diff --git a/0058-aes-s390x.pl-Initialize-reserved-and-unused-memory.patch b/0058-aes-s390x.pl-Initialize-reserved-and-unused-memory.patch new file mode 100644 index 0000000..4ddf1a7 --- /dev/null +++ b/0058-aes-s390x.pl-Initialize-reserved-and-unused-memory.patch @@ -0,0 +1,48 @@ +From 899623b29caa02f25e069acbcef581d19fe0a64e Mon Sep 17 00:00:00 2001 +From: Holger Dengler +Date: Wed, 20 Aug 2025 17:55:43 +0200 +Subject: [PATCH] aes-s390x.pl: Initialize reserved and unused memory + +The reserved bytes in the parameter block (bytes 0-11) for the KMA +instruction should be set to zero to be compatible in case of future +architecture changes. + +While at it, also the following unused parts of the parameter block +(bytes 48-63) are also cleared to avoid false positives with various +memory checkers like valgrind. + +As it makes - performance wise - no difference to process 12, 48 or 64 +bytes with one XC call, but two XC calls are slower than one call, the +first 64 bytes of the parameter block will be cleared with a single XC +call. This will also initialize the counter in the parameter block +(bytes 12-15), although it is not strictly necessary. + +Co-developed-by: Juergen Christ +Signed-off-by: Juergen Christ +Signed-off-by: Holger Dengler + +Reviewed-by: Tomas Mraz +Reviewed-by: Paul Dale +Reviewed-by: Neil Horman +(Merged from https://github.com/openssl/openssl/pull/28315) +--- + crypto/aes/asm/aes-s390x.pl | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl +index 78aa6dacfc..891d33bb7d 100644 +--- a/crypto/aes/asm/aes-s390x.pl ++++ b/crypto/aes/asm/aes-s390x.pl +@@ -1431,6 +1431,9 @@ $code.=<<___ if (!$softonly); + st${g} $s3,0($sp) # backchain + la %r1,$stdframe($sp) + ++ xc $stdframe+0(64,$sp),$stdframe+0($sp) # clear reserved/unused ++ # in parameter block ++ + lmg $s2,$s3,0($key) # copy key + stg $s2,$stdframe+80($sp) + stg $s3,$stdframe+88($sp) +-- +2.50.1 + diff --git a/openssl.spec b/openssl.spec index 0603745..ff09ca5 100644 --- a/openssl.spec +++ b/openssl.spec @@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16)) Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 3.5.1 -Release: 4%{?dist}.alma.1 +Release: 5%{?dist}.alma.1 Epoch: 1 Source0: openssl-%{version}.tar.gz Source1: fips-hmacify.sh @@ -99,6 +99,7 @@ Patch0054: 0054-Temporarily-disable-SLH-DSA-FIPS-self-tests.patch Patch0055: 0055-Add-a-define-to-disable-symver-attributes.patch Patch0056: 0056-Speed-test-signatures-without-errors.patch Patch0057: 0057-Targets-to-skip-build-of-non-installable-programs.patch +Patch0058: 0058-aes-s390x.pl-Initialize-reserved-and-unused-memory.patch License: Apache-2.0 URL: http://www.openssl.org/ @@ -294,9 +295,10 @@ OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file export OPENSSL_SYSTEM_CIPHERS_OVERRIDE %{SOURCE1} providers/fips.so -# Disable LTO, build tests, and run them -%define _lto_cflags %{nil} -make -s %{?_smp_mflags} build_programs +# Build tests with LTO disabled and run them +make -s %{?_smp_mflags} build_programs \ + CFLAGS="%{build_cflags} -fno-lto" \ + CXXFLAGS="%{build_cxxflags} -fno-lto" make test HARNESS_JOBS=8 # Add generation of HMAC checksum of the final stripped library @@ -461,9 +463,15 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h %ldconfig_scriptlets libs %changelog -* Tue Sep 02 2025 Eduard Abdullin - 1:3.5.1-4.alma.1 +* Sat Sep 06 2025 Eduard Abdullin - 1:3.5.1-5.alma.1 - Redefine sslarch for x86_64_v2 arch +* Fri Sep 05 2025 Pavol Žáčik - 1:3.5.1-5 +- Fix globally disabled LTO + Related: RHEL-111634 +- Initialize reserved and unused memory in aes-s390x.pl + Resolves: RHEL-107479 + * Thu Aug 28 2025 Pavol Žáčik - 1:3.5.1-4 - Make openssl speed test signatures without errors Resolves: RHEL-95182