From 4785b9cb5164c4ac18dd85a5fbcf009af2d111e7 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Oct 13 2016 15:17:48 +0000
Subject: rebuild with OpenSSL-1.1.0


---

diff --git a/fipscheck-1.4.1-openssl11.patch b/fipscheck-1.4.1-openssl11.patch
new file mode 100644
index 0000000..d9d6af8
--- /dev/null
+++ b/fipscheck-1.4.1-openssl11.patch
@@ -0,0 +1,92 @@
+# HG changeset patch
+# User Tomas Mraz <tmraz@redhat.com>
+# Date 1476371543 -7200
+#      Thu Oct 13 17:12:23 2016 +0200
+# Node ID f21c3efe2051d2c4c6520f5550d7d5e99c733237
+# Parent  0ad655fba0b5ae89e07c55c1214e21ddfd3899a0
+Add support for OpenSSL-1.1.0.
+
+diff -r 0ad655fba0b5 -r f21c3efe2051 src/filehmac.c
+--- a/src/filehmac.c	Thu Mar 24 11:30:58 2016 +0100
++++ b/src/filehmac.c	Thu Oct 13 17:12:23 2016 +0200
+@@ -113,6 +113,30 @@
+ 	log_dest = DEBUG_LOG_STDERR;
+ }
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++
++#define HMAC_CTX_new compat_hmac_ctx_new
++static HMAC_CTX *
++compat_hmac_ctx_new()
++{
++	HMAC_CTX *ctx;
++
++	ctx = calloc(1, sizeof(*ctx));
++	if (ctx != NULL)
++		HMAC_CTX_init(ctx);
++	return ctx;
++}
++
++#define HMAC_CTX_free compat_hmac_ctx_free
++static void
++compat_hmac_ctx_free(HMAC_CTX *ctx)
++{
++	HMAC_CTX_cleanup(ctx);
++	free(ctx);
++}
++
++#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
++
+ #ifdef CALL_PRELINK
+ static FILE *
+ spawn_prelink(const char *path, int *prelink)
+@@ -167,7 +191,7 @@
+ 	int prelink = 0;
+ #endif
+ 	int rv = -1;
+-	HMAC_CTX c;
++	HMAC_CTX *c;
+ 	unsigned char rbuf[READ_BUFFER_LENGTH];
+ 	size_t len;
+ 	unsigned int hlen;
+@@ -179,7 +203,11 @@
+ 		}
+ 	}
+ 
+-	HMAC_CTX_init(&c);
++	c = HMAC_CTX_new();
++	if (c == NULL) {
++		debug_log("Failed to allocate memory for HMAC_CTX");
++		goto end;
++	}
+ 
+ #ifdef CALL_PRELINK
+ 	if (access(PATH_PRELINK, X_OK) == 0) {
+@@ -198,15 +226,15 @@
+ 		goto end;
+ 	}
+ 
+-	HMAC_Init(&c, hmackey, sizeof(hmackey)-1, EVP_sha256());
++	HMAC_Init(c, hmackey, sizeof(hmackey)-1, EVP_sha256());
+ 
+ 	while ((len=fread(rbuf, 1, sizeof(rbuf), f)) != 0) {
+-		HMAC_Update(&c, rbuf, len);
++		HMAC_Update(c, rbuf, len);
+ 	}
+ 
+ 	len = sizeof(rbuf);
+ 	/* reuse rbuf for hmac */
+-	HMAC_Final(&c, rbuf, &hlen);
++	HMAC_Final(c, rbuf, &hlen);
+ 
+ 	*buf = malloc(hlen);
+ 	if (*buf == NULL) {
+@@ -220,7 +248,7 @@
+ 
+ 	rv = 0;
+ end:
+-	HMAC_CTX_cleanup(&c);
++	HMAC_CTX_free(c);
+ 
+ 	if (f)
+ 		fclose(f);
diff --git a/fipscheck.spec b/fipscheck.spec
index 4cd00da..ffa7b83 100644
--- a/fipscheck.spec
+++ b/fipscheck.spec
@@ -1,7 +1,7 @@
 Summary:	A library for integrity verification of FIPS validated modules
 Name:		fipscheck
 Version:	1.4.1
-Release:	11%{?dist}
+Release:	12%{?dist}
 License:	BSD
 Group:		System Environment/Libraries
 # This is a Red Hat maintained package which is specific to
@@ -10,6 +10,7 @@ URL:		http://fedorahosted.org/fipscheck/
 Source0:	http://fedorahosted.org/releases/f/i/%{name}/%{name}-%{version}.tar.bz2
 # Prelink blacklist
 Source1:	fipscheck.conf
+Patch1:		fipscheck-1.4.1-openssl11.patch
 
 BuildRoot:	%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
@@ -42,6 +43,7 @@ This package contains development files for %{name}.
 
 %prep
 %setup -q
+%patch1 -p1 -b .openssl11
 
 %build
 %configure --disable-static
@@ -96,6 +98,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man3/*
 
 %changelog
+* Thu Oct 13 2016 Tomáš Mráz <tmraz@redhat.com> - 1.4.1-12
+- rebuild with OpenSSL-1.1.0
+
 * Tue Apr 12 2016 Tomáš Mráz <tmraz@redhat.com> - 1.4.1-11
 - remove the prelink blacklist as prelink is gone (#1324950)