Configure/Makefile: fix the `-macopt` argument of the fipsinstall command

The FIPS hmac key is provided as a hexadezimal string, which needs to
be be prefixed with `hexkey:`, not `key:`.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13684)

diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
index 065854d2eaa28457194b3d296a8948bbfda8adf2..920c0abfeb85be42e790c459a4ec7684a272fb56 100644 (file)
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
@@ -544,7 +544,7 @@ install_fips: install_sw
        openssl fipsinstall -
                -module ossl_installroot:[MODULES{- $sover_dirname.$target{pointer_size} -}.'arch']$(FIPSMODULENAME) -
                -out ossl_installroot:[MODULES{- $sover_dirname.$target{pointer_size} -}.'arch']$(FIPSMODULENAME).cnf -
        openssl fipsinstall -
                -module ossl_installroot:[MODULES{- $sover_dirname.$target{pointer_size} -}.'arch']$(FIPSMODULENAME) -
                -out ossl_installroot:[MODULES{- $sover_dirname.$target{pointer_size} -}.'arch']$(FIPSMODULENAME).cnf -

-               -macopt "key:$(FIPSKEY)"
+               -macopt "hexkey:$(FIPSKEY)"

 
 uninstall_fips: uninstall_sw
        @ WRITE SYS$OUTPUT "*** Uninstalling FIPS module configuration"
 
 uninstall_fips: uninstall_sw
        @ WRITE SYS$OUTPUT "*** Uninstalling FIPS module configuration"

diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index e2df304061f7d865f5098d31ed37e0a6e15b4def..e7287b6290d68e660f62f510c7341d79a1f86711 100644 (file)
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -590,7 +590,7 @@ install_fips: install_sw
        @$(ECHO) "fipsinstall $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf"
        @openssl fipsinstall -module $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME) \
                -out $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf \
        @$(ECHO) "fipsinstall $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf"
        @openssl fipsinstall -module $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME) \
                -out $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf \

-               -macopt 'key:$(FIPSKEY)'
+               -macopt 'hexkey:$(FIPSKEY)'

 
 uninstall_fips: uninstall_sw
        @$(ECHO) "*** Uninstalling FIPS module configuration"
 
 uninstall_fips: uninstall_sw
        @$(ECHO) "*** Uninstalling FIPS module configuration"

diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
index 2cd003cf89acdde4279def16f260f3efb0709f53..24db68fa06f2effdb9b3993c14d9855588e56d76 100644 (file)
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -475,7 +475,7 @@ install_fips: install_sw
        @$(ECHO) "fipsinstall $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf"
        @openssl fipsinstall -module $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME) \
                -out $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf \
        @$(ECHO) "fipsinstall $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf"
        @openssl fipsinstall -module $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME) \
                -out $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf \

-               -macopt "key:$(FIPSKEY)"
+               -macopt "hexkey:$(FIPSKEY)"

 
 uninstall_fips: uninstall_sw
        @$(ECHO) "*** Uninstalling FIPS module configuration"
 
 uninstall_fips: uninstall_sw
        @$(ECHO) "*** Uninstalling FIPS module configuration"