[openssl] support fips build feature (#30916)

* Added option to enable fips build for openssl I only implement and tested it for windows as I have no option to do this under linux * Adjusted port version * Updated to support only for Windows * Corrected Formatting * Corrected SHA for vcpkg x-add-version --all * Changes requested by review Removed the not needed FEATURE FIPS Initialize INSTALL_FIPS as empty * Corrected SHA for vcpkg x-add-version --all * Removed Windows only support * Corrected SHA for vcpkg x-add-version --all * Added "supports": "!static" As the provider conecpts needs dynamic linkage * Corrected SHA for vcpkg x-add-version --all
microsoft · Apr 21, 2023 · 6ffa0fc · 6ffa0fc
1 parent a403a65
commit 6ffa0fc
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 3 deletions.
diff --git a/ports/openssl/portfile.cmake b/ports/openssl/portfile.cmake
@@ -40,6 +40,12 @@ vcpkg_list(SET CONFIGURE_OPTIONS
     no-tests
 )
 
+set(INSTALL_FIPS "")
+if("fips" IN_LIST FEATURES)
+    vcpkg_list(APPEND INSTALL_FIPS install_fips)
+    vcpkg_list(APPEND CONFIGURE_OPTIONS enable-fips)
+endif()
+
 if(VCPKG_LIBRARY_LINKAGE STREQUAL "dynamic")
     vcpkg_list(APPEND CONFIGURE_OPTIONS shared)
 else()

diff --git a/ports/openssl/vcpkg.json b/ports/openssl/vcpkg.json
@@ -1,7 +1,7 @@
 {
   "name": "openssl",
   "version": "3.1.0",
-  "port-version": 1,
+  "port-version": 2,
   "description": "OpenSSL is an open source project that provides a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.",
   "homepage": "https://www.openssl.org",
   "license": "Apache-2.0",
@@ -20,6 +20,10 @@
     }
   ],
   "features": {
+    "fips": {
+      "description": "Enable fips",
+      "supports": "!static"
+    },
     "tools": {
       "description": "Install openssl executable and scripts",
       "supports": "!uwp"

diff --git a/ports/openssl/windows/portfile.cmake b/ports/openssl/windows/portfile.cmake
@@ -77,7 +77,7 @@ vcpkg_build_nmake(
         "LD=${ld}"
         "LDFLAGS=${VCPKG_COMBINED_SHARED_LINKER_FLAGS_DEBUG}"
     PROJECT_NAME "makefile"
-    TARGET install_dev install_modules
+    TARGET install_dev install_modules ${INSTALL_FIPS}
     LOGFILE_ROOT install
     OPTIONS
         "INSTALL_PDBS=${OPENSSL_BUILD_MAKES_PDBS}" # install-pdbs.patch
@@ -125,4 +125,5 @@ file(REMOVE
     "${CURRENT_PACKAGES_DIR}/debug/ct_log_list.cnf.dist"
     "${CURRENT_PACKAGES_DIR}/debug/openssl.cnf"
     "${CURRENT_PACKAGES_DIR}/debug/openssl.cnf.dist"
+    "${CURRENT_PACKAGES_DIR}/debug/fipsmodule.cnf"
 )
diff --git a/versions/baseline.json b/versions/baseline.json
@@ -5882,7 +5882,7 @@
     },
     "openssl": {
       "baseline": "3.1.0",
-      "port-version": 1
+      "port-version": 2
     },
     "openssl-unix": {
       "baseline": "deprecated",

diff --git a/versions/o-/openssl.json b/versions/o-/openssl.json
@@ -1,5 +1,10 @@
 {
   "versions": [
+    {
+      "git-tree": "64fc47730d346ecacc9f948c2c3138363ed8f702",
+      "version": "3.1.0",
+      "port-version": 2
+    },
     {
       "git-tree": "b123beef6759b490ff8679b5cd4db0f721a2808a",
       "version": "3.1.0",