lordgamez commented on code in PR #1925:
URL: https://github.com/apache/nifi-minifi-cpp/pull/1925#discussion_r1987684401
##########
cmake/BundledOpenSSL.cmake:
##########
@@ -165,4 +169,77 @@ function(use_openssl SOURCE_DIR BINARY_DIR)
set_property(TARGET OpenSSL::SSL APPEND PROPERTY
INTERFACE_LINK_LIBRARIES crypt32.lib)
endif()
+ if (WIN32)
+ set(BYPRODUCT_DYN_SUFFIX ".dll" CACHE STRING "" FORCE)
+ elseif(APPLE)
+ set(BYPRODUCT_DYN_SUFFIX ".dylib" CACHE STRING "" FORCE)
+ else()
+ set(BYPRODUCT_DYN_SUFFIX ".so" CACHE STRING "" FORCE)
+ endif()
+
+ set(FIPS_BYPRODUCTS
+ "${LIBDIR}/ossl-modules/fips${BYPRODUCT_DYN_SUFFIX}"
+ )
+
+ set(OPENSSL_FIPS_BIN_DIR "${BINARY_DIR}/thirdparty/openssl-fips-install"
CACHE STRING "" FORCE)
+
+ FOREACH(BYPRODUCT ${FIPS_BYPRODUCTS})
+ LIST(APPEND OPENSSL_FIPS_FILE_LIST
"${OPENSSL_FIPS_BIN_DIR}/${BYPRODUCT}")
+ ENDFOREACH(BYPRODUCT)
+
+ install(FILES ${OPENSSL_FIPS_FILE_LIST} DESTINATION fips COMPONENT bin)
+ install(FILES "${OPENSSL_BIN_DIR}/bin/openssl${EXECUTABLE_SUFFIX}"
DESTINATION fips COMPONENT bin
+ PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_EXECUTE
GROUP_READ WORLD_READ WORLD_EXECUTE)
+
+ set(OPENSSL_FIPS_EXTRA_FLAGS
+ no-tests # Disable tests
+ no-capieng # disable CAPI engine (legacy)
+ no-legacy # disable legacy modules
+ no-ssl # disable SSLv3
+ no-engine # disable Engine API as it is deprecated since
OpenSSL 3.0 and not FIPS compatible
+ enable-fips) # enable FIPS module
+
+ if (WIN32)
+ find_program(JOM_EXECUTABLE_PATH
+ NAMES jom.exe
+ PATHS ENV PATH
+ NO_DEFAULT_PATH)
+ if(JOM_EXECUTABLE_PATH)
+ include(ProcessorCount)
+ processorcount(jobs)
+ set(OPENSSL_BUILD_COMMAND ${JOM_EXECUTABLE_PATH} -j${jobs})
+ set(OPENSSL_WINDOWS_COMPILE_FLAGS /FS)
+ else()
+ message("Using nmake for OpenSSL build")
+ set(OPENSSL_BUILD_COMMAND nmake)
+ set(OPENSSL_WINDOWS_COMPILE_FLAGS "")
+ endif()
+ ExternalProject_Add(
+ openssl-fips-external
+ URL
https://github.com/openssl/openssl/releases/download/openssl-3.0.9/openssl-3.0.9.tar.gz
+ URL_HASH
"SHA256=eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"
+ SOURCE_DIR "${BINARY_DIR}/thirdparty/openssl-fips-src"
+ BUILD_IN_SOURCE true
+ CONFIGURE_COMMAND perl Configure
"CFLAGS=${PASSTHROUGH_CMAKE_C_FLAGS} ${OPENSSL_WINDOWS_COMPILE_FLAGS}"
"CXXFLAGS=${PASSTHROUGH_CMAKE_CXX_FLAGS} ${OPENSSL_WINDOWS_COMPILE_FLAGS}"
${OPENSSL_SHARED_FLAG} ${OPENSSL_FIPS_EXTRA_FLAGS} enable-fips
"--prefix=${OPENSSL_FIPS_BIN_DIR}" "--openssldir=${OPENSSL_FIPS_BIN_DIR}"
+ BUILD_BYPRODUCTS ${OPENSSL_FIPS_FILE_LIST}
+ EXCLUDE_FROM_ALL TRUE
+ BUILD_COMMAND ${OPENSSL_BUILD_COMMAND}
+ INSTALL_COMMAND nmake install_fips
+ )
+ else()
+ ExternalProject_Add(
+ openssl-fips-external
+ URL
https://github.com/openssl/openssl/releases/download/openssl-3.0.9/openssl-3.0.9.tar.gz
+ URL_HASH
"SHA256=eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"
+ SOURCE_DIR "${BINARY_DIR}/thirdparty/openssl-fips-src"
+ BUILD_IN_SOURCE true
+ CONFIGURE_COMMAND ./Configure
"CFLAGS=${PASSTHROUGH_CMAKE_C_FLAGS} -fPIC"
"CXXFLAGS=${PASSTHROUGH_CMAKE_CXX_FLAGS} -fPIC" ${OPENSSL_SHARED_FLAG}
${OPENSSL_FIPS_EXTRA_FLAGS} "--prefix=${OPENSSL_FIPS_BIN_DIR}"
"--openssldir=${OPENSSL_FIPS_BIN_DIR}"
+ BUILD_BYPRODUCTS ${OPENSSL_FIPS_FILE_LIST}
+ EXCLUDE_FROM_ALL TRUE
+ INSTALL_COMMAND make install_fips
+ )
+ endif()
+
+ add_dependencies(OpenSSL::Crypto openssl-fips-external)
Review Comment:
This is needed to actually build the fips target. Without setting it as a
dependency of any target in the build (as it is used only in runtime), it will
not be built because no target has this library linked in build time and cmake
will not make it part of the build hierarchy. The two openssl builds can
actually run in parallel as it does not depend on the openssl-external target.
OpenSSL::Crypto depends on both openssl-external and openssl-fips-external
targets so they can be built in parallel.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
