Use EVP_default_properties_is_fips_enabled() on OpenSSL 3.0
Related: rhbz#2083879 Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
This commit is contained in:
parent
34be907513
commit
d505ec4ba3
32
0005-dhparams-Fix-the-FIPS_mode-call-for-OpenSSL-3.0.patch
Normal file
32
0005-dhparams-Fix-the-FIPS_mode-call-for-OpenSSL-3.0.patch
Normal file
@ -0,0 +1,32 @@
|
||||
From e65a507c487a37dd5a8c90b7dbd1ff3274146239 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Chopin <simon.chopin@canonical.com>
|
||||
Date: Mon, 13 Dec 2021 15:20:55 +0100
|
||||
Subject: [PATCH 5/5] dhparams: Fix the FIPS_mode() call for OpenSSL 3.0
|
||||
|
||||
This function has been removed from OpenSSL 3.0, replaced by
|
||||
EVP_default_properties_is_fips_enabled().
|
||||
|
||||
Closes #50
|
||||
---
|
||||
src/dhparams.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/src/dhparams.c b/src/dhparams.c
|
||||
index 5c50128970d48790df910b9f9531e61e1d4c5758..61fd57aeedca47fba49f75d356cd5f42b9586696 100644
|
||||
--- a/src/dhparams.c
|
||||
+++ b/src/dhparams.c
|
||||
@@ -231,7 +231,11 @@ is_valid_named_group (const char *group_name)
|
||||
}
|
||||
|
||||
/* Check non-FIPS groups */
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
if (!FIPS_mode ())
|
||||
+#else
|
||||
+ if (!EVP_default_properties_is_fips_enabled(NULL))
|
||||
+#endif
|
||||
{
|
||||
i = 0;
|
||||
while (dh_nonfips_groups[i])
|
||||
--
|
||||
2.31.1
|
||||
|
@ -9,7 +9,7 @@
|
||||
|
||||
Name: sscg
|
||||
Version: 3.0.0
|
||||
Release: 6%{?dist}
|
||||
Release: 7%{?dist}
|
||||
Summary: Simple SSL certificate generator
|
||||
|
||||
License: GPLv3+ with exceptions
|
||||
@ -30,6 +30,7 @@ Patch: 0001-Drop-usage-of-ERR_GET_FUNC.patch
|
||||
Patch: 0002-Correct-certificate-lifetime-calculation.patch
|
||||
Patch: 0003-Truncate-IP-address-in-SAN.patch
|
||||
Patch: 0004-dhparams-don-t-fail-if-default-file-can-t-be-created.patch
|
||||
Patch: 0005-dhparams-Fix-the-FIPS_mode-call-for-OpenSSL-3.0.patch
|
||||
|
||||
%description
|
||||
A utility to aid in the creation of more secure "self-signed"
|
||||
@ -60,6 +61,10 @@ false signatures from the service certificate.
|
||||
%{_mandir}/man8/%{name}.8*
|
||||
|
||||
%changelog
|
||||
* Fri Dec 02 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-6
|
||||
- Use EVP_default_properties_is_fips_enabled() on OpenSSL 3.0
|
||||
- Related: rhbz#2083879
|
||||
|
||||
* Mon Nov 28 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-6
|
||||
- Don't fail if default dhparams file can't be created
|
||||
- Resolves: rhbz#2149064
|
||||
|
Loading…
Reference in New Issue
Block a user