[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/

Tue, 02 Nov 2021 08:02:05 -0700 

commit:     895d71e3d1c76e283f09143480870a500a889233
Author:     Mathieu Tortuyaux <mtortuyaux <AT> microsoft <DOT> com>
AuthorDate: Tue Nov  2 12:52:20 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Nov  2 15:00:10 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=895d71e3

dev-libs/openssl: add `fips` support

`FIPS` provider is not enabled by default with OpenSSL version 3. Let's
make it optional by adding conditional `fips` internal useflag.

See also: https://github.com/openssl/openssl/blob/master/README-FIPS.md

Bug: https://bugs.gentoo.org/820173
Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: Mathieu Tortuyaux <mtortuyaux <AT> microsoft.com>
Closes: https://github.com/gentoo/gentoo/pull/22796
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/openssl/metadata.xml         | 1 +
 dev-libs/openssl/openssl-3.0.0.ebuild | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/dev-libs/openssl/metadata.xml b/dev-libs/openssl/metadata.xml
index a338ff2ba12..e0b7df73655 100644
--- a/dev-libs/openssl/metadata.xml
+++ b/dev-libs/openssl/metadata.xml
@@ -8,6 +8,7 @@
 <use>
  <flag name="asm">Support assembly hand optimized crypto functions (i.e. 
faster run time)</flag>
  <flag name="bindist">Disable/Restrict EC algorithms (as they seem to be 
patented) -- note: changes the ABI</flag>
+ <flag name="fips">Enable FIPS provider</flag>
  <flag name="ktls">Enable support for Kernel implementation of TLS 
(kTLS)</flag>
  <flag name="rfc3779">Enable support for RFC 3779 (X.509 Extensions for IP 
Addresses and AS Identifiers)</flag>
  <flag name="sslv2">Support for the old/insecure SSLv2 protocol -- note: not 
required for TLS/https</flag>

diff --git a/dev-libs/openssl/openssl-3.0.0.ebuild 
b/dev-libs/openssl/openssl-3.0.0.ebuild
index c7bab83b760..dad6d1b877b 100644
--- a/dev-libs/openssl/openssl-3.0.0.ebuild
+++ b/dev-libs/openssl/openssl-3.0.0.ebuild
@@ -22,7 +22,7 @@ fi
 LICENSE="Apache-2.0"
 SLOT="0/3" # .so version of libssl/libcrypto
 
-IUSE="+asm cpu_flags_x86_sse2 elibc_musl ktls rfc3779 sctp static-libs test 
tls-compression vanilla"
+IUSE="+asm cpu_flags_x86_sse2 elibc_musl fips ktls rfc3779 sctp static-libs 
test tls-compression vanilla"
 RESTRICT="!test? ( test )"
 
 COMMON_DEPEND="
@@ -171,6 +171,7 @@ multilib_src_configure() {
                enable-idea
                enable-mdc2
                enable-rc5
+               $(use fips && echo "enable-fips")
                $(use_ssl asm)
                $(use_ssl ktls)
                $(use_ssl rfc3779)

Reply via email to