From 6ffa0fc3a4dbd0e506db7e5ea11d30aa3f1adbce Mon Sep 17 00:00:00 2001 From: lbermes <41416957+lbermes@users.noreply.github.com> Date: Sat, 22 Apr 2023 00:02:05 +0200 Subject: [PATCH] [openssl] support fips build feature (#30916) * Added option to enable fips build for openssl I only implement and tested it for windows as I have no option to do this under linux * Adjusted port version * Updated to support only for Windows * Corrected Formatting * Corrected SHA for vcpkg x-add-version --all * Changes requested by review Removed the not needed FEATURE FIPS Initialize INSTALL_FIPS as empty * Corrected SHA for vcpkg x-add-version --all * Removed Windows only support * Corrected SHA for vcpkg x-add-version --all * Added "supports": "!static" As the provider conecpts needs dynamic linkage * Corrected SHA for vcpkg x-add-version --all --- ports/openssl/portfile.cmake | 6 ++++++ ports/openssl/vcpkg.json | 6 +++++- ports/openssl/windows/portfile.cmake | 3 ++- versions/baseline.json | 2 +- versions/o-/openssl.json | 5 +++++ 5 files changed, 19 insertions(+), 3 deletions(-) diff --git a/ports/openssl/portfile.cmake b/ports/openssl/portfile.cmake index 05559d42f0..2020362430 100644 --- a/ports/openssl/portfile.cmake +++ b/ports/openssl/portfile.cmake @@ -40,6 +40,12 @@ vcpkg_list(SET CONFIGURE_OPTIONS no-tests ) +set(INSTALL_FIPS "") +if("fips" IN_LIST FEATURES) + vcpkg_list(APPEND INSTALL_FIPS install_fips) + vcpkg_list(APPEND CONFIGURE_OPTIONS enable-fips) +endif() + if(VCPKG_LIBRARY_LINKAGE STREQUAL "dynamic") vcpkg_list(APPEND CONFIGURE_OPTIONS shared) else() diff --git a/ports/openssl/vcpkg.json b/ports/openssl/vcpkg.json index 0753b62b9b..31fafaceb0 100644 --- a/ports/openssl/vcpkg.json +++ b/ports/openssl/vcpkg.json @@ -1,7 +1,7 @@ { "name": "openssl", "version": "3.1.0", - "port-version": 1, + "port-version": 2, "description": "OpenSSL is an open source project that provides a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.", "homepage": "https://www.openssl.org", "license": "Apache-2.0", @@ -20,6 +20,10 @@ } ], "features": { + "fips": { + "description": "Enable fips", + "supports": "!static" + }, "tools": { "description": "Install openssl executable and scripts", "supports": "!uwp" diff --git a/ports/openssl/windows/portfile.cmake b/ports/openssl/windows/portfile.cmake index a5a5da413d..e9c0df4d7a 100644 --- a/ports/openssl/windows/portfile.cmake +++ b/ports/openssl/windows/portfile.cmake @@ -77,7 +77,7 @@ vcpkg_build_nmake( "LD=${ld}" "LDFLAGS=${VCPKG_COMBINED_SHARED_LINKER_FLAGS_DEBUG}" PROJECT_NAME "makefile" - TARGET install_dev install_modules + TARGET install_dev install_modules ${INSTALL_FIPS} LOGFILE_ROOT install OPTIONS "INSTALL_PDBS=${OPENSSL_BUILD_MAKES_PDBS}" # install-pdbs.patch @@ -125,4 +125,5 @@ file(REMOVE "${CURRENT_PACKAGES_DIR}/debug/ct_log_list.cnf.dist" "${CURRENT_PACKAGES_DIR}/debug/openssl.cnf" "${CURRENT_PACKAGES_DIR}/debug/openssl.cnf.dist" + "${CURRENT_PACKAGES_DIR}/debug/fipsmodule.cnf" ) diff --git a/versions/baseline.json b/versions/baseline.json index 127db13e80..3404083427 100644 --- a/versions/baseline.json +++ b/versions/baseline.json @@ -5882,7 +5882,7 @@ }, "openssl": { "baseline": "3.1.0", - "port-version": 1 + "port-version": 2 }, "openssl-unix": { "baseline": "deprecated", diff --git a/versions/o-/openssl.json b/versions/o-/openssl.json index e782c806ab..4a3a2cb5d2 100644 --- a/versions/o-/openssl.json +++ b/versions/o-/openssl.json @@ -1,5 +1,10 @@ { "versions": [ + { + "git-tree": "64fc47730d346ecacc9f948c2c3138363ed8f702", + "version": "3.1.0", + "port-version": 2 + }, { "git-tree": "b123beef6759b490ff8679b5cd4db0f721a2808a", "version": "3.1.0",