File openssl.spec of Package openssl.11276

# spec file for package openssl
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via

%define cavs_dir %{_libexecdir}/%{name}/cavs

Name:           openssl
BuildRequires:  bc
BuildRequires:  ed
BuildRequires:  pkg-config
BuildRequires:  zlib-devel
%define ssletcdir %{_sysconfdir}/ssl
#%define num_version %(echo "%{version}" | sed -e "s+[a-zA-Z]++g; s+_.*++g")
%define num_version 1.0.0
Provides:       ssl
# bug437293
%ifarch ppc64
Obsoletes:      openssl-64bit
Version:        1.0.1i
Release:        0
Summary:        Secure Sockets and Transport Layer Security
License:        OpenSSL
Group:          Productivity/Networking/Security
Source:         https://www.%{name}.org/source/%{name}-%{version}.tar.gz
Source42:       https://www.%{name}.org/source/%{name}-%{version}.tar.gz.asc
# to get mtime of file:
Source1:        openssl.changes
Source2:        baselibs.conf
Source10:       README.SUSE
Source11:       README-FIPS.txt
Patch0:         merge_from_0.9.8k.patch
Patch1:         openssl-1.0.0-c_rehash-compat.diff
Patch2:         bug610223.patch
Patch3:         openssl-ocloexec.patch
Patch4:         VIA_padlock_support_on_64systems.patch
Patch5:         openssl-fix-pod-syntax.diff
Patch6:         openssl-1.0.1e-truststore.diff
Patch7:         compression_methods_switch.patch
Patch8:         0005-libssl-Hide-library-private-symbols.patch
Patch9:         openssl-1.0.1c-default-paths.patch
Patch10:        openssl-pkgconfig.patch
# From Fedora openssl.
Patch13:        openssl-1.0.1c-ipv6-apps.patch
Patch14:        0001-libcrypto-Hide-library-private-symbols.patch
# FIPS patches:
Patch15:        openssl-1.0.1e-fips.patch
Patch16:        openssl-1.0.1e-fips-ec.patch
Patch17:        openssl-1.0.1e-fips-ctor.patch
Patch18:        openssl-1.0.1i-new-fips-reqs.patch
Patch19:        openssl-1.0.1e-add-suse-default-cipher-header.patch
Patch20:        openssl-1.0.1e-add-suse-default-cipher.patch
Patch21:        openssl-1.0.1e-add-test-suse-default-cipher-suite.patch
Patch24:        openssl-no-egd.patch
Patch25:        openssl-app-genrsa-fips.patch
Patch26:        openssl-1.0.1h-fips-engine.patch
Patch27:        openssl-1.0.1i-ppc-asm-update.patch
Patch40:        openssl-CVE-2014-3513.patch
Patch41:        openssl-CVE-2014-3566.patch
Patch42:        openssl-CVE-2014-3567.patch
Patch43:        openssl-CVE-2014-3568.patch
Patch44:        openssl-Added-OPENSSL_NO_EC2M-guards-around-the-preferred-EC.patch
Patch45:        openssl-CVE-2014-3572.patch
Patch46:        openssl-CVE-2014-8275.patch
Patch47:        openssl-CVE-2015-0204.patch
Patch48:        openssl-CVE-2015-0205.patch
Patch49:        openssl-CVE-2015-0206.patch
Patch50:        openssl-CVE-2014-3570.patch
Patch51:        openssl-CVE-2014-3571.patch
Patch52:        openssl-CVE-2015-0209.patch
Patch53:        openssl-CVE-2015-0286.patch
Patch54:        openssl-CVE-2015-0287.patch
Patch55:        openssl-CVE-2015-0288.patch
Patch56:        openssl-CVE-2015-0289.patch
Patch57:        openssl-CVE-2015-0293.patch
Patch58:        openssl-RSA_premaster_secret_in_constant_time.patch
Patch59:        openssl-CVE-2015-1788.patch
Patch60:        openssl-CVE-2015-1789.patch
Patch61:        openssl-CVE-2015-1790.patch
Patch62:        openssl-CVE-2015-1791.patch
Patch63:        openssl-CVE-2015-1792.patch
# CVE-2015-4000 fixes (aka Logjam,
Patch64:        0001-s_server-Use-2048-bit-DH-parameters-by-default.patch
Patch65:        0002-dhparam-set-the-default-to-2048-bits.patch
Patch66:        0003-dhparam-fix-documentation.patch
Patch67:        0004-Update-documentation-with-Diffie-Hellman-best-practi.patch
Patch68:        0005-client-reject-handshakes-with-DH-parameters-1024-bits.patch
# EO CVE-2015-4000
Patch69:        openssl-avoid-config-twice.patch

# Add POWER8 VMX crypto acceleration (fate#318717)
Patch70:        0001-Config-for-ppc64-le.patch
Patch71:        0001-Taking-only-the-struct-change-of-ks-to-ks-ks.patch
Patch72:        0002-Taking-only-the-general-HWAES_-function-declarations.patch
Patch73:        0003-Taking-only-the-change-to-the-preprocessor-condition.patch
Patch74:        0004-evp-e_aes.c-populate-HWAES_-to-remaning-modes.patch
Patch75:        0001-sha-asm-fips.patch
Patch76:        0002-Delete-OPENSSL-CLEANSE-buplicated.patch
Patch77:        0003-Missing-function-declarations.patch
Patch78:        0001-Adding-OPENSSL_cpuid_setup.patch
# EO fate#318717
Patch79:        0001-bn-asm-s390x.S-improve-performance-on-z196-and-z13-b.patch
Patch80:        openssl-CVE-2015-3194.patch
Patch81:        openssl-CVE-2015-3195.patch
Patch82:        openssl-CVE-2015-3196.patch
Patch83:        openssl-CVE-2015-3197.patch
# OpenSSL Security Advisory [1st March 2016]
Patch84:        openssl-CVE-2016-0702-openssl101.patch
Patch85:        openssl-CVE-2016-0705.patch
Patch86:        openssl-CVE-2016-0797.patch
Patch87:        openssl-CVE-2016-0798-101.patch
Patch88:        openssl-CVE-2016-0799.patch
Patch89:        openssl-CVE-2016-0800-DROWN-disable-ssl2.patch
# OpenSSL Security Advisory [3rd May 2016]
Patch90:        openssl-CVE-2016-2107.patch
Patch91:        openssl-CVE-2016-2108.patch
Patch92:        openssl-CVE-2016-2109.patch
Patch93:        openssl-CVE-2016-2105.patch
Patch94:        openssl-CVE-2016-2106.patch
Patch95:        0001-Preserve-digests-for-SNI.patch
Patch96:        0001-Fix-buffer-overrun-in-ASN1_parse.patch

Patch97:        openssl-s390x_performance_improvements.patch
Patch98:        openssl-update-expired-smime-certs.patch
Patch99:        openssl-print_notice-NULL_crash.patch

# FIPS related patches
Patch100:       openssl-fips_disallow_x931_rand_method.patch
Patch101:       openssl-fips_disallow_ENGINE_loading.patch
Patch102:       openssl-1.0.1i-fipslocking.patch
Patch103:       openssl-fips_RSA_compute_d_with_lcm.patch
Patch104:       openssl-rsakeygen-minimum-distance.patch
Patch105:       openssl-urandom-reseeding.patch
Patch106:       openssl-fips-rsagen-d-bits.patch
Patch107:       openssl-fips-selftests_in_nonfips_mode.patch
Patch108:       openssl-fips-fix-odd-rsakeybits.patch
Patch109:       openssl-fips-clearerror.patch
Patch110:       openssl-fips-dont-fall-back-to-default-digest.patch

#OpenSSL Security Advisory [22 Sep 2016] (bsc#999665)
Patch120:       openssl-CVE-2016-2177.patch
Patch121:       openssl-CVE-2016-2178.patch
Patch122:       openssl-CVE-2016-2180.patch
Patch123:       openssl-CVE-2016-2182.patch
Patch124:       openssl-CVE-2016-2181.patch
Patch125:       openssl-CVE-2016-2179.patch
Patch126:       openssl-CVE-2016-6303.patch
Patch127:       openssl-CVE-2016-2183-SWEET32.patch
Patch128:       openssl-CVE-2016-6306.patch
Patch129:       openssl-CVE-2016-6304.patch
Patch130:       openssl-CVE-2016-6302.patch
Patch131:       openssl-randfile_fread_interrupt.patch
# OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641)
Patch133:       openssl-CVE-2016-8610.patch
Patch134:       openssl-CVE-2016-7056.patch
Patch136:       openssl-fix_crash_in_openssl_speed.patch
Patch137:       openssl-degrade_3DES_to_MEDIUM_in_SSL2.patch
Patch138:       openssl-CVE-2017-3731.patch
# OpenSSL Security Advisory [28 Aug 2017]
Patch139:       openssl-CVE-2017-3735.patch
Patch140:       openssl-fix_crash_in_DES.patch
Patch141:       0001-Backport-support-for-fixed-DH-ciphersuites-from-HEAD.patch
Patch142:       0001-Don-t-send-a-for-ServerKeyExchange-for-kDHr-and-kDHd.patch
Patch143:       openssl-DH_fix_logjam.patch
Patch144:       openssl-1.0.1i-trusted-first.patch
Patch145:       openssl-1.0.1i-alt-chains.patch
# OpenSSL Security Advisory [27 Mar 2018]
Patch146:       openssl-CVE-2018-0739.patch
# bsc#1097158
Patch147:       openssl-CVE-2018-0732.patch
# bsc#1097624
Patch148:       openssl-add-blinding-to-ecdsa.patch
# bsc#1098592
Patch149:       openssl-add-blinding-to-dsa.patch
# OpenSSL Security Advisory [16 Apr 2018]
Patch150:       openssl-CVE-2018-0737.patch
Patch151:       openssl-CVE-2018-0737-fips.patch
Patch152:       openssl-One_and_Done.patch
# OpenSSL Security Advisory [30 October 2018]
Patch153:       0001-DSA-Address-a-timing-side-channel-whereby-it-is-possible.patch
Patch154:       0002-ECDSA-Address-a-timing-side-channel-whereby-it-is-possible.patch
Patch155:       openssl-CVE-2018-0734.patch
Patch156:       0001-Merge-to-1.0.2-DSA-mod-inverse-fix.patch
Patch157:       0001-Add-a-constant-time-flag-to-one-of-the-bignums-to-av.patch
Patch158:       openssl-CVE-2018-5407-PortSmash.patch
# The 9 Lives of Bleichenbacher's CAT - vulnerability #7739
Patch159:       openssl-Extended-OAEP-support.patch
Patch160:       openssl-rewrite-RSA-padding-checks.patch
Patch161:       openssl-add-computationally-constant-time-bn_bn2binpad.patch
Patch162:       openssl-address-Coverity-nit-in-bn2binpad.patch
Patch163:       openssl-switch-to-BN_bn2binpad.patch
Patch164:       0001-crypto-bn-add-more-fixed-top-routines.patch
Patch165:       0002-rsa-rsa_eay.c-implement-variant-of-Smooth-CRT-RSA.patch
Patch166:       0003-bn-bn_blind.c-use-Montgomery-multiplication-when-pos.patch
Patch167:       0004-bn-bn_lib.c-conceal-even-memmory-access-pattern-in-b.patch
Patch168:       0005-err-err.c-add-err_clear_last_constant_time.patch
Patch169:       0006-rsa-rsa_eay.c-make-RSAerr-call-in-rsa_ossl_private_d.patch
Patch170:       0007-rsa-rsa_pk1.c-remove-memcpy-calls-from-RSA_padding_c.patch
Patch171:       0008-rsa-rsa_oaep.c-remove-memcpy-calls-from-RSA_padding_.patch
Patch172:       0009-rsa-rsa_ssl.c-make-RSA_padding_check_SSLv23-constant.patch
Patch173:       openssl-bn_mul_mont_fixed_top.patch
Patch174:       openssl-bn_mod_add_fixed_top.patch
Patch175:       0001-RT-4242-reject-invalid-EC-point-coordinates.patch
Patch176:       openssl-CVE-2019-1559.patch

BuildRoot:      %{_tmppath}/%{name}-%{version}-build

The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and open source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography. The project is managed
by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL toolkit and its related

Derivation and License

OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style license, which basically means that you are free to get it
and to use it for commercial and noncommercial purposes.

%package -n libopenssl1_0_0
Summary:        Secure Sockets and Transport Layer Security
License:        OpenSSL
Group:          Productivity/Networking/Security
Recommends:     ca-certificates-mozilla
# bug437293
%ifarch ppc64
Obsoletes:      openssl-64bit

%description -n libopenssl1_0_0
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and open source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography. The project is managed
by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL toolkit and its related

Derivation and License

OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style license, which basically means that you are free to get it
and to use it for commercial and noncommercial purposes.

%package -n libopenssl-devel
Summary:        Include Files and Libraries mandatory for Development
License:        OpenSSL
Group:          Development/Libraries/C and C++
Obsoletes:      openssl-devel < %{version}
Requires:       %name = %version
Requires:       libopenssl1_0_0 = %{version}
Requires:       zlib-devel
Provides:       openssl-devel = %{version}
# bug437293
%ifarch ppc64
Obsoletes:      openssl-devel-64bit

%description -n libopenssl-devel
This package contains all necessary include files and libraries needed
to develop applications that require these.

%package -n libopenssl1_0_0-hmac
Summary:        HMAC files for FIPS-140-2 integrity checking of the openssl shared libraries
License:        BSD-3-Clause
Group:          Productivity/Networking/Security
Requires:       libopenssl1_0_0 = %{version}-%{release}

%description -n libopenssl1_0_0-hmac
The FIPS compliant operation of the openssl shared libraries is NOT
possible without the HMAC hashes contained in this package!

%package doc
Summary:        Additional Package Documentation
License:        OpenSSL
Group:          Productivity/Networking/Security
%if 0%{?suse_version} >= 1140
BuildArch:      noarch

%description doc
This package contains optional documentation provided in addition to
this package's base documentation.

%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch40 -p1
%patch41 -p1
%patch42 -p1
%patch43 -p1
%patch44 -p1
%patch45 -p1
%patch46 -p1
%patch47 -p1
%patch48 -p1
%patch49 -p1
%patch50 -p1
%patch51 -p1
%patch52 -p1
%patch53 -p1
%patch54 -p1
%patch55 -p1
%patch56 -p1
%patch57 -p1
%patch58 -p1
%patch59 -p1
%patch60 -p1
%patch61 -p1
%patch62 -p1
%patch63 -p1
%patch64 -p1
%patch65 -p1
%patch66 -p1
%patch67 -p1
%patch68 -p1
%patch69 -p1
# Add POWER8 VMX crypto acceleration (fate#318717)
%patch70 -p1
%patch71 -p1
%patch72 -p1
%patch73 -p1
%patch74 -p1
%patch75 -p1
%patch76 -p1
%patch77 -p1
%patch78 -p1
%patch79 -p1
%patch80 -p1
%patch81 -p1
%patch82 -p1
%patch83 -p1
%patch84 -p1
%patch85 -p1
%patch86 -p1
%patch87 -p1
%patch88 -p1
%patch89 -p1
# OpenSSL Security Advisory [3rd May 2016]
%patch90 -p1
%patch91 -p1
%patch92 -p1
%patch93 -p1
%patch94 -p1
%patch95 -p1
%patch96 -p1
%patch97 -p1
%patch98 -p1
%patch99 -p1
# FIPS related patches
%patch100 -p1
%patch101 -p1
%patch102 -p1
%patch103 -p1
%patch104 -p1
%patch105 -p1
%patch106 -p1
%patch107 -p1
%patch108 -p1
%patch109 -p1
%patch110 -p1
# non-FIPS patches
#OpenSSL Security Advisory [22 Sep 2016] (bsc#999665)
%patch120 -p1
%patch121 -p1
%patch122 -p1
%patch123 -p1
%patch124 -p1
%patch125 -p1
%patch126 -p1
%patch127 -p1
%patch128 -p1
%patch129 -p1
%patch130 -p1
%patch131 -p1
%patch133 -p1
%patch134 -p1
%patch136 -p1
%patch137 -p1
%patch138 -p1
%patch139 -p1
%patch140 -p1
%patch141 -p1
%patch142 -p1
%patch143 -p1
%patch144 -p1
%patch145 -p1
%patch146 -p1
%patch147 -p1
%patch148 -p1
%patch149 -p1
%patch150 -p1
%patch151 -p1
%patch152 -p1
%patch153 -p1
%patch154 -p1
%patch155 -p1
%patch156 -p1
%patch157 -p1
%patch158 -p1
%patch159 -p1
%patch160 -p1
%patch161 -p1
%patch162 -p1
%patch163 -p1
%patch164 -p1
%patch165 -p1
%patch166 -p1
%patch167 -p1
%patch168 -p1
%patch169 -p1
%patch170 -p1
%patch171 -p1
%patch172 -p1
%patch173 -p1
%patch174 -p1
%patch175 -p1
%patch176 -p1

cp -p %{S:10} .
cp -p %{S:11} .
echo "adding/overwriting some entries in the 'table' hash in Configure"
# $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags
cat <<EOF_ED | ed -s Configure
# local configuration added from specfile
# ... MOST of those are now correct in openssl's Configure already,
# so only add them for new ports!
#config-string,  $cc:$cflags:$unistd:$thread_cflag:$sys_id:$lflags:$bn_ops:$cpuid_obj:$bn_obj:$des_obj:$aes_obj:$bf_obj:$md5_obj:$sha1_obj:$cast_obj:$rc4_obj:$rmd160_obj:$rc5_obj:$wp_obj:$cmll_obj:$dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags:$multilib
#"linux-elf",    "gcc:-DL_ENDIAN			::-D_REENTRANT::-ldl:BN_LLONG \${x86_gcc_des} \${x86_gcc_opts}:\${x86_elf_asm}:$DSO_SCHEME:",
#"linux-ia64",   "gcc:-DL_ENDIAN	-DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:\${ia64_asm}:		$DSO_SCHEME:",
#"linux-ppc",    "gcc:-DB_ENDIAN			::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:\${no_asm}:		$DSO_SCHEME:",
#"linux-ppc64",  "gcc:-DB_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL SIXTY_FOUR_BIT_LONG:\${no_asm}:	$DSO_SCHEME:64",
"linux-elf-arm","gcc:-DL_ENDIAN			::-D_REENTRANT::-ldl:BN_LLONG:\${no_asm}:							$DSO_SCHEME:",
"linux-mips",   "gcc:-DB_ENDIAN			::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:\${no_asm}:		$DSO_SCHEME:",
"linux-sparcv7","gcc:-DB_ENDIAN			::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:\${no_asm}:			$DSO_SCHEME:",
#"linux-sparcv8","gcc:-DB_ENDIAN -DBN_DIV2W -mv8	::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::asm/sparcv8.o:::::::::::::	$DSO_SCHEME:",
#"linux-x86_64", "gcc:-DL_ENDIAN -DNO_ASM -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG:\${no_asm}:						$DSO_SCHEME:64",
#"linux-s390",   "gcc:-DB_ENDIAN			::(unknown):   :-ldl:BN_LLONG:\${no_asm}:							$DSO_SCHEME:",
#"linux-s390x",  "gcc:-DB_ENDIAN -DNO_ASM -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG:\${no_asm}:					$DSO_SCHEME:64",
"linux-parisc",	"gcc:-DB_ENDIAN 		::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL DES_RISC1:\${no_asm}:			$DSO_SCHEME:",
# fix ENGINESDIR path
sed -i 's,/lib/engines,/%_lib/engines,' Configure
# Record mtime of changes file instead of build time
CHANGES=`stat --format="%y" %SOURCE1`
sed -i -e "s|#define DATE \(.*\).LC_ALL.*date.|#define DATE \1$CHANGES|" crypto/Makefile

