[rpms/openssl] rebase_40beta: Revert "FIPS module installed state definition is modified"

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

* [rpms/openssl] rebase_40beta: Revert "FIPS module installed state definition is modified"
@ 2026-06-09 12:44 Adam Williamson
  0 siblings, 0 replies; only message in thread
From: Adam Williamson @ 2026-06-09 12:44 UTC (permalink / raw)
  To: git-commits

            A new commit has been pushed.

            Repo   : rpms/openssl
            Branch : rebase_40beta
            Commit : 1bc9545b387216d41afda4a9080b39c1bbb8a207
            Author : Adam Williamson <awilliam@redhat.com>
            Date   : 2020-05-19T18:33:30-07:00
            Stats  : +9/-10 in 1 file(s)
            URL    : https://src.fedoraproject.org/rpms/openssl/c/1bc9545b387216d41afda4a9080b39c1bbb8a207?branch=rebase_40beta

            Log:
            Revert "FIPS module installed state definition is modified"

This reverts commit 89a24d69fca3f59d40038cc30e9bbf74cd38a6e1.

---
diff --git a/openssl-1.1.1-fips.patch b/openssl-1.1.1-fips.patch
index 4fd1117..7a0580f 100644
--- a/openssl-1.1.1-fips.patch
+++ b/openssl-1.1.1-fips.patch
@@ -2303,7 +2303,7 @@ diff -up openssl-1.1.1e/crypto/fips/fips.c.fips openssl-1.1.1e/crypto/fips/fips.
 +        rv = 0;
 +
 +    /* Installed == true */
-+    return !rv || FIPS_module_mode();
++    return !rv;
 +}
 +
 +int FIPS_module_mode_set(int onoff)
@@ -9865,7 +9865,7 @@ diff -up openssl-1.1.1e/crypto/o_fips.c.fips openssl-1.1.1e/crypto/o_fips.c
 diff -up openssl-1.1.1e/crypto/o_init.c.fips openssl-1.1.1e/crypto/o_init.c
 --- openssl-1.1.1e/crypto/o_init.c.fips	2020-03-17 15:31:17.000000000 +0100
 +++ openssl-1.1.1e/crypto/o_init.c	2020-03-17 17:30:52.052566939 +0100
-@@ -7,8 +7,69 @@
+@@ -7,8 +7,68 @@
   * https://www.openssl.org/source/license.html
   */
  
@@ -9891,20 +9891,16 @@ diff -up openssl-1.1.1e/crypto/o_init.c.fips openssl-1.1.1e/crypto/o_init.c
 +    char buf[2] = "0";
 +    int fd;
 +
++    /* Ensure the selftests always run */
++    /* XXX: TO SOLVE - premature initialization due to selftests */
++    FIPS_mode_set(1);
++
 +    if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
 +        buf[0] = '1';
 +    } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
 +        while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ;
 +        close(fd);
 +    }
-+
-+    if (buf[0] != '1' && !FIPS_module_installed())
-+        return;
-+
-+    /* Ensure the selftests always run */
-+    /* XXX: TO SOLVE - premature initialization due to selftests */
-+    FIPS_mode_set(1);
-+
 +    /* Failure reading the fips mode switch file means just not
 +     * switching into FIPS mode. We would break too many things
 +     * otherwise..
@@ -9929,6 +9925,9 @@ diff -up openssl-1.1.1e/crypto/o_init.c.fips openssl-1.1.1e/crypto/o_init.c
 +    if (done)
 +        return;
 +    done = 1;
++    if (!FIPS_module_installed()) {
++        return;
++    }
 +    init_fips_mode();
 +}
 +#endif

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-09 12:44 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-09 12:44 [rpms/openssl] rebase_40beta: Revert "FIPS module installed state definition is modified" Adam Williamson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox