SHA256
1
0
forked from pool/fipscheck
Ana Guerrero 2024-07-17 13:14:26 +00:00 committed by Git OBS Bridge
commit 73ecaf3501
4 changed files with 75 additions and 1 deletions

View File

@ -0,0 +1,36 @@
From 8e8fb5a47d19bc4bb589af06623e710d755bb963 Mon Sep 17 00:00:00 2001
From: "Doug.Smith" <doug.smith@lairdconnect.com>
Date: Tue, 23 Aug 2022 15:13:02 -0400
Subject: [PATCH] BZ22308: fipscheck for openssl-3 fails
Fix openssl version check -- missing include
of version <opensslv.h> before check.
Fix loading of openssl fips provider.
Bug: 22308
---
src/filehmac.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/filehmac.c b/src/filehmac.c
index 87ad15f..f9b5310 100644
--- a/src/filehmac.c
+++ b/src/filehmac.c
@@ -41,6 +41,7 @@
#include <sys/wait.h>
#if defined(WITH_OPENSSL)
+#include <openssl/opensslv.h>
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#include <openssl/provider.h>
#include <openssl/evp.h>
@@ -215,7 +216,7 @@ compute_file_hmac(const char *path, void **buf, size_t *hmaclen, int force_fips)
size_t len;
unsigned int hlen;
- if (force_fips && fips != NULL) {
+ if (force_fips && fips == NULL) {
fips = OSSL_PROVIDER_load(NULL, "fips");
if (fips == NULL) {
debug_log("Failed to load FIPS provider\n");

View File

@ -0,0 +1,26 @@
From 05f84f7ec315f1251ffaa151e3b69df68f31c9e9 Mon Sep 17 00:00:00 2001
From: Isaac Lee <isaac.lee@alliedtelesis.co.nz>
Date: Thu, 16 Feb 2023 19:21:59 +1300
Subject: [PATCH] filehmac: fix incorrect length type
EVP_MAC_final() expects a size_t type variable for storing the number of
bytes written, but the the variable was declared as unsigned int, causing
the function to write 0 to the variable while the actual hmac computation
actually successfully completes.
---
src/filehmac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/filehmac.c b/src/filehmac.c
index f9b5310..f59f09e 100644
--- a/src/filehmac.c
+++ b/src/filehmac.c
@@ -214,7 +214,7 @@ compute_file_hmac(const char *path, void **buf, size_t *hmaclen, int force_fips)
OSSL_PARAM params[2];
unsigned char rbuf[READ_BUFFER_LENGTH];
size_t len;
- unsigned int hlen;
+ size_t hlen;
if (force_fips && fips == NULL) {
fips = OSSL_PROVIDER_load(NULL, "fips");

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Mon Jul 8 15:29:36 UTC 2024 - Martin Jambor <mjambor@suse.com>
- Backport upstream patches fipscheck-fix_check_openssl_version.patch
and fipscheck-fix_incorrect_length_type.patch to fix C99 violations
which are errors by default with GCC 14 [boo#1221714] - although the
first one looks like it possibly fixes some more substantial error.
-------------------------------------------------------------------
Wed Nov 2 14:30:29 UTC 2022 - Marcus Meissner <meissner@suse.com>

View File

@ -1,7 +1,7 @@
#
# spec file for package fipscheck
#
# Copyright (c) 2022 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -28,6 +28,8 @@ Group: Development/Libraries/C and C++
URL: https://github.com/LairdCP/fipscheck
Source0: fipscheck-%version.tar.bz2
Source1: baselibs.conf
Patch0: fipscheck-fix_check_openssl_version.patch
Patch1: fipscheck-fix_incorrect_length_type.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
@ -57,6 +59,8 @@ This package contains development files for %{name}.
%prep
%setup -q
%patch -P0 -p1
%patch -P1 -p1
%build
%configure --disable-static