From 9422ae52de9e32f081cf804d0ed6f9dedb748844 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Tue, 23 Nov 2021 14:45:25 +0100
Subject: [PATCH] Always activate default provider via config

Related: rhbz#1985362
---
 0024-load-legacy-prov.patch |  8 ++++----
 0025-for-tests.patch        | 18 ++++++++++++++++++
 openssl.spec                |  3 +++
 3 files changed, 25 insertions(+), 4 deletions(-)
 create mode 100644 0025-for-tests.patch

diff --git a/0024-load-legacy-prov.patch b/0024-load-legacy-prov.patch
index 0c182e7..c7d2958 100644
--- a/0024-load-legacy-prov.patch
+++ b/0024-load-legacy-prov.patch
@@ -44,12 +44,12 @@ diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.c
 -[default_sect]
 -# activate = 1
 +[provider_sect]
-+##default = default_sect
++default = default_sect
 +##legacy = legacy_sect
 +##
-+##[default_sect]
-+##activate = 1
-+##
++[default_sect]
++activate = 1
++
 +##[legacy_sect]
 +##activate = 1
  
diff --git a/0025-for-tests.patch b/0025-for-tests.patch
new file mode 100644
index 0000000..aef200b
--- /dev/null
+++ b/0025-for-tests.patch
@@ -0,0 +1,18 @@
+diff -up openssl-3.0.0/apps/openssl.cnf.xxx openssl-3.0.0/apps/openssl.cnf
+--- openssl-3.0.0/apps/openssl.cnf.xxx	2021-11-23 16:29:50.618691603 +0100
++++ openssl-3.0.0/apps/openssl.cnf	2021-11-23 16:28:16.872882099 +0100
+@@ -55,11 +55,11 @@ providers = provider_sect
+ # to side-channel attacks and as such have been deprecated.
+ 
+ [provider_sect]
+-default = default_sect
++##default = default_sect
+ ##legacy = legacy_sect
+ ##
+-[default_sect]
+-activate = 1
++##[default_sect]
++##activate = 1
+ 
+ ##[legacy_sect]
+ ##activate = 1
diff --git a/openssl.spec b/openssl.spec
index acd69f2..2e7e317 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -30,6 +30,7 @@ Source9: configuration-switch.h
 Source10: configuration-prefix.h
 Source12: ec_curve.c
 Source13: ectest.c
+Source14: 0025-for-tests.patch
 
 # Patches exported from source git
 # Aarch64 and ppc64le use lib64
@@ -232,6 +233,8 @@ done
 
 # We must revert patch4 before tests otherwise they will fail
 patch -p1 -R < %{PATCH4}
+#We must disable default provider before tests otherwise they will fail
+patch -p1 < %{SOURCE14}
 
 OPENSSL_ENABLE_MD5_VERIFY=
 export OPENSSL_ENABLE_MD5_VERIFY