Rebase to upstream version beta2

Related: rhbz#1903209 Signed-off-by: Sahana Prasad <sahana@redhat.com>
3 years ago · fe7445d93d
parent 0b6afca185
commit fe7445d93d
7 changed files with 246 additions and 353 deletions
--- a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
+++ b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
@ -280,9 +280,9 @@ index 404a706fab..e81fa9ec3e 100644
 --- a/util/libcrypto.num
 +++ b/util/libcrypto.num
@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure    ?	3_0_0	EXIST::FUNCTION:
- ASN1_item_d2i_bio_ex                    ?	3_0_0	EXIST::FUNCTION:
+ ASN1_TIME_print_ex                      5553	3_0_0	EXIST::FUNCTION:
- ASN1_item_d2i_ex                        ?	3_0_0	EXIST::FUNCTION:
+ EVP_PKEY_get0_provider                  5554	3_0_0	EXIST::FUNCTION:
- ASN1_TIME_print_ex                      ?	3_0_0	EXIST::FUNCTION:
+ EVP_PKEY_CTX_get0_provider              5555	3_0_0	EXIST::FUNCTION:
 +ossl_safe_getenv                        ?	3_0_0	EXIST::FUNCTION:
 -- 
 2.26.2
--- a/0017-use-AI-ADDRCONFIG-explicit-hostname.patch
+++ b/0017-use-AI-ADDRCONFIG-explicit-hostname.patch
@ -1,12 +0,0 @@
 diff -up openssl-3.0.0-alpha16/crypto/bio/bio_addr.c.use-explicit openssl-3.0.0-alpha16/crypto/bio/bio_addr.c
 --- openssl-3.0.0-alpha16/crypto/bio/bio_addr.c.use-explicit	2021-07-06 14:06:05.706578389 +0200
 +++ openssl-3.0.0-alpha16/crypto/bio/bio_addr.c	2021-07-06 14:07:24.482329505 +0200
@@ -696,7 +696,7 @@ int BIO_lookup_ex(const char *host, cons
         hints.ai_protocol = protocol;
 # ifdef AI_ADDRCONFIG
 #  ifdef AF_UNSPEC
 -        if (family == AF_UNSPEC)
 +        if (host != NULL && family == AF_UNSPEC)
 #  endif
             hints.ai_flags |= AI_ADDRCONFIG;
 # endif
--- a/0018-Fix-crash-BN_lebin2bn.patch
+++ b/0018-Fix-crash-BN_lebin2bn.patch
@ -1,12 +0,0 @@
 diff -up openssl-3.0.0-alpha16/apps/x509.c.segfault-bn openssl-3.0.0-alpha16/apps/x509.c
 --- openssl-3.0.0-alpha16/apps/x509.c.segfault-bn	2021-07-06 22:12:37.021406952 +0200
 +++ openssl-3.0.0-alpha16/apps/x509.c	2021-07-06 22:13:40.540996922 +0200
@@ -934,7 +934,7 @@ int x509_main(int argc, char **argv)
         } else if (i == modulus) {
             BIO_printf(out, "Modulus=");
             if (EVP_PKEY_is_a(pkey, "RSA")) {
 -                BIGNUM *n;
 +                BIGNUM *n = NULL;
                 /* Every RSA key has an 'n' */
                 EVP_PKEY_get_bn_param(pkey, "n", &n);
--- a/0019-dual-abi.patch
+++ b/0019-dual-abi.patch
@ -251,231 +251,6 @@ diff -up openssl-3.0.0-beta1/crypto/evp/asymcipher.c.dual-abi openssl-3.0.0-beta
 void EVP_ASYM_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx,
                                      void (*fn)(EVP_ASYM_CIPHER *cipher,
 diff -up openssl-3.0.0-beta1/crypto/evp/evp_lib.c.dual-abi openssl-3.0.0-beta1/crypto/evp/evp_lib.c
 --- openssl-3.0.0-beta1/crypto/evp/evp_lib.c.dual-abi	2021-07-13 01:10:08.970210463 +0200
