75 changed files with 19 additions and 264 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,47 +1 @@
-.build*.log
-clog
-000*.patch
-*.src.rpm
-openssl-1.0.0a-usa.tar.bz2
-/openssl-1.0.0b-usa.tar.bz2
-/openssl-1.0.0c-usa.tar.bz2
-/openssl-1.0.0d-usa.tar.bz2
-/openssl-1.0.0e-usa.tar.bz2
-/openssl-1.0.0f-usa.tar.bz2
-/openssl-1.0.0g-usa.tar.xz
-/openssl-1.0.1-beta2-usa.tar.xz
-/openssl-1.0.1-beta3-usa.tar.xz
-/openssl-1.0.1-usa.tar.xz
-/openssl-1.0.1a-usa.tar.xz
-/openssl-1.0.1b-usa.tar.xz
-/openssl-1.0.1c-usa.tar.xz
-/openssl-1.0.1e-usa.tar.xz
-/openssl-1.0.1e-hobbled.tar.xz
-/openssl-1.0.1g-hobbled.tar.xz
-/openssl-1.0.1h-hobbled.tar.xz
-/openssl-1.0.1i-hobbled.tar.xz
-/openssl-1.0.1j-hobbled.tar.xz
-/openssl-1.0.1k-hobbled.tar.xz
-/openssl-1.0.2a-hobbled.tar.xz
-/openssl-1.0.2c-hobbled.tar.xz
-/openssl-1.0.2d-hobbled.tar.xz
-/openssl-1.0.2e-hobbled.tar.xz
-/openssl-1.0.2f-hobbled.tar.xz
-/openssl-1.0.2g-hobbled.tar.xz
-/openssl-1.0.2h-hobbled.tar.xz
-/openssl-1.0.2i-hobbled.tar.xz
-/openssl-1.0.2j-hobbled.tar.xz
-/openssl-1.1.0b-hobbled.tar.xz
-/openssl-1.1.0c-hobbled.tar.xz
-/openssl-1.1.0d-hobbled.tar.xz
-/openssl-1.1.0e-hobbled.tar.xz
-/openssl-1.1.0f-hobbled.tar.xz
-/openssl-1.1.0g-hobbled.tar.xz
-/openssl-1.1.0h-hobbled.tar.xz
-/openssl-1.1.1-pre8-hobbled.tar.xz
-/openssl-1.1.1-pre9-hobbled.tar.xz
-/openssl-1.1.1-hobbled.tar.xz
-/openssl-1.1.1b-hobbled.tar.xz
-/openssl-1.1.1c-hobbled.tar.xz
-/openssl-1.1.1g-hobbled.tar.xz
-/openssl-1.1.1k-hobbled.tar.xz
+SOURCES/openssl-1.1.1k-hobbled.tar.xz
--- a/.openssl.metadata
+++ b/.openssl.metadata
@ -0,0 +1 @@
+6fde639a66329f2cd9135eb192f2228f2a402c0e SOURCES/openssl-1.1.1k-hobbled.tar.xz
--- a/SOURCES/Makefile.certificate
+++ b/SOURCES/Makefile.certificate
--- a/SOURCES/README.FIPS
+++ b/SOURCES/README.FIPS
--- a/SOURCES/ec_curve.c
+++ b/SOURCES/ec_curve.c
--- a/SOURCES/ectest.c
+++ b/SOURCES/ectest.c
--- a/SOURCES/hobble-openssl
+++ b/SOURCES/hobble-openssl
--- a/SOURCES/make-dummy-cert
+++ b/SOURCES/make-dummy-cert
--- a/SOURCES/openssl-1.1.1-addrconfig.patch
+++ b/SOURCES/openssl-1.1.1-addrconfig.patch
--- a/SOURCES/openssl-1.1.1-alpn-cb.patch
+++ b/SOURCES/openssl-1.1.1-alpn-cb.patch
--- a/SOURCES/openssl-1.1.1-apps-dgst.patch
+++ b/SOURCES/openssl-1.1.1-apps-dgst.patch
--- a/SOURCES/openssl-1.1.1-arm-update.patch
+++ b/SOURCES/openssl-1.1.1-arm-update.patch
--- a/SOURCES/openssl-1.1.1-build.patch
+++ b/SOURCES/openssl-1.1.1-build.patch
--- a/SOURCES/openssl-1.1.1-cleanup-peer-point-reneg.patch
+++ b/SOURCES/openssl-1.1.1-cleanup-peer-point-reneg.patch
@ -1,13 +1,11 @@
 diff -up openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg openssl-1.1.1k/ssl/statem/extensions.c
 --- openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg	2021-03-25 14:28:38.000000000 +0100
 +++ openssl-1.1.1k/ssl/statem/extensions.c	2021-06-24 16:16:19.526181743 +0200
-@@ -42,6 +42,9 @@ static int tls_parse_certificate_authori
+@@ -42,6 +42,7 @@ static int tls_parse_certificate_authori
 #ifndef OPENSSL_NO_SRP
 static int init_srp(SSL *s, unsigned int context);
 #endif
-+#ifndef OPENSSL_NO_EC
 +static int init_ec_point_formats(SSL *s, unsigned int context);
