# HG changeset patch # User Misaki Miyashita # Date 1408124758 25200 # Node ID 442b27130f7aaa1c0f05a56bc4e5c02c7ae354e3 # Parent e00ca9ce4b5f53d78086f4f9fb6abaf0dfcc3cff 19314980 Update the OpenSSL FIPS-140 module version to 2.0.6 diff -r e00ca9ce4b5f -r 442b27130f7a components/openssl/openssl-1.0.1-fips-140/Makefile --- a/components/openssl/openssl-1.0.1-fips-140/Makefile Fri Aug 15 08:10:02 2014 -0700 +++ b/components/openssl/openssl-1.0.1-fips-140/Makefile Fri Aug 15 10:45:58 2014 -0700 @@ -40,7 +40,7 @@ COMPONENT_ARCHIVE_URL = $(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE) COMPONENT_BUGDB= utility/openssl -# OpenSSL FIPS 2.0.5 directory +# OpenSSL FIPS directory OPENSSL_FIPS_DIR = $(COMPONENT_DIR)/../openssl-fips # Note that the SPARC patch above does not fit this pattern. That is intentional @@ -150,14 +150,14 @@ # update the files which have been under continuous development. We rather copy # the files to the right directories and let OpenSSL makefiles build it. # We also copy some FIPS specific header files needed to build FIPS version -# of OpenSSL from FIPS module (openssl-fips-ecp-2.0.5). +# of OpenSSL from FIPS module. COMPONENT_PRE_BUILD_ACTION = \ ( $(LN) -fs $(COMPONENT_DIR)/engines/pkcs11/* $(@D)/engines; \ $(MKDIR) $(@D)/bin; \ - $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-ecp-2.0.5/fips/fips.h $(@D)/include/openssl; \ - $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-ecp-2.0.5/fips/fipssyms.h $(@D)/include/openssl; \ - $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-ecp-2.0.5/fips/rand/fips_rand.h $(@D)/include/openssl; \ - $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-ecp-2.0.5/fips/fipsld $(@D)/bin/; \ + $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-ecp-$(IPS_COMPONENT_VERSION)/fips/fips.h $(@D)/include/openssl; \ + $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-ecp-$(IPS_COMPONENT_VERSION)/fips/fipssyms.h $(@D)/include/openssl; \ + $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-ecp-$(IPS_COMPONENT_VERSION)/fips/rand/fips_rand.h $(@D)/include/openssl; \ + $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-ecp-$(IPS_COMPONENT_VERSION)/fips/fipsld $(@D)/bin/; \ $(LN) -fs $(OPENSSL_FIPS_DIR)/build/$(MACH$(BITS))/fips/fips_standalone_sha1 $(@D)/bin/; \ $(LN) -fs $(COMPONENT_DIR)/build/$(MACH$(BITS))/fips_premain_dso $(@D)/bin/;) diff -r e00ca9ce4b5f -r 442b27130f7a components/openssl/openssl-fips/Makefile --- a/components/openssl/openssl-fips/Makefile Fri Aug 15 08:10:02 2014 -0700 +++ b/components/openssl/openssl-fips/Makefile Fri Aug 15 10:45:58 2014 -0700 @@ -29,11 +29,11 @@ include ../../../make-rules/shared-macros.mk COMPONENT_NAME = openssl-fips -COMPONENT_VERSION = 2.0.5 +COMPONENT_VERSION = 2.0.6 COMPONENT_SRC = $(COMPONENT_NAME)-ecp-$(COMPONENT_VERSION) COMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz COMPONENT_ARCHIVE_HASH= \ - sha256:f1abdd0ca1a9467a3eba15564fc2b3447114d1d63020c33cd3210f2a43a5ff4d + sha256:861b431c625c27daf440041fd67c0866ebb84b44cc672cf1ea8f23e883518897 COMPONENT_ARCHIVE_URL = http://www.openssl.org/source/$(COMPONENT_ARCHIVE) COMPONENT_BUGDB= utility/openssl @@ -64,8 +64,12 @@ FIPS_PATH_32 = $(COMPONENT_DIR)/32:$(COMPONENT_DIR)/gcc:$(PATH) FIPS_PATH_64 = $(COMPONENT_DIR)/gcc:$(PATH) +# HMAC-SHA-1 digest of the OpenSSL FIPS tar file is used for the +# integrity test requirement for the FIPS-140 validation. +# Note: COMPONENT_ARCHIVE_HASH is a SHA256 digest used by the Userland +# Consolidation to check the file integrity. OPENSSL_FIPS_HMAC_KEY = etaonrishdlcupfm -OPENSSL_FIPS_HMAC = 148e4e127ffef1df80c0ed61bae35b07ec7b7b36 +OPENSSL_FIPS_HMAC = 852f43cd9ae1bd2eba60e4f9f1f266d3c16c0319 # There is a broken link in the tarball which causes cp(1) to fail which would # fail the whole configure process. It's safer to get rid of the link than