From 007b0e01a960243b665c2cfeeef3a19e24d9dc48 Mon Sep 17 00:00:00 2001
From: Sahana Prasad <sahana@redhat.com>
Date: Mon, 26 Apr 2021 19:31:15 +0200
Subject: [PATCH]   Update to alpha 15 version   Resolves: openssl speed
 crashes rhbz#1952598   Resolves: rhbz#1903209

Signed-off-by: Sahana Prasad <sahana@redhat.com>
---
 ...PROFILE-SYSTEM-system-default-cipher.patch |  6 +-
 0009-Add-Kernel-FIPS-mode-flag-support.patch  |  2 +-
 0011-Remove-EC-curves.patch                   | 63 +++++++++++++------
 ectest.c                                      |  6 +-
 openssl.spec                                  | 12 ++--
 sources                                       |  2 +-
 6 files changed, 60 insertions(+), 31 deletions(-)

diff --git a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
index 6b8117e..8a873ba 100644
--- a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
+++ b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
@@ -322,9 +322,9 @@ index 404a706fab..e81fa9ec3e 100644
 --- a/util/libcrypto.num
 +++ b/util/libcrypto.num
 @@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure    ?	3_0_0	EXIST::FUNCTION:
- RAND_set_DRBG_type                      ?	3_0_0	EXIST::FUNCTION:
- RAND_set_seed_source_type               ?	3_0_0	EXIST::FUNCTION:
- BIO_f_readbuffer                        ?	3_0_0	EXIST::FUNCTION:
+ EVP_CIPHER_CTX_get0_cipher              ?	3_0_0	EXIST::FUNCTION:
+ EVP_CIPHER_CTX_get1_cipher              ?	3_0_0	EXIST::FUNCTION:
+ OSSL_LIB_CTX_get0_global_default        ?	3_0_0	EXIST::FUNCTION:
 +ossl_safe_getenv                        ?	3_0_0	EXIST::FUNCTION:
 -- 
 2.26.2
diff --git a/0009-Add-Kernel-FIPS-mode-flag-support.patch b/0009-Add-Kernel-FIPS-mode-flag-support.patch
index c05febf..c56b427 100644
--- a/0009-Add-Kernel-FIPS-mode-flag-support.patch
+++ b/0009-Add-Kernel-FIPS-mode-flag-support.patch
@@ -2,8 +2,8 @@ diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha1
 --- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips	2021-03-16 00:09:55.814826432 +0100
 +++ openssl-3.0.0-alpha13/crypto/context.c	2021-03-16 00:15:55.129043811 +0100
 @@ -12,11 +12,54 @@
- #include "internal/thread_once.h"
  #include "internal/property.h"
+ #include "internal/core.h"
  
 +#ifndef FIPS_MODULE
 +# include <sys/types.h>
diff --git a/0011-Remove-EC-curves.patch b/0011-Remove-EC-curves.patch
index ba86314..1f43bf0 100644
--- a/0011-Remove-EC-curves.patch
+++ b/0011-Remove-EC-curves.patch
@@ -306,25 +306,6 @@ diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves op
          },
      },
  );
-diff -up openssl-3.0.0-alpha13/test/evp_extra_test.c.ec-curves openssl-3.0.0-alpha13/test/evp_extra_test.c
---- openssl-3.0.0-alpha13/test/evp_extra_test.c.ec-curves	2021-04-10 13:49:53.381742691 +0200
-+++ openssl-3.0.0-alpha13/test/evp_extra_test.c	2021-04-10 13:56:11.742776705 +0200
-@@ -2414,13 +2414,13 @@ err:
- }
- 
- #ifndef OPENSSL_NO_EC
--static int ecpub_nids[] = { NID_brainpoolP256r1, NID_X9_62_prime256v1,
-+static int ecpub_nids[] = {NID_X9_62_prime256v1,
-     NID_secp384r1, NID_secp521r1,
- #ifndef OPENSSL_NO_EC2M
-     NID_sect233k1, NID_sect233r1, NID_sect283r1,
-     NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
- #endif
--    NID_brainpoolP384r1, NID_brainpoolP512r1};
-+    };
- 
- static int test_ecpub(int idx)
- {
 diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t
 --- openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves	2021-04-10 14:00:22.482782216 +0200
 +++ openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t	2021-04-10 14:08:50.769727651 +0200
@@ -619,3 +600,47 @@ diff -up openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t.ec-curves openssl-
 
