rpms/openswan/devel openswan-2.6.21-nss.patch,1.2,1.3

[avesh agarwal]

Author: avesh

Update of /cvs/pkgs/rpms/openswan/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13344

Modified Files:
	openswan-2.6.21-nss.patch 
Log Message:
* Tue Apr 14 2009 Avesh Agarwal <avagarwa at redhat.com> - 2.6.21-4
- Updated the Openswan-NSS porting to enable nss and fipscheck by default
- fipscheck requires fipscheck-devel library


openswan-2.6.21-nss.patch:

Index: openswan-2.6.21-nss.patch
===================================================================
RCS file: /cvs/pkgs/rpms/openswan/devel/openswan-2.6.21-nss.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- openswan-2.6.21-nss.patch	14 Apr 2009 19:47:16 -0000	1.2
+++ openswan-2.6.21-nss.patch	14 Apr 2009 20:29:09 -0000	1.3
@@ -4601,20 +4601,19 @@
  				    , wire_chunk_t *new
 diff -urNp openswan-2.6.21-orig/programs/pluto/plutomain.c openswan-2.6.21/programs/pluto/plutomain.c
 --- openswan-2.6.21-orig/programs/pluto/plutomain.c	2009-03-30 09:11:28.000000000 -0400
-+++ openswan-2.6.21/programs/pluto/plutomain.c	2009-04-14 13:05:03.000000000 -0400
-@@ -93,6 +93,11 @@
++++ openswan-2.6.21/programs/pluto/plutomain.c	2009-04-14 16:20:09.000000000 -0400
+@@ -93,6 +93,10 @@
  
  #ifdef HAVE_LIBNSS
  #include <nss.h>
 +#include <nspr.h>
 +#ifdef FIPS_CHECK
-+#include <openssl/fips.h>
 +#include <fipscheck.h>
 +#endif
  #endif
  
  const char *ctlbase = "/var/run/pluto";
-@@ -752,11 +757,43 @@ main(int argc, char **argv)
+@@ -752,11 +756,43 @@ main(int argc, char **argv)
      init_constants();
      pluto_init_log();
  
@@ -4658,7 +4657,7 @@
          const char *v = init_pluto_vendorid();
  	const char *vc = ipsec_version_code();
  
-@@ -781,6 +818,11 @@ main(int argc, char **argv)
+@@ -781,6 +817,11 @@ main(int argc, char **argv)
  	     */
  	    openswan_log("@(#) built on "__DATE__":" __TIME__ " by " BUILDER);
  	}
@@ -4670,7 +4669,7 @@
  
  #if defined(USE_1DES)
  	openswan_log("WARNING: 1DES is enabled");
-@@ -797,16 +839,6 @@ main(int argc, char **argv)
+@@ -797,16 +838,6 @@ main(int argc, char **argv)
      init_nat_traversal(nat_traversal, keep_alive, force_keepalive, nat_t_spf);
  #endif
  
@@ -4687,7 +4686,7 @@
      init_virtual_ip(virtual_private);
      init_rnd_pool();
      init_timer();
-@@ -843,6 +875,11 @@ main(int argc, char **argv)
+@@ -843,6 +874,11 @@ main(int argc, char **argv)
      /* loading attribute certificates (experimental) */
      load_acerts();
  
@@ -4973,8 +4972,8 @@
  <citerefentry><refentrytitle>gethostname</refentrytitle><manvolnum>2</manvolnum></citerefentry>
 diff -urNp openswan-2.6.21-orig/programs/rsasigkey/rsasigkey.c openswan-2.6.21/programs/rsasigkey/rsasigkey.c
 --- openswan-2.6.21-orig/programs/rsasigkey/rsasigkey.c	2009-03-30 09:11:28.000000000 -0400
-+++ openswan-2.6.21/programs/rsasigkey/rsasigkey.c	2009-04-02 14:49:47.000000000 -0400
-@@ -29,9 +29,35 @@
++++ openswan-2.6.21/programs/rsasigkey/rsasigkey.c	2009-04-14 16:20:24.000000000 -0400
+@@ -29,9 +29,34 @@
  #include <getopt.h>
  #include <openswan.h>
  #include <gmp.h>
@@ -4999,7 +4998,6 @@
 +#include "oswconf.h"
 +
 +#ifdef FIPS_CHECK
-+#include <openssl/fips.h>
 +#include <fipscheck.h>
 +#endif
 +
@@ -5011,7 +5009,7 @@
   * /dev/random device is ONLY used for generating long term keys, which
   * should NEVER be done with /dev/urandom. If people use X.509, PSK or
   * even raw RSA keys generated on other systems, changing this will have
-@@ -47,8 +73,13 @@
+@@ -47,8 +72,13 @@
  /* the code in getoldkey() knows about this */
  #define	E	3		/* standard public exponent */
  
