util/wrap.pl: use the apps/openssl.cnf from the source tree

The `make install_fips` target failed

    msp@debian:~/src/openssl$ make install_fips
    *** Installing FIPS module
    install providers/fips.so -> /opt/openssl-dev/lib/ossl-modules/fips.so
    *** Installing FIPS module configuration
    fipsinstall /opt/openssl-dev/ssl/fipsmodule.cnf
    FATAL: Startup failure (dev note: apps_startup()) for ./apps/openssl
    ... No such file or directory:crypto/conf/conf_def.c:771:calling stat(fipsmodule.cnf)
    ...
    make: *** [Makefile:3341: install_fips] Error 1

because the `openssl fipsinstall` command was loading a previously installed
configuration file instead of the copy shipped with the source tree.

    msp@debian:~/src/openssl$ strace -f make install_fips |& grep openssl.cnf
    [pid 128683] openat(AT_FDCWD, "/opt/openssl-dev/ssl/openssl.cnf", O_RDONLY) = 3

This issue reveiled a more general problem, which applies to the tests as well:
unless openssl is installed, the openssl app must not use any preinstalled
configuration file. This holds in particular when the preinstalled configuration
file load providers, which caused the above failure.

The most consistent way to achieve this behaviour is to set the OPENSSL_CONF
environment variable to the correct location in the util/wrap.pl perl wrapper.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14136)

diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index ef4fd5f07740334d42b45cfe0dd18560150cd361..1ff418c4c627108f31074fbc3c497bcee5a3520b 100644 (file)
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -1215,7 +1215,8 @@ tar:
 
 # Helper targets #####################################################
 
-link-utils: $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/util/wrap.pl
+link-utils: $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/util/wrap.pl \
+            $(BLDDIR)/apps/openssl.cnf
 
 $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/util/wrap.pl: configdata.pm
        @if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \
@@ -1223,6 +1224,12 @@ $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/util/wrap.pl: configdata.pm
            ln -sf "../$(SRCDIR)/util/`basename "$@"`" "$(BLDDIR)/util"; \
        fi
 
+$(BLDDIR)/apps/openssl.cnf: configdata.pm
+       @if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \
+           mkdir -p "$(BLDDIR)/apps"; \
+           ln -sf "../$(SRCDIR)/apps/`basename "$@"`" "$(BLDDIR)/apps"; \
+       fi
+
 FORCE:
 
 # Building targets ###################################################

diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
index 846c500bef7ec39772adc560d70dcb5e48e99cf8..050d618a23faf9b583cfce25b8bff70440cca34d 100644 (file)
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -594,12 +594,16 @@ uninstall_html_docs:
 
 # Helper targets #####################################################
 
-copy-utils: $(BLDDIR)\util\wrap.pl
+copy-utils: $(BLDDIR)\util\wrap.pl $(BLDDIR)\apps\openssl.cnf
 
 $(BLDDIR)\util\wrap.pl: configdata.pm
        @if NOT EXIST "$(BLDDIR)\util" mkdir "$(BLDDIR)\util"
        @if NOT "$(SRCDIR)"=="$(BLDDIR)" copy "$(SRCDIR)\util\$(@F)" "$(BLDDIR)\util"
 
+$(BLDDIR)\apps\openssl.cnf: configdata.pm
+       @if NOT EXIST "$(BLDDIR)\apps" mkdir "$(BLDDIR)\apps"
+       @if NOT "$(SRCDIR)"=="$(BLDDIR)" copy "$(SRCDIR)\apps\$(@F)" "$(BLDDIR)\apps"
+
 # Building targets ###################################################
 
 configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -}

diff --git a/util/wrap.pl b/util/wrap.pl
index fd24c42c8b3b4270ec8de81f2ab54ac0e31a0f5d..69be06d3029414ad8cfce8a0262329eceef7bdf2 100755 (executable)
--- a/util/wrap.pl
+++ b/util/wrap.pl
@@ -9,12 +9,15 @@ use File::Spec::Functions;
 my $there = canonpath(catdir(dirname($0), updir()));
 my $std_engines = catdir($there, 'engines');
 my $std_providers = catdir($there, 'providers');
+my $std_openssl_conf = catdir($there, 'apps/openssl.cnf');
 my $unix_shlib_wrap = catfile($there, 'util/shlib_wrap.sh');
 
 $ENV{OPENSSL_ENGINES} = $std_engines
     if ($ENV{OPENSSL_ENGINES} // '') eq '' && -d $std_engines;
 $ENV{OPENSSL_MODULES} = $std_providers
     if ($ENV{OPENSSL_MODULES} // '') eq '' && -d $std_providers;
+$ENV{OPENSSL_CONF} = $std_openssl_conf
+    if ($ENV{OPENSSL_CONF} // '') eq '' && -f $std_openssl_conf;
 
 my $use_system = 0;
 my @cmd;