rpms/openssl
8
1
Fork 1
Code Issues Pull Requests Releases Activity

Rebase to upstream version beta2

Browse Source 
Related: rhbz#1903209

Signed-off-by: Sahana Prasad <sahana@redhat.com>
This commit is contained in:
Sahana Prasad 2021-08-03 15:03:00 +02:00
parent 0b6afca185
commit fe7445d93d
7 changed files with 246 additions and 353 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
View File

@ -280,9 +280,9 @@ index 404a706fab..e81fa9ec3e 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION:
ASN1_item_d2i_bio_ex ? 3_0_0 EXIST::FUNCTION:
ASN1_item_d2i_ex ? 3_0_0 EXIST::FUNCTION:
ASN1_TIME_print_ex ? 3_0_0 EXIST::FUNCTION:
ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
+ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
--
2.26.2

12
0017-use-AI-ADDRCONFIG-explicit-hostname.patch
View File

@ -1,12 +0,0 @@
diff -up openssl-3.0.0-alpha16/crypto/bio/bio_addr.c.use-explicit openssl-3.0.0-alpha16/crypto/bio/bio_addr.c
--- openssl-3.0.0-alpha16/crypto/bio/bio_addr.c.use-explicit 2021-07-06 14:06:05.706578389 +0200
+++ openssl-3.0.0-alpha16/crypto/bio/bio_addr.c 2021-07-06 14:07:24.482329505 +0200
@@ -696,7 +696,7 @@ int BIO_lookup_ex(const char *host, cons
hints.ai_protocol = protocol;
# ifdef AI_ADDRCONFIG
# ifdef AF_UNSPEC
- if (family == AF_UNSPEC)
+ if (host != NULL && family == AF_UNSPEC)
# endif
hints.ai_flags |= AI_ADDRCONFIG;
# endif

12
0018-Fix-crash-BN_lebin2bn.patch
View File

@ -1,12 +0,0 @@
diff -up openssl-3.0.0-alpha16/apps/x509.c.segfault-bn openssl-3.0.0-alpha16/apps/x509.c
--- openssl-3.0.0-alpha16/apps/x509.c.segfault-bn 2021-07-06 22:12:37.021406952 +0200
+++ openssl-3.0.0-alpha16/apps/x509.c 2021-07-06 22:13:40.540996922 +0200
@@ -934,7 +934,7 @@ int x509_main(int argc, char **argv)
} else if (i == modulus) {
BIO_printf(out, "Modulus=");
if (EVP_PKEY_is_a(pkey, "RSA")) {
- BIGNUM *n;
+ BIGNUM *n = NULL;
/* Every RSA key has an 'n' */
EVP_PKEY_get_bn_param(pkey, "n", &n);

