rpms / openssl

Clone
Source Code
GIT

#49 Rebase to upstream version 3.1.4
Merged 6 months ago by saprasad. Opened 6 months ago by saprasad.
rpms/ saprasad/openssl rawhide  into  rawhide

file modified
+1 
@@ -59,3 +59,4 @@ 
 

  /openssl-3.0.8-hobbled.tar.gz
 

  /openssl-3.0.8.tar.gz
 

  /openssl-3.1.1.tar.gz
 

+ /openssl-3.1.4.tar.gz

file modified
+13 -9 
@@ -1,18 +1,22 @@ 
 

- From 3d5755df8d09ca841c0aca2d7344db060f6cc97f Mon Sep 17 00:00:00 2001
 

- From: Tomas Mraz <tmraz@fedoraproject.org>
 

- Date: Thu, 24 Sep 2020 09:05:55 +0200
 

- Subject: Do not install html docs
 

+ From a3e7963320ba44e96a60b389fccb8e1cccc30674 Mon Sep 17 00:00:00 2001
 

+ From: rpm-build <rpm-build>
 

+ Date: Thu, 19 Oct 2023 13:12:39 +0200
 

+ Subject: [PATCH 03/46] 0003-Do-not-install-html-docs.patch
 

  

- (was openssl-1.1.1-no-html.patch)
 

+ Patch-name: 0003-Do-not-install-html-docs.patch
 

+ Patch-id: 3
 

+ Patch-status: |
 

+     # # Do not install html docs
 

+ From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911
 

  ---
 

   Configurations/unix-Makefile.tmpl | 2 +-
 

   1 file changed, 1 insertion(+), 1 deletion(-)
 

  

  diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
 

- index 342e46d24d..9f369edf0e 100644
 

+ index a48fae5fb8..56b42926e7 100644
 

  --- a/Configurations/unix-Makefile.tmpl
 

  +++ b/Configurations/unix-Makefile.tmpl
 

- @@ -554,7 +554,7 @@ install_sw: install_dev install_engines install_modules install_runtime
 

+ @@ -611,7 +611,7 @@ install_sw: install_dev install_engines install_modules install_runtime
 

   

   uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev
 

   
@@ -20,7 +24,7 @@ 
 

  +install_docs: install_man_docs
 

   

   uninstall_docs: uninstall_man_docs uninstall_html_docs
 

-  	$(RM) -r $(DESTDIR)$(DOCDIR)
 

+  	$(RM) -r "$(DESTDIR)$(DOCDIR)"
 

  -- 

- 2.26.2
 

+ 2.41.0

file modified
+17 -17 
@@ -1,13 +1,13 @@ 
 

- From ed02a8b9e767224dc7512a4a176e4aae045b3573 Mon Sep 17 00:00:00 2001
 

+ From e364a858262c8f563954544cc81e66f1b3b8db8c Mon Sep 17 00:00:00 2001
 

  From: rpm-build <rpm-build>
 

- Date: Mon, 31 Jul 2023 09:41:28 +0200
 

+ Date: Thu, 19 Oct 2023 13:12:40 +0200
 

  Subject: [PATCH 16/46] 0033-FIPS-embed-hmac.patch
 

  

  Patch-name: 0033-FIPS-embed-hmac.patch
 

  Patch-id: 33
 

  Patch-status: |
 

-     # Embed HMAC into the fips.so
 

- From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
 

+     # # Embed HMAC into the fips.so
 

+ From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911
 

  ---
 

   providers/fips/self_test.c            | 70 ++++++++++++++++++++++++---
 

   test/fipsmodule.cnf                   |  2 +
 
@@ -21,10 +21,10 @@ 
 

   create mode 100644 test/fipsmodule.cnf
 

  

  diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
 

- index 10804d9f59..5e418a2c11 100644
 

+ index b8dc9817b2..e3a629018a 100644
 

  --- a/providers/fips/self_test.c
 

  +++ b/providers/fips/self_test.c
 

- @@ -231,11 +231,27 @@ err:
 

+ @@ -230,11 +230,27 @@ err:
 

       return ok;
 

   }
 

   
@@ -52,7 +52,7 @@ 
 

   static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
 

                               unsigned char *expected, size_t expected_len,
 

                               OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
 

- @@ -248,12 +264,23 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
 

+ @@ -247,12 +263,23 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
 

       EVP_MAC *mac = NULL;
 

