- Fix providers no_cache behavior

Resolves: RHEL-71903
2025-01-24 17:34:42 +01:00 · 2025-01-24 17:34:42 +01:00 · 5fae31daba
commit 5fae31daba
parent 8b5d84e945
2 changed files with 110 additions and 1 deletions
--- a/0140-prov_no-cache.patch
+++ b/0140-prov_no-cache.patch
@ -0,0 +1,103 @@
+diff --git a/crypto/core_fetch.c b/crypto/core_fetch.c
+index d311158d77589..70715e7d6a99c 100644
+--- a/crypto/core_fetch.c
+++ b/crypto/core_fetch.c
+@@ -120,7 +120,7 @@ static void ossl_method_construct_this(OSSL_PROVIDER *provider,
+      * It is *expected* that the put function increments the refcnt
+      * of the passed method.
+      */
+-    data->mcm->put(data->store, method, provider, algo->algorithm_names,
+    data->mcm->put(no_store ? data->store : NULL, method, provider, algo->algorithm_names,
+                    algo->property_definition, data->mcm_data);
+ 
+     /* refcnt-- because we're dropping the reference */
+diff --git a/test/nocache-and-default.cnf b/test/nocache-and-default.cnf
+new file mode 100644
+index 0000000000000..cf5ca8d114151
+--- /dev/null
+++ b/test/nocache-and-default.cnf
+@@ -0,0 +1,18 @@
+openssl_conf = openssl_init
+
+# Comment out the next line to ignore configuration errors
+config_diagnostics = 1
+
+[openssl_init]
+providers = provider_sect
+
+[provider_sect]
+test    = test_sect
+default = default_sect
+
+[test_sect]
+module = ../test/p_test.so
+activate = true
+
+[default_sect]
+activate = true
+diff --git a/test/p_test.c b/test/p_test.c
+index 2d20190d4d57b..05f71ec8347c0 100644
+--- a/test/p_test.c
+++ b/test/p_test.c
+@@ -230,12 +230,21 @@ static const OSSL_ITEM *p_get_reason_strings(void *_)
+     return reason_strings;
+ }
+ 
+static const OSSL_ALGORITHM *p_query(OSSL_PROVIDER *prov,
+                                     int operation_id,
+                                     int *no_cache)
+{
+    *no_cache = 1;
+    return NULL;
+}
+
+ static const OSSL_DISPATCH p_test_table[] = {
+     { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))p_gettable_params },
+     { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))p_get_params },
+     { OSSL_FUNC_PROVIDER_GET_REASON_STRINGS,
+         (void (*)(void))p_get_reason_strings},
+     { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))p_teardown },
+    { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))p_query },
+     OSSL_DISPATCH_END
+ };
+ 
+diff --git a/test/recipes/20-test_nocache.t b/test/recipes/20-test_nocache.t
+new file mode 100644
+index 0000000000000..734e44ec8c2e1
+--- /dev/null
+++ b/test/recipes/20-test_nocache.t
+@@ -0,0 +1,34 @@
+#! /usr/bin/env perl
+# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+use OpenSSL::Test qw/:DEFAULT bldtop_file srctop_file bldtop_dir with/;
+use OpenSSL::Test::Utils;
+
+setup("test_nocache");
+
+plan tests => 4;
+
+ok(run(app(["openssl", "list", "-mac-algorithms"],
+        stdout => "listout.txt")),
+"List mac algorithms - default configuration");
+open DATA, "listout.txt";
+my @match = grep /MAC/, <DATA>;
+close DATA;
+ok(scalar @match > 1 ? 1 : 0, "Several algorithms are listed - default configuration");
+
+$ENV{OPENSSL_CONF} = bldtop_file("test", "nocache-and-default.cnf");
+ok(run(app(["openssl", "list", "-mac-algorithms"],
+        stdout => "listout.txt")),
+"List mac algorithms");
+open DATA, "listout.txt";
+my @match = grep /MAC/, <DATA>;
+close DATA;
+ok(scalar @match > 1 ? 1 : 0, "Several algorithms are listed - nocache-and-default");
--- a/openssl.spec
+++ b/openssl.spec
@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.2.2
-Release: 14%{?dist}
+Release: 15%{?dist}
 Epoch: 1
 Source: openssl-%{version}.tar.gz
 Source2: Makefile.certificate
@ -181,6 +181,8 @@ Patch136: 0136-Add-ALPN-validation-in-the-client.patch
 Patch137: 0137-Add-explicit-testing-of-ALN-and-NPN-in-sslapitest.patch
 Patch138: 0138-Add-a-test-for-an-empty-NextProto-message.patch
 Patch139: 0139-CVE-2024-6119.patch
+# https://github.com/openssl/openssl/pull/26197
+Patch140: 0140-prov_no-cache.patch

 License: Apache-2.0
 URL: http://www.openssl.org/
@ -527,6 +529,10 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h
 %ldconfig_scriptlets libs

 %changelog
+* Thu Jan 02 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-15
+- Fix providers no_cache behavior
+  Resolves: RHEL-71903
+
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1:3.2.2-14
 - Bump release for October 2024 mass rebuild:
  Resolves: RHEL-64018