diff --git a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch index 08c7125..9ad572d 100644 --- a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +++ b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch @@ -280,9 +280,9 @@ index 404a706fab..e81fa9ec3e 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION: - ASN1_item_d2i_bio_ex ? 3_0_0 EXIST::FUNCTION: - ASN1_item_d2i_ex ? 3_0_0 EXIST::FUNCTION: - ASN1_TIME_print_ex ? 3_0_0 EXIST::FUNCTION: + ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION: + EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION: + EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: +ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: -- 2.26.2 diff --git a/0017-use-AI-ADDRCONFIG-explicit-hostname.patch b/0017-use-AI-ADDRCONFIG-explicit-hostname.patch deleted file mode 100644 index f4152ce..0000000 --- a/0017-use-AI-ADDRCONFIG-explicit-hostname.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up openssl-3.0.0-alpha16/crypto/bio/bio_addr.c.use-explicit openssl-3.0.0-alpha16/crypto/bio/bio_addr.c ---- openssl-3.0.0-alpha16/crypto/bio/bio_addr.c.use-explicit 2021-07-06 14:06:05.706578389 +0200 -+++ openssl-3.0.0-alpha16/crypto/bio/bio_addr.c 2021-07-06 14:07:24.482329505 +0200 -@@ -696,7 +696,7 @@ int BIO_lookup_ex(const char *host, cons - hints.ai_protocol = protocol; - # ifdef AI_ADDRCONFIG - # ifdef AF_UNSPEC -- if (family == AF_UNSPEC) -+ if (host != NULL && family == AF_UNSPEC) - # endif - hints.ai_flags |= AI_ADDRCONFIG; - # endif diff --git a/0018-Fix-crash-BN_lebin2bn.patch b/0018-Fix-crash-BN_lebin2bn.patch deleted file mode 100644 index 375c960..0000000 --- a/0018-Fix-crash-BN_lebin2bn.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up openssl-3.0.0-alpha16/apps/x509.c.segfault-bn openssl-3.0.0-alpha16/apps/x509.c ---- openssl-3.0.0-alpha16/apps/x509.c.segfault-bn 2021-07-06 22:12:37.021406952 +0200 -+++ openssl-3.0.0-alpha16/apps/x509.c 2021-07-06 22:13:40.540996922 +0200 -@@ -934,7 +934,7 @@ int x509_main(int argc, char **argv) - } else if (i == modulus) { - BIO_printf(out, "Modulus="); - if (EVP_PKEY_is_a(pkey, "RSA")) { -- BIGNUM *n; -+ BIGNUM *n = NULL; - - /* Every RSA key has an 'n' */ - EVP_PKEY_get_bn_param(pkey, "n", &n); diff --git a/0019-dual-abi.patch b/0019-dual-abi.patch index 9c9f41f..84a41e5 100644 --- a/0019-dual-abi.patch +++ b/0019-dual-abi.patch @@ -251,231 +251,6 @@ diff -up openssl-3.0.0-beta1/crypto/evp/asymcipher.c.dual-abi openssl-3.0.0-beta void EVP_ASYM_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_ASYM_CIPHER *cipher, -diff -up openssl-3.0.0-beta1/crypto/evp/evp_lib.c.dual-abi openssl-3.0.0-beta1/crypto/evp/evp_lib.c ---- openssl-3.0.0-beta1/crypto/evp/evp_lib.c.dual-abi 2021-07-13 01:10:08.970210463 +0200 -+++ openssl-3.0.0-beta1/crypto/evp/evp_lib.c 2021-07-13 01:10:20.596324598 +0200 -@@ -31,6 +31,21 @@ - #include "crypto/asn1.h" - #include "internal/provider.h" - #include "evp_local.h" -+/* Macro machinery. */ -+ -+/* Defines OLD_STRING (a C string) as an alias for NEW_ID (a C -+ * identifier). The controlling C identifier symbol is ALIAS_ID (a C -+ * identifier). */ -+#define RHEL_ALIAS3(alias_id, new_id, old_string) \ -+ extern __typeof(new_id) alias_id \ -+ __asm__ (old_string) \ -+ __attribute__ ((__copy__ (new_id), __alias__ (#new_id))) -+ -+/* Defines an alias using OLD_ID, which must be an macro identifier -+ * that expands to the new identifier. */ -+#define RHEL_ALIAS1(old_id) \ -+ RHEL_ALIAS3(RHEL_ALIAS_##old_id, old_id, #old_id) -+ - - #if !defined(FIPS_MODULE) - -@@ -337,6 +352,7 @@ int EVP_CIPHER_get_type(const EVP_CIPHER - #endif - } - } -+RHEL_ALIAS1(EVP_CIPHER_type); - - int evp_cipher_cache_constants(EVP_CIPHER *cipher) - { -@@ -389,11 +405,13 @@ int EVP_CIPHER_get_block_size(const EVP_ - { - return cipher->block_size; - } -+RHEL_ALIAS1(EVP_CIPHER_block_size); - - int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx) - { - return EVP_CIPHER_get_block_size(ctx->cipher); - } -+RHEL_ALIAS1(EVP_CIPHER_CTX_block_size); - - int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e) - { -@@ -466,11 +484,13 @@ int EVP_CIPHER_CTX_is_encrypting(const E - { - return ctx->encrypt; - } -+RHEL_ALIAS1(EVP_CIPHER_CTX_encrypting); - - unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *cipher) - { - return cipher->flags; - } -+RHEL_ALIAS1(EVP_CIPHER_flags); - - void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) - { -@@ -501,6 +521,7 @@ int EVP_CIPHER_get_iv_length(const EVP_C - { - return cipher->iv_len; - } -+RHEL_ALIAS1(EVP_CIPHER_iv_length); - - int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx) - { -@@ -522,6 +543,7 @@ legacy: - } - return len; - } -+RHEL_ALIAS1(EVP_CIPHER_CTX_iv_length); - - int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx) - { -@@ -533,6 +555,7 @@ int EVP_CIPHER_CTX_get_tag_length(const - ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); - return ret == 1 ? (int)v : 0; - } -+RHEL_ALIAS1(EVP_CIPHER_CTX_tag_length); - - #ifndef OPENSSL_NO_DEPRECATED_3_0 - const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx) -@@ -615,6 +638,7 @@ int EVP_CIPHER_CTX_get_num(const EVP_CIP - - return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED; - } -+RHEL_ALIAS1(EVP_CIPHER_CTX_num); - - int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num) - { -@@ -634,6 +658,7 @@ int EVP_CIPHER_get_key_length(const EVP_ - { - return cipher->key_len; - } -+RHEL_ALIAS1(EVP_CIPHER_key_length); - - int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx) - { -@@ -646,16 +671,19 @@ int EVP_CIPHER_CTX_get_key_length(const - - return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED; - } -+RHEL_ALIAS1(EVP_CIPHER_CTX_key_length); - - int EVP_CIPHER_get_nid(const EVP_CIPHER *cipher) - { - return cipher->nid; - } -+RHEL_ALIAS1(EVP_CIPHER_nid); - - int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx) - { - return ctx->cipher->nid; - } -+RHEL_ALIAS1(EVP_CIPHER_CTX_nid); - - int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name) - { -@@ -679,6 +707,7 @@ const char *EVP_CIPHER_get0_name(const E - return NULL; - #endif - } -+RHEL_ALIAS1(EVP_CIPHER_name); - - const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher) - { -@@ -690,6 +719,7 @@ const char *EVP_CIPHER_get0_description( - return NULL; - #endif - } -+RHEL_ALIAS1(EVP_CIPHER_description); - - int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, - void (*fn)(const char *name, void *data), -@@ -705,11 +735,13 @@ const OSSL_PROVIDER *EVP_CIPHER_get0_pro - { - return cipher->prov; - } -+RHEL_ALIAS1(EVP_CIPHER_provider); - - int EVP_CIPHER_get_mode(const EVP_CIPHER *cipher) - { - return EVP_CIPHER_get_flags(cipher) & EVP_CIPH_MODE; - } -+RHEL_ALIAS1(EVP_CIPHER_mode); - - int EVP_MD_is_a(const EVP_MD *md, const char *name) - { -@@ -733,6 +765,7 @@ const char *EVP_MD_get0_description(cons - return NULL; - #endif - } -+RHEL_ALIAS1(EVP_MD_description); - - const char *EVP_MD_get0_name(const EVP_MD *md) - { -@@ -746,6 +779,7 @@ const char *EVP_MD_get0_name(const EVP_M - return NULL; - #endif - } -+RHEL_ALIAS1(EVP_MD_name); - - int EVP_MD_names_do_all(const EVP_MD *md, - void (*fn)(const char *name, void *data), -@@ -761,16 +795,19 @@ const OSSL_PROVIDER *EVP_MD_get0_provide - { - return md->prov; - } -+RHEL_ALIAS1(EVP_MD_provider); - - int EVP_MD_get_type(const EVP_MD *md) - { - return md->type; - } -+RHEL_ALIAS1(EVP_MD_type); - - int EVP_MD_get_pkey_type(const EVP_MD *md) - { - return md->pkey_type; - } -+RHEL_ALIAS1(EVP_MD_pkey_type); - - int EVP_MD_get_block_size(const EVP_MD *md) - { -@@ -780,6 +817,7 @@ int EVP_MD_get_block_size(const EVP_MD * - } - return md->block_size; - } -+RHEL_ALIAS1(EVP_MD_block_size); - - int EVP_MD_get_size(const EVP_MD *md) - { -@@ -789,11 +827,13 @@ int EVP_MD_get_size(const EVP_MD *md) - } - return md->md_size; - } -+RHEL_ALIAS1(EVP_MD_size); - - unsigned long EVP_MD_get_flags(const EVP_MD *md) - { - return md->flags; - } -+RHEL_ALIAS1(EVP_MD_flags); - - EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type) - { -@@ -1007,6 +1047,7 @@ EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(co - { - return ctx->pctx; - } -+RHEL_ALIAS1(EVP_MD_CTX_pkey_ctx); - - #if !defined(FIPS_MODULE) - void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx) -@@ -1033,6 +1074,7 @@ void *EVP_MD_CTX_get0_md_data(const EVP_ - { - return ctx->md_data; - } -+RHEL_ALIAS1(EVP_MD_CTX_md_data); - - int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, - const void *data, size_t count) diff -up openssl-3.0.0-beta1/crypto/evp/evp_rand.c.dual-abi openssl-3.0.0-beta1/crypto/evp/evp_rand.c --- openssl-3.0.0-beta1/crypto/evp/evp_rand.c.dual-abi 2021-07-13 00:54:33.231325700 +0200 +++ openssl-3.0.0-beta1/crypto/evp/evp_rand.c 2021-07-13 00:57:22.596922955 +0200 @@ -975,8 +750,8 @@ diff -up openssl-3.0.0-beta1/util/libcrypto.num.dual-abi openssl-3.0.0-beta1/uti --- openssl-3.0.0-beta1/util/libcrypto.num.dual-abi 2021-07-13 23:38:25.166562563 +0200 +++ openssl-3.0.0-beta1/util/libcrypto.num 2021-07-13 23:40:38.622939932 +0200 @@ -5414,3 +5414,76 @@ ASN1_item_d2i_bio_ex - ASN1_item_d2i_ex ? 3_0_0 EXIST::FUNCTION: - ASN1_TIME_print_ex ? 3_0_0 EXIST::FUNCTION: + EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION: + EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: +EVP_ASYM_CIPHER_description ? 3_0_0 EXIST::FUNCTION: +EVP_ASYM_CIPHER_name ? 3_0_0 EXIST::FUNCTION: @@ -1055,8 +830,8 @@ diff -up openssl-3.0.0-beta1/crypto/provider.c.dual-abi openssl-3.0.0-beta1/cryp --- openssl-3.0.0-beta1/crypto/provider.c.dual-abi 2021-07-14 00:37:49.301207962 +0200 +++ openssl-3.0.0-beta1/crypto/provider.c 2021-07-14 00:39:34.796200433 +0200 @@ -13,6 +13,21 @@ - #include #include "internal/provider.h" + #include "provider_local.h" +/* Macro machinery. */ + @@ -1125,20 +900,6 @@ diff -up openssl-3.0.0-beta1/crypto/evp/asymcipher.c.dual-abi openssl-3.0.0-beta static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation, const OSSL_PARAM params[]) { -diff -up openssl-3.0.0-beta1/crypto/evp/evp_lib.c.dual-abi openssl-3.0.0-beta1/crypto/evp/evp_lib.c ---- openssl-3.0.0-beta1/crypto/evp/evp_lib.c.dual-abi 2021-07-17 22:24:40.140969959 +0200 -+++ openssl-3.0.0-beta1/crypto/evp/evp_lib.c 2021-07-17 22:25:50.977834241 +0200 -@@ -43,6 +43,10 @@ - #define RHEL_ALIAS1(old_id) \ - RHEL_ALIAS3(RHEL_ALIAS_##old_id, old_id, #old_id) - -+#define EVP_MD_description EVP_MD_get0_description -+#define EVP_MD_provider EVP_MD_get0_provider -+#define EVP_CIPHER_description EVP_CIPHER_get0_description -+#define EVP_CIPHER_provider EVP_CIPHER_get0_provider - - #if !defined(FIPS_MODULE) - diff -up openssl-3.0.0-beta1/crypto/evp/evp_rand.c.dual-abi openssl-3.0.0-beta1/crypto/evp/evp_rand.c --- openssl-3.0.0-beta1/crypto/evp/evp_rand.c.dual-abi 2021-07-17 22:29:25.742454581 +0200 +++ openssl-3.0.0-beta1/crypto/evp/evp_rand.c 2021-07-17 22:33:36.158699400 +0200 @@ -1289,3 +1050,236 @@ diff -up openssl-3.0.0-beta1/crypto/evp/p_lib.c.dual-abi openssl-3.0.0-beta1/cry static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, int len, EVP_KEYMGMT *keymgmt); static void evp_pkey_free_it(EVP_PKEY *key); +diff -up openssl-3.0.0-beta2/crypto/evp/evp_lib.c.dual-abi openssl-3.0.0-beta2/crypto/evp/evp_lib.c +--- openssl-3.0.0-beta2/crypto/evp/evp_lib.c.dual-abi 2021-08-03 12:50:08.359814508 +0200 ++++ openssl-3.0.0-beta2/crypto/evp/evp_lib.c 2021-08-03 12:55:14.025810602 +0200 +@@ -28,6 +28,26 @@ + #include "internal/provider.h" + #include "evp_local.h" + ++/* Macro machinery. */ ++ ++/* Defines OLD_STRING (a C string) as an alias for NEW_ID (a C ++ * identifier). The controlling C identifier symbol is ALIAS_ID (a C ++ * identifier). */ ++#define RHEL_ALIAS3(alias_id, new_id, old_string) \ ++ extern __typeof(new_id) alias_id \ ++ __asm__ (old_string) \ ++ __attribute__ ((__copy__ (new_id), __alias__ (#new_id))) ++ ++/* Defines an alias using OLD_ID, which must be an macro identifier ++ * that expands to the new identifier. */ ++#define RHEL_ALIAS1(old_id) \ ++ RHEL_ALIAS3(RHEL_ALIAS_##old_id, old_id, #old_id) ++ ++#define EVP_MD_description EVP_MD_get0_description ++#define EVP_MD_provider EVP_MD_get0_provider ++#define EVP_CIPHER_description EVP_CIPHER_get0_description ++#define EVP_CIPHER_provider EVP_CIPHER_get0_provider ++ + #if !defined(FIPS_MODULE) + # include "crypto/asn1.h" + +diff -up openssl-3.0.0-beta2/crypto/evp/evp_lib.c.dual-abi openssl-3.0.0-beta2/crypto/evp/evp_lib.c +--- openssl-3.0.0-beta2/crypto/evp/evp_lib.c.dual-abi 2021-08-03 13:11:46.436671855 +0200 ++++ openssl-3.0.0-beta2/crypto/evp/evp_lib.c 2021-08-03 13:31:36.873461438 +0200 +@@ -337,6 +337,7 @@ int EVP_CIPHER_get_type(const EVP_CIPHER + #endif + } + } ++RHEL_ALIAS1(EVP_CIPHER_type); + + int evp_cipher_cache_constants(EVP_CIPHER *cipher) + { +@@ -389,11 +390,13 @@ int EVP_CIPHER_get_block_size(const EVP_ + { + return