The branch master has been updated via b19b983017f3865b1b3411a4e635a670d5798774 (commit) via d3ed80802d129fea8be0c128e64d7d253d4586d3 (commit) via 8cab385ec522aa9a78e8f507becc90ec3a6c8fdb (commit) via 403a5edcde4f2cd76f04b519224b13228ee1b0ff (commit) via a1bfcb15d97b9cbb761dd7b4b2173d5b2b4dd2e5 (commit) from 5884b05109d124f4c69df3be112c177ac4959684 (commit)
- Log ----------------------------------------------------------------- commit b19b983017f3865b1b3411a4e635a670d5798774 Author: Richard Levitte <levi...@openssl.org> Date: Tue Oct 6 18:14:12 2020 +0200 Document install_fips in INSTALL.md Reviewed-by: Matt Caswell <m...@openssl.org> Reviewed-by: Tomas Mraz <tm...@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13032) commit d3ed80802d129fea8be0c128e64d7d253d4586d3 Author: Richard Levitte <levi...@openssl.org> Date: Tue Sep 29 18:32:34 2020 +0200 providers/build.info: Tag the FIPS module, for the build file The build file templates have code to pick up the 'fips' attribute and thereby find out what module is the FIPS without having to resort to ugly hard coding. Reviewed-by: Matt Caswell <m...@openssl.org> Reviewed-by: Tomas Mraz <tm...@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13032) commit 8cab385ec522aa9a78e8f507becc90ec3a6c8fdb Author: Richard Levitte <levi...@openssl.org> Date: Tue Sep 29 18:31:58 2020 +0200 descrip.mms.tmpl: Add a target to install the FIPS module config Reviewed-by: Matt Caswell <m...@openssl.org> Reviewed-by: Tomas Mraz <tm...@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13032) commit 403a5edcde4f2cd76f04b519224b13228ee1b0ff Author: Richard Levitte <levi...@openssl.org> Date: Tue Sep 29 18:31:44 2020 +0200 windows-makefile.tmpl: Add a target to install the FIPS module config Reviewed-by: Matt Caswell <m...@openssl.org> Reviewed-by: Tomas Mraz <tm...@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13032) commit a1bfcb15d97b9cbb761dd7b4b2173d5b2b4dd2e5 Author: Richard Levitte <levi...@openssl.org> Date: Tue Sep 29 11:11:38 2020 +0200 unix-Makefile.tmpl: Add a target to install the FIPS module config Fixes #12195 Reviewed-by: Matt Caswell <m...@openssl.org> Reviewed-by: Tomas Mraz <tm...@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13032) ----------------------------------------------------------------------- Summary of changes: Configurations/descrip.mms.tmpl | 19 +++++++++++++++++++ Configurations/unix-Makefile.tmpl | 20 ++++++++++++++++++++ Configurations/windows-makefile.tmpl | 19 +++++++++++++++++++ INSTALL.md | 3 +++ providers/build.info | 2 +- 5 files changed, 62 insertions(+), 1 deletion(-) diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl index b30d08b53a..a2f3293c54 100644 --- a/Configurations/descrip.mms.tmpl +++ b/Configurations/descrip.mms.tmpl @@ -121,6 +121,13 @@ SHLIB_TARGET={- $target{shared_target} -} LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @libs) -} SHLIBS={- join(", ", map { "-\n\t".$_.".EXE" } @shlibs) -} +FIPSMODULENAME={- # We do some extra checking here, as there should be only one + my @fipsmodules = + grep { !$unified_info{attributes}->{modules}->{$_}->{noinst} + && $unified_info{attributes}->{modules}->{$_}->{fips} } + @{$unified_info{modules}}; + die "More that one FIPS module" if scalar @fipsmodules > 1; + join(", ", map { basename platform->dso($_) } @fipsmodules) -} MODULES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{modules}}) -} PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{programs}}) -} SCRIPTS={- join(", ", map { "-\n\t".$_ } @{$unified_info{scripts}}) -} @@ -539,6 +546,18 @@ install_docs : install_html_docs uninstall_docs : uninstall_html_docs +install_fips: install_sw + @ WRITE SYS$OUTPUT "*** Installing FIPS module configuration" + @ WRITE SYS$OUTPUT "fipsinstall $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf" + openssl fipsinstall - + -module ossl_installroot:[MODULES{- $sover_dirname.$target{pointer_size} -}.'arch']$(FIPSMODULENAME) - + -out ossl_installroot:[MODULES{- $sover_dirname.$target{pointer_size} -}.'arch']$(FIPSMODULENAME).cnf - + -macopt "key:$(FIPSKEY)" + +uninstall_fips: uninstall_sw + @ WRITE SYS$OUTPUT "*** Uninstalling FIPS module configuration" + DELETE ossl_installroot:[MODULES{- $sover_dirname.