%ifarch armv5el armv5tel
export MACHINE=armv5el
%ifarch armv6l armv6hl
export MACHINE=armv6l
./config --test-sanity
config_flags="threads shared no-rc5 no-idea \
fips \
%ifarch x86_64
enable-ec_nistp_64_gcc_128 \
enable-camellia \
zlib \
no-ec2m \
--prefix=%{_prefix} \
--libdir=%{_lib} \
--openssldir=%{ssletcdir} \
$RPM_OPT_FLAGS -std=gnu99 \
-Wa,--noexecstack \
-fomit-frame-pointer \
$(getconf LFS_CFLAGS) \
-Wall "
%ifnarch hppa aarch64
config_flags="$config_flags -fstack-protector "
#%{!?do_profiling:%define do_profiling 0}
#%if %do_profiling
#	# generate feedback
#	./config $config_flags
#	make depend CC="gcc %cflags_profile_generate"
#	make CC="gcc %cflags_profile_generate"
#	LD_LIBRARY_PATH=`pwd` make rehash CC="gcc %cflags_profile_generate"
#	LD_LIBRARY_PATH=`pwd` make test CC="gcc %cflags_profile_generate"
#	LD_LIBRARY_PATH=`pwd` apps/openssl speed
#	make clean
#	# compile with feedback
#	# but not if it makes a cipher slower:
#	#find crypto/aes -name '*.da' | xargs -r rm
#	./config $config_flags %cflags_profile_feedback
#	make depend
#	make
#	LD_LIBRARY_PATH=`pwd` make rehash
#	LD_LIBRARY_PATH=`pwd` make test
# OpenSSL relies on uname -m (not good). Thus that little sparc line.
	./config \
%ifarch sparc64
		linux64-sparcv9 \
	make depend
	LD_LIBRARY_PATH=`pwd` make rehash
# for FIPS mode testing; the same hashes are being created later just before
# the wrap-up of the files into the package.
# These files are just there for the make test below...
crypto/fips/fips_standalone_hmac >
crypto/fips/fips_standalone_hmac >

	%ifnarch armv4l
	LD_LIBRARY_PATH=`pwd` make test
# show settings
make TABLE
eval $(egrep PLATFORM='[[:alnum:]]' Makefile)
grep -B1 -A22 "^\*\*\* $PLATFORM$" TABLE

cp -a crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT/usr/bin/fips_standalone_hmac
ln -sf ./%{name} $RPM_BUILD_ROOT/%{_includedir}/ssl
mkdir $RPM_BUILD_ROOT/%{_datadir}/ssl
mv $RPM_BUILD_ROOT/%{ssletcdir}/misc $RPM_BUILD_ROOT/%{_datadir}/ssl/
# ln -s %{ssletcdir}/private 	$RPM_BUILD_ROOT/%{_datadir}/ssl/private
# ln -s %{ssletcdir}/openssl.cnf 	$RPM_BUILD_ROOT/%{_datadir}/ssl/openssl.cnf

# avoid file conflicts with man pages from other packages
pushd $RPM_BUILD_ROOT/%{_mandir}
# some man pages now contain spaces. This makes several scripts go havoc, among them /usr/sbin/Check.
# replace spaces by underscores
#for i in man?/*\ *; do mv -v "$i" "${i// /_}"; done
which readlink &>/dev/null || function readlink { ( set +x; target=$(file $1 2>/dev/null); target=${target//* }; test -f $target && echo $target; ) }
for i in man?/*; do
	if test -L $i ; then
	    LDEST=`readlink $i`
	    rm -f $i ${i}ssl
	    ln -sf ${LDEST}ssl ${i}ssl
	    mv $i ${i}ssl
	case `basename ${i%.*}` in
		# these are the pages mentioned in openssl(1). They go into the main package.
		echo %doc %{_mandir}/${i}ssl.gz >> $OLDPWD/filelist;;
		# the rest goes into the openssl-doc package.
		echo %doc %{_mandir}/${i}ssl.gz >> $OLDPWD/filelist.doc;;
# check wether some shared library has been installed
ls -l $RPM_BUILD_ROOT%{_libdir}
test -f $RPM_BUILD_ROOT%{_libdir}/{num_version}
test -f $RPM_BUILD_ROOT%{_libdir}/{num_version}
test -L $RPM_BUILD_ROOT%{_libdir}/
test -L $RPM_BUILD_ROOT%{_libdir}/
# see what we've got
cat > showciphers.c <<EOF
#include <openssl/err.h>
#include <openssl/ssl.h>
int main(){
unsigned int i;
SSL_CTX *ctx;
SSL *ssl;
  meth = SSLv23_client_method();
  ctx = SSL_CTX_new(meth);
  if (ctx == NULL) return 0;
  ssl = SSL_new(ctx);
  if (!ssl) return 0;
  for (i=0; ; i++) {
    int j, k;
    SSL_CIPHER *sc;
    sc = (meth->get_cipher)(i);
    if (!sc) break;
    k = SSL_CIPHER_get_bits(sc, &j);
    printf("%s\n", sc->name);
  return 0;
gcc $RPM_OPT_FLAGS -I${RPM_BUILD_ROOT}%{_includedir} -c showciphers.c
gcc -o showciphers showciphers.o -L${RPM_BUILD_ROOT}%{_libdir} -lssl -lcrypto
LD_LIBRARY_PATH=${RPM_BUILD_ROOT}%{_libdir} ./showciphers > AVAILABLE_CIPHERS || true
# Do not install demo scripts executable under /usr/share/doc
find demos -type f -perm /111 -exec chmod 644 {} \;

# the hmac hashes:
# this is a hack that re-defines the __os_install_post macro
# for a simple reason: the macro strips the binaries and thereby
# invalidates a HMAC that may have been created earlier.
# solution: create the hashes _after_ the macro runs.
# this shows up earlier because otherwise the %expand of
# the macro is too late.
# remark: This is the same as running
#   openssl dgst -sha256 -hmac 'ppaksykemnsecgtsttplmamstKMEs'
%{expand:%%global __os_install_post {%__os_install_post

$RPM_BUILD_ROOT/usr/bin/fips_standalone_hmac \
  $RPM_BUILD_ROOT/%{_lib}/{num_version} > \

$RPM_BUILD_ROOT/usr/bin/fips_standalone_hmac \
  $RPM_BUILD_ROOT/%{_lib}/{num_version} > \


#process openssllib
mkdir $RPM_BUILD_ROOT/%{_lib}
mv $RPM_BUILD_ROOT%{_libdir}/{num_version} $RPM_BUILD_ROOT/%{_lib}/
mv $RPM_BUILD_ROOT%{_libdir}/{num_version} $RPM_BUILD_ROOT/%{_lib}/
mv $RPM_BUILD_ROOT%{_libdir}/engines $RPM_BUILD_ROOT/%{_lib}/
cd $RPM_BUILD_ROOT%{_libdir}/
ln -sf /%{_lib}/{num_version} ./
ln -sf /%{_lib}/{num_version} ./

for engine in 4758cca atalla nuron sureware ubsec cswift chil aep; do
rm %{buildroot}/%{_lib}/engines/lib$

%ifnarch %{ix86} x86_64
rm %{buildroot}/%{_lib}/engines/

%post -n libopenssl1_0_0 -p /sbin/ldconfig

%postun -n libopenssl1_0_0 -p /sbin/ldconfig

%files -n libopenssl1_0_0
%defattr(-, root, root)

%files -n libopenssl1_0_0-hmac
%defattr(-, root, root)

%files -n libopenssl-devel
%defattr(-, root, root)
%exclude %{_libdir}/libcrypto.a
%exclude %{_libdir}/libssl.a

%files doc -f filelist.doc
%defattr(-, root, root)
%doc doc/* demos
%doc showciphers.c

%files -f filelist
%defattr(-, root, root)
%dir %{ssletcdir}
%config (noreplace) %{ssletcdir}/openssl.cnf
%attr(700,root,root) %{ssletcdir}/private
%dir %{_datadir}/ssl

openSUSE Build Service is sponsored by