lordgamez opened a new pull request, #1925: URL: https://github.com/apache/nifi-minifi-cpp/pull/1925
This change adds the option to enable FIPS mode in the OpenSSL library for cryptographic functions used by MiNiFi C++. This includes the following: - Introduces the `nifi.openssl.fips.support.enable` option in `minifi.properties` to enable this option, if the option is enabled MiNiFi C++ will try to load the `openssl.cnf` that loads the FIPS provider and then enables FIPS mode in OpenSSL. - Adds compilation of the FIPS provider library from OpenSSL 3.0.9 which is the latest FIPS validated OpenSSL version as listed here: https://openssl-library.org/source/ - Adds the FIPS provider library and the required `openssl.cnf` files to the install package under the $MINIFI_HOME/fips directory - Adds the `openssl` binary to the install package under the $MINIFI_HOME/fips directory for running the module tests and generating the fipsmodule.cnf file on the target platform as required for the FIPS compliancy, referenced in these sources: https://github.com/openssl/openssl/discussions/25036, https://openssl-library.org/source/fips-doc/openssl-3.0.9-security-policy-2024-01-12.pdf Appendix A - Updated paho-mqtt, librdkafka libraries and added `no-engine` flag for OpenSSL compilation to remove legacy API usage required for FIPS compliancy as referenced here: https://docs.openssl.org/master/man7/fips_module/#description OpenSSL discussion about this issue: https://github.com/openssl/openssl/discussions/26378 https://issues.apache.org/jira/browse/MINIFICPP-2524 --------------------- Thank you for submitting a contribution to Apache NiFi - MiNiFi C++. In order to streamline the review of the contribution we ask you to ensure the following steps have been taken: ### For all changes: - [ ] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [ ] Does your PR title start with MINIFICPP-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character. - [ ] Has your PR been rebased against the latest commit within the target branch (typically main)? - [ ] Is your initial contribution a single, squashed commit? ### For code changes: - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? - [ ] If applicable, have you updated the LICENSE file? - [ ] If applicable, have you updated the NOTICE file? ### For documentation related changes: - [ ] Have you ensured that format looks appropriate for the output in which it is rendered? ### Note: Please ensure that once the PR is submitted, you check GitHub Actions CI results for build issues and submit an update to your PR as soon as possible. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