-+#endif
 static int init_etm(SSL *s, unsigned int context);
 static int init_ems(SSL *s, unsigned int context);
 static int final_ems(SSL *s, unsigned int context, int sent);
@ -20,11 +18,10 @@ diff -up openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg openssl-1.1.1k/ssl
         tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats,
         final_ec_pt_formats
     },
-@@ -1164,6 +1165,17 @@ static int init_srp(SSL *s, unsigned int
+@@ -1164,6 +1165,15 @@ static int init_srp(SSL *s, unsigned int
 }
 #endif
 
-+#ifndef OPENSSL_NO_EC
 +static int init_ec_point_formats(SSL *s, unsigned int context)
 +{
 +	    OPENSSL_free(s->ext.peer_ecpointformats);
@ -33,7 +30,6 @@ diff -up openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg openssl-1.1.1k/ssl
 +
 +	    return 1;
 +}
-+#endif
 +
 static int init_etm(SSL *s, unsigned int context)
 {
--- a/SOURCES/openssl-1.1.1-conf-paths.patch
+++ b/SOURCES/openssl-1.1.1-conf-paths.patch
--- a/SOURCES/openssl-1.1.1-cve-2022-0778.patch
+++ b/SOURCES/openssl-1.1.1-cve-2022-0778.patch
--- a/SOURCES/openssl-1.1.1-cve-2022-1292.patch
+++ b/SOURCES/openssl-1.1.1-cve-2022-1292.patch
--- a/SOURCES/openssl-1.1.1-cve-2022-2068.patch
+++ b/SOURCES/openssl-1.1.1-cve-2022-2068.patch
--- a/SOURCES/openssl-1.1.1-cve-2022-2097.patch
+++ b/SOURCES/openssl-1.1.1-cve-2022-2097.patch
--- a/SOURCES/openssl-1.1.1-cve-2022-4304-RSA-oracle.patch
+++ b/SOURCES/openssl-1.1.1-cve-2022-4304-RSA-oracle.patch
--- a/SOURCES/openssl-1.1.1-cve-2022-4450-PEM-bio.patch
+++ b/SOURCES/openssl-1.1.1-cve-2022-4450-PEM-bio.patch
--- a/SOURCES/openssl-1.1.1-cve-2023-0215-BIO-UAF.patch
+++ b/SOURCES/openssl-1.1.1-cve-2023-0215-BIO-UAF.patch
--- a/SOURCES/openssl-1.1.1-cve-2023-0286-X400.patch
+++ b/SOURCES/openssl-1.1.1-cve-2023-0286-X400.patch
--- a/SOURCES/openssl-1.1.1-cve-2023-3446.patch
+++ b/SOURCES/openssl-1.1.1-cve-2023-3446.patch
--- a/SOURCES/openssl-1.1.1-cve-2023-3817.patch
+++ b/SOURCES/openssl-1.1.1-cve-2023-3817.patch
--- a/SOURCES/openssl-1.1.1-cve-2023-5678.patch
+++ b/SOURCES/openssl-1.1.1-cve-2023-5678.patch
--- a/SOURCES/openssl-1.1.1-defaults.patch
+++ b/SOURCES/openssl-1.1.1-defaults.patch
--- a/SOURCES/openssl-1.1.1-detected-addr-ipv6.patch
+++ b/SOURCES/openssl-1.1.1-detected-addr-ipv6.patch
--- a/SOURCES/openssl-1.1.1-ec-curves.patch
+++ b/SOURCES/openssl-1.1.1-ec-curves.patch
--- a/SOURCES/openssl-1.1.1-edk2-build.patch
+++ b/SOURCES/openssl-1.1.1-edk2-build.patch
--- a/SOURCES/openssl-1.1.1-evp-kdf.patch
+++ b/SOURCES/openssl-1.1.1-evp-kdf.patch
--- a/SOURCES/openssl-1.1.1-fips-crng-test.patch
+++ b/SOURCES/openssl-1.1.1-fips-crng-test.patch
--- a/SOURCES/openssl-1.1.1-fips-curves.patch
+++ b/SOURCES/openssl-1.1.1-fips-curves.patch
--- a/SOURCES/openssl-1.1.1-fips-dh.patch
+++ b/SOURCES/openssl-1.1.1-fips-dh.patch
--- a/SOURCES/openssl-1.1.1-fips-drbg-selftest.patch
+++ b/SOURCES/openssl-1.1.1-fips-drbg-selftest.patch
--- a/SOURCES/openssl-1.1.1-fips-post-rand.patch
+++ b/SOURCES/openssl-1.1.1-fips-post-rand.patch
--- a/SOURCES/openssl-1.1.1-fips.patch
+++ b/SOURCES/openssl-1.1.1-fips.patch
--- a/SOURCES/openssl-1.1.1-fix-ssl-select-next-proto.patch
+++ b/SOURCES/openssl-1.1.1-fix-ssl-select-next-proto.patch
--- a/SOURCES/openssl-1.1.1-intel-cet.patch
+++ b/SOURCES/openssl-1.1.1-intel-cet.patch
--- a/SOURCES/openssl-1.1.1-kdf-selftest.patch
+++ b/SOURCES/openssl-1.1.1-kdf-selftest.patch
--- a/SOURCES/openssl-1.1.1-krb5-kdf.patch
+++ b/SOURCES/openssl-1.1.1-krb5-kdf.patch
--- a/SOURCES/openssl-1.1.1-man-rename.patch
+++ b/SOURCES/openssl-1.1.1-man-rename.patch
--- a/SOURCES/openssl-1.1.1-no-brainpool.patch
+++ b/SOURCES/openssl-1.1.1-no-brainpool.patch
--- a/SOURCES/openssl-1.1.1-no-html.patch
+++ b/SOURCES/openssl-1.1.1-no-html.patch
--- a/SOURCES/openssl-1.1.1-no-weak-verify.patch
+++ b/SOURCES/openssl-1.1.1-no-weak-verify.patch
--- a/SOURCES/openssl-1.1.1-pkcs1-implicit-rejection.patch
+++ b/SOURCES/openssl-1.1.1-pkcs1-implicit-rejection.patch
--- a/SOURCES/openssl-1.1.1-read-buff.patch
+++ b/SOURCES/openssl-1.1.1-read-buff.patch
--- a/SOURCES/openssl-1.1.1-replace-expired-certs.patch
+++ b/SOURCES/openssl-1.1.1-replace-expired-certs.patch
--- a/SOURCES/openssl-1.1.1-rewire-fips-drbg.patch
+++ b/SOURCES/openssl-1.1.1-rewire-fips-drbg.patch
--- a/SOURCES/openssl-1.1.1-s390x-aes-tests.patch
+++ b/SOURCES/openssl-1.1.1-s390x-aes-tests.patch
--- a/SOURCES/openssl-1.1.1-s390x-aes.patch
+++ b/SOURCES/openssl-1.1.1-s390x-aes.patch
--- a/SOURCES/openssl-1.1.1-s390x-ecc.patch
+++ b/SOURCES/openssl-1.1.1-s390x-ecc.patch
--- a/SOURCES/openssl-1.1.1-s390x-update.patch
+++ b/SOURCES/openssl-1.1.1-s390x-update.patch
--- a/SOURCES/openssl-1.1.1-seclevel.patch
+++ b/SOURCES/openssl-1.1.1-seclevel.patch
--- a/SOURCES/openssl-1.1.1-servername-cb.patch
+++ b/SOURCES/openssl-1.1.1-servername-cb.patch
--- a/SOURCES/openssl-1.1.1-ssh-kdf.patch
+++ b/SOURCES/openssl-1.1.1-ssh-kdf.patch
--- a/SOURCES/openssl-1.1.1-sslv3-keep-abi.patch
+++ b/SOURCES/openssl-1.1.1-sslv3-keep-abi.patch
--- a/SOURCES/openssl-1.1.1-system-cipherlist.patch
+++ b/SOURCES/openssl-1.1.1-system-cipherlist.patch
--- a/SOURCES/openssl-1.1.1-tls13-curves.patch
+++ b/SOURCES/openssl-1.1.1-tls13-curves.patch
--- a/SOURCES/openssl-1.1.1-ts-sha256-default.patch
+++ b/SOURCES/openssl-1.1.1-ts-sha256-default.patch
--- a/SOURCES/openssl-1.1.1-version-add-engines.patch
+++ b/SOURCES/openssl-1.1.1-version-add-engines.patch
--- a/SOURCES/openssl-1.1.1-version-override.patch
+++ b/SOURCES/openssl-1.1.1-version-override.patch
--- a/SOURCES/openssl-1.1.1-weak-ciphers.patch
+++ b/SOURCES/openssl-1.1.1-weak-ciphers.patch
--- a/SOURCES/opensslconf-new-warning.h
+++ b/SOURCES/opensslconf-new-warning.h
--- a/SOURCES/opensslconf-new.h
+++ b/SOURCES/opensslconf-new.h
--- a/SOURCES/renew-dummy-cert
+++ b/SOURCES/renew-dummy-cert
--- a/SPECS/openssl.spec
+++ b/SPECS/openssl.spec
@ -22,7 +22,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.1.1k
-Release: 13%{?dist}
+Release: 14%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@ -99,7 +99,7 @@ Patch107: openssl-1.1.1-cve-2023-5678.patch
 # Backport from OpenSSL 3.2/RHEL 9
 # Proper fix for CVE-2020-25659
 Patch108: openssl-1.1.1-pkcs1-implicit-rejection.patch
-# Backport from OpenSSL 3.0
+# Backport from OpenSSL 3.2
 # Fix for CVE-2024-5535
 Patch109: openssl-1.1.1-fix-ssl-select-next-proto.patch

@ -519,54 +519,52 @@ export LD_LIBRARY_PATH
 %postun libs -p /sbin/ldconfig

 %changelog
-* Mon Sep 16 2024 Maurizio Barbaro <mbarbaro@redhat.com> - 1:1.1.1k-13
- Backport fix SSL_select_next proto from OpenSSL 3.2  
+* Tue Sep 17 2024 Maurizio Barbaro <mbarbaro@redhat.com> - 1:1.1.1k-14
+- Backport fix SSL_select_next proto from OpenSSL 3.2
  Fix CVE-2024-5535 
  Resolves: RHEL-45654

 * Thu Nov 30 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-12
 - Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series
  (a proper fix for CVE-2020-25659)
-  Resolves: RHEL-17696
+  Resolves: RHEL-17694

 * Wed Nov 15 2023 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-11
 - Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking
  excessively long X9.42 DH keys or parameters may be very slow
-  Resolves: RHEL-16538
+  Resolves: RHEL-16536

 * Thu Oct 19 2023 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-10
 - Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters
-  Resolves: RHEL-14245
+  Resolves: RHEL-14243
 - Fix CVE-2023-3817: Excessive time spent checking DH q parameter value
-  Resolves: RHEL-14239
+  Resolves: RHEL-14237

-* Wed Feb 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-9
+* Thu May 04 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-9
 - Fixed Timing Oracle in RSA Decryption
  Resolves: CVE-2022-4304
 - Fixed Double free after calling PEM_read_bio_ex
  Resolves: CVE-2022-4450
 - Fixed Use-after-free following BIO_new_NDEF
  Resolves: CVE-2023-0215
+
+* Wed Feb 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-8
 - Fixed X.400 address type confusion in X.509 GeneralName
  Resolves: CVE-2023-0286

-* Thu Jul 21 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-8
- Fix no-ec build
-  Resolves: rhbz#2071020
-
 * Tue Jul 05 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-7
 - Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
  Resolves: CVE-2022-2097
 - Update expired certificates used in the testsuite
-  Resolves: rhbz#2092462
+  Resolves: rhbz#2100554
 - Fix CVE-2022-1292: openssl: c_rehash script allows command injection
-  Resolves: rhbz#2090372
+  Resolves: rhbz#2090371
 - Fix CVE-2022-2068: the c_rehash script allows command injection
-  Resolves: rhbz#2098279
+  Resolves: rhbz#2098278

 * Wed Mar 23 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-6
 - Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
- Resolves: rhbz#2067146
+- Resolves: rhbz#2067145

 * Tue Nov 16 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-5
 - Fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings
--- a/15
+++ b/15
@ -1,15 +0,0 @@
-#!/bin/sh
-# Fixes patch from upstream tracker view
-gawk '
-BEGIN {
-   dir=""
-}
-/^Index: openssl\// {
-   dir = $2
-}
-/^(---|\+\+\+)/ {
-   $2 = dir
-}
-{
-   print
-}'
--- a/gating.yaml
+++ b/gating.yaml
@ -1,9 +0,0 @@
--- !Policy
-product_versions:
-  - rhel-8
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
-  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
-  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.userspace-fips-mode.functional}
