LogoopenSUSE Build Service > Projects
Sign Up | Log In

View File openssl-fips-0.9.8e-env-nozlib.patch of Package openssl098e2 (Project home:beerserc)

diff -up openssl-fips-0.9.8e/README.env-nozlib openssl-fips-0.9.8e/README
--- openssl-fips-0.9.8e/README.env-nozlib	2007-03-22 01:37:41.000000000 +0100
+++ openssl-fips-0.9.8e/README	2008-09-06 12:11:27.000000000 +0200
@@ -8,8 +8,20 @@
  WARNING
  -------
 
- This version of OpenSSL is an initial port of the FIPS 140-2 code to OpenSSL
- 0.9.8. See the file README.FIPS for brief usage details.
+ This version of OpenSSL is based on upstream openssl-fips-1.2.0 code
+ which is also undergoing FIPS validation.
+ 
+ However this version contains a few differences from the upstream code
+ some of which are:
+   * The module respects the kernel FIPS flag /proc/sys/crypto/fips and
+     tries to initialize the FIPS mode if it is set to 1 aborting if the
+     FIPS mode could not be initialized. It is also possible to force the
+     OpenSSL library to FIPS mode especially for debugging purposes by
+     setting the environment variable OPENSSL_FORCE_FIPS_MODE.
+   * If the environment variable OPENSSL_NO_DEFAULT_ZLIB is set the module
+     will not automatically load the built in compression method ZLIB
+     when initialized. Applications can still explicitely ask for ZLIB
+     compression method.
 
  DESCRIPTION
  -----------
diff -up openssl-fips-0.9.8e/ssl/ssl_ciph.c.env-nozlib openssl-fips-0.9.8e/ssl/ssl_ciph.c
--- openssl-fips-0.9.8e/ssl/ssl_ciph.c.env-nozlib	2007-08-13 20:35:04.000000000 +0200
+++ openssl-fips-0.9.8e/ssl/ssl_ciph.c	2008-09-06 11:58:15.000000000 +0200
@@ -284,7 +284,7 @@ static void load_builtin_compressions(vo
 
 			MemCheck_off();
 			ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
-			if (ssl_comp_methods != NULL)
+			if (ssl_comp_methods != NULL && getenv("OPENSSL_NO_DEFAULT_ZLIB") == NULL)
 				{
 				comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
 				if (comp != NULL)