 +++ openssl-3.0.0-beta1/crypto/evp/evp_lib.c	2021-07-13 01:10:20.596324598 +0200
@@ -31,6 +31,21 @@
 #include "crypto/asn1.h"
 #include "internal/provider.h"
 #include "evp_local.h"
 +/* Macro machinery.  */
 +
 +/* Defines OLD_STRING (a C string) as an alias for NEW_ID (a C
 + *    identifier).  The controlling C identifier symbol is ALIAS_ID (a C
 + *       identifier).  */
 +#define RHEL_ALIAS3(alias_id, new_id, old_string) \
 +	  extern __typeof(new_id) alias_id \
 +	      __asm__ (old_string) \
 +		      __attribute__ ((__copy__ (new_id), __alias__ (#new_id)))
 +
 +/* Defines an alias using OLD_ID, which must be an macro identifier
 + *    that expands to the new identifier.  */
 +#define RHEL_ALIAS1(old_id) \
 +	  RHEL_ALIAS3(RHEL_ALIAS_##old_id, old_id, #old_id)
 +
 #if !defined(FIPS_MODULE)
@@ -337,6 +352,7 @@ int EVP_CIPHER_get_type(const EVP_CIPHER
 #endif
     }
 }
 +RHEL_ALIAS1(EVP_CIPHER_type);
 int evp_cipher_cache_constants(EVP_CIPHER *cipher)
 {
@@ -389,11 +405,13 @@ int EVP_CIPHER_get_block_size(const EVP_
 {
     return cipher->block_size;
 }
 +RHEL_ALIAS1(EVP_CIPHER_block_size);
 int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx)
 {
     return EVP_CIPHER_get_block_size(ctx->cipher);
 }
 +RHEL_ALIAS1(EVP_CIPHER_CTX_block_size);
 int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e)
 {
@@ -466,11 +484,13 @@ int EVP_CIPHER_CTX_is_encrypting(const E
 {
     return ctx->encrypt;
 }
 +RHEL_ALIAS1(EVP_CIPHER_CTX_encrypting);
 unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *cipher)
 {
     return cipher->flags;
 }
 +RHEL_ALIAS1(EVP_CIPHER_flags);
 void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
 {
@@ -501,6 +521,7 @@ int EVP_CIPHER_get_iv_length(const EVP_C
 {
     return cipher->iv_len;
 }
 +RHEL_ALIAS1(EVP_CIPHER_iv_length);
 int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx)
 {
@@ -522,6 +543,7 @@ legacy:
     }
     return len;
 }
 +RHEL_ALIAS1(EVP_CIPHER_CTX_iv_length);
 int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx)
 {
@@ -533,6 +555,7 @@ int EVP_CIPHER_CTX_get_tag_length(const
     ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
     return ret == 1 ? (int)v : 0;
 }
 +RHEL_ALIAS1(EVP_CIPHER_CTX_tag_length);
 #ifndef OPENSSL_NO_DEPRECATED_3_0
 const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx)
@@ -615,6 +638,7 @@ int EVP_CIPHER_CTX_get_num(const EVP_CIP
     return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
 }
 +RHEL_ALIAS1(EVP_CIPHER_CTX_num);
 int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num)
 {
@@ -634,6 +658,7 @@ int EVP_CIPHER_get_key_length(const EVP_
 {
     return cipher->key_len;
 }
 +RHEL_ALIAS1(EVP_CIPHER_key_length);
 int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx)
 {
@@ -646,16 +671,19 @@ int EVP_CIPHER_CTX_get_key_length(const
     return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
 }
 +RHEL_ALIAS1(EVP_CIPHER_CTX_key_length);
 int EVP_CIPHER_get_nid(const EVP_CIPHER *cipher)
