From 31214258309251aff297da67a60a6b60bf4ef27e Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Mon, 29 Jun 2020 12:20:41 +1000 Subject: Add --fips-key configuration parameter to fipsinstall application. Change default FIPS HMAC KEY from all-zero's Use default FIPSKEY if not given on command line. Make all -macopt in fipsinstall optional Make all tests, except fipsinstall, use the default -macopt and -mac_name flags. Define and use FIPSDIR variable on VMS/MMS. Also use SRCDIR/BLDDIR in SRCTOP/BLDTOP. Reviewed-by: Matthias St. Pierre Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12235) --- Configure | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'Configure') diff --git a/Configure b/Configure index 3129a23f9d..b040c48174 100755 --- a/Configure +++ b/Configure @@ -244,6 +244,9 @@ my $local_config_envname = 'OPENSSL_LOCAL_CONFIG_DIR'; $config{sourcedir} = abs2rel($srcdir); $config{builddir} = abs2rel($blddir); +# echo -n 'holy hand grenade of antioch' | openssl sha256 +$config{FIPSKEY} = + 'f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813'; # Collect reconfiguration information if needed my @argvcopy=@ARGV; @@ -934,6 +937,16 @@ while (@argvcopy) push @seed_sources, $x; } } + elsif (/^--fips-key=(.*)$/) + { + $user{FIPSKEY}=lc($1); + die "Non-hex character in FIPS key\n" + if $user{FIPSKEY} =~ /[^a-f0-9]/; + die "FIPS key must have even number of characters\n" + if length $1 & 1; + die "FIPS key too long (64 bytes max)\n" + if length $1 > 64; + } elsif (/^--cross-compile-prefix=(.*)$/) { $user{CROSS_COMPILE}=$1; -- cgit v1.2.1