Overview

File openssl-FIPS-Enforce-error-state.patch of Package openssl-3

Index: openssl-3.5.0-beta1/providers/fips/fipsprov.c
===================================================================
--- openssl-3.5.0-beta1.orig/providers/fips/fipsprov.c
+++ openssl-3.5.0-beta1/providers/fips/fipsprov.c
@@ -988,6 +988,7 @@ int OSSL_provider_init_int(const OSSL_CO
         /* Error already raised */
         goto err;
     }
+#if 0 /* Don't allow to skip the error state */
     /*
      * Disable the conditional error check if it's disabled in the fips config
      * file.
@@ -995,6 +996,7 @@ int OSSL_provider_init_int(const OSSL_CO
     if (fgbl->selftest_params.conditional_error_check != NULL
         && strcmp(fgbl->selftest_params.conditional_error_check, "0") == 0)
         SELF_TEST_disable_conditional_error_state();
+#endif
 
     /* Enable or disable FIPS provider options */
 #define OSSL_FIPS_PARAM(structname, paramname, unused)                         \
openSUSE Build Service is sponsored by
Places