From 55831a17d47a342c33b970e6fe0148fb6f47f57d Mon Sep 17 00:00:00 2001
From: tigro <tigro@msvsphere-os.ru>
Date: Sun, 10 Dec 2023 21:26:39 +0300
Subject: [PATCH] - Update to 3.0.3 - Added scripts for has changing

---
 .gitignore                         |  2 +-
 .openssl-gost-engine.metadata      |  2 +-
 SOURCES/openssl-switch-config.sh   | 44 ++++++++++++++++++++++++++++++
 SOURCES/openssl-switch-passhash.sh | 29 ++++++++++++++++++++
 SPECS/openssl-gost-engine.spec     | 15 ++++++++--
 5 files changed, 88 insertions(+), 4 deletions(-)
 create mode 100644 SOURCES/openssl-switch-config.sh
 create mode 100644 SOURCES/openssl-switch-passhash.sh

diff --git a/.gitignore b/.gitignore
index 56fddcc..fa3dc08 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/openssl-gost-engine-3.0.1.tar.gz
+SOURCES/openssl-gost-engine-3.0.3.tar.gz
diff --git a/.openssl-gost-engine.metadata b/.openssl-gost-engine.metadata
index e9dd4ae..c284d4e 100644
--- a/.openssl-gost-engine.metadata
+++ b/.openssl-gost-engine.metadata
@@ -1 +1 @@
-df784c17971f04765176eb45c512c916d37bdc5b  SOURCES/openssl-gost-engine-3.0.1.tar.gz
+ad1d2bde02260e63bca202d31d5bab4f7fb7d00c  SOURCES/openssl-gost-engine-3.0.3.tar.gz
diff --git a/SOURCES/openssl-switch-config.sh b/SOURCES/openssl-switch-config.sh
new file mode 100644
index 0000000..b8b894e
--- /dev/null
+++ b/SOURCES/openssl-switch-config.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+ENGINE=$1
+
+function gost
+{
+    cp /etc/pki/tls/openssl.cnf /etc/pki/tls/openssl.save
+    sed -i 's/openssl_conf = default_modules/openssl_conf = openssl_def/' /etc/pki/tls/openssl.cnf
+
+    echo '
+[openssl_def]
+engines = engine_section
+
+[engine_section]
+gost = gost_section
+
+[gost_section]
+engine_id = gost
+dynamic_path = /usr/lib64/engines-1.1/gost.so
+default_algorithms = ALL
+CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet' >> /etc/pki/tls/openssl.cnf
+
+    sed -i 's/@SECLEVEL=1:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8/@SECLEVEL=1:aGOST:aGOST01:kGOST:GOST94:GOST89MAC:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8/' /etc/crypto-policies/back-ends/openssl.config
+}
+
+function default
+{
+    mv /etc/pki/tls/openssl.save /etc/pki/tls/openssl.cnf
+
+    sed -i 's/@SECLEVEL=1:aGOST:aGOST01:kGOST:GOST94:GOST89MAC:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8/@SECLEVEL=1:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8/' /etc/crypto-policies/back-ends/openssl.config
+}
+
+case ${ENGINE} in
+"gost")
+    gost
+;;
+
+"default")
+    default
+;;
+*)
+    printf "Must be gost or default\n"
+;;
+esac
diff --git a/SOURCES/openssl-switch-passhash.sh b/SOURCES/openssl-switch-passhash.sh
new file mode 100644
index 0000000..d0a1d64
--- /dev/null
+++ b/SOURCES/openssl-switch-passhash.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+ENGINE=$1
+
+function gost
+{
+    sed -i 's/sha512/gost_yescrypt/' /etc/pam.d/system-auth
+    sed -i 's/sha512/gost_yescrypt/' /etc/pam.d/password-auth
+
+}
+
+function default
+{
+    sed -i 's/gost_yescrypt/sha512/' /etc/pam.d/system-auth
+    sed -i 's/gost_yescrypt/sha512/' /etc/pam.d/password-auth
+}
+
+case ${ENGINE} in
+"gost")
+    gost
+;;
+
+"default")
+    default
+;;
+*)
+    printf "Must be gost or default\n"
+;;
+esac
diff --git a/SPECS/openssl-gost-engine.spec b/SPECS/openssl-gost-engine.spec
index 893fa4a..3a4ecf1 100644
--- a/SPECS/openssl-gost-engine.spec
+++ b/SPECS/openssl-gost-engine.spec
@@ -1,12 +1,14 @@
 Name: openssl-gost-engine
-Version: 3.0.1
-Release: 1%{?dist}
+Version: 3.0.3
+Release: 1%{?dist}.inferit
 
 URL: https://github.com/gost-engine/engine
 License: OpenSSL
 Summary: A reference implementation of the Russian GOST crypto algorithms for OpenSSL
 
 Source: https://github.com/gost-engine/engine/archive/v%{version}/%{name}-%{version}.tar.gz
+Source1: openssl-switch-passhash.sh
+Source2: openssl-switch-config.sh
 Patch1: 01-engine-nowerror.patch
 
 BuildRequires: make
@@ -45,6 +47,9 @@ cp "%{_vpath_builddir}"/bin/gostprov.so %buildroot%_providersdir/
 cp "%{_vpath_builddir}"/bin/gost*sum %buildroot%_bindir/
 cp gost*sum.1 %buildroot%_mandir/man1/
 
+install -m755 %{SOURCE1} %buildroot%_bidnir/openssl-switch-passhash
+install -m755 %{SOURCE2} %buildroot%_bidnir/openssl-switch-config
+
 %check
 # tests currently do not work due to missing crypto-policies support
 exit 0
@@ -56,6 +61,8 @@ OPENSSL_ENGINES="$PWD/%{_vpath_builddir}/bin" \
 	make -C "%{_vpath_builddir}" test ARGS="--verbose"
 
 %files
+%_bindir/openssl-switch-config
+%_bindir/openssl-switch-passhash
 %_enginesdir/gost.so
 %_providersdir/gostprov.so
 %doc %_enginesdir/README.gost
@@ -65,6 +72,10 @@ OPENSSL_ENGINES="$PWD/%{_vpath_builddir}/bin" \
 %_mandir/man1/gost*sum*
 
 %changelog
+* Sun Dec 10 2023 Arkady L. Shane <tigro@msvsphere-os.ru> - 3.0.3-1.inferit
+- Update to 3.0.3
+- Added scripts for hash changing
+
 * Tue Jun 13 2023 Sergey Cherevko <s.cherevko@msvsphere.ru> - 3.0.1-1
 - Rebuilt for MSVSphere 9.2