Redefine sslarch for x86_64_v2 arch

0058-aes-s390x.pl-Initialize-reserved-and-unused-memory.patch

@@ -0,0 +1,48 @@
+From 899623b29caa02f25e069acbcef581d19fe0a64e Mon Sep 17 00:00:00 2001
+From: Holger Dengler <dengler@linux.ibm.com>
+Date: Wed, 20 Aug 2025 17:55:43 +0200
+Subject: [PATCH] aes-s390x.pl: Initialize reserved and unused memory
+
+The reserved bytes in the parameter block (bytes 0-11) for the KMA
+instruction should be set to zero to be compatible in case of future
+architecture changes.
+
+While at it, also the following unused parts of the parameter block
+(bytes 48-63) are also cleared to avoid false positives with various
+memory checkers like valgrind.
+
+As it makes - performance wise - no difference to process 12, 48 or 64
+bytes with one XC call, but two XC calls are slower than one call, the
+first 64 bytes of the parameter block will be cleared with a single XC
+call. This will also initialize the counter in the parameter block
+(bytes 12-15), although it is not strictly necessary.
+
+Co-developed-by: Juergen Christ <jchrist@linux.ibm.com>
+Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
+Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Paul Dale <ppzgs1@gmail.com>
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/28315)
+---
+ crypto/aes/asm/aes-s390x.pl | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl
+index 78aa6dacfc..891d33bb7d 100644
+--- a/crypto/aes/asm/aes-s390x.pl
++++ b/crypto/aes/asm/aes-s390x.pl
+@@ -1431,6 +1431,9 @@ $code.=<<___ if (!$softonly);
+ 	st${g}	$s3,0($sp)			# backchain
+ 	la	%r1,$stdframe($sp)
+ 
++	xc	$stdframe+0(64,$sp),$stdframe+0($sp)	# clear reserved/unused
++							# in parameter block
++
+ 	lmg	$s2,$s3,0($key)			# copy key
+ 	stg	$s2,$stdframe+80($sp)
+ 	stg	$s3,$stdframe+88($sp)
+-- 
+2.50.1
+

openssl.spec

@@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.5.1
-Release: 4%{?dist}.alma.1
+Release: 5%{?dist}.alma.1
 Epoch: 1
 Source0: openssl-%{version}.tar.gz
 Source1: fips-hmacify.sh
@@ -99,6 +99,7 @@ Patch0054: 0054-Temporarily-disable-SLH-DSA-FIPS-self-tests.patch
 Patch0055: 0055-Add-a-define-to-disable-symver-attributes.patch
 Patch0056: 0056-Speed-test-signatures-without-errors.patch
 Patch0057: 0057-Targets-to-skip-build-of-non-installable-programs.patch
+Patch0058: 0058-aes-s390x.pl-Initialize-reserved-and-unused-memory.patch
 
 License: Apache-2.0
 URL: http://www.openssl.org/
@@ -294,9 +295,10 @@ OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
 export OPENSSL_SYSTEM_CIPHERS_OVERRIDE
 %{SOURCE1} providers/fips.so
 
-# Disable LTO, build tests, and run them
-%define _lto_cflags %{nil}
-make -s %{?_smp_mflags} build_programs
+# Build tests with LTO disabled and run them
+make -s %{?_smp_mflags} build_programs \
+    CFLAGS="%{build_cflags} -fno-lto" \
+    CXXFLAGS="%{build_cxxflags} -fno-lto"
 make test HARNESS_JOBS=8
 
 # Add generation of HMAC checksum of the final stripped library
@@ -461,9 +463,15 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h
 %ldconfig_scriptlets libs
 
 %changelog
-* Tue Sep 02 2025 Eduard Abdullin <eabdullin@almalinux.org> - 1:3.5.1-4.alma.1
+* Sat Sep 06 2025 Eduard Abdullin <eabdullin@almalinux.org> - 1:3.5.1-5.alma.1
 - Redefine sslarch for x86_64_v2 arch
 
+* Fri Sep 05 2025 Pavol Žáčik <pzacik@redhat.com> - 1:3.5.1-5
+- Fix globally disabled LTO
+  Related: RHEL-111634
+- Initialize reserved and unused memory in aes-s390x.pl
+  Resolves: RHEL-107479
+
 * Thu Aug 28 2025 Pavol Žáčik <pzacik@redhat.com> - 1:3.5.1-4
 - Make openssl speed test signatures without errors
   Resolves: RHEL-95182