Revert "Initial KeysInUse Integration (#3182)"

This reverts commit 7de96f6.

Author: jslobodzian

SPECS/KeysInUse-OpenSSL/KeysInUse-OpenSSL.signatures.json

@@ -1990,7 +1990,6 @@
                 "jx",
                 "keda",
                 "kernel-signed",
-                "KeysInUse-OpenSSL",
                 "kpatch",
                 "kubernetes-1.18.14",
                 "kubernetes-1.18.17",

SPECS/KeysInUse-OpenSSL/KeysInUse-OpenSSL.spec

@@ -1,25 +1,8 @@
-diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
-index b675ed7892..b7abf3d61f 100644
---- a/crypto/engine/eng_all.c
-+++ b/crypto/engine/eng_all.c
-@@ -10,6 +10,12 @@
- #include "internal/cryptlib.h"
- #include "eng_local.h"
- 
-+ __attribute__((constructor))
-+void ENGINE_static_initializer(void)
-+{
-+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL);
-+}
-+
- void ENGINE_load_builtin_engines(void)
- {
-     /* Some ENGINEs need this */
 diff --git a/crypto/init.c b/crypto/init.c
-index 1b0d523bea..86e31c193e 100644
+index 1b0d523bea..9482633c9b 100644
 --- a/crypto/init.c
 +++ b/crypto/init.c
-@@ -402,6 +402,128 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg)
+@@ -402,6 +402,67 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg)
  }
  #  endif
  # endif
@@ -47,7 +30,7 @@ index 1b0d523bea..86e31c193e 100644
 +    dynamic = ENGINE_by_id("dynamic");
 +    if (!dynamic)
 +        goto err;
-+
++    
 +    // Add the engines directory to the list of directories to load from and specify that loading
 +    // from the directory list is mandatory (via DIR_LOAD = 2). Otherwise OpenSSL will try to load
 +    // the engine from the default ld search path, fail, and skip loading from the engines dir.
@@ -72,7 +55,6 @@ index 1b0d523bea..86e31c193e 100644
 +    if (!ENGINE_set_default_string(symcrypt, "ALL"))
 +        goto err;
 +
-+    ret = 1;
 +err:
 +    ENGINE_free(symcrypt);
 +    ENGINE_free(dynamic);
@@ -84,71 +66,11 @@ index 1b0d523bea..86e31c193e 100644
 +
 +    return ret;
 +}
-+# endif
-+
-+#ifndef OPENSSL_NO_KEYSINUSE_ENGINE
-+static CRYPTO_ONCE engine_keysinuse = CRYPTO_ONCE_STATIC_INIT;
-+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_keysinuse)
-+{
-+    int ret = 0;
-+
-+    ENGINE *dynamic = NULL;
-+    ENGINE *keysinuse = NULL;
-+
-+    dynamic = ENGINE_by_id("dynamic");
-+    if (!dynamic)
-+        goto err;
-+
-+    // Get the default engine directory from the environment - may be NULL
-+    char *load_dir = ossl_safe_getenv("OPENSSL_ENGINES");
-+
-+    # ifdef ENGINESDIR
-+    // Use the default engines directory, if defined
-+    if (load_dir == NULL)
-+    {
-+        load_dir = ENGINESDIR;
-+    }
-+    # endif
-+
-+    if (!ENGINE_ctrl_cmd_string(dynamic, "DIR_ADD", load_dir, 0))
-+        goto err;
-+    if (!ENGINE_ctrl_cmd_string(dynamic, "DIR_LOAD", "2", 0))
-+        goto err;
-+    if (!ENGINE_ctrl_cmd_string(dynamic, "SO_PATH", "keysinuse.so", 0))
-+        goto err;
-+    if (!ENGINE_ctrl_cmd_string(dynamic, "ID", "keysinuse", 0))
-+        goto err;
-+    if (!ENGINE_ctrl_cmd_string(dynamic, "LIST_ADD", "2", 0))
-+        goto err;
-+    if (!ENGINE_ctrl_cmd_string(dynamic, "LOAD", NULL, 0))
-+        goto err;
-+
-+    // Pass config values to keysinuse engine
-+    keysinuse = ENGINE_by_id("keysinuse");
-+    if (!keysinuse)
-+        goto err;
-+
-+    // Make KeysInUse the default engine for RSA and EC algorithms
-+    if (!ENGINE_set_default_string(keysinuse, "RSA,EC"))
-+        goto err;
-+
-+    ret = 1;
-+err:
-+    ENGINE_free(keysinuse);
-+    ENGINE_free(dynamic);
-+
-+#  ifdef OPENSSL_INIT_DEBUG
-+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_keysinuse: %d \n",
-+            ret);
-+#  endif
-+
-+    return ret;
-+}
 +# endif
  #endif
 
  #ifndef OPENSSL_NO_COMP
-@@ -723,9 +845,14 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
+@@ -723,9 +784,13 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
              && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
          return 0;
  # endif
@@ -159,9 +81,8 @@ index 1b0d523bea..86e31c193e 100644
 +    {
 +        if (!RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
 +            return 0;
-+
++        
 +        RUN_ONCE(&engine_symcrypt, ossl_init_engine_symcrypt);
-+        RUN_ONCE(&engine_keysinuse, ossl_init_engine_keysinuse);
 +    }
  # ifndef OPENSSL_NO_STATIC_ENGINE
  #  if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)

SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md

@@ -4,7 +4,7 @@
 Summary:        Utilities from the general purpose cryptography library with TLS implementation
 Name:           openssl
 Version:        1.1.1k
-Release:        18%{?dist}
+Release:        17%{?dist}
 License:        OpenSSL
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -42,7 +42,7 @@ Patch18:        openssl-1.1.1-fips-curves.patch
 Patch19:        openssl-1.1.1-sp80056arev3.patch
 Patch20:        openssl-1.1.1-jitterentropy.patch
 Patch21:        openssl-1.1.1-drbg-seed.patch
-Patch22:        openssl-1.1.1-load-default-engines.patch
+Patch22:        openssl-1.1.1-fips-SymCrypt.patch
 Patch23:        CVE-2021-3711.patch
 Patch24:        CVE-2021-3712.patch
 Patch25:        CVE-2022-0778.patch
@@ -339,9 +339,6 @@ rm -f %{buildroot}%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist
 %postun libs -p /sbin/ldconfig
 
 %changelog
-* Tue Jul 05 2022 Maxwell Moyer-McKee <[email protected]> - 1.1.1k-18
-- Add optional patch to use KeysInUse as default engine
-
 * Wed Jun 22 2022 Henry Beberman <[email protected]> - 1.1.1k-17
 - Add patch for CVE-2022-2068
 

SPECS/LICENSES-AND-NOTICES/data/licenses.json

@@ -7326,16 +7326,6 @@
         }
       }
     },
-    {
-      "component": {
-        "type": "other",
-        "other": {
-          "name": "KeysInUse-OpenSSL",
-          "version": "0.3.1",
-          "downloadUrl": "https://github.com/microsoft/KeysInUse-OpenSSL/archive/v0.3.1.tar.gz"
-        }
-      }
-    },
     {
       "component": {
         "type": "other",

SPECS/openssl/openssl-1.1.1-load-default-engines.patch renamed to SPECS/openssl/openssl-1.1.1-fips-SymCrypt.patch

@@ -165,11 +165,11 @@ texinfo-6.8-1.cm2.aarch64.rpm
 gtk-doc-1.33.2-1.cm2.noarch.rpm
 autoconf-2.71-3.cm2.noarch.rpm
 automake-1.16.5-1.cm2.noarch.rpm
-openssl-1.1.1k-18.cm2.aarch64.rpm
-openssl-devel-1.1.1k-18.cm2.aarch64.rpm
-openssl-libs-1.1.1k-18.cm2.aarch64.rpm
-openssl-perl-1.1.1k-18.cm2.aarch64.rpm
-openssl-static-1.1.1k-18.cm2.aarch64.rpm
+openssl-1.1.1k-17.cm2.aarch64.rpm
+openssl-devel-1.1.1k-17.cm2.aarch64.rpm
+openssl-libs-1.1.1k-17.cm2.aarch64.rpm
+openssl-perl-1.1.1k-17.cm2.aarch64.rpm
+openssl-static-1.1.1k-17.cm2.aarch64.rpm
 libcap-2.60-1.cm2.aarch64.rpm
 libcap-devel-2.60-1.cm2.aarch64.rpm
 debugedit-5.0-1.cm2.aarch64.rpm

SPECS/openssl/openssl.spec

@@ -165,11 +165,11 @@ texinfo-6.8-1.cm2.x86_64.rpm
 gtk-doc-1.33.2-1.cm2.noarch.rpm
 autoconf-2.71-3.cm2.noarch.rpm
 automake-1.16.5-1.cm2.noarch.rpm
-openssl-1.1.1k-18.cm2.x86_64.rpm
-openssl-devel-1.1.1k-18.cm2.x86_64.rpm
-openssl-libs-1.1.1k-18.cm2.x86_64.rpm
-openssl-perl-1.1.1k-18.cm2.x86_64.rpm
-openssl-static-1.1.1k-18.cm2.x86_64.rpm
+openssl-1.1.1k-17.cm2.x86_64.rpm
+openssl-devel-1.1.1k-17.cm2.x86_64.rpm
+openssl-libs-1.1.1k-17.cm2.x86_64.rpm
+openssl-perl-1.1.1k-17.cm2.x86_64.rpm
+openssl-static-1.1.1k-17.cm2.x86_64.rpm
 libcap-2.60-1.cm2.x86_64.rpm
 libcap-devel-2.60-1.cm2.x86_64.rpm
 debugedit-5.0-1.cm2.x86_64.rpm

cgmanifest.json

@@ -259,12 +259,12 @@ npth-1.6-4.cm2.aarch64.rpm
 npth-debuginfo-1.6-4.cm2.aarch64.rpm
 npth-devel-1.6-4.cm2.aarch64.rpm
 ntsysv-1.20-3.cm2.aarch64.rpm
-openssl-1.1.1k-18.cm2.aarch64.rpm
-openssl-debuginfo-1.1.1k-18.cm2.aarch64.rpm
-openssl-devel-1.1.1k-18.cm2.aarch64.rpm
-openssl-libs-1.1.1k-18.cm2.aarch64.rpm
-openssl-perl-1.1.1k-18.cm2.aarch64.rpm
-openssl-static-1.1.1k-18.cm2.aarch64.rpm
+openssl-1.1.1k-17.cm2.aarch64.rpm
+openssl-debuginfo-1.1.1k-17.cm2.aarch64.rpm
+openssl-devel-1.1.1k-17.cm2.aarch64.rpm
+openssl-libs-1.1.1k-17.cm2.aarch64.rpm
+openssl-perl-1.1.1k-17.cm2.aarch64.rpm
+openssl-static-1.1.1k-17.cm2.aarch64.rpm
 p11-kit-0.24.1-1.cm2.aarch64.rpm
 p11-kit-debuginfo-0.24.1-1.cm2.aarch64.rpm
 p11-kit-devel-0.24.1-1.cm2.aarch64.rpm