Page MenuHomeFreeBSD

Add FIPS provider option for openssl-devel.
ClosedPublic

Authored by gordon on Fri, May 22, 5:57 PM.

Details

Summary

Add FIPS provider option for openssl-devel.

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

gordon created this revision.Fri, May 22, 5:57 PM
gordon requested review of this revision.Fri, May 22, 5:57 PM

Bernard,

With OpenSSL 3.0, it includes a FIPS provider and appropriate switches for the build. Thought it would be good to hook this up.

Gordon

brnrd added a comment.Fri, May 22, 7:32 PM

Thanks! The Modules are one of the big changes in 3.0, should've picked that up.
It is now enabled by default, good to make it an option!
Guess we're missing a change to pkg-plist here?

===================================================================
--- pkg-plist   (revision 535366)
+++ pkg-plist   (working copy)
@@ -136,7 +136,7 @@
 lib/libssl.a
 %%SHARED%%lib/libssl.so
 %%SHARED%%lib/libssl.so.%%SHLIBVER%%
-%%SHARED%%lib/ossl-modules/fips.so
+%%FIPS%%%%SHARED%%lib/ossl-modules/fips.so
 %%SHARED%%lib/ossl-modules/legacy.so
 libdata/pkgconfig/libcrypto.pc
 libdata/pkgconfig/libssl.pc

Thanks! The Modules are one of the big changes in 3.0, should've picked that up.
It is now enabled by default, good to make it an option!
Guess we're missing a change to pkg-plist here?

===================================================================
--- pkg-plist   (revision 535366)
+++ pkg-plist   (working copy)
@@ -136,7 +136,7 @@
 lib/libssl.a
 %%SHARED%%lib/libssl.so
 %%SHARED%%lib/libssl.so.%%SHLIBVER%%
-%%SHARED%%lib/ossl-modules/fips.so
+%%FIPS%%%%SHARED%%lib/ossl-modules/fips.so
 %%SHARED%%lib/ossl-modules/legacy.so
 libdata/pkgconfig/libcrypto.pc
 libdata/pkgconfig/libssl.pc

Ah yeah. I will admit I didn't actually test installing it as I didn't have a convenient host to test it on.

Gordon

brnrd updated this revision to Diff 72141.Fri, May 22, 8:20 PM

Fix pkg-plist

  • Add options for ktls and legacy
  • Modules in an options group

Fix pkg-plist

  • Add options for ktls and legacy
  • Modules in an options group

Per D24274, the KTLS option has an OSVERSION dependency:

OPTIONS_EXCLUDE=${${OSVERSION} < 1300042:?KTLS:}
brnrd updated this revision to Diff 72174.Sat, May 23, 7:03 PM

Only include kTLS option for correct FreeBSD version

This revision was not accepted when it landed; it landed in state Needs Review.Sat, May 23, 7:38 PM
This revision was automatically updated to reflect the committed changes.