  my @basic_cmd = ("cmp_vfy_test",
                   data_file("server.crt"),     data_file("client.crt"),
+diff -up openssl-3.0.0-alpha15/crypto/evp/ec_support.c.ec-curves openssl-3.0.0-alpha15/crypto/evp/ec_support.c
+--- openssl-3.0.0-alpha15/crypto/evp/ec_support.c.ec-curves	2021-04-23 18:15:12.571691284 +0200
++++ openssl-3.0.0-alpha15/crypto/evp/ec_support.c	2021-04-23 18:16:00.803087403 +0200
+@@ -28,7 +28,6 @@ static const EC_NAME2NID curve_list[] =
+ static const EC_NAME2NID curve_list[] = {
+     /* prime field curves */
+     /* secg curves */
+-    {"secp224k1", NID_secp224k1 },
+     {"secp224r1", NID_secp224r1 },
+     {"secp256k1", NID_secp256k1 },
+     {"secp384r1", NID_secp384r1 },
+diff -up openssl-3.0.0-alpha15/test/evp_extra_test.c.ec-curves openssl-3.0.0-alpha15/test/evp_extra_test.c
+--- openssl-3.0.0-alpha15/test/evp_extra_test.c.ec-curves	2021-04-23 18:11:06.508670408 +0200
++++ openssl-3.0.0-alpha15/test/evp_extra_test.c	2021-04-23 18:12:44.833477933 +0200
+@@ -2693,13 +2693,13 @@ err:
+ #endif
+ 
+ #ifndef OPENSSL_NO_EC
+-static int ecpub_nids[] = { NID_brainpoolP256r1, NID_X9_62_prime256v1,
++static int ecpub_nids[] = { NID_X9_62_prime256v1,
+     NID_secp384r1, NID_secp521r1,
+ #ifndef OPENSSL_NO_EC2M
+     NID_sect233k1, NID_sect233r1, NID_sect283r1,
+     NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
+ #endif
+-    NID_brainpoolP384r1, NID_brainpoolP512r1};
++    };
+ 
+ static int test_ecpub(int idx)
+ {
+diff -up openssl-3.0.0-alpha15/apps/speed.c.ec-curves openssl-3.0.0-alpha15/apps/speed.c
+--- openssl-3.0.0-alpha15/apps/speed.c.ec-curves	2021-04-26 14:25:44.049991942 +0200
++++ openssl-3.0.0-alpha15/apps/speed.c	2021-04-26 14:36:10.643570273 +0200
+@@ -1439,8 +1439,8 @@ int speed_main(int argc, char **argv)
+     OPENSSL_assert(ec_curves[EC_NUM - 1].nid == NID_X448);
+     OPENSSL_assert(strcmp(ecdh_choices[EC_NUM - 1].name, "ecdhx448") == 0);
+ 
+-    OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_brainpoolP512t1);
+-    OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsabrp512t1") == 0);
++    OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_secp521r1);
++    OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsap521") == 0);
+ 
+ #ifndef OPENSSL_NO_SM2
+     OPENSSL_assert(sm2_curves[SM2_NUM - 1].nid == NID_sm2);
diff --git a/ectest.c b/ectest.c
index 8e64f36..a4481dc 100644
--- a/ectest.c
+++ b/ectest.c
@@ -1908,7 +1908,7 @@ err:
     BN_free(a_out);
     BN_free(b_out);
     BN_free(p_out);
-    OSSL_PARAM_BLD_free_params(params);
+    OSSL_PARAM_free(params);
     OSSL_PARAM_BLD_free(bld);
     EVP_PKEY_free(pkeyparam);
     EVP_PKEY_CTX_free(pctx);
@@ -2255,8 +2255,8 @@ static int custom_params_test(int id)
     BN_CTX_end(ctx);
     BN_CTX_free(ctx);
     OSSL_PARAM_BLD_free(param_bld);
-    OSSL_PARAM_BLD_free_params(params1);
-    OSSL_PARAM_BLD_free_params(params2);
+    OSSL_PARAM_free(params1);
+    OSSL_PARAM_free(params2);
     EC_POINT_free(Q1);
     EC_POINT_free(Q2);
     EC_POINT_free(G2);
diff --git a/openssl.spec b/openssl.spec
index 2be384c..aed2925 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -15,7 +15,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.0.0
-Release: 0.alpha13.1%{?dist}
+Release: 0.alpha15.1%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -55,7 +55,7 @@ Patch10: 0010-Fix-EVP-extra-test-with-OPENSSL_NO_EC2M.patch
 # remove unsupported EC curves
 Patch11: 0011-Remove-EC-curves.patch
 
-License: ASL 2.0 and OpenSSL
+License: ASL 2.0
 URL: http://www.openssl.org/
 BuildRequires: gcc
 BuildRequires: coreutils, perl-interpreter, sed, zlib-devel, /usr/bin/cmp
@@ -109,7 +109,7 @@ package provides Perl scripts for converting certificates and keys
 from other formats to the formats used by the OpenSSL toolkit.
 
 %prep
-%autosetup -S git -n %{name}-%{version}-alpha13
+%autosetup -S git -n %{name}-%{version}-alpha15
 
 # The hobble_openssl is called here redundantly, just to be sure.
 # The tarball has already the sources removed.
@@ -270,7 +270,7 @@ mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/tsget $RPM_BUILD_ROOT%{_bindir}
 
 # Rename man pages so that they don't conflict with other system man pages.
 pushd $RPM_BUILD_ROOT%{_mandir}
-mv man5/config.5 man5/openssl.cnf.5
+mv man5/config.5ossl man5/openssl.cnf.5
 popd
 
 mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA
@@ -372,6 +372,10 @@ export LD_LIBRARY_PATH
 %ldconfig_scriptlets libs
 
 %changelog
+* Mon Apr 26 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha15.1
+- Update to alpha 15 version
+  Resolves: rhbz#1903209, rhbz#1952598, 
+
 * Fri Apr 09 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha13.1
 - Update to new major release OpenSSL 3.0.0 alpha 13
   Resolves: rhbz#1903209
diff --git a/sources b/sources
index d8f2826..b0a8d8f 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (openssl-3.0.0-hobbled.tar.xz) = c5837020f7fc395d283673ab8cb2b14a858edb1fe53b5b46d47d61225881724d675d3aadc37782e43937b015cb26e88002915065f02a78217e11d9964bf79c0c
+SHA512 (openssl-3.0.0-hobbled.tar.xz) = aeb95ea4781cf18d61150abe2e8307d4985928b0385170da62504eaf30370d3a564642028b362c4bc366acffa043c3f136d67bd2401719bb3c2cdf79a86511ba