Rebase to upstream version 3.1.4

Signed-off-by: Sahana Prasad <sahana@redhat.com>

.gitignore

@@ -59,3 +59,4 @@ openssl-1.0.0a-usa.tar.bz2
 /openssl-3.0.8-hobbled.tar.gz
 /openssl-3.0.8.tar.gz
 /openssl-3.1.1.tar.gz
+/openssl-3.1.4.tar.gz

0003-Do-not-install-html-docs.patch

@@ -1,18 +1,22 @@
-From 3d5755df8d09ca841c0aca2d7344db060f6cc97f Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tmraz@fedoraproject.org>
-Date: Thu, 24 Sep 2020 09:05:55 +0200
-Subject: Do not install html docs
+From a3e7963320ba44e96a60b389fccb8e1cccc30674 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Thu, 19 Oct 2023 13:12:39 +0200
+Subject: [PATCH 03/46] 0003-Do-not-install-html-docs.patch
 
-(was openssl-1.1.1-no-html.patch)
+Patch-name: 0003-Do-not-install-html-docs.patch
+Patch-id: 3
+Patch-status: |
+    # # Do not install html docs
+From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911
 ---
  Configurations/unix-Makefile.tmpl | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
-index 342e46d24d..9f369edf0e 100644
+index a48fae5fb8..56b42926e7 100644
 --- a/Configurations/unix-Makefile.tmpl
 +++ b/Configurations/unix-Makefile.tmpl
-@@ -554,7 +554,7 @@ install_sw: install_dev install_engines install_modules install_runtime
+@@ -611,7 +611,7 @@ install_sw: install_dev install_engines install_modules install_runtime
  
  uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev
  
@@ -20,7 +24,7 @@ index 342e46d24d..9f369edf0e 100644
 +install_docs: install_man_docs
  
  uninstall_docs: uninstall_man_docs uninstall_html_docs
- 	$(RM) -r $(DESTDIR)$(DOCDIR)
+ 	$(RM) -r "$(DESTDIR)$(DOCDIR)"
 -- 
-2.26.2
+2.41.0
 

0033-FIPS-embed-hmac.patch

@@ -1,13 +1,13 @@
-From ed02a8b9e767224dc7512a4a176e4aae045b3573 Mon Sep 17 00:00:00 2001
+From e364a858262c8f563954544cc81e66f1b3b8db8c Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
-Date: Mon, 31 Jul 2023 09:41:28 +0200
+Date: Thu, 19 Oct 2023 13:12:40 +0200
 Subject: [PATCH 16/46] 0033-FIPS-embed-hmac.patch
 
 Patch-name: 0033-FIPS-embed-hmac.patch
 Patch-id: 33
 Patch-status: |
-    # Embed HMAC into the fips.so
-From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
+    # # Embed HMAC into the fips.so
+From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911
 ---
  providers/fips/self_test.c            | 70 ++++++++++++++++++++++++---
  test/fipsmodule.cnf                   |  2 +
@@ -21,10 +21,10 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
  create mode 100644 test/fipsmodule.cnf
 
 diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
-index 10804d9f59..5e418a2c11 100644
+index b8dc9817b2..e3a629018a 100644
 --- a/providers/fips/self_test.c
 +++ b/providers/fips/self_test.c
-@@ -231,11 +231,27 @@ err:
+@@ -230,11 +230,27 @@ err:
      return ok;
  }
  
@@ -52,7 +52,7 @@ index 10804d9f59..5e418a2c11 100644
  static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
                              unsigned char *expected, size_t expected_len,
                              OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
-@@ -248,12 +264,23 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
+@@ -247,12 +263,23 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
      EVP_MAC *mac = NULL;
      EVP_MAC_CTX *ctx = NULL;
      OSSL_PARAM params[2], *p = params;
@@ -76,7 +76,7 @@ index 10804d9f59..5e418a2c11 100644
      mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
      if (mac == NULL)
          goto err;
-@@ -267,13 +294,42 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
+@@ -266,13 +293,42 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
      if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params))
          goto err;
  
@@ -121,7 +121,7 @@ index 10804d9f59..5e418a2c11 100644
      if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out)))
          goto err;
  
-@@ -283,6 +339,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
+@@ -282,6 +338,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
          goto err;
      ret = 1;
  err:
@@ -129,8 +129,8 @@ index 10804d9f59..5e418a2c11 100644
      OSSL_SELF_TEST_onend(ev, ret);
      EVP_MAC_CTX_free(ctx);
      EVP_MAC_free(mac);
-@@ -349,8 +406,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
-         CRYPTO_THREAD_unlock(fips_state_lock);
+@@ -335,8 +392,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+         return 0;
      }
  
