OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=86

2024-01-18 16:11:44 +00:00 · 2024-01-18 16:11:44 +00:00 · 376f963558
commit 376f963558
parent 7957f2e845
3 changed files with 2 additions and 50 deletions
--- a/openssl-3.changes
+++ b/openssl-3.changes
@ -16,12 +16,6 @@ Sat Jan 13 23:59:27 UTC 2024 - Pedro Monreal <pmonreal@suse.com>

 - Embed the FIPS hmac. Add openssl-FIPS-embed-hmac.patch

-------------------------------------------------------------------
-Sat Jan 13 22:52:50 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
-
- Define SUSE_OPENSSL_FIPS_VERSION for the FIPS provider
-  * Add openssl-FIPS-SUSE-version.patch
-
 -------------------------------------------------------------------
 Sat Jan 13 22:31:15 UTC 2024 - Pedro Monreal <pmonreal@suse.com>

--- a/openssl-3.spec
+++ b/openssl-3.spec
@ -59,12 +59,10 @@ Patch12:        openssl-Enable-BTI-feature-for-md5-on-aarch64.patch
 Patch13:        openssl-CVE-2023-6129.patch
 # PATCH-FIX-FEDORA Load FIPS the provider and set FIPS properties implicitly
 Patch14:        openssl-Force-FIPS.patch
-# PATCH-FIX-OPENSUSE Define SUSE_OPENSSL_FIPS_VERSION for the FIPS provider
-#Patch15:        openssl-FIPS-SUSE-version.patch
 # PATCH-FIX-FEDORA Embed the FIPS hmac
-Patch16:        openssl-FIPS-embed-hmac.patch
+Patch15:        openssl-FIPS-embed-hmac.patch
 # PATCH-FIX-UPSTREAM: bsc#1218810 CVE-2023-6237: Excessive time spent checking invalid RSA public keys
-Patch17:        openssl-CVE-2023-6237.patch
+Patch16:        openssl-CVE-2023-6237.patch
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(zlib)
 Requires:       libopenssl3 = %{version}-%{release}
--- a/openssl-FIPS-SUSE-version.patch
+++ b/openssl-FIPS-SUSE-version.patch
@ -1,40 +0,0 @@
-Index: openssl-3.2.0/providers/fips/fipsprov.c
-===================================================================
--- openssl-3.2.0.orig/providers/fips/fipsprov.c
-+++ openssl-3.2.0/providers/fips/fipsprov.c
-@@ -199,7 +199,7 @@ static int fips_get_params(void *provctx
-                                               OSSL_LIB_CTX_FIPS_PROV_INDEX);
- 
-     p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
-    if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
-+    if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "SUSE OpenSSL FIPS Provider"))
-         return 0;
-     p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
-     if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
-Index: openssl-3.2.0/include/openssl/opensslv.h.in
-===================================================================
--- openssl-3.2.0.orig/include/openssl/opensslv.h.in
-+++ openssl-3.2.0/include/openssl/opensslv.h.in
-@@ -17,6 +17,9 @@
- extern "C" {
- # endif
- 
-+#define SUSE_OPENSSL_STRING_PARAM_FUNCA(x) #x
-+#define SUSE_OPENSSL_STRING_PARAM_FUNCB(x) SUSE_OPENSSL_STRING_PARAM_FUNCA(x)
-+
- /*
-  * SECTION 1: VERSION DATA.  These will change for each release
-  */
-@@ -87,7 +90,11 @@ extern "C" {
-  * SECTION 4: BACKWARD COMPATIBILITY
-  */
- 
-# define OPENSSL_VERSION_TEXT "OpenSSL {- "$config{full_version} $config{release_date}" -}"
-+# ifndef FIPS_MODULE
-+#  define OPENSSL_VERSION_TEXT "OpenSSL {- "$config{full_version} $config{release_date}" -}"
-+# else
-+#  define OPENSSL_VERSION_TEXT "OpenSSL {- $config{full_version} -}-fips {- $config{release_date} -} SUSE release SUSE_OPENSSL_STRING_PARAM_FUNCB(SUSE_OPENSSL_FIPS_VERSION)"
-+# endif
- 
- /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
- # ifdef OPENSSL_VERSION_PRE_RELEASE