fi
}
+download_aws_lc_fips () {
+ if [ ! -f "${BUILDSSL_TMPDIR}/aws-lc-${AWS_LC_FIPS_VERSION}.tar.gz" ]; then
+ mkdir -p "${BUILDSSL_TMPDIR}"
+ wget -q -O "${BUILDSSL_TMPDIR}/aws-lc-fips-${AWS_LC_FIPS_VERSION}.tar.gz" \
+ "https://github.com/aws/aws-lc/archive/refs/tags/AWS-LC-FIPS-${AWS_LC_FIPS_VERSION}.tar.gz"
+ fi
+}
+
+
+# require GO + Perl for FIPS mode
+build_aws_lc_fips () {
+ if [ "$(cat ${BUILDSSL_DESTDIR}/.aws_lc_fips-version)" != "${AWS_LC_FIPS_VERSION}" ]; then
+ mkdir -p "${BUILDSSL_TMPDIR}/aws-lc-fips-${AWS_LC_FIPS_VERSION}/"
+ tar zxf "${BUILDSSL_TMPDIR}/aws-lc-fips-${AWS_LC_FIPS_VERSION}.tar.gz" -C "${BUILDSSL_TMPDIR}/aws-lc-fips-${AWS_LC_FIPS_VERSION}/" --strip-components=1
+ (
+ cd "${BUILDSSL_TMPDIR}/aws-lc-fips-${AWS_LC_FIPS_VERSION}/"
+ mkdir -p build
+ cd build
+ cmake -version
+ cmake -DCMAKE_BUILD_TYPE=Release -DFIPS=1 -DBUILD_SHARED_LIBS=1 \
+ -DBUILD_TESTING=0 -DCMAKE_INSTALL_PREFIX=${BUILDSSL_DESTDIR} ..
+ make -j$(nproc)
+ make install
+ )
+ echo "${AWS_LC_FIPS_VERSION}" > "${BUILDSSL_DESTDIR}/.aws_lc_fips-version"
+ fi
+}
+
download_quictls () {
if [ ! -d "${BUILDSSL_TMPDIR}/quictls" ]; then
git clone --depth=1 https://github.com/quictls/openssl ${BUILDSSL_TMPDIR}/quictls
build_aws_lc
fi
+if [ ! -z ${AWS_LC_FIPS_VERSION+x} ]; then
+ download_aws_lc_fips
+ build_aws_lc_fips
+fi
+
if [ ! -z ${QUICTLS+x} ]; then
download_quictls
build_quictls
projects / thirdparty / haproxy.git / commitdiff
