import openssl-3.0.1-23.el9_0

This commit is contained in:
CentOS Sources 2022-05-17 18:34:48 -04:00 committed by Stepan Oksanichenko
parent 701577a00f
commit 892b3c8109
4 changed files with 2425 additions and 1 deletions

View File

@ -0,0 +1,23 @@
diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c
index e1da724bd2f4..2bee5ef19447 100644
--- a/crypto/core_namemap.c
+++ b/crypto/core_namemap.c
@@ -409,14 +409,16 @@ static void get_legacy_cipher_names(const OBJ_NAME *on, void *arg)
{
const EVP_CIPHER *cipher = (void *)OBJ_NAME_get(on->name, on->type);
- get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg);
+ if (cipher != NULL)
+ get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg);
}
static void get_legacy_md_names(const OBJ_NAME *on, void *arg)
{
const EVP_MD *md = (void *)OBJ_NAME_get(on->name, on->type);
- get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
+ if (md != NULL)
+ get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
}
static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth,

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,104 @@
From 68f23e3725d9639f5b27d868fee291cabb516677 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <beldmit@gmail.com>
Date: Fri, 22 Apr 2022 18:16:56 +0200
Subject: [PATCH 1/2] Ensure we initialized the locale before
evp_pkey_name2type
Fixes #18158
---
crypto/evp/pmeth_lib.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 2b9c6c2351da..92d25de44532 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -27,6 +27,7 @@
#ifndef FIPS_MODULE
# include "crypto/asn1.h"
#endif
+#include "crypto/ctype.h"
#include "crypto/evp.h"
#include "crypto/dh.h"
#include "crypto/ec.h"
@@ -199,6 +200,7 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx,
}
#ifndef FIPS_MODULE
if (keytype != NULL) {
+ ossl_init_casecmp();
id = evp_pkey_name2type(keytype);
if (id == NID_undef)
id = -1;
From 51c7b2d9c30b72aeb7e8eb69799dc039d5b23e58 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <beldmit@gmail.com>
Date: Fri, 22 Apr 2022 19:26:08 +0200
Subject: [PATCH 2/2] Testing the EVP_PKEY_CTX_new_from_name without
preliminary init
---
test/build.info | 6 +++++-
test/evp_pkey_ctx_new_from_name.c | 14 ++++++++++++++
test/recipes/02-test_localetest.t | 4 +++-
3 files changed, 22 insertions(+), 2 deletions(-)
create mode 100644 test/evp_pkey_ctx_new_from_name.c
diff --git a/test/build.info b/test/build.info
index 14a84f00a258..ee059973d31a 100644
--- a/test/build.info
+++ b/test/build.info
@@ -37,7 +37,7 @@ IF[{- !$disabled{tests} -}]
sanitytest rsa_complex exdatatest bntest \
ecstresstest gmdifftest pbelutest \
destest mdc2test sha_test \
- exptest pbetest localetest \
+ exptest pbetest localetest evp_pkey_ctx_new_from_name\
evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \
evp_fetch_prov_test evp_libctx_test ossl_store_test \
v3nametest v3ext \
@@ -139,6 +139,10 @@ IF[{- !$disabled{tests} -}]
INCLUDE[localetest]=../include ../apps/include
DEPEND[localetest]=../libcrypto libtestutil.a
+ SOURCE[evp_pkey_ctx_new_from_name]=evp_pkey_ctx_new_from_name.c
+ INCLUDE[evp_pkey_ctx_new_from_name]=../include ../apps/include
+ DEPEND[evp_pkey_ctx_new_from_name]=../libcrypto
+
SOURCE[pbetest]=pbetest.c
INCLUDE[pbetest]=../include ../apps/include
DEPEND[pbetest]=../libcrypto libtestutil.a
diff --git a/test/evp_pkey_ctx_new_from_name.c b/test/evp_pkey_ctx_new_from_name.c
new file mode 100644
index 000000000000..24063ea05ea5
--- /dev/null
+++ b/test/evp_pkey_ctx_new_from_name.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <openssl/ec.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+
+int main(int argc, char *argv[])
+{
+ EVP_PKEY_CTX *pctx = NULL;
+
+ pctx = EVP_PKEY_CTX_new_from_name(NULL, "NO_SUCH_ALGORITHM", NULL);
+ EVP_PKEY_CTX_free(pctx);
+
+ return 0;
+}
diff --git a/test/recipes/02-test_localetest.t b/test/recipes/02-test_localetest.t
index 1bccd57d4c63..77fba7d819ab 100644
--- a/test/recipes/02-test_localetest.t
+++ b/test/recipes/02-test_localetest.t
@@ -15,7 +15,9 @@ setup("locale tests");
plan skip_all => "Locale tests not available on Windows or VMS"
if $^O =~ /^(VMS|MSWin32)$/;
-plan tests => 2;
+plan tests => 3;
+
+ok(run(test(["evp_pkey_ctx_new_from_name"])), "running evp_pkey_ctx_new_from_name without explicit context init");
$ENV{LANG} = "C";
ok(run(test(["localetest"])), "running localetest");

View File

@ -15,7 +15,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 3.0.1 Version: 3.0.1
Release: 20%{?dist} Release: 23%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -86,6 +86,12 @@ Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch
Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
# CVE 2022-0778 # CVE 2022-0778
Patch53: 0053-CVE-2022-0778.patch Patch53: 0053-CVE-2022-0778.patch
# https://github.com/openssl/openssl/pull/17324
Patch55: 0055-nonlegacy-fetch-null-deref.patch
# https://github.com/openssl/openssl/pull/18103
Patch56: 0056-strcasecmp.patch
# https://github.com/openssl/openssl/pull/18175
Patch57: 0057-strcasecmp-fix.patch
License: ASL 2.0 License: ASL 2.0
URL: http://www.openssl.org/ URL: http://www.openssl.org/
@ -416,6 +422,18 @@ install -m644 %{SOURCE9} \
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%changelog %changelog
* Tue Apr 26 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-23
- Update missing initialization patch with feedback from upstream
Resolves: rhbz#2076654
* Fri Apr 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-22
- Invocation of the missing initialization
- Resolves: rhbz#2076654
* Wed Apr 20 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-21
- Fix openssl curl error with LANG=tr_TR.utf8
- Resolves: rhbz#2076654
* Fri Mar 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-20 * Fri Mar 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-20
- Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when - Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when
no OpenSSL library context is set no OpenSSL library context is set