       EVP_MAC_CTX *ctx = NULL;
 

       OSSL_PARAM params[2], *p = params;
 
@@ -76,7 +76,7 @@ 
 

       mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
 

       if (mac == NULL)
 

           goto err;
 

- @@ -267,13 +294,42 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
 

+ @@ -266,13 +293,42 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
 

       if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params))
 

           goto err;
 

   
@@ -121,7 +121,7 @@ 
 

       if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out)))
 

           goto err;
 

   

- @@ -283,6 +339,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
 

+ @@ -282,6 +338,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
 

           goto err;
 

       ret = 1;
 

   err:
 
@@ -129,8 +129,8 @@ 
 

       OSSL_SELF_TEST_onend(ev, ret);
 

       EVP_MAC_CTX_free(ctx);
 

       EVP_MAC_free(mac);
 

- @@ -349,8 +406,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
 

-          CRYPTO_THREAD_unlock(fips_state_lock);
 

+ @@ -335,8 +392,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
 

+          return 0;
 

       }
 

   

  -    if (st == NULL
 
@@ -139,7 +139,7 @@ 
 

           ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
 

           goto end;
 

       }
 

- @@ -359,8 +415,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
 

+ @@ -345,8 +401,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
 

       if (ev == NULL)
 

           goto end;
 

   
@@ -151,7 +151,7 @@ 
 

       if (module_checksum == NULL) {
 

           ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
 

           goto end;
 

- @@ -434,7 +491,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
 

+ @@ -420,7 +477,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
 

   end:
 

       EVP_RAND_free(testrand);
 

       OSSL_SELF_TEST_free(ev);
 
@@ -207,12 +207,12 @@ 
 

   # Compatible options for pedantic FIPS compliance
 

   my @pedantic_okay =
 

  diff --git a/test/recipes/30-test_defltfips.t b/test/recipes/30-test_defltfips.t
 

- index 426bd660d1..6dc514936b 100644
 

+ index c8f145405b..56a2ec5dc4 100644
 

  --- a/test/recipes/30-test_defltfips.t
 

  +++ b/test/recipes/30-test_defltfips.t
 

- @@ -21,7 +21,7 @@ BEGIN {
 

-  use lib srctop_dir('Configurations');
 

-  use lib bldtop_dir('.');
 

+ @@ -24,7 +24,7 @@ use lib bldtop_dir('.');
 

+  plan skip_all => "Configuration loading is turned off"
 

+      if disabled("autoload-config");
 

   

  -my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
 

  +my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0);

file modified
+10 -10 
@@ -1,22 +1,22 @@ 
 

- From 0242c0317b7c7874148c456aaab1e8eeb156d7c1 Mon Sep 17 00:00:00 2001
 

+ From ba6e65e2f7e7fe8d9cd62e1e7e345bc41dda424f Mon Sep 17 00:00:00 2001
 

  From: rpm-build <rpm-build>
 

- Date: Mon, 31 Jul 2023 09:41:28 +0200
 

- Subject: [PATCH 22/35] 0047-FIPS-early-KATS.patch
 

+ Date: Thu, 19 Oct 2023 13:12:40 +0200
 

+ Subject: [PATCH 21/46] 0047-FIPS-early-KATS.patch
 

  

  Patch-name: 0047-FIPS-early-KATS.patch
 

  Patch-id: 47
 

  Patch-status: |
 

-     # Execute KATS before HMAC verification
 

- From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
 

+     # # Execute KATS before HMAC verification
 

+ From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911
 

  ---
 

   providers/fips/self_test.c | 22 ++++++++++------------
 

   1 file changed, 10 insertions(+), 12 deletions(-)
 

  

  diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
 

- index ef56002854..062d9df84a 100644
 

+ index e3a629018a..3c09bd8638 100644
 

  --- a/providers/fips/self_test.c
 

  +++ b/providers/fips/self_test.c
 

- @@ -414,6 +414,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
 

+ @@ -401,6 +401,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
 

       if (ev == NULL)
 

           goto end;
 

   
@@ -33,7 +33,7 @@ 
 

       module_checksum = fips_hmac_container;
 

       checksum_len = sizeof(fips_hmac_container);
 

   