478
0019-dual-abi.patch
View File

@ -251,231 +251,6 @@ diff -up openssl-3.0.0-beta1/crypto/evp/asymcipher.c.dual-abi openssl-3.0.0-beta
void EVP_ASYM_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx,
void (*fn)(EVP_ASYM_CIPHER *cipher,
diff -up openssl-3.0.0-beta1/crypto/evp/evp_lib.c.dual-abi openssl-3.0.0-beta1/crypto/evp/evp_lib.c
--- openssl-3.0.0-beta1/crypto/evp/evp_lib.c.dual-abi 2021-07-13 01:10:08.970210463 +0200
+++ openssl-3.0.0-beta1/crypto/evp/evp_lib.c 2021-07-13 01:10:20.596324598 +0200
@@ -31,6 +31,21 @@
#include "crypto/asn1.h"
#include "internal/provider.h"
#include "evp_local.h"
+/* Macro machinery. */
+
+/* Defines OLD_STRING (a C string) as an alias for NEW_ID (a C
+ * identifier). The controlling C identifier symbol is ALIAS_ID (a C
+ * identifier). */
+#define RHEL_ALIAS3(alias_id, new_id, old_string) \
+ extern __typeof(new_id) alias_id \
+ __asm__ (old_string) \
+ __attribute__ ((__copy__ (new_id), __alias__ (#new_id)))
+
+/* Defines an alias using OLD_ID, which must be an macro identifier
+ * that expands to the new identifier. */
+#define RHEL_ALIAS1(old_id) \
+ RHEL_ALIAS3(RHEL_ALIAS_##old_id, old_id, #old_id)
+
#if !defined(FIPS_MODULE)
@@ -337,6 +352,7 @@ int EVP_CIPHER_get_type(const EVP_CIPHER
#endif
}
}
+RHEL_ALIAS1(EVP_CIPHER_type);
int evp_cipher_cache_constants(EVP_CIPHER *cipher)
{
@@ -389,11 +405,13 @@ int EVP_CIPHER_get_block_size(const EVP_
{
return cipher->block_size;
}
+RHEL_ALIAS1(EVP_CIPHER_block_size);
int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx)
{
return EVP_CIPHER_get_block_size(ctx->cipher);
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_block_size);
int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e)
{
@@ -466,11 +484,13 @@ int EVP_CIPHER_CTX_is_encrypting(const E
{
return ctx->encrypt;
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_encrypting);
unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *cipher)
{
return cipher->flags;
}
+RHEL_ALIAS1(EVP_CIPHER_flags);
void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
{
@@ -501,6 +521,7 @@ int EVP_CIPHER_get_iv_length(const EVP_C
{
return cipher->iv_len;
}
+RHEL_ALIAS1(EVP_CIPHER_iv_length);
int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx)
{
@@ -522,6 +543,7 @@ legacy:
}
return len;
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_iv_length);
int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx)
{
@@ -533,6 +555,7 @@ int EVP_CIPHER_CTX_get_tag_length(const
ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
return ret == 1 ? (int)v : 0;
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_tag_length);
#ifndef OPENSSL_NO_DEPRECATED_3_0
const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx)
@@ -615,6 +638,7 @@ int EVP_CIPHER_CTX_get_num(const EVP_CIP
return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_num);
int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num)
{
@@ -634,6 +658,7 @@ int EVP_CIPHER_get_key_length(const EVP_
{
return cipher->key_len;
}
+RHEL_ALIAS1(EVP_CIPHER_key_length);
int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx)
{
@@ -646,16 +671,19 @@ int EVP_CIPHER_CTX_get_key_length(const
return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_key_length);
int EVP_CIPHER_get_nid(const EVP_CIPHER *cipher)
{
return cipher->nid;
}
+RHEL_ALIAS1(EVP_CIPHER_nid);
int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx)
{
return ctx->cipher->nid;
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_nid);
int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name)
{
@@ -679,6 +707,7 @@ const char *EVP_CIPHER_get0_name(const E
return NULL;
#endif
}
+RHEL_ALIAS1(EVP_CIPHER_name);
const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher)
{
@@ -690,6 +719,7 @@ const char *EVP_CIPHER_get0_description(
return NULL;
#endif
}
+RHEL_ALIAS1(EVP_CIPHER_description);
int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher,
void (*fn)(const char *name, void *data),
@@ -705,11 +735,13 @@ const OSSL_PROVIDER *EVP_CIPHER_get0_pro
{
return cipher->prov;
}
+RHEL_ALIAS1(EVP_CIPHER_provider);
int EVP_CIPHER_get_mode(const EVP_CIPHER *cipher)
{
return EVP_CIPHER_get_flags(cipher) & EVP_CIPH_MODE;
}
+RHEL_ALIAS1(EVP_CIPHER_mode);
int EVP_MD_is_a(const EVP_MD *md, const char *name)
{
@@ -733,6 +765,7 @@ const char *EVP_MD_get0_description(cons
return NULL;
#endif
}
+RHEL_ALIAS1(EVP_MD_description);
const char *EVP_MD_get0_name(const EVP_MD *md)
{
@@ -746,6 +779,7 @@ const char *EVP_MD_get0_name(const EVP_M
return NULL;
#endif
}
+RHEL_ALIAS1(EVP_MD_name);
int EVP_MD_names_do_all(const EVP_MD *md,
void (*fn)(const char *name, void *data),
@@ -761,16 +795,19 @@ const OSSL_PROVIDER *EVP_MD_get0_provide
{
return md->prov;
}
+RHEL_ALIAS1(EVP_MD_provider);
int EVP_MD_get_type(const EVP_MD *md)
{
return md->type;
}
+RHEL_ALIAS1(EVP_MD_type);
int EVP_MD_get_pkey_type(const EVP_MD *md)
{
return md->pkey_type;
}
+RHEL_ALIAS1(EVP_MD_pkey_type);
int EVP_MD_get_block_size(const EVP_MD *md)
{
@@ -780,6 +817,7 @@ int EVP_MD_get_block_size(const EVP_MD *
}
return md->block_size;
}
+RHEL_ALIAS1(EVP_MD_block_size);
int EVP_MD_get_size(const EVP_MD *md)
{
@@ -789,11 +827,13 @@ int EVP_MD_get_size(const EVP_MD *md)
}
return md->md_size;
}
+RHEL_ALIAS1(EVP_MD_size);
unsigned long EVP_MD_get_flags(const EVP_MD *md)
{
return md->flags;
}
+RHEL_ALIAS1(EVP_MD_flags);
EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type)
{
@@ -1007,6 +1047,7 @@ EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(co
{
return ctx->pctx;
}
+RHEL_ALIAS1(EVP_MD_CTX_pkey_ctx);
#if !defined(FIPS_MODULE)
void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx)
@@ -1033,6 +1074,7 @@ void *EVP_MD_CTX_get0_md_data(const EVP_
{
return ctx->md_data;
}
+RHEL_ALIAS1(EVP_MD_CTX_md_data);
int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
const void *data, size_t count)
diff -up openssl-3.0.0-beta1/crypto/evp/evp_rand.c.dual-abi openssl-3.0.0-beta1/crypto/evp/evp_rand.c
--- openssl-3.0.0-beta1/crypto/evp/evp_rand.c.dual-abi 2021-07-13 00:54:33.231325700 +0200
+++ openssl-3.0.0-beta1/crypto/evp/evp_rand.c 2021-07-13 00:57:22.596922955 +0200
@ -975,8 +750,8 @@ diff -up openssl-3.0.0-beta1/util/libcrypto.num.dual-abi openssl-3.0.0-beta1/uti
--- openssl-3.0.0-beta1/util/libcrypto.num.dual-abi 2021-07-13 23:38:25.166562563 +0200
+++ openssl-3.0.0-beta1/util/libcrypto.num 2021-07-13 23:40:38.622939932 +0200
@@ -5414,3 +5414,76 @@ ASN1_item_d2i_bio_ex
ASN1_item_d2i_ex ? 3_0_0 EXIST::FUNCTION:
ASN1_TIME_print_ex ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
+EVP_ASYM_CIPHER_description ? 3_0_0 EXIST::FUNCTION:
+EVP_ASYM_CIPHER_name ? 3_0_0 EXIST::FUNCTION:
@ -1055,8 +830,8 @@ diff -up openssl-3.0.0-beta1/crypto/provider.c.dual-abi openssl-3.0.0-beta1/cryp
--- openssl-3.0.0-beta1/crypto/provider.c.dual-abi 2021-07-14 00:37:49.301207962 +0200
+++ openssl-3.0.0-beta1/crypto/provider.c 2021-07-14 00:39:34.796200433 +0200
@@ -13,6 +13,21 @@
#include <openssl/core_names.h>
#include "internal/provider.h"
#include "provider_local.h"
+/* Macro machinery. */
+
@ -1125,20 +900,6 @@ diff -up openssl-3.0.0-beta1/crypto/evp/asymcipher.c.dual-abi openssl-3.0.0-beta
static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation,
const OSSL_PARAM params[])
{
diff -up openssl-3.0.0-beta1/crypto/evp/evp_lib.c.dual-abi openssl-3.0.0-beta1/crypto/evp/evp_lib.c
--- openssl-3.0.0-beta1/crypto/evp/evp_lib.c.dual-abi 2021-07-17 22:24:40.140969959 +0200
+++ openssl-3.0.0-beta1/crypto/evp/evp_lib.c 2021-07-17 22:25:50.977834241 +0200
@@ -43,6 +43,10 @@
#define RHEL_ALIAS1(old_id) \
RHEL_ALIAS3(RHEL_ALIAS_##old_id, old_id, #old_id)
+#define EVP_MD_description EVP_MD_get0_description
+#define EVP_MD_provider EVP_MD_get0_provider
+#define EVP_CIPHER_description EVP_CIPHER_get0_description
+#define EVP_CIPHER_provider EVP_CIPHER_get0_provider
#if !defined(FIPS_MODULE)
diff -up openssl-3.0.0-beta1/crypto/evp/evp_rand.c.dual-abi openssl-3.0.0-beta1/crypto/evp/evp_rand.c
--- openssl-3.0.0-beta1/crypto/evp/evp_rand.c.dual-abi 2021-07-17 22:29:25.742454581 +0200
+++ openssl-3.0.0-beta1/crypto/evp/evp_rand.c 2021-07-17 22:33:36.158699400 +0200
@ -1289,3 +1050,236 @@ diff -up openssl-3.0.0-beta1/crypto/evp/p_lib.c.dual-abi openssl-3.0.0-beta1/cry
static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str,
int len, EVP_KEYMGMT *keymgmt);
static void evp_pkey_free_it(EVP_PKEY *key);
diff -up openssl-3.0.0-beta2/crypto/evp/evp_lib.c.dual-abi openssl-3.0.0-beta2/crypto/evp/evp_lib.c
--- openssl-3.0.0-beta2/crypto/evp/evp_lib.c.dual-abi 2021-08-03 12:50:08.359814508 +0200
+++ openssl-3.0.0-beta2/crypto/evp/evp_lib.c 2021-08-03 12:55:14.025810602 +0200
@@ -28,6 +28,26 @@
#include "internal/provider.h"
#include "evp_local.h"
+/* Macro machinery. */
+
+/* Defines OLD_STRING (a C string) as an alias for NEW_ID (a C
+ * identifier). The controlling C identifier symbol is ALIAS_ID (a C
+ * identifier). */
+#define RHEL_ALIAS3(alias_id, new_id, old_string) \
+ extern __typeof(new_id) alias_id \
+ __asm__ (old_string) \
+ __attribute__ ((__copy__ (new_id), __alias__ (#new_id)))
+
+/* Defines an alias using OLD_ID, which must be an macro identifier
+ * that expands to the new identifier. */
+#define RHEL_ALIAS1(old_id) \
+ RHEL_ALIAS3(RHEL_ALIAS_##old_id, old_id, #old_id)
+
+#define EVP_MD_description EVP_MD_get0_description
+#define EVP_MD_provider EVP_MD_get0_provider
+#define EVP_CIPHER_description EVP_CIPHER_get0_description
+#define EVP_CIPHER_provider EVP_CIPHER_get0_provider
+
#if !defined(FIPS_MODULE)
# include "crypto/asn1.h"
diff -up openssl-3.0.0-beta2/crypto/evp/evp_lib.c.dual-abi openssl-3.0.0-beta2/crypto/evp/evp_lib.c
--- openssl-3.0.0-beta2/crypto/evp/evp_lib.c.dual-abi 2021-08-03 13:11:46.436671855 +0200
+++ openssl-3.0.0-beta2/crypto/evp/evp_lib.c 2021-08-03 13:31:36.873461438 +0200
@@ -337,6 +337,7 @@ int EVP_CIPHER_get_type(const EVP_CIPHER
#endif
}
}
+RHEL_ALIAS1(EVP_CIPHER_type);
int evp_cipher_cache_constants(EVP_CIPHER *cipher)
{
@@ -389,11 +390,13 @@ int EVP_CIPHER_get_block_size(const EVP_
{
return cipher->block_size;
}
+RHEL_ALIAS1(EVP_CIPHER_block_size);
int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx)
{
return EVP_CIPHER_get_block_size(ctx->cipher);
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_block_size);
int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e)
{
@@ -466,11 +469,13 @@ int EVP_CIPHER_CTX_is_encrypting(const E
{
return ctx->encrypt;
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_encrypting);
unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *cipher)
{
return cipher->flags;
}
+RHEL_ALIAS1(EVP_CIPHER_flags);
void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
{
@@ -501,6 +506,7 @@ int EVP_CIPHER_get_iv_length(const EVP_C
{
return cipher->iv_len;
}
+RHEL_ALIAS1(EVP_CIPHER_iv_length);
int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx)
