Bug 756109 - FIPS_mode() is in the wrong header file
Summary: FIPS_mode() is in the wrong header file
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: openssl
Version: 16
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-11-22 17:28 UTC by Henrik Bakken
Modified: 2013-01-16 20:27 UTC (History)
2 users (show)

Fixed In Version: openssl-1.0.1c-1.fc18
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-01-16 20:27:55 UTC
Type: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Henrik Bakken 2011-11-22 17:28:11 UTC 
Description of problem:

In upstream openssl, the function FIPS_mode() (which is used to determine if the application is running in FIPS-mode) is in <openssl/crypto.h>.  In Fedora, where I believe the FIPS support has been backported to version 1.0.0e (it's in 1.0.1, which is not yet released, upstream), the function is in <openssl/fips.h>.

This causes problems when building applications using the function, since files should include <openssl/crypto.h>, and not fips.h to get the prototype.

Version-Release number of selected component (if applicable):

1.0.0e

How reproducible:

Always

Steps to Reproduce:
1. #include <openssl/crypto.h>, use FIPS_mode()
2.
3.
  
Actual results:
Compiler error (or, rather, warning)

Expected results:
Success!

Additional info:
I suppose moving it to crypto.h could break some applications written against Fedora OpenSSL, but a solution could perhaps be to do #include <openssl/crypto.h> in fips.h.
Comment 1 Tomas Mraz 2011-11-22 17:40:18 UTC 
Actually the FIPS support in the fedora's OpenSSL pre-dates the unreleased upstream support on the 1.0.1 branch. It is a partial forward-port from the 0.9.8 fips branch and there it was in the openssl/fips.h include file.
Comment 2 Henrik Bakken 2011-11-22 18:29:22 UTC 
Ah, okay.  I expected something like this.  Would it be possible to get an #include <openssl/fips.h> in crypto.h, for example?  Right now it's hard to write code for both.
Comment 3 Tomas Mraz 2011-11-22 19:51:22 UTC 
You can test for the openssl version and include either fips.h or crypto.h. Note that Fedora will sooner or later upgrade to 1.0.1 branch anyway and if you want to support the RHEL-5 or 6 you'll have to live with the current placement of FIPS_mode() in fips.h as these distributions will not be changed in this regard.
Comment 4 Henrik Bakken 2011-11-23 08:03:08 UTC 
Understandable, thanks for your comments.
Comment 5 Fedora End Of Life 2013-01-16 20:14:52 UTC 
This message is a reminder that Fedora 16 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 16. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '16'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 16's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 16 is end of life. If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora, you are encouraged to click on 
"Clone This Bug" and open it against that version of Fedora.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Note You need to log in before you can comment on or make changes to this bug.