pool/openssl-3
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=86

Browse Source
This commit is contained in:
Otto Hollmann 2024-01-18 16:11:44 +00:00 committed by Git OBS Bridge
parent 7957f2e845
commit 376f963558
3 changed files with 2 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
openssl-3.changes
View File

@ -16,12 +16,6 @@ Sat Jan 13 23:59:27 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Embed the FIPS hmac. Add openssl-FIPS-embed-hmac.patch - Embed the FIPS hmac. Add openssl-FIPS-embed-hmac.patch
-------------------------------------------------------------------
Sat Jan 13 22:52:50 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Define SUSE_OPENSSL_FIPS_VERSION for the FIPS provider
* Add openssl-FIPS-SUSE-version.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Sat Jan 13 22:31:15 UTC 2024 - Pedro Monreal <pmonreal@suse.com> Sat Jan 13 22:31:15 UTC 2024 - Pedro Monreal <pmonreal@suse.com>

6
openssl-3.spec
View File

@ -59,12 +59,10 @@ Patch12: openssl-Enable-BTI-feature-for-md5-on-aarch64.patch
Patch13: openssl-CVE-2023-6129.patch Patch13: openssl-CVE-2023-6129.patch
# PATCH-FIX-FEDORA Load FIPS the provider and set FIPS properties implicitly # PATCH-FIX-FEDORA Load FIPS the provider and set FIPS properties implicitly
Patch14: openssl-Force-FIPS.patch Patch14: openssl-Force-FIPS.patch
# PATCH-FIX-OPENSUSE Define SUSE_OPENSSL_FIPS_VERSION for the FIPS provider
#Patch15: openssl-FIPS-SUSE-version.patch
# PATCH-FIX-FEDORA Embed the FIPS hmac # PATCH-FIX-FEDORA Embed the FIPS hmac
Patch16: openssl-FIPS-embed-hmac.patch Patch15: openssl-FIPS-embed-hmac.patch
# PATCH-FIX-UPSTREAM: bsc#1218810 CVE-2023-6237: Excessive time spent checking invalid RSA public keys # PATCH-FIX-UPSTREAM: bsc#1218810 CVE-2023-6237: Excessive time spent checking invalid RSA public keys
Patch17: openssl-CVE-2023-6237.patch Patch16: openssl-CVE-2023-6237.patch
BuildRequires: pkgconfig BuildRequires: pkgconfig
BuildRequires: pkgconfig(zlib) BuildRequires: pkgconfig(zlib)
Requires: libopenssl3 = %{version}-%{release} Requires: libopenssl3 = %{version}-%{release}

40
openssl-FIPS-SUSE-version.patch
View File

@ -1,40 +0,0 @@
Index: openssl-3.2.0/providers/fips/fipsprov.c
===================================================================
--- openssl-3.2.0.orig/providers/fips/fipsprov.c
+++ openssl-3.2.0/providers/fips/fipsprov.c
@@ -199,7 +199,7 @@ static int fips_get_params(void *provctx
OSSL_LIB_CTX_FIPS_PROV_INDEX);
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "SUSE OpenSSL FIPS Provider"))
return 0;
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
Index: openssl-3.2.0/include/openssl/opensslv.h.in
===================================================================
--- openssl-3.2.0.orig/include/openssl/opensslv.h.in
+++ openssl-3.2.0/include/openssl/opensslv.h.in
@@ -17,6 +17,9 @@
extern "C" {
# endif
+#define SUSE_OPENSSL_STRING_PARAM_FUNCA(x) #x
+#define SUSE_OPENSSL_STRING_PARAM_FUNCB(x) SUSE_OPENSSL_STRING_PARAM_FUNCA(x)
+
/*
* SECTION 1: VERSION DATA. These will change for each release
*/
@@ -87,7 +90,11 @@ extern "C" {
* SECTION 4: BACKWARD COMPATIBILITY
*/
-# define OPENSSL_VERSION_TEXT "OpenSSL {- "$config{full_version} $config{release_date}" -}"
+# ifndef FIPS_MODULE
+# define OPENSSL_VERSION_TEXT "OpenSSL {- "$config{full_version} $config{release_date}" -}"
+# else
+# define OPENSSL_VERSION_TEXT "OpenSSL {- $config{full_version} -}-fips {- $config{release_date} -} SUSE release SUSE_OPENSSL_STRING_PARAM_FUNCB(SUSE_OPENSSL_FIPS_VERSION)"
+# endif
/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
# ifdef OPENSSL_VERSION_PRE_RELEASE