rpms/openssl
7
1
Fork 1
Code Issues Pull Requests Releases Activity

- Fix providers no_cache behavior

Browse Source 
Resolves: RHEL-71903
This commit is contained in:
Dmitry Belyavskiy 2025-01-24 17:34:42 +01:00
parent 8b5d84e945
commit 5fae31daba
2 changed files with 110 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
0140-prov_no-cache.patch Normal file
View File

@ -0,0 +1,103 @@
diff --git a/crypto/core_fetch.c b/crypto/core_fetch.c
index d311158d77589..70715e7d6a99c 100644
--- a/crypto/core_fetch.c
+++ b/crypto/core_fetch.c
@@ -120,7 +120,7 @@ static void ossl_method_construct_this(OSSL_PROVIDER *provider,
* It is *expected* that the put function increments the refcnt
* of the passed method.
*/
- data->mcm->put(data->store, method, provider, algo->algorithm_names,
+ data->mcm->put(no_store ? data->store : NULL, method, provider, algo->algorithm_names,
algo->property_definition, data->mcm_data);
/* refcnt-- because we're dropping the reference */
diff --git a/test/nocache-and-default.cnf b/test/nocache-and-default.cnf
new file mode 100644
index 0000000000000..cf5ca8d114151
--- /dev/null
+++ b/test/nocache-and-default.cnf
@@ -0,0 +1,18 @@
+openssl_conf = openssl_init
+
+# Comment out the next line to ignore configuration errors
+config_diagnostics = 1
+
+[openssl_init]
+providers = provider_sect
+
+[provider_sect]
+test = test_sect
+default = default_sect
+
+[test_sect]
+module = ../test/p_test.so
+activate = true
+
+[default_sect]
+activate = true
diff --git a/test/p_test.c b/test/p_test.c
index 2d20190d4d57b..05f71ec8347c0 100644
--- a/test/p_test.c
+++ b/test/p_test.c
@@ -230,12 +230,21 @@ static const OSSL_ITEM *p_get_reason_strings(void *_)
return reason_strings;
}
+static const OSSL_ALGORITHM *p_query(OSSL_PROVIDER *prov,
+ int operation_id,
+ int *no_cache)
+{
+ *no_cache = 1;
+ return NULL;
+}
+
static const OSSL_DISPATCH p_test_table[] = {
{ OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))p_gettable_params },
{ OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))p_get_params },
{ OSSL_FUNC_PROVIDER_GET_REASON_STRINGS,
(void (*)(void))p_get_reason_strings},
{ OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))p_teardown },
+ { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))p_query },
OSSL_DISPATCH_END
};
diff --git a/test/recipes/20-test_nocache.t b/test/recipes/20-test_nocache.t
new file mode 100644
index 0000000000000..734e44ec8c2e1
--- /dev/null
+++ b/test/recipes/20-test_nocache.t
@@ -0,0 +1,34 @@
+#! /usr/bin/env perl
+# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+use OpenSSL::Test qw/:DEFAULT bldtop_file srctop_file bldtop_dir with/;
+use OpenSSL::Test::Utils;
+
+setup("test_nocache");
+
+plan tests => 4;
+
+ok(run(app(["openssl", "list", "-mac-algorithms"],
+ stdout => "listout.txt")),
+"List mac algorithms - default configuration");
+open DATA, "listout.txt";
+my @match = grep /MAC/, <DATA>;
+close DATA;
+ok(scalar @match > 1 ? 1 : 0, "Several algorithms are listed - default configuration");
+
+$ENV{OPENSSL_CONF} = bldtop_file("test", "nocache-and-default.cnf");
+ok(run(app(["openssl", "list", "-mac-algorithms"],
+ stdout => "listout.txt")),
+"List mac algorithms");
+open DATA, "listout.txt";
+my @match = grep /MAC/, <DATA>;
+close DATA;
+ok(scalar @match > 1 ? 1 : 0, "Several algorithms are listed - nocache-and-default");

8
openssl.spec
View File

@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 3.2.2 Version: 3.2.2
Release: 14%{?dist} Release: 15%{?dist}
Epoch: 1 Epoch: 1
Source: openssl-%{version}.tar.gz Source: openssl-%{version}.tar.gz
Source2: Makefile.certificate Source2: Makefile.certificate
@ -181,6 +181,8 @@ Patch136: 0136-Add-ALPN-validation-in-the-client.patch
Patch137: 0137-Add-explicit-testing-of-ALN-and-NPN-in-sslapitest.patch Patch137: 0137-Add-explicit-testing-of-ALN-and-NPN-in-sslapitest.patch
Patch138: 0138-Add-a-test-for-an-empty-NextProto-message.patch Patch138: 0138-Add-a-test-for-an-empty-NextProto-message.patch
Patch139: 0139-CVE-2024-6119.patch Patch139: 0139-CVE-2024-6119.patch
# https://github.com/openssl/openssl/pull/26197
Patch140: 0140-prov_no-cache.patch
License: Apache-2.0 License: Apache-2.0
URL: http://www.openssl.org/ URL: http://www.openssl.org/
@ -527,6 +529,10 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%changelog %changelog
* Thu Jan 02 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-15
- Fix providers no_cache behavior
Resolves: RHEL-71903
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1:3.2.2-14 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1:3.2.2-14
- Bump release for October 2024 mass rebuild: - Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018 Resolves: RHEL-64018