forked from rpms/openssl
Add workaround for EVP_PKEY_CTX_add1_hkdf_info with older providers
Resolves: RHEL-41261 Signed-off-by: Daiki Ueno <dueno@redhat.com>
This commit is contained in:
parent
1d9e9ba818
commit
9eb261ba85
@ -0,0 +1,33 @@
|
|||||||
|
From 34a709e89e0c43928d9353aca1fb0c82aaa7e6ab Mon Sep 17 00:00:00 2001
|
||||||
|
From: rpm-build <rpm-build>
|
||||||
|
Date: Wed, 12 Jun 2024 20:14:04 +0900
|
||||||
|
Subject: [PATCH] kdf: Preserve backward compatibility with older providers
|
||||||
|
|
||||||
|
Suggested in:
|
||||||
|
https://github.com/openssl/openssl/issues/24611#issuecomment-2162560293
|
||||||
|
---
|
||||||
|
crypto/evp/pmeth_lib.c | 7 ++++++-
|
||||||
|
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
|
||||||
|
index 015f756..e776ea5 100644
|
||||||
|
--- a/crypto/evp/pmeth_lib.c
|
||||||
|
+++ b/crypto/evp/pmeth_lib.c
|
||||||
|
@@ -1068,8 +1068,13 @@ static int evp_pkey_ctx_add1_octet_string(EVP_PKEY_CTX *ctx, int fallback,
|
||||||
|
os_params[0] = OSSL_PARAM_construct_octet_string(param, NULL, 0);
|
||||||
|
os_params[1] = OSSL_PARAM_construct_end();
|
||||||
|
|
||||||
|
- if (!EVP_PKEY_CTX_get_params(ctx, os_params))
|
||||||
|
+ if (!EVP_PKEY_CTX_get_params(ctx, os_params)) {
|
||||||
|
+ if (EVP_PKEY_CTX_gettable_params(ctx) == NULL) {
|
||||||
|
+ /* Older provider that doesn't support gettable parameters */
|
||||||
|
+ return evp_pkey_ctx_set1_octet_string(ctx, fallback, param, op, ctrl, data, datalen);
|
||||||
|
+ }
|
||||||
|
return 0;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/* Older provider that doesn't support getting this parameter */
|
||||||
|
if (os_params[0].return_size == OSSL_PARAM_UNMODIFIED)
|
||||||
|
--
|
||||||
|
2.45.1
|
||||||
|
|
@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
|
|||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 3.2.2
|
Version: 3.2.2
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Source: openssl-%{version}.tar.gz
|
Source: openssl-%{version}.tar.gz
|
||||||
Source2: Makefile.certificate
|
Source2: Makefile.certificate
|
||||||
@ -158,6 +158,8 @@ Patch116: 0116-version-aliasing.patch
|
|||||||
Patch117: 0117-ignore-unknown-sigalgorithms-groups.patch
|
Patch117: 0117-ignore-unknown-sigalgorithms-groups.patch
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2160797
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2160797
|
||||||
Patch121: 0121-FIPS-cms-defaults.patch
|
Patch121: 0121-FIPS-cms-defaults.patch
|
||||||
|
# HKDF regression with older provider implementations
|
||||||
|
Patch122: 0123-kdf-Preserve-backward-compatibility-with-older-provi.patch
|
||||||
|
|
||||||
License: Apache-2.0
|
License: Apache-2.0
|
||||||
URL: http://www.openssl.org/
|
URL: http://www.openssl.org/
|
||||||
@ -503,6 +505,10 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
|
|||||||
%ldconfig_scriptlets libs
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Jun 15 2024 Daiki Ueno <dueno@redhat.com> - 1:3.2.2-3
|
||||||
|
- Add workaround for EVP_PKEY_CTX_add1_hkdf_info with older providers
|
||||||
|
Resolves: RHEL-41261
|
||||||
|
|
||||||
* Wed Jun 12 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-2
|
* Wed Jun 12 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-2
|
||||||
- Build openssl with no-atexit
|
- Build openssl with no-atexit
|
||||||
Resolves: RHEL-40408
|
Resolves: RHEL-40408
|
||||||
|
Loading…
Reference in New Issue
Block a user