From 9496280b42cad55d2d74443553557140aff62e7f Mon Sep 17 00:00:00 2001
From: fly_fzc <2385803914@qq.com>
Date: Wed, 21 Aug 2024 09:52:34 +0800
Subject: [PATCH] add fips feature

---
 add-FIPS_mode_set-support.patch               | 24 ++++++
 ...rt-Add-FIPS_mode-compatibility-macro.patch | 79 +++++++++++++++++++
 openssl.spec                                  |  8 +-
 3 files changed, 110 insertions(+), 1 deletion(-)
 create mode 100644 add-FIPS_mode_set-support.patch
 create mode 100644 backport-Add-FIPS_mode-compatibility-macro.patch

diff --git a/add-FIPS_mode_set-support.patch b/add-FIPS_mode_set-support.patch
new file mode 100644
index 0000000..6608341
--- /dev/null
+++ b/add-FIPS_mode_set-support.patch
@@ -0,0 +1,24 @@
+From 9ffb8af6f00224c93caa8d738414502b7483a2a0 Mon Sep 17 00:00:00 2001
+From: jinlun <jinlun@huawei.com>
+Date: Wed, 14 Aug 2024 15:24:31 +0800
+Subject: [PATCH] add FIPS_mode_set support
+
+---
+ include/openssl/fips.h |  1 +
+ 1 files changed, 1 insertions(+)
+
+diff --git a/include/openssl/fips.h b/include/openssl/fips.h
+index 4162cbf..5e89003 100644
+--- a/include/openssl/fips.h
++++ b/include/openssl/fips.h
+@@ -19,6 +19,7 @@ extern "C" {
+ # endif
+ 
+ # define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL)
++# define FIPS_mode_set(r) EVP_default_properties_enable_fips(NULL, r)
+ 
+ # ifdef __cplusplus
+ }
+-- 
+2.27.0
+
diff --git a/backport-Add-FIPS_mode-compatibility-macro.patch b/backport-Add-FIPS_mode-compatibility-macro.patch
new file mode 100644
index 0000000..e3d0ee0
--- /dev/null
+++ b/backport-Add-FIPS_mode-compatibility-macro.patch
@@ -0,0 +1,79 @@
+From 5b2ec9a54037d7b007324bf53e067e73511cdfe4 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Thu, 26 Nov 2020 14:00:16 +0100
+Subject: Add FIPS_mode() compatibility macro
+
+Reference:https://src.fedoraproject.org/rpms/openssl/blob/f38/f/0008-Add-FIPS_mode-compatibility-macro.patch
+Conflict:NA
+The macro calls EVP_default_properties_is_fips_enabled() on the
+default context.
+---
+ include/openssl/crypto.h.in |  1 +
+ include/openssl/fips.h      | 25 +++++++++++++++++++++++++
+ test/property_test.c        | 13 +++++++++++++
+ 3 files changed, 39 insertions(+)
+ create mode 100644 include/openssl/fips.h
+
+diff --git a/include/openssl/fips.h b/include/openssl/fips.h
+new file mode 100644
+index 0000000000..c64f0f8e8f
+--- /dev/null
++++ b/include/openssl/fips.h
+@@ -0,0 +1,26 @@
++/*
++ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
++ *
++ * Licensed under the Apache License 2.0 (the "License").  You may not use
++ * this file except in compliance with the License.  You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
++ */
++
++#ifndef OPENSSL_FIPS_H
++# define OPENSSL_FIPS_H
++# pragma once
++
++# include <openssl/evp.h>
++# include <openssl/macros.h>
++
++# ifdef __cplusplus
++extern "C" {
++# endif
++
++# define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL)
++
++# ifdef __cplusplus
++}
++# endif
++#endif
+diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1/test/property_test.c
+--- openssl-3.0.0-beta1/test/property_test.c.fips-macro	2021-06-29 12:14:58.851557698 +0200
++++ openssl-3.0.0-beta1/test/property_test.c	2021-06-29 12:17:14.630143832 +0200
+@@ -488,6 +488,19 @@ static int test_property_list_to_string(
+     return ret;
+ }
+
++#include <openssl/fips.h>
++static int test_downstream_FIPS_mode(void)
++{
++    int ret = 0;
++
++    ret = TEST_true(EVP_set_default_properties(NULL, "fips=yes"))
++          && TEST_true(FIPS_mode())
++          && TEST_true(EVP_set_default_properties(NULL, "fips=no"))
++          && TEST_false(FIPS_mode());
++
++    return ret;
++}
++
+ int setup_tests(void)
+ {
+     ADD_TEST(test_property_string);
+@@ -500,6 +512,7 @@ int setup_tests(void)
+     ADD_TEST(test_property);
+     ADD_TEST(test_query_cache_stochastic);
+     ADD_TEST(test_fips_mode);
++    ADD_TEST(test_downstream_FIPS_mode);
+     ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests));
+     return 1;
+ }
diff --git a/openssl.spec b/openssl.spec
index 9ae947a..9ae7c90 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -2,7 +2,7 @@
 Name:        openssl
 Epoch:       1
 Version:     3.0.12
-Release:     9
+Release:     10
 Summary:     Cryptography and SSL/TLS Toolkit
 License:     OpenSSL and SSLeay
 URL:         https://www.openssl.org/
@@ -49,6 +49,9 @@ Patch37:     Backport-bn-Properly-error-out-if-aliasing-return-value-with-.patch
 Patch38:     Fix-build-error-for-ppc64le.patch
 Patch39:     Backport-CVE-2024-5535-Fix-SSL_select_next_proto.patch
 Patch40:     Backport-CVE-2024-5535-Add-a-test-for-ALPN-and-NPN.patch
+Patch41:     backport-Add-FIPS_mode-compatibility-macro.patch
+
+Patch9000:   add-FIPS_mode_set-support.patch
 
 BuildRequires: gcc gcc-c++ perl make lksctp-tools-devel coreutils util-linux zlib-devel
 Requires:    coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
@@ -249,6 +252,9 @@ make test || :
 %ldconfig_scriptlets libs
 
 %changelog
+* Wed Aug 21 2024 fuanan <fuanan3@h-partners.com> - 1:3.0.12-10
+- add fips feature
+
 * Wed Jul 3 2024 gengqihu <gengqihu2@h-partners.com> - 1:3.0.12-9
 - fix CVE-2024-5535
 
-- 
Gitee