Configure/Makefile: separate install of the FIPS module

Fixes openssl#13693 Co-authored-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#13684)
Lamoracke1 · Apr 29, 2021 · 5b68918 · 5b68918
1 parent c3bda8a
commit 5b68918
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 8 deletions.
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
@@ -164,12 +164,21 @@ INSTALL_ENGINES={-
                                && $unified_info{attributes}->{modules}->{$_}->{engine} }
                         @{$unified_info{modules}}))
 -}
+INSTALL_FIPS={-
+        join(" \\\n" . ' ' x 16,
+             fill_lines(" ", $COLUMNS - 16,
+                        map { platform->dso($_) }
+                        grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
+                               && $unified_info{attributes}->{modules}->{$_}->{fips} }
+                        @{$unified_info{modules}}))
+-}
 INSTALL_MODULES={-
         join(" \\\n" . ' ' x 16,
              fill_lines(" ", $COLUMNS - 16,
                         map { platform->dso($_) }
                         grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
-                               && !$unified_info{attributes}->{modules}->{$_}->{engine} }
+                               && !$unified_info{attributes}->{modules}->{$_}->{engine}
+                               && !$unified_info{attributes}->{modules}->{$_}->{fips} }
                         @{$unified_info{modules}}))
 -}
 INSTALL_PROGRAMS={-
@@ -585,17 +594,27 @@ install_docs: install_man_docs install_html_docs
 uninstall_docs: uninstall_man_docs uninstall_html_docs
 	$(RM) -r $(DESTDIR)$(DOCDIR)
 
-install_fips: install_sw
+install_fips:
+	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
+	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MODULESDIR)
+	@$(ECHO) "*** Installing FIPS module"
+	@$(ECHO) "install $(INSTALL_FIPS) -> $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)"
+	@cp "$(INSTALL_FIPS)" $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new
+	@chmod 755 $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new
+	@mv -f $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new \
+	       $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)
 	@$(ECHO) "*** Installing FIPS module configuration"
 	@$(ECHO) "fipsinstall $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf"
 	@$(PERL) $(BLDDIR)/util/wrap.pl $(BLDDIR)/apps/openssl fipsinstall \
 		-module $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME) \
 		-out $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf \
 		-macopt 'hexkey:$(FIPSKEY)'
 
-uninstall_fips: uninstall_sw
+uninstall_fips:
 	@$(ECHO) "*** Uninstalling FIPS module configuration"
 	$(RM) $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf
+	@$(ECHO) "*** Uninstalling FIPS module"
+	$(RM) $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)
 
 install_ssldirs:
 	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/certs

diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
@@ -103,10 +103,17 @@ INSTALL_ENGINEPDBS={-
                          && $unified_info{attributes}->{modules}->{$_}->{engine} }
                   @{$unified_info{modules}})
 -}
+INSTALL_FIPS={-
+        join(" ", map { quotify1(platform->dso($_)) }
+                  grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
+                          && $unified_info{attributes}->{modules}->{$_}->{fips} }
+                  @{$unified_info{modules}})
+-}
 INSTALL_MODULES={-
-        join(" ", map { platform->dso($_) }
+        join(" ", map { quotify1(platform->dso($_)) }
                   grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
-                          && !$unified_info{attributes}->{modules}->{$_}->{engine} }
+                          && !$unified_info{attributes}->{modules}->{$_}->{engine}
+                          && !$unified_info{attributes}->{modules}->{$_}->{fips} }
                   @{$unified_info{modules}})
 -}
 INSTALL_MODULEPDBS={-
@@ -470,17 +477,26 @@ install_docs: install_html_docs
 
 uninstall_docs: uninstall_html_docs
 
-install_fips: install_sw
+install_fips:
+#	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
+	@$(PERL) $(SRCDIR)\util\mkdir-p.pl $(MODULESDIR)
+	@$(ECHO) "*** Installing FIPS module"
+	@$(ECHO) "install $(INSTALL_FIPS) -> $(MODULESDIR)\$(FIPSMODULENAME)"
+	@copy "$(INSTALL_FIPS)" $(MODULESDIR)\$(FIPSMODULENAME).new
+	@move /Y $(MODULESDIR)\$(FIPSMODULENAME).new \
+	       $(MODULESDIR)\$(FIPSMODULENAME)
 	@$(ECHO) "*** Installing FIPS module configuration"
-	@$(ECHO) "fipsinstall $(MODULESDIR)\$(FIPSMODULENAME).cnf"
+	@$(ECHO) "fipsinstall $(OPENSSLDIR)\fipsmodule.cnf"
 	@$(PERL) "$(BLDDIR)\util\wrap.pl" "$(BLDDIR)\apps\openssl" fipsinstall \
 		-module "$(MODULESDIR)\$(FIPSMODULENAME)" \
 		-out "$(OPENSSLDIR)\fipsmodule.cnf" \
 		-macopt "hexkey:$(FIPSKEY)"
 
-uninstall_fips: uninstall_sw
+uninstall_fips:
 	@$(ECHO) "*** Uninstalling FIPS module configuration"
 	$(RM) "$(OPENSSLDIR)\fipsmodule.cnf"
+	@$(ECHO) "*** Uninstalling FIPS module"
+	$(RM) "$(MODULESDIR)\$(FIPSMODULENAME)"
 
 install_ssldirs:
 	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\certs"