rpms/openssl
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
9409bc7044
openssl/0032-Force-fips.patch
Sahana Prasad 9409bc7044 Rebase to upstream release 3.1.1 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
2023-07-28 15:26:00 +02:00

38 lines
1.4 KiB
Diff
Raw Blame History

diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provider_conf.c
--- openssl-3.0.1/crypto/provider_conf.c.fipsact 2022-05-12 12:44:31.199034948 +0200
+++ openssl-3.0.1/crypto/provider_conf.c 2022-05-12 12:49:17.468318373 +0200
@@ -10,6 +10,7 @@
#include <string.h>
#include <openssl/trace.h>
#include <openssl/err.h>
+#include <openssl/evp.h>
#include <openssl/conf.h>
#include <openssl/safestack.h>
#include <openssl/provider.h>
@@ -216,7 +176,7 @@ static int provider_conf_load(OSSL_LIB_C
if (path != NULL)
ossl_provider_set_module_path(prov, path);
- ok = provider_conf_params(prov, NULL, NULL, value, cnf);
+ ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1;
if (ok) {
if (!ossl_provider_activate(prov, 1, 0)) {
@@ -306,6 +317,16 @@ static int provider_conf_init(CONF_IMODU
return 0;
}
+ if (ossl_get_kernel_fips_flag() != 0) { /* XXX from provider_conf_load */
+ OSSL_LIB_CTX *libctx = NCONF_get0_libctx((CONF *)cnf);
+ if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1)
+ return 0;
+ if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1)
+ return 0;
+ if (EVP_default_properties_enable_fips(libctx, 1) != 1)
+ return 0;
+ }
+
return 1;
}
Reference in New Issue View Git Blame Copy Permalink