[rpms/openssl] rebase_40beta: Drop long ago obsolete part of the FIPS patch

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

* [rpms/openssl] rebase_40beta: Drop long ago obsolete part of the FIPS patch
@ 2026-06-09 12:44 Tomas Mraz
  0 siblings, 0 replies; only message in thread
From: Tomas Mraz @ 2026-06-09 12:44 UTC (permalink / raw)
  To: git-commits

A new commit has been pushed.

Repo   : rpms/openssl
Branch : rebase_40beta
Commit : 7f27ca925c8caab718975a07b5dc6616ce10556f
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date   : 2020-06-23T15:55:16+02:00
Stats  : +4/-123 in 2 file(s)
URL    : https://src.fedoraproject.org/rpms/openssl/c/7f27ca925c8caab718975a07b5dc6616ce10556f?branch=rebase_40beta

Log:
Drop long ago obsolete part of the FIPS patch

---
diff --git a/openssl-1.1.1-fips.patch b/openssl-1.1.1-fips.patch
index 4fd1117..ad295a4 100644
--- a/openssl-1.1.1-fips.patch
+++ b/openssl-1.1.1-fips.patch
@@ -879,128 +879,6 @@ diff -up openssl-1.1.1e/crypto/ec/ec_pmeth.c.fips openssl-1.1.1e/crypto/ec/ec_pm
      pkey_ec_init,
      pkey_ec_copy,
      pkey_ec_cleanup,
-diff -up openssl-1.1.1e/crypto/evp/c_allc.c.fips openssl-1.1.1e/crypto/evp/c_allc.c
---- openssl-1.1.1e/crypto/evp/c_allc.c.fips	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/evp/c_allc.c	2020-03-17 17:30:52.027567375 +0100
-@@ -17,6 +17,9 @@
- void openssl_add_all_ciphers_int(void)
- {
- 
-+#ifdef OPENSSL_FIPS
-+    if (!FIPS_mode()) {
-+#endif
- #ifndef OPENSSL_NO_DES
-     EVP_add_cipher(EVP_des_cfb());
-     EVP_add_cipher(EVP_des_cfb1());
-@@ -263,4 +266,70 @@ void openssl_add_all_ciphers_int(void)
-     EVP_add_cipher(EVP_chacha20_poly1305());
- # endif
- #endif
-+#ifdef OPENSSL_FIPS
-+    } else {
-+# ifndef OPENSSL_NO_DES
-+        EVP_add_cipher(EVP_des_ede3_cfb());
-+
-+        EVP_add_cipher(EVP_des_ede3_ofb());
-+
-+        EVP_add_cipher(EVP_des_ede3_cbc());
-+        EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3");
-+        EVP_add_cipher_alias(SN_des_ede3_cbc, "des3");
-+
-+        EVP_add_cipher(EVP_des_ede3());
-+        EVP_add_cipher_alias(SN_des_ede3_ecb, "DES-EDE3-ECB");
-+        EVP_add_cipher_alias(SN_des_ede3_ecb, "des-ede3-ecb");
-+        EVP_add_cipher(EVP_des_ede3_wrap());
-+        EVP_add_cipher_alias(SN_id_smime_alg_CMS3DESwrap, "des3-wrap");
-+# endif
-+
-+# ifndef OPENSSL_NO_AES
-+        EVP_add_cipher(EVP_aes_128_ecb());
-+        EVP_add_cipher(EVP_aes_128_cbc());
-+        EVP_add_cipher(EVP_aes_128_cfb());
-+        EVP_add_cipher(EVP_aes_128_cfb1());
-+        EVP_add_cipher(EVP_aes_128_cfb8());
-+        EVP_add_cipher(EVP_aes_128_ofb());
-+        EVP_add_cipher(EVP_aes_128_ctr());
-+        EVP_add_cipher(EVP_aes_128_gcm());
-+        EVP_add_cipher(EVP_aes_128_xts());
-+        EVP_add_cipher(EVP_aes_128_ccm());
-+        EVP_add_cipher(EVP_aes_128_wrap());
-+        EVP_add_cipher_alias(SN_id_aes128_wrap, "aes128-wrap");
-+        EVP_add_cipher(EVP_aes_128_wrap_pad());
-+        EVP_add_cipher_alias(SN_aes_128_cbc, "AES128");
-+        EVP_add_cipher_alias(SN_aes_128_cbc, "aes128");
-+        EVP_add_cipher(EVP_aes_192_ecb());
-+        EVP_add_cipher(EVP_aes_192_cbc());
-+        EVP_add_cipher(EVP_aes_192_cfb());
-+        EVP_add_cipher(EVP_aes_192_cfb1());
-+        EVP_add_cipher(EVP_aes_192_cfb8());
-+        EVP_add_cipher(EVP_aes_192_ofb());
-+        EVP_add_cipher(EVP_aes_192_ctr());
-+        EVP_add_cipher(EVP_aes_192_gcm());
-+        EVP_add_cipher(EVP_aes_192_ccm());
-+        EVP_add_cipher(EVP_aes_192_wrap());
-+        EVP_add_cipher_alias(SN_id_aes192_wrap, "aes192-wrap");
-+        EVP_add_cipher(EVP_aes_192_wrap_pad());
-+        EVP_add_cipher_alias(SN_aes_192_cbc, "AES192");
-+        EVP_add_cipher_alias(SN_aes_192_cbc, "aes192");
-+        EVP_add_cipher(EVP_aes_256_ecb());
-+        EVP_add_cipher(EVP_aes_256_cbc());
-+        EVP_add_cipher(EVP_aes_256_cfb());
-+        EVP_add_cipher(EVP_aes_256_cfb1());
-+        EVP_add_cipher(EVP_aes_256_cfb8());
-+        EVP_add_cipher(EVP_aes_256_ofb());
-+        EVP_add_cipher(EVP_aes_256_ctr());
-+        EVP_add_cipher(EVP_aes_256_gcm());
-+        EVP_add_cipher(EVP_aes_256_xts());
-+        EVP_add_cipher(EVP_aes_256_ccm());
-+        EVP_add_cipher(EVP_aes_256_wrap());
-+        EVP_add_cipher_alias(SN_id_aes256_wrap, "aes256-wrap");
-+        EVP_add_cipher(EVP_aes_256_wrap_pad());
-+        EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
-+        EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
-+# endif
-+    }
-+#endif
- }
-diff -up openssl-1.1.1e/crypto/evp/c_alld.c.fips openssl-1.1.1e/crypto/evp/c_alld.c
---- openssl-1.1.1e/crypto/evp/c_alld.c.fips	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/evp/c_alld.c	2020-03-17 17:30:52.027567375 +0100
-@@ -16,6 +16,9 @@
- 
- void openssl_add_all_digests_int(void)
- {
-+#ifdef OPENSSL_FIPS
-+    if (!FIPS_mode()) {
-+#endif
- #ifndef OPENSSL_NO_MD4
-     EVP_add_digest(EVP_md4());
- #endif
-@@ -57,4 +60,24 @@ void openssl_add_all_digests_int(void)
-     EVP_add_digest(EVP_sha3_512());
-     EVP_add_digest(EVP_shake128());
-     EVP_add_digest(EVP_shake256());
-+#ifdef OPENSSL_FIPS
-+    } else {
-+        EVP_add_digest(EVP_md5_sha1());
-+        EVP_add_digest(EVP_sha1());
-+        EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
-+        EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
-+        EVP_add_digest(EVP_sha224());
-+        EVP_add_digest(EVP_sha256());
-+        EVP_add_digest(EVP_sha384());
-+        EVP_add_digest(EVP_sha512());
-+        EVP_add_digest(EVP_sha512_224());
-+        EVP_add_digest(EVP_sha512_256());
-+        EVP_add_digest(EVP_sha3_224());
-+        EVP_add_digest(EVP_sha3_256());
-+        EVP_add_digest(EVP_sha3_384());
-+        EVP_add_digest(EVP_sha3_512());
-+        EVP_add_digest(EVP_shake128());
-+        EVP_add_digest(EVP_shake256());
-+    }
-+#endif
- }
 diff -up openssl-1.1.1e/crypto/evp/digest.c.fips openssl-1.1.1e/crypto/evp/digest.c
 --- openssl-1.1.1e/crypto/evp/digest.c.fips	2020-03-17 15:31:17.000000000 +0100
 +++ openssl-1.1.1e/crypto/evp/digest.c	2020-03-17 17:38:57.528093469 +0100

diff --git a/openssl.spec b/openssl.spec
index 9ad568b..87baa02 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -22,7 +22,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.1.1g
-Release: 10%{?dist}
+Release: 11%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -475,6 +475,9 @@ export LD_LIBRARY_PATH
 %ldconfig_scriptlets libs
 
 %changelog
+* Mon Jun 22 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-11
+- Drop long ago obsolete part of the FIPS patch
+
 * Mon Jun 22 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-10
 - Rewire FIPS_drbg API to use the RAND_DRBG
 

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-09 12:44 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-09 12:44 [rpms/openssl] rebase_40beta: Drop long ago obsolete part of the FIPS patch Tomas Mraz

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox