[openssl] master update
Richard Levitte
levitte at openssl.org
Wed Jul 15 21:18:25 UTC 2020
The branch master has been updated
via 5744dacb3a9d785d587afb61831cb1ff2be6ed0d (commit)
via d3b243d15bdbd4191a8c615f3654d00e1194d17c (commit)
from 7cc355c2e4e081dca3c6c345a75a2ab16800c807 (commit)
- Log -----------------------------------------------------------------
commit 5744dacb3a9d785d587afb61831cb1ff2be6ed0d
Author: Rich Salz <rsalz at akamai.com>
Date: Sun Jun 28 21:11:48 2020 -0400
Make -provider_name and -section_name optional
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12311)
commit d3b243d15bdbd4191a8c615f3654d00e1194d17c
Author: Rich Salz <rsalz at akamai.com>
Date: Mon Jun 22 20:49:51 2020 -0400
Use defaults FIPSKEY if not given on command line
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12311)
-----------------------------------------------------------------------
Summary of changes:
apps/fipsinstall.c | 13 ++++++-------
doc/man1/openssl-fipsinstall.pod.in | 4 ++--
test/recipes/30-test_acvp.t | 4 +---
test/recipes/30-test_evp.t | 4 +---
test/recipes/30-test_evp_fetch_prov.t | 5 ++---
test/recipes/80-test_ssl_new.t | 5 ++---
test/recipes/80-test_ssl_old.t | 6 +++---
test/recipes/90-test_sslapi.t | 4 +---
8 files changed, 18 insertions(+), 27 deletions(-)
diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c
index e76e615bc6..7efdd65d46 100644
--- a/apps/fipsinstall.c
+++ b/apps/fipsinstall.c
@@ -22,8 +22,6 @@
DEFINE_STACK_OF_STRING()
#define BUFSIZE 4096
-#define DEFAULT_MAC_NAME "HMAC"
-#define DEFAULT_FIPS_SECTION "fips_check_section"
/* Configuration file values */
#define VERSION_KEY "version"
@@ -268,10 +266,12 @@ end:
int fipsinstall_main(int argc, char **argv)
{
int ret = 1, verify = 0, gotkey = 0, gotdigest = 0;
+ const char *section_name = "fips_sect";
+ const char *mac_name = "HMAC";
+ const char *prov_name = "fips";
BIO *module_bio = NULL, *mem_bio = NULL, *fout = NULL;
- char *in_fname = NULL, *out_fname = NULL, *prog, *section_name = NULL;
- char *prov_name = NULL, *module_fname = NULL;
- static const char *mac_name = DEFAULT_MAC_NAME;
+ char *in_fname = NULL, *out_fname = NULL, *prog;
+ char *module_fname = NULL;
EVP_MAC_CTX *ctx = NULL, *ctx2 = NULL;
STACK_OF(OPENSSL_STRING) *opts = NULL;
OPTION_CHOICE o;
@@ -283,7 +283,6 @@ int fipsinstall_main(int argc, char **argv)
EVP_MAC *mac = NULL;
CONF *conf = NULL;
- section_name = DEFAULT_FIPS_SECTION;
if ((opts = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
@@ -345,7 +344,7 @@ opthelp:
argc = opt_num_rest();
if (module_fname == NULL
|| (verify && in_fname == NULL)
- || (!verify && (out_fname == NULL || prov_name == NULL))
+ || (!verify && out_fname == NULL)
|| argc != 0)
goto opthelp;
diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in
index 16fedb6d03..30df7bf3e9 100644
--- a/doc/man1/openssl-fipsinstall.pod.in
+++ b/doc/man1/openssl-fipsinstall.pod.in
@@ -74,12 +74,12 @@ Verify that the input configuration file contains the correct information.
=item B<-provider_name> I<providername>
Name of the provider inside the configuration file.
-This must be specified.
+The default value is C<fips>.
=item B<-section_name> I<sectionname>
Name of the section inside the configuration file.
-This must be specified.
