From patchwork Wed Jan 19 00:34:46 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: David Sommerseth <openvpn@sf.lists.topphemmelig.net>
X-Patchwork-Id: 2232
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director12.mail.ord1d.rsapps.net ([172.28.255.1])
	by backend41.mail.ord1d.rsapps.net with LMTP
	id QtlKIdf352GzXQAAqwncew
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Wed, 19 Jan 2022 06:36:55 -0500
Received: from proxy6.mail.ord1c.rsapps.net ([172.28.255.1])
	by director12.mail.ord1d.rsapps.net with LMTP
	id SOuoLdf352HRKwAAIasKDg
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Wed, 19 Jan 2022 06:36:55 -0500
Received: from smtp2.gate.ord1c ([172.28.255.1])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy6.mail.ord1c.rsapps.net with LMTPS
	id SG4rLdf352EITQAA9sKXow
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Wed, 19 Jan 2022 06:36:55 -0500
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp2.gate.ord1c.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net;
 dkim=fail (signature verification failed) header.d=sf.lists.topphemmelig.net;
 dmarc=fail (p=none; dis=none) header.from=sf.lists.topphemmelig.net
X-Suspicious-Flag: YES
X-Classification-ID: 19f783ba-791c-11ec-a866-842b2b4e7063-1-1
Received: from [216.105.38.7] ([216.105.38.7:55496]
 helo=lists.sourceforge.net)
	by smtp2.gate.ord1c.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id 04/9D-11140-6D7F7E16; Wed, 19 Jan 2022 06:36:54 -0500
Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com)
	by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1nA9Fs-0006Wy-7O; Wed, 19 Jan 2022 11:35:55 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2)
 (envelope-from <openvpn@sf.lists.topphemmelig.net>)
 id 1nA9Fp-0006Wh-PO
 for openvpn-devel@lists.sourceforge.net; Wed, 19 Jan 2022 11:35:52 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id:
 Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=mLYW7xfwN92aXd0mQFG7/m+FLk935sbqSQ5f5PhPUDU=; b=lMsL4jaCnWZiivb7dajsUqAa+E
 xMTVd1f/y6PO80o+LwOuJozwwbyvx9zjf60qjzZZjx32kdUOKLYeNP+yuGZ3b1gkJcwtfksLm5HcF
 JbISV3QByNHwfT+iVWfYbo7a5VcDdWjfIQyLXWIS6fHMiscmTTi+XnUGSXh+T6ULt+bo=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From:
 Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date:
 Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
 References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:
 List-Owner:List-Archive; bh=mLYW7xfwN92aXd0mQFG7/m+FLk935sbqSQ5f5PhPUDU=; b=d
 zkLekrX4tEUwugJk2ZUZe29C48SIJOuC6RrzpwozvlKDH6gCh4ChYrbHuS14rTifxMPvWODCRttQC
 y8ANi8Rs/mU3U+Fzc6CcJP37hoXloMtU5Ifb43pGfqr33EWh6bsxN5DuwJCzHzS1sF0iGHXcJP330
 T/w7tmXwQJRWcWbw=;
Received: from mx1.basenordic.cloud ([217.170.196.134])
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3)
 id 1nA9Fj-0004GS-RU
 for openvpn-devel@lists.sourceforge.net; Wed, 19 Jan 2022 11:35:52 +0000
Received: from localhost (unknown [127.0.0.1])
 by mx1.basenordic.cloud (Postfix) with ESMTP id 90BD5E715
 for <openvpn-devel@lists.sourceforge.net>;
 Wed, 19 Jan 2022 11:35:33 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=sf.lists.topphemmelig.net; s=inouz9eefah2too5; t=1642592133;
 bh=mLYW7xfwN92aXd0mQFG7/m+FLk935sbqSQ5f5PhPUDU=;
 h=From:To:Subject:Date:From;
 b=QeDMvAh6gKRRv68DSOIzNKbWAIlNx1T6Il07iBwYTxVeY3VKA2VFDz6J7LpIchJ7T
 P1jhY5TAEJwy3bd7cfmMEfWKwV4TLRUFuby3P0Uo7KXODPhmMMH+5k3UmU1rdk022E
 VCUo5D5YVUlrS62xNdnr98u3kaIOzHCIEbTdtWyuxLyOY8e6UK9BkxZRDyxiEAJH44
 XfvqfFjIaZ0OQROjtsCifAKYwv2rYND7tK0OtaiShLEfysJaM4X28CJqiXwMsziUej
 jgdX8KNf06DzM0+mx+3sV5o/deeUvUNNFpoRaCaUYfjBqYiydPleiV5yM8DlU1g7li
 8bEgkAt8XH7qw==
Received: from mx1.basenordic.cloud ([127.0.0.1])
 by localhost (mx1.basenordic.cloud [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id dTd6x4M8N5ew for <openvpn-devel@lists.sourceforge.net>;
 Wed, 19 Jan 2022 12:35:33 +0100 (CET)
Received: from xplorer.net (unknown [10.35.7.11])
 by mx1.basenordic.cloud (Postfix) with ESMTP id F1693E712
 for <openvpn-devel@lists.sourceforge.net>;
 Wed, 19 Jan 2022 12:35:32 +0100 (CET)
From: David Sommerseth <openvpn@sf.lists.topphemmelig.net>
To: openvpn-devel@lists.sourceforge.net
Date: Wed, 19 Jan 2022 12:34:46 +0100
Message-Id: <20220119113446.17691-1-openvpn@sf.lists.topphemmelig.net>
X-Mailer: git-send-email 2.27.0
MIME-Version: 1.0
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-1.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  From: David Sommerseth <davids@openvpn.net> On Fedora and
 RHEL/CentOS,
 the standard OpenSSL library has the FIPS module enabled by default.
 This revealed some incompatible code with the added DCO support.
 Content analysis details:   (-2.4 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -2.3 RCVD_IN_DNSWL_MED      RBL: Sender listed at https://www.dnswl.org/,
 medium trust [217.170.196.134 listed in list.dnswl.org]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1nA9Fj-0004GS-RU
Subject: [Openvpn-devel] [PATCH] crypto: Fix OPENSSL_FIPS enabled builds
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

From: David Sommerseth <davids@openvpn.net>

On Fedora and RHEL/CentOS, the standard OpenSSL library has the FIPS
module enabled by default.  This revealed some incompatible code with
the added DCO support.

Signed-off-by: David Sommerseth <davids@openvpn.net>
---
 src/openvpn/crypto.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 5626e2b6..0415f59d 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -34,6 +34,7 @@
 #include "error.h"
 #include "integer.h"
 #include "platform.h"
+#include "openssl_compat.h"
 
 #include "memdbg.h"
 
@@ -1704,6 +1705,8 @@ print_cipher(const char *ciphername)
         printf(", TLS client/server mode only");
     }
 #ifdef OPENSSL_FIPS
+    evp_cipher_type *cipher = EVP_CIPHER_fetch(NULL, ciphername, NULL);
+
     if (FIPS_mode() && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_FIPS))
     {
         printf(", disabled by FIPS mode");