diff --git a/0051-Make-openssl-speed-run-in-FIPS-mode.patch b/0051-Make-openssl-speed-run-in-FIPS-mode.patch new file mode 100644 index 0000000..f3874cb --- /dev/null +++ b/0051-Make-openssl-speed-run-in-FIPS-mode.patch @@ -0,0 +1,76 @@ +From e128762a1b1f047633e76022a6a8097cb88b49a6 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Fri, 9 May 2025 15:09:46 +0200 +Subject: [PATCH 51/54] Make `openssl speed` run in FIPS mode + +--- + apps/speed.c | 44 ++++++++++++++++++++++---------------------- + 1 file changed, 22 insertions(+), 22 deletions(-) + +diff --git a/apps/speed.c b/apps/speed.c +index 1edf9b8485..d4e707074c 100644 +--- a/apps/speed.c ++++ b/apps/speed.c +@@ -3172,18 +3172,18 @@ int speed_main(int argc, char **argv) + (void *)key32, 16); + params[1] = OSSL_PARAM_construct_end(); + +- if (mac_setup("KMAC-128", &mac, params, loopargs, loopargs_len) < 1) +- goto end; +- for (testnum = 0; testnum < size_num; testnum++) { +- print_message(names[D_KMAC128], lengths[testnum], seconds.sym); +- Time_F(START); +- count = run_benchmark(async_jobs, KMAC128_loop, loopargs); +- d = Time_F(STOP); +- print_result(D_KMAC128, testnum, count, d); +- if (count < 0) +- break; ++ if (mac_setup("KMAC-128", &mac, params, loopargs, loopargs_len) == 1) { ++ for (testnum = 0; testnum < size_num; testnum++) { ++ print_message(names[D_KMAC128], lengths[testnum], seconds.sym); ++ Time_F(START); ++ count = run_benchmark(async_jobs, KMAC128_loop, loopargs); ++ d = Time_F(STOP); ++ print_result(D_KMAC128, testnum, count, d); ++ if (count < 0) ++ break; ++ } ++ mac_teardown(&mac, loopargs, loopargs_len); + } +- mac_teardown(&mac, loopargs, loopargs_len); + } + + if (doit[D_KMAC256]) { +@@ -3193,18 +3193,18 @@ int speed_main(int argc, char **argv) + (void *)key32, 32); + params[1] = OSSL_PARAM_construct_end(); + +- if (mac_setup("KMAC-256", &mac, params, loopargs, loopargs_len) < 1) +- goto end; +- for (testnum = 0; testnum < size_num; testnum++) { +- print_message(names[D_KMAC256], lengths[testnum], seconds.sym); +- Time_F(START); +- count = run_benchmark(async_jobs, KMAC256_loop, loopargs); +- d = Time_F(STOP); +- print_result(D_KMAC256, testnum, count, d); +- if (count < 0) +- break; ++ if (mac_setup("KMAC-256", &mac, params, loopargs, loopargs_len) == 1) { ++ for (testnum = 0; testnum < size_num; testnum++) { ++ print_message(names[D_KMAC256], lengths[testnum], seconds.sym); ++ Time_F(START); ++ count = run_benchmark(async_jobs, KMAC256_loop, loopargs); ++ d = Time_F(STOP); ++ print_result(D_KMAC256, testnum, count, d); ++ if (count < 0) ++ break; ++ } ++ mac_teardown(&mac, loopargs, loopargs_len); + } +- mac_teardown(&mac, loopargs, loopargs_len); + } + + for (i = 0; i < loopargs_len; i++) +-- +2.49.0 + diff --git a/openssl.spec b/openssl.spec index eb83a81..4992b31 100644 --- a/openssl.spec +++ b/openssl.spec @@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16)) Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 3.5.0 -Release: 2%{?dist} +Release: 3%{?dist} Epoch: 1 Source0: openssl-%{version}.tar.gz Source1: fips-hmacify.sh @@ -90,6 +90,7 @@ Patch0047: 0047-FIPS-Fix-some-tests-due-to-our-versioning-change.patch Patch0048: 0048-Current-Rebase-status.patch Patch0049: 0049-FIPS-KDF-key-lenght-errors.patch Patch0050: 0050-FIPS-fix-disallowed-digests-tests.patch +Patch0051: 0051-Make-openssl-speed-run-in-FIPS-mode.patch License: Apache-2.0 URL: http://www.openssl.org/ @@ -428,6 +429,10 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h %ldconfig_scriptlets libs %changelog +* Wed May 14 2025 Dmitry Belyavskiy - 1:3.5.0-3 +- Fix `openssl speed` running in FIPS mode + Resolves: RHEL-88908 + * Thu Apr 17 2025 Dmitry Belyavskiy - 1:3.5.0-2 - Update depencency on crypto-policies Related: RHEL-80811