Redefine sslarch for x86_64_v2 arch
This commit is contained in:
commit
ea394def22
176
0056-Speed-test-signatures-without-errors.patch
Normal file
176
0056-Speed-test-signatures-without-errors.patch
Normal file
@ -0,0 +1,176 @@
|
|||||||
|
From 0db63fff91327d06502027441104665f462be922 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Pavol=20=C5=BD=C3=A1=C4=8Dik?= <zacik.pa@gmail.com>
|
||||||
|
Date: Mon, 11 Aug 2025 12:02:03 +0200
|
||||||
|
Subject: [PATCH 1/2] apps/speed.c: Disable testing of composite signature
|
||||||
|
algorithms
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Creating public key context from name would always fail
|
||||||
|
for composite signature algorithms (such as RSA-SHA256)
|
||||||
|
because the public key algorithm name (e.g., RSA) does
|
||||||
|
not match the name of the composite algorithm.
|
||||||
|
|
||||||
|
Relates to #27855.
|
||||||
|
|
||||||
|
Signed-off-by: Pavol Žáčik <zacik.pa@gmail.com>
|
||||||
|
---
|
||||||
|
apps/speed.c | 8 +++++---
|
||||||
|
1 file changed, 5 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/apps/speed.c b/apps/speed.c
|
||||||
|
index 2c3ec37d1239e..a6d239c8cda81 100644
|
||||||
|
--- a/apps/speed.c
|
||||||
|
+++ b/apps/speed.c
|
||||||
|
@@ -2281,9 +2281,11 @@ int speed_main(int argc, char **argv)
|
||||||
|
}
|
||||||
|
#endif /* OPENSSL_NO_DSA */
|
||||||
|
/* skipping these algs as tested elsewhere - and b/o setup is a pain */
|
||||||
|
- else if (strcmp(sig_name, "ED25519") &&
|
||||||
|
- strcmp(sig_name, "ED448") &&
|
||||||
|
- strcmp(sig_name, "ECDSA") &&
|
||||||
|
+ else if (strncmp(sig_name, "RSA", 3) &&
|
||||||
|
+ strncmp(sig_name, "DSA", 3) &&
|
||||||
|
+ strncmp(sig_name, "ED25519", 7) &&
|
||||||
|
+ strncmp(sig_name, "ED448", 5) &&
|
||||||
|
+ strncmp(sig_name, "ECDSA", 5) &&
|
||||||
|
strcmp(sig_name, "HMAC") &&
|
||||||
|
strcmp(sig_name, "SIPHASH") &&
|
||||||
|
strcmp(sig_name, "POLY1305") &&
|
||||||
|
|
||||||
|
From 30d98de47c63ca84df41ee57f9d230b2f56bf9ef Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Pavol=20=C5=BD=C3=A1=C4=8Dik?= <zacik.pa@gmail.com>
|
||||||
|
Date: Mon, 11 Aug 2025 12:19:59 +0200
|
||||||
|
Subject: [PATCH 2/2] apps/speed.c: Support more signature algorithms
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Some signature algorithms (e.g., ML-DSA-65) cannot be initialized
|
||||||
|
via EVP_PKEY_sign_init, so try also EVP_PKEY_sign_message_init
|
||||||
|
before reporting an error.
|
||||||
|
|
||||||
|
Fixes #27108.
|
||||||
|
|
||||||
|
Signed-off-by: Pavol Žáčik <zacik.pa@gmail.com>
|
||||||
|
---
|
||||||
|
apps/speed.c | 69 ++++++++++++++++++++++++++++++++++++++++------------
|
||||||
|
1 file changed, 53 insertions(+), 16 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/apps/speed.c b/apps/speed.c
|
||||||
|
index a6d239c8cda81..059183ddc77d3 100644
|
||||||
|
--- a/apps/speed.c
|
||||||
|
+++ b/apps/speed.c
|
||||||
|
@@ -4254,6 +4254,7 @@ int speed_main(int argc, char **argv)
|
||||||
|
EVP_PKEY_CTX *sig_gen_ctx = NULL;
|
||||||
|
EVP_PKEY_CTX *sig_sign_ctx = NULL;
|
||||||
|
EVP_PKEY_CTX *sig_verify_ctx = NULL;
|
||||||
|
+ EVP_SIGNATURE *alg = NULL;
|
||||||
|
unsigned char md[SHA256_DIGEST_LENGTH];
|
||||||
|
unsigned char *sig;
|
||||||
|
char sfx[MAX_ALGNAME_SUFFIX];
|
||||||
|
@@ -4314,21 +4315,48 @@ int speed_main(int argc, char **argv)
|
||||||
|
sig_name);
|
||||||
|
goto sig_err_break;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Try explicitly fetching the signature algoritm implementation to
|
||||||
|
+ * use in case the algorithm does not support EVP_PKEY_sign_init
|
||||||
|
+ */
|
||||||
|
+ ERR_set_mark();
|
||||||
|
+ alg = EVP_SIGNATURE_fetch(app_get0_libctx(), sig_name, app_get0_propq());
|
||||||
|
+ ERR_pop_to_mark();
|
||||||
|
+
|
||||||
|
/* Now prepare signature data structs */
|
||||||
|
sig_sign_ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(),
|
||||||
|
pkey,
|
||||||
|
app_get0_propq());
|
||||||
|
- if (sig_sign_ctx == NULL
|
||||||
|
- || EVP_PKEY_sign_init(sig_sign_ctx) <= 0
|
||||||
|
- || (use_params == 1
|
||||||
|
- && (EVP_PKEY_CTX_set_rsa_padding(sig_sign_ctx,
|
||||||
|
- RSA_PKCS1_PADDING) <= 0))
|
||||||
|
- || EVP_PKEY_sign(sig_sign_ctx, NULL, &max_sig_len,
|
||||||
|
- md, md_len) <= 0) {
|
||||||
|
- BIO_printf(bio_err,
|
||||||
|
- "Error while initializing signing data structs for %s.\n",
|
||||||
|
- sig_name);
|
||||||
|
- goto sig_err_break;
|
||||||
|
+ if (sig_sign_ctx == NULL) {
|
||||||
|
+ BIO_printf(bio_err,
|
||||||
|
+ "Error while initializing signing ctx for %s.\n",
|
||||||
|
+ sig_name);
|
||||||
|
+ goto sig_err_break;
|
||||||
|
+ }
|
||||||
|
+ ERR_set_mark();
|
||||||
|
+ if (EVP_PKEY_sign_init(sig_sign_ctx) <= 0
|
||||||
|
+ && (alg == NULL
|
||||||
|
+ || EVP_PKEY_sign_message_init(sig_sign_ctx, alg, NULL) <= 0)) {
|
||||||
|
+ ERR_clear_last_mark();
|
||||||
|
+ BIO_printf(bio_err,
|
||||||
|
+ "Error while initializing signing data structs for %s.\n",
|
||||||
|
+ sig_name);
|
||||||
|
+ goto sig_err_break;
|
||||||
|
+ }
|
||||||
|
+ ERR_pop_to_mark();
|
||||||
|
+ if (use_params == 1 &&
|
||||||
|
+ EVP_PKEY_CTX_set_rsa_padding(sig_sign_ctx, RSA_PKCS1_PADDING) <= 0) {
|
||||||
|
+ BIO_printf(bio_err,
|
||||||
|
+ "Error while initializing padding for %s.\n",
|
||||||
|
+ sig_name);
|
||||||
|
+ goto sig_err_break;
|
||||||
|
+ }
|
||||||
|
+ if (EVP_PKEY_sign(sig_sign_ctx, NULL, &max_sig_len, md, md_len) <= 0) {
|
||||||
|
+ BIO_printf(bio_err,
|
||||||
|
+ "Error while obtaining signature bufffer length for %s.\n",
|
||||||
|
+ sig_name);
|
||||||
|
+ goto sig_err_break;
|
||||||
|
}
|
||||||
|
sig = app_malloc(sig_len = max_sig_len, "signature buffer");
|
||||||
|
if (sig == NULL) {
|
||||||
|
@@ -4344,16 +4372,23 @@ int speed_main(int argc, char **argv)
|
||||||
|
sig_verify_ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(),
|
||||||
|
pkey,
|
||||||
|
app_get0_propq());
|
||||||
|
- if (sig_verify_ctx == NULL
|
||||||
|
- || EVP_PKEY_verify_init(sig_verify_ctx) <= 0
|
||||||
|
- || (use_params == 1
|
||||||
|
- && (EVP_PKEY_CTX_set_rsa_padding(sig_verify_ctx,
|
||||||
|
- RSA_PKCS1_PADDING) <= 0))) {
|
||||||
|
+ if (sig_verify_ctx == NULL) {
|
||||||
|
+ BIO_printf(bio_err,
|
||||||
|
+ "Error while initializing verify ctx for %s.\n",
|
||||||
|
+ sig_name);
|
||||||
|
+ goto sig_err_break;
|
||||||
|
+ }
|
||||||
|
+ ERR_set_mark();
|
||||||
|
+ if (EVP_PKEY_verify_init(sig_verify_ctx) <= 0
|
||||||
|
+ && (alg == NULL
|
||||||
|
+ || EVP_PKEY_verify_message_init(sig_verify_ctx, alg, NULL) <= 0)) {
|
||||||
|
+ ERR_clear_last_mark();
|
||||||
|
BIO_printf(bio_err,
|
||||||
|
"Error while initializing verify data structs for %s.\n",
|
||||||
|
sig_name);
|
||||||
|
goto sig_err_break;
|
||||||
|
}
|
||||||
|
+ ERR_pop_to_mark();
|
||||||
|
if (EVP_PKEY_verify(sig_verify_ctx, sig, sig_len, md, md_len) <= 0) {
|
||||||
|
BIO_printf(bio_err, "Verify error for %s.\n", sig_name);
|
||||||
|
goto sig_err_break;
|
||||||
|
@@ -4369,12 +4404,14 @@ int speed_main(int argc, char **argv)
|
||||||
|
loopargs[i].sig_act_sig_len[testnum] = sig_len;
|
||||||
|
loopargs[i].sig_sig[testnum] = sig;
|
||||||
|
EVP_PKEY_free(pkey);
|
||||||
|
+ EVP_SIGNATURE_free(alg);
|
||||||
|
pkey = NULL;
|
||||||
|
continue;
|
||||||
|
|
||||||
|
sig_err_break:
|
||||||
|
dofail();
|
||||||
|
EVP_PKEY_free(pkey);
|
||||||
|
+ EVP_SIGNATURE_free(alg);
|
||||||
|
op_count = 1;
|
||||||
|
sig_checks = 0;
|
||||||
|
break;
|
153
0057-Targets-to-skip-build-of-non-installable-programs.patch
Normal file
153
0057-Targets-to-skip-build-of-non-installable-programs.patch
Normal file
@ -0,0 +1,153 @@
|
|||||||
|
From b96746b02cff910f4cd3787fddc042f7e3fb4956 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Pavol=20=C5=BD=C3=A1=C4=8Dik?= <zacik.pa@gmail.com>
|
||||||
|
Date: Tue, 19 Aug 2025 14:26:07 +0200
|
||||||
|
Subject: [PATCH] Add targets to skip build of non-installable programs
|
||||||
|
|
||||||
|
These make it possible to split the build into two
|
||||||
|
parts, e.g., when tests should be built with different
|
||||||
|
compiler flags than installed software.
|
||||||
|
|
||||||
|
Also use these as dependecies where appropriate.
|
||||||
|
---
|
||||||
|
Configurations/descrip.mms.tmpl | 7 +++++--
|
||||||
|
Configurations/unix-Makefile.tmpl | 9 ++++++---
|
||||||
|
Configurations/windows-makefile.tmpl | 8 ++++++--
|
||||||
|
util/help.pl | 2 +-
|
||||||
|
4 files changed, 18 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
|
||||||
|
index db6a1b1799..bc7fc36b46 100644
|
||||||
|
--- a/Configurations/descrip.mms.tmpl
|
||||||
|
+++ b/Configurations/descrip.mms.tmpl
|
||||||
|
@@ -491,6 +491,8 @@ NODEBUG=@
|
||||||
|
{- dependmagic('build_libs'); -} : build_libs_nodep
|
||||||
|
{- dependmagic('build_modules'); -} : build_modules_nodep
|
||||||
|
{- dependmagic('build_programs'); -} : build_programs_nodep
|
||||||
|
+{- dependmagic('build_inst_sw'); -} : build_libs_nodep, build_modules_nodep, build_inst_programs_nodep
|
||||||
|
+{- dependmagic('build_inst_programs'); -} : build_inst_programs_nodep
|
||||||
|
|
||||||
|
build_generated_pods : $(GENERATED_PODS)
|
||||||
|
build_docs : build_html_docs
|
||||||
|
@@ -500,6 +502,7 @@ build_generated : $(GENERATED_MANDATORY)
|
||||||
|
build_libs_nodep : $(LIBS), $(SHLIBS)
|
||||||
|
build_modules_nodep : $(MODULES)
|
||||||
|
build_programs_nodep : $(PROGRAMS), $(SCRIPTS)
|
||||||
|
+build_inst_programs_nodep : $(INSTALL_PROGRAMS), $(SCRIPTS)
|
||||||
|
|
||||||
|
# Kept around for backward compatibility
|
||||||
|
build_apps build_tests : build_programs
|
||||||
|
@@ -606,7 +609,7 @@ install_docs : install_html_docs
|
||||||
|
uninstall_docs : uninstall_html_docs
|
||||||
|
|
||||||
|
{- output_off() if $disabled{fips}; "" -}
|
||||||
|
-install_fips : build_sw $(INSTALL_FIPSMODULECONF)
|
||||||
|
+install_fips : build_inst_sw $(INSTALL_FIPSMODULECONF)
|
||||||
|
@ WRITE SYS$OUTPUT "*** Installing FIPS module"
|
||||||
|
- CREATE/DIR ossl_installroot:[MODULES{- $target{pointer_size} -}.'arch']
|
||||||
|
- CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[000000]
|
||||||
|
@@ -687,7 +690,7 @@ install_runtime_libs : check_INSTALLTOP build_libs
|
||||||
|
@install_shlibs) -}
|
||||||
|
@ {- output_on() if $disabled{shared}; "" -} !
