diff options
| author | Fedor Indutny <fedor@indutny.com> | 2015-06-01 23:49:43 +0200 |
|---|---|---|
| committer | Fedor Indutny <fedor@indutny.com> | 2015-06-11 01:49:20 +0200 |
| commit | 0f68377f69823dd470fdb1ae90287c2ea4f8f404 (patch) | |
| tree | a36b73db087e2ea8e53af103e989a77984706aaa /configure | |
| parent | 53a4eb319893d722cd614bacde98856b1f7c37cb (diff) | |
| download | android-node-v8-0f68377f69823dd470fdb1ae90287c2ea4f8f404.tar.gz android-node-v8-0f68377f69823dd470fdb1ae90287c2ea4f8f404.tar.bz2 android-node-v8-0f68377f69823dd470fdb1ae90287c2ea4f8f404.zip | |
crypto: support FIPS mode of OpenSSL
Support building and running with FIPS-compliant OpenSSL. The process is
following:
1. Download and verify `openssl-fips-x.x.x.tar.gz` from
https://www.openssl.org/source/
2. Extract source to `openssl-fips` folder
3. ``cd openssl-fips && ./config fipscanisterbuild --prefix=`pwd`/out``
(NOTE: On OS X, you may want to run
``./Configure darwin64-x86_64-cc --prefix=`pwd`/out`` if you are going to
build x64-mode io.js)
4. `make -j && make install`
5. Get into io.js checkout folder
6. `./configure --openssl-fips=/path/to/openssl-fips/out`
7. Build io.js with `make -j`
8. Verify with `node -p "process.versions.openssl"` (`1.0.2a-fips`)
Fix: https://github.com/joyent/node/issues/25463
PR-URL: https://github.com/nodejs/io.js/pull/1890
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Diffstat (limited to 'configure')
| -rwxr-xr-x | configure | 28 |
1 files changed, 27 insertions, 1 deletions
@@ -88,6 +88,11 @@ parser.add_option("--openssl-no-asm", dest="openssl_no_asm", help="Do not build optimized assembly for OpenSSL") +parser.add_option('--openssl-fips', + action='store', + dest='openssl_fips', + help='Build OpenSSL using FIPS canister .o file in supplied folder') + shared_optgroup.add_option('--shared-http-parser', action='store_true', dest='shared_http_parser', @@ -720,6 +725,16 @@ def configure_openssl(o): o['variables']['node_use_openssl'] = b(not options.without_ssl) o['variables']['node_shared_openssl'] = b(options.shared_openssl) o['variables']['openssl_no_asm'] = 1 if options.openssl_no_asm else 0 + if options.openssl_fips: + o['variables']['openssl_fips'] = options.openssl_fips + fips_dir = os.path.join(root_dir, 'deps', 'openssl', 'fips') + fips_ld = os.path.abspath(os.path.join(fips_dir, 'fipsld')) + o['make_global_settings'] = [ + ['LINK', fips_ld + ' <(openssl_fips)/bin/fipsld'], + ] + else: + o['variables']['openssl_fips'] = '' + if options.without_ssl: return @@ -1025,10 +1040,21 @@ configure_fullystatic(output) # move everything else to target_defaults variables = output['variables'] del output['variables'] + +# make_global_settings should be a root level element too +if 'make_global_settings' in output: + make_global_settings = output['make_global_settings'] + del output['make_global_settings'] +else: + make_global_settings = False + output = { 'variables': variables, - 'target_defaults': output + 'target_defaults': output, } +if make_global_settings: + output['make_global_settings'] = make_global_settings + pprint.pprint(output, indent=2) write('config.gypi', do_not_edit + |