Revert to building openssl

DataDog · Dec 3, 2024 · 3b6c7e2 · 3b6c7e2
1 parent f7d5b4e
commit 3b6c7e2
Showing 1 changed file with 56 additions and 26 deletions.
diff --git a/.github/workflows/test-fips.yml b/.github/workflows/test-fips.yml
@@ -61,37 +61,63 @@ jobs:
         && make \
         && sudo make install
 
-    - name: Download and Extract OpenSSL and FIPS Module
+    - name: Configure Visual Studio Environment
       if: runner.os == 'Windows'
       shell: powershell
       run: |
-        # Define URLs for OpenSSL and FIPS module
-        $OpenSSLUrl = "https://agent-ints-python-build-sandbox.s3.eu-north-1.amazonaws.com/openssl-windows-openssl-3.0.15-amd64-5BD585.zip"
-        $FIPSModuleUrl = "https://agent-ints-python-build-sandbox.s3.eu-north-1.amazonaws.com/fips-windows-openssl-3.0.9-amd64-118D97.zip"
-        
-        # Download OpenSSL
-        Invoke-WebRequest -Uri $OpenSSLUrl -OutFile openssl.zip
-        Expand-Archive -Path openssl.zip -DestinationPath "C:\Program Files\OpenSSL" -Force
-        Remove-Item -Path openssl.zip
-
-        # Download FIPS Module
-        Invoke-WebRequest -Uri $FIPSModuleUrl -OutFile fipsmodule.zip
-        if (-Not (Test-Path "C:\Program Files\OpenSSL\lib\ossl-modules")) {
-          New-Item -ItemType Directory -Path "C:\Program Files\OpenSSL\lib\ossl-modules"
-        }
-        Expand-Archive -Path fipsmodule.zip -DestinationPath "C:\Program Files\OpenSSL\lib\ossl-modules" -Force
-        Remove-Item -Path fipsmodule.zip
+        # Find Visual Studio installation path
+        $vswherePath = "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe"
+        $vsInstallPath = & $vswherePath -latest -products * -requires Microsoft.Component.MSBuild -property installationPath
+        $vsDevCmd = "$vsInstallPath\Common7\Tools\VsDevCmd.bat"
+        & $vsDevCmd
 
-        if (-Not (Test-Path "C:\Program Files\OpenSSL\ssl")) {
-          New-Item -ItemType Directory -Path "C:\Program Files\OpenSSL\ssl"
+    - name: Install NASM (Required for OpenSSL)
+      if: runner.os == 'Windows'
+      shell: powershell
+      run: |
+        # Install NASM if not already available
+        if (-Not (Get-Command nasm -ErrorAction SilentlyContinue)) {
+          choco install nasm -y
         }
-        Move-Item -Path "C:\Program Files\OpenSSL\lib\ossl-modules\fipsmodule.cnf" -Destination "C:\Program Files\OpenSSL\ssl\fipsmodule.cnf" -Force
 
-    - name: Configure OpenSSL FIPS
+    - name: Download OpenSSL and FIPS Provider
+      if: runner.os == 'Windows'
+      shell: powershell
+      run: |
+        # Set versions and download sources
+        $OpenSSLVersion = "3.0.15"
+        $FIPSVersion = "3.0.9"
+
+        Invoke-WebRequest -Uri "https://github.com/openssl/openssl/releases/download/openssl-${OPENSSLVersion}/openssl-${OpenSSLVersion}.tar.gz" -OutFile openssl.tar.gz
+        Invoke-WebRequest -Uri "https://github.com/openssl/openssl/releases/download/openssl-${FIPSVersion}/openssl-${FIPSVersion}.tar.gz" -OutFile fipsmodule.tar.gz
+        New-Item -ItemType Directory -Path openssl
+        New-Item -ItemType Directory -Path fipsmodule
+        tar -xzf openssl.tar.gz -C openssl
+        tar -xzf fipsmodule.tar.gz -C fipsmodule
+
+    - name: Build and Install FIPS Provider
+      if: runner.os == 'Windows'
+      shell: powershell
+      run: |
+        cd fipsmodule
+        perl Configure VC-WIN64A enable-fips
+        nmake
+        nmake install
+
+    - name: Build and Install OpenSSL with FIPS
       if: runner.os == 'Windows'
       shell: powershell
       run: |
-        # Create openssl.cnf file
+        cd openssl
+        perl Configure VC-WIN64A enable-fips
+        nmake
+        nmake install
+
+    - name: Configure OpenSSL for FIPS
+      if: runner.os == 'Windows'
+      shell: powershell
+      run: |
+        # Create openssl.cnf to enable FIPS mode
         $OpenSSLConf = @"
         config_diagnostics = 1
         openssl_conf = openssl_init
@@ -114,14 +140,18 @@ jobs:
         "@
         $OpenSSLConf | Set-Content -Path "C:\Program Files\OpenSSL\ssl\openssl.cnf"
 
-    - name: Verify OpenSSL and FIPS
+    - name: Verify OpenSSL with FIPS
       if: runner.os == 'Windows'
       shell: powershell
       run: |
+        # Set environment variables
         [Environment]::SetEnvironmentVariable("OPENSSL_CONF", "C:\Program Files\OpenSSL\ssl\openssl.cnf", "Process")
-
-        & "C:\Program Files\OpenSSL\openssl.exe" version -a
-        & "C:\Program Files\OpenSSL\openssl.exe" list -providers
+        [Environment]::SetEnvironmentVariable("OPENSSL_FIPS", "1", "Process")
+        
+        # Verify OpenSSL installation and FIPS mode
+        & "C:\Program Files\OpenSSL\bin\openssl.exe" version -a
+        & "C:\Program Files\OpenSSL\bin\openssl.exe" list -providers
+        & "C:\Program Files\OpenSSL\bin\openssl.exe" list -properties
 
     - name: Install Cryptography
       run: pip install cryptography