File openssl-300-test-with-latest-openssl.patch of Package python36

Overview Repositories Revisions Requests Users Attributes Meta

File openssl-300-test-with-latest-openssl.patch of Package python36

From 6f8d3280e0ebab60b80d570d414d6e26b5f5da39 Mon Sep 17 00:00:00 2001
From: "Miss Islington (bot)"
 <31488909+miss-islington@users.noreply.github.com>
Date: Fri, 15 May 2020 10:05:57 -0700
Subject: [PATCH] OpenSSL 3.0.0: Test with latest OpenSSL versions

* 1.0.2u (EOL)
* 1.1.0l (EOL)
* 1.1.1g
* 3.0.0-alpha2 (disabled for now)

Build the FIPS provider and create a FIPS configuration file for
OpenSSL 3.0.0.

(cherry picked from commit gh#python/cpython@5e6b491403d7)

Fixes: bpo-40479
From-PR: gh#python/cpython!20108
Patch: openssl-300-test-with-latest-openssl.patch
Released-in: 3.7.8
Signed-off-by: Christian Heimes <christian@python.org>
---
 .../2020-05-15-17-48-25.bpo-40479.B1gBl-.rst  |  2 +
 Tools/ssl/multissltests.py                    | 64 +++++++++++++++++--
 2 files changed, 61 insertions(+), 5 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Tools-Demos/2020-05-15-17-48-25.bpo-40479.B1gBl-.rst

diff --git a/Misc/NEWS.d/next/Tools-Demos/2020-05-15-17-48-25.bpo-40479.B1gBl-.rst b/Misc/NEWS.d/next/Tools-Demos/2020-05-15-17-48-25.bpo-40479.B1gBl-.rst
new file mode 100644
index 00000000000..b59035971d7
--- /dev/null
+++ b/Misc/NEWS.d/next/Tools-Demos/2020-05-15-17-48-25.bpo-40479.B1gBl-.rst
@@ -0,0 +1,2 @@
+Update multissltest helper to test with latest OpenSSL 1.0.2, 1.1.0, 1.1.1,
+and 3.0.0-alpha.
diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py
index c73e2b78420..ad9235c8201 100755
--- a/Tools/ssl/multissltests.py
+++ b/Tools/ssl/multissltests.py
@@ -43,14 +43,13 @@ log = logging.getLogger("multissl")
 OPENSSL_OLD_VERSIONS = [
     "0.9.8zh",
     "1.0.1u",
-    "1.0.2",
 ]
 
 OPENSSL_RECENT_VERSIONS = [
-    "1.0.2p",
-    "1.1.0i",
-    "1.1.1k",
-    "3.0.3",
+    "1.0.2u",
+    "1.1.0l",
+    "1.1.1g",
+    # "3.0.0-alpha2"
 ]
 
 LIBRESSL_OLD_VERSIONS = [
@@ -148,6 +147,23 @@ parser.add_argument(
     help="Keep original sources for debugging."
 )
 
+OPENSSL_FIPS_CNF = """\
+openssl_conf = openssl_init
+
+.include {self.install_dir}/ssl/fipsinstall.cnf
+# .include {self.install_dir}/ssl/openssl.cnf
+
+[openssl_init]
+providers = provider_sect
+
+[provider_sect]
+fips = fips_sect
+default = default_sect
+
+[default_sect]
+activate = 1
+"""
+
 
 class AbstractBuilder(object):
     library = None
@@ -296,9 +312,13 @@ class AbstractBuilder(object):
             ["make", "-j1", self.install_target],
             cwd=self.build_dir
         )
+        self._post_install()
         if not self.args.keep_sources:
             shutil.rmtree(self.build_dir)
 
+    def _post_install(self):
+        pass
+
     def install(self):
         log.info(self.openssl_cli)
         if not self.has_openssl or self.args.force:
@@ -370,6 +390,40 @@ class BuildOpenSSL(AbstractBuilder):
     # only install software, skip docs
     install_target = 'install_sw'
 
+    def _post_install(self):
+        if self.version.startswith("3.0"):
+            self._post_install_300()
+
+    def _post_install_300(self):
+        # create ssl/ subdir with example configs
+        self._subprocess_call(
+            ["make", "-j1", "install_ssldirs"],
+            cwd=self.build_dir
+        )
+        # Install FIPS module
+        # https://wiki.openssl.org/index.php/OpenSSL_3.0#Completing_the_installation_of_the_FIPS_Module
+        fipsinstall_cnf = os.path.join(
+            self.install_dir, "ssl", "fipsinstall.cnf"
+        )
+        openssl_fips_cnf = os.path.join(
+            self.install_dir, "ssl", "openssl-fips.cnf"
+        )
+        fips_mod = os.path.join(self.lib_dir, "ossl-modules/fips.so")
+        self._subprocess_call(
+            [
+                self.openssl_cli, "fipsinstall",
+                "-out", fipsinstall_cnf,
+                "-module", fips_mod,
+                "-provider_name", "fips",
+                "-mac_name", "HMAC",
+                "-macopt", "digest:SHA256",
+                "-macopt", "hexkey:00",
+                "-section_name", "fips_sect"
+            ]
+        )
+        with open(openssl_fips_cnf, "w") as f:
+            f.write(OPENSSL_FIPS_CNF.format(self=self))
+
 
 class BuildLibreSSL(AbstractBuilder):
     library = "LibreSSL"
-- 
2.46.1

Places

File openssl-300-test-with-latest-openssl.patch of Package python36

Places