File 29064.patch of Package openssl-3

From 3da3d73fed53591e2ba95d29a141354e5efcbb58 Mon Sep 17 00:00:00 2001
From: Pedro Monreal <pmonreal@suse.com>
Date: Tue, 4 Nov 2025 16:27:09 +0100
Subject: [PATCH 1/3] jitter: add enable-jitter-dynamic configure option

Add a new configure option called enable-jitter-dynamic to allow
building with jitterentropy using the dynamic libjitterentropy.so
library instead of only allowing the static libjitterentropy.a.
---
 Configurations/00-base-templates.conf |  5 ++++-
 Configure                             |  6 ++++++
 INSTALL.md                            | 15 ++++++++-------
 doc/man7/EVP_RAND-JITTER.pod          |  6 ++++--
 4 files changed, 22 insertions(+), 10 deletions(-)

Index: openssl-3.6.0/Configurations/00-base-templates.conf
===================================================================
--- openssl-3.6.0.orig/Configurations/00-base-templates.conf
+++ openssl-3.6.0/Configurations/00-base-templates.conf
@@ -107,7 +107,10 @@ my %targets=(
         ex_libs         =>
             sub {
                 my @libs = ();
-                push(@libs, "-l:libjitterentropy.a") if !defined($disabled{jitter});
+                if (!defined($disabled{jitter})) {
+                    push(@libs, "-l:libjitterentropy.a") if defined($disabled{"jitter-dynamic"});
+                    push(@libs, "-l:libjitterentropy.so") if !defined($disabled{"jitter-dynamic"});
+                }
                 push(@libs, "-lz") if !defined($disabled{zlib}) && defined($disabled{"zlib-dynamic"});
                 if (!defined($disabled{brotli}) && defined($disabled{"brotli-dynamic"})) {
                     push(@libs, "-lbrotlienc");
Index: openssl-3.6.0/Configure
===================================================================
--- openssl-3.6.0.orig/Configure
+++ openssl-3.6.0/Configure
@@ -493,6 +493,7 @@ my @disablables = (
     "idea",
     "integrity-only-ciphers",
     "jitter",
+    "jitter-dynamic",
     "ktls",
     "legacy",
     "lms",
@@ -612,6 +613,7 @@ our %disabled = ( # "what"         => "c
                   "fuzz-libfuzzer"      => "default",
                   "pie"                 => "default",
                   "jitter"              => "default",
+                  "jitter-dynamic"      => "default",
                   "ktls"                => "default",
                   "lms"                 => "default",
                   "md2"                 => "default",
@@ -939,6 +941,10 @@ while (@argvcopy)
                         {
                         $disabled{"dynamic-engine"} = "option";
                         }
+                elsif ($1 eq "jitter-dynamic")
+                        {
+                        delete $disabled{"jitter"};
+                        }
                 elsif (exists $deprecated_disablables{$1})
                         {
                         $deprecated_options{$_} = 1;
Index: openssl-3.6.0/INSTALL.md
===================================================================
--- openssl-3.6.0.orig/INSTALL.md
+++ openssl-3.6.0/INSTALL.md
@@ -531,10 +531,10 @@ at the end of this document.
 
 ### jitter
 
-When configured with `enable-jitter`, a "JITTER" RNG is compiled that
-can provide an alternative software seed source. It can be configured
-by setting `seed` option in `openssl.cnf`. A minimal `openssl.cnf` is
-shown below:
+When configured with `enable-jitter` or `enable-jitter-dynamic`, a
+"JITTER" RNG is compiled that can provide an alternative software seed
+source. It can be configured by setting `seed` option in `openssl.cnf`.
+A minimal `openssl.cnf` is shown below:
 
     openssl_conf = openssl_init
 
@@ -544,7 +544,8 @@ shown below:
     [random]
     seed=JITTER
 
-It uses a statically linked [jitterentropy-library] as the seed source.
+It uses a statically linked [jitterentropy-library] as the seed source or
+dynamically linked when configured with `enable-jitter-dynamic`.
 
 Additional configuration flags available:
 
@@ -555,8 +556,8 @@ it is outside the system include path.
 
     --with-jitter-lib=DIR
 
-This is the directory containing the static libjitterentropy.a
-library, if it is outside the system library path.
+This is the directory containing the static libjitterentropy.a or the
+libjitterentropy.so library, if it is outside the system library path.
 
 Setting the FIPS HMAC key
 -------------------------
Index: openssl-3.6.0/doc/man7/EVP_RAND-JITTER.pod
===================================================================
--- openssl-3.6.0.orig/doc/man7/EVP_RAND-JITTER.pod
+++ openssl-3.6.0/doc/man7/EVP_RAND-JITTER.pod
@@ -13,8 +13,8 @@ This software seed source produces rando
 "jitter" fluctuations.
 
 It is available when OpenSSL is compiled with B<enable-jitter>
-option. When available it is listed in B<openssl list
--random-generators> and B<openssl info -seeds>.
+option or B<enable-jitter-dynamic>. When available it is listed in
+B<openssl list -random-generators> and B<openssl info -seeds>.
 
 =head2 Identity
 
@@ -46,6 +46,8 @@ A context for the seed source can be obt
 
 The B<enable-jitter> option was added in OpenSSL 3.4.
 
+The B<enable-jitter-dynamic> option was added in OpenSSL 4.0.
+
 By specifying the B<enable-fips-jitter> configuration option, the FIPS
 provider will use an internal jitter source for its entropy.  Enabling
 this option will cause the FIPS provider to operate in a non-compliant