 {
     return cipher->nid;
 }
 +RHEL_ALIAS1(EVP_CIPHER_nid);
 int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx)
 {
     return ctx->cipher->nid;
 }
 +RHEL_ALIAS1(EVP_CIPHER_CTX_nid);
 int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name)
 {
@@ -679,6 +707,7 @@ const char *EVP_CIPHER_get0_name(const E
     return NULL;
 #endif
 }
 +RHEL_ALIAS1(EVP_CIPHER_name);
 const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher)
 {
@@ -690,6 +719,7 @@ const char *EVP_CIPHER_get0_description(
     return NULL;
 #endif
 }
 +RHEL_ALIAS1(EVP_CIPHER_description);
 int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher,
                             void (*fn)(const char *name, void *data),
@@ -705,11 +735,13 @@ const OSSL_PROVIDER *EVP_CIPHER_get0_pro
 {
     return cipher->prov;
 }
 +RHEL_ALIAS1(EVP_CIPHER_provider);
 int EVP_CIPHER_get_mode(const EVP_CIPHER *cipher)
 {
     return EVP_CIPHER_get_flags(cipher) & EVP_CIPH_MODE;
 }
 +RHEL_ALIAS1(EVP_CIPHER_mode);
 int EVP_MD_is_a(const EVP_MD *md, const char *name)
 {
@@ -733,6 +765,7 @@ const char *EVP_MD_get0_description(cons
     return NULL;
 #endif
 }
 +RHEL_ALIAS1(EVP_MD_description);
 const char *EVP_MD_get0_name(const EVP_MD *md)
 {
@@ -746,6 +779,7 @@ const char *EVP_MD_get0_name(const EVP_M
     return NULL;
 #endif
 }
 +RHEL_ALIAS1(EVP_MD_name);
 int EVP_MD_names_do_all(const EVP_MD *md,
                         void (*fn)(const char *name, void *data),
@@ -761,16 +795,19 @@ const OSSL_PROVIDER *EVP_MD_get0_provide
 {
     return md->prov;
 }
 +RHEL_ALIAS1(EVP_MD_provider);
 int EVP_MD_get_type(const EVP_MD *md)
 {
     return md->type;
 }
 +RHEL_ALIAS1(EVP_MD_type);
 int EVP_MD_get_pkey_type(const EVP_MD *md)
 {
     return md->pkey_type;
 }
 +RHEL_ALIAS1(EVP_MD_pkey_type);
 int EVP_MD_get_block_size(const EVP_MD *md)
 {
@@ -780,6 +817,7 @@ int EVP_MD_get_block_size(const EVP_MD *
     }
     return md->block_size;
 }
 +RHEL_ALIAS1(EVP_MD_block_size);
 int EVP_MD_get_size(const EVP_MD *md)
 {
@@ -789,11 +827,13 @@ int EVP_MD_get_size(const EVP_MD *md)
     }
     return md->md_size;
 }
 +RHEL_ALIAS1(EVP_MD_size);
 unsigned long EVP_MD_get_flags(const EVP_MD *md)
 {
     return md->flags;
 }
 +RHEL_ALIAS1(EVP_MD_flags);
 EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type)
 {
@@ -1007,6 +1047,7 @@ EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(co
 {
     return ctx->pctx;
 }
 +RHEL_ALIAS1(EVP_MD_CTX_pkey_ctx);
 #if !defined(FIPS_MODULE)
 void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx)
@@ -1033,6 +1074,7 @@ void *EVP_MD_CTX_get0_md_data(const EVP_
 {
     return ctx->md_data;
 }
 +RHEL_ALIAS1(EVP_MD_CTX_md_data);
 int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
                                              const void *data, size_t count)
 diff -up openssl-3.0.0-beta1/crypto/evp/evp_rand.c.dual-abi openssl-3.0.0-beta1/crypto/evp/evp_rand.c
 --- openssl-3.0.0-beta1/crypto/evp/evp_rand.c.dual-abi	2021-07-13 00:54:33.231325700 +0200
 +++ openssl-3.0.0-beta1/crypto/evp/evp_rand.c	2021-07-13 00:57:22.596922955 +0200
@ -975,8 +750,8 @@ diff -up openssl-3.0.0-beta1/util/libcrypto.num.dual-abi openssl-3.0.0-beta1/uti
 --- openssl-3.0.0-beta1/util/libcrypto.num.dual-abi	2021-07-13 23:38:25.166562563 +0200
 +++ openssl-3.0.0-beta1/util/libcrypto.num	2021-07-13 23:40:38.622939932 +0200
@@ -5414,3 +5414,76 @@ ASN1_item_d2i_bio_ex
- ASN1_item_d2i_ex                        ?	3_0_0	EXIST::FUNCTION:
+ EVP_PKEY_get0_provider                  5554	3_0_0	EXIST::FUNCTION:
- ASN1_TIME_print_ex                      ?	3_0_0	EXIST::FUNCTION:
+ EVP_PKEY_CTX_get0_provider              5555	3_0_0	EXIST::FUNCTION:
 ossl_safe_getenv                        ?	3_0_0	EXIST::FUNCTION:
 +EVP_ASYM_CIPHER_description             ?	3_0_0	EXIST::FUNCTION:
 +EVP_ASYM_CIPHER_name					?	3_0_0	EXIST::FUNCTION:
@ -1055,8 +830,8 @@ diff -up openssl-3.0.0-beta1/crypto/provider.c.dual-abi openssl-3.0.0-beta1/cryp
 --- openssl-3.0.0-beta1/crypto/provider.c.dual-abi	2021-07-14 00:37:49.301207962 +0200
 +++ openssl-3.0.0-beta1/crypto/provider.c	2021-07-14 00:39:34.796200433 +0200
@@ -13,6 +13,21 @@
 #include <openssl/core_names.h>
 #include "internal/provider.h"
 #include "provider_local.h"
 +/* Macro machinery.  */
 +
@ -1125,20 +900,6 @@ diff -up openssl-3.0.0-beta1/crypto/evp/asymcipher.c.dual-abi openssl-3.0.0-beta
 static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation,
                                      const OSSL_PARAM params[])
 {
 diff -up openssl-3.0.0-beta1/crypto/evp/evp_lib.c.dual-abi openssl-3.0.0-beta1/crypto/evp/evp_lib.c
 --- openssl-3.0.0-beta1/crypto/evp/evp_lib.c.dual-abi	2021-07-17 22:24:40.140969959 +0200
 +++ openssl-3.0.0-beta1/crypto/evp/evp_lib.c	2021-07-17 22:25:50.977834241 +0200
@@ -43,6 +43,10 @@
 #define RHEL_ALIAS1(old_id) \
 	  RHEL_ALIAS3(RHEL_ALIAS_##old_id, old_id, #old_id)
 +#define EVP_MD_description EVP_MD_get0_description
 +#define EVP_MD_provider EVP_MD_get0_provider
 +#define EVP_CIPHER_description EVP_CIPHER_get0_description
 +#define EVP_CIPHER_provider EVP_CIPHER_get0_provider
 #if !defined(FIPS_MODULE)
 diff -up openssl-3.0.0-beta1/crypto/evp/evp_rand.c.dual-abi openssl-3.0.0-beta1/crypto/evp/evp_rand.c
 --- openssl-3.0.0-beta1/crypto/evp/evp_rand.c.dual-abi	2021-07-17 22:29:25.742454581 +0200
 +++ openssl-3.0.0-beta1/crypto/evp/evp_rand.c	2021-07-17 22:33:36.158699400 +0200
@ -1289,3 +1050,236 @@ diff -up openssl-3.0.0-beta1/crypto/evp/p_lib.c.dual-abi openssl-3.0.0-beta1/cry
 static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str,
                          int len, EVP_KEYMGMT *keymgmt);
 static void evp_pkey_free_it(EVP_PKEY *key);
 diff -up openssl-3.0.0-beta2/crypto/evp/evp_lib.c.dual-abi openssl-3.0.0-beta2/crypto/evp/evp_lib.c
 --- openssl-3.0.0-beta2/crypto/evp/evp_lib.c.dual-abi	2021-08-03 12:50:08.359814508 +0200
