[openssl] master update
Richard Levitte
levitte at openssl.org
Tue Apr 21 13:44:23 UTC 2020
The branch master has been updated
via 1e78a50f5a9d4874e910a3b42f10c176197aea88 (commit)
from a87f3fe01a5a894aa27ccd6a239155fd129988e4 (commit)
- Log -----------------------------------------------------------------
commit 1e78a50f5a9d4874e910a3b42f10c176197aea88
Author: Richard Levitte <levitte at openssl.org>
Date: Tue Apr 21 12:24:44 2020 +0200
Revert "TEST: make and use a fipsinstall script"
Unfortunately, this won't work on MacOS because of system integrity
measures on that platform, which clears DYLD_LIBRARY_PATH before
starting a sub-process executable.
Ref: https://developer.apple.com/library/archive/documentation/Security/Conceptual/System_Integrity_Protection_Guide/RuntimeProtections/RuntimeProtections.html
This reverts commit ae6b654b669638882a6ddce012ff55adc7cf6a82.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11592)
-----------------------------------------------------------------------
Summary of changes:
test/fipsinstall.pl | 53 -----------------------------------
test/recipes/30-test_evp.t | 8 +++++-
test/recipes/30-test_evp_fetch_prov.t | 7 ++++-
test/recipes/90-test_sslprovider.t | 7 ++++-
4 files changed, 19 insertions(+), 56 deletions(-)
delete mode 100644 test/fipsinstall.pl
diff --git a/test/fipsinstall.pl b/test/fipsinstall.pl
deleted file mode 100644
index 48911452d1..0000000000
--- a/test/fipsinstall.pl
+++ /dev/null
@@ -1,53 +0,0 @@
-#! /usr/bin/env perl
-
-use strict;
-use warnings;
-
-use File::Spec;
-
-use if $^O eq "VMS", "VMS::Filespec";
-
-my $bldtop_dir;
-
-# First script argument MUST be the build top directory
-BEGIN {
- $bldtop_dir = $ARGV[0];
- # 'use lib' needs Unix-ish paths
- $bldtop_dir = VMS::Filespec::unixpath($bldtop_dir) if $^O eq "VMS";
-}
-
-use lib $bldtop_dir;
-use FindBin;
-use lib "$FindBin::Bin/../Configurations";
-use platform;
-
-my @providers = ($bldtop_dir, 'providers');
-my $fips_cnf = File::Spec->catfile(@providers, 'fipsinstall.cnf');
-my $fips_module = File::Spec->catfile(@providers, platform->dso('fips'));
-my $openssl = File::Spec->catfile($bldtop_dir, 'apps',
- platform->bin('openssl'));
-
-# We create the command like this to make it readable, then massage it with
-# a space replacement regexp to make it usable with system()
-my $cmd = <<_____;
-$openssl fipsinstall \
- -out "{fips_cnf}" \
- -module "{fips_module}" \
- -provider_name "fips" \
- -mac_name "HMAC" -macopt "digest:SHA256" -macopt "hexkey:00" \
- -section_name "fips_sect"
-_____
-$cmd =~ s|\s+| |gm;
-$cmd =~ s|{fips_cnf}|$fips_cnf|;
-$cmd =~ s|{fips_module}|$fips_module|;
-
-my $exit = 0;
-system($cmd);
-die "Failed to run '$cmd'\n" if $? == -1;
-# If there was a signal, use it as exit code with high bit set.
-$exit = (($? & 255) | 128) if ($? & 255) != 0;
-# Otherwise, just return fipsinstall's exit code
-$exit = ($? >> 8);
-
-exit($exit);
-
diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
index bf792f21b5..7263f29290 100644
--- a/test/recipes/30-test_evp.t
+++ b/test/recipes/30-test_evp.t
@@ -79,10 +79,16 @@ plan tests =>
+ scalar(@defltfiles);
unless ($no_fips) {
+ my $infile = bldtop_file('providers', platform->dso('fips'));
$ENV{OPENSSL_MODULES} = bldtop_dir("providers");
$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers");
- ok(run(perltest(['fipsinstall.pl', bldtop_dir()])),
+ ok(run(app(['openssl', 'fipsinstall',
+ '-out', bldtop_file('providers', 'fipsinstall.cnf'),
+ '-module', $infile,
+ '-provider_name', 'fips', '-mac_name', 'HMAC',
+ '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
+ '-section_name', 'fips_sect'])),
"fipsinstall");
}
diff --git a/test/recipes/30-test_evp_fetch_prov.t b/test/recipes/30-test_evp_fetch_prov.t
index 00d71fa320..36c324eeb3 100644
--- a/test/recipes/30-test_evp_fetch_prov.t
+++ b/test/recipes/30-test_evp_fetch_prov.t
@@ -47,7 +47,12 @@ my @testdata = (
unless ($no_fips) {
push @setups, {
- cmd => perltest(['fipsinstall.pl', bldtop_dir()]),
+ cmd => app(['openssl', 'fipsinstall',
+ '-out', bldtop_file('providers', 'fipsinstall.cnf'),
+ '-module', bldtop_file('providers', platform->dso('fips')),
+ '-provider_name', 'fips', '-mac_name', 'HMAC',
+ '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
+ '-section_name', 'fips_sect']),
message => "fipsinstall"
};
push @testdata, (
diff --git a/test/recipes/90-test_sslprovider.t b/test/recipes/90-test_sslprovider.t
index 814eff74cf..f0ff38a386 100644
--- a/test/recipes/90-test_sslprovider.t
+++ b/test/recipes/90-test_sslprovider.t
@@ -30,7 +30,12 @@ SKIP: {
skip "Skipping FIPS installation", 1
if disabled("fips");
- ok(run(perltest(['fipsinstall.pl', bldtop_dir()])),
+ ok(run(app(['openssl', 'fipsinstall',
+ '-out', bldtop_file('providers', 'fipsinstall.cnf'),
+ '-module', bldtop_file('providers', platform->dso('fips')),
+ '-provider_name', 'fips', '-mac_name', 'HMAC',
+ '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
+ '-section_name', 'fips_sect'])),
"fipsinstall");
}
More information about the openssl-commits
mailing list