-config argument of openssl app should work properly

Resolves: rhbz#2083274
epel8
Dmitry Belyavskiy 3 years ago
parent 1b2d08b2c2
commit b4d281e4de

@ -4,13 +4,13 @@
#ensure that you also add those changes to the provider_conf_activate() function. #ensure that you also add those changes to the provider_conf_activate() function.
#additionally please add this check for cnf explicitly as shown below. #additionally please add this check for cnf explicitly as shown below.
#'ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1;' #'ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1;'
diff -up openssl-3.0.1/crypto/provider_conf.c.fips-FORCE openssl-3.0.1/crypto/provider_conf.c diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provider_conf.c
--- openssl-3.0.1/crypto/provider_conf.c.fips-FORCE 2022-01-18 15:36:00.956141345 +0100 --- openssl-3.0.1/crypto/provider_conf.c.fipsact 2022-05-12 12:44:31.199034948 +0200
+++ openssl-3.0.1/crypto/provider_conf.c 2022-01-18 15:42:36.345172203 +0100 +++ openssl-3.0.1/crypto/provider_conf.c 2022-05-12 12:49:17.468318373 +0200
@@ -136,58 +136,18 @@ static int prov_already_activated(const @@ -136,58 +136,18 @@ static int prov_already_activated(const
return 0; return 0;
} }
-static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, -static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
- const char *value, const CONF *cnf) - const char *value, const CONF *cnf)
+static int provider_conf_activate(OSSL_LIB_CTX *libctx,const char *name, +static int provider_conf_activate(OSSL_LIB_CTX *libctx,const char *name,
@ -83,8 +83,12 @@ diff -up openssl-3.0.1/crypto/provider_conf.c.fips-FORCE openssl-3.0.1/crypto/pr
if (ok) { if (ok) {
if (!ossl_provider_activate(prov, 1, 0)) { if (!ossl_provider_activate(prov, 1, 0)) {
@@ -246,6 +206,55 @@ static int provider_conf_load(OSSL_LIB_C @@ -244,8 +204,59 @@ static int provider_conf_load(OSSL_LIB_C
}
if (!ok)
ossl_provider_free(prov); ossl_provider_free(prov);
+ } else { /* No reason to activate the provider twice, returning OK */
+ ok = 1;
} }
CRYPTO_THREAD_unlock(pcgbl->lock); CRYPTO_THREAD_unlock(pcgbl->lock);
+ return ok; + return ok;
@ -139,7 +143,7 @@ diff -up openssl-3.0.1/crypto/provider_conf.c.fips-FORCE openssl-3.0.1/crypto/pr
} else { } else {
OSSL_PROVIDER_INFO entry; OSSL_PROVIDER_INFO entry;
@@ -306,6 +315,19 @@ static int provider_conf_init(CONF_IMODU @@ -306,6 +317,19 @@ static int provider_conf_init(CONF_IMODU
return 0; return 0;
} }

@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 3.0.1 Version: 3.0.1
Release: 28%{?dist} Release: 29%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -444,6 +444,10 @@ install -m644 %{SOURCE9} \
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%changelog %changelog
* Thu May 12 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-29
- `-config` argument of openssl app should work properly in FIPS mode
- Resolves: rhbz#2083274
* Fri May 06 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-28 * Fri May 06 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-28
- OpenSSL should not accept custom elliptic curve parameters - OpenSSL should not accept custom elliptic curve parameters
- Resolves rhbz#2066412 - Resolves rhbz#2066412

Loading…
Cancel
Save