-  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation}
--- a/openssl-1.1.1-ignore-bound.patch
+++ b/openssl-1.1.1-ignore-bound.patch
@ -1,14 +0,0 @@
-Do not return failure when setting version bound on fixed protocol
-version method.
-diff -up openssl-1.1.1-pre8/ssl/statem/statem_lib.c.ignore-bound openssl-1.1.1-pre8/ssl/statem/statem_lib.c
--- openssl-1.1.1-pre8/ssl/statem/statem_lib.c.ignore-bound	2018-06-20 16:48:13.000000000 +0200
-+++ openssl-1.1.1-pre8/ssl/statem/statem_lib.c	2018-08-13 11:07:52.826304045 +0200
-@@ -1595,7 +1595,7 @@ int ssl_set_version_bound(int method_ver
-          * methods are not subject to controls that disable individual protocol
-          * versions.
-          */
-        return 0;
-+        return 1;
- 
-     case TLS_ANY_VERSION:
-         if (version < SSL3_VERSION || version > TLS_MAX_VERSION)
--- a/1
+++ b/1
@ -1 +0,0 @@
-SHA512 (openssl-1.1.1k-hobbled.tar.xz) = dd48b6200bcda1938c362888789bf0dbac7dbcc80b15a32794e25f6cbe8f727b6f8d1302a2bc43708da79124db9e5a5d27446ec1c91cf1e270aba1d8664d65d8
--- a/tests/simple-rsapss-test/Makefile
+++ b/tests/simple-rsapss-test/Makefile
@ -1,63 +0,0 @@
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Makefile of /CoreOS/openssl/Sanity/simple-rsapss-test
-#   Description: Test if RSA-PSS signature scheme is supported
-#   Author: Hubert Kario <hkario@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-export TEST=/CoreOS/openssl/Sanity/simple-rsapss-test
-export TESTVERSION=1.0
-
-BUILT_FILES=
-
-FILES=$(METADATA) runtest.sh Makefile PURPOSE
-
-.PHONY: all install download clean
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	test -x runtest.sh || chmod a+x runtest.sh
-
-clean:
-	rm -f *~ $(BUILT_FILES)
-
-
-include /usr/share/rhts/lib/rhts-make.include
-
-$(METADATA): Makefile
-	@echo "Owner:           Hubert Kario <hkario@redhat.com>" > $(METADATA)
-	@echo "Name:            $(TEST)" >> $(METADATA)
-	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
-	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
-	@echo "Description:     Test if RSA-PSS signature scheme is supported" >> $(METADATA)
-	@echo "Type:            Sanity" >> $(METADATA)
-	@echo "TestTime:        1m" >> $(METADATA)
-	@echo "RunFor:          openssl" >> $(METADATA)
-	@echo "Requires:        openssl man man-db" >> $(METADATA)
-	@echo "Priority:        Normal" >> $(METADATA)
-	@echo "License:         GPLv2" >> $(METADATA)
-	@echo "Confidential:    no" >> $(METADATA)
-	@echo "Destructive:     no" >> $(METADATA)
-
-	rhts-lint $(METADATA)
--- a/tests/simple-rsapss-test/PURPOSE
+++ b/tests/simple-rsapss-test/PURPOSE
@ -1,3 +0,0 @@
-PURPOSE of /CoreOS/openssl/Sanity/simple-rsapss-test
-Description: Test if RSA-PSS signature scheme is supported
-Author: Hubert Kario <hkario@redhat.com>
--- a/tests/simple-rsapss-test/runtest.sh
+++ b/tests/simple-rsapss-test/runtest.sh
@ -1,74 +0,0 @@
-#!/bin/bash
-# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   runtest.sh of /CoreOS/openssl/Sanity/simple-rsapss-test
-#   Description: Test if RSA-PSS signature scheme is supported
-#   Author: Hubert Kario <hkario@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-# Include Beaker environment
-. /usr/share/beakerlib/beakerlib.sh || exit 1
-
-PACKAGE="openssl"
-
-PUB_KEY="rsa_pubkey.pem"
-PRIV_KEY="rsa_key.pem"
-FILE="text.txt"
-SIG="text.sig"
-
-rlJournalStart
-    rlPhaseStartSetup
-        rlAssertRpm $PACKAGE
-        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
-        rlRun "pushd $TmpDir"
-        rlRun "openssl genrsa -out $PRIV_KEY 2048" 0 "Generate RSA key"
-        rlRun "openssl rsa -in $PRIV_KEY -out $PUB_KEY -pubout" 0 "Split the public key from private key"
-        rlRun "echo 'sign me!' > $FILE" 0 "Create file for signing"
-        rlAssertExists $FILE
-        rlAssertExists $PRIV_KEY
-        rlAssertExists $PUB_KEY
-    rlPhaseEnd
-
-    rlPhaseStartTest "Test RSA-PSS padding mode"
-        set -o pipefail
-        rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -out $SIG -sign $PRIV_KEY $FILE" 0 "Sign the file"
-        rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -prverify $PRIV_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using the private key file"
-        rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -verify $PUB_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using public key file"
-        rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -prverify $PRIV_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using the private key file without specifying salt length"
-        rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -verify $PUB_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using public key file without specifying salt length"
-        set +o pipefail
-        rlRun "sed -i 's/sign/Sign/' $FILE" 0 "Modify signed file"
-        rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -verify $PUB_KEY -signature $SIG $FILE | grep 'Verification Failure'" 0 "Verify that the signature is no longer valid"
-    rlPhaseEnd
-
-    rlPhaseStartTest "Documentation check"
-        [ -e "$(rpm -ql openssl | grep dgst)"] && rlRun "man dgst | col -b | grep -- -sigopt" 0 "Check if -sigopt option is described in man page"
-        rlRun "openssl dgst -help 2>&1 | grep -- -sigopt" 0 "Check if -sigopt option is present in help message"
-    rlPhaseEnd
-
-    rlPhaseStartCleanup
-        rlRun "popd"
-        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
-    rlPhaseEnd
-rlJournalPrintText
-rlJournalEnd
--- a/tests/tests.yml
+++ b/tests/tests.yml
@ -1,15 +0,0 @@
---
-# This first play always runs on the local staging system
- hosts: localhost
-  roles:
-  - role: standard-test-beakerlib
-    tags:
-    - classic
-    - container
-    tests:
-    - simple-rsapss-test
-    required_packages:
-    - findutils         # beakerlib needs find command
-    - man               # needed by simple-rsapss-test
-    - man-db            # needed by simple-rsapss-test
-    - openssl           # needed by simple-rsapss-test
				`@ -0,0 +1 @@`
				`6fde639a66329f2cd9135eb192f2228f2a402c0e SOURCES/openssl-1.1.1k-hobbled.tar.xz`
				`@ -1 +0,0 @@`
				`SHA512 (openssl-1.1.1k-hobbled.tar.xz) = dd48b6200bcda1938c362888789bf0dbac7dbcc80b15a32794e25f6cbe8f727b6f8d1302a2bc43708da79124db9e5a5d27446ec1c91cf1e270aba1d8664d65d8`