diff --git a/0017-FIPS-embed-hmac.patch b/0017-FIPS-embed-hmac.patch index 484a75e78a82e0e24b9716a178defa366406f636..d83ad3f181f795b64d02b893cce0fbb8273b2b5f 100644 --- a/0017-FIPS-embed-hmac.patch +++ b/0017-FIPS-embed-hmac.patch @@ -1,7 +1,8 @@ -diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/providers/fips/self_test.c ---- openssl-3.0.7/providers/fips/self_test.c.embed-hmac 2023-01-05 10:03:44.864869710 +0100 -+++ openssl-3.0.7/providers/fips/self_test.c 2023-01-05 10:15:17.041606472 +0100 -@@ -172,11 +172,27 @@ DEP_FINI_ATTRIBUTE void cleanup(void) +diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c +index ca5b3b5..922ba20 100644 +--- a/providers/fips/self_test.c ++++ b/providers/fips/self_test.c +@@ -170,11 +170,27 @@ DEP_FINI_ATTRIBUTE void cleanup(void) } #endif @@ -29,7 +30,7 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb, unsigned char *expected, size_t expected_len, OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev, -@@ -189,9 +205,20 @@ static int verify_integrity(OSSL_CORE_BI +@@ -187,9 +203,20 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex EVP_MAC *mac = NULL; EVP_MAC_CTX *ctx = NULL; OSSL_PARAM params[2], *p = params; @@ -50,7 +51,7 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL); if (mac == NULL) goto err; -@@ -205,13 +233,42 @@ static int verify_integrity(OSSL_CORE_BI +@@ -203,13 +230,42 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params)) goto err; @@ -58,12 +59,12 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi - status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read); + while ((off + INTEGRITY_BUF_SIZE) <= paddr) { + status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); - if (status != 1) - break; - if (!EVP_MAC_update(ctx, buf, bytes_read)) - goto err; ++ if (status != 1) ++ break; ++ if (!EVP_MAC_update(ctx, buf, bytes_read)) ++ goto err; + off += bytes_read; - } ++ } + + if (off + INTEGRITY_BUF_SIZE > paddr) { + int delta = paddr - off; @@ -85,18 +86,18 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi + + while (bytes_read > 0) { + status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); -+ if (status != 1) -+ break; -+ if (!EVP_MAC_update(ctx, buf, bytes_read)) -+ goto err; + if (status != 1) + break; + if (!EVP_MAC_update(ctx, buf, bytes_read)) + goto err; + off += bytes_read; -+ } + } + if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out))) goto err; -@@ -285,8 +342,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS - CRYPTO_THREAD_unlock(fips_state_lock); +@@ -270,8 +326,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) + return 0; } - if (st == NULL @@ -105,7 +106,7 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA); goto end; } -@@ -305,8 +361,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS +@@ -280,8 +335,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) if (ev == NULL) goto end; @@ -117,7 +118,7 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi if (module_checksum == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA); goto end; -@@ -356,7 +413,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS +@@ -343,7 +399,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) ok = 1; end: OSSL_SELF_TEST_free(ev); @@ -125,10 +126,11 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi OPENSSL_free(indicator_checksum); if (st != NULL) { -diff -ruN openssl-3.0.0/test/recipes/00-prep_fipsmodule_cnf.t openssl-3.0.0-xxx/test/recipes/00-prep_fipsmodule_cnf.t ---- openssl-3.0.0/test/recipes/00-prep_fipsmodule_cnf.t 2021-09-07 13:46:32.000000000 +0200 -+++ openssl-3.0.0-xxx/test/recipes/00-prep_fipsmodule_cnf.t 2021-11-18 09:39:53.386817874 +0100 -@@ -20,7 +20,7 @@ +diff --git a/test/recipes/00-prep_fipsmodule_cnf.t b/test/recipes/00-prep_fipsmodule_cnf.t +index 8d53e8a..13b2dc3 100644 +--- a/test/recipes/00-prep_fipsmodule_cnf.t ++++ b/test/recipes/00-prep_fipsmodule_cnf.t +@@ -20,7 +20,7 @@ use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); use platform; @@ -137,10 +139,11 @@ diff -ruN openssl-3.0.0/test/recipes/00-prep_fipsmodule_cnf.t openssl-3.0.0-xxx/ plan skip_all => "FIPS module config file only supported in a fips build" if $no_check; -diff -ruN openssl-3.0.0/test/recipes/01-test_fipsmodule_cnf.t openssl-3.0.0-xxx/test/recipes/01-test_fipsmodule_cnf.t ---- openssl-3.0.0/test/recipes/01-test_fipsmodule_cnf.t 2021-09-07 13:46:32.000000000 +0200 -+++ openssl-3.0.0-xxx/test/recipes/01-test_fipsmodule_cnf.t 2021-11-18 09:59:02.315619486 +0100 -@@ -23,7 +23,7 @@ +diff --git a/test/recipes/01-test_fipsmodule_cnf.t b/test/recipes/01-test_fipsmodule_cnf.t +index ce59481..00cebac 100644 +--- a/test/recipes/01-test_fipsmodule_cnf.t ++++ b/test/recipes/01-test_fipsmodule_cnf.t +@@ -23,7 +23,7 @@ use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); use platform; @@ -149,10 +152,11 @@ diff -ruN openssl-3.0.0/test/recipes/01-test_fipsmodule_cnf.t openssl-3.0.0-xxx/ plan skip_all => "Test only supported in a fips build" if $no_check; plan tests => 1; -diff -ruN openssl-3.0.0/test/recipes/03-test_fipsinstall.t openssl-3.0.0-xxx/test/recipes/03-test_fipsinstall.t ---- openssl-3.0.0/test/recipes/03-test_fipsinstall.t 2021-09-07 13:46:32.000000000 +0200 -+++ openssl-3.0.0-xxx/test/recipes/03-test_fipsinstall.t 2021-11-18 09:59:55.365072074 +0100 -@@ -22,7 +22,7 @@ +diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t +index c39b2ce..e6ff95c 100644 +--- a/test/recipes/03-test_fipsinstall.t ++++ b/test/recipes/03-test_fipsinstall.t +@@ -22,7 +22,7 @@ use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); use platform; @@ -161,22 +165,24 @@ diff -ruN openssl-3.0.0/test/recipes/03-test_fipsinstall.t openssl-3.0.0-xxx/tes plan tests => 29; -diff -ruN openssl-3.0.0/test/recipes/30-test_defltfips.t openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t ---- openssl-3.0.0/test/recipes/30-test_defltfips.t 2021-09-07 13:46:32.000000000 +0200 -+++ openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t 2021-11-18 10:22:54.179659682 +0100 -@@ -21,7 +21,7 @@ - use lib srctop_dir('Configurations'); - use lib bldtop_dir('.'); +diff --git a/test/recipes/30-test_defltfips.t b/test/recipes/30-test_defltfips.t +index c8f1454..56a2ec5 100644 +--- a/test/recipes/30-test_defltfips.t ++++ b/test/recipes/30-test_defltfips.t +@@ -24,7 +24,7 @@ use lib bldtop_dir('.'); + plan skip_all => "Configuration loading is turned off" + if disabled("autoload-config"); -my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); +my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0); plan tests => ($no_fips ? 1 : 5); -diff -ruN openssl-3.0.0/test/recipes/80-test_ssl_new.t openssl-3.0.0-xxx/test/recipes/80-test_ssl_new.t ---- openssl-3.0.0/test/recipes/80-test_ssl_new.t 2021-09-07 13:46:32.000000000 +0200 -+++ openssl-3.0.0-xxx/test/recipes/80-test_ssl_new.t 2021-11-18 10:18:53.391721164 +0100 -@@ -23,7 +23,7 @@ +diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t +index fe03607..46ee670 100644 +--- a/test/recipes/80-test_ssl_new.t ++++ b/test/recipes/80-test_ssl_new.t +@@ -27,7 +27,7 @@ setup("test_ssl_new"); use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); @@ -185,10 +191,11 @@ diff -ruN openssl-3.0.0/test/recipes/80-test_ssl_new.t openssl-3.0.0-xxx/test/re $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs"); -diff -ruN openssl-3.0.0/test/recipes/90-test_sslapi.t openssl-3.0.0-xxx/test/recipes/90-test_sslapi.t ---- openssl-3.0.0/test/recipes/90-test_sslapi.t 2021-11-18 10:32:17.734196705 +0100 -+++ openssl-3.0.0-xxx/test/recipes/90-test_sslapi.t 2021-11-18 10:18:30.695538445 +0100 -@@ -18,7 +18,7 @@ +diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t +index 854c8d0..3d23f08 100644 +--- a/test/recipes/90-test_sslapi.t ++++ b/test/recipes/90-test_sslapi.t +@@ -18,7 +18,7 @@ setup("test_sslapi"); use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); diff --git a/openssl-3.0.9.tar.gz b/openssl-3.0.11.tar.gz similarity index 63% rename from openssl-3.0.9.tar.gz rename to openssl-3.0.11.tar.gz index 5c2971456306505e6f24ddd425ceed9946fa48cf..6900008e3a7ec32e4c3aa1540ee7b06239c229d5 100644 Binary files a/openssl-3.0.9.tar.gz and b/openssl-3.0.11.tar.gz differ diff --git a/openssl.spec b/openssl.spec index c72e7e29341075633784787032276c28a189893d..c478fe3b3d161af9adf91799966517883b7d87e4 100644 --- a/openssl.spec +++ b/openssl.spec @@ -19,7 +19,7 @@ print(string.sub(hash, 0, 16)) %define __provides_exclude_from %{_libdir}/openssl Name: openssl -Version: 3.0.9 +Version: 3.0.11 Release: %{anolis_release}%{?dist} Epoch: 1 Summary: Utilities from the general purpose cryptography library with TLS implementation @@ -298,6 +298,9 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/{openssl.cnf.dist,ct_log_list.cnf.di %doc NEWS.md README.md %changelog +* Tue Sep 19 2023 Funda Wang - 1:3.0.11-1 +- New version 3.0.11 + * Wed May 31 2023 Funda Wang - 1:3.0.9-1 - New version 3.0.9