[openssl] master update
Richard Levitte
levitte at openssl.org
Thu Oct 8 09:31:12 UTC 2020
The branch master has been updated
via b19b983017f3865b1b3411a4e635a670d5798774 (commit)
via d3ed80802d129fea8be0c128e64d7d253d4586d3 (commit)
via 8cab385ec522aa9a78e8f507becc90ec3a6c8fdb (commit)
via 403a5edcde4f2cd76f04b519224b13228ee1b0ff (commit)
via a1bfcb15d97b9cbb761dd7b4b2173d5b2b4dd2e5 (commit)
from 5884b05109d124f4c69df3be112c177ac4959684 (commit)
- Log -----------------------------------------------------------------
commit b19b983017f3865b1b3411a4e635a670d5798774
Author: Richard Levitte <levitte at openssl.org>
Date: Tue Oct 6 18:14:12 2020 +0200
Document install_fips in INSTALL.md
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13032)
commit d3ed80802d129fea8be0c128e64d7d253d4586d3
Author: Richard Levitte <levitte at openssl.org>
Date: Tue Sep 29 18:32:34 2020 +0200
providers/build.info: Tag the FIPS module, for the build file
The build file templates have code to pick up the 'fips' attribute and
thereby find out what module is the FIPS without having to resort to
ugly hard coding.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13032)
commit 8cab385ec522aa9a78e8f507becc90ec3a6c8fdb
Author: Richard Levitte <levitte at openssl.org>
Date: Tue Sep 29 18:31:58 2020 +0200
descrip.mms.tmpl: Add a target to install the FIPS module config
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13032)
commit 403a5edcde4f2cd76f04b519224b13228ee1b0ff
Author: Richard Levitte <levitte at openssl.org>
Date: Tue Sep 29 18:31:44 2020 +0200
windows-makefile.tmpl: Add a target to install the FIPS module config
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13032)
commit a1bfcb15d97b9cbb761dd7b4b2173d5b2b4dd2e5
Author: Richard Levitte <levitte at openssl.org>
Date: Tue Sep 29 11:11:38 2020 +0200
unix-Makefile.tmpl: Add a target to install the FIPS module config
Fixes #12195
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13032)
-----------------------------------------------------------------------
Summary of changes:
Configurations/descrip.mms.tmpl | 19 +++++++++++++++++++
Configurations/unix-Makefile.tmpl | 20 ++++++++++++++++++++
Configurations/windows-makefile.tmpl | 19 +++++++++++++++++++
INSTALL.md | 3 +++
providers/build.info | 2 +-
5 files changed, 62 insertions(+), 1 deletion(-)
diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
index b30d08b53a..a2f3293c54 100644
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
@@ -121,6 +121,13 @@ SHLIB_TARGET={- $target{shared_target} -}
LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @libs) -}
SHLIBS={- join(", ", map { "-\n\t".$_.".EXE" } @shlibs) -}
+FIPSMODULENAME={- # We do some extra checking here, as there should be only one
+ my @fipsmodules =
+ grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
+ && $unified_info{attributes}->{modules}->{$_}->{fips} }
+ @{$unified_info{modules}};
+ die "More that one FIPS module" if scalar @fipsmodules > 1;
+ join(", ", map { basename platform->dso($_) } @fipsmodules) -}
MODULES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{modules}}) -}
PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{programs}}) -}
SCRIPTS={- join(", ", map { "-\n\t".$_ } @{$unified_info{scripts}}) -}
@@ -539,6 +546,18 @@ install_docs : install_html_docs
uninstall_docs : uninstall_html_docs
+install_fips: install_sw
+ @ WRITE SYS$OUTPUT "*** Installing FIPS module configuration"
+ @ WRITE SYS$OUTPUT "fipsinstall $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf"
+ openssl fipsinstall -
+ -module ossl_installroot:[MODULES{- $sover_dirname.$target{pointer_size} -}.'arch']$(FIPSMODULENAME) -
+ -out ossl_installroot:[MODULES{- $sover_dirname.$target{pointer_size} -}.'arch']$(FIPSMODULENAME).cnf -
+ -macopt "key:$(FIPSKEY)"
+
+uninstall_fips: uninstall_sw
+ @ WRITE SYS$OUTPUT "*** Uninstalling FIPS module configuration"
+ DELETE ossl_installroot:[MODULES{- $sover_dirname.$target{pointer_size} -}.'arch']$(FIPSMODULENAME).cnf;*
+
install_ssldirs : check_INSTALLTOP
- CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[000000]
IF F$SEARCH("OSSL_DATAROOT:[000000]CERTS.DIR;1") .EQS. "" THEN -
