pool/openssl-3
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 964296 from security:tls

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/964296
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-3?expand=0&rev=3
This commit is contained in:
Dominique Leuenberger 2022-03-23 19:19:11 +00:00 committed by Git OBS Bridge
commit 896b1d2d57
3 changed files with 29 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
openssl-3.changes
View File

@ -1,3 +1,16 @@
-------------------------------------------------------------------
Sat Mar 19 10:05:22 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
- Enable zlib compression support [bsc#1195149]
-------------------------------------------------------------------
Fri Mar 18 22:27:34 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
- Add crypto-policies support.
* Fix some tests that couldn't find the openssl3.cnf location
* Rebase patch:
openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
-------------------------------------------------------------------
Tue Mar 15 17:41:47 UTC 2022 - Pedro Monreal <pmonreal@suse.com>

24
openssl-3.spec
View File

@ -49,8 +49,12 @@ Patch8: openssl-Override-default-paths-for-the-CA-directory-tree.patch
Patch9: openssl-use-versioned-config.patch
Patch10: fix-config-in-tests.patch
BuildRequires: pkgconfig
BuildRequires: pkgconfig(zlib)
# Add requires for ct_log_list.cnf{,.dist}
Requires: openssl
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
Requires: crypto-policies
%endif
%description
OpenSSL is a software library to be used in applications that need to
@ -60,6 +64,9 @@ OpenSSL contains an implementation of the SSL and TLS protocols.
%package -n libopenssl3
Summary: Secure Sockets and Transport Layer Security
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
Requires: crypto-policies
%endif
Recommends: ca-certificates-mozilla
%description -n libopenssl3
@ -71,6 +78,7 @@ OpenSSL contains an implementation of the SSL and TLS protocols.
%package -n libopenssl-3-devel
Summary: Development files for OpenSSL
Requires: libopenssl3 = %{version}
Requires: pkgconfig(zlib)
Recommends: %{name} = %{version}
# We need to have around only the exact version we are able to operate with
Conflicts: libopenssl-devel < %{version}
@ -112,6 +120,7 @@ export MACHINE=armv6l
enable-ec_nistp_64_gcc_128 \
%endif
enable-camellia \
zlib \
--prefix=%{_prefix} \
--libdir=%{_lib} \
--openssldir=%{ssletcdir} \
@ -125,7 +134,8 @@ export MACHINE=armv6l
-DOPENSSL_NO_BUF_FREELISTS \
$(getconf LFS_CFLAGS) \
-Wall \
--with-rand-seed=getrandom
--with-rand-seed=getrandom \
--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config
# Show build configuration
perl configdata.pm --dump
@ -135,16 +145,14 @@ perl configdata.pm --dump
%make_build all
%check
# We must revert patch8 before running tests, otherwise they will fail.
patch -p1 -R < %{P:8}
export MALLOC_CHECK_=3
export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
# export HARNESS_VERBOSE=yes
LD_LIBRARY_PATH="$PWD" make TESTS='-test_req\
-test_verify_store\
-test_evp_fetch_prov\
-test_ca\
-test_ssl_old\
-test_tsa'\
test -j1
LD_LIBRARY_PATH="$PWD" make TESTS='-test_evp_fetch_prov -test_tsa' test -j1
# show ciphers
gcc -o showciphers %{optflags} -I%{buildroot}%{_includedir} %{SOURCE5} -L%{buildroot}%{_libdir} -lssl -lcrypto
LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./showciphers

8
openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
View File

@ -216,14 +216,6 @@ Index: openssl-3.0.1/ssl/ssl_ciph.c
/* Add TLSv1.3 ciphers first - we always prefer those if possible */
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i);
@@ -1656,6 +1713,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
if (!sk_SSL_CIPHER_push(cipherstack, sslc)) {
OPENSSL_free(co_list);
sk_SSL_CIPHER_free(cipherstack);
+ OPENSSL_free(co_list);
return NULL;
}
}
@@ -1690,6 +1748,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
*cipher_list = cipherstack;