diff --git a/fipscheck-fix_check_openssl_version.patch b/fipscheck-fix_check_openssl_version.patch new file mode 100644 index 0000000..428a5cc --- /dev/null +++ b/fipscheck-fix_check_openssl_version.patch @@ -0,0 +1,36 @@ +From 8e8fb5a47d19bc4bb589af06623e710d755bb963 Mon Sep 17 00:00:00 2001 +From: "Doug.Smith" +Date: Tue, 23 Aug 2022 15:13:02 -0400 +Subject: [PATCH] BZ22308: fipscheck for openssl-3 fails + +Fix openssl version check -- missing include +of version before check. + +Fix loading of openssl fips provider. + +Bug: 22308 +--- + src/filehmac.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/filehmac.c b/src/filehmac.c +index 87ad15f..f9b5310 100644 +--- a/src/filehmac.c ++++ b/src/filehmac.c +@@ -41,6 +41,7 @@ + #include + + #if defined(WITH_OPENSSL) ++#include + #if OPENSSL_VERSION_NUMBER >= 0x30000000L + #include + #include +@@ -215,7 +216,7 @@ compute_file_hmac(const char *path, void **buf, size_t *hmaclen, int force_fips) + size_t len; + unsigned int hlen; + +- if (force_fips && fips != NULL) { ++ if (force_fips && fips == NULL) { + fips = OSSL_PROVIDER_load(NULL, "fips"); + if (fips == NULL) { + debug_log("Failed to load FIPS provider\n"); diff --git a/fipscheck-fix_incorrect_length_type.patch b/fipscheck-fix_incorrect_length_type.patch new file mode 100644 index 0000000..8c99a2d --- /dev/null +++ b/fipscheck-fix_incorrect_length_type.patch @@ -0,0 +1,26 @@ +From 05f84f7ec315f1251ffaa151e3b69df68f31c9e9 Mon Sep 17 00:00:00 2001 +From: Isaac Lee +Date: Thu, 16 Feb 2023 19:21:59 +1300 +Subject: [PATCH] filehmac: fix incorrect length type + +EVP_MAC_final() expects a size_t type variable for storing the number of +bytes written, but the the variable was declared as unsigned int, causing +the function to write 0 to the variable while the actual hmac computation +actually successfully completes. +--- + src/filehmac.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/filehmac.c b/src/filehmac.c +index f9b5310..f59f09e 100644 +--- a/src/filehmac.c ++++ b/src/filehmac.c +@@ -214,7 +214,7 @@ compute_file_hmac(const char *path, void **buf, size_t *hmaclen, int force_fips) + OSSL_PARAM params[2]; + unsigned char rbuf[READ_BUFFER_LENGTH]; + size_t len; +- unsigned int hlen; ++ size_t hlen; + + if (force_fips && fips == NULL) { + fips = OSSL_PROVIDER_load(NULL, "fips"); diff --git a/fipscheck.changes b/fipscheck.changes index dc9ebb1..366cbc7 100644 --- a/fipscheck.changes +++ b/fipscheck.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Jul 8 15:29:36 UTC 2024 - Martin Jambor + +- Backport upstream patches fipscheck-fix_check_openssl_version.patch + and fipscheck-fix_incorrect_length_type.patch to fix C99 violations + which are errors by default with GCC 14 [boo#1221714] - although the + first one looks like it possibly fixes some more substantial error. + ------------------------------------------------------------------- Wed Nov 2 14:30:29 UTC 2022 - Marcus Meissner diff --git a/fipscheck.spec b/fipscheck.spec index 26791bc..50061d7 100644 --- a/fipscheck.spec +++ b/fipscheck.spec @@ -1,7 +1,7 @@ # # spec file for package fipscheck # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -28,6 +28,8 @@ Group: Development/Libraries/C and C++ URL: https://github.com/LairdCP/fipscheck Source0: fipscheck-%version.tar.bz2 Source1: baselibs.conf +Patch0: fipscheck-fix_check_openssl_version.patch +Patch1: fipscheck-fix_incorrect_length_type.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -57,6 +59,8 @@ This package contains development files for %{name}. %prep %setup -q +%patch -P0 -p1 +%patch -P1 -p1 %build %configure --disable-static