From 3cd590574e6221bd82a8678768a1596b9e025092 Mon Sep 17 00:00:00 2001
From: reverse-world <ykx1990123@163.com>
Date: Fri, 8 Sep 2023 23:10:34 +0800
Subject: [PATCH] fix FIPS getenv compatibility problem

fix FIPS getenv compatibility problem

fix FIPS getenv compatibility problem
---
 Fix-FIPS-getenv-build-failure.patch | 30 +++++++++++++++++++++++++++++
 openssl.spec                        |  6 +++++-
 2 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 Fix-FIPS-getenv-build-failure.patch

diff --git a/Fix-FIPS-getenv-build-failure.patch b/Fix-FIPS-getenv-build-failure.patch
new file mode 100644
index 0000000..fc57d2d
--- /dev/null
+++ b/Fix-FIPS-getenv-build-failure.patch
@@ -0,0 +1,30 @@
+diff --git a/crypto/o_init.c b/crypto/o_init.c
+index b1eef43..4fbb0e5 100644
+--- a/crypto/o_init.c
++++ b/crypto/o_init.c
+@@ -7,7 +7,7 @@
+  * https://www.openssl.org/source/license.html
+  */
+ 
+-/* for secure_getenv */
++/* for ossl_safe_getenv */
+ #define _GNU_SOURCE
+ #include "e_os.h"
+ #include <openssl/err.h>
+@@ -21,6 +21,7 @@
+ # include <openssl/rand.h>
+ # include <openssl/fips.h>
+ # include "crypto/fips.h"
++# include "internal/cryptlib.h"
+ 
+ # define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
+ 
+@@ -29,7 +30,7 @@ static void init_fips_mode(void)
+     char buf[2] = "0";
+     int fd;
+ 
+-    if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
++    if (ossl_safe_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
+         buf[0] = '1';
+     } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
+         while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ;
diff --git a/openssl.spec b/openssl.spec
index 0c73821..e0d9c8a 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -2,7 +2,7 @@
 Name:        openssl
 Epoch:       1
 Version:     1.1.1m
-Release:     24
+Release:     25
 Summary:     Cryptography and SSL/TLS Toolkit
 License:     OpenSSL and SSLeay
 URL:         https://www.openssl.org/
@@ -67,6 +67,7 @@ Patch56:     backport-CVE-2023-3817-DH_check-Do-not-try-checking-q-properties-if
 Patch57:     backport-CVE-2023-3817-dhtest.c-Add-test-of-DH_check-with-q-p-1.patch
 Patch58:     backport-x509-Handle-ossl_policy_level_add_node-errors.patch
 Patch59:     backport-x509-Fix-possible-use-after-free-when-OOM.patch
+Patch60:     Fix-FIPS-getenv-build-failure.patch
 
 BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel
 Requires:    coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
@@ -273,6 +274,9 @@ make test || :
 %ldconfig_scriptlets libs
 
 %changelog
+* Fri Sep 8 2023 reverse-world <ykx1990123@163.com> - 1:1.1.1m-25
+* fix FIPS getenv compatibility problem
+
 * Tue Aug 08 2023 zcfsite <zhchf2010@126.com> - 1:1.1.1m-24
 * backport some patches
 
-- 
Gitee