I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib} \ ${sslarch} @@ -352,6 +356,10 @@ rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint %postun -p /sbin/ldconfig %changelog +* Tue Dec 4 2007 Tomas Mraz 0.9.8g-2 +- enable some new crypto algorithms and features +- add some more important bug fixes from openssl CVS + * Mon Dec 3 2007 Tomas Mraz 0.9.8g-1 - update to latest upstream release, SONAME bumped to 7