allow deinitialization of the FIPS mode

2013-08-29 16:41:24 +02:00 · 2013-08-29 16:41:24 +02:00 · b5d2711ab6
commit b5d2711ab6
parent 1465572e17
2 changed files with 5 additions and 2 deletions
--- a/openssl-1.0.1e-fips.patch
+++ b/openssl-1.0.1e-fips.patch
@ -19326,7 +19326,7 @@ diff -up openssl-1.0.1e/crypto/o_fips.c.fips openssl-1.0.1e/crypto/o_fips.c
 #ifndef FIPS_AUTH_USER_PASS
 #define FIPS_AUTH_USER_PASS	"Default FIPS Crypto User Password"
 #endif
-+	if (FIPS_module_mode()) /* can be implicitly initialized by OPENSSL_init() */
+	if (r && FIPS_module_mode()) /* can be implicitly initialized by OPENSSL_init() */
 +		return 1;
 	if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS))
 		return 0;
--- a/openssl.spec
+++ b/openssl.spec
@ -21,7 +21,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.1e
-Release: 17%{?dist}
+Release: 18%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@ -468,6 +468,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 prelink -u %{_libdir}/libcrypto.so.%{version} %{_libdir}/libssl.so.%{version} 2>/dev/null || :

 %changelog
+* Thu Aug 29 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-18
+- allow deinitialization of the FIPS mode
+
 * Thu Aug 29 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-17
 - always perform the FIPS selftests in library constructor
  if FIPS module is installed