Page MenuHomeFreeBSD

Add FIPS provider option for openssl-devel.
ClosedPublic

Authored by gordon on May 22 2020, 5:57 PM.

Details

Summary

Add FIPS provider option for openssl-devel.

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

Bernard,

With OpenSSL 3.0, it includes a FIPS provider and appropriate switches for the build. Thought it would be good to hook this up.

Gordon

Thanks! The Modules are one of the big changes in 3.0, should've picked that up.
It is now enabled by default, good to make it an option!
Guess we're missing a change to pkg-plist here?

===================================================================
--- pkg-plist   (revision 535366)
+++ pkg-plist   (working copy)
@@ -136,7 +136,7 @@
 lib/libssl.a
 %%SHARED%%lib/libssl.so
 %%SHARED%%lib/libssl.so.%%SHLIBVER%%
-%%SHARED%%lib/ossl-modules/fips.so
+%%FIPS%%%%SHARED%%lib/ossl-modules/fips.so
 %%SHARED%%lib/ossl-modules/legacy.so
 libdata/pkgconfig/libcrypto.pc
 libdata/pkgconfig/libssl.pc

Thanks! The Modules are one of the big changes in 3.0, should've picked that up.
It is now enabled by default, good to make it an option!
Guess we're missing a change to pkg-plist here?

===================================================================
--- pkg-plist   (revision 535366)
+++ pkg-plist   (working copy)
@@ -136,7 +136,7 @@
 lib/libssl.a
 %%SHARED%%lib/libssl.so
 %%SHARED%%lib/libssl.so.%%SHLIBVER%%
-%%SHARED%%lib/ossl-modules/fips.so
+%%FIPS%%%%SHARED%%lib/ossl-modules/fips.so
 %%SHARED%%lib/ossl-modules/legacy.so
 libdata/pkgconfig/libcrypto.pc
 libdata/pkgconfig/libssl.pc

Ah yeah. I will admit I didn't actually test installing it as I didn't have a convenient host to test it on.

Gordon

Fix pkg-plist

  • Add options for ktls and legacy
  • Modules in an options group

Fix pkg-plist

  • Add options for ktls and legacy
  • Modules in an options group

Per D24274, the KTLS option has an OSVERSION dependency:

OPTIONS_EXCLUDE=${${OSVERSION} < 1300042:?KTLS:}

Only include kTLS option for correct FreeBSD version

This revision was not accepted when it landed; it landed in state Needs Review.May 23 2020, 7:38 PM
This revision was automatically updated to reflect the committed changes.