Gentoo Archives: gentoo-commits

From: Sam James <sam@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/
Date: Tue, 02 Nov 2021 15:01:58
Message-Id: 1635865210.895d71e3d1c76e283f09143480870a500a889233.sam@gentoo
1 commit: 895d71e3d1c76e283f09143480870a500a889233
2 Author: Mathieu Tortuyaux <mtortuyaux <AT> microsoft <DOT> com>
3 AuthorDate: Tue Nov 2 12:52:20 2021 +0000
4 Commit: Sam James <sam <AT> gentoo <DOT> org>
5 CommitDate: Tue Nov 2 15:00:10 2021 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=895d71e3
7
8 dev-libs/openssl: add `fips` support
9
10 `FIPS` provider is not enabled by default with OpenSSL version 3. Let's
11 make it optional by adding conditional `fips` internal useflag.
12
13 See also: https://github.com/openssl/openssl/blob/master/README-FIPS.md
14
15 Bug: https://bugs.gentoo.org/820173
16 Package-Manager: Portage-3.0.20, Repoman-3.0.3
17 Signed-off-by: Mathieu Tortuyaux <mtortuyaux <AT> microsoft.com>
18 Closes: https://github.com/gentoo/gentoo/pull/22796
19 Signed-off-by: Sam James <sam <AT> gentoo.org>
20
21 dev-libs/openssl/metadata.xml | 1 +
22 dev-libs/openssl/openssl-3.0.0.ebuild | 3 ++-
23 2 files changed, 3 insertions(+), 1 deletion(-)
24
25 diff --git a/dev-libs/openssl/metadata.xml b/dev-libs/openssl/metadata.xml
26 index a338ff2ba12..e0b7df73655 100644
27 --- a/dev-libs/openssl/metadata.xml
28 +++ b/dev-libs/openssl/metadata.xml
29 @@ -8,6 +8,7 @@
30 <use>
31 <flag name="asm">Support assembly hand optimized crypto functions (i.e. faster run time)</flag>
32 <flag name="bindist">Disable/Restrict EC algorithms (as they seem to be patented) -- note: changes the ABI</flag>
33 + <flag name="fips">Enable FIPS provider</flag>
34 <flag name="ktls">Enable support for Kernel implementation of TLS (kTLS)</flag>
35 <flag name="rfc3779">Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)</flag>
36 <flag name="sslv2">Support for the old/insecure SSLv2 protocol -- note: not required for TLS/https</flag>
37
38 diff --git a/dev-libs/openssl/openssl-3.0.0.ebuild b/dev-libs/openssl/openssl-3.0.0.ebuild
39 index c7bab83b760..dad6d1b877b 100644
40 --- a/dev-libs/openssl/openssl-3.0.0.ebuild
41 +++ b/dev-libs/openssl/openssl-3.0.0.ebuild
42 @@ -22,7 +22,7 @@ fi
43 LICENSE="Apache-2.0"
44 SLOT="0/3" # .so version of libssl/libcrypto
45
46 -IUSE="+asm cpu_flags_x86_sse2 elibc_musl ktls rfc3779 sctp static-libs test tls-compression vanilla"
47 +IUSE="+asm cpu_flags_x86_sse2 elibc_musl fips ktls rfc3779 sctp static-libs test tls-compression vanilla"
48 RESTRICT="!test? ( test )"
49
50 COMMON_DEPEND="
51 @@ -171,6 +171,7 @@ multilib_src_configure() {
52 enable-idea
53 enable-mdc2
54 enable-rc5
55 + $(use fips && echo "enable-fips")
56 $(use_ssl asm)
57 $(use_ssl ktls)
58 $(use_ssl rfc3779)