[openssl] master update

Richard Levitte levitte at openssl.org
Wed Jul 15 21:18:25 UTC 2020


The branch master has been updated
       via  5744dacb3a9d785d587afb61831cb1ff2be6ed0d (commit)
       via  d3b243d15bdbd4191a8c615f3654d00e1194d17c (commit)
      from  7cc355c2e4e081dca3c6c345a75a2ab16800c807 (commit)


- Log -----------------------------------------------------------------
commit 5744dacb3a9d785d587afb61831cb1ff2be6ed0d
Author: Rich Salz <rsalz at akamai.com>
Date:   Sun Jun 28 21:11:48 2020 -0400

    Make -provider_name and -section_name optional
    
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12311)

commit d3b243d15bdbd4191a8c615f3654d00e1194d17c
Author: Rich Salz <rsalz at akamai.com>
Date:   Mon Jun 22 20:49:51 2020 -0400

    Use defaults FIPSKEY if not given on command line
    
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12311)

-----------------------------------------------------------------------

Summary of changes:
 apps/fipsinstall.c                    | 13 ++++++-------
 doc/man1/openssl-fipsinstall.pod.in   |  4 ++--
 test/recipes/30-test_acvp.t           |  4 +---
 test/recipes/30-test_evp.t            |  4 +---
 test/recipes/30-test_evp_fetch_prov.t |  5 ++---
 test/recipes/80-test_ssl_new.t        |  5 ++---
 test/recipes/80-test_ssl_old.t        |  6 +++---
 test/recipes/90-test_sslapi.t         |  4 +---
 8 files changed, 18 insertions(+), 27 deletions(-)

diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c
index e76e615bc6..7efdd65d46 100644
--- a/apps/fipsinstall.c
+++ b/apps/fipsinstall.c
@@ -22,8 +22,6 @@
 DEFINE_STACK_OF_STRING()
 
 #define BUFSIZE 4096
-#define DEFAULT_MAC_NAME "HMAC"
-#define DEFAULT_FIPS_SECTION "fips_check_section"
 
 /* Configuration file values */
 #define VERSION_KEY  "version"
@@ -268,10 +266,12 @@ end:
 int fipsinstall_main(int argc, char **argv)
 {
     int ret = 1, verify = 0, gotkey = 0, gotdigest = 0;
+    const char *section_name = "fips_sect";
+    const char *mac_name = "HMAC";
+    const char *prov_name = "fips";
     BIO *module_bio = NULL, *mem_bio = NULL, *fout = NULL;
-    char *in_fname = NULL, *out_fname = NULL, *prog, *section_name = NULL;
-    char *prov_name = NULL, *module_fname = NULL;
-    static const char *mac_name = DEFAULT_MAC_NAME;
+    char *in_fname = NULL, *out_fname = NULL, *prog;
+    char *module_fname = NULL;
     EVP_MAC_CTX *ctx = NULL, *ctx2 = NULL;
     STACK_OF(OPENSSL_STRING) *opts = NULL;
     OPTION_CHOICE o;
@@ -283,7 +283,6 @@ int fipsinstall_main(int argc, char **argv)
     EVP_MAC *mac = NULL;
     CONF *conf = NULL;
 
-    section_name = DEFAULT_FIPS_SECTION;
     if ((opts = sk_OPENSSL_STRING_new_null()) == NULL)
         goto end;
 
@@ -345,7 +344,7 @@ opthelp:
     argc = opt_num_rest();
     if (module_fname == NULL
         || (verify && in_fname == NULL)
-        || (!verify && (out_fname == NULL || prov_name == NULL))
+        || (!verify && out_fname == NULL)
         || argc != 0)
         goto opthelp;
 
diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in
index 16fedb6d03..30df7bf3e9 100644
--- a/doc/man1/openssl-fipsinstall.pod.in
+++ b/doc/man1/openssl-fipsinstall.pod.in
@@ -74,12 +74,12 @@ Verify that the input configuration file contains the correct information.
 =item B<-provider_name> I<providername>
 
 Name of the provider inside the configuration file.
-This must be specified.
+The default value is C<fips>.
 
 =item B<-section_name> I<sectionname>
 
 Name of the section inside the configuration file.
-This must be specified.
+The default value is C<fips_sect>.
 
 =item B<-mac_name> I<name>
 
diff --git a/test/recipes/30-test_acvp.t b/test/recipes/30-test_acvp.t
index 49cd484a30..8cfc07ecf7 100644
--- a/test/recipes/30-test_acvp.t
+++ b/test/recipes/30-test_acvp.t
@@ -31,9 +31,7 @@ plan tests => 2;
 
 ok(run(app(['openssl', 'fipsinstall',
            '-out', bldtop_file('providers', 'fipsmodule.cnf'),
-           '-module', $infile,
-           '-provider_name', 'fips',
-           '-section_name', 'fips_sect'])),
+           '-module', $infile])),
    "fipsinstall");
 
 ok(run(test(["acvp_test", "-config", srctop_file("test","fips.cnf")])),
diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
index 32639b77a5..c94893a5bc 100644
--- a/test/recipes/30-test_evp.t
+++ b/test/recipes/30-test_evp.t
@@ -85,9 +85,7 @@ unless ($no_fips) {
 
     ok(run(app(['openssl', 'fipsinstall',
                 '-out', bldtop_file('providers', 'fipsmodule.cnf'),
-                '-module', $infile,
-                '-provider_name', 'fips',
-                '-section_name', 'fips_sect'])),
+                '-module', $infile])),
        "fipsinstall");
 }
 
diff --git a/test/recipes/30-test_evp_fetch_prov.t b/test/recipes/30-test_evp_fetch_prov.t
index f53fdb0700..81b3c62cc4 100644
--- a/test/recipes/30-test_evp_fetch_prov.t
+++ b/test/recipes/30-test_evp_fetch_prov.t
@@ -21,6 +21,7 @@ use lib bldtop_dir('.');
 use platform;
 
 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
+my $infile = bldtop_file('providers', platform->dso('fips'));
 
 my @types = ( "digest", "cipher" );
 
@@ -46,9 +47,7 @@ unless ($no_fips) {
     push @setups, {
         cmd     => app(['openssl', 'fipsinstall',
                         '-out', bldtop_file('providers', 'fipsmodule.cnf'),
-                        '-module', bldtop_file('providers', platform->dso('fips')),
-                        '-provider_name', 'fips',
-                        '-section_name', 'fips_sect']),
+                        '-module', $infile]),
         message => "fipsinstall"
     };
     push @testdata, (
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
index 1df21d7ad1..6051adbfb2 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -25,6 +25,7 @@ use lib bldtop_dir('.');
 use platform;
 
 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
+my $infile = bldtop_file('providers', platform->dso('fips'));
 
 $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
 
@@ -117,9 +118,7 @@ my %skip = (
 unless ($no_fips) {
     ok(run(app(['openssl', 'fipsinstall',
                 '-out', bldtop_file('providers', 'fipsmodule.cnf'),
-                '-module', bldtop_file('providers', platform->dso('fips')),
-                '-provider_name', 'fips',
-                '-section_name', 'fips_sect'])),
+                '-module', $infile])),
        "fipsinstall");
 }
 
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index 814fe7ce6d..210346cb70 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -25,6 +25,8 @@ use lib bldtop_dir('.');
 use platform;
 
 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
+my $infile = bldtop_file('providers', platform->dso('fips'));
+
 my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_psk,
     $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3,
     $no_dtls, $no_dtls1, $no_dtls1_2, $no_ct) =
@@ -85,9 +87,7 @@ plan tests =>
 unless ($no_fips) {
     ok(run(app(['openssl', 'fipsinstall',
                 '-out', bldtop_file('providers', 'fipsmodule.cnf'),
-                '-module', bldtop_file('providers', platform->dso('fips')),
-                '-provider_name', 'fips',
-                '-section_name', 'fips_sect'])),
+                '-module', $infile])),
        "fipsinstall");
 }
 
diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t
index c32221b9f6..9af8435f6e 100644
--- a/test/recipes/90-test_sslapi.t
+++ b/test/recipes/90-test_sslapi.t
@@ -39,9 +39,7 @@ ok(run(test(["sslapitest", srctop_dir("test", "certs"),
 unless ($no_fips) {
     ok(run(app(['openssl', 'fipsinstall',
                 '-out', bldtop_file('providers', 'fipsmodule.cnf'),
-                '-module', bldtop_file('providers', platform->dso('fips')),
-                '-provider_name', 'fips',
-                '-section_name', 'fips_sect'])),
+                '-module', bldtop_file('providers', platform->dso('fips'))])),
        "fipsinstall");
 
     ok(run(test(["sslapitest", srctop_dir("test", "certs"),


More information about the openssl-commits mailing list