1 |
commit: 895d71e3d1c76e283f09143480870a500a889233 |
2 |
Author: Mathieu Tortuyaux <mtortuyaux <AT> microsoft <DOT> com> |
3 |
AuthorDate: Tue Nov 2 12:52:20 2021 +0000 |
4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Nov 2 15:00:10 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=895d71e3 |
7 |
|
8 |
dev-libs/openssl: add `fips` support |
9 |
|
10 |
`FIPS` provider is not enabled by default with OpenSSL version 3. Let's |
11 |
make it optional by adding conditional `fips` internal useflag. |
12 |
|
13 |
See also: https://github.com/openssl/openssl/blob/master/README-FIPS.md |
14 |
|
15 |
Bug: https://bugs.gentoo.org/820173 |
16 |
Package-Manager: Portage-3.0.20, Repoman-3.0.3 |
17 |
Signed-off-by: Mathieu Tortuyaux <mtortuyaux <AT> microsoft.com> |
18 |
Closes: https://github.com/gentoo/gentoo/pull/22796 |
19 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
20 |
|
21 |
dev-libs/openssl/metadata.xml | 1 + |
22 |
dev-libs/openssl/openssl-3.0.0.ebuild | 3 ++- |
23 |
2 files changed, 3 insertions(+), 1 deletion(-) |
24 |
|
25 |
diff --git a/dev-libs/openssl/metadata.xml b/dev-libs/openssl/metadata.xml |
26 |
index a338ff2ba12..e0b7df73655 100644 |
27 |
--- a/dev-libs/openssl/metadata.xml |
28 |
+++ b/dev-libs/openssl/metadata.xml |
29 |
@@ -8,6 +8,7 @@ |
30 |
<use> |
31 |
<flag name="asm">Support assembly hand optimized crypto functions (i.e. faster run time)</flag> |
32 |
<flag name="bindist">Disable/Restrict EC algorithms (as they seem to be patented) -- note: changes the ABI</flag> |
33 |
+ <flag name="fips">Enable FIPS provider</flag> |
34 |
<flag name="ktls">Enable support for Kernel implementation of TLS (kTLS)</flag> |
35 |
<flag name="rfc3779">Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)</flag> |
36 |
<flag name="sslv2">Support for the old/insecure SSLv2 protocol -- note: not required for TLS/https</flag> |
37 |
|
38 |
diff --git a/dev-libs/openssl/openssl-3.0.0.ebuild b/dev-libs/openssl/openssl-3.0.0.ebuild |
39 |
index c7bab83b760..dad6d1b877b 100644 |
40 |
--- a/dev-libs/openssl/openssl-3.0.0.ebuild |
41 |
+++ b/dev-libs/openssl/openssl-3.0.0.ebuild |
42 |
@@ -22,7 +22,7 @@ fi |
43 |
LICENSE="Apache-2.0" |
44 |
SLOT="0/3" # .so version of libssl/libcrypto |
45 |
|
46 |
-IUSE="+asm cpu_flags_x86_sse2 elibc_musl ktls rfc3779 sctp static-libs test tls-compression vanilla" |
47 |
+IUSE="+asm cpu_flags_x86_sse2 elibc_musl fips ktls rfc3779 sctp static-libs test tls-compression vanilla" |
48 |
RESTRICT="!test? ( test )" |
49 |
|
50 |
COMMON_DEPEND=" |
51 |
@@ -171,6 +171,7 @@ multilib_src_configure() { |
52 |
enable-idea |
53 |
enable-mdc2 |
54 |
enable-rc5 |
55 |
+ $(use fips && echo "enable-fips") |
56 |
$(use_ssl asm) |
57 |
$(use_ssl ktls) |
58 |
$(use_ssl rfc3779) |