szaszm commented on code in PR #1925:
URL: https://github.com/apache/nifi-minifi-cpp/pull/1925#discussion_r1987659275
##########
cmake/BundledOpenSSL.cmake:
##########
@@ -165,4 +169,77 @@ function(use_openssl SOURCE_DIR BINARY_DIR)
set_property(TARGET OpenSSL::SSL APPEND PROPERTY
INTERFACE_LINK_LIBRARIES crypt32.lib)
endif()
+ if (WIN32)
+ set(BYPRODUCT_DYN_SUFFIX ".dll" CACHE STRING "" FORCE)
+ elseif(APPLE)
+ set(BYPRODUCT_DYN_SUFFIX ".dylib" CACHE STRING "" FORCE)
+ else()
+ set(BYPRODUCT_DYN_SUFFIX ".so" CACHE STRING "" FORCE)
+ endif()
+
+ set(FIPS_BYPRODUCTS
+ "${LIBDIR}/ossl-modules/fips${BYPRODUCT_DYN_SUFFIX}"
+ )
+
+ set(OPENSSL_FIPS_BIN_DIR "${BINARY_DIR}/thirdparty/openssl-fips-install"
CACHE STRING "" FORCE)
+
+ FOREACH(BYPRODUCT ${FIPS_BYPRODUCTS})
+ LIST(APPEND OPENSSL_FIPS_FILE_LIST
"${OPENSSL_FIPS_BIN_DIR}/${BYPRODUCT}")
+ ENDFOREACH(BYPRODUCT)
+
+ install(FILES ${OPENSSL_FIPS_FILE_LIST} DESTINATION fips COMPONENT bin)
+ install(FILES "${OPENSSL_BIN_DIR}/bin/openssl${EXECUTABLE_SUFFIX}"
DESTINATION fips COMPONENT bin
+ PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_EXECUTE
GROUP_READ WORLD_READ WORLD_EXECUTE)
+
+ set(OPENSSL_FIPS_EXTRA_FLAGS
+ no-tests # Disable tests
+ no-capieng # disable CAPI engine (legacy)
+ no-legacy # disable legacy modules
+ no-ssl # disable SSLv3
+ no-engine # disable Engine API as it is deprecated since
OpenSSL 3.0 and not FIPS compatible
+ enable-fips) # enable FIPS module
+
+ if (WIN32)
+ find_program(JOM_EXECUTABLE_PATH
+ NAMES jom.exe
+ PATHS ENV PATH
+ NO_DEFAULT_PATH)
+ if(JOM_EXECUTABLE_PATH)
+ include(ProcessorCount)
+ processorcount(jobs)
+ set(OPENSSL_BUILD_COMMAND ${JOM_EXECUTABLE_PATH} -j${jobs})
+ set(OPENSSL_WINDOWS_COMPILE_FLAGS /FS)
+ else()
+ message("Using nmake for OpenSSL build")
+ set(OPENSSL_BUILD_COMMAND nmake)
+ set(OPENSSL_WINDOWS_COMPILE_FLAGS "")
+ endif()
+ ExternalProject_Add(
+ openssl-fips-external
+ URL
https://github.com/openssl/openssl/releases/download/openssl-3.0.9/openssl-3.0.9.tar.gz
+ URL_HASH
"SHA256=eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"
+ SOURCE_DIR "${BINARY_DIR}/thirdparty/openssl-fips-src"
+ BUILD_IN_SOURCE true
+ CONFIGURE_COMMAND perl Configure
"CFLAGS=${PASSTHROUGH_CMAKE_C_FLAGS} ${OPENSSL_WINDOWS_COMPILE_FLAGS}"
"CXXFLAGS=${PASSTHROUGH_CMAKE_CXX_FLAGS} ${OPENSSL_WINDOWS_COMPILE_FLAGS}"
${OPENSSL_SHARED_FLAG} ${OPENSSL_FIPS_EXTRA_FLAGS} enable-fips
"--prefix=${OPENSSL_FIPS_BIN_DIR}" "--openssldir=${OPENSSL_FIPS_BIN_DIR}"
+ BUILD_BYPRODUCTS ${OPENSSL_FIPS_FILE_LIST}
+ EXCLUDE_FROM_ALL TRUE
+ BUILD_COMMAND ${OPENSSL_BUILD_COMMAND}
+ INSTALL_COMMAND nmake install_fips
+ )
+ else()
+ ExternalProject_Add(
+ openssl-fips-external
+ URL
https://github.com/openssl/openssl/releases/download/openssl-3.0.9/openssl-3.0.9.tar.gz
+ URL_HASH
"SHA256=eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"
+ SOURCE_DIR "${BINARY_DIR}/thirdparty/openssl-fips-src"
+ BUILD_IN_SOURCE true
+ CONFIGURE_COMMAND ./Configure
"CFLAGS=${PASSTHROUGH_CMAKE_C_FLAGS} -fPIC"
"CXXFLAGS=${PASSTHROUGH_CMAKE_CXX_FLAGS} -fPIC" ${OPENSSL_SHARED_FLAG}
${OPENSSL_FIPS_EXTRA_FLAGS} "--prefix=${OPENSSL_FIPS_BIN_DIR}"
"--openssldir=${OPENSSL_FIPS_BIN_DIR}"
+ BUILD_BYPRODUCTS ${OPENSSL_FIPS_FILE_LIST}
+ EXCLUDE_FROM_ALL TRUE
+ INSTALL_COMMAND make install_fips
+ )
+ endif()
+
+ add_dependencies(OpenSSL::Crypto openssl-fips-external)
Review Comment:
is this necessary? I thought these two could be built in parallel.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
