rpms/openssl
7
1
Fork 1
Code Issues Pull Requests Releases Activity

Fix openssl speed running in FIPS mode

Browse Source 
Resolves: RHEL-88908
This commit is contained in:
Dmitry Belyavskiy 2025-05-14 11:33:54 +02:00
parent cad2bb93ac
commit b5cbb03855
2 changed files with 82 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
0051-Make-openssl-speed-run-in-FIPS-mode.patch Normal file
View File

@ -0,0 +1,76 @@
From e128762a1b1f047633e76022a6a8097cb88b49a6 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <beldmit@gmail.com>
Date: Fri, 9 May 2025 15:09:46 +0200
Subject: [PATCH 51/54] Make `openssl speed` run in FIPS mode
---
apps/speed.c | 44 ++++++++++++++++++++++----------------------
1 file changed, 22 insertions(+), 22 deletions(-)
diff --git a/apps/speed.c b/apps/speed.c
index 1edf9b8485..d4e707074c 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -3172,18 +3172,18 @@ int speed_main(int argc, char **argv)
(void *)key32, 16);
params[1] = OSSL_PARAM_construct_end();
- if (mac_setup("KMAC-128", &mac, params, loopargs, loopargs_len) < 1)
- goto end;
- for (testnum = 0; testnum < size_num; testnum++) {
- print_message(names[D_KMAC128], lengths[testnum], seconds.sym);
- Time_F(START);
- count = run_benchmark(async_jobs, KMAC128_loop, loopargs);
- d = Time_F(STOP);
- print_result(D_KMAC128, testnum, count, d);
- if (count < 0)
- break;
+ if (mac_setup("KMAC-128", &mac, params, loopargs, loopargs_len) == 1) {
+ for (testnum = 0; testnum < size_num; testnum++) {
+ print_message(names[D_KMAC128], lengths[testnum], seconds.sym);
+ Time_F(START);
+ count = run_benchmark(async_jobs, KMAC128_loop, loopargs);
+ d = Time_F(STOP);
+ print_result(D_KMAC128, testnum, count, d);
+ if (count < 0)
+ break;
+ }
+ mac_teardown(&mac, loopargs, loopargs_len);
}
- mac_teardown(&mac, loopargs, loopargs_len);
}
if (doit[D_KMAC256]) {
@@ -3193,18 +3193,18 @@ int speed_main(int argc, char **argv)
(void *)key32, 32);
params[1] = OSSL_PARAM_construct_end();
- if (mac_setup("KMAC-256", &mac, params, loopargs, loopargs_len) < 1)
- goto end;
- for (testnum = 0; testnum < size_num; testnum++) {
- print_message(names[D_KMAC256], lengths[testnum], seconds.sym);
- Time_F(START);
- count = run_benchmark(async_jobs, KMAC256_loop, loopargs);
- d = Time_F(STOP);
- print_result(D_KMAC256, testnum, count, d);
- if (count < 0)
- break;
+ if (mac_setup("KMAC-256", &mac, params, loopargs, loopargs_len) == 1) {
+ for (testnum = 0; testnum < size_num; testnum++) {
+ print_message(names[D_KMAC256], lengths[testnum], seconds.sym);
+ Time_F(START);
+ count = run_benchmark(async_jobs, KMAC256_loop, loopargs);
+ d = Time_F(STOP);
+ print_result(D_KMAC256, testnum, count, d);
+ if (count < 0)
+ break;
+ }
+ mac_teardown(&mac, loopargs, loopargs_len);
}
- mac_teardown(&mac, loopargs, loopargs_len);
}
for (i = 0; i < loopargs_len; i++)
--
2.49.0

7
openssl.spec
View File

@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 3.5.0 Version: 3.5.0
Release: 2%{?dist} Release: 3%{?dist}
Epoch: 1 Epoch: 1
Source0: openssl-%{version}.tar.gz Source0: openssl-%{version}.tar.gz
Source1: fips-hmacify.sh Source1: fips-hmacify.sh
@ -90,6 +90,7 @@ Patch0047: 0047-FIPS-Fix-some-tests-due-to-our-versioning-change.patch
Patch0048: 0048-Current-Rebase-status.patch Patch0048: 0048-Current-Rebase-status.patch
Patch0049: 0049-FIPS-KDF-key-lenght-errors.patch Patch0049: 0049-FIPS-KDF-key-lenght-errors.patch
Patch0050: 0050-FIPS-fix-disallowed-digests-tests.patch Patch0050: 0050-FIPS-fix-disallowed-digests-tests.patch
Patch0051: 0051-Make-openssl-speed-run-in-FIPS-mode.patch
License: Apache-2.0 License: Apache-2.0
URL: http://www.openssl.org/ URL: http://www.openssl.org/
@ -428,6 +429,10 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%changelog %changelog
* Wed May 14 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.0-3
- Fix `openssl speed` running in FIPS mode
Resolves: RHEL-88908
* Thu Apr 17 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.0-2 * Thu Apr 17 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.0-2
- Update depencency on crypto-policies - Update depencency on crypto-policies
Related: RHEL-80811 Related: RHEL-80811