 -    if (st == NULL
@@ -139,7 +139,7 @@ index 10804d9f59..5e418a2c11 100644
          ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
          goto end;
      }
-@@ -359,8 +415,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+@@ -345,8 +401,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
      if (ev == NULL)
          goto end;
  
@@ -151,7 +151,7 @@ index 10804d9f59..5e418a2c11 100644
      if (module_checksum == NULL) {
          ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
          goto end;
-@@ -434,7 +491,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+@@ -420,7 +477,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
  end:
      EVP_RAND_free(testrand);
      OSSL_SELF_TEST_free(ev);
@@ -207,12 +207,12 @@ index b8b136d110..8242f4ebc3 100644
  # Compatible options for pedantic FIPS compliance
  my @pedantic_okay =
 diff --git a/test/recipes/30-test_defltfips.t b/test/recipes/30-test_defltfips.t
-index 426bd660d1..6dc514936b 100644
+index c8f145405b..56a2ec5dc4 100644
 --- a/test/recipes/30-test_defltfips.t
 +++ b/test/recipes/30-test_defltfips.t
-@@ -21,7 +21,7 @@ BEGIN {
- use lib srctop_dir('Configurations');
- use lib bldtop_dir('.');
+@@ -24,7 +24,7 @@ use lib bldtop_dir('.');
+ plan skip_all => "Configuration loading is turned off"
+     if disabled("autoload-config");
  
 -my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
 +my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0);

0047-FIPS-early-KATS.patch

@@ -1,22 +1,22 @@
-From 0242c0317b7c7874148c456aaab1e8eeb156d7c1 Mon Sep 17 00:00:00 2001
+From ba6e65e2f7e7fe8d9cd62e1e7e345bc41dda424f Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
-Date: Mon, 31 Jul 2023 09:41:28 +0200
-Subject: [PATCH 22/35] 0047-FIPS-early-KATS.patch
+Date: Thu, 19 Oct 2023 13:12:40 +0200
+Subject: [PATCH 21/46] 0047-FIPS-early-KATS.patch
 
 Patch-name: 0047-FIPS-early-KATS.patch
 Patch-id: 47
 Patch-status: |
-    # Execute KATS before HMAC verification
-From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
+    # # Execute KATS before HMAC verification
+From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911
 ---
  providers/fips/self_test.c | 22 ++++++++++------------
  1 file changed, 10 insertions(+), 12 deletions(-)
 
 diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
-index ef56002854..062d9df84a 100644
+index e3a629018a..3c09bd8638 100644
 --- a/providers/fips/self_test.c
 +++ b/providers/fips/self_test.c
-@@ -414,6 +414,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+@@ -401,6 +401,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
      if (ev == NULL)
          goto end;
  
@@ -33,7 +33,7 @@ index ef56002854..062d9df84a 100644
      module_checksum = fips_hmac_container;
      checksum_len = sizeof(fips_hmac_container);
  
-@@ -464,18 +474,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+@@ -451,18 +461,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
          }
      }
  
@@ -50,8 +50,8 @@ index ef56002854..062d9df84a 100644
 -    }
 -
      /* Verify that the RNG has been restored properly */
-     testrand = EVP_RAND_fetch(st->libctx, "TEST-RAND", NULL);
-     if (testrand == NULL
+     rng = ossl_rand_get0_private_noncreating(st->libctx);
+     if (rng != NULL)
 -- 
 2.41.0
 

0079-RSA-PKCS15-implicit-rejection.patch

@@ -1,13 +1,13 @@
-From a0d7a92474123c1fb11e13491d2d37f6c43321b0 Mon Sep 17 00:00:00 2001
+From a4ca1cac6b38efe0de1d8afb506cea29f8c60aec Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
-Date: Mon, 31 Jul 2023 09:41:29 +0200
-Subject: [PATCH 35/48] 0079-RSA-PKCS15-implicit-rejection.patch
+Date: Thu, 19 Oct 2023 13:12:41 +0200
+Subject: [PATCH 34/46] 0079-RSA-PKCS15-implicit-rejection.patch
 
 Patch-name: 0079-RSA-PKCS15-implicit-rejection.patch
 Patch-id: 79
 Patch-status: |
-    # https://github.com/openssl/openssl/pull/13817
-From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
+    # # https://github.com/openssl/openssl/pull/13817
+From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911
 ---
  crypto/cms/cms_env.c                          |   7 +
  crypto/evp/ctrl_params_translate.c            |   6 +
@@ -30,10 +30,10 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
  18 files changed, 962 insertions(+), 8 deletions(-)
 
 diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
-index 3105d37726..58d44e1940 100644
+index 99cf1dcb39..730f638969 100644
 --- a/crypto/cms/cms_env.c
 +++ b/crypto/cms/cms_env.c
-@@ -571,6 +571,13 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
+@@ -590,6 +590,13 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
      if (!ossl_cms_env_asn1_ctrl(ri, 1))
          goto err;
  
@@ -48,12 +48,12 @@ index 3105d37726..58d44e1940 100644
                           ktri->encryptedKey->data,
                           ktri->encryptedKey->length) <= 0)
 diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
-index d6f8a10840..51f9a2da57 100644
+index 80947b0932..b10ba41e85 100644
 --- a/crypto/evp/ctrl_params_translate.c
 +++ b/crypto/evp/ctrl_params_translate.c
-@@ -2256,6 +2256,12 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
+@@ -2265,6 +2265,12 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
        EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, NULL, NULL,
-       OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_STRING, NULL },
+       OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_PTR, NULL },
  
 +    { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT,
 +      EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION, NULL,
@@ -515,7 +515,7 @@ index 51507fc030..5cd2b26879 100644
   * ossl_rsa_padding_check_PKCS1_type_2_TLS() checks and removes the PKCS1 type 2
   * padding from a decrypted RSA message in a TLS signature. The result is stored
 diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
-index 44c819a5c3..6556a9ad28 100644
+index 0bf5ac098a..81b031f81b 100644
 --- a/crypto/rsa/rsa_pmeth.c
 +++ b/crypto/rsa/rsa_pmeth.c
 @@ -52,6 +52,8 @@ typedef struct {
@@ -565,7 +565,7 @@ index 44c819a5c3..6556a9ad28 100644
      }
      *outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret);
      ret = constant_time_select_int(constant_time_msb(ret), ret, 1);
-@@ -587,6 +597,14 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+@@ -591,6 +601,14 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
          *(unsigned char **)p2 = rctx->oaep_label;
          return rctx->oaep_labellen;
  
@@ -614,7 +614,7 @@ index b0054ead66..dd87829798 100644
  
  =head1 RSA-PSS ALGORITHM
 diff --git a/doc/man1/openssl-rsautl.pod.in b/doc/man1/openssl-rsautl.pod.in
-index 186e49e5e4..eab34979de 100644
+index 0a32fd965b..4c462abc8c 100644
 --- a/doc/man1/openssl-rsautl.pod.in
 +++ b/doc/man1/openssl-rsautl.pod.in
 @@ -105,6 +105,11 @@ The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
@@ -762,10 +762,10 @@ index 949873d0ee..f267e5d9d1 100644
                                              size_t tlen,
                                              const unsigned char *from,
 diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
-index b431b9f871..f185bc9342 100644
+index 6248dda659..300d1129a4 100644
 --- a/include/openssl/core_names.h
 +++ b/include/openssl/core_names.h
-@@ -296,6 +296,7 @@ extern "C" {
+@@ -297,6 +297,7 @@ extern "C" {
  #define OSSL_PKEY_PARAM_DIST_ID             "distid"
  #define OSSL_PKEY_PARAM_PUB_KEY             "pub"
  #define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
@@ -773,7 +773,7 @@ index b431b9f871..f185bc9342 100644
  
  /* Diffie-Hellman/DSA Parameters */
  #define OSSL_PKEY_PARAM_FFC_P               "p"
-@@ -472,6 +473,7 @@ extern "C" {
+@@ -473,6 +474,7 @@ extern "C" {
  #define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
  #define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
  #define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"

openssl.spec

@@ -28,8 +28,8 @@ print(string.sub(hash, 0, 16))
 
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
-Version: 3.1.1
-Release: 4%{?dist}
+Version: 3.1.4
+Release: 1%{?dist}
 Epoch: 1
 Source: openssl-%{version}.tar.gz
 Source2: Makefile.certificate
@@ -478,6 +478,12 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs
 
 %changelog
+* Thu Oct 26 2023 Sahana Prasad <sahana@redhat.com> - 1:3.1.4-1
+- Rebase to upstream version 3.1.4
+
+* Thu Oct 19 2023 Sahana Prasad <sahana@redhat.com> - 1:3.1.3-1
+- Rebase to upstream version 3.1.3
+
 * Thu Aug 31 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.1.1-4
 - Drop duplicated patch and do some contamination
 

sources

@@ -1 +1 @@
-SHA512 (openssl-3.1.1.tar.gz) = 8ba9dd6ab87451e126c19cc106ccd1643ca48667d6c37504d0ab98205fbccf855fd0db54474b4113c4c3a15215a4ef77a039fb897a69f71bcab2054b2effd1d9
+SHA512 (openssl-3.1.4.tar.gz) = 4cd204b934cf3250dad985438d7ffd98e17f5d79086b379a0022d92c66e340b0b3a0357aaf606004d7f50cfc4c8964ac34c45d7cb0735cfa68f4fec65bd9d18f