openssl speed should run in FIPS mode
Related: rhbz#1977318
This commit is contained in:
parent
13dc3794cb
commit
225b6d37b9
26
0035-speed-skip-unavailable-dgst.patch
Normal file
26
0035-speed-skip-unavailable-dgst.patch
Normal file
@ -0,0 +1,26 @@
|
||||
diff -up openssl-3.0.0/apps/speed.c.beldmit openssl-3.0.0/apps/speed.c
|
||||
--- openssl-3.0.0/apps/speed.c.beldmit 2021-12-21 15:14:04.210431584 +0100
|
||||
+++ openssl-3.0.0/apps/speed.c 2021-12-21 15:46:05.554085125 +0100
|
||||
@@ -547,6 +547,9 @@ static int EVP_MAC_loop(int algindex, vo
|
||||
for (count = 0; COND(c[algindex][testnum]); count++) {
|
||||
size_t outl;
|
||||
|
||||
+ if (mctx == NULL)
|
||||
+ return -1;
|
||||
+
|
||||
if (!EVP_MAC_init(mctx, NULL, 0, NULL)
|
||||
|| !EVP_MAC_update(mctx, buf, lengths[testnum])
|
||||
|| !EVP_MAC_final(mctx, mac, &outl, sizeof(mac)))
|
||||
@@ -1922,8 +1925,10 @@ int speed_main(int argc, char **argv)
|
||||
if (loopargs[i].mctx == NULL)
|
||||
goto end;
|
||||
|
||||
- if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params))
|
||||
- goto end;
|
||||
+ if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params)) {
|
||||
+ EVP_MAC_CTX_free(loopargs[i].mctx);
|
||||
+ loopargs[i].mctx = NULL;
|
||||
+ }
|
||||
}
|
||||
for (testnum = 0; testnum < size_num; testnum++) {
|
||||
print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum],
|
@ -15,7 +15,7 @@
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 3.0.0
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
@ -65,6 +65,8 @@ Patch32: 0032-Force-fips.patch
|
||||
Patch33: 0033-FIPS-embed-hmac.patch
|
||||
# Comment out fipsinstall command-line utility
|
||||
Patch34: 0034.fipsinstall_disable.patch
|
||||
# Skip unavailable algorithms running `openssl speed`
|
||||
Patch35: 0035-speed-skip-unavailable-dgst.patch
|
||||
# Tmp: coverity
|
||||
Patch100: 0100-coverity.patch
|
||||
|
||||
@ -398,6 +400,10 @@ install -m644 %{SOURCE9} \
|
||||
%ldconfig_scriptlets libs
|
||||
|
||||
%changelog
|
||||
* Tue Dec 21 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-6
|
||||
- openssl speed should run in FIPS mode
|
||||
- Related: rhbz#1977318
|
||||
|
||||
* Wed Nov 24 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-5
|
||||
- rebuilt for spec cleanup
|
||||
- Related: rhbz#1985362
|
||||
|
Loading…
Reference in New Issue
Block a user