From 6f4837a62767d45b85d58834ce121ef0f407192b Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Feb 01 2022 18:14:52 +0000
Subject: import openssl-3.0.0-6.el9


---

diff --git a/SOURCES/0035-speed-skip-unavailable-dgst.patch b/SOURCES/0035-speed-skip-unavailable-dgst.patch
new file mode 100644
index 0000000..6d948dd
--- /dev/null
+++ b/SOURCES/0035-speed-skip-unavailable-dgst.patch
@@ -0,0 +1,26 @@
+diff -up openssl-3.0.0/apps/speed.c.beldmit openssl-3.0.0/apps/speed.c
+--- openssl-3.0.0/apps/speed.c.beldmit	2021-12-21 15:14:04.210431584 +0100
++++ openssl-3.0.0/apps/speed.c	2021-12-21 15:46:05.554085125 +0100
+@@ -547,6 +547,9 @@ static int EVP_MAC_loop(int algindex, vo
+     for (count = 0; COND(c[algindex][testnum]); count++) {
+         size_t outl;
+ 
++        if (mctx == NULL)
++            return -1;
++
+         if (!EVP_MAC_init(mctx, NULL, 0, NULL)
+             || !EVP_MAC_update(mctx, buf, lengths[testnum])
+             || !EVP_MAC_final(mctx, mac, &outl, sizeof(mac)))
+@@ -1922,8 +1925,10 @@ int speed_main(int argc, char **argv)
+             if (loopargs[i].mctx == NULL)
+                 goto end;
+ 
+-            if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params))
+-                goto end;
++            if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params)) {
++                EVP_MAC_CTX_free(loopargs[i].mctx);
++                loopargs[i].mctx = NULL;
++            }
+         }
+         for (testnum = 0; testnum < size_num; testnum++) {
+             print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum],
diff --git a/SPECS/openssl.spec b/SPECS/openssl.spec
index a3b3246..728072c 100644
--- a/SPECS/openssl.spec
+++ b/SPECS/openssl.spec
@@ -15,7 +15,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.0.0
-Release: 5%{?dist}
+Release: 6%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -65,6 +65,8 @@ Patch32: 0032-Force-fips.patch
 Patch33: 0033-FIPS-embed-hmac.patch
 # Comment out fipsinstall command-line utility
 Patch34: 0034.fipsinstall_disable.patch
+# Skip unavailable algorithms running `openssl speed`
+Patch35: 0035-speed-skip-unavailable-dgst.patch
 # Tmp: coverity
 Patch100: 0100-coverity.patch
 
@@ -398,6 +400,10 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs
 
 %changelog
+* Tue Dec 21 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-6
+- openssl speed should run in FIPS mode
+- Related: rhbz#1977318
+
 * Wed Nov 24 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-5
 - rebuilt for spec cleanup
 - Related: rhbz#1985362