|
||||||
|
|
||||||
|
-install_programs : check_INSTALLTOP install_runtime_libs build_programs
|
||||||
|
+install_programs : check_INSTALLTOP install_runtime_libs build_inst_programs
|
||||||
|
@ {- output_off() if $disabled{apps}; "" -} !
|
||||||
|
@ ! Install the main program
|
||||||
|
- CREATE/DIR ossl_installroot:[EXE.'arch']
|
||||||
|
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
|
||||||
|
index 70ac47b73c..98c11f7a0f 100644
|
||||||
|
--- a/Configurations/unix-Makefile.tmpl
|
||||||
|
+++ b/Configurations/unix-Makefile.tmpl
|
||||||
|
@@ -531,7 +531,9 @@ LANG=C
|
||||||
|
{- dependmagic('build_sw', 'Build all the software (default target)'); -}: build_libs_nodep build_modules_nodep build_programs_nodep link-utils
|
||||||
|
{- dependmagic('build_libs', 'Build the libraries libssl and libcrypto'); -}: build_libs_nodep
|
||||||
|
{- dependmagic('build_modules', 'Build the modules (i.e. providers and engines)'); -}: build_modules_nodep
|
||||||
|
-{- dependmagic('build_programs', 'Build the openssl executables and scripts'); -}: build_programs_nodep
|
||||||
|
+{- dependmagic('build_programs', 'Build the openssl executables, scripts and all other programs as configured (e.g. tests or demos)'); -}: build_programs_nodep
|
||||||
|
+{- dependmagic('build_inst_sw', 'Build all the software to be installed'); -}: build_libs_nodep build_modules_nodep build_inst_programs_nodep link-utils
|
||||||
|
+{- dependmagic('build_inst_programs', 'Build only the installable openssl executables and scripts'); -}: build_inst_programs_nodep
|
||||||
|
|
||||||
|
all: build_sw {- "build_docs" if !$disabled{docs}; -} ## Build software and documentation
|
||||||
|
debuginfo: $(SHLIBS)
|
||||||
|
@@ -553,6 +555,7 @@ build_generated: $(GENERATED_MANDATORY)
|
||||||
|
build_libs_nodep: $(LIBS) {- join(" ",map { platform->sharedlib_simple($_) // platform->sharedlib_import($_) // platform->sharedlib($_) // () } @{$unified_info{libraries}}) -}
|
||||||
|
build_modules_nodep: $(MODULES)
|
||||||
|
build_programs_nodep: $(PROGRAMS) $(SCRIPTS)
|
||||||
|
+build_inst_programs_nodep: $(INSTALL_PROGRAMS) $(SCRIPTS)
|
||||||
|
|
||||||
|
# Kept around for backward compatibility
|
||||||
|
build_apps build_tests: build_programs
|
||||||
|
@@ -671,7 +674,7 @@ uninstall_docs: uninstall_man_docs uninstall_html_docs ## Uninstall manpages and
|
||||||
|
$(RM) -r "$(DESTDIR)$(DOCDIR)"
|
||||||
|
|
||||||
|
{- output_off() if $disabled{fips}; "" -}
|
||||||
|
-install_fips: build_sw $(INSTALL_FIPSMODULECONF)
|
||||||
|
+install_fips: build_inst_sw $(INSTALL_FIPSMODULECONF)
|
||||||
|
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
|
||||||
|
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MODULESDIR)"
|
||||||
|
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)"
|
||||||
|
@@ -956,7 +959,7 @@ install_runtime_libs: build_libs
|
||||||
|
: {- output_on() if windowsdll(); "" -}; \
|
||||||
|
done
|
||||||
|
|
||||||
|
-install_programs: install_runtime_libs build_programs
|
||||||
|
+install_programs: install_runtime_libs build_inst_programs
|
||||||
|
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
|
||||||
|
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(bindir)"
