Date: Fri, 2 Feb 2024 10:29:13 +0000 From: Doug Rabson <dfr@rabson.org> To: "Wall, Stephen" <stephen.wall@redcom.com> Cc: "pkgbase@FreeBSD.org" <pkgbase@freebsd.org> Subject: Re: fips.so file package Message-ID: <CACA0VUjCOgjXLuydOAwyerGzdukww24GHpzscEiRjsFVuStkFQ@mail.gmail.com> In-Reply-To: <MW4PR09MB92842DF1A5647A07CA969A25EE432@MW4PR09MB9284.namprd09.prod.outlook.com> References: <MW4PR09MB92842DF1A5647A07CA969A25EE432@MW4PR09MB9284.namprd09.prod.outlook.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Thu, 1 Feb 2024 at 16:03, Wall, Stephen <stephen.wall@redcom.com> wrote: > Why does the build place fips.so (the FIPS provider for openssl) in > “FreeBSD-utilities” instead of “FreeBSD-openssl-lib”? Is that an oversight? > > Related – I’d think openssl.cnf would be better placed in > “FreeBSD-openssl-lib” with libcrypto and libssl than in “FreeBSD-openssl”. > > > > (And yes, I know the fips.so built by FreeBSD is not FIPS validated.) > The FreeBSD-utilities package tends to contain anything which is not marked to go in some other package so yes, this is an oversight which could be fixed by adding 'PACKAGE= openssl-lib' to secure/lib/libcrypto/modules/fips/Makefile or possibly secure/lib/libcrypto/Makefile.inc. If openssl.cnf is something only used at compile time, that should also go in openssl-lib. > [-- Attachment #2 --] <div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, 1 Feb 2024 at 16:03, Wall, Stephen <<a href="mailto:stephen.wall@redcom.com">stephen.wall@redcom.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div class="msg7167192388701994299"> <div lang="EN-US" style="overflow-wrap: break-word;"> <div class="m_7167192388701994299WordSection1"> <p class="MsoNormal">Why does the build place fips.so (the FIPS provider for openssl) in “FreeBSD-utilities” instead of “FreeBSD-openssl-lib”? Is that an oversight?<u></u><u></u></p> <p class="MsoNormal">Related – I’d think openssl.cnf would be better placed in “FreeBSD-openssl-lib” with libcrypto and libssl than in “FreeBSD-openssl”.<u></u><u></u></p> <p class="MsoNormal"><u></u> <u></u></p> <p class="MsoNormal">(And yes, I know the fips.so built by FreeBSD is not FIPS validated.)</p></div></div></div></blockquote><div><br></div><div>The FreeBSD-utilities package tends to contain anything which is not marked to go in some other package so yes, this is an oversight which could be fixed by adding 'PACKAGE= openssl-lib' to secure/lib/libcrypto/modules/fips/Makefile or possibly secure/lib/libcrypto/Makefile.inc. If openssl.cnf is something only used at compile time, that should also go in openssl-lib.</div><div><br></div><div> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div class="msg7167192388701994299"><div lang="EN-US" style="overflow-wrap: break-word;"><div class="m_7167192388701994299WordSection1"> </div> </div> </div></blockquote></div></div>help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACA0VUjCOgjXLuydOAwyerGzdukww24GHpzscEiRjsFVuStkFQ>