- Update to 3.0.3

- Added scripts for has changing

.gitignore

@@ -1 +1 @@
-SOURCES/openssl-gost-engine-3.0.1.tar.gz
+SOURCES/openssl-gost-engine-3.0.3.tar.gz

.openssl-gost-engine.metadata

@@ -1 +1 @@
-df784c17971f04765176eb45c512c916d37bdc5b  SOURCES/openssl-gost-engine-3.0.1.tar.gz
+ad1d2bde02260e63bca202d31d5bab4f7fb7d00c  SOURCES/openssl-gost-engine-3.0.3.tar.gz

SOURCES/openssl-switch-config.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+
+ENGINE=$1
+
+function gost
+{
+    cp /etc/pki/tls/openssl.cnf /etc/pki/tls/openssl.save
+    sed -i 's/openssl_conf = default_modules/openssl_conf = openssl_def/' /etc/pki/tls/openssl.cnf
+
+    echo '
+[openssl_def]
+engines = engine_section
+
+[engine_section]
+gost = gost_section
+
+[gost_section]
+engine_id = gost
+dynamic_path = /usr/lib64/engines-1.1/gost.so
+default_algorithms = ALL
+CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet' >> /etc/pki/tls/openssl.cnf
+
+    sed -i 's/@SECLEVEL=1:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8/@SECLEVEL=1:aGOST:aGOST01:kGOST:GOST94:GOST89MAC:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8/' /etc/crypto-policies/back-ends/openssl.config
+}
+
+function default
+{
+    mv /etc/pki/tls/openssl.save /etc/pki/tls/openssl.cnf
+
+    sed -i 's/@SECLEVEL=1:aGOST:aGOST01:kGOST:GOST94:GOST89MAC:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8/@SECLEVEL=1:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8/' /etc/crypto-policies/back-ends/openssl.config
+}
+
+case ${ENGINE} in
+"gost")
+    gost
+;;
+
+"default")
+    default
+;;
+*)
+    printf "Must be gost or default\n"
+;;
+esac

SOURCES/openssl-switch-passhash.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+ENGINE=$1
+
+function gost
+{
+    sed -i 's/sha512/gost_yescrypt/' /etc/pam.d/system-auth
+    sed -i 's/sha512/gost_yescrypt/' /etc/pam.d/password-auth
+
+}
+
+function default
+{
+    sed -i 's/gost_yescrypt/sha512/' /etc/pam.d/system-auth
+    sed -i 's/gost_yescrypt/sha512/' /etc/pam.d/password-auth
+}
+
+case ${ENGINE} in
+"gost")
+    gost
+;;
+
+"default")
+    default
+;;
+*)
+    printf "Must be gost or default\n"
+;;
+esac

SPECS/openssl-gost-engine.spec

@@ -1,12 +1,14 @@
 Name: openssl-gost-engine
-Version: 3.0.1
+Version: 3.0.3
-Release: 1%{?dist}
+Release: 1%{?dist}.inferit
 
 URL: https://github.com/gost-engine/engine
 License: OpenSSL
 Summary: A reference implementation of the Russian GOST crypto algorithms for OpenSSL
 
 Source: https://github.com/gost-engine/engine/archive/v%{version}/%{name}-%{version}.tar.gz
+Source1: openssl-switch-passhash.sh
+Source2: openssl-switch-config.sh
 Patch1: 01-engine-nowerror.patch
 
 BuildRequires: make
@@ -45,6 +47,9 @@ cp "%{_vpath_builddir}"/bin/gostprov.so %buildroot%_providersdir/
 cp "%{_vpath_builddir}"/bin/gost*sum %buildroot%_bindir/
 cp gost*sum.1 %buildroot%_mandir/man1/
 
+install -m755 %{SOURCE1} %buildroot%_bidnir/openssl-switch-passhash
+install -m755 %{SOURCE2} %buildroot%_bidnir/openssl-switch-config
+
 %check
 # tests currently do not work due to missing crypto-policies support
 exit 0
@@ -56,6 +61,8 @@ OPENSSL_ENGINES="$PWD/%{_vpath_builddir}/bin" \
 	make -C "%{_vpath_builddir}" test ARGS="--verbose"
 
 %files
+%_bindir/openssl-switch-config
+%_bindir/openssl-switch-passhash
 %_enginesdir/gost.so
 %_providersdir/gostprov.so
 %doc %_enginesdir/README.gost
@@ -65,6 +72,10 @@ OPENSSL_ENGINES="$PWD/%{_vpath_builddir}/bin" \
 %_mandir/man1/gost*sum*
 
 %changelog
+* Sun Dec 10 2023 Arkady L. Shane <tigro@msvsphere-os.ru> - 3.0.3-1.inferit
+- Update to 3.0.3
+- Added scripts for hash changing
+
 * Tue Jun 13 2023 Sergey Cherevko <s.cherevko@msvsphere.ru> - 3.0.1-1
 - Rebuilt for MSVSphere 9.2