diff options
author | Fedor Indutny <fedor@indutny.com> | 2015-06-01 23:49:43 +0200 |
---|---|---|
committer | Fedor Indutny <fedor@indutny.com> | 2015-06-11 01:49:20 +0200 |
commit | 0f68377f69823dd470fdb1ae90287c2ea4f8f404 (patch) | |
tree | a36b73db087e2ea8e53af103e989a77984706aaa /deps/openssl/openssl.gyp | |
parent | 53a4eb319893d722cd614bacde98856b1f7c37cb (diff) | |
download | android-node-v8-0f68377f69823dd470fdb1ae90287c2ea4f8f404.tar.gz android-node-v8-0f68377f69823dd470fdb1ae90287c2ea4f8f404.tar.bz2 android-node-v8-0f68377f69823dd470fdb1ae90287c2ea4f8f404.zip |
crypto: support FIPS mode of OpenSSL
Support building and running with FIPS-compliant OpenSSL. The process is
following:
1. Download and verify `openssl-fips-x.x.x.tar.gz` from
https://www.openssl.org/source/
2. Extract source to `openssl-fips` folder
3. ``cd openssl-fips && ./config fipscanisterbuild --prefix=`pwd`/out``
(NOTE: On OS X, you may want to run
``./Configure darwin64-x86_64-cc --prefix=`pwd`/out`` if you are going to
build x64-mode io.js)
4. `make -j && make install`
5. Get into io.js checkout folder
6. `./configure --openssl-fips=/path/to/openssl-fips/out`
7. Build io.js with `make -j`
8. Verify with `node -p "process.versions.openssl"` (`1.0.2a-fips`)
Fix: https://github.com/joyent/node/issues/25463
PR-URL: https://github.com/nodejs/io.js/pull/1890
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Diffstat (limited to 'deps/openssl/openssl.gyp')
-rw-r--r-- | deps/openssl/openssl.gyp | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/deps/openssl/openssl.gyp b/deps/openssl/openssl.gyp index 5a3dc9b6c7..d5bb16e5e3 100644 --- a/deps/openssl/openssl.gyp +++ b/deps/openssl/openssl.gyp @@ -9,6 +9,7 @@ 'openssl_no_asm%': 0, 'llvm_version%': 0, 'gas_version%': 0, + 'openssl_fips%': 'false', }, 'targets': [ { @@ -21,6 +22,28 @@ ['exclude', 'store/.*$'] ], 'conditions': [ + # FIPS + ['openssl_fips != ""', { + 'defines': [ + 'OPENSSL_FIPS', + ], + 'include_dirs': [ + '<(openssl_fips)/include', + ], + + # Trick fipsld, it expects to see libcrypto.a + 'product_name': 'crypto', + + 'direct_dependent_settings': { + 'defines': [ + 'OPENSSL_FIPS', + ], + 'include_dirs': [ + '<(openssl_fips)/include', + ], + }, + }], + ['openssl_no_asm!=0', { # Disable asm 'defines': [ |