Rebase to upstream version beta2

Related: rhbz#1903209

Signed-off-by: Sahana Prasad <sahana@redhat.com>
This commit is contained in:
Sahana Prasad 2021-08-03 15:03:00 +02:00
parent 0b6afca185
commit fe7445d93d
7 changed files with 246 additions and 353 deletions

View File

@ -280,9 +280,9 @@ index 404a706fab..e81fa9ec3e 100644
--- a/util/libcrypto.num --- a/util/libcrypto.num
+++ b/util/libcrypto.num +++ b/util/libcrypto.num
@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION: @@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION:
ASN1_item_d2i_bio_ex ? 3_0_0 EXIST::FUNCTION: ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION:
ASN1_item_d2i_ex ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION:
ASN1_TIME_print_ex ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
+ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: +ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
-- --
2.26.2 2.26.2

View File

@ -1,12 +0,0 @@
diff -up openssl-3.0.0-alpha16/crypto/bio/bio_addr.c.use-explicit openssl-3.0.0-alpha16/crypto/bio/bio_addr.c
--- openssl-3.0.0-alpha16/crypto/bio/bio_addr.c.use-explicit 2021-07-06 14:06:05.706578389 +0200
+++ openssl-3.0.0-alpha16/crypto/bio/bio_addr.c 2021-07-06 14:07:24.482329505 +0200
@@ -696,7 +696,7 @@ int BIO_lookup_ex(const char *host, cons
hints.ai_protocol = protocol;
# ifdef AI_ADDRCONFIG
# ifdef AF_UNSPEC
- if (family == AF_UNSPEC)
+ if (host != NULL && family == AF_UNSPEC)
# endif
hints.ai_flags |= AI_ADDRCONFIG;
# endif

View File

@ -1,12 +0,0 @@
diff -up openssl-3.0.0-alpha16/apps/x509.c.segfault-bn openssl-3.0.0-alpha16/apps/x509.c
--- openssl-3.0.0-alpha16/apps/x509.c.segfault-bn 2021-07-06 22:12:37.021406952 +0200
+++ openssl-3.0.0-alpha16/apps/x509.c 2021-07-06 22:13:40.540996922 +0200
@@ -934,7 +934,7 @@ int x509_main(int argc, char **argv)
} else if (i == modulus) {
BIO_printf(out, "Modulus=");
if (EVP_PKEY_is_a(pkey, "RSA")) {
- BIGNUM *n;
+ BIGNUM *n = NULL;
/* Every RSA key has an 'n' */
EVP_PKEY_get_bn_param(pkey, "n", &n);

