Page MenuHomeFreeBSD
Differential D24965

Add FIPS provider option for openssl-devel.
ClosedPublic
Actions

Authored by gordon on May 22 2020, 5:57 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Apr 11, 1:17 PM
Unknown Object (File)
Thu, Apr 11, 1:17 PM
Unknown Object (File)
Tue, Apr 9, 1:07 PM
Unknown Object (File)
Tue, Apr 9, 1:07 PM
Unknown Object (File)
Sun, Apr 7, 5:28 AM
Unknown Object (File)
Sun, Mar 31, 12:20 PM
Unknown Object (File)
Mar 10 2024, 7:10 PM
Unknown Object (File)
Mar 5 2024, 12:30 AM
View All 56 Files
Subscribers
mat

Details

Reviewers
brnrd
Commits
rP536340: security/openssl-devel: Add modules options
Summary

Add FIPS provider option for openssl-devel.

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

gordon created this revision.May 22 2020, 5:57 PM
Herald added a subscriber: mat. · View Herald TranscriptMay 22 2020, 5:57 PM
gordon requested review of this revision.May 22 2020, 5:57 PM
Harbormaster completed remote builds in B31242: Diff 72132.May 22 2020, 5:57 PM
gordon added a reviewer: brnrd.May 22 2020, 5:58 PM

Bernard,

With OpenSSL 3.0, it includes a FIPS provider and appropriate switches for the build. Thought it would be good to hook this up.

Gordon

brnrd added a comment.May 22 2020, 7:32 PM

Thanks! The Modules are one of the big changes in 3.0, should've picked that up.
It is now enabled by default, good to make it an option!
Guess we're missing a change to pkg-plist here?

===================================================================
--- pkg-plist   (revision 535366)
+++ pkg-plist   (working copy)
@@ -136,7 +136,7 @@
 lib/libssl.a
 %%SHARED%%lib/libssl.so
 %%SHARED%%lib/libssl.so.%%SHLIBVER%%
-%%SHARED%%lib/ossl-modules/fips.so
+%%FIPS%%%%SHARED%%lib/ossl-modules/fips.so
 %%SHARED%%lib/ossl-modules/legacy.so
 libdata/pkgconfig/libcrypto.pc
 libdata/pkgconfig/libssl.pc
gordon added a comment.May 22 2020, 7:33 PM
In D24965#549680, @brnrd wrote:

Thanks! The Modules are one of the big changes in 3.0, should've picked that up.
It is now enabled by default, good to make it an option!
Guess we're missing a change to pkg-plist here?

===================================================================
--- pkg-plist   (revision 535366)
+++ pkg-plist   (working copy)
@@ -136,7 +136,7 @@
 lib/libssl.a
 %%SHARED%%lib/libssl.so
 %%SHARED%%lib/libssl.so.%%SHLIBVER%%
-%%SHARED%%lib/ossl-modules/fips.so
+%%FIPS%%%%SHARED%%lib/ossl-modules/fips.so
 %%SHARED%%lib/ossl-modules/legacy.so
 libdata/pkgconfig/libcrypto.pc
 libdata/pkgconfig/libssl.pc

Ah yeah. I will admit I didn't actually test installing it as I didn't have a convenient host to test it on.

Gordon

brnrd updated this revision to Diff 72141.May 22 2020, 8:20 PM

Fix pkg-plist

  • Add options for ktls and legacy
  • Modules in an options group
Harbormaster completed remote builds in B31244: Diff 72141.May 22 2020, 8:20 PM
gordon added a comment.May 22 2020, 10:58 PM
In D24965#549710, @brnrd wrote:

Fix pkg-plist

  • Add options for ktls and legacy
  • Modules in an options group

Per D24274, the KTLS option has an OSVERSION dependency:

OPTIONS_EXCLUDE=${${OSVERSION} < 1300042:?KTLS:}
brnrd updated this revision to Diff 72174.May 23 2020, 7:03 PM

Only include kTLS option for correct FreeBSD version

Harbormaster completed remote builds in B31264: Diff 72174.May 23 2020, 7:03 PM
This revision was not accepted when it landed; it landed in state Needs Review.May 23 2020, 7:38 PM
Closed by commit rP536340: security/openssl-devel: Add modules options (authored by brnrd). · Explain Why
This revision was automatically updated to reflect the committed changes.
brnrd added a commit: rP536340: security/openssl-devel: Add modules options.

Revision Contents
Changeset List

PathSize
head/
security/
openssl-devel/
23 lines
4 lines

Diff 72178

View Options

head/security/openssl-devel/Makefile

Loading...
View Options

head/security/openssl-devel/pkg-plist

Loading...