[rpms/openssl] rebase_40beta: Multiple fixes

[Tomas Mraz <tmraz@fedoraproject.org>]

            A new commit has been pushed.

            Repo   : rpms/openssl
            Branch : rebase_40beta
            Commit : 90121b0c9d9f2dd632533e6e51bc7bc3e2550e3c
            Author : Tomas Mraz <tmraz@fedoraproject.org>
            Date   : 2018-09-06T13:48:54+02:00
            Stats  : +24/-3 in 2 file(s)
            URL    : https://src.fedoraproject.org/rpms/openssl/c/90121b0c9d9f2dd632533e6e51bc7bc3e2550e3c?branch=rebase_40beta

            Log:
            Multiple fixes

do not try to initialize RNG in cleanup if it was not initialized
  before (#1624554)
use only /dev/urandom if getrandom() is not available
disable SM4

---
diff --git a/openssl-1.1.1-rand-cleanup.patch b/openssl-1.1.1-rand-cleanup.patch
new file mode 100644
index 0000000..5f886c5
--- /dev/null
+++ b/openssl-1.1.1-rand-cleanup.patch
@@ -0,0 +1,13 @@
+diff -up openssl-1.1.1-pre9/crypto/rand/rand_lib.c.rand-cleanup openssl-1.1.1-pre9/crypto/rand/rand_lib.c
+--- openssl-1.1.1-pre9/crypto/rand/rand_lib.c.rand-cleanup	2018-09-06 08:18:19.481566808 +0200
++++ openssl-1.1.1-pre9/crypto/rand/rand_lib.c	2018-09-06 13:28:32.531777065 +0200
+@@ -353,7 +353,8 @@ void rand_cleanup_int(void)
+     if (meth != NULL && meth->cleanup != NULL)
+         meth->cleanup();
+     rand_pool_cleanup();
+-    RAND_set_rand_method(NULL);
++    if (meth != NULL)
++        RAND_set_rand_method(NULL);
+ #ifndef OPENSSL_NO_ENGINE
+     CRYPTO_THREAD_lock_free(rand_engine_lock);
+     rand_engine_lock = NULL;

diff --git a/openssl.spec b/openssl.spec
index f3fdd2a..b20e505 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -24,7 +24,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.1.1
-Release: 0.%{prerelease}.2%{?dist}
+Release: 0.%{prerelease}.3%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -59,6 +59,7 @@ Patch42: openssl-1.1.1-fips.patch
 Patch43: openssl-1.1.1-ignore-bound.patch
 Patch44: openssl-1.1.1-version-override.patch
 Patch45: openssl-1.1.0-weak-ciphers.patch
+Patch46: openssl-1.1.1-rand-cleanup.patch
 # Backported fixes including security fixes
 Patch70: openssl-1.1.1-seclevel-check.patch
 
@@ -162,6 +163,7 @@ cp %{SOURCE13} test/
 %patch43 -p1 -b .ignore-bound
 %patch44 -p1 -b .version-override
 %patch45 -p1 -b .weak-ciphers
+%patch46 -p1 -b .rand-cleanup
 
 %patch70 -p1 -b .seclevel-check
 
@@ -243,8 +245,8 @@ export HASHBANGPERL=/usr/bin/perl
 	zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
 	enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \
 	enable-weak-ssl-ciphers \
-	no-mdc2 no-ec2m no-sm2 \
-	shared  ${sslarch} $RPM_OPT_FLAGS
+	no-mdc2 no-ec2m no-sm2 no-sm4 \
+	shared  ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""'
 
 # Do not run this in a production package the FIPS symbols must be patched-in
 #util/mkdef.pl crypto update
@@ -451,6 +453,12 @@ export LD_LIBRARY_PATH
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Thu Sep  6 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-0.pre9.3
+- do not try to initialize RNG in cleanup if it was not initialized
+  before (#1624554)
+- use only /dev/urandom if getrandom() is not available
+- disable SM4
+
 * Wed Aug 29 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-0.pre9.2
 - fix dangling symlinks to manual pages
 - make SSLv3_method work