- @@ -464,18 +474,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
 

+ @@ -451,18 +461,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
 

           }
 

       }
 

   
@@ -50,8 +50,8 @@ 
 

  -    }
 

  -
 

       /* Verify that the RNG has been restored properly */
 

-      testrand = EVP_RAND_fetch(st->libctx, "TEST-RAND", NULL);
 

-      if (testrand == NULL
 

+      rng = ossl_rand_get0_private_noncreating(st->libctx);
 

+      if (rng != NULL)
 

  -- 

  2.41.0

file modified
+16 -16 
@@ -1,13 +1,13 @@ 
 

- From a0d7a92474123c1fb11e13491d2d37f6c43321b0 Mon Sep 17 00:00:00 2001
 

+ From a4ca1cac6b38efe0de1d8afb506cea29f8c60aec Mon Sep 17 00:00:00 2001
 

  From: rpm-build <rpm-build>
 

- Date: Mon, 31 Jul 2023 09:41:29 +0200
 

- Subject: [PATCH 35/48] 0079-RSA-PKCS15-implicit-rejection.patch
 

+ Date: Thu, 19 Oct 2023 13:12:41 +0200
 

+ Subject: [PATCH 34/46] 0079-RSA-PKCS15-implicit-rejection.patch
 

  

  Patch-name: 0079-RSA-PKCS15-implicit-rejection.patch
 

  Patch-id: 79
 

  Patch-status: |
 

-     # https://github.com/openssl/openssl/pull/13817
 

- From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
 

+     # # https://github.com/openssl/openssl/pull/13817
 

+ From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911
 

  ---
 

   crypto/cms/cms_env.c                          |   7 +
 

   crypto/evp/ctrl_params_translate.c            |   6 +
 
@@ -30,10 +30,10 @@ 
 

   18 files changed, 962 insertions(+), 8 deletions(-)
 

  

  diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
 

- index 3105d37726..58d44e1940 100644
 

+ index 99cf1dcb39..730f638969 100644
 

  --- a/crypto/cms/cms_env.c
 

  +++ b/crypto/cms/cms_env.c
 

- @@ -571,6 +571,13 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
 

+ @@ -590,6 +590,13 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
 

       if (!ossl_cms_env_asn1_ctrl(ri, 1))
 

           goto err;
 

   
@@ -48,12 +48,12 @@ 
 

                            ktri->encryptedKey->data,
 

                            ktri->encryptedKey->length) <= 0)
 

  diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
 

- index d6f8a10840..51f9a2da57 100644
 

+ index 80947b0932..b10ba41e85 100644
 

  --- a/crypto/evp/ctrl_params_translate.c
 

  +++ b/crypto/evp/ctrl_params_translate.c
 

- @@ -2256,6 +2256,12 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
 

+ @@ -2265,6 +2265,12 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
 

         EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, NULL, NULL,
 

-        OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_STRING, NULL },
 

+        OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_PTR, NULL },
 

   

  +    { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT,
 

  +      EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION, NULL,
 
@@ -515,7 +515,7 @@ 
 

    * ossl_rsa_padding_check_PKCS1_type_2_TLS() checks and removes the PKCS1 type 2
 

    * padding from a decrypted RSA message in a TLS signature. The result is stored
 

  diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
 

- index 44c819a5c3..6556a9ad28 100644
 

+ index 0bf5ac098a..81b031f81b 100644
 

  --- a/crypto/rsa/rsa_pmeth.c
 

  +++ b/crypto/rsa/rsa_pmeth.c
 

  @@ -52,6 +52,8 @@ typedef struct {
 
@@ -565,7 +565,7 @@ 
 

       }
 

       *outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret);
 

       ret = constant_time_select_int(constant_time_msb(ret), ret, 1);
 

- @@ -587,6 +597,14 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 

+ @@ -591,6 +601,14 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 

           *(unsigned char **)p2 = rctx->oaep_label;
 

           return rctx->oaep_labellen;
 

   
@@ -614,7 +614,7 @@ 
 

   