 +++ openssl-3.0.0-beta2/crypto/evp/evp_lib.c	2021-08-03 12:55:14.025810602 +0200
@@ -28,6 +28,26 @@
 #include "internal/provider.h"
 #include "evp_local.h"
 +/* Macro machinery.  */
 +
 +/* Defines OLD_STRING (a C string) as an alias for NEW_ID (a C
 + *    identifier).  The controlling C identifier symbol is ALIAS_ID (a C
 + *       identifier).  */
 +#define RHEL_ALIAS3(alias_id, new_id, old_string) \
 +	  extern __typeof(new_id) alias_id \
 +	      __asm__ (old_string) \
 +		      __attribute__ ((__copy__ (new_id), __alias__ (#new_id)))
 +
 +/* Defines an alias using OLD_ID, which must be an macro identifier
 + *    that expands to the new identifier.  */
 +#define RHEL_ALIAS1(old_id) \
 +	  RHEL_ALIAS3(RHEL_ALIAS_##old_id, old_id, #old_id)
 +
 +#define EVP_MD_description EVP_MD_get0_description
 +#define EVP_MD_provider EVP_MD_get0_provider
 +#define EVP_CIPHER_description EVP_CIPHER_get0_description
 +#define EVP_CIPHER_provider EVP_CIPHER_get0_provider
 +
 #if !defined(FIPS_MODULE)
 # include "crypto/asn1.h"
 diff -up openssl-3.0.0-beta2/crypto/evp/evp_lib.c.dual-abi openssl-3.0.0-beta2/crypto/evp/evp_lib.c
 --- openssl-3.0.0-beta2/crypto/evp/evp_lib.c.dual-abi	2021-08-03 13:11:46.436671855 +0200
 +++ openssl-3.0.0-beta2/crypto/evp/evp_lib.c	2021-08-03 13:31:36.873461438 +0200
@@ -337,6 +337,7 @@ int EVP_CIPHER_get_type(const EVP_CIPHER
 #endif
     }
 }
 +RHEL_ALIAS1(EVP_CIPHER_type);
 int evp_cipher_cache_constants(EVP_CIPHER *cipher)
 {
@@ -389,11 +390,13 @@ int EVP_CIPHER_get_block_size(const EVP_
 {
     return cipher->block_size;
 }
 +RHEL_ALIAS1(EVP_CIPHER_block_size);
 int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx)
 {
     return EVP_CIPHER_get_block_size(ctx->cipher);
 }
 +RHEL_ALIAS1(EVP_CIPHER_CTX_block_size);
 int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e)
 {
@@ -466,11 +469,13 @@ int EVP_CIPHER_CTX_is_encrypting(const E
 {
     return ctx->encrypt;
 }
 +RHEL_ALIAS1(EVP_CIPHER_CTX_encrypting);
 unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *cipher)
 {
     return cipher->flags;
 }
 +RHEL_ALIAS1(EVP_CIPHER_flags);
 void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
 {
@@ -501,6 +506,7 @@ int EVP_CIPHER_get_iv_length(const EVP_C
 {
     return cipher->iv_len;
 }
 +RHEL_ALIAS1(EVP_CIPHER_iv_length);
 int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx)
 {
@@ -522,6 +543,7 @@ legacy:
     }
     return len;
 }
 +RHEL_ALIAS1(EVP_CIPHER_CTX_iv_length);
 int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx)
 {
@@ -533,6 +539,7 @@ int EVP_CIPHER_CTX_get_tag_length(const
     ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
     return ret == 1 ? (int)v : 0;
 }
 +RHEL_ALIAS1(EVP_CIPHER_CTX_tag_length);
 #ifndef OPENSSL_NO_DEPRECATED_3_0
 const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx)
@@ -615,6 +622,7 @@ int EVP_CIPHER_CTX_get_num(const EVP_CIP
     return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
 }
 +RHEL_ALIAS1(EVP_CIPHER_CTX_num);
