Google Git
Sign in
nginx/nginx-pkgoss/2e6b7082496842fda9e5dafaeb070b463a178249^!/.
commit
2e6b7082496842fda9e5dafaeb070b463a178249
[log]
author
Konstantin Pavlov <thresh@nginx.com>
Fri May 20 12:05:25 2022 +0400
committer
Konstantin Pavlov <thresh@nginx.com>
Fri May 20 12:05:25 2022 +0400
tree
bff1d139deba22b925dee8bad718f63c961300c3
parent
73b63abfe4246719697ca875b42ebdb9b4d4ed30 [diff]
Added a patch to fix nginx-fips-check-module on OpenSSL 3.0.

diff --git a/alpine/Makefile.module-fips-check b/alpine/Makefile.module-fips-check
index 24ea085..3fc1d6a 100644
--- a/alpine/Makefile.module-fips-check
+++ b/alpine/Makefile.module-fips-check

@@ -5,12 +5,14 @@
 include $(CONTRIB)/src/nginx-fips-check-module/version
 
 MODULE_VERSION_fips_check=	$(NGINX_FIPS_CHECK_MODULE_VERSION)
-MODULE_RELEASE_fips_check=	1
+MODULE_RELEASE_fips_check=	2
 
 MODULE_VERSION_PREFIX_fips_check=$(MODULE_TARGET_PREFIX)
 
 MODULE_SOURCES_fips_check=	nginx-fips-check-module-$(NGINX_FIPS_CHECK_MODULE_VERSION).tar.gz
 
+MODULE_PATCHES_fips_check= $(CONTRIB)/src/nginx-fips-check-module/0001-Added-support-for-OpenSSL-3.0.patch
+
 MODULE_CONFARGS_fips_check=	--add-dynamic-module=$(MODSRC_PREFIX)nginx-fips-check-module-$(NGINX_FIPS_CHECK_MODULE_VERSION)
 
 .deps-module-fips-check:

diff --git a/contrib/src/nginx-fips-check-module/0001-Added-support-for-OpenSSL-3.0.patch b/contrib/src/nginx-fips-check-module/0001-Added-support-for-OpenSSL-3.0.patch
new file mode 100644
index 0000000..8258716
--- /dev/null
+++ b/contrib/src/nginx-fips-check-module/0001-Added-support-for-OpenSSL-3.0.patch

@@ -0,0 +1,36 @@
+From 741719ca53f9da8629d3a2acf3a4570cfa6c2d11 Mon Sep 17 00:00:00 2001
+From: Konstantin Pavlov <thresh@nginx.com>
+Date: Fri, 20 May 2022 11:26:35 +0400
+Subject: [PATCH] Added support for OpenSSL 3.0.
+
+FIPS_mode() was removed from OpenSSL 3.0 so use
+EVP_default_properties_is_fips_enabled instead.  However, at least
+Fedora and RHEL 9 patched their openssl packages to provide FIPS_mode()
+so check if it's not defined.
+
+This was tested on:
+- Ubuntu 22.04 openssl 3.0.2-0ubuntu1.1 FIPS disabled
+- RHEL 8.6 openssl 1.1.1k-6.el8_5.x86_64 FIPS disabled and enabled.
+- RHEL 9.0 openssl 3.0.1-23.el9_0.x86_64 FIPS disabled and enabled.
+---
+ ngx_core_fips_check_module.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/ngx_core_fips_check_module.c b/ngx_core_fips_check_module.c
+index 149f595..706725a 100644
+--- a/ngx_core_fips_check_module.c
++++ b/ngx_core_fips_check_module.c
+@@ -10,6 +10,10 @@
+ 
+ #include <openssl/crypto.h>
+ 
++#if (OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined FIPS_mode)
++# define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL)
++#endif
++
+ typedef enum {
+     UNKNOWN,
+     DISABLED,
+-- 
+2.30.1 (Apple Git-130)
+

diff --git a/debian/Makefile.module-fips-check b/debian/Makefile.module-fips-check
index 819d222..52fe450 100644
--- a/debian/Makefile.module-fips-check
+++ b/debian/Makefile.module-fips-check

@@ -5,12 +5,14 @@
 include $(CONTRIB)/src/nginx-fips-check-module/version
 
 MODULE_VERSION_fips_check=	$(NGINX_FIPS_CHECK_MODULE_VERSION)
-MODULE_RELEASE_fips_check=	1
+MODULE_RELEASE_fips_check=	2
 
 MODULE_VERSION_PREFIX_fips_check=$(MODULE_TARGET_PREFIX)
 
 MODULE_SOURCES_fips_check=	nginx-fips-check-module-$(NGINX_FIPS_CHECK_MODULE_VERSION).tar.gz
 
+MODULE_PATCHES_fips_check= $(CONTRIB)/src/nginx-fips-check-module/0001-Added-support-for-OpenSSL-3.0.patch
+
 MODULE_CONFARGS_fips_check=	--add-dynamic-module=$(MODSRC_PREFIX)nginx-fips-check-module-$(NGINX_FIPS_CHECK_MODULE_VERSION)
 
 .deps-module-fips-check:

diff --git a/docs/nginx-module-fips-check.xml b/docs/nginx-module-fips-check.xml
index 2c1f76c..50182cc 100644
--- a/docs/nginx-module-fips-check.xml
+++ b/docs/nginx-module-fips-check.xml

@@ -5,6 +5,18 @@
 <change_log title="nginx_module_fips_check">
 
 
+<changes apply="nginx-module-fips-check" ver="0.1" rev="2" basever="1.21.6"
+         date="2022-05-20" time="12:20:00 +0400"
+         packager="Konstantin Pavlov &lt;thresh@nginx.com&gt;">
+<change>
+<para>
+Added a patch to fix FTBFS on OpenSSL 3.0-based systems.
+</para>
+</change>
+
+</changes>
+
+
 <changes apply="nginx-module-fips-check" ver="0.1" rev="1" basever="1.21.6"
          date="2022-01-25" time="18:13:46 +0300"
          packager="Mikhail Isachenkov &lt;mikhail.isachenkov@nginx.com&gt;">

diff --git a/rpm/SPECS/Makefile.module-fips-check b/rpm/SPECS/Makefile.module-fips-check
index 17b9cb5..8daef7b 100644
--- a/rpm/SPECS/Makefile.module-fips-check
+++ b/rpm/SPECS/Makefile.module-fips-check

@@ -5,12 +5,14 @@
 include $(CONTRIB)/src/nginx-fips-check-module/version
 
 MODULE_VERSION_fips_check=	$(NGINX_FIPS_CHECK_MODULE_VERSION)
-MODULE_RELEASE_fips_check=	1
+MODULE_RELEASE_fips_check=	2
 
 MODULE_VERSION_PREFIX_fips_check=$(MODULE_TARGET_PREFIX)
 
 MODULE_SOURCES_fips_check=	nginx-fips-check-module-$(NGINX_FIPS_CHECK_MODULE_VERSION).tar.gz
 
+MODULE_PATCHES_fips_check= $(CONTRIB)/src/nginx-fips-check-module/0001-Added-support-for-OpenSSL-3.0.patch
+
 MODULE_CONFARGS_fips_check=	--add-dynamic-module=nginx-fips-check-module-$(NGINX_FIPS_CHECK_MODULE_VERSION)
 
 .deps-module-fips-check: