New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fips: allow to customize provider vendor name #24368
base: master
Are you sure you want to change the base?
Conversation
FIPS providers need to specify identifiable names and versions. Allow to customize the fips provider name prefix, via VERSION.dat which already allows to customize version & buildinfo. With this patch in-place it removes the need of patching code to set customized provider name. E.g. echo FIPSVENDOR=ACME >> VERSION.dat, results in ``` $ OPENSSL_CONF=fips-and-base.cnf ../util/wrap.pl ../apps/openssl list -providers --verbose Providers: base name: OpenSSL Base Provider version: 3.4.0 status: active build info: 3.4.0-dev gettable provider parameters: name: pointer to a UTF8 encoded string (arbitrary size) version: pointer to a UTF8 encoded string (arbitrary size) buildinfo: pointer to a UTF8 encoded string (arbitrary size) status: integer (arbitrary size) fips name: ACME OpenSSL FIPS Provider version: 3.4.0 status: active build info: 3.4.0-dev gettable provider parameters: name: pointer to a UTF8 encoded string (arbitrary size) version: pointer to a UTF8 encoded string (arbitrary size) buildinfo: pointer to a UTF8 encoded string (arbitrary size) status: integer (arbitrary size) security-checks: integer (arbitrary size) tls1-prf-ems-check: integer (arbitrary size) drbg-no-trunc-md: integer (arbitrary size) ```
Does this intersect the trademark discussions? |
I'm not aware or part of any discussions. So either this question is not addressed to me, or please make me aware of the context. I am assuming the 37 and 21 submissions mentioning OpenSSL are all in compliance with the trademark policy and/or requested permission to use it. This patch simplifies achieving unique naming of individual builds/submissions. If you prefer this to be "fipsname=" override, rather than prefix-prepend, I can change the patch to do that. |
54a5c15
to
d4f1e00
Compare
Add workflow test that verifies custom FIPSVENDOR name.
It was a note for the @openssl/omc ... |
@@ -360,6 +360,8 @@ $config{release_date} = $version{RELEASE_DATE} // 'xx XXX xxxx'; | |||
|
|||
$config{version} = "$config{major}.$config{minor}.$config{patch}"; | |||
$config{full_version} = "$config{version}$config{prerelease}$config{build_metadata}"; | |||
$config{FIPSVENDOR} = | |||
(defined $version{FIPSVENDOR} ? "$version{FIPSVENDOR} " : "") . "OpenSSL FIPS Provider"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The exact form of this wording needs internal discussion. That might take a while.
Placing a hold on this until internal discussions are held. |
FIPS providers need to specify identifiable names and versions. Allow to customize the fips provider name prefix, via VERSION.dat which already allows to customize version & buildinfo. With this patch in-place it removes the need of patching code to set customized provider name.
E.g. echo FIPSVENDOR=ACME >> VERSION.dat, results in