log = logging.getLogger("multissl")

OPENSSL_OLD_VERSIONS = [

"1.0.2",

]

OPENSSL_RECENT_VERSIONS = [

"1.0.2t",

"1.0.2u",

"1.1.0l",

"1.1.1f",

"1.1.1g",

# "3.0.0-alpha2"

]

LIBRESSL_OLD_VERSIONS = [

help="Keep original sources for debugging."

)

OPENSSL_FIPS_CNF = """\

openssl_conf = openssl_init

.include {self.install_dir}/ssl/fipsinstall.cnf

# .include {self.install_dir}/ssl/openssl.cnf

[openssl_init]

providers = provider_sect

[provider_sect]

fips = fips_sect

default = default_sect

[default_sect]

activate = 1

"""

class AbstractBuilder(object):

library = None

["make", "-j1", self.install_target],

cwd=self.build_dir

)

self._post_install()

if not self.args.keep_sources:

shutil.rmtree(self.build_dir)

def _post_install(self):

pass

def install(self):

log.info(self.openssl_cli)

if not self.has_openssl or self.args.force:

# only install software, skip docs

install_target = 'install_sw'

def _post_install(self):

if self.version.startswith("3.0"):

self._post_install_300()

def _post_install_300(self):

# create ssl/ subdir with example configs

self._subprocess_call(

["make", "-j1", "install_ssldirs"],

cwd=self.build_dir

)

# Install FIPS module

# https://wiki.openssl.org/index.php/OpenSSL_3.0#Completing_the_installation_of_the_FIPS_Module

fipsinstall_cnf = os.path.join(

self.install_dir, "ssl", "fipsinstall.cnf"

)

openssl_fips_cnf = os.path.join(

self.install_dir, "ssl", "openssl-fips.cnf"

)

fips_mod = os.path.join(self.lib_dir, "ossl-modules/fips.so")

self._subprocess_call(

[

self.openssl_cli, "fipsinstall",

"-out", fipsinstall_cnf,

"-module", fips_mod,

"-provider_name", "fips",

"-mac_name", "HMAC",

"-macopt", "digest:SHA256",

"-macopt", "hexkey:00",

"-section_name", "fips_sect"

]

)

with open(openssl_fips_cnf, "w") as f:

f.write(OPENSSL_FIPS_CNF.format(self=self))

class BuildLibreSSL(AbstractBuilder):

library = "LibreSSL"