diff options
| author | Rich Salz <rsalz@akamai.com> | 2020-06-29 12:20:41 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2020-06-29 12:20:41 +1000 |
| commit | 31214258309251aff297da67a60a6b60bf4ef27e (patch) | |
| tree | aee548533bd6a7fe25c3c6ebf06b46287dfccb6c /Configure | |
| parent | 9afbb681ecd433623fb39db2a110ec3351d271c7 (diff) | |
| download | openssl-new-31214258309251aff297da67a60a6b60bf4ef27e.tar.gz | |
Add --fips-key configuration parameter to fipsinstall application.
Change default FIPS HMAC KEY from all-zero's
Use default FIPSKEY if not given on command line.
Make all -macopt in fipsinstall optional
Make all tests, except fipsinstall, use the default -macopt and
-mac_name flags.
Define and use FIPSDIR variable on VMS/MMS.
Also use SRCDIR/BLDDIR in SRCTOP/BLDTOP.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12235)
Diffstat (limited to 'Configure')
| -rwxr-xr-x | Configure | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -244,6 +244,9 @@ my $local_config_envname = 'OPENSSL_LOCAL_CONFIG_DIR'; $config{sourcedir} = abs2rel($srcdir); $config{builddir} = abs2rel($blddir); +# echo -n 'holy hand grenade of antioch' | openssl sha256 +$config{FIPSKEY} = + 'f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813'; # Collect reconfiguration information if needed my @argvcopy=@ARGV; @@ -934,6 +937,16 @@ while (@argvcopy) push @seed_sources, $x; } } + elsif (/^--fips-key=(.*)$/) + { + $user{FIPSKEY}=lc($1); + die "Non-hex character in FIPS key\n" + if $user{FIPSKEY} =~ /[^a-f0-9]/; + die "FIPS key must have even number of characters\n" + if length $1 & 1; + die "FIPS key too long (64 bytes max)\n" + if length $1 > 64; + } elsif (/^--cross-compile-prefix=(.*)$/) { $user{CROSS_COMPILE}=$1; |