[prev in list] [next in list] [prev in thread] [next in thread]
List: rpm-cvs
Subject: [CVS] RPM: rpm-5_4: rpm/ CHANGES rpm/rpmio/ rpmssl.c rpmssl.h
From: "Jeff Johnson" <jbj () rpm5 ! org>
Date: 2014-04-17 23:19:38
Message-ID: 20140417231938.D43B550104 () rpm5 ! org
[Download RAW message or body]
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: jbj@rpm5.org
Module: rpm Date: 18-Apr-2014 01:19:38
Branch: rpm-5_4 Handle: 2014041723192806
Modified files: (Branch: rpm-5_4)
rpm CHANGES
rpm/rpmio rpmssl.c rpmssl.h
Log:
- ssl: tweak config options, run in FIPS-140-2 mode "best effort".
Summary:
Revision Changes Path
1.3501.2.362+1 -0 rpm/CHANGES
2.42.2.4 +96 -2 rpm/rpmio/rpmssl.c
2.14.2.2 +3 -0 rpm/rpmio/rpmssl.h
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: rpm/CHANGES
============================================================================
$ cvs diff -u -r1.3501.2.361 -r1.3501.2.362 CHANGES
--- rpm/CHANGES 17 Apr 2014 18:44:21 -0000 1.3501.2.361
+++ rpm/CHANGES 17 Apr 2014 23:19:28 -0000 1.3501.2.362
@@ -1,4 +1,5 @@
5.4.14 -> 5.4.15:
+ - jbj: ssl: tweak config options, run in FIPS-140-2 mode "best effort".
- jbj: gcrypt: tweak config options, run in FIPS-140-2 mode always.
- jbj: pgp: permit non-repudiable signature on all crypto stacks.
- devzero2000: add cppcheck target
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmssl.c
============================================================================
$ cvs diff -u -r2.42.2.3 -r2.42.2.4 rpmssl.c
--- rpm/rpmio/rpmssl.c 11 Apr 2014 16:34:39 -0000 2.42.2.3
+++ rpm/rpmio/rpmssl.c 17 Apr 2014 23:19:33 -0000 2.42.2.4
@@ -33,7 +33,7 @@
/*@=redecl@*/
/*@unchecked@*/
-static int _rpmssl_debug = -1;
+static int _rpmssl_debug;
#define SPEW(_t, _rc, _dig) \
{ if ((_t) || _rpmssl_debug || _pgp_debug < 0) \
@@ -701,23 +701,117 @@
}
/*@=mustmod@*/
+/*@unchecked@*/
+static int rpmssl_initialized;
+
static /*@null@*/
void * rpmsslFree(/*@only@*/ void * impl)
/*@modifies impl @*/
{
rpmsslClean(impl);
+
+ if (--rpmssl_initialized == 0) {
+
+ CONF_modules_unload(1);
+ OBJ_cleanup();
+ EVP_cleanup();
+ ENGINE_cleanup();
+ CRYPTO_cleanup_all_ex_data();
+ ERR_remove_thread_state(NULL);
+ ERR_free_strings();
+ COMP_zlib_cleanup();
+
+ }
+
impl = _free(impl);
+
return NULL;
}
+
+#ifdef REFERENCE
+#include <openssl/evp.h>
+#include <openssl/crypto.h>
+#include <openssl/bn.h>
+# include <openssl/md2.h>
+# include <openssl/rc4.h>
+# include <openssl/des.h>
+# include <openssl/idea.h>
+# include <openssl/blowfish.h>
+#include <openssl/engine.h>
+#endif
+
+static const char *rpmsslEngines(char *te)
+{
+ char *t = te;
+ ENGINE *e;
+
+ for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
+ te = stpcpy(stpcpy(te, " "), ENGINE_get_id(e));
+ *te = '\0';
+
+ return t;
+}
+
+static void rpmsslVersionLog(void)
+{
+ int msglvl = RPMLOG_DEBUG;
+ char b[8192];
+
+ rpmlog(msglvl, "---------- openssl %s configuration:\n",
+ SSLeay_version(SSLEAY_VERSION));
+
+#ifdef DYING
+ if (SSLeay() == SSLEAY_VERSION_NUMBER)
+ rpmlog(msglvl, "%s\n", SSLeay_version(SSLEAY_VERSION));
+ else
+ rpmlog(msglvl, "%s (Library: %s)\n",
+ OPENSSL_VERSION_TEXT, SSLeay_version(SSLEAY_VERSION));
+#endif
+
+ rpmlog(msglvl, " %s\n", SSLeay_version(SSLEAY_BUILT_ON));
+
+ rpmlog(msglvl, " %s\n", SSLeay_version(SSLEAY_PLATFORM));
+
+ rpmlog(msglvl, " options: %s\n", BN_options());
+
+ rpmlog(msglvl, " %s\n", SSLeay_version(SSLEAY_CFLAGS));
+
+ rpmlog(msglvl, "%s\n", SSLeay_version(SSLEAY_DIR));
+
+ rpmlog(msglvl, " engines:%s\n", rpmsslEngines(b));
+
+ rpmlog(msglvl, " FIPS: %s\n",
+ (FIPS_mode() ? "enabled" : "disabled"));
+
+ rpmlog(msglvl, "----------\n");
+}
+
static
void * rpmsslInit(void)
/*@*/
{
rpmssl ssl = (rpmssl) xcalloc(1, sizeof(*ssl));
+
+ if (rpmssl_initialized++ == 0) {
+ int xx;
+
/*@-moduncon@*/
- ERR_load_crypto_strings();
+#ifdef NOTYET
+ CRYPTO_malloc_init();
+#endif
+ ERR_load_crypto_strings();
+ OpenSSL_add_all_algorithms();
+ ENGINE_load_builtin_engines();
+
+ xx = FIPS_mode_set(1);
+
/*@=moduncon@*/
+
+ rpmsslVersionLog();
+
+ }
+
return (void *) ssl;
}
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmssl.h
============================================================================
$ cvs diff -u -r2.14.2.1 -r2.14.2.2 rpmssl.h
--- rpm/rpmio/rpmssl.h 11 Apr 2014 16:34:39 -0000 2.14.2.1
+++ rpm/rpmio/rpmssl.h 17 Apr 2014 23:19:34 -0000 2.14.2.2
@@ -21,6 +21,9 @@
#include <openssl/dsa.h>
#include <openssl/rsa.h>
#include <openssl/engine.h>
+
+#include <openssl/conf.h>
+#include <openssl/comp.h>
#endif
/**
@@ .
______________________________________________________________________
RPM Package Manager http://rpm5.org
CVS Sources Repository rpm-cvs@rpm5.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic