public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/openssl] rebase_40beta: FIPS module installed state definition is modified
@ 2026-06-09 12:44 Tomas Mraz
0 siblings, 0 replies; only message in thread
From: Tomas Mraz @ 2026-06-09 12:44 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : 89a24d69fca3f59d40038cc30e9bbf74cd38a6e1
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2020-05-15T17:45:44+02:00
Stats : +14/-10 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/89a24d69fca3f59d40038cc30e9bbf74cd38a6e1?branch=rebase_40beta
Log:
FIPS module installed state definition is modified
---
diff --git a/openssl-1.1.1-fips.patch b/openssl-1.1.1-fips.patch
index 7a0580f..4fd1117 100644
--- a/openssl-1.1.1-fips.patch
+++ b/openssl-1.1.1-fips.patch
@@ -2303,7 +2303,7 @@ diff -up openssl-1.1.1e/crypto/fips/fips.c.fips openssl-1.1.1e/crypto/fips/fips.
+ rv = 0;
+
+ /* Installed == true */
-+ return !rv;
++ return !rv || FIPS_module_mode();
+}
+
+int FIPS_module_mode_set(int onoff)
@@ -9865,7 +9865,7 @@ diff -up openssl-1.1.1e/crypto/o_fips.c.fips openssl-1.1.1e/crypto/o_fips.c
diff -up openssl-1.1.1e/crypto/o_init.c.fips openssl-1.1.1e/crypto/o_init.c
--- openssl-1.1.1e/crypto/o_init.c.fips 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/o_init.c 2020-03-17 17:30:52.052566939 +0100
-@@ -7,8 +7,68 @@
+@@ -7,8 +7,69 @@
* https://www.openssl.org/source/license.html
*/
@@ -9891,16 +9891,20 @@ diff -up openssl-1.1.1e/crypto/o_init.c.fips openssl-1.1.1e/crypto/o_init.c
+ char buf[2] = "0";
+ int fd;
+
-+ /* Ensure the selftests always run */
-+ /* XXX: TO SOLVE - premature initialization due to selftests */
-+ FIPS_mode_set(1);
-+
+ if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
+ buf[0] = '1';
+ } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
+ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ;
+ close(fd);
+ }
++
++ if (buf[0] != '1' && !FIPS_module_installed())
++ return;
++
++ /* Ensure the selftests always run */
++ /* XXX: TO SOLVE - premature initialization due to selftests */
++ FIPS_mode_set(1);
++
+ /* Failure reading the fips mode switch file means just not
+ * switching into FIPS mode. We would break too many things
+ * otherwise..
@@ -9925,9 +9929,6 @@ diff -up openssl-1.1.1e/crypto/o_init.c.fips openssl-1.1.1e/crypto/o_init.c
+ if (done)
+ return;
+ done = 1;
-+ if (!FIPS_module_installed()) {
-+ return;
-+ }
+ init_fips_mode();
+}
+#endif
diff --git a/openssl.spec b/openssl.spec
index a3a2e23..e4c2cba 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -22,7 +22,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.1.1g
-Release: 1%{?dist}
+Release: 2%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -457,6 +457,9 @@ export LD_LIBRARY_PATH
%ldconfig_scriptlets libs
%changelog
+* Fri May 15 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-2
+- FIPS module installed state definition is modified
+
* Thu Apr 23 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-1
- update to the 1.1.1g release
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-09 12:44 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-09 12:44 [rpms/openssl] rebase_40beta: FIPS module installed state definition is modified Tomas Mraz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox