/[smeserver]/rpms/openssl/sme8/openssl-fips-0.9.8e-fipsmode.patch
ViewVC logotype

Annotation of /rpms/openssl/sme8/openssl-fips-0.9.8e-fipsmode.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Tue Feb 18 03:03:10 2014 UTC (10 years, 9 months ago) by wellsi
Branch: MAIN
CVS Tags: openssl-0_9_8e-28_el5_sme, openssl-0_9_8e-33_1_el5_sme, openssl-0_9_8e-32_1_el5_sme, openssl-0_9_8e-27_1_el5_sme, openssl-0_9_8e-27_el5_10_1, openssl-0_9_8e-31_1_el5_sme, HEAD
Branch point for: upstream
Initial import

1 wellsi 1.1 diff -up openssl-fips-0.9.8e/crypto/o_init.c.fipsmode openssl-fips-0.9.8e/crypto/o_init.c
2     --- openssl-fips-0.9.8e/crypto/o_init.c.fipsmode 2007-07-01 02:07:22.000000000 +0200
3     +++ openssl-fips-0.9.8e/crypto/o_init.c 2009-04-15 13:48:51.000000000 +0200
4     @@ -59,6 +59,45 @@
5     #include <e_os.h>
6     #include <openssl/err.h>
7    
8     +#ifdef OPENSSL_FIPS
9     +#include <sys/types.h>
10     +#include <sys/stat.h>
11     +#include <fcntl.h>
12     +#include <unistd.h>
13     +#include <errno.h>
14     +#include <stdlib.h>
15     +#include <openssl/fips.h>
16     +#include <openssl/evp.h>
17     +#include <openssl/rand.h>
18     +
19     +#define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
20     +
21     +static void init_fips_mode(void)
22     + {
23     + char buf[2] = "0";
24     + int fd;
25     +
26     + if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
27     + {
28     + buf[0] = '1';
29     + }
30     + else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0)
31     + {
32     + while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR);
33     + close(fd);
34     + }
35     + /* Failure reading the fips mode switch file means just not
36     + * switching into FIPS mode. We would break too many things
37     + * otherwise.
38     + */
39     +
40     + if (buf[0] == '1')
41     + {
42     + FIPS_mode_set(1);
43     + }
44     + }
45     +#endif
46     +
47     /* Perform any essential OpenSSL initialization operations.
48     * Currently only sets FIPS callbacks
49     */
50     @@ -73,11 +112,10 @@ void OPENSSL_init(void)
51     #ifdef CRYPTO_MDEBUG
52     CRYPTO_malloc_debug_init();
53     #endif
54     -#ifdef OPENSSL_ENGINE
55     + init_fips_mode();
56     int_EVP_MD_init_engine_callbacks();
57     int_EVP_CIPHER_init_engine_callbacks();
58     int_RAND_init_engine_callbacks();
59     -#endif
60     done = 1;
61     }
62     #endif
63     diff -up openssl-fips-0.9.8e/ssl/ssl_algs.c.fipsmode openssl-fips-0.9.8e/ssl/ssl_algs.c
64     --- openssl-fips-0.9.8e/ssl/ssl_algs.c.fipsmode 2007-04-24 13:30:48.000000000 +0200
65     +++ openssl-fips-0.9.8e/ssl/ssl_algs.c 2009-04-15 14:09:42.000000000 +0200
66     @@ -64,6 +64,8 @@
67     int SSL_library_init(void)
68     {
69    
70     + OPENSSL_init();
71     +
72     #ifndef OPENSSL_NO_DES
73     EVP_add_cipher(EVP_des_cbc());
74     EVP_add_cipher(EVP_des_ede3_cbc());

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed