packages/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!271 Fix-FIPS-getenv-build-failure

Browse Source 
From: @reverse-world 
Reviewed-by: @zcfsite 
Signed-off-by: @zcfsite
This commit is contained in:
openeuler-ci-bot 2023-09-11 03:24:08 +00:00 committed by Gitee
commit 8ee4f2f28a
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
Fix-FIPS-getenv-build-failure.patch Normal file
View File

@ -0,0 +1,30 @@
diff --git a/crypto/o_init.c b/crypto/o_init.c
index b1eef43..4fbb0e5 100644
--- a/crypto/o_init.c
+++ b/crypto/o_init.c
@@ -7,7 +7,7 @@
* https://www.openssl.org/source/license.html
*/
-/* for secure_getenv */
+/* for ossl_safe_getenv */
#define _GNU_SOURCE
#include "e_os.h"
#include <openssl/err.h>
@@ -21,6 +21,7 @@
# include <openssl/rand.h>
# include <openssl/fips.h>
# include "crypto/fips.h"
+# include "internal/cryptlib.h"
# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
@@ -29,7 +30,7 @@ static void init_fips_mode(void)
char buf[2] = "0";
int fd;
- if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
+ if (ossl_safe_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
buf[0] = '1';
} else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ;

6
openssl.spec
View File

@ -2,7 +2,7 @@
Name: openssl Name: openssl
Epoch: 1 Epoch: 1
Version: 1.1.1m Version: 1.1.1m
Release: 24 Release: 25
Summary: Cryptography and SSL/TLS Toolkit Summary: Cryptography and SSL/TLS Toolkit
License: OpenSSL and SSLeay License: OpenSSL and SSLeay
URL: https://www.openssl.org/ URL: https://www.openssl.org/
@ -67,6 +67,7 @@ Patch56: backport-CVE-2023-3817-DH_check-Do-not-try-checking-q-properties-if
Patch57: backport-CVE-2023-3817-dhtest.c-Add-test-of-DH_check-with-q-p-1.patch Patch57: backport-CVE-2023-3817-dhtest.c-Add-test-of-DH_check-with-q-p-1.patch
Patch58: backport-x509-Handle-ossl_policy_level_add_node-errors.patch Patch58: backport-x509-Handle-ossl_policy_level_add_node-errors.patch
Patch59: backport-x509-Fix-possible-use-after-free-when-OOM.patch Patch59: backport-x509-Fix-possible-use-after-free-when-OOM.patch
Patch60: Fix-FIPS-getenv-build-failure.patch
BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel
Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
@ -273,6 +274,9 @@ make test || :
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%changelog %changelog
* Fri Sep 8 2023 reverse-world <ykx1990123@163.com> - 1:1.1.1m-25
* fix FIPS getenv compatibility problem
* Tue Aug 08 2023 zcfsite <zhchf2010@126.com> - 1:1.1.1m-24 * Tue Aug 08 2023 zcfsite <zhchf2010@126.com> - 1:1.1.1m-24
* backport some patches * backport some patches