/[smecontribs]/rpms/openssl3/contribs10/0009-Add-Kernel-FIPS-mode-flag-support.patch
ViewVC logotype

Annotation of /rpms/openssl3/contribs10/0009-Add-Kernel-FIPS-mode-flag-support.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Wed Jan 31 17:24:33 2024 UTC (10 months ago) by jpp
Branch: MAIN
CVS Tags: openssl3-3_0_7-5_el7_sme_1, HEAD
Initial import

1 jpp 1.1 diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha13/crypto/context.c
2     --- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100
3     +++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100
4     @@ -12,11 +12,46 @@
5     #include "internal/provider.h"
6     #include "crypto/ctype.h"
7    
8     +# include <sys/types.h>
9     +# include <sys/stat.h>
10     +# include <fcntl.h>
11     +# include <unistd.h>
12     +# include <openssl/evp.h>
13     +
14     struct ossl_lib_ctx_onfree_list_st {
15     ossl_lib_ctx_onfree_fn *fn;
16     struct ossl_lib_ctx_onfree_list_st *next;
17     };
18    
19     +# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
20     +
21     +static int kernel_fips_flag;
22     +
23     +static void read_kernel_fips_flag(void)
24     +{
25     + char buf[2] = "0";
26     + int fd;
27     +
28     + if (ossl_safe_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
29     + buf[0] = '1';
30     + } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
31     + while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ;
32     + close(fd);
33     + }
34     +
35     + if (buf[0] == '1') {
36     + kernel_fips_flag = 1;
37     + }
38     +
39     + return;
40     +}
41     +
42     +int ossl_get_kernel_fips_flag()
43     +{
44     + return kernel_fips_flag;
45     +}
46     +
47     +
48     struct ossl_lib_ctx_st {
49     CRYPTO_RWLOCK *lock;
50     CRYPTO_EX_DATA data;
51     @@ -121,6 +170,7 @@ static CRYPTO_THREAD_LOCAL default_conte
52    
53     DEFINE_RUN_ONCE_STATIC(default_context_do_init)
54     {
55     + read_kernel_fips_flag();
56     return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL)
57     && context_init(&default_context_int);
58     }
59     diff -up openssl-3.0.1/include/internal/provider.h.embed-fips openssl-3.0.1/include/internal/provider.h
60     --- openssl-3.0.1/include/internal/provider.h.embed-fips 2022-01-11 13:13:08.323238760 +0100
61     +++ openssl-3.0.1/include/internal/provider.h 2022-01-11 13:13:43.522558909 +0100
62     @@ -110,6 +110,9 @@ int ossl_provider_init_as_child(OSSL_LIB
63     const OSSL_DISPATCH *in);
64     void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx);
65    
66     +/* FIPS flag access */
67     +int ossl_get_kernel_fips_flag(void);
68     +
69     # ifdef __cplusplus
70     }
71     # endif

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed