From: Dr. Matthias St. Pierre Date: Mon, 8 Feb 2021 23:16:55 +0000 (+0100) Subject: util/wrap.pl: use the apps/openssl.cnf from the source tree X-Git-Tag: openssl-3.0.0-alpha15~118 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3ab736acb89c277bd174f958591c65c66d611c72;p=thirdparty%2Fopenssl.git util/wrap.pl: use the apps/openssl.cnf from the source tree The `make install_fips` target failed msp@debian:~/src/openssl$ make install_fips *** Installing FIPS module install providers/fips.so -> /opt/openssl-dev/lib/ossl-modules/fips.so *** Installing FIPS module configuration fipsinstall /opt/openssl-dev/ssl/fipsmodule.cnf FATAL: Startup failure (dev note: apps_startup()) for ./apps/openssl ... No such file or directory:crypto/conf/conf_def.c:771:calling stat(fipsmodule.cnf) ... make: *** [Makefile:3341: install_fips] Error 1 because the `openssl fipsinstall` command was loading a previously installed configuration file instead of the copy shipped with the source tree. msp@debian:~/src/openssl$ strace -f make install_fips |& grep openssl.cnf [pid 128683] openat(AT_FDCWD, "/opt/openssl-dev/ssl/openssl.cnf", O_RDONLY) = 3 This issue reveiled a more general problem, which applies to the tests as well: unless openssl is installed, the openssl app must not use any preinstalled configuration file. This holds in particular when the preinstalled configuration file load providers, which caused the above failure. The most consistent way to achieve this behaviour is to set the OPENSSL_CONF environment variable to the correct location in the util/wrap.pl perl wrapper. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14136) --- diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index ef4fd5f0774..1ff418c4c62 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -1215,7 +1215,8 @@ tar: # Helper targets ##################################################### -link-utils: $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/util/wrap.pl +link-utils: $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/util/wrap.pl \ + $(BLDDIR)/apps/openssl.cnf $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/util/wrap.pl: configdata.pm @if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \ @@ -1223,6 +1224,12 @@ $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/util/wrap.pl: configdata.pm ln -sf "../$(SRCDIR)/util/`basename "$@"`" "$(BLDDIR)/util"; \ fi +$(BLDDIR)/apps/openssl.cnf: configdata.pm + @if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \ + mkdir -p "$(BLDDIR)/apps"; \ + ln -sf "../$(SRCDIR)/apps/`basename "$@"`" "$(BLDDIR)/apps"; \ + fi + FORCE: # Building targets ################################################### diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index 846c500bef7..050d618a23f 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -594,12 +594,16 @@ uninstall_html_docs: # Helper targets ##################################################### -copy-utils: $(BLDDIR)\util\wrap.pl +copy-utils: $(BLDDIR)\util\wrap.pl $(BLDDIR)\apps\openssl.cnf $(BLDDIR)\util\wrap.pl: configdata.pm @if NOT EXIST "$(BLDDIR)\util" mkdir "$(BLDDIR)\util" @if NOT "$(SRCDIR)"=="$(BLDDIR)" copy "$(SRCDIR)\util\$(@F)" "$(BLDDIR)\util" +$(BLDDIR)\apps\openssl.cnf: configdata.pm + @if NOT EXIST "$(BLDDIR)\apps" mkdir "$(BLDDIR)\apps" + @if NOT "$(SRCDIR)"=="$(BLDDIR)" copy "$(SRCDIR)\apps\$(@F)" "$(BLDDIR)\apps" + # Building targets ################################################### configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -} diff --git a/util/wrap.pl b/util/wrap.pl index fd24c42c8b3..69be06d3029 100755 --- a/util/wrap.pl +++ b/util/wrap.pl @@ -9,12 +9,15 @@ use File::Spec::Functions; my $there = canonpath(catdir(dirname($0), updir())); my $std_engines = catdir($there, 'engines'); my $std_providers = catdir($there, 'providers'); +my $std_openssl_conf = catdir($there, 'apps/openssl.cnf'); my $unix_shlib_wrap = catfile($there, 'util/shlib_wrap.sh'); $ENV{OPENSSL_ENGINES} = $std_engines if ($ENV{OPENSSL_ENGINES} // '') eq '' && -d $std_engines; $ENV{OPENSSL_MODULES} = $std_providers if ($ENV{OPENSSL_MODULES} // '') eq '' && -d $std_providers; +$ENV{OPENSSL_CONF} = $std_openssl_conf + if ($ENV{OPENSSL_CONF} // '') eq '' && -f $std_openssl_conf; my $use_system = 0; my @cmd;