Merge pull request #14 from gardenlinux/fipsver

Akendo · web-flow · commit e47efc49a30f · 2026-06-09T15:04:16.000+02:00
Change fips provider version
diff --git a/patches-debian/rules.patch.tpl b/patches-debian/rules.patch.tpl
@@ -0,0 +1,11 @@
+--- a/debian/rules
++++ b/debian/rules
+@@ -30,7 +30,7 @@ ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
+ endif
+ 
+ CONFARGS  = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 no-ssl3 enable-unit-test no-ssl3-method enable-rfc3779 enable-cms no-capieng no-rdrand \
+-	    enable-tfo enable-zstd enable-zlib enable-fips
++	    enable-tfo enable-zstd enable-zlib enable-fips '-DGL_FIPS_VERSION="\"$(VERSION)-SED_MARKER_FOR_FIPS_VERSION\""'
+ #OPT_alpha = ev4 ev5
+ ARCHOPTS  = OPT_$(DEB_HOST_ARCH)
+ OPTS      = $($(ARCHOPTS))
diff --git a/patches-debian/series b/patches-debian/series
@@ -1 +1,2 @@
 symbols.patch
+rules.patch
diff --git a/prepare_source b/prepare_source
@@ -1,4 +1,7 @@
 git_src -b debian/openssl-3.5.5-1 https://salsa.debian.org/debian/openssl.git
 import_upstream_patches
-apply_patches patches-debian
+
 version_suffix="gl21"
+fips_version_suffix="${version_suffix}"
+sed "s/SED_MARKER_FOR_FIPS_VERSION/$fips_version_suffix/" <patches-debian/rules.patch.tpl > patches-debian/rules.patch
+apply_patches patches-debian
diff --git a/upstream_patches/0000-set-FIPS-vendor-and-version.patch b/upstream_patches/0000-set-FIPS-vendor-and-version.patch
@@ -0,0 +1,24 @@
+:100644 100644 3a61c8e4e3 0000000000 M	VERSION.dat
+
+diff --git a/VERSION.dat b/VERSION.dat
+index 3a61c8e4e3..dceba4cddb 100644
+--- a/VERSION.dat
++++ b/VERSION.dat
+@@ -7 +7,2 @@ RELEASE_DATE="27 Jan 2026"
+ SHLIB_VERSION=3
++FIPS_VENDOR="SAP SE Garden Linux nightly OpenSSL Cryptographic Module"
+--- a/providers/fips/fipsprov.c
++++ b/providers/fips/fipsprov.c
+@@ -204,10 +204,10 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[])
+     if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, FIPS_VENDOR))
+         return 0;
+     p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
+-    if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
++    if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, GL_FIPS_VERSION))
+         return 0;
+     p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
+-    if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
++    if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, GL_FIPS_VERSION))
+         return 0;
+     p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS);
+     if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running()))
diff --git a/upstream_patches/0000-set-FIPS-vendor.patch b/upstream_patches/0000-set-FIPS-vendor.patch
diff --git a/upstream_patches/series b/upstream_patches/series
@@ -1,4 +1,4 @@
-0000-set-FIPS-vendor.patch
+0000-set-FIPS-vendor-and-version.patch
 0001-Allow-SHA256-192-to-be-used-internally-in-the-FIPS-p.patch
 0002-FIPS-Allow-disabling-of-SHA1-signatures-and-Deny-SHA-1-signature-verification.patch
 0003-FIPS-EC-DH-DSA-PCTs.patch

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-0000-set-FIPS-vendor.patch`
	`1`	`+0000-set-FIPS-vendor-and-version.patch`
`2`	`2`	`0001-Allow-SHA256-192-to-be-used-internally-in-the-FIPS-p.patch`
`3`	`3`	`0002-FIPS-Allow-disabling-of-SHA1-signatures-and-Deny-SHA-1-signature-verification.patch`
`4`	`4`	`0003-FIPS-EC-DH-DSA-PCTs.patch`