forked from nodejs/node
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
crypto: support FIPS mode of OpenSSL
Support building and running with FIPS-compliant OpenSSL. The process is following: 1. Download and verify `openssl-fips-x.x.x.tar.gz` from https://www.openssl.org/source/ 2. Extract source to `openssl-fips` folder 3. `cd openssl-fips && ./config fipscanisterbuild --prefix=`pwd`/out` 4. `git apply /path/to/io.js/deps/openssl/fips/fipsld.diff` 5. `make -j && make install` 6. Get into io.js checkout folder 7. `./configure --openssl-fips=/path/to/openssl-fips/out` 8. Build io.js with `make -j` Fix: nodejs/node-v0.x-archive#25463
- Loading branch information
Showing
4 changed files
with
115 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
diff --git a/out/bin/fipsld.bak b/out/bin/fipsld | ||
index 62565fd..3e7ce4f 100755 | ||
--- a/out/bin/fipsld.bak | ||
+++ b/out/bin/fipsld | ||
@@ -12,6 +12,7 @@ | ||
|
||
#set -x | ||
|
||
+CC=${CXX} | ||
CC=${FIPSLD_CC:-${CC}} | ||
[ -n "${CC}" ] || { echo '$CC is not defined'; exit 1; } | ||
|
||
@@ -36,9 +37,9 @@ TARGET=`(while [ "x$1" != "x" -a "x$1" != "x-o" ]; do shift; done; echo $2)` | ||
# procedures are already embedded into and executed in shared library | ||
# context. | ||
case `basename "${TARGET}"` in | ||
-libcrypto*|libfips*|*.dll) ;; | ||
+libopenssl*|libcrypto*|libfips*|*.dll) ;; | ||
*) case "$*" in | ||
- *libcrypto.a*|*-lcrypto*|*fipscanister.o*) ;; | ||
+ *libopenssl.a*|*libcrypto.a*|*-lcrypto*|*fipscanister.o*) ;; | ||
*) exec ${CC} "$@" ;; | ||
esac | ||
esac | ||
@@ -124,7 +125,7 @@ lib*|*.dll) # must be linking a shared lib... | ||
|
||
/bin/rm -f "${TARGET}" | ||
${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \ | ||
- "${PREMAIN_C}" \ | ||
+ -x c "${PREMAIN_C}" -x none \ | ||
${_WL_PREMAIN} "$@" | ||
|
||
if [ "x${FIPS_SIG}" != "x" ]; then | ||
@@ -143,7 +144,7 @@ lib*|*.dll) # must be linking a shared lib... | ||
|
||
# recompile with signature... | ||
${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \ | ||
- -DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \ | ||
+ -DHMAC_SHA1_SIG=\"${SIG}\" -x c "${PREMAIN_C}" -x none \ | ||
${_WL_PREMAIN} "$@" | ||
;; | ||
|
||
@@ -172,7 +173,7 @@ lib*|*.dll) # must be linking a shared lib... | ||
|
||
/bin/rm -f "${TARGET}" | ||
${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \ | ||
- "${PREMAIN_C}" \ | ||
+ -x c "${PREMAIN_C}" -x none \ | ||
${_WL_PREMAIN} "$@" | ||
|
||
if [ "x${FIPS_SIG}" != "x" ]; then | ||
@@ -191,7 +192,7 @@ lib*|*.dll) # must be linking a shared lib... | ||
|
||
# recompile with signature... | ||
${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \ | ||
- -DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \ | ||
+ -DHMAC_SHA1_SIG=\"${SIG}\" -x c "${PREMAIN_C}" -x none \ | ||
${_WL_PREMAIN} "$@" | ||
;; | ||
esac |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters