Browse code
Allow system file take precedence over kernel parameter for openssl FIPS
Change-Id: Idf895e4f6cf94cd877ac2fb6d0974f7c4106cc2d
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/3388
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Sharath George
suezzelur authored on 2017/08/02 09:32:12Showing 2 changed files
| ... | ... |
@@ -33,15 +33,15 @@ diff -rup openssl-1.0.2k/crypto/o_init.c openssl-1.0.2k-new/crypto/o_init.c |
| 33 | 33 |
+ {
|
| 34 | 34 |
+ buf[0] = '1'; |
| 35 | 35 |
+ } |
| 36 |
++ else if (access(FIPS_MODE_SWITCH_FILE2, F_OK) != -1) |
|
| 37 |
++ {
|
|
| 38 |
++ buf[0] = '1'; |
|
| 39 |
++ } |
|
| 36 | 40 |
+ else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) |
| 37 | 41 |
+ {
|
| 38 | 42 |
+ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR); |
| 39 | 43 |
+ close(fd); |
| 40 | 44 |
+ } |
| 41 |
-+ else if (access(FIPS_MODE_SWITCH_FILE2, F_OK) != -1) |
|
| 42 |
-+ {
|
|
| 43 |
-+ buf[0] = '1'; |
|
| 44 |
-+ } |
|
| 45 | 45 |
+ /* Failure reading the fips mode switch file means just not |
| 46 | 46 |
+ * switching into FIPS mode. We would break too many things |
| 47 | 47 |
+ * otherwise. |
| ... | ... |
@@ -1,7 +1,7 @@ |
| 1 | 1 |
Summary: Management tools and libraries relating to cryptography |
| 2 | 2 |
Name: openssl |
| 3 | 3 |
Version: 1.0.2k |
| 4 |
-Release: 2%{?dist}
|
|
| 4 |
+Release: 3%{?dist}
|
|
| 5 | 5 |
License: OpenSSL |
| 6 | 6 |
URL: http://www.openssl.org |
| 7 | 7 |
Group: System Environment/Security |
| ... | ... |
@@ -112,6 +112,8 @@ rm -rf %{buildroot}/*
|
| 112 | 112 |
/%{_bindir}/c_rehash
|
| 113 | 113 |
|
| 114 | 114 |
%changelog |
| 115 |
+* Fri Jul 28 2017 Anish Swaminathan <anishs@vmware.com> 1.0.2k-3 |
|
| 116 |
+- Allow system file take precedence over kernel parameter for FIPS |
|
| 115 | 117 |
* Fri Jul 28 2017 Anish Swaminathan <anishs@vmware.com> 1.0.2k-2 |
| 116 | 118 |
- Patch to support enabling FIPS_mode through kernel parameter |
| 117 | 119 |
* Fri Apr 07 2017 Anish Swaminathan <anishs@vmware.com> 1.0.2k-1 |