Mimi,
On Tue, Aug 04, 2020 at 08:05:31AM -0400, Mimi Zohar wrote:
> The openssl version might not have gost openssl engine support.
> Download from source, rebuild and install local version.
>
> Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
> ---
> .travis.yml | 10 ++++++++++
> tests/install-gost-engine.sh | 10 ++++++++++
> 2 files changed, 20 insertions(+)
> create mode 100755 tests/install-gost-engine.sh
>
> diff --git a/.travis.yml b/.travis.yml
> index 11a827c02f0a..887f6bbea9b9 100644
> --- a/.travis.yml
> +++ b/.travis.yml
> @@ -15,6 +15,13 @@ matrix:
> include:
> - env: TSS=ibmtss
> - env: TSS=tpm2-tss
> +
> +before_install:
> + - if [ "${SSL}" = "openssl" ]; then
> + ./tests/install-gost-engine.sh;
> + openssl version;
> + fi
> +
> install:
> - if [ "${TSS}" = "tpm2-tss" ]; then
> sudo apt-get install lcov pandoc autoconf-archive liburiparser-dev;
> @@ -30,6 +37,9 @@ install:
> script:
> - export LD_LIBRARY_PATH=/usr/local/lib64:/usr/local/lib;
> - export PATH=$PATH:/usr/local/bin;
> + - if [ "${SSL}" = "openssl" ]; then
> + export OPENSSL_ENGINES="$OPENSSL_ENGINES:$PWD/engines/bin";
Should be `export OPENSSL_ENGINES=$PWD/engines/bin` since
OPENSSL_ENGINES is not PATH-like variable, but just a path to engines
dir.
Thanks,
> + fi
> - autoreconf -i && ./configure && make -j$(nproc) && sudo make install && VERBOSE=1 make check;
>
> - tail -3 tests/ima_hash.log;
> diff --git a/tests/install-gost-engine.sh b/tests/install-gost-engine.sh
> new file mode 100755
> index 000000000000..2563aa4953f7
> --- /dev/null
> +++ b/tests/install-gost-engine.sh
> @@ -0,0 +1,10 @@
> +#!/bin/sh
> +
> +openssl version
> +
> +git clone --branch openssl_1_1_0 https://github.com/gost-engine/engine.git
> +cd engine
> +cmake .
> +cmake --build .
> +# note: install target is missing, later set the environment variable.
> +cd ..
> --
> 2.18.4
>