View File

@ -251,231 +251,6 @@ diff -up openssl-3.0.0-beta1/crypto/evp/asymcipher.c.dual-abi openssl-3.0.0-beta
void EVP_ASYM_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx, void EVP_ASYM_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx,
void (*fn)(EVP_ASYM_CIPHER *cipher, void (*fn)(EVP_ASYM_CIPHER *cipher,
diff -up openssl-3.0.0-beta1/crypto/evp/evp_lib.c.dual-abi openssl-3.0.0-beta1/crypto/evp/evp_lib.c
--- openssl-3.0.0-beta1/crypto/evp/evp_lib.c.dual-abi 2021-07-13 01:10:08.970210463 +0200
+++ openssl-3.0.0-beta1/crypto/evp/evp_lib.c 2021-07-13 01:10:20.596324598 +0200
@@ -31,6 +31,21 @@
#include "crypto/asn1.h"
#include "internal/provider.h"
#include "evp_local.h"
+/* Macro machinery. */
+
+/* Defines OLD_STRING (a C string) as an alias for NEW_ID (a C
+ * identifier). The controlling C identifier symbol is ALIAS_ID (a C
+ * identifier). */
+#define RHEL_ALIAS3(alias_id, new_id, old_string) \
+ extern __typeof(new_id) alias_id \
+ __asm__ (old_string) \
+ __attribute__ ((__copy__ (new_id), __alias__ (#new_id)))
+
+/* Defines an alias using OLD_ID, which must be an macro identifier
+ * that expands to the new identifier. */
+#define RHEL_ALIAS1(old_id) \
+ RHEL_ALIAS3(RHEL_ALIAS_##old_id, old_id, #old_id)
+
#if !defined(FIPS_MODULE)
@@ -337,6 +352,7 @@ int EVP_CIPHER_get_type(const EVP_CIPHER
#endif
}
}
+RHEL_ALIAS1(EVP_CIPHER_type);
int evp_cipher_cache_constants(EVP_CIPHER *cipher)
{
@@ -389,11 +405,13 @@ int EVP_CIPHER_get_block_size(const EVP_
{
return cipher->block_size;
}
+RHEL_ALIAS1(EVP_CIPHER_block_size);
int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx)
{
return EVP_CIPHER_get_block_size(ctx->cipher);
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_block_size);
int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e)
{
@@ -466,11 +484,13 @@ int EVP_CIPHER_CTX_is_encrypting(const E
{
return ctx->encrypt;
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_encrypting);
unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *cipher)
{
return cipher->flags;
}
+RHEL_ALIAS1(EVP_CIPHER_flags);
void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
{
@@ -501,6 +521,7 @@ int EVP_CIPHER_get_iv_length(const EVP_C
{
return cipher->iv_len;
}
+RHEL_ALIAS1(EVP_CIPHER_iv_length);
int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx)
{
@@ -522,6 +543,7 @@ legacy:
}
return len;
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_iv_length);
int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx)
{
@@ -533,6 +555,7 @@ int EVP_CIPHER_CTX_get_tag_length(const
ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
return ret == 1 ? (int)v : 0;
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_tag_length);
#ifndef OPENSSL_NO_DEPRECATED_3_0
const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx)
@@ -615,6 +638,7 @@ int EVP_CIPHER_CTX_get_num(const EVP_CIP
return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_num);
int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num)
{
@@ -634,6 +658,7 @@ int EVP_CIPHER_get_key_length(const EVP_
{
return cipher->key_len;
}
+RHEL_ALIAS1(EVP_CIPHER_key_length);
int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx)
{
@@ -646,16 +671,19 @@ int EVP_CIPHER_CTX_get_key_length(const
return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_key_length);
int EVP_CIPHER_get_nid(const EVP_CIPHER *cipher)
{
return cipher->nid;
}
+RHEL_ALIAS1(EVP_CIPHER_nid);
int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx)
{
return ctx->cipher->nid;
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_nid);
int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name)
{
@@ -679,6 +707,7 @@ const char *EVP_CIPHER_get0_name(const E
return NULL;
#endif
}
+RHEL_ALIAS1(EVP_CIPHER_name);
const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher)
{
@@ -690,6 +719,7 @@ const char *EVP_CIPHER_get0_description(
return NULL;
#endif
}
+RHEL_ALIAS1(EVP_CIPHER_description);
int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher,
void (*fn)(const char *name, void *data),
@@ -705,11 +735,13 @@ const OSSL_PROVIDER *EVP_CIPHER_get0_pro
{
return cipher->prov;
}
+RHEL_ALIAS1(EVP_CIPHER_provider);
int EVP_CIPHER_get_mode(const EVP_CIPHER *cipher)
{
return EVP_CIPHER_get_flags(cipher) & EVP_CIPH_MODE;
}
+RHEL_ALIAS1(EVP_CIPHER_mode);
int EVP_MD_is_a(const EVP_MD *md, const char *name)
{
@@ -733,6 +765,7 @@ const char *EVP_MD_get0_description(cons
return NULL;
#endif
}
+RHEL_ALIAS1(EVP_MD_description);
const char *EVP_MD_get0_name(const EVP_MD *md)
{
@@ -746,6 +779,7 @@ const char *EVP_MD_get0_name(const EVP_M
return NULL;
#endif
}
+RHEL_ALIAS1(EVP_MD_name);
int EVP_MD_names_do_all(const EVP_MD *md,
void (*fn)(const char *name, void *data),
@@ -761,16 +795,19 @@ const OSSL_PROVIDER *EVP_MD_get0_provide
{
return md->prov;
}
+RHEL_ALIAS1(EVP_MD_provider);
int EVP_MD_get_type(const EVP_MD *md)
{
return md->type;
}
+RHEL_ALIAS1(EVP_MD_type);
int EVP_MD_get_pkey_type(const EVP_MD *md)
{
return md->pkey_type;
}
+RHEL_ALIAS1(EVP_MD_pkey_type);
int EVP_MD_get_block_size(const EVP_MD *md)
{
@@ -780,6 +817,7 @@ int EVP_MD_get_block_size(const EVP_MD *
}
return md->block_size;
}
+RHEL_ALIAS1(EVP_MD_block_size);
int EVP_MD_get_size(const EVP_MD *md)
{
@@ -789,11 +827,13 @@ int EVP_MD_get_size(const EVP_MD *md)
}
return md->md_size;
}
+RHEL_ALIAS1(EVP_MD_size);
unsigned long EVP_MD_get_flags(const EVP_MD *md)
{
return md->flags;
}
+RHEL_ALIAS1(EVP_MD_flags);
EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type)
{
@@ -1007,6 +1047,7 @@ EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(co
{
return ctx->pctx;
}
+RHEL_ALIAS1(EVP_MD_CTX_pkey_ctx);
#if !defined(FIPS_MODULE)
void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx)
@@ -1033,6 +1074,7 @@ void *EVP_MD_CTX_get0_md_data(const EVP_
{
return ctx->md_data;
}
+RHEL_ALIAS1(EVP_MD_CTX_md_data);
int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
const void *data, size_t count)
diff -up openssl-3.0.0-beta1/crypto/evp/evp_rand.c.dual-abi openssl-3.0.0-beta1/crypto/evp/evp_rand.c diff -up openssl-3.0.0-beta1/crypto/evp/evp_rand.c.dual-abi openssl-3.0.0-beta1/crypto/evp/evp_rand.c
--- openssl-3.0.0-beta1/crypto/evp/evp_rand.c.dual-abi 2021-07-13 00:54:33.231325700 +0200 --- openssl-3.0.0-beta1/crypto/evp/evp_rand.c.dual-abi 2021-07-13 00:54:33.231325700 +0200
+++ openssl-3.0.0-beta1/crypto/evp/evp_rand.c 2021-07-13 00:57:22.596922955 +0200 +++ openssl-3.0.0-beta1/crypto/evp/evp_rand.c 2021-07-13 00:57:22.596922955 +0200
@ -975,8 +750,8 @@ diff -up openssl-3.0.0-beta1/util/libcrypto.num.dual-abi openssl-3.0.0-beta1/uti
--- openssl-3.0.0-beta1/util/libcrypto.num.dual-abi 2021-07-13 23:38:25.166562563 +0200 --- openssl-3.0.0-beta1/util/libcrypto.num.dual-abi 2021-07-13 23:38:25.166562563 +0200
+++ openssl-3.0.0-beta1/util/libcrypto.num 2021-07-13 23:40:38.622939932 +0200 +++ openssl-3.0.0-beta1/util/libcrypto.num 2021-07-13 23:40:38.622939932 +0200
@@ -5414,3 +5414,76 @@ ASN1_item_d2i_bio_ex @@ -5414,3 +5414,76 @@ ASN1_item_d2i_bio_ex
ASN1_item_d2i_ex ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION:
ASN1_TIME_print_ex ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
+EVP_ASYM_CIPHER_description ? 3_0_0 EXIST::FUNCTION: +EVP_ASYM_CIPHER_description ? 3_0_0 EXIST::FUNCTION:
+EVP_ASYM_CIPHER_name ? 3_0_0 EXIST::FUNCTION: +EVP_ASYM_CIPHER_name ? 3_0_0 EXIST::FUNCTION:
@ -1055,8 +830,8 @@ diff -up openssl-3.0.0-beta1/crypto/provider.c.dual-abi openssl-3.0.0-beta1/cryp
--- openssl-3.0.0-beta1/crypto/provider.c.dual-abi 2021-07-14 00:37:49.301207962 +0200 --- openssl-3.0.0-beta1/crypto/provider.c.dual-abi 2021-07-14 00:37:49.301207962 +0200
+++ openssl-3.0.0-beta1/crypto/provider.c 2021-07-14 00:39:34.796200433 +0200 +++ openssl-3.0.0-beta1/crypto/provider.c 2021-07-14 00:39:34.796200433 +0200
@@ -13,6 +13,21 @@ @@ -13,6 +13,21 @@
#include <openssl/core_names.h>
#include "internal/provider.h" #include "internal/provider.h"
#include "provider_local.h"
+/* Macro machinery. */ +/* Macro machinery. */
+ +
@ -1125,20 +900,6 @@ diff -up openssl-3.0.0-beta1/crypto/evp/asymcipher.c.dual-abi openssl-3.0.0-beta
static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation, static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation,
const OSSL_PARAM params[]) const OSSL_PARAM params[])
{ {
diff -up openssl-3.0.0-beta1/crypto/evp/evp_lib.c.dual-abi openssl-3.0.0-beta1/crypto/evp/evp_lib.c
--- openssl-3.0.0-beta1/crypto/evp/evp_lib.c.dual-abi 2021-07-17 22:24:40.140969959 +0200
+++ openssl-3.0.0-beta1/crypto/evp/evp_lib.c 2021-07-17 22:25:50.977834241 +0200
@@ -43,6 +43,10 @@
#define RHEL_ALIAS1(old_id) \
RHEL_ALIAS3(RHEL_ALIAS_##old_id, old_id, #old_id)
+#define EVP_MD_description EVP_MD_get0_description
+#define EVP_MD_provider EVP_MD_get0_provider
+#define EVP_CIPHER_description EVP_CIPHER_get0_description
+#define EVP_CIPHER_provider EVP_CIPHER_get0_provider
#if !defined(FIPS_MODULE)
diff -up openssl-3.0.0-beta1/crypto/evp/evp_rand.c.dual-abi openssl-3.0.0-beta1/crypto/evp/evp_rand.c diff -up openssl-3.0.0-beta1/crypto/evp/evp_rand.c.dual-abi openssl-3.0.0-beta1/crypto/evp/evp_rand.c
--- openssl-3.0.0-beta1/crypto/evp/evp_rand.c.dual-abi 2021-07-17 22:29:25.742454581 +0200 --- openssl-3.0.0-beta1/crypto/evp/evp_rand.c.dual-abi 2021-07-17 22:29:25.742454581 +0200
+++ openssl-3.0.0-beta1/crypto/evp/evp_rand.c 2021-07-17 22:33:36.158699400 +0200 +++ openssl-3.0.0-beta1/crypto/evp/evp_rand.c 2021-07-17 22:33:36.158699400 +0200
@ -1289,3 +1050,236 @@ diff -up openssl-3.0.0-beta1/crypto/evp/p_lib.c.dual-abi openssl-3.0.0-beta1/cry
static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str,
int len, EVP_KEYMGMT *keymgmt); int len, EVP_KEYMGMT *keymgmt);
static void evp_pkey_free_it(EVP_PKEY *key); static void evp_pkey_free_it(EVP_PKEY *key);
diff -up openssl-3.0.0-beta2/crypto/evp/evp_lib.c.dual-abi openssl-3.0.0-beta2/crypto/evp/evp_lib.c
--- openssl-3.0.0-beta2/crypto/evp/evp_lib.c.dual-abi 2021-08-03 12:50:08.359814508 +0200
+++ openssl-3.0.0-beta2/crypto/evp/evp_lib.c 2021-08-03 12:55:14.025810602 +0200
@@ -28,6 +28,26 @@
#include "internal/provider.h"
#include "evp_local.h"
+/* Macro machinery. */
+
+/* Defines OLD_STRING (a C string) as an alias for NEW_ID (a C
+ * identifier). The controlling C identifier symbol is ALIAS_ID (a C
+ * identifier). */
+#define RHEL_ALIAS3(alias_id, new_id, old_string) \
+ extern __typeof(new_id) alias_id \
+ __asm__ (old_string) \
+ __attribute__ ((__copy__ (new_id), __alias__ (#new_id)))
+
+/* Defines an alias using OLD_ID, which must be an macro identifier
+ * that expands to the new identifier. */
+#define RHEL_ALIAS1(old_id) \
+ RHEL_ALIAS3(RHEL_ALIAS_##old_id, old_id, #old_id)
+
+#define EVP_MD_description EVP_MD_get0_description
+#define EVP_MD_provider EVP_MD_get0_provider
+#define EVP_CIPHER_description EVP_CIPHER_get0_description
+#define EVP_CIPHER_provider EVP_CIPHER_get0_provider
+
#if !defined(FIPS_MODULE)
# include "crypto/asn1.h"
diff -up openssl-3.0.0-beta2/crypto/evp/evp_lib.c.dual-abi openssl-3.0.0-beta2/crypto/evp/evp_lib.c
--- openssl-3.0.0-beta2/crypto/evp/evp_lib.c.dual-abi 2021-08-03 13:11:46.436671855 +0200
+++ openssl-3.0.0-beta2/crypto/evp/evp_lib.c 2021-08-03 13:31:36.873461438 +0200
@@ -337,6 +337,7 @@ int EVP_CIPHER_get_type(const EVP_CIPHER
#endif
}
}
+RHEL_ALIAS1(EVP_CIPHER_type);
int evp_cipher_cache_constants(EVP_CIPHER *cipher)
{
@@ -389,11 +390,13 @@ int EVP_CIPHER_get_block_size(const EVP_
{
return cipher->block_size;
}
+RHEL_ALIAS1(EVP_CIPHER_block_size);
int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx)
{
return EVP_CIPHER_get_block_size(ctx->cipher);
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_block_size);
int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e)
{
@@ -466,11 +469,13 @@ int EVP_CIPHER_CTX_is_encrypting(const E
{
return ctx->encrypt;
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_encrypting);
unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *cipher)
{
return cipher->flags;
}
+RHEL_ALIAS1(EVP_CIPHER_flags);
void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
{
@@ -501,6 +506,7 @@ int EVP_CIPHER_get_iv_length(const EVP_C
{
return cipher->iv_len;
}
+RHEL_ALIAS1(EVP_CIPHER_iv_length);
int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx)
{
@@ -522,6 +543,7 @@ legacy:
}
return len;
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_iv_length);
int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx)
{
@@ -533,6 +539,7 @@ int EVP_CIPHER_CTX_get_tag_length(const
ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
return ret == 1 ? (int)v : 0;
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_tag_length);
#ifndef OPENSSL_NO_DEPRECATED_3_0
const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx)
@@ -615,6 +622,7 @@ int EVP_CIPHER_CTX_get_num(const EVP_CIP
return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_num);
int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num)
{
@@ -634,6 +642,7 @@ int EVP_CIPHER_get_key_length(const EVP_
{
return cipher->key_len;
}
+RHEL_ALIAS1(EVP_CIPHER_key_length);
int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx)
{
@@ -646,16 +655,19 @@ int EVP_CIPHER_CTX_get_key_length(const
return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_key_length);
int EVP_CIPHER_get_nid(const EVP_CIPHER *cipher)
{
return cipher->nid;
}
+RHEL_ALIAS1(EVP_CIPHER_nid);
int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx)
{
return ctx->cipher->nid;
}
+RHEL_ALIAS1(EVP_CIPHER_CTX_nid);
int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name)
{
@@ -679,6 +691,7 @@ const char *EVP_CIPHER_get0_name(const E
return NULL;
#endif
}
+RHEL_ALIAS1(EVP_CIPHER_name);
const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher)
{
@@ -690,6 +703,7 @@ const char *EVP_CIPHER_get0_description(
return NULL;
#endif
}
+RHEL_ALIAS1(EVP_CIPHER_description);
int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher,
void (*fn)(const char *name, void *data),
@@ -705,11 +719,13 @@ const OSSL_PROVIDER *EVP_CIPHER_get0_pro
{
return cipher->prov;
}
+RHEL_ALIAS1(EVP_CIPHER_provider);
int EVP_CIPHER_get_mode(const EVP_CIPHER *cipher)
{
return EVP_CIPHER_get_flags(cipher) & EVP_CIPH_MODE;
}
+RHEL_ALIAS1(EVP_CIPHER_mode);
int EVP_MD_is_a(const EVP_MD *md, const char *name)
{
@@ -733,6 +749,7 @@ const char *EVP_MD_get0_description(cons
return NULL;
#endif
}
+RHEL_ALIAS1(EVP_MD_description);
const char *EVP_MD_get0_name(const EVP_MD *md)
{
@@ -746,6 +763,7 @@ const char *EVP_MD_get0_name(const EVP_M
return NULL;
#endif
}
+RHEL_ALIAS1(EVP_MD_name);
int EVP_MD_names_do_all(const EVP_MD *md,
void (*fn)(const char *name, void *data),
@@ -761,16 +779,19 @@ const OSSL_PROVIDER *EVP_MD_get0_provide
{
return md->prov;
}
+RHEL_ALIAS1(EVP_MD_provider);
int EVP_MD_get_type(const EVP_MD *md)
{
return md->type;
}
+RHEL_ALIAS1(EVP_MD_type);
int EVP_MD_get_pkey_type(const EVP_MD *md)
{
return md->pkey_type;
}
+RHEL_ALIAS1(EVP_MD_pkey_type);
int EVP_MD_get_block_size(const EVP_MD *md)
{
@@ -780,6 +801,7 @@ int EVP_MD_get_block_size(const EVP_MD *
}
return md->block_size;
}
+RHEL_ALIAS1(EVP_MD_block_size);
int EVP_MD_get_size(const EVP_MD *md)
{
@@ -789,11 +811,13 @@ int EVP_MD_get_size(const EVP_MD *md)
}
return md->md_size;
}
+RHEL_ALIAS1(EVP_MD_size);
unsigned long EVP_MD_get_flags(const EVP_MD *md)
{
return md->flags;
}
+RHEL_ALIAS1(EVP_MD_flags);
EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type)
{
@@ -1008,6 +1032,7 @@ EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(co
{
return ctx->pctx;
}
+RHEL_ALIAS1(EVP_MD_CTX_pkey_ctx);
#if !defined(FIPS_MODULE)
void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx)
@@ -1034,6 +1059,7 @@ void *EVP_MD_CTX_get0_md_data(const EVP_
{
return ctx->md_data;
}
+RHEL_ALIAS1(EVP_MD_CTX_md_data);
int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
const void *data, size_t count)

View File

@ -1,75 +0,0 @@
diff -up openssl-3.0.0-beta1/apps/pkcs12.c.dup-pkcs12 openssl-3.0.0-beta1/apps/pkcs12.c
--- openssl-3.0.0-beta1/apps/pkcs12.c.dup-pkcs12 2021-07-22 14:59:14.777544688 +0200
+++ openssl-3.0.0-beta1/apps/pkcs12.c 2021-07-22 15:06:04.768908265 +0200
@@ -571,8 +571,6 @@ int pkcs12_main(int argc, char **argv)
infile);
goto export_end;
}
- } else {
- ee_cert = X509_dup(sk_X509_value(certs, 0)); /* take 1st cert */
}
}
@@ -588,8 +586,13 @@ int pkcs12_main(int argc, char **argv)
int vret;
STACK_OF(X509) *chain2;
X509_STORE *store;
+ X509 *ee_cert_tmp = ee_cert;
- if (ee_cert == NULL) {
+ /* Assume the first cert if we haven't got anything else */
+ if (ee_cert_tmp == NULL && certs != NULL)
+ ee_cert_tmp = sk_X509_value(certs, 0);
+
+ if (ee_cert_tmp == NULL) {
BIO_printf(bio_err,
"No end entity certificate to check with -chain\n");
goto export_end;
@@ -600,7 +603,7 @@ int pkcs12_main(int argc, char **argv)
== NULL)
goto export_end;
- vret = get_cert_chain(ee_cert, store, untrusted_certs, &chain2);
+ vret = get_cert_chain(ee_cert_tmp, store, untrusted_certs, &chain2);
X509_STORE_free(store);
if (vret == X509_V_OK) {
diff -up openssl-3.0.0-beta1/test/recipes/80-test_pkcs12.t.dup-pkcs12 openssl-3.0.0-beta1/test/recipes/80-test_pkcs12.t
--- openssl-3.0.0-beta1/test/recipes/80-test_pkcs12.t.dup-pkcs12 2021-07-22 15:06:22.715077291 +0200
+++ openssl-3.0.0-beta1/test/recipes/80-test_pkcs12.t 2021-07-22 15:17:52.250559784 +0200
@@ -54,7 +54,7 @@ if (eval { require Win32::API; 1; }) {
}
$ENV{OPENSSL_WIN32_UTF8}=1;
-plan tests => 7;
+plan tests => 10;
# Test different PKCS#12 formats
ok(run(test(["pkcs12_format_test"])), "test pkcs12 formats");
@@ -73,6 +73,7 @@ my @path = qw(test certs);
my $outfile1 = "out1.p12";
my $outfile2 = "out2.p12";
my $outfile3 = "out3.p12";
+my $outfile5 = "out5.p12";
# Test the -chain option with -untrusted
ok(run(app(["openssl", "pkcs12", "-export", "-chain",
@@ -108,4 +109,18 @@ SKIP: {
"test_pkcs12_passcerts_legacy");
}
+ok(run(app(["openssl", "pkcs12", "-export", "-out", $outfile5,
+ "-in", srctop_file(@path, "ee-cert.pem"), "-caname", "testname",
+ "-nokeys", "-passout", "pass:", "-certpbe", "NONE"])),
+ "test nokeys single cert");
+
+my @pkcs12info = run(app(["openssl", "pkcs12", "-info", "-in", $outfile5,
+ "-passin", "pass:"]), capture => 1);
+
+# Test that with one input certificate, we get one output certificate
+ok(grep(/subject=CN = server.example/, @pkcs12info) == 1,
+ "test one cert in output");
+# Test that the expected friendly name is present in the output
+ok(grep(/testname/, @pkcs12info) == 1, "test friendly name in output");
+
SetConsoleOutputCP($savedcp) if (defined($savedcp));

View File

@ -15,7 +15,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 3.0.0 Version: 3.0.0
Release: 0.beta1.5%{?dist} Release: 0.beta2.1%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -52,14 +52,8 @@ Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch
#Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch #Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch
# remove unsupported EC curves # remove unsupported EC curves
Patch11: 0011-Remove-EC-curves.patch Patch11: 0011-Remove-EC-curves.patch
# Use AI_ADDRCONFIG only when explicit host name is given
Patch17: 0017-use-AI-ADDRCONFIG-explicit-hostname.patch
# Fix segmentation fault in BN_lebin2bn()
Patch18: 0018-Fix-crash-BN_lebin2bn.patch
# Temporary dual-ABI build patch # Temporary dual-ABI build patch
Patch19: 0019-dual-abi.patch Patch19: 0019-dual-abi.patch
# Prevents creation of duplicate cert entries in PKCS #12 files
Patch20: 0020-no-dup-cert-entries.patch
License: ASL 2.0 License: ASL 2.0
URL: http://www.openssl.org/ URL: http://www.openssl.org/
@ -115,7 +109,7 @@ package provides Perl scripts for converting certificates and keys
from other formats to the formats used by the OpenSSL toolkit. from other formats to the formats used by the OpenSSL toolkit.
%prep %prep
%autosetup -S git -n %{name}-%{version}-beta1 %autosetup -S git -n %{name}-%{version}-beta2
# The hobble_openssl is called here redundantly, just to be sure. # The hobble_openssl is called here redundantly, just to be sure.
# The tarball has already the sources removed. # The tarball has already the sources removed.
@ -382,6 +376,10 @@ install -m644 %{SOURCE9} \
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%changelog %changelog
* Tue Aug 03 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta2.1
- Rebase to upstream version beta2
- Related: rhbz#1903209
* Thu Jul 22 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta1.5 * Thu Jul 22 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta1.5
- Prevents creation of duplicate cert entries in PKCS #12 files - Prevents creation of duplicate cert entries in PKCS #12 files
- Resolves: rhbz#1978670 - Resolves: rhbz#1978670

View File

@ -1 +1 @@
SHA512 (openssl-3.0.0-hobbled.tar.xz) = 05f3e01621be98e776061a86b8fec68bdafeac720c8f968b1c4fafc5f328839701d2ffd67d6bd695c3dbf67e3efb03b3c856ed046d751359bc89b867205b7fe9 SHA512 (openssl-3.0.0-hobbled.tar.xz) = 096758a79680921d2b18929177d2ee43b7fb62fa30164a16ab1749b8349aac5e6e3d0761419b6c9f0a591c8991c133d142e56ab92f197d142649b58e66d876f7