cipher->block_size; + } ++RHEL_ALIAS1(EVP_CIPHER_block_size); + + int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx) + { + return EVP_CIPHER_get_block_size(ctx->cipher); + } ++RHEL_ALIAS1(EVP_CIPHER_CTX_block_size); + + int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e) + { +@@ -466,11 +469,13 @@ int EVP_CIPHER_CTX_is_encrypting(const E + { + return ctx->encrypt; + } ++RHEL_ALIAS1(EVP_CIPHER_CTX_encrypting); + + unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *cipher) + { + return cipher->flags; + } ++RHEL_ALIAS1(EVP_CIPHER_flags); + + void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) + { +@@ -501,6 +506,7 @@ int EVP_CIPHER_get_iv_length(const EVP_C + { + return cipher->iv_len; + } ++RHEL_ALIAS1(EVP_CIPHER_iv_length); + + int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx) + { +@@ -522,6 +543,7 @@ legacy: + } + return len; + } ++RHEL_ALIAS1(EVP_CIPHER_CTX_iv_length); + + int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx) + { +@@ -533,6 +539,7 @@ int EVP_CIPHER_CTX_get_tag_length(const + ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); + return ret == 1 ? (int)v : 0; + } ++RHEL_ALIAS1(EVP_CIPHER_CTX_tag_length); + + #ifndef OPENSSL_NO_DEPRECATED_3_0 + const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx) +@@ -615,6 +622,7 @@ int EVP_CIPHER_CTX_get_num(const EVP_CIP + + return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED; + } ++RHEL_ALIAS1(EVP_CIPHER_CTX_num); + + int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num) + { +@@ -634,6 +642,7 @@ int EVP_CIPHER_get_key_length(const EVP_ + { + return cipher->key_len; + } ++RHEL_ALIAS1(EVP_CIPHER_key_length); + + int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx) + { +@@ -646,16 +655,19 @@ int EVP_CIPHER_CTX_get_key_length(const + + return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED; + } ++RHEL_ALIAS1(EVP_CIPHER_CTX_key_length); + + int EVP_CIPHER_get_nid(const EVP_CIPHER *cipher) + { + return cipher->nid; + } ++RHEL_ALIAS1(EVP_CIPHER_nid); + + int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx) + { + return ctx->cipher->nid; + } ++RHEL_ALIAS1(EVP_CIPHER_CTX_nid); + + int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name) + { +@@ -679,6 +691,7 @@ const char *EVP_CIPHER_get0_name(const E + return NULL; + #endif + } ++RHEL_ALIAS1(EVP_CIPHER_name); + + const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher) + { +@@ -690,6 +703,7 @@ const char *EVP_CIPHER_get0_description( + return NULL; + #endif + } ++RHEL_ALIAS1(EVP_CIPHER_description); + + int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, + void (*fn)(const char *name, void *data), +@@ -705,11 +719,13 @@ const OSSL_PROVIDER *EVP_CIPHER_get0_pro + { + return cipher->prov; + } ++RHEL_ALIAS1(EVP_CIPHER_provider); + + int EVP_CIPHER_get_mode(const EVP_CIPHER *cipher) + { + return EVP_CIPHER_get_flags(cipher) & EVP_CIPH_MODE; + } ++RHEL_ALIAS1(EVP_CIPHER_mode); + + int EVP_MD_is_a(const EVP_MD *md, const char *name) + { +@@ -733,6 +749,7 @@ const char *EVP_MD_get0_description(cons + return NULL; + #endif + } ++RHEL_ALIAS1(EVP_MD_description); + + const char *EVP_MD_get0_name(const EVP_MD *md) + { +@@ -746,6 +763,7 @@ const char *EVP_MD_get0_name(const EVP_M + return NULL; + #endif + } ++RHEL_ALIAS1(EVP_MD_name); + + int EVP_MD_names_do_all(const EVP_MD *md, + void (*fn)(const char *name, void *data), +@@ -761,16 +779,19 @@ const OSSL_PROVIDER *EVP_MD_get0_provide + { + return md->prov; + } ++RHEL_ALIAS1(EVP_MD_provider); + + int EVP_MD_get_type(const EVP_MD *md) + { + return md->type; + } ++RHEL_ALIAS1(EVP_MD_type); + + int EVP_MD_get_pkey_type(const EVP_MD *md) + { + return md->pkey_type; + } ++RHEL_ALIAS1(EVP_MD_pkey_type); + + int EVP_MD_get_block_size(const EVP_MD *md) + { +@@ -780,6 +801,7 @@ int EVP_MD_get_block_size(const EVP_MD * + } + return md->block_size; + } ++RHEL_ALIAS1(EVP_MD_block_size); + + int EVP_MD_get_size(const EVP_MD *md) + { +@@ -789,11 +811,13 @@ int EVP_MD_get_size(const EVP_MD *md) + } + return md->md_size; + } ++RHEL_ALIAS1(EVP_MD_size); + + unsigned long EVP_MD_get_flags(const EVP_MD *md) + { + return md->flags; + } ++RHEL_ALIAS1(EVP_MD_flags); + + EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type) + { +@@ -1008,6 +1032,7 @@ EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(co + { + return ctx->pctx; + } ++RHEL_ALIAS1(EVP_MD_CTX_pkey_ctx); + + #if !defined(FIPS_MODULE) + void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx) +@@ -1034,6 +1059,7 @@ void *EVP_MD_CTX_get0_md_data(const EVP_ + { + return ctx->md_data; + } ++RHEL_ALIAS1(EVP_MD_CTX_md_data); + + int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, + const void *data, size_t count) diff --git a/0020-no-dup-cert-entries.patch b/0020-no-dup-cert-entries.patch deleted file mode 100644 index 792a1ae..0000000 --- a/0020-no-dup-cert-entries.patch +++ /dev/null @@ -1,75 +0,0 @@ -diff -up openssl-3.0.0-beta1/apps/pkcs12.c.dup-pkcs12 openssl-3.0.0-beta1/apps/pkcs12.c ---- openssl-3.0.0-beta1/apps/pkcs12.c.dup-pkcs12 2021-07-22 14:59:14.777544688 +0200 -+++ openssl-3.0.0-beta1/apps/pkcs12.c 2021-07-22 15:06:04.768908265 +0200 -@@ -571,8 +571,6 @@ int pkcs12_main(int argc, char **argv) - infile); - goto export_end; - } -- } else { -- ee_cert = X509_dup(sk_X509_value(certs, 0)); /* take 1st cert */ - } - } - -@@ -588,8 +586,13 @@ int pkcs12_main(int argc, char **argv) - int vret; - STACK_OF(X509) *chain2; - X509_STORE *store; -+ X509 *ee_cert_tmp = ee_cert; - -- if (ee_cert == NULL) { -+ /* Assume the first cert if we haven't got anything else */ -+ if (ee_cert_tmp == NULL && certs != NULL) -+ ee_cert_tmp = sk_X509_value(certs, 0); -+ -+ if (ee_cert_tmp == NULL) { - BIO_printf(bio_err, - "No end entity certificate to check with -chain\n"); - goto export_end; -@@ -600,7 +603,7 @@ int pkcs12_main(int argc, char **argv) - == NULL) - goto export_end; - -- vret = get_cert_chain(ee_cert, store, untrusted_certs, &chain2); -+ vret = get_cert_chain(ee_cert_tmp, store, untrusted_certs, &chain2); - X509_STORE_free(store); - - if (vret == X509_V_OK) { -diff -up openssl-3.0.0-beta1/test/recipes/80-test_pkcs12.t.dup-pkcs12 openssl-3.0.0-beta1/test/recipes/80-test_pkcs12.t ---- openssl-3.0.0-beta1/test/recipes/80-test_pkcs12.t.dup-pkcs12 2021-07-22 15:06:22.715077291 +0200 -+++ openssl-3.0.0-beta1/test/recipes/80-test_pkcs12.t 2021-07-22 15:17:52.250559784 +0200 -@@ -54,7 +54,7 @@ if (eval { require Win32::API; 1; }) { - } - $ENV{OPENSSL_WIN32_UTF8}=1; - --plan tests => 7; -+plan tests => 10; - - # Test different PKCS#12 formats - ok(run(test(["pkcs12_format_test"])), "test pkcs12 formats"); -@@ -73,6 +73,7 @@ my @path = qw(test certs); - my $outfile1 = "out1.p12"; - my $outfile2 = "out2.p12"; - my $outfile3 = "out3.p12"; -+my $outfile5 = "out5.p12"; - - # Test the -chain option with -untrusted - ok(run(app(["openssl", "pkcs12", "-export", "-chain", -@@ -108,4 +109,18 @@ SKIP: { - "test_pkcs12_passcerts_legacy"); - } - -+ok(run(app(["openssl", "pkcs12", "-export", "-out", $outfile5, -+ "-in", srctop_file(@path, "ee-cert.pem"), "-caname", "testname", -+ "-nokeys", "-passout", "pass:", "-certpbe", "NONE"])), -+ "test nokeys single cert"); -+ -+my @pkcs12info = run(app(["openssl", "pkcs12", "-info", "-in", $outfile5, -+ "-passin", "pass:"]), capture => 1); -+ -+# Test that with one input certificate, we get one output certificate -+ok(grep(/subject=CN = server.example/, @pkcs12info) == 1, -+ "test one cert in output"); -+# Test that the expected friendly name is present in the output -+ok(grep(/testname/, @pkcs12info) == 1, "test friendly name in output"); -+ - SetConsoleOutputCP($savedcp) if (defined($savedcp)); diff --git a/openssl.spec b/openssl.spec index 6d146a5..2f2642a 100644 --- a/openssl.spec +++ b/openssl.spec @@ -15,7 +15,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 3.0.0 -Release: 0.beta1.5%{?dist} +Release: 0.beta2.1%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -52,14 +52,8 @@ Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch #Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch # remove unsupported EC curves Patch11: 0011-Remove-EC-curves.patch -# Use AI_ADDRCONFIG only when explicit host name is given -Patch17: 0017-use-AI-ADDRCONFIG-explicit-hostname.patch -# Fix segmentation fault in BN_lebin2bn() -Patch18: 0018-Fix-crash-BN_lebin2bn.patch # Temporary dual-ABI build patch Patch19: 0019-dual-abi.patch -# Prevents creation of duplicate cert entries in PKCS #12 files -Patch20: 0020-no-dup-cert-entries.patch License: ASL 2.0 URL: http://www.openssl.org/ @@ -115,7 +109,7 @@ package provides Perl scripts for converting certificates and keys from other formats to the formats used by the OpenSSL toolkit. %prep -%autosetup -S git -n %{name}-%{version}-beta1 +%autosetup -S git -n %{name}-%{version}-beta2 # The hobble_openssl is called here redundantly, just to be sure. # The tarball has already the sources removed. @@ -382,6 +376,10 @@ install -m644 %{SOURCE9} \ %ldconfig_scriptlets libs %changelog +* Tue Aug 03 2021 Sahana Prasad 3.0.0-0.beta2.1 +- Rebase to upstream version beta2 +- Related: rhbz#1903209 + * Thu Jul 22 2021 Sahana Prasad 3.0.0-0.beta1.5 - Prevents creation of duplicate cert entries in PKCS #12 files - Resolves: rhbz#1978670 diff --git a/sources b/sources index f255757..8b1e2d7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openssl-3.0.0-hobbled.tar.xz) = 05f3e01621be98e776061a86b8fec68bdafeac720c8f968b1c4fafc5f328839701d2ffd67d6bd695c3dbf67e3efb03b3c856ed046d751359bc89b867205b7fe9 +SHA512 (openssl-3.0.0-hobbled.tar.xz) = 096758a79680921d2b18929177d2ee43b7fb62fa30164a16ab1749b8349aac5e6e3d0761419b6c9f0a591c8991c133d142e56ab92f197d142649b58e66d876f7