1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
%define install_prefix /opt/openssl3
%define soversion 3
Name: openssl3
Epoch: 1
Version: 3.0.9
Release: 1
Summary: Cryptography and SSL/TLS Toolkit
License: OpenSSL and SSLeay
URL: https://www.openssl.org/
Source0: https://www.openssl.org/source/openssl-%{version}.tar.gz
Source1: Makefile.certificate
Patch1: openssl-3.0-build.patch
Patch2: Backport-aarch64-support-BTI-and-pointer-authentication-in-as.patch
Patch3: Backport-SM3-acceleration-with-SM3-hardware-instruction-on-aa.patch
Patch4: Backport-Fix-sm3ss1-translation-issue-in-sm3-armv8.pl.patch
Patch5: Backport-providers-Add-SM4-GCM-implementation.patch
Patch6: Backport-SM4-optimization-for-ARM-by-HW-instruction.patch
Patch7: Backport-Further-acceleration-for-SM4-GCM-on-ARM.patch
Patch8: Backport-SM4-optimization-for-ARM-by-ASIMD.patch
Patch9: Backport-providers-Add-SM4-XTS-implementation.patch
Patch10: Backport-Fix-SM4-CBC-regression-on-Armv8.patch
Patch11: Backport-Fix-SM4-test-failures-on-big-endian-ARM-processors.patch
Patch12: Backport-Apply-SM4-optimization-patch-to-Kunpeng-920.patch
Patch13: Backport-SM4-AESE-optimization-for-ARMv8.patch
Patch14: Backport-Fix-SM4-XTS-build-failure-on-Mac-mini-M1.patch
Patch15: backport-Add-testcases-for-empty-associated-data-entries-with.patch
Patch16: backport-Do-not-ignore-empty-associated-data-with-AES-SIV-mod.patch
Patch17: backport-Add-a-test-for-CVE-2023-3446.patch
Patch18: backport-Fix-DH_check-excessive-time-with-over-sized-modulus.patch
Patch19: backport-Make-DH_check-set-some-error-bits-in-recently-added-.patch
Patch20: backport-DH_check-Do-not-try-checking-q-properties-if-it-is-o.patch
Patch21: backport-dhtest.c-Add-test-of-DH_check-with-q-p-1.patch
Patch22: Backport-support-decode-SM2-parameters.patch
Patch23: Feature-support-SM2-CMS-signature.patch
Patch24: Feature-use-default-id-if-SM2-id-is-not-set.patch
Patch25: backport-A-null-pointer-dereference-occurs-when-memory-alloca.patch
BuildRequires: gcc gcc-c++ perl make lksctp-tools-devel coreutils util-linux zlib-devel
Requires: coreutils
%description
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the
Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.
%prep
%autosetup -n openssl-%{version} -p1
%build
sslarch=%{_os}-%{_target_cpu}
%ifarch i686
sslarch=linux-elf
%endif
%ifarch riscv64
sslarch=%{_os}64-%{_target_cpu}
%endif
%ifarch x86_64 aarch64
sslflags=enable-ec_nistp_64_gcc_128
%endif
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DPURIFY $RPM_LD_FLAGS"
./Configure \
--prefix=%{install_prefix} -Wl,-rpath,%{install_prefix}/lib ${sslflags} \
zlib enable-camellia enable-seed enable-rfc3779 \
enable-cms enable-md2 enable-rc5 ${ktlsopt} enable-fips\
no-mdc2 no-ec2m enable-sm2 enable-sm4 enable-buildtest-c++\
shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""' \
-Wl,--allow-multiple-definition
%make_build all
%install
# Install OpenSSL.
#install -d $RPM_BUILD_ROOT{%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl,%{_pkgdocdir}}
%make_install
rm -f %{buildroot}%{install_prefix}{/bin/c_rehash,/ssl/misc/tsget*,/ssl/misc/*.pl}
export QA_RPATHS=$(( 0x0002 ))
%check
%make_build test
%files
%license LICENSE.txt
%{install_prefix}
%changelog
* Mon Oct 02 2023 Funda Wang <fundawang@yeah.net> - 3.0.9-1
- Try install into /opt
|
