openssl upgrade, v3 fips support

alttch · Jan 16, 2024 · f81a360 · f81a360
1 parent db4f29a
commit f81a360
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 28 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -47,7 +47,7 @@ log = "0.4.14"
 hex = "0.4.2"
 nix = "0.25.0"
 tokio-native-tls = "0.3.0"
-openssl = "0.10.42"
+openssl = "0.10.62"
 async-channel = "1.7.1"
 serde = { version =  "1.0.143", features = ["derive"] }
 serde_yaml = "0.8.26"
@@ -77,7 +77,7 @@ parking_lot = "0.12.1"
 async-trait = "0.1.74"
 eva-sdk = "0.3.10"
 once_cell = "1.18.0"
-eva-common = "0.3.17"
+eva-common = { version = "0.3.22", features = ["services"] }
 
 [features]
 #default = ["server"]
@@ -89,4 +89,5 @@ server = ["base64", "bcrypt", "clap", "clap_derive", "colored", "chrono", "fork"
     "hostname", "hyper", "serde_json", "syslog", "jemallocator", "submap/native-digest"]
 crypto = ["aes-gcm", "rand"]
 openssl-vendored = ["openssl/vendored", "eva-common/openssl-no-fips"]
+openssl3 = ["eva-common/openssl3"]
 std-alloc = []
diff --git a/src/acl.rs b/src/acl.rs
@@ -1,4 +1,3 @@
-// TODO migrate to eva-common when released
 use crate::Error;
 use log::{info, trace};
 use once_cell::sync::Lazy;

diff --git a/src/server.rs b/src/server.rs
@@ -1544,12 +1544,7 @@ fn main() {
             .expect("Unable to parse config path");
         let config: Config = serde_yaml::from_str(&cfg).unwrap();
         if config.proto.fips {
-            #[cfg(not(feature = "openssl-vendored"))]
-            openssl::fips::enable(true).expect("Can not enable OpenSSL FIPS 140");
-            #[cfg(not(feature = "openssl-vendored"))]
-            info!("OpenSSL FIPS 140 enabled");
-            #[cfg(feature = "openssl-vendored")]
-            panic!("FIPS can not be enabled, consider using a native OS distribution");
+            eva_common::services::enable_fips().unwrap();
         }
         if opts.daemonize {
             if let Ok(fork::Fork::Child) = fork::daemon(true, false) {