Update to alpha 15 version

Resolves: openssl speed crashes rhbz#1952598 Resolves: rhbz#1903209 Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-04-26 19:31:15 +02:00 · 2021-04-26 19:31:15 +02:00 · 007b0e01a9
commit 007b0e01a9
parent ec7ef62793
6 changed files with 60 additions and 31 deletions
--- a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
+++ b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
@ -322,9 +322,9 @@ index 404a706fab..e81fa9ec3e 100644
 --- a/util/libcrypto.num
 +++ b/util/libcrypto.num
@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure    ?	3_0_0	EXIST::FUNCTION:
- RAND_set_DRBG_type                      ?	3_0_0	EXIST::FUNCTION:
- RAND_set_seed_source_type               ?	3_0_0	EXIST::FUNCTION:
- BIO_f_readbuffer                        ?	3_0_0	EXIST::FUNCTION:
+ EVP_CIPHER_CTX_get0_cipher              ?	3_0_0	EXIST::FUNCTION:
+ EVP_CIPHER_CTX_get1_cipher              ?	3_0_0	EXIST::FUNCTION:
+ OSSL_LIB_CTX_get0_global_default        ?	3_0_0	EXIST::FUNCTION:
 +ossl_safe_getenv                        ?	3_0_0	EXIST::FUNCTION:
 -- 
 2.26.2
--- a/0009-Add-Kernel-FIPS-mode-flag-support.patch
+++ b/0009-Add-Kernel-FIPS-mode-flag-support.patch
@ -2,8 +2,8 @@ diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha1
 --- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips	2021-03-16 00:09:55.814826432 +0100
 +++ openssl-3.0.0-alpha13/crypto/context.c	2021-03-16 00:15:55.129043811 +0100
@@ -12,11 +12,54 @@
- #include "internal/thread_once.h"
 #include "internal/property.h"
+ #include "internal/core.h"
 
 +#ifndef FIPS_MODULE
 +# include <sys/types.h>
--- a/0011-Remove-EC-curves.patch
+++ b/0011-Remove-EC-curves.patch
@ -306,25 +306,6 @@ diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves op
         },
     },
 );
-diff -up openssl-3.0.0-alpha13/test/evp_extra_test.c.ec-curves openssl-3.0.0-alpha13/test/evp_extra_test.c
--- openssl-3.0.0-alpha13/test/evp_extra_test.c.ec-curves	2021-04-10 13:49:53.381742691 +0200
-+++ openssl-3.0.0-alpha13/test/evp_extra_test.c	2021-04-10 13:56:11.742776705 +0200
-@@ -2414,13 +2414,13 @@ err:
- }
- 
- #ifndef OPENSSL_NO_EC
-static int ecpub_nids[] = { NID_brainpoolP256r1, NID_X9_62_prime256v1,
-+static int ecpub_nids[] = {NID_X9_62_prime256v1,
-     NID_secp384r1, NID_secp521r1,
- #ifndef OPENSSL_NO_EC2M
-     NID_sect233k1, NID_sect233r1, NID_sect283r1,
-     NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
- #endif
-    NID_brainpoolP384r1, NID_brainpoolP512r1};
-+    };
- 
- static int test_ecpub(int idx)
- {
 diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t
 --- openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves	2021-04-10 14:00:22.482782216 +0200
 +++ openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t	2021-04-10 14:08:50.769727651 +0200
@ -619,3 +600,47 @@ diff -up openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t.ec-curves openssl-

 my @basic_cmd = ("cmp_vfy_test",
                  data_file("server.crt"),     data_file("client.crt"),
+diff -up openssl-3.0.0-alpha15/crypto/evp/ec_support.c.ec-curves openssl-3.0.0-alpha15/crypto/evp/ec_support.c
+--- openssl-3.0.0-alpha15/crypto/evp/ec_support.c.ec-curves	2021-04-23 18:15:12.571691284 +0200
+++ openssl-3.0.0-alpha15/crypto/evp/ec_support.c	2021-04-23 18:16:00.803087403 +0200
+@@ -28,7 +28,6 @@ static const EC_NAME2NID curve_list[] =
+ static const EC_NAME2NID curve_list[] = {
+     /* prime field curves */
+     /* secg curves */
+-    {"secp224k1", NID_secp224k1 },
+     {"secp224r1", NID_secp224r1 },
+     {"secp256k1", NID_secp256k1 },
+     {"secp384r1", NID_secp384r1 },
+diff -up openssl-3.0.0-alpha15/test/evp_extra_test.c.ec-curves openssl-3.0.0-alpha15/test/evp_extra_test.c
+--- openssl-3.0.0-alpha15/test/evp_extra_test.c.ec-curves	2021-04-23 18:11:06.508670408 +0200
+++ openssl-3.0.0-alpha15/test/evp_extra_test.c	2021-04-23 18:12:44.833477933 +0200
+@@ -2693,13 +2693,13 @@ err:
+ #endif
+ 
+ #ifndef OPENSSL_NO_EC
+-static int ecpub_nids[] = { NID_brainpoolP256r1, NID_X9_62_prime256v1,
+static int ecpub_nids[] = { NID_X9_62_prime256v1,
+     NID_secp384r1, NID_secp521r1,
+ #ifndef OPENSSL_NO_EC2M
+     NID_sect233k1, NID_sect233r1, NID_sect283r1,
+     NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
+ #endif
+-    NID_brainpoolP384r1, NID_brainpoolP512r1};
+    };
+ 
+ static int test_ecpub(int idx)
+ {
+diff -up openssl-3.0.0-alpha15/apps/speed.c.ec-curves openssl-3.0.0-alpha15/apps/speed.c
+--- openssl-3.0.0-alpha15/apps/speed.c.ec-curves	2021-04-26 14:25:44.049991942 +0200
+++ openssl-3.0.0-alpha15/apps/speed.c	2021-04-26 14:36:10.643570273 +0200
+@@ -1439,8 +1439,8 @@ int speed_main(int argc, char **argv)
+     OPENSSL_assert(ec_curves[EC_NUM - 1].nid == NID_X448);
+     OPENSSL_assert(strcmp(ecdh_choices[EC_NUM - 1].name, "ecdhx448") == 0);
+ 
+-    OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_brainpoolP512t1);
+-    OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsabrp512t1") == 0);
+    OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_secp521r1);
+    OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsap521") == 0);
+ 
+ #ifndef OPENSSL_NO_SM2
+     OPENSSL_assert(sm2_curves[SM2_NUM - 1].nid == NID_sm2);
--- a/ectest.c
+++ b/ectest.c
@ -1908,7 +1908,7 @@ err:
    BN_free(a_out);
    BN_free(b_out);
    BN_free(p_out);
-    OSSL_PARAM_BLD_free_params(params);
+    OSSL_PARAM_free(params);
    OSSL_PARAM_BLD_free(bld);
    EVP_PKEY_free(pkeyparam);
    EVP_PKEY_CTX_free(pctx);
@ -2255,8 +2255,8 @@ static int custom_params_test(int id)
    BN_CTX_end(ctx);
    BN_CTX_free(ctx);
    OSSL_PARAM_BLD_free(param_bld);
-    OSSL_PARAM_BLD_free_params(params1);
-    OSSL_PARAM_BLD_free_params(params2);
+    OSSL_PARAM_free(params1);
+    OSSL_PARAM_free(params2);
    EC_POINT_free(Q1);
    EC_POINT_free(Q2);
    EC_POINT_free(G2);
--- a/openssl.spec
+++ b/openssl.spec
@ -15,7 +15,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.0.0
-Release: 0.alpha13.1%{?dist}
+Release: 0.alpha15.1%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@ -55,7 +55,7 @@ Patch10: 0010-Fix-EVP-extra-test-with-OPENSSL_NO_EC2M.patch
 # remove unsupported EC curves
 Patch11: 0011-Remove-EC-curves.patch

-License: ASL 2.0 and OpenSSL
+License: ASL 2.0
 URL: http://www.openssl.org/
 BuildRequires: gcc
 BuildRequires: coreutils, perl-interpreter, sed, zlib-devel, /usr/bin/cmp
@ -109,7 +109,7 @@ package provides Perl scripts for converting certificates and keys
 from other formats to the formats used by the OpenSSL toolkit.

 %prep
-%autosetup -S git -n %{name}-%{version}-alpha13
+%autosetup -S git -n %{name}-%{version}-alpha15

 # The hobble_openssl is called here redundantly, just to be sure.
 # The tarball has already the sources removed.
@ -270,7 +270,7 @@ mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/tsget $RPM_BUILD_ROOT%{_bindir}

 # Rename man pages so that they don't conflict with other system man pages.
 pushd $RPM_BUILD_ROOT%{_mandir}
-mv man5/config.5 man5/openssl.cnf.5
+mv man5/config.5ossl man5/openssl.cnf.5
 popd

 mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA
@ -372,6 +372,10 @@ export LD_LIBRARY_PATH
 %ldconfig_scriptlets libs

 %changelog
+* Mon Apr 26 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha15.1
+- Update to alpha 15 version
+  Resolves: rhbz#1903209, rhbz#1952598, 
+
 * Fri Apr 09 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha13.1
 - Update to new major release OpenSSL 3.0.0 alpha 13
  Resolves: rhbz#1903209
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (openssl-3.0.0-hobbled.tar.xz) = c5837020f7fc395d283673ab8cb2b14a858edb1fe53b5b46d47d61225881724d675d3aadc37782e43937b015cb26e88002915065f02a78217e11d9964bf79c0c
+SHA512 (openssl-3.0.0-hobbled.tar.xz) = aeb95ea4781cf18d61150abe2e8307d4985928b0385170da62504eaf30370d3a564642028b362c4bc366acffa043c3f136d67bd2401719bb3c2cdf79a86511ba