From f2a49ef424f831aac988356fc8b2b910e443dc42 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Fri, 25 Nov 2022 18:09:17 +0100
Subject: [PATCH] We should export 2 versions of OPENSSL_str[n]casecmp to be
 compatible with upstream

Resolves: rhbz#2133809
---
 0056-strcasecmp.patch | 54 +++++++++++++++++++++++++++++++++++++------
 openssl.spec          | 11 +++++++--
 2 files changed, 56 insertions(+), 9 deletions(-)

diff --git a/0056-strcasecmp.patch b/0056-strcasecmp.patch
index 5c33a76..8a005e6 100644
--- a/0056-strcasecmp.patch
+++ b/0056-strcasecmp.patch
@@ -1,14 +1,54 @@
 diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.num
 --- openssl-3.0.3/util/libcrypto.num.locale	2022-06-01 12:35:52.667498724 +0200
 +++ openssl-3.0.3/util/libcrypto.num	2022-06-01 12:36:08.112633093 +0200
-@@ -5425,8 +5425,8 @@ ASN1_item_d2i_ex
- ASN1_TIME_print_ex                      5553	3_0_0	EXIST::FUNCTION:
- EVP_PKEY_get0_provider                  5554	3_0_0	EXIST::FUNCTION:
+@@ -5425,6 +5425,8 @@ ASN1_item_d2i_ex
  EVP_PKEY_CTX_get0_provider              5555	3_0_0	EXIST::FUNCTION:
--OPENSSL_strcasecmp                      5556	3_0_3	EXIST::FUNCTION:
--OPENSSL_strncasecmp                     5557	3_0_3	EXIST::FUNCTION:
-+OPENSSL_strcasecmp                      5556	3_0_1	EXIST::FUNCTION:
-+OPENSSL_strncasecmp                     5557	3_0_1	EXIST::FUNCTION:
+ OPENSSL_strcasecmp                      5556	3_0_3	EXIST::FUNCTION:
+ OPENSSL_strncasecmp                     5557	3_0_3	EXIST::FUNCTION:
++OPENSSL_strcasecmp                      ?	3_0_1	EXIST::FUNCTION:
++OPENSSL_strncasecmp                     ? 	3_0_1	EXIST::FUNCTION:
  ossl_safe_getenv                        ?	3_0_0	EXIST::FUNCTION:
  ossl_ctx_legacy_digest_signatures_allowed ?	3_0_1	EXIST::FUNCTION:
  ossl_ctx_legacy_digest_signatures_allowed_set ?	3_0_1	EXIST::FUNCTION:
+diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c
+--- openssl-3.0.7/crypto/o_str.c.cmp	2022-11-25 12:50:22.449760653 +0100
++++ openssl-3.0.7/crypto/o_str.c	2022-11-25 12:51:19.416350584 +0100
+@@ -342,7 +342,12 @@ int openssl_strerror_r(int errnum, char
+ #endif
+ }
+ 
+-int OPENSSL_strcasecmp(const char *s1, const char *s2)
++int
++#ifndef FIPS_MODULE
++__attribute__ ((symver ("OPENSSL_strcasecmp@@OPENSSL_3.0.3"),
++                    symver ("OPENSSL_strcasecmp@OPENSSL_3.0.1")))
++#endif
++OPENSSL_strcasecmp(const char *s1, const char *s2)
+ {
+     int t;
+ 
+@@ -352,7 +354,12 @@ int OPENSSL_strcasecmp(const char *s1, c
+     return t;
+ }
+ 
+-int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n)
++int
++#ifndef FIPS_MODULE
++__attribute__ ((symver ("OPENSSL_strncasecmp@@OPENSSL_3.0.3"),
++                    symver ("OPENSSL_strncasecmp@OPENSSL_3.0.1")))
++#endif
++OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n)
+ {
+     int t;
+     size_t i;
+diff -up openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp openssl-3.0.7/test/recipes/01-test_symbol_presence.t
+--- openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp	2022-11-25 18:19:05.669769076 +0100
++++ openssl-3.0.7/test/recipes/01-test_symbol_presence.t	2022-11-25 18:31:20.993392678 +0100
+@@ -77,6 +80,7 @@ foreach my $libname (@libnames) {
+                 s| .*||;
+                 # Drop OpenSSL dynamic version information if there is any
+                 s|\@\@.+$||;
++                s|\@.+$||;
+                 # Return the result
+                 $_
+             }
diff --git a/openssl.spec b/openssl.spec
index 012261c..912c32c 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -96,7 +96,11 @@ Patch50: 0050-FIPS-enable-pkcs12-mac.patch
 Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch
 # Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
 Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
-# https://github.com/openssl/openssl/pull/18103
+# Originally from https://github.com/openssl/openssl/pull/18103
+# As we rebased to 3.0.7 and used the version of the function
+# not matching the upstream one, we have to use aliasing.
+# When we eliminate this patch, the `-Wl,--allow-multiple-definition`
+# should also be removed
 Patch56: 0056-strcasecmp.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2053289
 Patch58: 0058-FIPS-limit-rsa-encrypt.patch
@@ -288,7 +292,8 @@ export HASHBANGPERL=/usr/bin/perl
 	zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
 	enable-cms enable-md2 enable-rc5 enable-ktls enable-fips\
 	no-mdc2 no-ec2m no-sm2 no-sm4 enable-buildtest-c++\
-	shared  ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'
+	shared  ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'\
+	-Wl,--allow-multiple-definition
 
 # Do not run this in a production package the FIPS symbols must be patched-in
 #util/mkdef.pl crypto update
@@ -478,6 +483,8 @@ install -m644 %{SOURCE9} \
 * Thu Nov 24 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-2
 - Various provider-related imrovements necessary for PKCS#11 provider correct operations
   Resolves: rhbz#2142517
+- We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream
+  Resolves: rhbz#2133809
 
 * Tue Nov 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-1
 - Rebasing to OpenSSL 3.0.7