The branch master has been updated
via 3ab736acb89c277bd174f958591c65c66d611c72 (commit)
from 0f10196042a4aa43b9b1966e0709060c5b8658bc (commit)
- Log -----------------------------------------------------------------
commit 3ab736acb89c277bd174f958591c65c66d611c72
Author: Dr. Matthias St. Pierre <[email protected]>
Date: Tue Feb 9 00:16:55 2021 +0100
util/wrap.pl: use the apps/openssl.cnf from the source tree
The `make install_fips` target failed
msp@debian:~/src/openssl$ make install_fips
*** Installing FIPS module
install providers/fips.so -> /opt/openssl-dev/lib/ossl-modules/fips.so
*** Installing FIPS module configuration
fipsinstall /opt/openssl-dev/ssl/fipsmodule.cnf
FATAL: Startup failure (dev note: apps_startup()) for ./apps/openssl
... No such file or directory:crypto/conf/conf_def.c:771:calling
stat(fipsmodule.cnf)
...
make: *** [Makefile:3341: install_fips] Error 1
because the `openssl fipsinstall` command was loading a previously installed
configuration file instead of the copy shipped with the source tree.
msp@debian:~/src/openssl$ strace -f make install_fips |& grep
openssl.cnf
[pid 128683] openat(AT_FDCWD, "/opt/openssl-dev/ssl/openssl.cnf",
O_RDONLY) = 3
This issue reveiled a more general problem, which applies to the tests as
well:
unless openssl is installed, the openssl app must not use any preinstalled
configuration file. This holds in particular when the preinstalled
configuration
file load providers, which caused the above failure.
The most consistent way to achieve this behaviour is to set the OPENSSL_CONF
environment variable to the correct location in the util/wrap.pl perl
wrapper.
Reviewed-by: Tomas Mraz <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/14136)
-----------------------------------------------------------------------
Summary of changes:
Configurations/unix-Makefile.tmpl | 9 ++++++++-
Configurations/windows-makefile.tmpl | 6 +++++-
util/wrap.pl | 3 +++
3 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/Configurations/unix-Makefile.tmpl
b/Configurations/unix-Makefile.tmpl
index ef4fd5f077..1ff418c4c6 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -1215,7 +1215,8 @@ tar:
# Helper targets #####################################################
-link-utils: $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/util/wrap.pl
+link-utils: $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/util/wrap.pl \
+ $(BLDDIR)/apps/openssl.cnf
$(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/util/wrap.pl: configdata.pm
@if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \
@@ -1223,6 +1224,12 @@ $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/util/wrap.pl:
configdata.pm
ln -sf "../$(SRCDIR)/util/`basename "$@"`" "$(BLDDIR)/util"; \
fi
+$(BLDDIR)/apps/openssl.cnf: configdata.pm
+ @if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \
+ mkdir -p "$(BLDDIR)/apps"; \
+ ln -sf "../$(SRCDIR)/apps/`basename "$@"`" "$(BLDDIR)/apps"; \
+ fi
+
FORCE:
# Building targets ###################################################
diff --git a/Configurations/windows-makefile.tmpl
b/Configurations/windows-makefile.tmpl
index 846c500bef..050d618a23 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -594,12 +594,16 @@ uninstall_html_docs:
# Helper targets #####################################################
-copy-utils: $(BLDDIR)\util\wrap.pl
+copy-utils: $(BLDDIR)\util\wrap.pl $(BLDDIR)\apps\openssl.cnf
$(BLDDIR)\util\wrap.pl: configdata.pm
@if NOT EXIST "$(BLDDIR)\util" mkdir "$(BLDDIR)\util"
@if NOT "$(SRCDIR)"=="$(BLDDIR)" copy "$(SRCDIR)\util\$(@F)"
"$(BLDDIR)\util"
+$(BLDDIR)\apps\openssl.cnf: configdata.pm
+ @if NOT EXIST "$(BLDDIR)\apps" mkdir "$(BLDDIR)\apps"
+ @if NOT "$(SRCDIR)"=="$(BLDDIR)" copy "$(SRCDIR)\apps\$(@F)"
"$(BLDDIR)\apps"
+
# Building targets ###################################################
configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' }
@{$config{build_file_templates}}, @{$config{build_infos}},
@{$config{conf_files}}) -}
diff --git a/util/wrap.pl b/util/wrap.pl
index fd24c42c8b..69be06d302 100755
--- a/util/wrap.pl
+++ b/util/wrap.pl
@@ -9,12 +9,15 @@ use File::Spec::Functions;
my $there = canonpath(catdir(dirname($0), updir()));
my $std_engines = catdir($there, 'engines');
my $std_providers = catdir($there, 'providers');
+my $std_openssl_conf = catdir($there, 'apps/openssl.cnf');
my $unix_shlib_wrap = catfile($there, 'util/shlib_wrap.sh');
$ENV{OPENSSL_ENGINES} = $std_engines
if ($ENV{OPENSSL_ENGINES} // '') eq '' && -d $std_engines;
$ENV{OPENSSL_MODULES} = $std_providers
if ($ENV{OPENSSL_MODULES} // '') eq '' && -d $std_providers;
+$ENV{OPENSSL_CONF} = $std_openssl_conf
+ if ($ENV{OPENSSL_CONF} // '') eq '' && -f $std_openssl_conf;
my $use_system = 0;
my @cmd;