$target{pointer_size} -}.'arch']$(FIPSMODULENAME).cnf;* + install_ssldirs : check_INSTALLTOP - CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[000000] IF F$SEARCH("OSSL_DATAROOT:[000000]CERTS.DIR;1") .EQS. "" THEN - diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 36a7ffbf93..4fab096121 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -87,6 +87,14 @@ MODULES={- join(" \\\n" . ' ' x 8, fill_lines(" ", $COLUMNS - 8, map { platform->dso($_) } @{$unified_info{modules}})) -} +FIPSMODULENAME={- # We do some extra checking here, as there should be only one + my @fipsmodules = + grep { !$unified_info{attributes}->{modules}->{$_}->{noinst} + && $unified_info{attributes}->{modules}->{$_}->{fips} } + @{$unified_info{modules}}; + die "More that one FIPS module" if scalar @fipsmodules > 1; + join(" ", map { basename platform->dso($_) } @fipsmodules) -} + PROGRAMS={- join(" \\\n" . ' ' x 9, fill_lines(" ", $COLUMNS - 9, map { platform->bin($_) } @@ -551,6 +559,18 @@ install_docs: install_man_docs install_html_docs uninstall_docs: uninstall_man_docs uninstall_html_docs $(RM) -r $(DESTDIR)$(DOCDIR) +install_fips: install_sw + @$(ECHO) "*** Installing FIPS module configuration" + @$(ECHO) "fipsinstall $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf" + @openssl fipsinstall -module $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME) \ + -out $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf \ + -macopt 'key:$(FIPSKEY)' + +uninstall_fips: uninstall_sw + @$(ECHO) "*** Uninstalling FIPS module configuration" + @$(ECHO) "$(RM) $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf" + @$(RM) $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf + install_ssldirs: @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/certs @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/private diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index dfabda7eef..ce042d6ee8 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -51,6 +51,13 @@ SHLIBPDBS={- join(" ", map { platform->sharedlibpdb($_) // () } @{$unified_info{ MODULES={- our @MODULES = map { platform->dso($_) } @{$unified_info{modules}}; join(" ", @MODULES) -} MODULEPDBS={- join(" ", map { platform->dsopdb($_) } @{$unified_info{modules}}) -} +FIPSMODULENAME={- # We do some extra checking here, as there should be only one + my @fipsmodules = + grep { !$unified_info{attributes}->{modules}->{$_}->{noinst} + && $unified_info{attributes}->{modules}->{$_}->{fips} } + @{$unified_info{modules}}; + die "More that one FIPS module" if scalar @fipsmodules > 1; + join(" ", map { basename platform->dso($_) } @fipsmodules) -} PROGRAMS={- our @PROGRAMS = map { platform->bin($_) } @{$unified_info{programs}}; join(" ", @PROGRAMS) -} PROGRAMPDBS={- join(" ", map { $_.".pdb" } @{$unified_info{programs}}) -} SCRIPTS={- our @SCRIPTS = @{$unified_info{scripts}}; join(" ", @SCRIPTS) -} @@ -463,6 +470,18 @@ install_docs: install_html_docs uninstall_docs: uninstall_html_docs +install_fips: install_sw + @$(ECHO) "*** Installing FIPS module configuration" + @$(ECHO) "fipsinstall $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf" + @openssl fipsinstall -module $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME) \ + -out $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf \ + -macopt "key:$(FIPSKEY)" + +uninstall_fips: uninstall_sw + @$(ECHO) "*** Uninstalling FIPS module configuration" + @$(ECHO) "$(RM) $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf" + @$(RM) $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf + install_ssldirs: @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\certs" @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\private" diff --git a/INSTALL.md b/INSTALL.md index 893049b16e..813d8b456d 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -1470,6 +1470,9 @@ described here. Examine the Makefiles themselves for the full list. install_html_docs Only install the OpenSSL HTML documentation. + + install_fips + Install the FIPS provider module configuration file. list-tests Prints a list of all the self test names. diff --git a/providers/build.info b/providers/build.info index f2e0d433c9..b365bda0ec 100644 --- a/providers/build.info +++ b/providers/build.info @@ -140,7 +140,7 @@ ENDIF IF[{- !$disabled{fips} -}] # This is the trigger to actually build the FIPS module. Without these # statements, the final build file will not have a trace of it. - MODULES=$FIPSGOAL + MODULES{fips}=$FIPSGOAL LIBS{noinst}=$LIBFIPS ENDIF