|
||||||
|
@$(ECHO) "*** Installing runtime programs"
|
||||||
|
diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
|
||||||
|
index 894834cfb7..b5872124de 100644
|
||||||
|
--- a/Configurations/windows-makefile.tmpl
|
||||||
|
+++ b/Configurations/windows-makefile.tmpl
|
||||||
|
@@ -418,6 +418,8 @@ PROCESSOR= {- $config{processor} -}
|
||||||
|
{- dependmagic('build_libs'); -}: build_libs_nodep
|
||||||
|
{- dependmagic('build_modules'); -}: build_modules_nodep
|
||||||
|
{- dependmagic('build_programs'); -}: build_programs_nodep
|
||||||
|
+{- dependmagic('build_inst_sw'); -}: build_libs_nodep build_modules_nodep build_inst_programs_nodep copy-utils
|
||||||
|
+{- dependmagic('build_inst_programs'); -}: build_inst_programs_nodep
|
||||||
|
|
||||||
|
build_docs: build_html_docs
|
||||||
|
build_html_docs: $(HTMLDOCS1) $(HTMLDOCS3) $(HTMLDOCS5) $(HTMLDOCS7)
|
||||||
|
@@ -430,6 +432,8 @@ build_modules_nodep: $(MODULES)
|
||||||
|
@
|
||||||
|
build_programs_nodep: $(PROGRAMS) $(SCRIPTS)
|
||||||
|
@
|
||||||
|
+build_inst_programs_nodep: $(INSTALL_PROGRAMS) $(SCRIPTS)
|
||||||
|
+ @
|
||||||
|
|
||||||
|
# Kept around for backward compatibility
|
||||||
|
build_apps build_tests: build_programs
|
||||||
|
@@ -507,7 +511,7 @@ install_docs: install_html_docs
|
||||||
|
uninstall_docs: uninstall_html_docs
|
||||||
|
|
||||||
|
{- output_off() if $disabled{fips}; "" -}
|
||||||
|
-install_fips: build_sw $(INSTALL_FIPSMODULECONF)
|
||||||
|
+install_fips: build_inst_sw $(INSTALL_FIPSMODULECONF)
|
||||||
|
# @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
|
||||||
|
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(MODULESDIR)"
|
||||||
|
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)"
|
||||||
|
@@ -607,7 +611,7 @@ install_runtime_libs: build_libs
|
||||||
|
"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBPDBS) \
|
||||||
|
"$(INSTALLTOP)\bin"
|
||||||
|
|
||||||
|
-install_programs: install_runtime_libs build_programs
|
||||||
|
+install_programs: install_runtime_libs build_inst_programs
|
||||||
|
@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
|
||||||
|
@$(ECHO) "*** Installing runtime programs"
|
||||||
|
@if not "$(INSTALL_PROGRAMS)"=="" \
|
||||||
|
diff --git a/util/help.pl b/util/help.pl
|
||||||
|
index a1614fe8a9..e88ff4bae1 100755
|
||||||
|
--- a/util/help.pl
|
||||||
|
+++ b/util/help.pl
|
||||||
|
@@ -14,7 +14,7 @@ while (<>) {
|
||||||
|
chomp; # strip record separator
|
||||||
|
@Fld = split($FS, $_, -1);
|
||||||
|
if (/^[a-zA-Z0-9_\-]+:.*?##/) {
|
||||||
|
- printf " \033[36m%-15s\033[0m %s\n", $Fld[0], $Fld[1]
|
||||||
|
+ printf " \033[36m%-19s\033[0m %s\n", $Fld[0], $Fld[1]
|
||||||
|
}
|
||||||
|
if (/^##@/) {
|
||||||
|
printf "\n\033[1m%s\033[0m\n", substr($Fld[$_], (5)-1);
|
||||||
|
--
|
||||||
|
2.50.1
|
||||||
|
|
19
openssl.spec
19
openssl.spec
@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
|
|||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 3.5.1
|
Version: 3.5.1
|
||||||
Release: 3%{?dist}.alma.1
|
Release: 4%{?dist}.alma.1
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Source0: openssl-%{version}.tar.gz
|
Source0: openssl-%{version}.tar.gz
|
||||||
Source1: fips-hmacify.sh
|
Source1: fips-hmacify.sh
|
||||||
@ -97,6 +97,8 @@ Patch0053: 0053-Allow-hybrid-MLKEM-in-FIPS-mode.patch
|
|||||||
%endif
|
%endif
|
||||||
Patch0054: 0054-Temporarily-disable-SLH-DSA-FIPS-self-tests.patch
|
Patch0054: 0054-Temporarily-disable-SLH-DSA-FIPS-self-tests.patch
|
||||||
Patch0055: 0055-Add-a-define-to-disable-symver-attributes.patch
|
Patch0055: 0055-Add-a-define-to-disable-symver-attributes.patch
|
||||||
|
Patch0056: 0056-Speed-test-signatures-without-errors.patch
|
||||||
|
Patch0057: 0057-Targets-to-skip-build-of-non-installable-programs.patch
|
||||||
|
|
||||||
License: Apache-2.0
|
License: Apache-2.0
|
||||||
URL: http://www.openssl.org/
|
URL: http://www.openssl.org/
|
||||||
@ -267,7 +269,7 @@ export HASHBANGPERL=/usr/bin/perl
|
|||||||
# Do not run this in a production package the FIPS symbols must be patched-in
|
# Do not run this in a production package the FIPS symbols must be patched-in
|
||||||
#util/mkdef.pl crypto update
|
#util/mkdef.pl crypto update
|
||||||
|
|
||||||
make -s %{?_smp_mflags} all
|
make -s %{?_smp_mflags} build_inst_sw
|
||||||
|
|
||||||
# Clean up the .pc files
|
# Clean up the .pc files
|
||||||
for i in libcrypto.pc libssl.pc openssl.pc ; do
|
for i in libcrypto.pc libssl.pc openssl.pc ; do
|
||||||
@ -291,7 +293,10 @@ export OPENSSL_ENABLE_SHA1_SIGNATURES
|
|||||||
OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
|
OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
|
||||||
export OPENSSL_SYSTEM_CIPHERS_OVERRIDE
|
export OPENSSL_SYSTEM_CIPHERS_OVERRIDE
|
||||||
%{SOURCE1} providers/fips.so
|
%{SOURCE1} providers/fips.so
|
||||||
#run tests itself
|
|
||||||
|
# Disable LTO, build tests, and run them
|
||||||
|
%define _lto_cflags %{nil}
|
||||||
|
make -s %{?_smp_mflags} build_programs
|
||||||
make test HARNESS_JOBS=8
|
make test HARNESS_JOBS=8
|
||||||
|
|
||||||
# Add generation of HMAC checksum of the final stripped library
|
# Add generation of HMAC checksum of the final stripped library
|
||||||
@ -456,9 +461,15 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h
|
|||||||
%ldconfig_scriptlets libs
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Jul 29 2025 Eduard Abdullin <eabdullin@almalinux.org> - 1:3.5.1-3.alma.1
|
* Tue Sep 02 2025 Eduard Abdullin <eabdullin@almalinux.org> - 1:3.5.1-4.alma.1
|
||||||
- Redefine sslarch for x86_64_v2 arch
|
- Redefine sslarch for x86_64_v2 arch
|
||||||
|
|
||||||
|
* Thu Aug 28 2025 Pavol Žáčik <pzacik@redhat.com> - 1:3.5.1-4
|
||||||
|
- Make openssl speed test signatures without errors
|
||||||
|
Resolves: RHEL-95182
|
||||||
|
- Build tests in check and without LTO
|
||||||
|
Resolves: RHEL-111634
|
||||||
|
|
||||||
* Thu Jul 24 2025 Simo Sorce <simo@redhat.com> - 1:3.5.1-3
|
* Thu Jul 24 2025 Simo Sorce <simo@redhat.com> - 1:3.5.1-3
|
||||||
- Add custom define to disable symbol versioning in downstream patched code
|
- Add custom define to disable symbol versioning in downstream patched code
|
||||||
Also add stricter Suggests for openssl-fips-provider
|
Also add stricter Suggests for openssl-fips-provider
|
||||||
|
Loading…
Reference in New Issue
Block a user