diff --git a/0001-gost-restore-CMS-support.patch b/0001-gost-restore-CMS-support.patch new file mode 100644 index 0000000..4314d2f --- /dev/null +++ b/0001-gost-restore-CMS-support.patch @@ -0,0 +1,65 @@ +From 6baa93be806961444d000337366b8ede5deb1c8d Mon Sep 17 00:00:00 2001 +From: Dmitry Baryshkov +Date: Thu, 19 Mar 2020 18:13:42 +0300 +Subject: [PATCH] gost: restore CMS support + +Restore CMS support dropped few years ago when CMS support was removed +from LibreSSL. + +Signed-off-by: Dmitry Baryshkov +--- + src/lib/libcrypto/gost/gostr341001_ameth.c | 14 ++++++++++++++ + src/lib/libcrypto/gost/gostr341001_pmeth.c | 5 +++++ + 2 files changed, 19 insertions(+) + +diff --git a/src/lib/libcrypto/gost/gostr341001_ameth.c b/src/lib/libcrypto/gost/gostr341001_ameth.c +index 6886859fa..087042f0a 100644 +--- a/src/lib/libcrypto/gost/gostr341001_ameth.c ++++ b/src/lib/libcrypto/gost/gostr341001_ameth.c +@@ -59,6 +59,9 @@ + #include + #include + #include ++#ifndef OPENSSL_NO_CMS ++#include ++#endif + #include + + +@@ -749,6 +752,17 @@ pkey_ctrl_gost01(EVP_PKEY *pkey, int op, long arg1, void *arg2) + PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2); + break; + ++#ifndef OPENSSL_NO_CMS ++ case ASN1_PKEY_CTRL_CMS_SIGN: ++ if (arg1 == 0) ++ CMS_SignerInfo_get0_algs(arg2, NULL, NULL, ++ &alg1, &alg2); ++ return 1; ++ case ASN1_PKEY_CTRL_CMS_ENVELOPE: ++ if (arg1 == 0) ++ CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg3); ++ break; ++#endif + case ASN1_PKEY_CTRL_PKCS7_ENCRYPT: + if (arg1 == 0) + PKCS7_RECIP_INFO_get0_alg(arg2, &alg3); +diff --git a/src/lib/libcrypto/gost/gostr341001_pmeth.c b/src/lib/libcrypto/gost/gostr341001_pmeth.c +index 0e0cae99e..cacbf3de9 100644 +--- a/src/lib/libcrypto/gost/gostr341001_pmeth.c ++++ b/src/lib/libcrypto/gost/gostr341001_pmeth.c +@@ -587,6 +587,11 @@ pkey_gost01_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + case EVP_PKEY_CTRL_PKCS7_DECRYPT: + case EVP_PKEY_CTRL_PKCS7_SIGN: + case EVP_PKEY_CTRL_DIGESTINIT: ++#ifndef OPENSSL_NO_CMS ++ case EVP_PKEY_CTRL_CMS_ENCRYPT: ++ case EVP_PKEY_CTRL_CMS_DECRYPT: ++ case EVP_PKEY_CTRL_CMS_SIGN: ++#endif + return 1; + + case EVP_PKEY_CTRL_GOST_PARAMSET: +-- +2.20.1 + diff --git a/libressl.spec b/libressl.spec index d5de701..422631d 100644 --- a/libressl.spec +++ b/libressl.spec @@ -63,7 +63,7 @@ Summary: LibreSSL utils and libs coexisting with OpenSSL Name: libressl Version: %{base_version}.git%{git_date} -Release: 24 +Release: 25 # The code is distributed under ISC license except of original OpenSSL code License: ISC and BSD-like Group: System/Base @@ -81,12 +81,14 @@ Url: http://libressl.org # - libressl-portable/openbsd commit 1203000a #Source0: http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-%{version}.tar.gz Source0: libressl-%{version}.tar.gz -# TODO: add printing config location to `openssl version` -Source1: 0001-Allow-custom-config-location.patch Source10: libressl.rpmlintrc +# TODO: add printing config location to `openssl version` +Patch1: 0001-Allow-custom-config-location.patch # If both openssl and libressl libraries are loaded into one runtime, # versioning their symbols will or may allow them to coexist Patch2: SUSE-extra-symver.patch +# https://github.com/GostCrypt/libressl-openbsd/tree/gost-new +Patch3: 0001-gost-restore-CMS-support.patch # From https://www.mitchr.me/SS/exampleCode/openssl.html Source20: test.c Source22: test2.c @@ -206,7 +208,6 @@ pkg-config sets -I%{_libdir} in CFLAGS. %package -n ocspcheck Summary: Utility to validate certificates Group: System/Base -Autoreq: 1 %description -n ocspcheck Utility to validate a certificate against its OCSP responder and @@ -259,11 +260,15 @@ capabilities. %patch2 -p1 # Patch is against gits https://github.com/libressl-portable/ # Release tarball is packaged in a tricky way -cat %{SOURCE1} | sed \ +cat %{PATCH1} | sed \ -e 's,src/lib/libcrypto/,crypto/,g' \ -e 's,src/usr.bin/openssl/,apps/openssl/,g' \ > 1.patch patch -p1 < 1.patch +cat %{PATCH3} | sed \ + -e 's,src/lib/libcrypto/,crypto/,g' \ + > 3.patch +patch -p1 < 3.patch %build %setup_compile_flags