Change-Id: I63bd0530a9733959b8f0ed69744407690b7462cb
Reviewed-on: http://photon-jenkins.eng.vmware.com/1208
Reviewed-by: suezzelur <anishs@vmware.com>
Tested-by: suezzelur <anishs@vmware.com>
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,48 @@ |
0 |
+diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c |
|
1 |
+index 48ad0d2..482481d 100644 |
|
2 |
+--- a/crypto/engine/eng_all.c |
|
3 |
+@@ -64,6 +64,7 @@ void ENGINE_load_builtin_engines(void) |
|
4 |
+ { |
|
5 |
+ /* Some ENGINEs need this */ |
|
6 |
+ OPENSSL_cpuid_setup(); |
|
7 |
++ OPENSSL_init(); |
|
8 |
+ #if 0 |
|
9 |
+ /* |
|
10 |
+ * There's no longer any need for an "openssl" ENGINE unless, one day, it |
|
11 |
+diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c |
|
12 |
+index 280e584..f177b65 100644 |
|
13 |
+--- a/crypto/evp/c_allc.c |
|
14 |
+@@ -64,6 +64,7 @@ |
|
15 |
+ |
|
16 |
+ void OpenSSL_add_all_ciphers(void) |
|
17 |
+ { |
|
18 |
++ OPENSSL_init(); |
|
19 |
+ |
|
20 |
+ #ifndef OPENSSL_NO_DES |
|
21 |
+ EVP_add_cipher(EVP_des_cfb()); |
|
22 |
+diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c |
|
23 |
+index fdbe3ee..d7f9357 100644 |
|
24 |
+--- a/crypto/evp/c_alld.c |
|
25 |
+@@ -64,6 +64,7 @@ |
|
26 |
+ |
|
27 |
+ void OpenSSL_add_all_digests(void) |
|
28 |
+ { |
|
29 |
++ OPENSSL_init(); |
|
30 |
+ #ifndef OPENSSL_NO_MD4 |
|
31 |
+ EVP_add_digest(EVP_md4()); |
|
32 |
+ #endif |
|
33 |
+diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c |
|
34 |
+index e6f515f..64914ad 100644 |
|
35 |
+--- a/ssl/ssl_algs.c |
|
36 |
+@@ -63,6 +63,7 @@ |
|
37 |
+ |
|
38 |
+ int SSL_library_init(void) |
|
39 |
+ { |
|
40 |
++ OPENSSL_init(); |
|
41 |
+ |
|
42 |
+ #ifndef OPENSSL_NO_DES |
|
43 |
+ EVP_add_cipher(EVP_des_cbc()); |
0 | 44 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,26 @@ |
0 |
+diff -aur openssl-1.0.2h/crypto/o_init.c openssl-1.0.2h-1/crypto/o_init.c |
|
1 |
+--- openssl-1.0.2h/crypto/o_init.c 2016-05-03 06:44:42.000000000 -0700 |
|
2 |
+@@ -57,6 +57,7 @@ |
|
3 |
+ #include <openssl/err.h> |
|
4 |
+ #ifdef OPENSSL_FIPS |
|
5 |
+ # include <openssl/fips.h> |
|
6 |
++# include <openssl/fips_rand.h> |
|
7 |
+ # include <openssl/rand.h> |
|
8 |
+ #endif |
|
9 |
+ |
|
10 |
+@@ -76,6 +77,14 @@ |
|
11 |
+ FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata); |
|
12 |
+ FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free); |
|
13 |
+ RAND_init_fips(); |
|
14 |
++/* |
|
15 |
++* Calling RAND_init_fips() followed by |
|
16 |
++* RAND_set_rand_method(FIPS_rand_get_method()) will |
|
17 |
++* cause OpenSSL to use the FIPS default DRBG |
|
18 |
++* in lieu of the non-compliant OpenSSL default RAND. This |
|
19 |
++* requires FIPS-capable OpenSSL. |
|
20 |
++*/ |
|
21 |
++ RAND_set_rand_method(FIPS_rand_get_method()); |
|
22 |
+ #endif |
|
23 |
+ #if 0 |
|
24 |
+ fprintf(stderr, "Called OPENSSL_init\n"); |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
Summary: Management tools and libraries relating to cryptography |
2 | 2 |
Name: openssl |
3 | 3 |
Version: 1.0.2h |
4 |
-Release: 2%{?dist} |
|
4 |
+Release: 3%{?dist} |
|
5 | 5 |
License: OpenSSL |
6 | 6 |
URL: http://www.openssl.org |
7 | 7 |
Group: System Environment/Security |
... | ... |
@@ -10,7 +10,9 @@ Distribution: Photon |
10 | 10 |
Source0: http://www.openssl.org/source/%{name}-%{version}.tar.gz |
11 | 11 |
%define sha1 openssl=577585f5f5d299c44dd3c993d3c0ac7a219e4949 |
12 | 12 |
Patch0: c_rehash.patch |
13 |
-Patch1: openssl-1.0.2f-ipv6apps.patch |
|
13 |
+Patch1: openssl-1.0.2f-ipv6apps.patch |
|
14 |
+Patch2: openssl-init-conslidate.patch |
|
15 |
+Patch3: openssl-use-fips-drbg-by-default.patch |
|
14 | 16 |
Requires: bash glibc libgcc |
15 | 17 |
|
16 | 18 |
%description |
... | ... |
@@ -49,6 +51,8 @@ Perl scripts that convert certificates and keys to various formats. |
49 | 49 |
%setup -q |
50 | 50 |
%patch0 -p1 |
51 | 51 |
%patch1 -p1 |
52 |
+%patch2 -p1 |
|
53 |
+%patch3 -p1 |
|
52 | 54 |
|
53 | 55 |
%build |
54 | 56 |
export CFLAGS="%{optflags}" |
... | ... |
@@ -108,8 +112,10 @@ rm -rf %{buildroot}/* |
108 | 108 |
/%{_bindir}/c_rehash |
109 | 109 |
|
110 | 110 |
%changelog |
111 |
-* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 1.0.2h-2 |
|
112 |
-- GA - Bump release of all rpms |
|
111 |
+* Fri Jun 22 2016 Anish Swaminathan <anishs@vmware.com> 1.0.2h-3 |
|
112 |
+- Add patches for using openssl_init under all initialization and changing default RAND |
|
113 |
+* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 1.0.2h-2 |
|
114 |
+- GA - Bump release of all rpms |
|
113 | 115 |
* Fri May 20 2016 Divya Thaluru <dthaluru@vmware.com> 1.0.2h-1 |
114 | 116 |
- Upgrade to 1.0.2h |
115 | 117 |
* Mon Mar 07 2016 Anish Swaminathan <anishs@vmware.com> 1.0.2g-1 |