import openssl-3.0.1-23.el9_0

SOURCES/0055-nonlegacy-fetch-null-deref.patch

@@ -0,0 +1,23 @@
+diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c
+index e1da724bd2f4..2bee5ef19447 100644
+--- a/crypto/core_namemap.c
++++ b/crypto/core_namemap.c
+@@ -409,14 +409,16 @@ static void get_legacy_cipher_names(const OBJ_NAME *on, void *arg)
+ {
+     const EVP_CIPHER *cipher = (void *)OBJ_NAME_get(on->name, on->type);
+ 
+-    get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg);
++    if (cipher != NULL)
++        get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg);
+ }
+ 
+ static void get_legacy_md_names(const OBJ_NAME *on, void *arg)
+ {
+     const EVP_MD *md = (void *)OBJ_NAME_get(on->name, on->type);
+ 
+-    get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
++    if (md != NULL)
++        get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
+ }
+ 
+ static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth,

SOURCES/0057-strcasecmp-fix.patch

@@ -0,0 +1,104 @@
+From 68f23e3725d9639f5b27d868fee291cabb516677 Mon Sep 17 00:00:00 2001
+From: Dmitry Belyavskiy <beldmit@gmail.com>
+Date: Fri, 22 Apr 2022 18:16:56 +0200
+Subject: [PATCH 1/2] Ensure we initialized the locale before
+ evp_pkey_name2type
+
+Fixes #18158
+---
+ crypto/evp/pmeth_lib.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
+index 2b9c6c2351da..92d25de44532 100644
+--- a/crypto/evp/pmeth_lib.c
++++ b/crypto/evp/pmeth_lib.c
+@@ -27,6 +27,7 @@
+ #ifndef FIPS_MODULE
+ # include "crypto/asn1.h"
+ #endif
++#include "crypto/ctype.h"
+ #include "crypto/evp.h"
+ #include "crypto/dh.h"
+ #include "crypto/ec.h"
+@@ -199,6 +200,7 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx,
+             }
+ #ifndef FIPS_MODULE
+             if (keytype != NULL) {
++                ossl_init_casecmp();
+                 id = evp_pkey_name2type(keytype);
+                 if (id == NID_undef)
+                     id = -1;
+
+From 51c7b2d9c30b72aeb7e8eb69799dc039d5b23e58 Mon Sep 17 00:00:00 2001
+From: Dmitry Belyavskiy <beldmit@gmail.com>
+Date: Fri, 22 Apr 2022 19:26:08 +0200
+Subject: [PATCH 2/2] Testing the EVP_PKEY_CTX_new_from_name without
+ preliminary init
+
+---
+ test/build.info                   |  6 +++++-
+ test/evp_pkey_ctx_new_from_name.c | 14 ++++++++++++++
+ test/recipes/02-test_localetest.t |  4 +++-
+ 3 files changed, 22 insertions(+), 2 deletions(-)
+ create mode 100644 test/evp_pkey_ctx_new_from_name.c
+
+diff --git a/test/build.info b/test/build.info
+index 14a84f00a258..ee059973d31a 100644
+--- a/test/build.info
++++ b/test/build.info
+@@ -37,7 +37,7 @@ IF[{- !$disabled{tests} -}]
+           sanitytest rsa_complex exdatatest bntest \
+           ecstresstest gmdifftest pbelutest \
+           destest mdc2test sha_test \
+-          exptest pbetest localetest \
++          exptest pbetest localetest evp_pkey_ctx_new_from_name\
+           evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \
+           evp_fetch_prov_test evp_libctx_test ossl_store_test \
+           v3nametest v3ext \
+@@ -139,6 +139,10 @@ IF[{- !$disabled{tests} -}]
+   INCLUDE[localetest]=../include ../apps/include
+   DEPEND[localetest]=../libcrypto libtestutil.a
+ 
++  SOURCE[evp_pkey_ctx_new_from_name]=evp_pkey_ctx_new_from_name.c
++  INCLUDE[evp_pkey_ctx_new_from_name]=../include ../apps/include
++  DEPEND[evp_pkey_ctx_new_from_name]=../libcrypto
++
+   SOURCE[pbetest]=pbetest.c
+   INCLUDE[pbetest]=../include ../apps/include
+   DEPEND[pbetest]=../libcrypto libtestutil.a
+diff --git a/test/evp_pkey_ctx_new_from_name.c b/test/evp_pkey_ctx_new_from_name.c
+new file mode 100644
+index 000000000000..24063ea05ea5
+--- /dev/null
++++ b/test/evp_pkey_ctx_new_from_name.c
+@@ -0,0 +1,14 @@
++#include <stdio.h>
++#include <openssl/ec.h>
++#include <openssl/evp.h>
++#include <openssl/err.h>
++
++int main(int argc, char *argv[])
++{
++    EVP_PKEY_CTX *pctx = NULL;
++
++    pctx = EVP_PKEY_CTX_new_from_name(NULL, "NO_SUCH_ALGORITHM", NULL);
++    EVP_PKEY_CTX_free(pctx);
++
++    return 0;
++}
+diff --git a/test/recipes/02-test_localetest.t b/test/recipes/02-test_localetest.t
+index 1bccd57d4c63..77fba7d819ab 100644
+--- a/test/recipes/02-test_localetest.t
++++ b/test/recipes/02-test_localetest.t
+@@ -15,7 +15,9 @@ setup("locale tests");
+ plan skip_all => "Locale tests not available on Windows or VMS"
+     if $^O =~ /^(VMS|MSWin32)$/;
+ 
+-plan tests => 2;
++plan tests => 3;
++
++ok(run(test(["evp_pkey_ctx_new_from_name"])), "running evp_pkey_ctx_new_from_name without explicit context init");
+ 
+ $ENV{LANG} = "C";
+ ok(run(test(["localetest"])), "running localetest");

SPECS/openssl.spec

@@ -15,7 +15,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.0.1
-Release: 20%{?dist}
+Release: 23%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -86,6 +86,12 @@ Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch
 Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
 # CVE 2022-0778
 Patch53: 0053-CVE-2022-0778.patch
+# https://github.com/openssl/openssl/pull/17324
+Patch55: 0055-nonlegacy-fetch-null-deref.patch
+# https://github.com/openssl/openssl/pull/18103
+Patch56: 0056-strcasecmp.patch
+# https://github.com/openssl/openssl/pull/18175
+Patch57: 0057-strcasecmp-fix.patch
 
 License: ASL 2.0
 URL: http://www.openssl.org/
@@ -416,6 +422,18 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs
 
 %changelog
+* Tue Apr 26 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-23
+- Update missing initialization patch with feedback from upstream
+  Resolves: rhbz#2076654
+
+* Fri Apr 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-22
+- Invocation of the missing initialization
+- Resolves: rhbz#2076654
+
+* Wed Apr 20 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-21
+- Fix openssl curl error with LANG=tr_TR.utf8
+- Resolves: rhbz#2076654
+
 * Fri Mar 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-20
 - Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when
   no OpenSSL library context is set