[rpms/openssl] rebase_40beta: Ensure that the checksum of the fips provider is calculated correctly

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

From: Dmitry Belyavskiy <dbelyavs@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/openssl] rebase_40beta: Ensure that the checksum of the fips provider is calculated correctly
Date: Tue, 09 Jun 2026 12:45:26 GMT	[thread overview]
Message-ID: <178100912645.1.3507734444834435725.rpms-openssl-10959c52d0bb@fedoraproject.org> (raw)

            A new commit has been pushed.

            Repo   : rpms/openssl
            Branch : rebase_40beta
            Commit : 10959c52d0bb56c9423ac574c08234321ca80a8d
            Author : Dmitry Belyavskiy <dbelyavs@redhat.com>
            Date   : 2025-01-08T16:07:19+01:00
            Stats  : +13/-1 in 1 file(s)
            URL    : https://src.fedoraproject.org/rpms/openssl/c/10959c52d0bb56c9423ac574c08234321ca80a8d?branch=rebase_40beta

            Log:
            Ensure that the checksum of the fips provider is calculated correctly

Resolves: rhbz#2335414

---
diff --git a/openssl.spec b/openssl.spec
index 7dada25..3131e6e 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.2.2
-Release: 10%{?dist}
+Release: 11%{?dist}
 Epoch: 1
 Source: openssl-%{version}.tar.gz
 Source2: Makefile.certificate
@@ -378,6 +378,10 @@ export OPENSSL_ENABLE_SHA1_SIGNATURES
 OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
 export OPENSSL_SYSTEM_CIPHERS_OVERRIDE
 #embed HMAC into fips provider for test run
+dd if=/dev/zero bs=1 count=32 of=tmp.mac
+objcopy --update-section .rodata1=tmp.mac providers/fips.so providers/fips.so.zeromac
+mv providers/fips.so.zeromac providers/fips.so
+rm tmp.mac
 LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < providers/fips.so > providers/fips.so.hmac
 objcopy --update-section .rodata1=providers/fips.so.hmac providers/fips.so providers/fips.so.mac
 mv providers/fips.so.mac providers/fips.so
@@ -399,6 +403,10 @@ make test HARNESS_JOBS=8
     %{?__debug_package:%{__debug_install_post}} \
     %{__arch_install_post} \
     %{__os_install_post} \
+    dd if=/dev/zero bs=1 count=32 of=$RPM_BUILD_ROOT%{_libdir}/ossl-modules/tmp.mac \
+    objcopy --update-section .rodata1=$RPM_BUILD_ROOT%{_libdir}/ossl-modules/tmp.mac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.zeromac \
+    mv $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.zeromac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so \
+    rm $RPM_BUILD_ROOT%{_libdir}/ossl-modules/tmp.mac \
     OPENSSL_CONF=/dev/null LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so > $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \
     objcopy --update-section .rodata1=$RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac \
     mv $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so \
@@ -549,6 +557,10 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
 %ldconfig_scriptlets libs
 
 %changelog
+* Wed Jan 08 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-11
+- Ensure that the checksum of the fips provider is calculated correctly
+  Resolves: rhbz#2335414
+
 * Thu Jan 02 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-10
 - Fix provider no_cache behaviour

                 reply	other threads:[~2026-06-09 12:45 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=178100912645.1.3507734444834435725.rpms-openssl-10959c52d0bb@fedoraproject.org \
    --to=dbelyavs@redhat.com \
    --cc=git-commits@fedoraproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox