Date: Fri, 2 Feb 2024 10:29:13 +0000 From: Doug Rabson <dfr@rabson.org> To: "Wall, Stephen" <stephen.wall@redcom.com> Cc: "pkgbase@FreeBSD.org" <pkgbase@freebsd.org> Subject: Re: fips.so file package Message-ID: <CACA0VUjCOgjXLuydOAwyerGzdukww24GHpzscEiRjsFVuStkFQ@mail.gmail.com> In-Reply-To: <MW4PR09MB92842DF1A5647A07CA969A25EE432@MW4PR09MB9284.namprd09.prod.outlook.com> References: <MW4PR09MB92842DF1A5647A07CA969A25EE432@MW4PR09MB9284.namprd09.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--000000000000fa0f2806106395bd Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, 1 Feb 2024 at 16:03, Wall, Stephen <stephen.wall@redcom.com> wrote: > Why does the build place fips.so (the FIPS provider for openssl) in > =E2=80=9CFreeBSD-utilities=E2=80=9D instead of =E2=80=9CFreeBSD-openssl-l= ib=E2=80=9D? Is that an oversight? > > Related =E2=80=93 I=E2=80=99d think openssl.cnf would be better placed in > =E2=80=9CFreeBSD-openssl-lib=E2=80=9D with libcrypto and libssl than in = =E2=80=9CFreeBSD-openssl=E2=80=9D. > > > > (And yes, I know the fips.so built by FreeBSD is not FIPS validated.) > The FreeBSD-utilities package tends to contain anything which is not marked to go in some other package so yes, this is an oversight which could be fixed by adding 'PACKAGE=3D openssl-lib' to secure/lib/libcrypto/modules/fips/Makefile or possibly secure/lib/libcrypto/Makefile.inc. If openssl.cnf is something only used at compile time, that should also go in openssl-lib. > --000000000000fa0f2806106395bd Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">= <div dir=3D"ltr" class=3D"gmail_attr">On Thu, 1 Feb 2024 at 16:03, Wall, St= ephen <<a href=3D"mailto:stephen.wall@redcom.com">stephen.wall@redcom.co= m</a>> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin= :0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-lef= t-color:rgb(204,204,204);padding-left:1ex"><div class=3D"msg716719238870199= 4299"> <div lang=3D"EN-US" style=3D"overflow-wrap: break-word;"> <div class=3D"m_7167192388701994299WordSection1"> <p class=3D"MsoNormal">Why does the build place fips.so (the FIPS provider = for openssl) in =E2=80=9CFreeBSD-utilities=E2=80=9D instead of =E2=80=9CFre= eBSD-openssl-lib=E2=80=9D?=C2=A0 Is that an oversight?<u></u><u></u></p> <p class=3D"MsoNormal">Related =E2=80=93 I=E2=80=99d think openssl.cnf woul= d be better placed in =E2=80=9CFreeBSD-openssl-lib=E2=80=9D with libcrypto = and libssl than in =E2=80=9CFreeBSD-openssl=E2=80=9D.<u></u><u></u></p> <p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p> <p class=3D"MsoNormal">(And yes, I know the fips.so built by FreeBSD is not= FIPS validated.)</p></div></div></div></blockquote><div><br></div><div>The= FreeBSD-utilities package tends to contain anything which is not marked to= go in some other package so yes, this is an oversight which could be fixed= by adding 'PACKAGE=3D openssl-lib' to secure/lib/libcrypto/modules= /fips/Makefile or possibly secure/lib/libcrypto/Makefile.inc. If openssl.cn= f is something only used at compile time, that should also go in openssl-li= b.</div><div><br></div><div>=C2=A0<br></div><blockquote class=3D"gmail_quot= e" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-styl= e:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div class=3D"= msg7167192388701994299"><div lang=3D"EN-US" style=3D"overflow-wrap: break-w= ord;"><div class=3D"m_7167192388701994299WordSection1"> </div> </div> </div></blockquote></div></div> --000000000000fa0f2806106395bd--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACA0VUjCOgjXLuydOAwyerGzdukww24GHpzscEiRjsFVuStkFQ>