-
-
Notifications
You must be signed in to change notification settings - Fork 9.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set OPENSSL_ppccap_P global variable in fips provider context #24399
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What does bypassing the constructor (DEP) _init in providers/fips/self_test.c do?
This would be acceptable with |
Call OPENSSL_cpuid_setup while loading fips provider so that the value of OPENSSL_ppccap_P global varaible gets set with hardware capabilities CLA: trivial Borrowed from openssl#24399 to test whether it is the issue
Call OPENSSL_cpuid_setup while loading fips provider so that the value of OPENSSL_ppccap_P global varaible gets set with hardware capabilities CLA: trivial Borrowed from openssl#24399 to test whether it is the issue
I don't think this bypasses the DEP. It adds an additional constructor. |
Agreed. Check #24403 (comment) and #23978 (comment). My opinion is to remove all Related snippets Lines 55 to 69 in a6afe2b
Lines 116 to 122 in a6afe2b
Lines 109 to 113 in a6afe2b
Lines 32 to 44 in a6afe2b
Lines 59 to 68 in a6afe2b
|
Another implicit path: #23978 (reply in thread) |
By adding this additional -binitfini in configuration file, we can ensure there is no modification done to fips provider code. |
This is really a mess. IMO we should clean it up properly (at least on the master branch).
|
Unfortunately changing the config more than likely also breaks FIPS compliance. You cant just build however you want and still assume you are compliant (This is a deviation of the Security Policy instructions on how to build) |
These two are the way to go. Using a constructor dodges the FIPS change issue but it will cause other problems. I don't think we should do it. |
Call OPENSSL_cpuid_setup while loading fips provider so that the value of OPENSSL_ppccap_P global variable gets set with hardware capabilities
This is to address issue : #23979
CLA: trivial