@@ -5025,7 +5023,7 @@
  struct option opts[] = {
    {"verbose",	0,	NULL,	'v',},
    {"random",	1,	NULL,	'r',},
-@@ -58,6 +89,10 @@ struct option opts[] = {
+@@ -58,6 +88,10 @@ struct option opts[] = {
    {"noopt",	0,	NULL,	'n',},
    {"help",		0,	NULL,	'h',},
    {"version",	0,	NULL,	'V',},
@@ -5036,7 +5034,7 @@
    {0,		0,	NULL,	0,}
  };
  int verbose = 0;		/* narrate the action? */
-@@ -72,7 +107,11 @@ char me[] = "ipsec rsasigkey";	/* for me
+@@ -72,7 +106,11 @@ char me[] = "ipsec rsasigkey";	/* for me
  
  /* forwards */
  int getoldkey(char *filename);
@@ -5048,7 +5046,7 @@
  void initprime(mpz_t var, int nbits, int eval);
  void initrandom(mpz_t var, int nbits);
  void getrandom(size_t nbytes, unsigned char *buf);
-@@ -81,6 +120,192 @@ char *conv(unsigned char *bits, size_t n
+@@ -81,6 +119,192 @@ char *conv(unsigned char *bits, size_t n
  char *hexout(mpz_t var);
  void report(char *msg);
  
@@ -5241,7 +5239,7 @@
  /*
   - main - mostly argument parsing
   */
-@@ -93,6 +318,10 @@ int main(int argc, char *argv[])
+@@ -93,6 +317,10 @@ int main(int argc, char *argv[])
  	int i;
  	int nbits;
  	char *oldkeyfile = NULL;
@@ -5252,7 +5250,7 @@
  
  	while ((opt = getopt_long(argc, argv, "", opts, NULL)) != EOF)
  		switch (opt) {
-@@ -120,25 +349,42 @@ int main(int argc, char *argv[])
+@@ -120,25 +348,42 @@ int main(int argc, char *argv[])
  			break;
  		case 'h':	/* help */
  			printf("Usage:\t%s\n", usage);
@@ -5295,7 +5293,7 @@
  
  	if (outputhostname[0] == '\0') {
  		i = gethostname(outputhostname, sizeof(outputhostname));
-@@ -169,7 +415,11 @@ int main(int argc, char *argv[])
+@@ -169,7 +414,11 @@ int main(int argc, char *argv[])
  		exit(1);
  	}
  
@@ -5307,7 +5305,7 @@
  	exit(0);
  }
  
-@@ -280,6 +530,145 @@ char *filename;
+@@ -280,6 +529,145 @@ char *filename;
   * keys were to be used for encryption, but for signatures there are some
   * real speed advantages.
   */
@@ -5453,7 +5451,7 @@
  void
  rsasigkey(nbits, useoldkey)
  int nbits;
-@@ -376,6 +765,9 @@ int useoldkey;			/* take primes from old
+@@ -376,6 +764,9 @@ int useoldkey;			/* take primes from old
  	printf("\tCoefficient: %s\n", hexout(coeff));
  }
  
@@ -5463,7 +5461,7 @@
  /*
   - initprime - initialize an mpz_t to a random prime of specified size
   * Efficiency tweak:  we reject candidates that are 1 higher than a multiple
-@@ -442,6 +834,7 @@ int nbits;			/* known to be a multiple o
+@@ -442,6 +833,7 @@ int nbits;			/* known to be a multiple o
  		exit(1);
  	}
  }