SHA256
1
0
forked from pool/openssl-1_1
openssl-1_1/openssl-fips_mode.patch
Tomáš Chvátal c29de1fbdc Accepting request 766865 from home:vitezslav_cizek:branches:security:tls
Add million FIPS and s390 patches

- Temporarily ignore broken OPENSSL_INIT_NO_ATEXIT due to our
  layered FIPS initialization
  * openssl-fips-ignore_broken_atexit_test.patch

- Import FIPS patches from SLE-15
  * openssl-fips-dont_run_FIPS_module_installed.patch
  * openssl-fips_mode.patch
  * openssl-ship_fips_standalone_hmac.patch
  * openssl-fips-clearerror.patch
  * openssl-fips-selftests_in_nonfips_mode.patch

- Don't run FIPS power-up self-tests when the checksum files aren't
  installed (bsc#1042392)
  * add openssl-fips-run_selftests_only_when_module_is_complete.patch

- Import FIPS patches from Fedora (bsc#1157702, jsc#SLE-9553)
  * openssl-1.1.1-fips-crng-test.patch
  * openssl-1.1.1-fips-post-rand.patch
  * openssl-1.1.1-fips.patch
  * openssl-1.1.0-issuer-hash.patch
  * openssl-1.1.1-evp-kdf.patch
  * openssl-1.1.1-ssh-kdf.patch replaces openssl-jsc-SLE-8789-backport_KDF.patch

- Support for CPACF enhancements - part 1 (crypto) [bsc#1152695, jsc#SLE-7861]
- Add patches:
  * openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
  * openssl-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch
  * openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
  * openssl-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch
  * openssl-s390xcpuid.pl-fix-comment.patch

OBS-URL: https://build.opensuse.org/request/show/766865
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=51
2020-01-24 11:52:58 +00:00

21 lines
644 B
Diff

Index: openssl-1.1.1d/apps/openssl.c
===================================================================
--- openssl-1.1.1d.orig/apps/openssl.c 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/apps/openssl.c 2020-01-23 13:45:11.452634334 +0100
@@ -151,8 +151,15 @@ int main(int argc, char *argv[])
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
if (getenv("OPENSSL_FIPS")) {
+#ifdef OPENSSL_FIPS
+ if (!FIPS_mode_set(1)) {
+ ERR_print_errors(bio_err);
+ return 1;
+ }
+#else
BIO_printf(bio_err, "FIPS mode not supported.\n");
return 1;
+#endif
}
if (!apps_startup()) {