[openssl] allow deinitialization of the FIPS mode
Tomáš Mráz
tmraz at fedoraproject.org
Thu Aug 29 14:41:38 UTC 2013
commit b5d2711ab6aa774fbd9311866be2d5b8d26bb7c7
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Thu Aug 29 16:41:24 2013 +0200
allow deinitialization of the FIPS mode
openssl-1.0.1e-fips.patch | 2 +-
openssl.spec | 5 ++++-
2 files changed, 5 insertions(+), 2 deletions(-)
---
diff --git a/openssl-1.0.1e-fips.patch b/openssl-1.0.1e-fips.patch
index 95f2147..09903f4 100644
--- a/openssl-1.0.1e-fips.patch
+++ b/openssl-1.0.1e-fips.patch
@@ -19326,7 +19326,7 @@ diff -up openssl-1.0.1e/crypto/o_fips.c.fips openssl-1.0.1e/crypto/o_fips.c
#ifndef FIPS_AUTH_USER_PASS
#define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password"
#endif
-+ if (FIPS_module_mode()) /* can be implicitly initialized by OPENSSL_init() */
++ if (r && FIPS_module_mode()) /* can be implicitly initialized by OPENSSL_init() */
+ return 1;
if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS))
return 0;
diff --git a/openssl.spec b/openssl.spec
index a067d75..d62858e 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,7 +21,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.0.1e
-Release: 17%{?dist}
+Release: 18%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -468,6 +468,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
prelink -u %{_libdir}/libcrypto.so.%{version} %{_libdir}/libssl.so.%{version} 2>/dev/null || :
%changelog
+* Thu Aug 29 2013 Tomas Mraz <tmraz at redhat.com> 1.0.1e-18
+- allow deinitialization of the FIPS mode
+
* Thu Aug 29 2013 Tomas Mraz <tmraz at redhat.com> 1.0.1e-17
- always perform the FIPS selftests in library constructor
if FIPS module is installed
More information about the scm-commits
mailing list