From e50fa6f06b5f0fe357ab9ae8fa80667fe51bb3ff Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Mon, 8 Aug 2022 11:27:27 +0200 Subject: [PATCH] Use final upstream patches to unbreak ipa (#2115865) --- openssl-pkcs11-ossl3.patch | 159 ++++++++++++++++++++++++++++++++++++- openssl-pkcs11.spec | 3 +- 2 files changed, 158 insertions(+), 4 deletions(-) diff --git a/openssl-pkcs11-ossl3.patch b/openssl-pkcs11-ossl3.patch index 8c45da5..87ec6dc 100644 --- a/openssl-pkcs11-ossl3.patch +++ b/openssl-pkcs11-ossl3.patch @@ -1,8 +1,8 @@ From 6efcf3c52db1857aaa18741a509741519b0c5775 Mon Sep 17 00:00:00 2001 From: Doug Engert Date: Fri, 29 Jul 2022 17:54:42 -0500 -Subject: [PATCH] Deffer initializing crypto routines in PKCS11 engine until - needed +Subject: [PATCH 1/3] Deffer initializing crypto routines in PKCS11 engine + until needed Fixes:#456 @@ -25,7 +25,7 @@ the command line. 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/src/eng_front.c b/src/eng_front.c -index 3a3c891..bfc3502 100644 +index 3a3c8910..bfc35025 100644 --- a/src/eng_front.c +++ b/src/eng_front.c @@ -82,6 +82,8 @@ static const ENGINE_CMD_DEFN engine_cmd_defns[] = { @@ -94,3 +94,156 @@ index 3a3c891..bfc3502 100644 } } +From d06388774ca3846c61354835fc0fef34013db91e Mon Sep 17 00:00:00 2001 +From: Doug Engert +Date: Tue, 2 Aug 2022 19:36:02 -0500 +Subject: [PATCH 2/3] Suggested changes + +rename bind_helper2 to bind_helper_methods + +remove blank line + + On branch deffer_init_crypto + Changes to be committed: + modified: eng_front.c +--- + src/eng_front.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/src/eng_front.c b/src/eng_front.c +index bfc35025..556b170e 100644 +--- a/src/eng_front.c ++++ b/src/eng_front.c +@@ -82,7 +82,7 @@ static const ENGINE_CMD_DEFN engine_cmd_defns[] = { + {0, NULL, NULL, 0} + }; + +-static int bind_helper2(ENGINE *e); ++static int bind_helper_methods(ENGINE *e); + + static ENGINE_CTX *get_ctx(ENGINE *engine) + { +@@ -176,7 +176,7 @@ static EVP_PKEY *load_pubkey(ENGINE *engine, const char *s_key_id, + ctx = get_ctx(engine); + if (!ctx) + return 0; +- bind_helper2(engine); ++ bind_helper_methods(engine); + return ctx_load_pubkey(ctx, s_key_id, ui_method, callback_data); + } + +@@ -189,7 +189,7 @@ static EVP_PKEY *load_privkey(ENGINE *engine, const char *s_key_id, + ctx = get_ctx(engine); + if (!ctx) + return 0; +- bind_helper2(engine); ++ bind_helper_methods(engine); + pkey = ctx_load_privkey(ctx, s_key_id, ui_method, callback_data); + #ifdef EVP_F_EVP_PKEY_SET1_ENGINE + /* EVP_PKEY_set1_engine() is required for OpenSSL 1.1.x, +@@ -223,7 +223,6 @@ static int bind_helper(ENGINE *e) + !ENGINE_set_ctrl_function(e, engine_ctrl) || + !ENGINE_set_cmd_defns(e, engine_cmd_defns) || + !ENGINE_set_name(e, PKCS11_ENGINE_NAME) || +- + !ENGINE_set_load_pubkey_function(e, load_pubkey) || + !ENGINE_set_load_privkey_function(e, load_privkey)) { + return 0; +@@ -239,7 +238,7 @@ static int bind_helper(ENGINE *e) + * only add engine routines after a call to load keys + */ + +-static int bind_helper2(ENGINE *e) ++static int bind_helper_methods(ENGINE *e) + { + if ( + #ifndef OPENSSL_NO_RSA + +From 83c0091f5b07cf2be8036974695873fa82cf76e8 Mon Sep 17 00:00:00 2001 +From: Doug Engert +Date: Fri, 5 Aug 2022 20:47:24 -0500 +Subject: [PATCH 3/3] Fix test for $OSTYPE in test scripts + +$OSTYPE varies by shell and OS. Replace "if" by case. + + On branch deffer_init_crypto + Changes to be committed: + modified: pkcs11-uri-without-token.softhsm + modified: search-all-matching-tokens.softhsm +--- + tests/pkcs11-uri-without-token.softhsm | 13 ++++++++----- + tests/search-all-matching-tokens.softhsm | 14 +++++++++----- + 2 files changed, 17 insertions(+), 10 deletions(-) + +diff --git a/tests/pkcs11-uri-without-token.softhsm b/tests/pkcs11-uri-without-token.softhsm +index 8833fa8b..da95ebfe 100755 +--- a/tests/pkcs11-uri-without-token.softhsm ++++ b/tests/pkcs11-uri-without-token.softhsm +@@ -29,11 +29,14 @@ common_init + + echo "Detected system: ${OSTYPE}" + +-if [[ "${OSTYPE}" == "darwin"* ]]; then +- SHARED_EXT=.dylib +-else +- SHARED_EXT=.so +-fi ++case "${OSTYPE}" in ++ darwin* ) ++ SHARED_EXT=.dylib ++ ;; ++ *) ++ SHARED_EXT=.so ++ ;; ++esac + + sed -e "s|@MODULE_PATH@|${MODULE}|g" -e \ + "s|@ENGINE_PATH@|../src/.libs/pkcs11${SHARED_EXT}|g" \ +diff --git a/tests/search-all-matching-tokens.softhsm b/tests/search-all-matching-tokens.softhsm +index 915e7c67..3cd26a66 100755 +--- a/tests/search-all-matching-tokens.softhsm ++++ b/tests/search-all-matching-tokens.softhsm +@@ -45,11 +45,15 @@ create_devices $NUM_DEVICES $PIN $PUK "libp11-test" "label" + + echo "Detected system: ${OSTYPE}" + +-if [[ "${OSTYPE}" == "darwin"* ]]; then +- SHARED_EXT=.dylib +-else +- SHARED_EXT=.so +-fi ++ ++case "${OSTYPE}" in ++ darwin* ) ++ SHARED_EXT=.dylib ++ ;; ++ *) ++ SHARED_EXT=.so ++ ;; ++esac + + sed -e "s|@MODULE_PATH@|${MODULE}|g" -e \ + "s|@ENGINE_PATH@|../src/.libs/pkcs11${SHARED_EXT}|g" \ + +From feb22a666ca361adb6f454bcb541281f8e9615f8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Micha=C5=82=20Trojnara?= +Date: Sat, 6 Aug 2022 23:14:55 +0200 +Subject: [PATCH] Also bind helper methods in engine_ctrl() + +--- + src/eng_front.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/eng_front.c b/src/eng_front.c +index 556b170..fd6940f 100644 +--- a/src/eng_front.c ++++ b/src/eng_front.c +@@ -209,6 +209,7 @@ static int engine_ctrl(ENGINE *engine, int cmd, long i, void *p, void (*f) ()) + ctx = get_ctx(engine); + if (!ctx) + return 0; ++ bind_helper_methods(engine); + return ctx_engine_ctrl(ctx, cmd, i, p, f); + } + + diff --git a/openssl-pkcs11.spec b/openssl-pkcs11.spec index 192f005..44ba22b 100644 --- a/openssl-pkcs11.spec +++ b/openssl-pkcs11.spec @@ -14,7 +14,8 @@ Source0: https://github.com/OpenSC/libp11/releases/download/libp11-%{vers # Downstream only for now to make RSA operations working in FIPS mode Patch4: openssl-pkcs11-0.4.10-set-rsa-fips-method-flag.patch # unbreak operation when some other engine is present in openssl.cnf -# https://github.com/OpenSC/libp11/pull/457/files +# https://github.com/OpenSC/libp11/pull/460 +# https://github.com/OpenSC/libp11/commit/feb22a66 Patch5: openssl-pkcs11-ossl3.patch BuildRequires: make