bpo-38820: Test with OpenSSL 3.0.0-alpha16 (GH-25942)

Also use new make target to install FIPS provider.
2021-05-06 16:30:12 +02:00 · 2021-05-06 16:30:12 +02:00 · e8525567dd
parent 698e9a8211
commit e8525567dd
2 changed files with 12 additions and 45 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -177,7 +177,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        openssl_ver: [1.1.1k, 3.0.0-alpha15]
+        openssl_ver: [1.1.1k, 3.0.0-alpha16]
    env:
      OPENSSL_VER: ${{ matrix.openssl_ver }}
      MULTISSL_DIR: ${{ github.workspace }}/multissl
--- a/Tools/ssl/multissltests.py
+++ b/Tools/ssl/multissltests.py
@ -48,7 +48,7 @@

 OPENSSL_RECENT_VERSIONS = [
    "1.1.1k",
-    "3.0.0-alpha15"
+    "3.0.0-alpha16"
 ]

 LIBRESSL_OLD_VERSIONS = [
@ -143,23 +143,6 @@
    help="Keep original sources for debugging."
 )

-OPENSSL_FIPS_CNF = """\
-openssl_conf = openssl_init
-
-.include {self.install_dir}/ssl/fipsinstall.cnf
-# .include {self.install_dir}/ssl/openssl.cnf
-
-[openssl_init]
-providers = provider_sect
-
-[provider_sect]
-fips = fips_sect
-default = default_sect
-
-[default_sect]
-activate = 1
-"""
-

 class AbstractBuilder(object):
    library = None
@ -304,12 +287,12 @@ def _unpack_src(self):
        log.info("Unpacking files to {}".format(self.build_dir))
        tf.extractall(self.build_dir, members)

-    def _build_src(self):
+    def _build_src(self, config_args=()):
        """Now build openssl"""
        log.info("Running build in {}".format(self.build_dir))
        cwd = self.build_dir
        cmd = [
-            "./config",
+            "./config", *config_args,
            "shared", "--debug",
            "--prefix={}".format(self.install_dir)
        ]
@ -417,35 +400,19 @@ def _post_install(self):
        if self.version.startswith("3.0"):
            self._post_install_300()

+    def _build_src(self, config_args=()):
+        if self.version.startswith("3.0"):
+            config_args += ("enable-fips",)
+        super()._build_src(config_args)
+
    def _post_install_300(self):
        # create ssl/ subdir with example configs
+        # Install FIPS module
        self._subprocess_call(
-            ["make", "-j1", "install_ssldirs"],
+            ["make", "-j1", "install_ssldirs", "install_fips"],
            cwd=self.build_dir
        )
-        # Install FIPS module
-        # https://wiki.openssl.org/index.php/OpenSSL_3.0#Completing_the_installation_of_the_FIPS_Module
-        fipsinstall_cnf = os.path.join(
-            self.install_dir, "ssl", "fipsinstall.cnf"
-        )
-        openssl_fips_cnf = os.path.join(
-            self.install_dir, "ssl", "openssl-fips.cnf"
-        )
-        fips_mod = os.path.join(self.lib_dir, "ossl-modules/fips.so")
-        self._subprocess_call(
-            [
-                self.openssl_cli, "fipsinstall",
-                "-out", fipsinstall_cnf,
-                "-module", fips_mod,
-                # "-provider_name", "fips",
-                # "-mac_name", "HMAC",
-                # "-macopt", "digest:SHA256",
-                # "-macopt", "hexkey:00",
-                # "-section_name", "fips_sect"
-            ]
-        )
-        with open(openssl_fips_cnf, "w") as f:
-            f.write(OPENSSL_FIPS_CNF.format(self=self))
+
    @property
    def short_version(self):
        """Short version for OpenSSL download URL"""