[openssl] master update

matthias.st.pierre at ncp-e.com matthias.st.pierre at ncp-e.com
Tue Apr 13 10:14:15 UTC 2021 

The branch master has been updated
       via  3ab736acb89c277bd174f958591c65c66d611c72 (commit)
      from  0f10196042a4aa43b9b1966e0709060c5b8658bc (commit)


- Log -----------------------------------------------------------------
commit 3ab736acb89c277bd174f958591c65c66d611c72
Author: Dr. Matthias St. Pierre <matthias.st.pierre at ncp-e.com>
Date:   Tue Feb 9 00:16:55 2021 +0100

    util/wrap.pl: use the apps/openssl.cnf from the source tree
    
    The `make install_fips` target failed
    
        msp at debian:~/src/openssl$ make install_fips
        *** Installing FIPS module
        install providers/fips.so -> /opt/openssl-dev/lib/ossl-modules/fips.so
        *** Installing FIPS module configuration
        fipsinstall /opt/openssl-dev/ssl/fipsmodule.cnf
        FATAL: Startup failure (dev note: apps_startup()) for ./apps/openssl
        ... No such file or directory:crypto/conf/conf_def.c:771:calling stat(fipsmodule.cnf)
        ...
        make: *** [Makefile:3341: install_fips] Error 1
    
    because the `openssl fipsinstall` command was loading a previously installed
    configuration file instead of the copy shipped with the source tree.
    
        msp at debian:~/src/openssl$ strace -f make install_fips |& grep openssl.cnf
        [pid 128683] openat(AT_FDCWD, "/opt/openssl-dev/ssl/openssl.cnf", O_RDONLY) = 3
    
    This issue reveiled a more general problem, which applies to the tests as well:
    unless openssl is installed, the openssl app must not use any preinstalled
    configuration file. This holds in particular when the preinstalled configuration
    file load providers, which caused the above failure.
    
    The most consistent way to achieve this behaviour is to set the OPENSSL_CONF
    environment variable to the correct location in the util/wrap.pl perl wrapper.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14136)

-----------------------------------------------------------------------

Summary of changes:
 Configurations/unix-Makefile.tmpl    | 9 ++++++++-
 Configurations/windows-makefile.tmpl | 6 +++++-
 util/wrap.pl                         | 3 +++
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index ef4fd5f077..1ff418c4c6 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -1215,7 +1215,8 @@ tar:
 
 # Helper targets #####################################################
 
-link-utils: $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/util/wrap.pl
+link-utils: $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/util/wrap.pl \
+            $(BLDDIR)/apps/openssl.cnf
 
 $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/util/wrap.pl: configdata.pm
 	@if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \
@@ -1223,6 +1224,12 @@ $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/util/wrap.pl: configdata.pm
 	    ln -sf "../$(SRCDIR)/util/`basename "$@"`" "$(BLDDIR)/util"; \
 	fi
 
+$(BLDDIR)/apps/openssl.cnf: configdata.pm
+	@if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \
+	    mkdir -p "$(BLDDIR)/apps"; \
+	    ln -sf "../$(SRCDIR)/apps/`basename "$@"`" "$(BLDDIR)/apps"; \
+	fi
+
 FORCE:
 
 # Building targets ###################################################
diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
index 846c500bef..050d618a23 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -594,12 +594,16 @@ uninstall_html_docs:
 
 # Helper targets #####################################################
 
-copy-utils: $(BLDDIR)\util\wrap.pl
+copy-utils: $(BLDDIR)\util\wrap.pl $(BLDDIR)\apps\openssl.cnf
 
 $(BLDDIR)\util\wrap.pl: configdata.pm
 	@if NOT EXIST "$(BLDDIR)\util" mkdir "$(BLDDIR)\util"
 	@if NOT "$(SRCDIR)"=="$(BLDDIR)" copy "$(SRCDIR)\util\$(@F)" "$(BLDDIR)\util"
 
+$(BLDDIR)\apps\openssl.cnf: configdata.pm
+	@if NOT EXIST "$(BLDDIR)\apps" mkdir "$(BLDDIR)\apps"
+	@if NOT "$(SRCDIR)"=="$(BLDDIR)" copy "$(SRCDIR)\apps\$(@F)" "$(BLDDIR)\apps"
+
 # Building targets ###################################################
 
 configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -}
diff --git a/util/wrap.pl b/util/wrap.pl
index fd24c42c8b..69be06d302 100755
--- a/util/wrap.pl
+++ b/util/wrap.pl
@@ -9,12 +9,15 @@ use File::Spec::Functions;
 my $there = canonpath(catdir(dirname($0), updir()));
 my $std_engines = catdir($there, 'engines');
 my $std_providers = catdir($there, 'providers');
+my $std_openssl_conf = catdir($there, 'apps/openssl.cnf');
 my $unix_shlib_wrap = catfile($there, 'util/shlib_wrap.sh');
 
 $ENV{OPENSSL_ENGINES} = $std_engines
     if ($ENV{OPENSSL_ENGINES} // '') eq '' && -d $std_engines;
 $ENV{OPENSSL_MODULES} = $std_providers
     if ($ENV{OPENSSL_MODULES} // '') eq '' && -d $std_providers;
+$ENV{OPENSSL_CONF} = $std_openssl_conf
+    if ($ENV{OPENSSL_CONF} // '') eq '' && -f $std_openssl_conf;
 
 my $use_system = 0;
 my @cmd;

More information about the openssl-commits mailing list