56 lines
1.8 KiB
Diff
56 lines
1.8 KiB
Diff
From 8c6dffe2347fc801a2b285d79dd99b8739414bc3 Mon Sep 17 00:00:00 2001
|
|
From: rpm-build <rpm-build>
|
|
Date: Mon, 31 Jul 2023 09:41:28 +0200
|
|
Subject: [PATCH 16/35] 0032-Force-fips.patch
|
|
|
|
Patch-name: 0032-Force-fips.patch
|
|
Patch-id: 32
|
|
Patch-status: |
|
|
# We load FIPS provider and set FIPS properties implicitly
|
|
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
|
|
---
|
|
crypto/provider_conf.c | 13 ++++++++++++-
|
|
1 file changed, 12 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c
|
|
index 058fb58837..ad0b29c954 100644
|
|
--- a/crypto/provider_conf.c
|
|
+++ b/crypto/provider_conf.c
|
|
@@ -10,6 +10,7 @@
|
|
#include <string.h>
|
|
#include <openssl/trace.h>
|
|
#include <openssl/err.h>
|
|
+#include <openssl/evp.h>
|
|
#include <openssl/conf.h>
|
|
#include <openssl/safestack.h>
|
|
#include <openssl/provider.h>
|
|
@@ -169,7 +170,7 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name,
|
|
if (path != NULL)
|
|
ossl_provider_set_module_path(prov, path);
|
|
|
|
- ok = provider_conf_params(prov, NULL, NULL, value, cnf);
|
|
+ ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1;
|
|
|
|
if (ok) {
|
|
if (!ossl_provider_activate(prov, 1, 0)) {
|
|
@@ -309,6 +310,16 @@ static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf)
|
|
return 0;
|
|
}
|
|
|
|
+ if (ossl_get_kernel_fips_flag() != 0) { /* XXX from provider_conf_load */
|
|
+ OSSL_LIB_CTX *libctx = NCONF_get0_libctx((CONF *)cnf);
|
|
+ if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1)
|
|
+ return 0;
|
|
+ if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1)
|
|
+ return 0;
|
|
+ if (EVP_default_properties_enable_fips(libctx, 1) != 1)
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
return 1;
|
|
}
|
|
|
|
--
|
|
2.41.0
|
|
|