 int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num)
 {
@@ -634,6 +642,7 @@ int EVP_CIPHER_get_key_length(const EVP_
 {
     return cipher->key_len;
 }
 +RHEL_ALIAS1(EVP_CIPHER_key_length);
 int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx)
 {
@@ -646,16 +655,19 @@ int EVP_CIPHER_CTX_get_key_length(const
     return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
 }
 +RHEL_ALIAS1(EVP_CIPHER_CTX_key_length);
 int EVP_CIPHER_get_nid(const EVP_CIPHER *cipher)
 {
     return cipher->nid;
 }
 +RHEL_ALIAS1(EVP_CIPHER_nid);
 int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx)
 {
     return ctx->cipher->nid;
 }
 +RHEL_ALIAS1(EVP_CIPHER_CTX_nid);
 int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name)
 {
@@ -679,6 +691,7 @@ const char *EVP_CIPHER_get0_name(const E
     return NULL;
 #endif
 }
 +RHEL_ALIAS1(EVP_CIPHER_name);
 const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher)
 {
@@ -690,6 +703,7 @@ const char *EVP_CIPHER_get0_description(
     return NULL;
 #endif
 }
 +RHEL_ALIAS1(EVP_CIPHER_description);
 int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher,
                             void (*fn)(const char *name, void *data),
@@ -705,11 +719,13 @@ const OSSL_PROVIDER *EVP_CIPHER_get0_pro
 {
     return cipher->prov;
 }
 +RHEL_ALIAS1(EVP_CIPHER_provider);
 int EVP_CIPHER_get_mode(const EVP_CIPHER *cipher)
 {
     return EVP_CIPHER_get_flags(cipher) & EVP_CIPH_MODE;
 }
 +RHEL_ALIAS1(EVP_CIPHER_mode);
 int EVP_MD_is_a(const EVP_MD *md, const char *name)
 {
@@ -733,6 +749,7 @@ const char *EVP_MD_get0_description(cons
     return NULL;
 #endif
 }
 +RHEL_ALIAS1(EVP_MD_description);
 const char *EVP_MD_get0_name(const EVP_MD *md)
 {
@@ -746,6 +763,7 @@ const char *EVP_MD_get0_name(const EVP_M
     return NULL;
 #endif
 }
 +RHEL_ALIAS1(EVP_MD_name);
 int EVP_MD_names_do_all(const EVP_MD *md,
                         void (*fn)(const char *name, void *data),
@@ -761,16 +779,19 @@ const OSSL_PROVIDER *EVP_MD_get0_provide
 {
     return md->prov;
 }
 +RHEL_ALIAS1(EVP_MD_provider);
 int EVP_MD_get_type(const EVP_MD *md)
 {
     return md->type;
 }
 +RHEL_ALIAS1(EVP_MD_type);
 int EVP_MD_get_pkey_type(const EVP_MD *md)
 {
     return md->pkey_type;
 }
 +RHEL_ALIAS1(EVP_MD_pkey_type);
 int EVP_MD_get_block_size(const EVP_MD *md)
 {
@@ -780,6 +801,7 @@ int EVP_MD_get_block_size(const EVP_MD *
     }
     return md->block_size;
 }
 +RHEL_ALIAS1(EVP_MD_block_size);
 int EVP_MD_get_size(const EVP_MD *md)
 {
@@ -789,11 +811,13 @@ int EVP_MD_get_size(const EVP_MD *md)
     }
     return md->md_size;
 }
 +RHEL_ALIAS1(EVP_MD_size);
 unsigned long EVP_MD_get_flags(const EVP_MD *md)
 {
     return md->flags;
 }
 +RHEL_ALIAS1(EVP_MD_flags);
 EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type)
 {
@@ -1008,6 +1032,7 @@ EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(co
 {
     return ctx->pctx;
 }
 +RHEL_ALIAS1(EVP_MD_CTX_pkey_ctx);
