From 589d3ee15b6158462c84264b60d71d332de21b37 Mon Sep 17 00:00:00 2001 From: Tom Callaway Date: Mar 08 2016 03:56:55 +0000 Subject: enable RC5 with permission from Legal --- diff --git a/hobble-openssl b/hobble-openssl index 16d148c..8750ad6 100755 --- a/hobble-openssl +++ b/hobble-openssl @@ -6,26 +6,21 @@ set -e # Clean out patent-or-otherwise-encumbered code. # MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway # IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore -# RC5: 5,724,428 01/11/2015 +# RC5: 5,724,428 01/11/2015 - expired, we do not remove it anymore # EC: ????????? ??/??/2020 # SRP: ????????? ??/??/20?? # Remove assembler portions of IDEA, MDC2, and RC5. -(find crypto/rc5/asm -type f | xargs -r rm -fv) +# (find crypto/rc5/asm -type f | xargs -r rm -fv) -# RC5, SRP. -for a in rc5 srp; do +# SRP. +for a in srp; do for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do echo Destroying $c > $c done done -for c in `find crypto/evp -name "*_rc5.c"`; do - echo Destroying $c - > $c -done - for c in `find crypto/bn -name "*gf2m.c"`; do echo Destroying $c > $c @@ -37,11 +32,10 @@ for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c" -o -name "ecp_nist done for h in `find crypto ssl apps test -name "*.h"` ; do - echo Removing RC5, SRP and EC2M references from $h + echo Removing SRP and EC2M references from $h cat $h | \ awk 'BEGIN {ech=1;} \ /^#[ \t]*ifndef.*NO_SRP/ {ech--; next;} \ - /^#[ \t]*ifndef.*NO_RC5/ {ech--; next;} \ /^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \ /^#[ \t]*if/ {if(ech < 1) ech--;} \ {if(ech>0) {;print $0};} \ @@ -50,4 +44,4 @@ for h in `find crypto ssl apps test -name "*.h"` ; do done # Make the makefiles happy. -touch crypto/rc5/asm/rc5-586.pl +# touch crypto/rc5/asm/rc5-586.pl diff --git a/openssl.spec b/openssl.spec index 537c698..54e1001 100644 --- a/openssl.spec +++ b/openssl.spec @@ -23,7 +23,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.2g -Release: 2%{?dist} +Release: 3%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -288,7 +288,7 @@ sslflags=enable-ec_nistp_64_gcc_128 --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \ zlib sctp enable-camellia enable-seed enable-tlsext enable-rfc3779 \ enable-cms enable-md2 enable-ssl2 \ - no-mdc2 no-rc5 no-ec2m no-gost no-srp \ + no-mdc2 enable-rc5 no-ec2m no-gost no-srp \ --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \ --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips} @@ -502,6 +502,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun libs -p /sbin/ldconfig %changelog +* Mon Mar 7 2016 Tom Callaway - 1.0.2g-3 +- enable RC5 + * Wed Mar 2 2016 Tomáš Mráz 1.0.2g-2 - reenable SSL2 in the build to avoid ABI break (it does not make the openssl vulnerable to DROWN attack) diff --git a/sources b/sources index 69cf09a..b732381 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -f65cb1be46b1d6364b3c779785cb323e openssl-1.0.2g-hobbled.tar.xz +f32fd979486600e102b77fbc1f88787c openssl-1.0.2g-hobbled.tar.xz