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 36a7ffbf93..4fab096121 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -87,6 +87,14 @@ MODULES={- join(" \\\n" . ' ' x 8,
fill_lines(" ", $COLUMNS - 8,
map { platform->dso($_) }
@{$unified_info{modules}})) -}
+FIPSMODULENAME={- # We do some extra checking here, as there should be only one
+ my @fipsmodules =
+ grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
+ && $unified_info{attributes}->{modules}->{$_}->{fips} }
+ @{$unified_info{modules}};
+ die "More that one FIPS module" if scalar @fipsmodules > 1;
+ join(" ", map { basename platform->dso($_) } @fipsmodules) -}
+
PROGRAMS={- join(" \\\n" . ' ' x 9,
fill_lines(" ", $COLUMNS - 9,
map { platform->bin($_) }
@@ -551,6 +559,18 @@ install_docs: install_man_docs install_html_docs
uninstall_docs: uninstall_man_docs uninstall_html_docs
$(RM) -r $(DESTDIR)$(DOCDIR)
+install_fips: install_sw
+ @$(ECHO) "*** Installing FIPS module configuration"
+ @$(ECHO) "fipsinstall $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf"
+ @openssl fipsinstall -module $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME) \
+ -out $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf \
+ -macopt 'key:$(FIPSKEY)'
+
+uninstall_fips: uninstall_sw
+ @$(ECHO) "*** Uninstalling FIPS module configuration"
+ @$(ECHO) "$(RM) $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf"
+ @$(RM) $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf
+
install_ssldirs:
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/certs
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/private
diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
index dfabda7eef..ce042d6ee8 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -51,6 +51,13 @@ SHLIBPDBS={- join(" ", map { platform->sharedlibpdb($_) // () } @{$unified_info{
MODULES={- our @MODULES = map { platform->dso($_) } @{$unified_info{modules}};
join(" ", @MODULES) -}
MODULEPDBS={- join(" ", map { platform->dsopdb($_) } @{$unified_info{modules}}) -}
+FIPSMODULENAME={- # We do some extra checking here, as there should be only one
+ my @fipsmodules =
+ grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
+ && $unified_info{attributes}->{modules}->{$_}->{fips} }
+ @{$unified_info{modules}};
+ die "More that one FIPS module" if scalar @fipsmodules > 1;
+ join(" ", map { basename platform->dso($_) } @fipsmodules) -}
PROGRAMS={- our @PROGRAMS = map { platform->bin($_) } @{$unified_info{programs}}; join(" ", @PROGRAMS) -}
PROGRAMPDBS={- join(" ", map { $_.".pdb" } @{$unified_info{programs}}) -}
SCRIPTS={- our @SCRIPTS = @{$unified_info{scripts}}; join(" ", @SCRIPTS) -}
@@ -463,6 +470,18 @@ install_docs: install_html_docs
uninstall_docs: uninstall_html_docs
+install_fips: install_sw
+ @$(ECHO) "*** Installing FIPS module configuration"
+ @$(ECHO) "fipsinstall $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf"
+ @openssl fipsinstall -module $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME) \
+ -out $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf \
+ -macopt "key:$(FIPSKEY)"
+
+uninstall_fips: uninstall_sw
+ @$(ECHO) "*** Uninstalling FIPS module configuration"
+ @$(ECHO) "$(RM) $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf"
+ @$(RM) $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf
+
install_ssldirs:
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\certs"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\private"
diff --git a/INSTALL.md b/INSTALL.md
index 893049b16e..813d8b456d 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -1470,6 +1470,9 @@ described here. Examine the Makefiles themselves for the full list.
install_html_docs
Only install the OpenSSL HTML documentation.
+
+ install_fips
+ Install the FIPS provider module configuration file.
list-tests
Prints a list of all the self test names.
diff --git a/providers/build.info b/providers/build.info
index f2e0d433c9..b365bda0ec 100644
--- a/providers/build.info
+++ b/providers/build.info
@@ -140,7 +140,7 @@ ENDIF
IF[{- !$disabled{fips} -}]
# This is the trigger to actually build the FIPS module. Without these
# statements, the final build file will not have a trace of it.
- MODULES=$FIPSGOAL
+ MODULES{fips}=$FIPSGOAL
LIBS{noinst}=$LIBFIPS
ENDIF
More information about the openssl-commits
mailing list