 #if !defined(FIPS_MODULE)
 void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx)
@@ -1034,6 +1059,7 @@ void *EVP_MD_CTX_get0_md_data(const EVP_
 {
     return ctx->md_data;
 }
 +RHEL_ALIAS1(EVP_MD_CTX_md_data);
 int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
                                              const void *data, size_t count)
--- a/0020-no-dup-cert-entries.patch
+++ b/0020-no-dup-cert-entries.patch
@ -1,75 +0,0 @@
 diff -up openssl-3.0.0-beta1/apps/pkcs12.c.dup-pkcs12 openssl-3.0.0-beta1/apps/pkcs12.c
 --- openssl-3.0.0-beta1/apps/pkcs12.c.dup-pkcs12	2021-07-22 14:59:14.777544688 +0200
 +++ openssl-3.0.0-beta1/apps/pkcs12.c	2021-07-22 15:06:04.768908265 +0200
@@ -571,8 +571,6 @@ int pkcs12_main(int argc, char **argv)
                                infile);
                     goto export_end;
                 }
 -            } else {
 -                ee_cert = X509_dup(sk_X509_value(certs, 0)); /* take 1st cert */
             }
         }
@@ -588,8 +586,13 @@ int pkcs12_main(int argc, char **argv)
             int vret;
             STACK_OF(X509) *chain2;
             X509_STORE *store;
 +            X509 *ee_cert_tmp = ee_cert;
 -            if (ee_cert == NULL) {
 +            /* Assume the first cert if we haven't got anything else */
 +            if (ee_cert_tmp == NULL && certs != NULL)
 +                ee_cert_tmp = sk_X509_value(certs, 0);
 +
 +            if (ee_cert_tmp == NULL) {
                 BIO_printf(bio_err,
                            "No end entity certificate to check with -chain\n");
                 goto export_end;
@@ -600,7 +603,7 @@ int pkcs12_main(int argc, char **argv)
                     == NULL)
                 goto export_end;
 -            vret = get_cert_chain(ee_cert, store, untrusted_certs, &chain2);
 +            vret = get_cert_chain(ee_cert_tmp, store, untrusted_certs, &chain2);
             X509_STORE_free(store);
             if (vret == X509_V_OK) {
 diff -up openssl-3.0.0-beta1/test/recipes/80-test_pkcs12.t.dup-pkcs12 openssl-3.0.0-beta1/test/recipes/80-test_pkcs12.t
 --- openssl-3.0.0-beta1/test/recipes/80-test_pkcs12.t.dup-pkcs12	2021-07-22 15:06:22.715077291 +0200
 +++ openssl-3.0.0-beta1/test/recipes/80-test_pkcs12.t	2021-07-22 15:17:52.250559784 +0200
@@ -54,7 +54,7 @@ if (eval { require Win32::API; 1; }) {
 }
 $ENV{OPENSSL_WIN32_UTF8}=1;
 -plan tests => 7;
 +plan tests => 10;
 # Test different PKCS#12 formats
 ok(run(test(["pkcs12_format_test"])), "test pkcs12 formats");
@@ -73,6 +73,7 @@ my @path = qw(test certs);
 my $outfile1 = "out1.p12";
 my $outfile2 = "out2.p12";
 my $outfile3 = "out3.p12";
 +my $outfile5 = "out5.p12";
 # Test the -chain option with -untrusted
 ok(run(app(["openssl", "pkcs12", "-export", "-chain",
@@ -108,4 +109,18 @@ SKIP: {
     "test_pkcs12_passcerts_legacy");
 }
 +ok(run(app(["openssl", "pkcs12", "-export", "-out", $outfile5,
 +            "-in", srctop_file(@path, "ee-cert.pem"), "-caname", "testname",
 +            "-nokeys", "-passout", "pass:", "-certpbe", "NONE"])),
 +   "test nokeys single cert");
 +
 +my @pkcs12info = run(app(["openssl", "pkcs12", "-info", "-in", $outfile5,
 +                          "-passin", "pass:"]), capture => 1);
 +
 +# Test that with one input certificate, we get one output certificate
 +ok(grep(/subject=CN = server.example/, @pkcs12info) == 1,
 +   "test one cert in output");
 +# Test that the expected friendly name is present in the output
 +ok(grep(/testname/, @pkcs12info) == 1, "test friendly name in output");
 +
 SetConsoleOutputCP($savedcp) if (defined($savedcp));
--- a/openssl.spec
+++ b/openssl.spec
@ -15,7 +15,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.0.0
-Release: 0.beta1.5%{?dist}
+Release: 0.beta2.1%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@ -52,14 +52,8 @@ Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch
 #Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch
 # remove unsupported EC curves
 Patch11: 0011-Remove-EC-curves.patch
 # Use AI_ADDRCONFIG only when explicit host name is given
 Patch17: 0017-use-AI-ADDRCONFIG-explicit-hostname.patch
 # Fix segmentation fault in BN_lebin2bn()
 Patch18: 0018-Fix-crash-BN_lebin2bn.patch
 # Temporary dual-ABI build patch
 Patch19: 0019-dual-abi.patch
 # Prevents creation of duplicate cert entries in PKCS #12 files
 Patch20: 0020-no-dup-cert-entries.patch
 License: ASL 2.0
 URL: http://www.openssl.org/
@ -115,7 +109,7 @@ package provides Perl scripts for converting certificates and keys
 from other formats to the formats used by the OpenSSL toolkit.
 %prep
-%autosetup -S git -n %{name}-%{version}-beta1
+%autosetup -S git -n %{name}-%{version}-beta2
 # The hobble_openssl is called here redundantly, just to be sure.
 # The tarball has already the sources removed.
@ -382,6 +376,10 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs
 %changelog
 * Tue Aug 03 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta2.1
 - Rebase to upstream version beta2
 - Related: rhbz#1903209
 * Thu Jul 22 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta1.5
 - Prevents creation of duplicate cert entries in PKCS #12 files
 - Resolves: rhbz#1978670
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (openssl-3.0.0-hobbled.tar.xz) = 05f3e01621be98e776061a86b8fec68bdafeac720c8f968b1c4fafc5f328839701d2ffd67d6bd695c3dbf67e3efb03b3c856ed046d751359bc89b867205b7fe9
+SHA512 (openssl-3.0.0-hobbled.tar.xz) = 096758a79680921d2b18929177d2ee43b7fb62fa30164a16ab1749b8349aac5e6e3d0761419b6c9f0a591c8991c133d142e56ab92f197d142649b58e66d876f7
`@ -1 +1 @@`
	`SHA512 (openssl-3.0.0-hobbled.tar.xz) = 05f3e01621be98e776061a86b8fec68bdafeac720c8f968b1c4fafc5f328839701d2ffd67d6bd695c3dbf67e3efb03b3c856ed046d751359bc89b867205b7fe9`	`SHA512 (openssl-3.0.0-hobbled.tar.xz) = 096758a79680921d2b18929177d2ee43b7fb62fa30164a16ab1749b8349aac5e6e3d0761419b6c9f0a591c8991c133d142e56ab92f197d142649b58e66d876f7`