| 1 |
diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha13/crypto/context.c |
| 2 |
--- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100 |
| 3 |
+++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100 |
| 4 |
@@ -12,11 +12,46 @@ |
| 5 |
#include "internal/provider.h" |
| 6 |
#include "crypto/ctype.h" |
| 7 |
|
| 8 |
+# include <sys/types.h> |
| 9 |
+# include <sys/stat.h> |
| 10 |
+# include <fcntl.h> |
| 11 |
+# include <unistd.h> |
| 12 |
+# include <openssl/evp.h> |
| 13 |
+ |
| 14 |
struct ossl_lib_ctx_onfree_list_st { |
| 15 |
ossl_lib_ctx_onfree_fn *fn; |
| 16 |
struct ossl_lib_ctx_onfree_list_st *next; |
| 17 |
}; |
| 18 |
|
| 19 |
+# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled" |
| 20 |
+ |
| 21 |
+static int kernel_fips_flag; |
| 22 |
+ |
| 23 |
+static void read_kernel_fips_flag(void) |
| 24 |
+{ |
| 25 |
+ char buf[2] = "0"; |
| 26 |
+ int fd; |
| 27 |
+ |
| 28 |
+ if (ossl_safe_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) { |
| 29 |
+ buf[0] = '1'; |
| 30 |
+ } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) { |
| 31 |
+ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ; |
| 32 |
+ close(fd); |
| 33 |
+ } |
| 34 |
+ |
| 35 |
+ if (buf[0] == '1') { |
| 36 |
+ kernel_fips_flag = 1; |
| 37 |
+ } |
| 38 |
+ |
| 39 |
+ return; |
| 40 |
+} |
| 41 |
+ |
| 42 |
+int ossl_get_kernel_fips_flag() |
| 43 |
+{ |
| 44 |
+ return kernel_fips_flag; |
| 45 |
+} |
| 46 |
+ |
| 47 |
+ |
| 48 |
struct ossl_lib_ctx_st { |
| 49 |
CRYPTO_RWLOCK *lock; |
| 50 |
CRYPTO_EX_DATA data; |
| 51 |
@@ -121,6 +170,7 @@ static CRYPTO_THREAD_LOCAL default_conte |
| 52 |
|
| 53 |
DEFINE_RUN_ONCE_STATIC(default_context_do_init) |
| 54 |
{ |
| 55 |
+ read_kernel_fips_flag(); |
| 56 |
return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL) |
| 57 |
&& context_init(&default_context_int); |
| 58 |
} |
| 59 |
diff -up openssl-3.0.1/include/internal/provider.h.embed-fips openssl-3.0.1/include/internal/provider.h |
| 60 |
--- openssl-3.0.1/include/internal/provider.h.embed-fips 2022-01-11 13:13:08.323238760 +0100 |
| 61 |
+++ openssl-3.0.1/include/internal/provider.h 2022-01-11 13:13:43.522558909 +0100 |
| 62 |
@@ -110,6 +110,9 @@ int ossl_provider_init_as_child(OSSL_LIB |
| 63 |
const OSSL_DISPATCH *in); |
| 64 |
void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx); |
| 65 |
|
| 66 |
+/* FIPS flag access */ |
| 67 |
+int ossl_get_kernel_fips_flag(void); |
| 68 |
+ |
| 69 |
# ifdef __cplusplus |
| 70 |
} |
| 71 |
# endif |
Parent Directory
| 
Revision Log
| 
Revision Graph
