rpms/openssl
7
1
Fork 1
Code Issues Pull Requests Releases Activity

Fix openssl speed running in FIPS mode

Browse Source 
Resolves: RHEL-89860
This commit is contained in:
Dmitry Belyavskiy 2025-05-14 11:33:54 +02:00
parent 3717faa9f1
commit 6af659130e
2 changed files with 80 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
0051-Make-openssl-speed-run-in-FIPS-mode.patch Normal file
View File

@ -0,0 +1,76 @@
From e128762a1b1f047633e76022a6a8097cb88b49a6 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <beldmit@gmail.com>
Date: Fri, 9 May 2025 15:09:46 +0200
Subject: [PATCH 51/54] Make `openssl speed` run in FIPS mode
---
apps/speed.c | 44 ++++++++++++++++++++++----------------------
1 file changed, 22 insertions(+), 22 deletions(-)
diff --git a/apps/speed.c b/apps/speed.c
index 1edf9b8485..d4e707074c 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -3172,18 +3172,18 @@ int speed_main(int argc, char **argv)
(void *)key32, 16);
params[1] = OSSL_PARAM_construct_end();
- if (mac_setup("KMAC-128", &mac, params, loopargs, loopargs_len) < 1)
- goto end;
- for (testnum = 0; testnum < size_num; testnum++) {
- print_message(names[D_KMAC128], lengths[testnum], seconds.sym);
- Time_F(START);
- count = run_benchmark(async_jobs, KMAC128_loop, loopargs);
- d = Time_F(STOP);
- print_result(D_KMAC128, testnum, count, d);
- if (count < 0)
- break;
+ if (mac_setup("KMAC-128", &mac, params, loopargs, loopargs_len) == 1) {
+ for (testnum = 0; testnum < size_num; testnum++) {
+ print_message(names[D_KMAC128], lengths[testnum], seconds.sym);
+ Time_F(START);
+ count = run_benchmark(async_jobs, KMAC128_loop, loopargs);
+ d = Time_F(STOP);
+ print_result(D_KMAC128, testnum, count, d);
+ if (count < 0)
+ break;
+ }
+ mac_teardown(&mac, loopargs, loopargs_len);
}
- mac_teardown(&mac, loopargs, loopargs_len);
}
if (doit[D_KMAC256]) {
@@ -3193,18 +3193,18 @@ int speed_main(int argc, char **argv)
(void *)key32, 32);
params[1] = OSSL_PARAM_construct_end();
- if (mac_setup("KMAC-256", &mac, params, loopargs, loopargs_len) < 1)
- goto end;
- for (testnum = 0; testnum < size_num; testnum++) {
- print_message(names[D_KMAC256], lengths[testnum], seconds.sym);
- Time_F(START);
- count = run_benchmark(async_jobs, KMAC256_loop, loopargs);
- d = Time_F(STOP);
- print_result(D_KMAC256, testnum, count, d);
- if (count < 0)
- break;
+ if (mac_setup("KMAC-256", &mac, params, loopargs, loopargs_len) == 1) {
+ for (testnum = 0; testnum < size_num; testnum++) {
+ print_message(names[D_KMAC256], lengths[testnum], seconds.sym);
+ Time_F(START);
+ count = run_benchmark(async_jobs, KMAC256_loop, loopargs);
+ d = Time_F(STOP);
+ print_result(D_KMAC256, testnum, count, d);
+ if (count < 0)
+ break;
+ }
+ mac_teardown(&mac, loopargs, loopargs_len);
}
- mac_teardown(&mac, loopargs, loopargs_len);
}
for (i = 0; i < loopargs_len; i++)
--
2.49.0

4
openssl.spec
View File

@ -89,6 +89,8 @@ Patch0047: 0047-FIPS-Fix-some-tests-due-to-our-versioning-change.patch
Patch0048: 0048-Current-Rebase-status.patch
Patch0049: 0049-FIPS-KDF-key-lenght-errors.patch
Patch0050: 0050-FIPS-fix-disallowed-digests-tests.patch
Patch0051: 0051-Make-openssl-speed-run-in-FIPS-mode.patch
#The patches that are different for RHEL9 and 10 start here
Patch0100: 0100-RHEL9-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
Patch0101: 0101-FIPS-enable-pkcs12-mac.patch
@ -429,6 +431,8 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
Resolves: RHEL-88910
- PKCS#12 should not default to pbmac1 in FIPS mode in RHEL-9
Resolves: RHEL-88912
- Fix `openssl speed` running in FIPS mode
Resolves: RHEL-89860
* Wed Apr 16 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.0-1
- Rebasing OpenSSL to 3.5