Accepting request 842137 from home:pmonrealgonzalez:branches:security:tls

- Fix build on ppc* architectures
  * Tests failing: 30-test_acvp.t and 30-test_evp.t
  * https://github.com/openssl/openssl/pull/13133
- Add openssl-AES_XTS.patch ppc64, ppc64le and aarch64

- Re-enable test 81-test_cmp_cli.t fixed upstream

OBS-URL: https://build.opensuse.org/request/show/842137
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=18

openssl-3.changes

@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Fri Oct 16 10:58:53 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
+
+- Fix build on ppc* architectures
+  * Tests failing: 30-test_acvp.t and 30-test_evp.t
+  * https://github.com/openssl/openssl/pull/13133
+- Add openssl-AES_XTS.patch ppc64, ppc64le and aarch64
+
+-------------------------------------------------------------------
+Fri Oct 16 08:43:10 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
+
+- Re-enable test 81-test_cmp_cli.t fixed upstream
+
 -------------------------------------------------------------------
 Thu Oct 15 16:44:44 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
 

openssl-3.spec

@@ -45,6 +45,10 @@ Patch3:         openssl-pkgconfig.patch
 Patch4:         openssl-DEFAULT_SUSE_cipher.patch
 Patch5:         openssl-ppc64-config.patch
 Patch6:         openssl-no-date.patch
+%ifarch aarch64 ppc ppc64 ppc64le
+# PATCH-FIX-UPSTREAM: https://github.com/openssl/openssl/pull/13133
+Patch7:         openssl-AES_XTS.patch
+%endif
 BuildRequires:  pkgconfig
 Conflicts:      ssl
 Provides:       ssl
@@ -138,17 +142,16 @@ export MACHINE=armv6l
 # Show build configuration
 perl configdata.pm --dump
 
-#util/mkdef.pl crypto update
+# util/mkdef.pl crypto update
 %make_build depend
 %make_build all
 
 %check
 export MALLOC_CHECK_=3
 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
-# Disable broken test (needs lsof) https://github.com/openssl/openssl/issues/12324
-rm test/recipes/81-test_cmp_cli.t
+# export HARNESS_VERBOSE=yes
 LD_LIBRARY_PATH="$PWD" make test -j1
-# show cyphers
+# show ciphers
 gcc -o showciphers %{optflags} -I%{buildroot}%{_includedir} %{SOURCE5} -L%{buildroot}%{_libdir} -lssl -lcrypto
 LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./showciphers
 
@@ -168,7 +171,7 @@ pushd %{buildroot}/%{_mandir}
 find . -type f -exec chmod 644 {} +
 # some man pages now contain spaces. This makes several scripts go havoc, among them /usr/sbin/Check.
 # replace spaces by underscores
-#for i in man?/*\ *; do mv -v "$i" "${i// /_}"; done
+# for i in man?/*\ *; do mv -v "$i" "${i// /_}"; done
 which readlink &>/dev/null || function readlink { ( set +x; target=$(file $1 2>/dev/null); target=${target//* }; test -f $target && echo $target; ) }
 for i in man?/*; do
   if test -L $i ; then

openssl-AES_XTS.patch

@@ -0,0 +1,25 @@
+From 6764a541d7a743ca8a0fa8631d088b418af0f834 Mon Sep 17 00:00:00 2001
+From: XiaokangQian <xiaokang.qian@arm.com>
+Date: Tue, 13 Oct 2020 09:53:58 +0000
+Subject: [PATCH] Fix Aes-xts potential failure on aarch64
+
+Add return value for aarch64 in the init key function.
+This will avoid overwriting the stream pointers of aarch64.
+
+Change-Id: Ia48b1e1d3914dcc5e677e88e4279963fdd0728ba
+---
+ providers/implementations/ciphers/cipher_aes_xts_hw.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/providers/implementations/ciphers/cipher_aes_xts_hw.c b/providers/implementations/ciphers/cipher_aes_xts_hw.c
+index 15c136bafd8c..c45d67b825b1 100644
+--- a/providers/implementations/ciphers/cipher_aes_xts_hw.c
++++ b/providers/implementations/ciphers/cipher_aes_xts_hw.c
+@@ -59,6 +59,7 @@ static int cipher_hw_aes_xts_generic_initkey(PROV_CIPHER_CTX *ctx,
+         XTS_SET_KEY_FN(HWAES_set_encrypt_key, HWAES_set_decrypt_key,
+                        HWAES_encrypt, HWAES_decrypt,
+                        stream_enc, stream_dec);
++        return 1;
+     } else
+ #endif /* HWAES_CAPABLE */
+