Pedro Monreal Gonzalez
8c598ed63d
* Add openssl-3-disable-hmac-hw-acceleration-with-engine-digest.patch
* Add openssl-3-fix-hmac-digest-detection-s390x.patch
* Add openssl-3-fix-memleak-s390x_HMAC_CTX_copy.patch
- Add hardware acceleration for full AES-XTS jsc#PED-10273
* Add openssl-3-hw-acceleration-aes-xts-s390x.patch
- Support MSA 12 SHA3 on s390x jsc#PED-10280
* Add openssl-3-add_EVP_DigestSqueeze_api.patch
* Add openssl-3-support-multiple-sha3_squeeze_s390x.patch
* Add openssl-3-add-xof-state-handling-s3_absorb.patch
* Add openssl-3-fix-state-handling-sha3_absorb_s390x.patch
* Add openssl-3-fix-state-handling-sha3_final_s390x.patch
* Add openssl-3-fix-state-handling-shake_final_s390x.patch
* Add openssl-3-fix-state-handling-keccak_final_s390x.patch
* Add openssl-3-support-EVP_DigestSqueeze-in-digest-prov-s390x.patch
* Add openssl-3-add-defines-CPACF-funcs.patch
* Add openssl-3-add-hw-acceleration-hmac.patch
* Add openssl-3-support-CPACF-sha3-shake-perf-improvement.patch
* Add openssl-3-fix-s390x_sha3_absorb.patch
* Add openssl-3-fix-s390x_shake_squeeze.patch
- Update to 3.2.3:
* Changes between 3.2.2 and 3.2.3:
- Fixed possible denial of service in X.509 name checks. [CVE-2024-6119]
- Fixed possible buffer overread in SSL_select_next_proto(). [CVE-2024-5535]
* Changes between 3.2.1 and 3.2.2:
- Fixed potential use after free after SSL_free_buffers() is called. [CVE-2024-4741]
- Fixed an issue where checking excessively long DSA keys or parameters may
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=121
84 lines
2.3 KiB
Diff
84 lines
2.3 KiB
Diff
From 8e29a10b39a649d751870eb1fd1b8c388e66acc3 Mon Sep 17 00:00:00 2001
|
|
From: rpm-build <rpm-build>
|
|
Date: Mon, 31 Jul 2023 09:41:27 +0200
|
|
Subject: [PATCH 08/35] 0008-Add-FIPS_mode-compatibility-macro.patch
|
|
|
|
Patch-name: 0008-Add-FIPS_mode-compatibility-macro.patch
|
|
Patch-id: 8
|
|
Patch-status: |
|
|
# Add FIPS_mode() compatibility macro
|
|
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
|
|
---
|
|
include/openssl/fips.h | 26 ++++++++++++++++++++++++++
|
|
test/property_test.c | 14 ++++++++++++++
|
|
2 files changed, 40 insertions(+)
|
|
create mode 100644 include/openssl/fips.h
|
|
|
|
diff --git a/include/openssl/fips.h b/include/openssl/fips.h
|
|
new file mode 100644
|
|
index 0000000000..4162cbf88e
|
|
--- /dev/null
|
|
+++ b/include/openssl/fips.h
|
|
@@ -0,0 +1,26 @@
|
|
+/*
|
|
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
|
|
+ *
|
|
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
+ * this file except in compliance with the License. You can obtain a copy
|
|
+ * in the file LICENSE in the source distribution or at
|
|
+ * https://www.openssl.org/source/license.html
|
|
+ */
|
|
+
|
|
+#ifndef OPENSSL_FIPS_H
|
|
+# define OPENSSL_FIPS_H
|
|
+# pragma once
|
|
+
|
|
+# include <openssl/evp.h>
|
|
+# include <openssl/macros.h>
|
|
+
|
|
+# ifdef __cplusplus
|
|
+extern "C" {
|
|
+# endif
|
|
+
|
|
+# define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL)
|
|
+
|
|
+# ifdef __cplusplus
|
|
+}
|
|
+# endif
|
|
+#endif
|
|
diff --git a/test/property_test.c b/test/property_test.c
|
|
index 45b1db3e85..8894c1c1cb 100644
|
|
--- a/test/property_test.c
|
|
+++ b/test/property_test.c
|
|
@@ -677,6 +677,19 @@ static int test_property_list_to_string(int i)
|
|
return ret;
|
|
}
|
|
|
|
+#include <openssl/fips.h>
|
|
+static int test_downstream_FIPS_mode(void)
|
|
+{
|
|
+ int ret = 0;
|
|
+
|
|
+ ret = TEST_true(EVP_set_default_properties(NULL, "fips=yes"))
|
|
+ && TEST_true(FIPS_mode())
|
|
+ && TEST_true(EVP_set_default_properties(NULL, "fips=no"))
|
|
+ && TEST_false(FIPS_mode());
|
|
+
|
|
+ return ret;
|
|
+}
|
|
+
|
|
int setup_tests(void)
|
|
{
|
|
ADD_TEST(test_property_string);
|
|
@@ -690,6 +703,7 @@ int setup_tests(void)
|
|
ADD_TEST(test_property);
|
|
ADD_TEST(test_query_cache_stochastic);
|
|
ADD_TEST(test_fips_mode);
|
|
+ ADD_TEST(test_downstream_FIPS_mode);
|
|
ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests));
|
|
return 1;
|
|
}
|
|
--
|
|
2.41.0
|
|
|