File compat-openssl098.spec of Package compat-openssl098.1339

#
# spec file for package compat-openssl098
#
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


Name:           compat-openssl098
BuildRequires:  bc
BuildRequires:  ed
BuildRequires:  zlib-devel
# openssl-fips-objectmodule
%define ssletcdir %{_sysconfdir}/ssl
%define num_version %(echo "%{version}" | sed -e "s+[a-zA-Z]++g; s+_.*++g")
Provides:       ssl
Version:        0.9.8j
Release:        0
Requires:       libopenssl0_9_8 = %{version}
PreReq:         libopenssl0_9_8 = %{version}
Summary:        Secure Sockets and Transport Layer Security
License:        OpenSSL
Group:          Productivity/Networking/Security
Url:            http://www.openssl.org/
Source:         http://www.openssl.org/source/openssl-%{version}.tar.gz
Source10:       README.SuSE
Source11:       README-FIPS.txt
Source99:       baselibs.conf
Patch0:         openssl-0.9.8-sparc.dif
Patch1:         openssl-0.9.8-flags-priority.dif
Patch2:         non-exec-stack.diff
Patch3:         openssl-0.9.7f-ppc64.diff
Patch4:         openssl-hppa-config.diff
Patch5:         openssl-0.9.6g-alpha.diff
# http://www-124.ibm.com/developerworks/projects/libica/
#Patch10:      openssl-0.9.7d-ICA_engine-jun142004.patch.bz2
Patch6:         openssl-0.9.8a.ca-app-segfault.bug128655.dif
Patch7:         bswap.diff
Patch8:         fix-pod-number.patch
Patch9:         bswap-s390x-fix.diff
Patch11:        openssl-CVE-2009-0590.patch
Patch12:        openssl-CVE-2009-0591.patch
Patch13:        openssl-CVE-2009-0789.patch
Patch14:        openssl-CVE-2009-1377.patch
Patch15:        openssl-CVE-2009-1378.patch
Patch16:        openssl-CVE-2009-1379.patch
Patch18:        openssl-CVE-2009-1387.patch
Patch20:        openssl-CVE-2009-4355.patch
Patch22:        enable-security-renegotiation.patch
Patch23:        openssl-CVE-2009-3245.patch
Patch24:        openssl-CVE-2010-0740.patch
Patch25:        CVE-2010-2939.patch
Patch27:        CVE-2010-3864.patch
Patch28:        CVE-2010-4180.patch
Patch29:        CVE-2011-0014.patch
Patch30:        ECDSA_signatures_timing_attack.patch
Patch31:        compression_methods_switch.patch
Patch32:        intel-0.9.8.diff
Patch33:        intel-0.9.8-switch.diff
Patch34:        intel-0.9.8-private.diff
Patch35:        openssl-makefile-cc.diff
Patch60:        openssl-fips__0000_fipsmode.diff
Patch61:        openssl-fips__0010_enable_shared_fips_Configure.diff
Patch62:        openssl-fips__0020_rng-seeding.patch
Patch63:        openssl-fips__0040_use_fipscheck_internal.diff
Patch64:        openssl-fips__0045_fipscheck_sha1_sha256.diff
# for x86_64 and x86 only.
Patch65:        openssl-fips__0050_fips_sha_Makefile_CPUID_OBJ.diff
# is deactivated, for debugging purposes only.
Patch66:        openssl-fips__0080_fips_fips_c_OPENSSL_FIPS_DEBUG_FIPSCHECK_DISABLE.diff
# changes the hmac key to ppaksykemnsecgtsttplmamstKMEs
Patch67:        openssl-fips__0090_hmac_key_change.diff
Patch71:        openssl-fips__0100_aes_EVP_CIPH_FLAG_FIPS_-_the_fenzke_code.diff
Patch72:        openssl-fips__0200_CFB1_enable.diff
Patch73:        openssl-fips__0211_cavs_rsa_testvector_path_adoptions.diff
Patch74:        openssl-fips__0212_cavs_dsa_missing_PQGVer.diff
Patch77:        openssl-fips__0220_make_hmac_path_return_value_check.diff
Patch78:        openssl-fips__0222_dsa_pqver_fixes.diff
Patch79:        openssl-fips__0230_sha256_sha512_selftests.diff
Patch80:        CVE-2011-3210.patch
Patch91:        CVE-2011-4108.patch
Patch92:        CVE-2011-4109.patch
Patch93:        CVE-2011-4576.patch
Patch94:        CVE-2011-4619.patch
Patch95:        CVE-2011-4577.patch
Patch96:        CVE-2012-0050.patch
Patch97:        openssl-add_sha256_sha512.diff
Patch98:        Bug748738_Tolerate_bad_MIME_headers.patch
Patch99:        bug749213-Free-headers-after-use.patch
Patch100:       bug749210-Symmetric-crypto-errors-in-PKCS7_decrypt.patch
Patch101:       CVE-2012-1165.patch
Patch102:       CVE-2012-0884.patch
Patch103:       bug749735.patch
Patch104:       CVE-2012-2110.patch
Patch105:       bug-755395_intel-nonexecstack.diff
Patch106:       CVE-2012-2131.patch
Patch107:       aes-x86_64.patch
Patch108:       bug-761324-backport-cms-from-0.9.8x-to-0.9.8j.patch
Patch109:       CVE-2012-2333.patch
Patch110:       openssl-fips__0300_run_selftests_if_hmac_files_present.diff
Patch111:       openssl-CVE-2011-5095.patch
Patch112:       CVE-2013-0166.patch
Patch113:       CVE-2013-0169.patch
Patch114:       bug-860332-cmdline-check-certs.patch
Patch115:       openssl-0.9.8j-c_rehash-with-openssl1.patch
Patch116:       openssl-enable-ecdh.patch
Patch117:       openssl-0.9.8b-ipv6-apps.patch

Patch118:       CVE-2014-0076.patch
Patch119:       CVE-2014-3470.patch
Patch120:       CVE-2014-0221.patch
Patch121:       CVE-2014-0224.patch
Patch122:       prevent_buffer_overread.patch
Patch123:       openssl-CVE-2014-3508.patch
Patch124:       openssl-CVE-2014-3505.patch
Patch125:       openssl-CVE-2014-3506.patch
Patch126:       openssl-CVE-2014-3507.patch
Patch127:       openssl-CVE-2014-3510.patch
Patch128:       openssl-CVE-2014-3566.patch
Patch129:       openssl-CVE-2014-3567.patch
Patch130:       openssl-CVE-2014-3568.patch
# two patches for bnc#892403: properly fix stateless session support
Patch131:       Fix-stateless-session-resumption-so-it-can-coexist-with-SNI.patch
Patch132:       Generate-stateless-session-ID-just-after-the-ticket-is-r.patch
Patch133:       openssl-CVE-2014-3572.patch
Patch134:       openssl-CVE-2014-8275.patch
Patch135:       openssl-CVE-2015-0204.patch
Patch136:       openssl-CVE-2014-3570.patch
Patch137:       openssl-CVE-2014-3571.patch
Patch138:       openssl-CVE-2015-0205.patch
Patch139:       openssl-CVE-2009-5146.patch
Patch140:       openssl-CVE-2015-0209.patch
Patch141:       openssl-CVE-2015-0286.patch
Patch142:       openssl-CVE-2015-0287.patch
Patch143:       openssl-CVE-2015-0288.patch
Patch144:       openssl-CVE-2015-0289.patch
Patch145:       openssl-CVE-2015-0292.patch
Patch146:       openssl-CVE-2015-0293.patch
Patch148:       openssl-RSA_premaster_secret_in_constant_time.patch
Patch149:       openssl-CVE-2015-1788.patch
Patch150:       openssl-CVE-2015-1789.patch
Patch151:       openssl-CVE-2015-1790.patch
Patch152:       openssl-CVE-2015-1791.patch
Patch153:       openssl-CVE-2015-1792.patch
# CVE-2015-4000 fixes (aka Logjam, weakdh.org)
Patch154:       0001-s_server-Use-2048-bit-DH-parameters-by-default.patch
Patch155:       0002-dhparam-set-the-default-to-2048-bits.patch
Patch156:       0003-dhparam-fix-documentation.patch
Patch157:       0004-Update-documentation-with-Diffie-Hellman-best-practi.patch
Patch158:       0005-client-reject-handshakes-with-DH-parameters-1024-bits.patch
Patch159:       openssl-disable_EXPORT_ciphers_by_default.patch
# EO CVE-2015-4000
Patch160:       openssl-fix-ecdh_negotiation_bug.patch
# was never built on ppc64le and aarch64, so its not required to be present
ExcludeArch:    aarch64 ppc64le
BuildRoot:      %{_tmppath}/%{name}-%{version}-build

%description
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and open source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography. The project is managed
by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL toolkit and its related
documentation.

Derivation and License

OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style license, which basically means that you are free to get it
and to use it for commercial and noncommercial purposes.

Please read the file /usr/share/doc/packages/openssl/README-FIPS.txt
for information on FIPS-140-2 compliant mode of operation of the
openssl shared libraries.



Authors:
--------
    Mark J. Cox <mark@openssl.org>
    Ralf S. Engelschall <rse@openssl.org>
    Dr. Stephen Henson <steve@openssl.org>
    Ben Laurie <ben@openssl.org>
    Bodo Moeller <bodo@openssl.org>
    Ulf Moeller <ulf@openssl.org>
    Holger Reif <holger@openssl.org>
    Paul C. Sutton <paul@openssl.org>

%package -n libopenssl0_9_8
Summary:        Secure Sockets and Transport Layer Security
Group:          Productivity/Networking/Security
Recommends:     openssl-certs

%description -n libopenssl0_9_8
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and open source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography. The project is managed
by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL toolkit and its related
documentation.

Derivation and License

OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style license, which basically means that you are free to get it
and to use it for commercial and noncommercial purposes.

Please read the file /usr/share/doc/packages/openssl/README-FIPS.txt
for information on FIPS-140-2 compliant mode of operation of the
openssl shared libraries.

%prep
%setup -q -n openssl-%version
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4
%patch5 -p1
%patch6 -p1
%patch7
%patch9 
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch18 -p1
%patch20 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch27 -p1
%patch28 -p1
%patch8 -p1
%patch29 -p1
%patch30 -p1
%patch31 -p1
%patch32 -p1
%patch33 -p1
%patch34 -p1
%patch35 -p1
%patch60 -p1
%patch61 -p0
%patch62 -p0
%patch63 -p0
%patch64 -p0
%ifarch x86_64 x86
%patch65 -p0
%endif
#%patch66 -p0
%patch67 -p0
# %patch70 is the temporary disable of the compile-time tests. Uncomment to disable tests:
#%patch70 -p0
%patch71 -p0
%patch72 -p0
%patch73 -p0
%patch74 -p0
%patch77 -p0
%patch78 -p0
%patch79 -p0
%patch80 -p1
%patch91 -p1
%patch92 -p1
%patch93 -p1
%patch94 -p1
%patch95 -p1
%patch96 -p1
%patch97 -p0
%patch98 -p1
%patch99 -p1
%patch100 -p1
%patch101 -p1
%patch102 -p1
%patch103 -p1
%patch104 -p1
%patch105 -p1
%patch106 -p1
%patch107 -p1
%patch108 -p1
%patch109 -p1
%patch110 -p0
%patch111 -p1
%patch112 -p1
%patch113 -p1
%patch114 -p1
%patch115 -p1
%patch116 -p0
%patch117 -p1
%patch118 -p1
%patch119 -p1
%patch120 -p1
%patch121 -p1
%patch122 -p1
%patch123 -p1
%patch124 -p1
%patch125 -p1
%patch126 -p1
%patch127 -p1
%patch128 -p1
%patch129 -p1
%patch130 -p1
%patch131 -p1
%patch132 -p1
%patch133 -p1
%patch134 -p1
%patch135 -p1
%patch136 -p1
%patch137 -p1
%patch138 -p1
%patch139 -p1
%patch140 -p1
%patch141 -p1
%patch142 -p1
%patch143 -p1
%patch144 -p1
%patch145 -p1
%patch146 -p1
%patch148 -p1
%patch149 -p1
%patch150 -p1
%patch151 -p1
%patch152 -p1
%patch153 -p1
%patch154 -p1
%patch155 -p1
%patch156 -p1
%patch157 -p1
%patch158 -p1
%patch159 -p1
%patch160 -p1
# delete patch leftovers from doc to silence a build check
find doc -name \*.orig -delete
cp -p %{S:10} %{S:11} .
# lib64 installation fixes
for i in Makefile.org engines/Makefile; do
sed -e 	"s+\(\$(INSTALL_PREFIX)\$(INSTALLTOP)\)/lib+\1/%_lib+g" \
    -e	"s+libdir=\$\${exec_prefix}/lib+libdir=\$\${exec_prefix}/%_lib+g" \
	$i > $i.t
	diff -u $i $i.t ||:
	mv $i.t $i
done

# stop it here if playing around with rpmbuild -bp to create a new patch:
#exit 2

echo "adding/overwriting some entries in the 'table' hash in Configure"
# $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags
#"linux-ia64",   "gcc:-DL_ENDIAN	-DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR::asm/ia64.o::::::::::		$DSO_SCHEME",
export DSO_SCHEME='dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):'
cat <<EOF_ED | ed -s Configure 
/^);
-
i
# local configuration added from specfile
#config-string,  $cc:$cflags:$unistd:$thread_cflag:$sys_id:$lflags:$bn_ops:$cpuid_obj:$bn_obj:$des_obj:$aes_obj:$bf_obj:$md5_obj:$sha1_obj:$cast_obj:$rc4_obj:$rmd160_obj:$rc5_obj:$dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags
"linux-elf",    "gcc:-DL_ENDIAN			::-D_REENTRANT::-ldl:BN_LLONG \${x86_gcc_des} \${x86_gcc_opts}:\${x86_elf_asm}:$DSO_SCHEME",
"linux-ia64",   "gcc:-DL_ENDIAN	-DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR::::::::::::		$DSO_SCHEME",
"linux-ppc",    "gcc:-DB_ENDIAN			::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::::		$DSO_SCHEME",
"linux-ppc64",  "gcc:-DB_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL SIXTY_FOUR_BIT_LONG::::::::::::	$DSO_SCHEME",
"linux-elf-arm","gcc:-DL_ENDIAN			::-D_REENTRANT::-ldl:BN_LLONG::::::::::::							$DSO_SCHEME",
"linux-mips",   "gcc:-DB_ENDIAN			::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::::		$DSO_SCHEME",
"linux-sparcv7","gcc:-DB_ENDIAN			::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::::			$DSO_SCHEME",
"linux-sparcv8","gcc:-DB_ENDIAN -DBN_DIV2W -mv8	::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::asm/sparcv8.o::::::::::	$DSO_SCHEME",
"linux-x86_64", "gcc:-DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2:\${x86_64_asm}:			$DSO_SCHEME",
"linux-s390",   "gcc:-DB_ENDIAN			::(unknown):   :-ldl:BN_LLONG::::::::::::							$DSO_SCHEME",
"linux-s390x",  "gcc:-DB_ENDIAN -DNO_ASM -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::::					$DSO_SCHEME",
"linux-parisc",	"gcc:-DB_ENDIAN 		::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL DES_RISC1::::::::::::			$DSO_SCHEME",
.
wq
EOF_ED

# fix ENGINESDIR path
sed -i 's,/lib/engines,/%_lib/engines098,' Configure
# help syntax highlighting
# "

%build
./config --test-sanity 
#
config_flags="fipscanisterbuild shared threads no-rc5 no-idea enable-tlsext \
enable-camellia \
enable-cms \
zlib \
--prefix=%{_prefix} \
--openssldir=%{ssletcdir} \
$RPM_OPT_FLAGS \
-fomit-frame-pointer \
-fno-strict-aliasing \
-DTERMIO \
-Wall \
-fstack-protector "
#
%{!?do_profiling:%define do_profiling 0}
%if %do_profiling
	# generate feedback
	./config $config_flags
	make depend CC="gcc %cflags_profile_generate"
	make CC="gcc %cflags_profile_generate"
	LD_LIBRARY_PATH=`pwd` make rehash CC="gcc %cflags_profile_generate"
	LD_LIBRARY_PATH=`pwd` make test CC="gcc %cflags_profile_generate" FIPSCANLIB=""
	LD_LIBRARY_PATH=`pwd` apps/openssl speed
	make clean
	./config $config_flags %cflags_profile_feedback
%else
	./config $config_flags
%endif

make depend
make

LD_LIBRARY_PATH=`pwd` make rehash
# for FIPS mode testing; the same hashes are being created later just before
# the wrap-up of the files into the package.
# These files are just there for the make test below...
fips/fips_standalone_sha1 libcrypto.so.0.9.8 > .libcrypto.so.0.9.8.hmac
fips/fips_standalone_sha1 libssl.so.0.9.8 > .libssl.so.0.9.8.hmac

LD_LIBRARY_PATH=`pwd` make test FIPSCANLIB=""

# show settings
make TABLE
echo $RPM_OPT_FLAGS
eval $(egrep PLATFORM='[[:alnum:]]' Makefile)
grep -B1 -A22 "^\*\*\* $PLATFORM$" TABLE 

%install
mkdir -p ${RPM_BUILD_ROOT}/usr/lib	# for now
make MANDIR=%{_mandir} INSTALL_PREFIX=$RPM_BUILD_ROOT install
rm -rf $RPM_BUILD_ROOT/etc $RPM_BUILD_ROOT/usr/bin/* $RPM_BUILD_ROOT/usr/include $RPM_BUILD_ROOT/usr/share $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
rm -f $RPM_BUILD_ROOT/%{_libdir}/libssl.a $RPM_BUILD_ROOT/%{_libdir}/libcrypto.a
cp -a fips/fips_standalone_sha1 $RPM_BUILD_ROOT/usr/bin/fips_standalone_sha1

# to avoid conflict with openssl 1
mv $RPM_BUILD_ROOT/%{_libdir}/engines  $RPM_BUILD_ROOT/%{_libdir}/engines098

# install standard root certificates
#cp -pr certs/* $RPM_BUILD_ROOT/%{ssletcdir}/certs
#ln -sf ./%{name} $RPM_BUILD_ROOT/%{_includedir}/ssln -sf ./%{name} $RPM_BUILD_ROOT/%{_includedir}/ssl
#ln -sf ./openssl $RPM_BUILD_ROOT/%{_includedir}/ssl
#mv $RPM_BUILD_ROOT/%{ssletcdir}/misc $RPM_BUILD_ROOT/%{_datadir}/ssl/
# ln -s %{ssletcdir}/certs 	$RPM_BUILD_ROOT/%{_datadir}/ssl/certs
# ln -s %{ssletcdir}/private 	$RPM_BUILD_ROOT/%{_datadir}/ssl/private
# ln -s %{ssletcdir}/openssl.cnf 	$RPM_BUILD_ROOT/%{_datadir}/ssl/openssl.cnf
#
# avoid file conflicts with man pages from other packages
#
#pushd $RPM_BUILD_ROOT/%{_mandir}
# some man pages now contain spaces. This makes several scripts go havoc, among them /usr/sbin/Check.
# replace spaces by underscores
#for i in man?/*\ *; do mv -v "$i" "${i// /_}"; done

#which readlink &>/dev/null || function readlink { ( set +x; target=$(file $1 2>/dev/null); target=${target//* }; test -f $target && echo $target; ) }
#for i in man?/*; do 
#	if test -L $i ; then
#	    LDEST=`readlink $i`
#	    rm -f $i ${i}ssl
#	    ln -sf ${LDEST}ssl ${i}ssl
#	else
#	    mv $i ${i}ssl
#        fi
#	case `basename ${i%.*}` in 
#	    asn1parse|ca|config|crl|crl2pkcs7|crypto|dgst|dhparam|dsa|dsaparam|enc|gendsa|genrsa|nseq|openssl|passwd|pkcs12|pkcs7|pkcs8|rand|req|rsa|rsautl|s_client|s_server|smime|spkac|ssl|verify|version|x509)
#		# these are the pages mentioned in openssl(1). They go into the main package.
#		echo %doc %{_mandir}/${i}ssl.gz >> $OLDPWD/filelist;;
#	    *)	
#		# the rest goes into the openssl-doc package.
#		echo %doc %{_mandir}/${i}ssl.gz >> $OLDPWD/filelist.doc;;
#	esac
#done
#popd
#
# check wether some shared library has been installed
#
ls -l $RPM_BUILD_ROOT/%{_libdir}
test -f $RPM_BUILD_ROOT/%{_libdir}/libssl.so.%{num_version}
test -f $RPM_BUILD_ROOT/%{_libdir}/libcrypto.so.%{num_version}
test -L $RPM_BUILD_ROOT/%{_libdir}/libssl.so
test -L $RPM_BUILD_ROOT/%{_libdir}/libcrypto.so
#
# see what we've got
#
cat > showciphers.c <<EOF
#include <openssl/err.h>
#include <openssl/ssl.h>
void main(){
unsigned int i;
SSL_CTX *ctx;
SSL *ssl;
SSL_METHOD *meth;
  meth = SSLv2_client_method();
  SSLeay_add_ssl_algorithms();
  ctx = SSL_CTX_new(meth);
  if (ctx == NULL) return 0;
  ssl = SSL_new(ctx);
  if (!ssl) return 0;
  for (i=0; ; i++) {
    int j, k;
    SSL_CIPHER *sc;
    sc = (meth->get_cipher)(i);
    if (!sc) break;
    k = SSL_CIPHER_get_bits(sc, &j);
    printf("%s\n", sc->name);
  }
  return 0;
};
EOF
#gcc $RPM_OPT_FLAGS -I${RPM_BUILD_ROOT}%{_includedir} -c showciphers.c
#gcc -o showciphers showciphers.o -L${RPM_BUILD_ROOT}%{_libdir} -lssl -lcrypto
#LD_LIBRARY_PATH=${RPM_BUILD_ROOT}%{_libdir} ./showciphers > AVAILABLE_CIPHERS || true
#cat AVAILABLE_CIPHERS
# Do not install demo scripts executable under /usr/share/doc
find demos -type f -perm /111 -exec chmod 644 {} \;

# for now
rm -f ${RPM_BUILD_ROOT}/usr/lib/fips_premain*

# remove development stuff
rm -f ${RPM_BUILD_ROOT}/%{_libdir}/libssl.so
rm -f ${RPM_BUILD_ROOT}/%{_libdir}/libcrypto.so

# the hmac hashes:
#
# this is a hack that re-defines the __os_install_post macro
# for a simple reason: the macro strips the binaries and thereby
# invalidates a HMAC that may have been created earlier.
# solution: create the hashes _after_ the macro runs.
#
# this shows up earlier because otherwise the %expand of
# the macro is too late.
# remark: This is the same as running
#   openssl dgst -sha256 -hmac 'ppaksykemnsecgtsttplmamstKMEs'
%{expand:%%global __os_install_post {%__os_install_post

$RPM_BUILD_ROOT/usr/bin/fips_standalone_sha1 \
  $RPM_BUILD_ROOT/%{_libdir}/libssl.so.%{num_version} > \
    $RPM_BUILD_ROOT/%{_libdir}/.libssl.so.%{num_version}.hmac

$RPM_BUILD_ROOT/usr/bin/fips_standalone_sha1 \
  $RPM_BUILD_ROOT/%{_libdir}/libcrypto.so.%{num_version} > \
    $RPM_BUILD_ROOT/%{_libdir}/.libcrypto.so.%{num_version}.hmac

}}

%post -n libopenssl0_9_8 -p /sbin/ldconfig

%postun -n libopenssl0_9_8 -p /sbin/ldconfig

%files -n libopenssl0_9_8
%defattr(-, root, root)
%doc CHANGE* INSTAL*
%doc LICENSE NEWS README README.SuSE README-FIPS.txt
%{_libdir}/libssl.so.%{num_version}
%{_libdir}/libcrypto.so.%{num_version}
%{_libdir}/.libssl.so.%{num_version}.hmac
%{_libdir}/.libcrypto.so.%{num_version}.hmac
%{_bindir}/fips_standalone_sha1
%{_libdir}/engines098

%changelog