mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-09-27 02:39:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 13

bpo-38820: Test with OpenSSL 3.0.0-alpha16 (GH-25942)

Browse source 
Also use new make target to install FIPS provider.
This commit is contained in:
Christian Heimes 2021-05-06 16:30:12 +02:00 committed by GitHub
parent 698e9a8211
commit e8525567dd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/build.yml vendored
View file

@ -177,7 +177,7 @@ jobs:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
openssl_ver: [1.1.1k, 3.0.0-alpha15] openssl_ver: [1.1.1k, 3.0.0-alpha16]
env: env:
OPENSSL_VER: ${{ matrix.openssl_ver }} OPENSSL_VER: ${{ matrix.openssl_ver }}
MULTISSL_DIR: ${{ github.workspace }}/multissl MULTISSL_DIR: ${{ github.workspace }}/multissl

55
Tools/ssl/multissltests.py
View file

@ -48,7 +48,7 @@ OPENSSL_OLD_VERSIONS = [
OPENSSL_RECENT_VERSIONS = [ OPENSSL_RECENT_VERSIONS = [
"1.1.1k", "1.1.1k",
"3.0.0-alpha15" "3.0.0-alpha16"
] ]
LIBRESSL_OLD_VERSIONS = [ LIBRESSL_OLD_VERSIONS = [
@ -143,23 +143,6 @@ parser.add_argument(
help="Keep original sources for debugging." help="Keep original sources for debugging."
) )
OPENSSL_FIPS_CNF = """\
openssl_conf = openssl_init
.include {self.install_dir}/ssl/fipsinstall.cnf
# .include {self.install_dir}/ssl/openssl.cnf
[openssl_init]
providers = provider_sect
[provider_sect]
fips = fips_sect
default = default_sect
[default_sect]
activate = 1
"""
class AbstractBuilder(object): class AbstractBuilder(object):
library = None library = None
@ -304,12 +287,12 @@ class AbstractBuilder(object):
log.info("Unpacking files to {}".format(self.build_dir)) log.info("Unpacking files to {}".format(self.build_dir))
tf.extractall(self.build_dir, members) tf.extractall(self.build_dir, members)
def _build_src(self): def _build_src(self, config_args=()):
"""Now build openssl""" """Now build openssl"""
log.info("Running build in {}".format(self.build_dir)) log.info("Running build in {}".format(self.build_dir))
cwd = self.build_dir cwd = self.build_dir
cmd = [ cmd = [
"./config", "./config", *config_args,
"shared", "--debug", "shared", "--debug",
"--prefix={}".format(self.install_dir) "--prefix={}".format(self.install_dir)
] ]
@ -417,35 +400,19 @@ class BuildOpenSSL(AbstractBuilder):
if self.version.startswith("3.0"): if self.version.startswith("3.0"):
self._post_install_300() self._post_install_300()
def _build_src(self, config_args=()):
if self.version.startswith("3.0"):
config_args += ("enable-fips",)
super()._build_src(config_args)
def _post_install_300(self): def _post_install_300(self):
# create ssl/ subdir with example configs # create ssl/ subdir with example configs
# Install FIPS module
self._subprocess_call( self._subprocess_call(
["make", "-j1", "install_ssldirs"], ["make", "-j1", "install_ssldirs", "install_fips"],
cwd=self.build_dir cwd=self.build_dir
) )
# Install FIPS module
# https://wiki.openssl.org/index.php/OpenSSL_3.0#Completing_the_installation_of_the_FIPS_Module
fipsinstall_cnf = os.path.join(
self.install_dir, "ssl", "fipsinstall.cnf"
)
openssl_fips_cnf = os.path.join(
self.install_dir, "ssl", "openssl-fips.cnf"
)
fips_mod = os.path.join(self.lib_dir, "ossl-modules/fips.so")
self._subprocess_call(
[
self.openssl_cli, "fipsinstall",
"-out", fipsinstall_cnf,
"-module", fips_mod,
# "-provider_name", "fips",
# "-mac_name", "HMAC",
# "-macopt", "digest:SHA256",
# "-macopt", "hexkey:00",
# "-section_name", "fips_sect"
]
)
with open(openssl_fips_cnf, "w") as f:
f.write(OPENSSL_FIPS_CNF.format(self=self))
@property @property
def short_version(self): def short_version(self):
"""Short version for OpenSSL download URL""" """Short version for OpenSSL download URL"""