{
@@ -522,6 +543,7 @@ legacy:
}
return len;
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_iv_length);
int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx)
{
@@ -533,6 +539,7 @@ int EVP_CIPHER_CTX_get_tag_length(const
ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
return ret == 1 ? (int)v : 0;
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_tag_length);
#ifndef OPENSSL_NO_DEPRECATED_3_0
const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx)
@@ -615,6 +622,7 @@ int EVP_CIPHER_CTX_get_num(const EVP_CIP
return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_num);
int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num)
{
@@ -634,6 +642,7 @@ int EVP_CIPHER_get_key_length(const EVP_
{
return cipher->key_len;
}
+RHEL_ALIAS1(EVP_CIPHER_key_length);
int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx)
{
@@ -646,16 +655,19 @@ int EVP_CIPHER_CTX_get_key_length(const
return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_key_length);
int EVP_CIPHER_get_nid(const EVP_CIPHER *cipher)
{
return cipher->nid;
}
+RHEL_ALIAS1(EVP_CIPHER_nid);
int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx)
{
return ctx->cipher->nid;
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_nid);
int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name)
{
@@ -679,6 +691,7 @@ const char *EVP_CIPHER_get0_name(const E
return NULL;
#endif
}
+RHEL_ALIAS1(EVP_CIPHER_name);
const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher)
{
@@ -690,6 +703,7 @@ const char *EVP_CIPHER_get0_description(
return NULL;
#endif
}
+RHEL_ALIAS1(EVP_CIPHER_description);
int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher,
void (*fn)(const char *name, void *data),
@@ -705,11 +719,13 @@ const OSSL_PROVIDER *EVP_CIPHER_get0_pro
{
return cipher->prov;
}
+RHEL_ALIAS1(EVP_CIPHER_provider);
int EVP_CIPHER_get_mode(const EVP_CIPHER *cipher)
{
return EVP_CIPHER_get_flags(cipher) & EVP_CIPH_MODE;
}
+RHEL_ALIAS1(EVP_CIPHER_mode);
int EVP_MD_is_a(const EVP_MD *md, const char *name)
{
@@ -733,6 +749,7 @@ const char *EVP_MD_get0_description(cons
return NULL;
#endif
}
+RHEL_ALIAS1(EVP_MD_description);
const char *EVP_MD_get0_name(const EVP_MD *md)
{
@@ -746,6 +763,7 @@ const char *EVP_MD_get0_name(const EVP_M
return NULL;
#endif
}
+RHEL_ALIAS1(EVP_MD_name);
int EVP_MD_names_do_all(const EVP_MD *md,
void (*fn)(const char *name, void *data),
@@ -761,16 +779,19 @@ const OSSL_PROVIDER *EVP_MD_get0_provide
{
return md->prov;
}
+RHEL_ALIAS1(EVP_MD_provider);
int EVP_MD_get_type(const EVP_MD *md)
{
return md->type;
}
+RHEL_ALIAS1(EVP_MD_type);
int EVP_MD_get_pkey_type(const EVP_MD *md)
{
return md->pkey_type;
}
+RHEL_ALIAS1(EVP_MD_pkey_type);
int EVP_MD_get_block_size(const EVP_MD *md)
{
@@ -780,6 +801,7 @@ int EVP_MD_get_block_size(const EVP_MD *
}
return md->block_size;
}
+RHEL_ALIAS1(EVP_MD_block_size);
int EVP_MD_get_size(const EVP_MD *md)
{
@@ -789,11 +811,13 @@ int EVP_MD_get_size(const EVP_MD *md)
}
return md->md_size;
}
+RHEL_ALIAS1(EVP_MD_size);
unsigned long EVP_MD_get_flags(const EVP_MD *md)
{
return md->flags;
}
+RHEL_ALIAS1(EVP_MD_flags);
EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type)
{
@@ -1008,6 +1032,7 @@ EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(co
{
return ctx->pctx;
}
+RHEL_ALIAS1(EVP_MD_CTX_pkey_ctx);
#if !defined(FIPS_MODULE)
void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx)
@@ -1034,6 +1059,7 @@ void *EVP_MD_CTX_get0_md_data(const EVP_
{
return ctx->md_data;
}
+RHEL_ALIAS1(EVP_MD_CTX_md_data);
int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
const void *data, size_t count)

75
0020-no-dup-cert-entries.patch
View File

@ -1,75 +0,0 @@
diff -up openssl-3.0.0-beta1/apps/pkcs12.c.dup-pkcs12 openssl-3.0.0-beta1/apps/pkcs12.c
--- openssl-3.0.0-beta1/apps/pkcs12.c.dup-pkcs12 2021-07-22 14:59:14.777544688 +0200
+++ openssl-3.0.0-beta1/apps/pkcs12.c 2021-07-22 15:06:04.768908265 +0200
@@ -571,8 +571,6 @@ int pkcs12_main(int argc, char **argv)
infile);
goto export_end;
}
- } else {
- ee_cert = X509_dup(sk_X509_value(certs, 0)); /* take 1st cert */
}
}
@@ -588,8 +586,13 @@ int pkcs12_main(int argc, char **argv)
int vret;
STACK_OF(X509) *chain2;
X509_STORE *store;
+ X509 *ee_cert_tmp = ee_cert;
- if (ee_cert == NULL) {
+ /* Assume the first cert if we haven't got anything else */
+ if (ee_cert_tmp == NULL && certs != NULL)
+ ee_cert_tmp = sk_X509_value(certs, 0);
+
+ if (ee_cert_tmp == NULL) {
BIO_printf(bio_err,
"No end entity certificate to check with -chain\n");
goto export_end;
@@ -600,7 +603,7 @@ int pkcs12_main(int argc, char **argv)
== NULL)
goto export_end;
- vret = get_cert_chain(ee_cert, store, untrusted_certs, &chain2);
+ vret = get_cert_chain(ee_cert_tmp, store, untrusted_certs, &chain2);
X509_STORE_free(store);
if (vret == X509_V_OK) {
diff -up openssl-3.0.0-beta1/test/recipes/80-test_pkcs12.t.dup-pkcs12 openssl-3.0.0-beta1/test/recipes/80-test_pkcs12.t
--- openssl-3.0.0-beta1/test/recipes/80-test_pkcs12.t.dup-pkcs12 2021-07-22 15:06:22.715077291 +0200
+++ openssl-3.0.0-beta1/test/recipes/80-test_pkcs12.t 2021-07-22 15:17:52.250559784 +0200
@@ -54,7 +54,7 @@ if (eval { require Win32::API; 1; }) {
}
$ENV{OPENSSL_WIN32_UTF8}=1;
-plan tests => 7;
+plan tests => 10;
# Test different PKCS#12 formats
ok(run(test(["pkcs12_format_test"])), "test pkcs12 formats");
@@ -73,6 +73,7 @@ my @path = qw(test certs);
my $outfile1 = "out1.p12";
my $outfile2 = "out2.p12";
my $outfile3 = "out3.p12";
+my $outfile5 = "out5.p12";
# Test the -chain option with -untrusted
ok(run(app(["openssl", "pkcs12", "-export", "-chain",
@@ -108,4 +109,18 @@ SKIP: {
"test_pkcs12_passcerts_legacy");
}
+ok(run(app(["openssl", "pkcs12", "-export", "-out", $outfile5,
+ "-in", srctop_file(@path, "ee-cert.pem"), "-caname", "testname",
+ "-nokeys", "-passout", "pass:", "-certpbe", "NONE"])),
+ "test nokeys single cert");
+
+my @pkcs12info = run(app(["openssl", "pkcs12", "-info", "-in", $outfile5,
+ "-passin", "pass:"]), capture => 1);
+
+# Test that with one input certificate, we get one output certificate
+ok(grep(/subject=CN = server.example/, @pkcs12info) == 1,
+ "test one cert in output");
+# Test that the expected friendly name is present in the output
+ok(grep(/testname/, @pkcs12info) == 1, "test friendly name in output");
+
SetConsoleOutputCP($savedcp) if (defined($savedcp));

14
openssl.spec
View File

@ -15,7 +15,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 3.0.0
Release: 0.beta1.5%{?dist}
Release: 0.beta2.1%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@ -52,14 +52,8 @@ Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch
#Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch
# remove unsupported EC curves
Patch11: 0011-Remove-EC-curves.patch
# Use AI_ADDRCONFIG only when explicit host name is given
Patch17: 0017-use-AI-ADDRCONFIG-explicit-hostname.patch
# Fix segmentation fault in BN_lebin2bn()
Patch18: 0018-Fix-crash-BN_lebin2bn.patch
# Temporary dual-ABI build patch
Patch19: 0019-dual-abi.patch
# Prevents creation of duplicate cert entries in PKCS #12 files
Patch20: 0020-no-dup-cert-entries.patch
License: ASL 2.0
URL: http://www.openssl.org/
@ -115,7 +109,7 @@ package provides Perl scripts for converting certificates and keys
from other formats to the formats used by the OpenSSL toolkit.
%prep
%autosetup -S git -n %{name}-%{version}-beta1
%autosetup -S git -n %{name}-%{version}-beta2
# The hobble_openssl is called here redundantly, just to be sure.
# The tarball has already the sources removed.
@ -382,6 +376,10 @@ install -m644 %{SOURCE9} \
%ldconfig_scriptlets libs
%changelog
* Tue Aug 03 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta2.1
- Rebase to upstream version beta2
- Related: rhbz#1903209
* Thu Jul 22 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta1.5
- Prevents creation of duplicate cert entries in PKCS #12 files
- Resolves: rhbz#1978670

2
sources
View File

@ -1 +1 @@
SHA512 (openssl-3.0.0-hobbled.tar.xz) = 05f3e01621be98e776061a86b8fec68bdafeac720c8f968b1c4fafc5f328839701d2ffd67d6bd695c3dbf67e3efb03b3c856ed046d751359bc89b867205b7fe9
SHA512 (openssl-3.0.0-hobbled.tar.xz) = 096758a79680921d2b18929177d2ee43b7fb62fa30164a16ab1749b8349aac5e6e3d0761419b6c9f0a591c8991c133d142e56ab92f197d142649b58e66d876f7