+The default value is C<fips_sect>.
=item B<-mac_name> I<name>
diff --git a/test/recipes/30-test_acvp.t b/test/recipes/30-test_acvp.t
index 49cd484a30..8cfc07ecf7 100644
--- a/test/recipes/30-test_acvp.t
+++ b/test/recipes/30-test_acvp.t
@@ -31,9 +31,7 @@ plan tests => 2;
ok(run(app(['openssl', 'fipsinstall',
'-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', $infile,
- '-provider_name', 'fips',
- '-section_name', 'fips_sect'])),
+ '-module', $infile])),
"fipsinstall");
ok(run(test(["acvp_test", "-config", srctop_file("test","fips.cnf")])),
diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
index 32639b77a5..c94893a5bc 100644
--- a/test/recipes/30-test_evp.t
+++ b/test/recipes/30-test_evp.t
@@ -85,9 +85,7 @@ unless ($no_fips) {
ok(run(app(['openssl', 'fipsinstall',
'-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', $infile,
- '-provider_name', 'fips',
- '-section_name', 'fips_sect'])),
+ '-module', $infile])),
"fipsinstall");
}
diff --git a/test/recipes/30-test_evp_fetch_prov.t b/test/recipes/30-test_evp_fetch_prov.t
index f53fdb0700..81b3c62cc4 100644
--- a/test/recipes/30-test_evp_fetch_prov.t
+++ b/test/recipes/30-test_evp_fetch_prov.t
@@ -21,6 +21,7 @@ use lib bldtop_dir('.');
use platform;
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
+my $infile = bldtop_file('providers', platform->dso('fips'));
my @types = ( "digest", "cipher" );
@@ -46,9 +47,7 @@ unless ($no_fips) {
push @setups, {
cmd => app(['openssl', 'fipsinstall',
'-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', bldtop_file('providers', platform->dso('fips')),
- '-provider_name', 'fips',
- '-section_name', 'fips_sect']),
+ '-module', $infile]),
message => "fipsinstall"
};
push @testdata, (
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
index 1df21d7ad1..6051adbfb2 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -25,6 +25,7 @@ use lib bldtop_dir('.');
use platform;
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
+my $infile = bldtop_file('providers', platform->dso('fips'));
$ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
@@ -117,9 +118,7 @@ my %skip = (
unless ($no_fips) {
ok(run(app(['openssl', 'fipsinstall',
'-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', bldtop_file('providers', platform->dso('fips')),
- '-provider_name', 'fips',
- '-section_name', 'fips_sect'])),
+ '-module', $infile])),
"fipsinstall");
}
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index 814fe7ce6d..210346cb70 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -25,6 +25,8 @@ use lib bldtop_dir('.');
use platform;
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
+my $infile = bldtop_file('providers', platform->dso('fips'));
+
my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_psk,
$no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3,
$no_dtls, $no_dtls1, $no_dtls1_2, $no_ct) =
@@ -85,9 +87,7 @@ plan tests =>
unless ($no_fips) {
ok(run(app(['openssl', 'fipsinstall',
'-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', bldtop_file('providers', platform->dso('fips')),
- '-provider_name', 'fips',
- '-section_name', 'fips_sect'])),
+ '-module', $infile])),
"fipsinstall");
}
diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t
index c32221b9f6..9af8435f6e 100644
--- a/test/recipes/90-test_sslapi.t
+++ b/test/recipes/90-test_sslapi.t
@@ -39,9 +39,7 @@ ok(run(test(["sslapitest", srctop_dir("test", "certs"),
unless ($no_fips) {
ok(run(app(['openssl', 'fipsinstall',
'-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', bldtop_file('providers', platform->dso('fips')),
- '-provider_name', 'fips',
- '-section_name', 'fips_sect'])),
+ '-module', bldtop_file('providers', platform->dso('fips'))])),
"fipsinstall");
ok(run(test(["sslapitest", srctop_dir("test", "certs"),
More information about the openssl-commits
mailing list