   =head1 RSA-PSS ALGORITHM
 

  diff --git a/doc/man1/openssl-rsautl.pod.in b/doc/man1/openssl-rsautl.pod.in
 

- index 186e49e5e4..eab34979de 100644
 

+ index 0a32fd965b..4c462abc8c 100644
 

  --- a/doc/man1/openssl-rsautl.pod.in
 

  +++ b/doc/man1/openssl-rsautl.pod.in
 

  @@ -105,6 +105,11 @@ The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
 
@@ -762,10 +762,10 @@ 
 

                                               size_t tlen,
 

                                               const unsigned char *from,
 

  diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
 

- index b431b9f871..f185bc9342 100644
 

+ index 6248dda659..300d1129a4 100644
 

  --- a/include/openssl/core_names.h
 

  +++ b/include/openssl/core_names.h
 

- @@ -296,6 +296,7 @@ extern "C" {
 

+ @@ -297,6 +297,7 @@ extern "C" {
 

   #define OSSL_PKEY_PARAM_DIST_ID             "distid"
 

   #define OSSL_PKEY_PARAM_PUB_KEY             "pub"
 

   #define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
 
@@ -773,7 +773,7 @@ 
 

   

   /* Diffie-Hellman/DSA Parameters */
 

   #define OSSL_PKEY_PARAM_FFC_P               "p"
 

- @@ -472,6 +473,7 @@ extern "C" {
 

+ @@ -473,6 +474,7 @@ extern "C" {
 

   #define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
 

   #define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
 

   #define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"

file modified
+8 -2 
@@ -28,8 +28,8 @@ 
 

  

  Summary: Utilities from the general purpose cryptography library with TLS implementation
 

  Name: openssl
 

- Version: 3.1.1
 

- Release: 4%{?dist}
 

+ Version: 3.1.4
 

+ Release: 1%{?dist}
 

  Epoch: 1
 

  Source: openssl-%{version}.tar.gz
 

  Source2: Makefile.certificate
 
@@ -478,6 +478,12 @@ 
 

  %ldconfig_scriptlets libs
 

  

  %changelog
 

+ * Thu Oct 26 2023 Sahana Prasad <sahana@redhat.com> - 1:3.1.4-1
 

+ - Rebase to upstream version 3.1.4
 

+ 

+ * Thu Oct 19 2023 Sahana Prasad <sahana@redhat.com> - 1:3.1.3-1
 

+ - Rebase to upstream version 3.1.3
 

+ 

  * Thu Aug 31 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.1.1-4
 

  - Drop duplicated patch and do some contamination

file modified
+1 -1 
@@ -1,1 +1,1 @@ 
 

- SHA512 (openssl-3.1.1.tar.gz) = 8ba9dd6ab87451e126c19cc106ccd1643ca48667d6c37504d0ab98205fbccf855fd0db54474b4113c4c3a15215a4ef77a039fb897a69f71bcab2054b2effd1d9
 

+ SHA512 (openssl-3.1.4.tar.gz) = 4cd204b934cf3250dad985438d7ffd98e17f5d79086b379a0022d92c66e340b0b3a0357aaf606004d7f50cfc4c8964ac34c45d7cb0735cfa68f4fec65bd9d18f

Rebase to upstream version 3.1.4

(via source-git)
Source git tree:
https://gitlab.com/fedora/src/openssl/-/tree/rawhide?ref_type=heads

Signed-off-by: Sahana Prasad sahana@redhat.com

successful scratch build:
https://koji.fedoraproject.org/koji/taskinfo?taskID=107785002

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci
https://fedora.softwarefactory-project.io/zuul/buildset/e0e04a770fa44fc3b2cf8fb1b7e7248b

Can we get rid of mostly pointless changes in openssl.spec?

rebased onto de10efa222a62c5ba8e8527ec3c4119f3d34cf2a
6 months ago

I think thse changes were automatically added by source-git. I've removed them.

Looks good to me.

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci
https://fedora.softwarefactory-project.io/zuul/buildset/c865d53bfabc4a00a1f21fcd506523d3

rebased onto e331fc1
6 months ago

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci
https://fedora.softwarefactory-project.io/zuul/buildset/e0d4f557bed04bd5895cf9abeacc1ab9

LGTM

Pull-Request has been merged by saprasad
6 months ago
Metadata
None
No Tags
Changes Summary 7
+1 -0
file changed
.gitignore
+13 -9
file changed
0003-Do-not-install-html-docs.patch
+17 -17
file changed
0033-FIPS-embed-hmac.patch
+10 -10
file changed
0047-FIPS-early-KATS.patch
+16 -16
file changed
0079-RSA-PKCS15-implicit-rejection.patch
+8 -2
file changed
openssl.spec
+1 -1
file changed
sources
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.