Rebase to upstream version 3.1.4

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2023-10-26 12:29:21 +02:00 · 2023-10-26 12:29:21 +02:00 · e331fc1326
commit e331fc1326
parent 5c67b5adc3
7 changed files with 66 additions and 55 deletions
--- a/.gitignore
+++ b/.gitignore
@ -59,3 +59,4 @@ openssl-1.0.0a-usa.tar.bz2
 /openssl-3.0.8-hobbled.tar.gz
 /openssl-3.0.8.tar.gz
 /openssl-3.1.1.tar.gz
+/openssl-3.1.4.tar.gz
--- a/0003-Do-not-install-html-docs.patch
+++ b/0003-Do-not-install-html-docs.patch
@ -1,18 +1,22 @@
-From 3d5755df8d09ca841c0aca2d7344db060f6cc97f Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tmraz@fedoraproject.org>
-Date: Thu, 24 Sep 2020 09:05:55 +0200
-Subject: Do not install html docs
+From a3e7963320ba44e96a60b389fccb8e1cccc30674 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Thu, 19 Oct 2023 13:12:39 +0200
+Subject: [PATCH 03/46] 0003-Do-not-install-html-docs.patch

-(was openssl-1.1.1-no-html.patch)
+Patch-name: 0003-Do-not-install-html-docs.patch
+Patch-id: 3
+Patch-status: |
+    # # Do not install html docs
+From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911
 ---
 Configurations/unix-Makefile.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
-index 342e46d24d..9f369edf0e 100644
+index a48fae5fb8..56b42926e7 100644
 --- a/Configurations/unix-Makefile.tmpl
 +++ b/Configurations/unix-Makefile.tmpl
-@@ -554,7 +554,7 @@ install_sw: install_dev install_engines install_modules install_runtime
+@@ -611,7 +611,7 @@ install_sw: install_dev install_engines install_modules install_runtime
 
 uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev
 
@ -20,7 +24,7 @@ index 342e46d24d..9f369edf0e 100644
 +install_docs: install_man_docs
 
 uninstall_docs: uninstall_man_docs uninstall_html_docs
- 	$(RM) -r $(DESTDIR)$(DOCDIR)
+ 	$(RM) -r "$(DESTDIR)$(DOCDIR)"
 -- 
-2.26.2
+2.41.0

--- a/0033-FIPS-embed-hmac.patch
+++ b/0033-FIPS-embed-hmac.patch
@ -1,13 +1,13 @@
-From ed02a8b9e767224dc7512a4a176e4aae045b3573 Mon Sep 17 00:00:00 2001
+From e364a858262c8f563954544cc81e66f1b3b8db8c Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
-Date: Mon, 31 Jul 2023 09:41:28 +0200
+Date: Thu, 19 Oct 2023 13:12:40 +0200
 Subject: [PATCH 16/46] 0033-FIPS-embed-hmac.patch

 Patch-name: 0033-FIPS-embed-hmac.patch
 Patch-id: 33
 Patch-status: |
-    # Embed HMAC into the fips.so
-From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
+    # # Embed HMAC into the fips.so
+From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911
 ---
 providers/fips/self_test.c            | 70 ++++++++++++++++++++++++---
 test/fipsmodule.cnf                   |  2 +
@ -21,10 +21,10 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
 create mode 100644 test/fipsmodule.cnf

 diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
-index 10804d9f59..5e418a2c11 100644
+index b8dc9817b2..e3a629018a 100644
 --- a/providers/fips/self_test.c
 +++ b/providers/fips/self_test.c
-@@ -231,11 +231,27 @@ err:
+@@ -230,11 +230,27 @@ err:
     return ok;
 }
 
@ -52,7 +52,7 @@ index 10804d9f59..5e418a2c11 100644
 static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
                             unsigned char *expected, size_t expected_len,
                             OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
-@@ -248,12 +264,23 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
+@@ -247,12 +263,23 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
     EVP_MAC *mac = NULL;
     EVP_MAC_CTX *ctx = NULL;
     OSSL_PARAM params[2], *p = params;
@ -76,7 +76,7 @@ index 10804d9f59..5e418a2c11 100644
     mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
     if (mac == NULL)
         goto err;
-@@ -267,13 +294,42 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
+@@ -266,13 +293,42 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
     if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params))
         goto err;
 
@ -121,7 +121,7 @@ index 10804d9f59..5e418a2c11 100644
     if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out)))
         goto err;
 
-@@ -283,6 +339,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
+@@ -282,6 +338,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
         goto err;
     ret = 1;
 err:
@ -129,8 +129,8 @@ index 10804d9f59..5e418a2c11 100644
     OSSL_SELF_TEST_onend(ev, ret);
     EVP_MAC_CTX_free(ctx);
     EVP_MAC_free(mac);
-@@ -349,8 +406,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
-         CRYPTO_THREAD_unlock(fips_state_lock);
+@@ -335,8 +392,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+         return 0;
     }
 
 -    if (st == NULL
@ -139,7 +139,7 @@ index 10804d9f59..5e418a2c11 100644
         ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
         goto end;
     }
-@@ -359,8 +415,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+@@ -345,8 +401,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
     if (ev == NULL)
         goto end;
 
@ -151,7 +151,7 @@ index 10804d9f59..5e418a2c11 100644
     if (module_checksum == NULL) {
         ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
         goto end;
-@@ -434,7 +491,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+@@ -420,7 +477,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
 end:
     EVP_RAND_free(testrand);
     OSSL_SELF_TEST_free(ev);
@ -207,12 +207,12 @@ index b8b136d110..8242f4ebc3 100644
 # Compatible options for pedantic FIPS compliance
 my @pedantic_okay =
 diff --git a/test/recipes/30-test_defltfips.t b/test/recipes/30-test_defltfips.t
-index 426bd660d1..6dc514936b 100644
+index c8f145405b..56a2ec5dc4 100644
 --- a/test/recipes/30-test_defltfips.t
 +++ b/test/recipes/30-test_defltfips.t
-@@ -21,7 +21,7 @@ BEGIN {
- use lib srctop_dir('Configurations');
- use lib bldtop_dir('.');
+@@ -24,7 +24,7 @@ use lib bldtop_dir('.');
+ plan skip_all => "Configuration loading is turned off"
+     if disabled("autoload-config");
 
 -my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
 +my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0);
--- a/0047-FIPS-early-KATS.patch
+++ b/0047-FIPS-early-KATS.patch
@ -1,22 +1,22 @@
-From 0242c0317b7c7874148c456aaab1e8eeb156d7c1 Mon Sep 17 00:00:00 2001
+From ba6e65e2f7e7fe8d9cd62e1e7e345bc41dda424f Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
-Date: Mon, 31 Jul 2023 09:41:28 +0200
-Subject: [PATCH 22/35] 0047-FIPS-early-KATS.patch
+Date: Thu, 19 Oct 2023 13:12:40 +0200
+Subject: [PATCH 21/46] 0047-FIPS-early-KATS.patch

 Patch-name: 0047-FIPS-early-KATS.patch
 Patch-id: 47
 Patch-status: |
-    # Execute KATS before HMAC verification
-From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
+    # # Execute KATS before HMAC verification
+From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911
 ---
 providers/fips/self_test.c | 22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)

 diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
-index ef56002854..062d9df84a 100644
+index e3a629018a..3c09bd8638 100644
 --- a/providers/fips/self_test.c
 +++ b/providers/fips/self_test.c
-@@ -414,6 +414,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+@@ -401,6 +401,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
     if (ev == NULL)
         goto end;
 
@ -33,7 +33,7 @@ index ef56002854..062d9df84a 100644
     module_checksum = fips_hmac_container;
     checksum_len = sizeof(fips_hmac_container);
 
-@@ -464,18 +474,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+@@ -451,18 +461,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
         }
     }
 
@ -50,8 +50,8 @@ index ef56002854..062d9df84a 100644
 -    }
 -
     /* Verify that the RNG has been restored properly */
-     testrand = EVP_RAND_fetch(st->libctx, "TEST-RAND", NULL);
-     if (testrand == NULL
+     rng = ossl_rand_get0_private_noncreating(st->libctx);
+     if (rng != NULL)
 -- 
 2.41.0

--- a/0079-RSA-PKCS15-implicit-rejection.patch
+++ b/0079-RSA-PKCS15-implicit-rejection.patch
@ -1,13 +1,13 @@
-From a0d7a92474123c1fb11e13491d2d37f6c43321b0 Mon Sep 17 00:00:00 2001
+From a4ca1cac6b38efe0de1d8afb506cea29f8c60aec Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
-Date: Mon, 31 Jul 2023 09:41:29 +0200
-Subject: [PATCH 35/48] 0079-RSA-PKCS15-implicit-rejection.patch
+Date: Thu, 19 Oct 2023 13:12:41 +0200
+Subject: [PATCH 34/46] 0079-RSA-PKCS15-implicit-rejection.patch

 Patch-name: 0079-RSA-PKCS15-implicit-rejection.patch
 Patch-id: 79
 Patch-status: |
-    # https://github.com/openssl/openssl/pull/13817
-From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
+    # # https://github.com/openssl/openssl/pull/13817
+From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911
 ---
 crypto/cms/cms_env.c                          |   7 +
 crypto/evp/ctrl_params_translate.c            |   6 +
@ -30,10 +30,10 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
 18 files changed, 962 insertions(+), 8 deletions(-)

 diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
-index 3105d37726..58d44e1940 100644
+index 99cf1dcb39..730f638969 100644
 --- a/crypto/cms/cms_env.c
 +++ b/crypto/cms/cms_env.c
-@@ -571,6 +571,13 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
+@@ -590,6 +590,13 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
     if (!ossl_cms_env_asn1_ctrl(ri, 1))
         goto err;
 
@ -48,12 +48,12 @@ index 3105d37726..58d44e1940 100644
                          ktri->encryptedKey->data,
                          ktri->encryptedKey->length) <= 0)
 diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
-index d6f8a10840..51f9a2da57 100644
+index 80947b0932..b10ba41e85 100644
 --- a/crypto/evp/ctrl_params_translate.c
 +++ b/crypto/evp/ctrl_params_translate.c
-@@ -2256,6 +2256,12 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
+@@ -2265,6 +2265,12 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
       EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, NULL, NULL,
-       OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_STRING, NULL },
+       OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_PTR, NULL },
 
 +    { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT,
 +      EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION, NULL,
@ -515,7 +515,7 @@ index 51507fc030..5cd2b26879 100644
  * ossl_rsa_padding_check_PKCS1_type_2_TLS() checks and removes the PKCS1 type 2
  * padding from a decrypted RSA message in a TLS signature. The result is stored
 diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
-index 44c819a5c3..6556a9ad28 100644
+index 0bf5ac098a..81b031f81b 100644
 --- a/crypto/rsa/rsa_pmeth.c
 +++ b/crypto/rsa/rsa_pmeth.c
@@ -52,6 +52,8 @@ typedef struct {
@ -565,7 +565,7 @@ index 44c819a5c3..6556a9ad28 100644
     }
     *outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret);
     ret = constant_time_select_int(constant_time_msb(ret), ret, 1);
-@@ -587,6 +597,14 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+@@ -591,6 +601,14 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         *(unsigned char **)p2 = rctx->oaep_label;
         return rctx->oaep_labellen;
 
@ -614,7 +614,7 @@ index b0054ead66..dd87829798 100644
 
 =head1 RSA-PSS ALGORITHM
 diff --git a/doc/man1/openssl-rsautl.pod.in b/doc/man1/openssl-rsautl.pod.in
-index 186e49e5e4..eab34979de 100644
+index 0a32fd965b..4c462abc8c 100644
 --- a/doc/man1/openssl-rsautl.pod.in
 +++ b/doc/man1/openssl-rsautl.pod.in
@@ -105,6 +105,11 @@ The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
@ -762,10 +762,10 @@ index 949873d0ee..f267e5d9d1 100644
                                             size_t tlen,
                                             const unsigned char *from,
 diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
-index b431b9f871..f185bc9342 100644
+index 6248dda659..300d1129a4 100644
 --- a/include/openssl/core_names.h
 +++ b/include/openssl/core_names.h
-@@ -296,6 +296,7 @@ extern "C" {
+@@ -297,6 +297,7 @@ extern "C" {
 #define OSSL_PKEY_PARAM_DIST_ID             "distid"
 #define OSSL_PKEY_PARAM_PUB_KEY             "pub"
 #define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
@ -773,7 +773,7 @@ index b431b9f871..f185bc9342 100644
 
 /* Diffie-Hellman/DSA Parameters */
 #define OSSL_PKEY_PARAM_FFC_P               "p"
-@@ -472,6 +473,7 @@ extern "C" {
+@@ -473,6 +474,7 @@ extern "C" {
 #define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
 #define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
 #define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
--- a/openssl.spec
+++ b/openssl.spec
@ -28,8 +28,8 @@ print(string.sub(hash, 0, 16))

 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
-Version: 3.1.1
-Release: 4%{?dist}
+Version: 3.1.4
+Release: 1%{?dist}
 Epoch: 1
 Source: openssl-%{version}.tar.gz
 Source2: Makefile.certificate
@ -478,6 +478,12 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs

 %changelog
+* Thu Oct 26 2023 Sahana Prasad <sahana@redhat.com> - 1:3.1.4-1
+- Rebase to upstream version 3.1.4
+
+* Thu Oct 19 2023 Sahana Prasad <sahana@redhat.com> - 1:3.1.3-1
+- Rebase to upstream version 3.1.3
+
 * Thu Aug 31 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.1.1-4
 - Drop duplicated patch and do some contamination

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (openssl-3.1.1.tar.gz) = 8ba9dd6ab87451e126c19cc106ccd1643ca48667d6c37504d0ab98205fbccf855fd0db54474b4113c4c3a15215a4ef77a039fb897a69f71bcab2054b2effd1d9
+SHA512 (openssl-3.1.4.tar.gz) = 4cd204b934cf3250dad985438d7ffd98e17f5d79086b379a0022d92c66e340b0b3a0357aaf606004d7f50cfc4c8964ac34c45d7cb0735cfa68f4fec65bd9d18f