bpo-38820: Test with OpenSSL 3.0.0-alpha16 (GH-25942)

Also use new make target to install FIPS provider.

Author: tiran

.github/workflows/build.yml

@@ -177,7 +177,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        openssl_ver: [1.1.1k, 3.0.0-alpha15]
+        openssl_ver: [1.1.1k, 3.0.0-alpha16]
     env:
       OPENSSL_VER: ${{ matrix.openssl_ver }}
       MULTISSL_DIR: ${{ github.workspace }}/multissl

Tools/ssl/multissltests.py

@@ -48,7 +48,7 @@
 
 OPENSSL_RECENT_VERSIONS = [
     "1.1.1k",
-    "3.0.0-alpha15"
+    "3.0.0-alpha16"
 ]
 
 LIBRESSL_OLD_VERSIONS = [
@@ -143,23 +143,6 @@
     help="Keep original sources for debugging."
 )
 
-OPENSSL_FIPS_CNF = """\
-openssl_conf = openssl_init
-
-.include {self.install_dir}/ssl/fipsinstall.cnf
-# .include {self.install_dir}/ssl/openssl.cnf
-
-[openssl_init]
-providers = provider_sect
-
-[provider_sect]
-fips = fips_sect
-default = default_sect
-
-[default_sect]
-activate = 1
-"""
-
 
 class AbstractBuilder(object):
     library = None
@@ -304,12 +287,12 @@ def _unpack_src(self):
         log.info("Unpacking files to {}".format(self.build_dir))
         tf.extractall(self.build_dir, members)
 
-    def _build_src(self):
+    def _build_src(self, config_args=()):
         """Now build openssl"""
         log.info("Running build in {}".format(self.build_dir))
         cwd = self.build_dir
         cmd = [
-            "./config",
+            "./config", *config_args,
             "shared", "--debug",
             "--prefix={}".format(self.install_dir)
         ]
@@ -417,35 +400,19 @@ def _post_install(self):
         if self.version.startswith("3.0"):
             self._post_install_300()
 
+    def _build_src(self, config_args=()):
+        if self.version.startswith("3.0"):
+            config_args += ("enable-fips",)
+        super()._build_src(config_args)
+
     def _post_install_300(self):
         # create ssl/ subdir with example configs
-        self._subprocess_call(
-            ["make", "-j1", "install_ssldirs"],
-            cwd=self.build_dir
-        )
         # Install FIPS module
-        # https://wiki.openssl.org/index.php/OpenSSL_3.0#Completing_the_installation_of_the_FIPS_Module
-        fipsinstall_cnf = os.path.join(
-            self.install_dir, "ssl", "fipsinstall.cnf"
-        )
-        openssl_fips_cnf = os.path.join(
-            self.install_dir, "ssl", "openssl-fips.cnf"
-        )
-        fips_mod = os.path.join(self.lib_dir, "ossl-modules/fips.so")
         self._subprocess_call(
-            [
-                self.openssl_cli, "fipsinstall",
-                "-out", fipsinstall_cnf,
-                "-module", fips_mod,
-                # "-provider_name", "fips",
-                # "-mac_name", "HMAC",
-                # "-macopt", "digest:SHA256",
-                # "-macopt", "hexkey:00",
-                # "-section_name", "fips_sect"
-            ]
+            ["make", "-j1", "install_ssldirs", "install_fips"],
+            cwd=self.build_dir
         )
-        with open(openssl_fips_cnf, "w") as f:
-            f.write(OPENSSL_FIPS_CNF.format(self=self))
+
     @property
     def short_version(self):
         """Short version for OpenSSL download URL"""