pool/openssl
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
984610bf7f
openssl/openssl-fips-hidden.patch
Stephan Kulow 6a3418284a Accepting request 233553 from Base:System 
- Add upstream patches fixing coverity scan issues:
* 0018-fix-coverity-issues-966593-966596.patch
* 0020-Initialize-num-properly.patch
* 0022-bignum-allow-concurrent-BN_MONT_CTX_set_locked.patch
* 0023-evp-prevent-underflow-in-base64-decoding.patch
* 0024-Fixed-NULL-pointer-dereference-in-PKCS7_dataDecode-r.patch
* 0025-fix-coverity-issue-966597-error-line-is-not-always-i.patch
- Update 0001-libcrypto-Hide-library-private-symbols.patch
  to cover more private symbols, now 98% complete and probably
  not much more can be done to fix the rest of the ill-defined API.
- openssl-fips-hidden.patch new, hides private symbols added by the
  FIPS patches.
- openssl-no-egd.patch disable the EGD (entropy gathering daemon)
  interface, we have no EGD in the distro and obtaining entropy from
  a place other than /dev/*random, the hardware rng or the openSSL
  internal PRNG is an extremely bad & dangerous idea.
- use secure_getenv instead of getenv everywhere. (forwarded request 233217 from elvigia)

OBS-URL: https://build.opensuse.org/request/show/233553
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=117
2014-05-14 08:26:07 +00:00

29 lines
932 B
Diff
Raw Blame History

--- openssl-1.0.1g.orig/crypto/fips/fips_rand_lcl.h
+++ openssl-1.0.1g/crypto/fips/fips_rand_lcl.h
@@ -51,6 +51,8 @@
* ====================================================================
*/
+#pragma GCC visibility push(hidden)
+
typedef struct drbg_hash_ctx_st DRBG_HASH_CTX;
typedef struct drbg_hmac_ctx_st DRBG_HMAC_CTX;
typedef struct drbg_ctr_ctx_st DRBG_CTR_CTX;
@@ -217,3 +219,5 @@ const struct evp_cipher_st *FIPS_get_cip
#define FIPS_digestupdate EVP_DigestUpdate
#define FIPS_digestfinal EVP_DigestFinal
#define M_EVP_MD_size EVP_MD_size
+
+#pragma GCC visibility pop
--- openssl-1.0.1g.orig/crypto/fips/fips_rsa_x931g.c
+++ openssl-1.0.1g/crypto/fips/fips_rsa_x931g.c
@@ -65,7 +65,7 @@
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
-extern int fips_check_rsa(RSA *rsa);
+extern int fips_check_rsa(RSA *rsa) __attribute__ ((visibility ("hidden")));
#endif
/* X9.31 RSA key derivation and generation */
Reference in New Issue View Git Blame Copy Permalink