diff --git a/.gitignore b/.gitignore index d8c4d6d..c72d0e5 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ openssl-1.0.0a-usa.tar.bz2 /openssl-1.0.0b-usa.tar.bz2 /openssl-1.0.0c-usa.tar.bz2 /openssl-1.0.0d-usa.tar.bz2 +/intel-accel-1.3.tar.gz diff --git a/intel-accel-1.3-build.patch b/intel-accel-1.3-build.patch new file mode 100644 index 0000000..99beb0d --- /dev/null +++ b/intel-accel-1.3-build.patch @@ -0,0 +1,33 @@ +diff -up intel-accel-1.3/e_intelx.c.iabuild intel-accel-1.3/e_intelx.c +--- intel-accel-1.3/e_intelx.c.iabuild 2011-07-12 16:40:07.000000000 +0200 ++++ intel-accel-1.3/e_intelx.c 2011-07-20 14:02:22.000000000 +0200 +@@ -318,7 +318,7 @@ intelx_digests (ENGINE *e, const EVP_MD + */ + size_t OPENSSL_ia32_rdrand(void); + +-static int intelx_get_random_bytes (unsigned char *buf, size_t num) ++static int intelx_get_random_bytes (unsigned char *buf, int num) + { + size_t rnd; + +diff -up intel-accel-1.3/Makefile.iabuild intel-accel-1.3/Makefile +--- intel-accel-1.3/Makefile.iabuild 2011-07-11 17:01:31.000000000 +0200 ++++ intel-accel-1.3/Makefile 2011-07-20 14:06:33.000000000 +0200 +@@ -4,7 +4,7 @@ + CC=$(CC) perl $< elf > $@ + + CC=gcc +-CFLAGS=-fPIC -O -fomit-frame-pointer -Wall ++CFLAGS=-fPIC $(RPM_OPT_FLAGS) -I../include + AS=$(CC) -c -Wa,-noexecstack + + OBJ=e_intelx.o e_rc4_hmac_md5.o e_aes_cbc_hmac_sha1.o +@@ -16,7 +16,7 @@ OBJ+=sha1-586.o rc4-586.o aesni-x86.o x8 + endif + + libintel-accel.so: $(OBJ) Makefile +- $(CC) -shared -o $@ $(OBJ) -Wl,-Bsymbolic,--version-script=libintelx.map ++ $(CC) -shared -fPIC $(RPM_OPT_FLAGS) -o $@ $(OBJ) -Wl,-Bsymbolic,--version-script=libintelx.map + + sha1-%.s: sha1-%.pl + rc4-%.s: rc4-%.pl diff --git a/openssl.spec b/openssl.spec index 571953e..7f9d669 100644 --- a/openssl.spec +++ b/openssl.spec @@ -21,7 +21,7 @@ Summary: A general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.0d -Release: 5%{?dist} +Release: 6%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. Source: openssl-%{version}-usa.tar.bz2 @@ -32,6 +32,8 @@ Source8: openssl-thread-test.c Source9: opensslconf-new.h Source10: opensslconf-new-warning.h Source11: README.FIPS +# Intel acceleration engine backported from upstream by Intel +Source12: intel-accel-1.3.tar.gz # Build changes Patch0: openssl-1.0.0-beta4-redhat.patch Patch1: openssl-1.0.0-beta3-defaults.patch @@ -40,6 +42,7 @@ Patch4: openssl-1.0.0-beta5-enginesdir.patch Patch5: openssl-0.9.8a-no-rpath.patch Patch6: openssl-0.9.8b-test-use-localhost.patch Patch7: openssl-1.0.0-timezone.patch +Patch10: intel-accel-1.3-build.patch # Bug fixes Patch23: openssl-1.0.0-beta4-default-paths.patch Patch24: openssl-0.9.8j-bad-mime.patch @@ -123,7 +126,7 @@ package provides Perl scripts for converting certificates and keys from other formats to the formats used by the OpenSSL toolkit. %prep -%setup -q -n %{name}-%{version} +%setup -q -n %{name}-%{version} -a 12 %{SOURCE1} > /dev/null %patch0 -p1 -b .redhat @@ -133,6 +136,9 @@ from other formats to the formats used by the OpenSSL toolkit. %patch5 -p1 -b .no-rpath %patch6 -p1 -b .use-localhost %patch7 -p1 -b .timezone +pushd intel-accel-1.3 +%patch10 -p1 -b .iabuild +popd %patch23 -p1 -b .default-paths %patch24 -p1 -b .bad-mime @@ -228,6 +234,12 @@ make rehash # Overwrite FIPS README cp -f %{SOURCE11} . +%ifarch %ix86 x86_64 +pushd intel-accel-1.3 +make +popd +%endif + %check # Verify that what was compiled actually works. @@ -355,6 +367,12 @@ rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint rm -rf $RPM_BUILD_ROOT/%{_libdir}/fips_premain.* rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* +%ifarch %ix86 x86_64 +pushd intel-accel-1.3 +install -m755 libintel-accel.so $RPM_BUILD_ROOT%{_libdir}/openssl/engines +popd +%endif + %clean [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT @@ -416,6 +434,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun -p /sbin/ldconfig %changelog +* Wed Jul 20 2011 Tomas Mraz 1.0.0d-6 +- add support for newest Intel acceleration improvements backported + from upstream by Intel in form of a separate engine + * Thu Jun 9 2011 Tomas Mraz 1.0.0d-5 - allow the AES-NI engine in the FIPS mode diff --git a/sources b/sources index 302a734..307ebbe 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ 531c1627ff9701cb8540ee3bd03de5d7 openssl-1.0.0d-usa.tar.bz2 +e91fe2d35b6169793dd3b46e0526925b intel-accel-1.3.tar.gz