summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/util/mk1mf.pl
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/util/mk1mf.pl')
-rw-r--r--src/lib/libcrypto/util/mk1mf.pl404
1 files changed, 360 insertions, 44 deletions
diff --git a/src/lib/libcrypto/util/mk1mf.pl b/src/lib/libcrypto/util/mk1mf.pl
index 7ba804ce33..4c16f1dc9e 100644
--- a/src/lib/libcrypto/util/mk1mf.pl
+++ b/src/lib/libcrypto/util/mk1mf.pl
@@ -15,6 +15,18 @@ my $engines = "";
15local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic 15local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic
16local $zlib_lib = ""; 16local $zlib_lib = "";
17 17
18local $fips_canister_path = "";
19my $fips_premain_dso_exe_path = "";
20my $fips_premain_c_path = "";
21my $fips_sha1_exe_path = "";
22
23local $fipscanisterbuild = 0;
24local $fipsdso = 0;
25
26my $fipslibdir = "";
27my $baseaddr = "";
28
29my $ex_l_libs = "";
18 30
19open(IN,"<Makefile") || die "unable to open Makefile!\n"; 31open(IN,"<Makefile") || die "unable to open Makefile!\n";
20while(<IN>) { 32while(<IN>) {
@@ -221,6 +233,7 @@ $cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2;
221$cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; 233$cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3;
222$cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext; 234$cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext;
223$cflags.=" -DOPENSSL_NO_CMS" if $no_cms; 235$cflags.=" -DOPENSSL_NO_CMS" if $no_cms;
236$cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake;
224$cflags.=" -DOPENSSL_NO_CAPIENG" if $no_capieng; 237$cflags.=" -DOPENSSL_NO_CAPIENG" if $no_capieng;
225$cflags.=" -DOPENSSL_NO_ERR" if $no_err; 238$cflags.=" -DOPENSSL_NO_ERR" if $no_err;
226$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; 239$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
@@ -229,7 +242,7 @@ $cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa;
229$cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh; 242$cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh;
230$cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; 243$cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine;
231$cflags.=" -DOPENSSL_NO_HW" if $no_hw; 244$cflags.=" -DOPENSSL_NO_HW" if $no_hw;
232 245$cflags.=" -DOPENSSL_FIPS" if $fips;
233$cflags.= " -DZLIB" if $zlib_opt; 246$cflags.= " -DZLIB" if $zlib_opt;
234$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2; 247$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
235 248
@@ -251,9 +264,9 @@ else
251 264
252$ex_libs="$l_flags$ex_libs" if ($l_flags ne ""); 265$ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
253 266
254
255%shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL", 267%shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL",
256 "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO"); 268 "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO",
269 "FIPS" => " -DOPENSSL_BUILD_SHLIBCRYPTO");
257 270
258if ($msdos) 271if ($msdos)
259 { 272 {
@@ -281,11 +294,21 @@ for (;;)
281 { 294 {
282 if ($lib ne "") 295 if ($lib ne "")
283 { 296 {
284 $uc=$lib; 297 if ($fips && $dir =~ /^fips/)
285 $uc =~ s/^lib(.*)\.a/$1/; 298 {
286 $uc =~ tr/a-z/A-Z/; 299 $uc = "FIPS";
287 $lib_nam{$uc}=$uc; 300 }
288 $lib_obj{$uc}.=$libobj." "; 301 else
302 {
303 $uc=$lib;
304 $uc =~ s/^lib(.*)\.a/$1/;
305 $uc =~ tr/a-z/A-Z/;
306 }
307 if (($uc ne "FIPS") || $fipscanisterbuild)
308 {
309 $lib_nam{$uc}=$uc;
310 $lib_obj{$uc}.=$libobj." ";
311 }
289 } 312 }
290 last if ($val eq "FINISHED"); 313 last if ($val eq "FINISHED");
291 $lib=""; 314 $lib="";
@@ -328,11 +351,130 @@ for (;;)
328 if ($key eq "LIBNAMES" && $dir eq "engines" && $no_static_engine) 351 if ($key eq "LIBNAMES" && $dir eq "engines" && $no_static_engine)
329 { $engines.=$val } 352 { $engines.=$val }
330 353
354 if ($key eq "FIPS_EX_OBJ")
355 {
356 $fips_ex_obj=&var_add("crypto",$val,0);
357 }
358
359 if ($key eq "FIPSLIBDIR")
360 {
361 $fipslibdir=$val;
362 $fipslibdir =~ s/\/$//;
363 $fipslibdir =~ s/\//$o/g;
364 }
365
366 if ($key eq "BASEADDR")
367 { $baseaddr=$val;}
368
331 if (!($_=<IN>)) 369 if (!($_=<IN>))
332 { $_="RELATIVE_DIRECTORY=FINISHED\n"; } 370 { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
333 } 371 }
334close(IN); 372close(IN);
335 373
374if ($fips)
375 {
376
377 foreach (split " ", $fips_ex_obj)
378 {
379 $fips_exclude_obj{$1} = 1 if (/\/([^\/]*)$/);
380 }
381
382 $fips_exclude_obj{"cpu_win32"} = 1;
383 $fips_exclude_obj{"bn_asm"} = 1;
384 $fips_exclude_obj{"des_enc"} = 1;
385 $fips_exclude_obj{"fcrypt_b"} = 1;
386 $fips_exclude_obj{"aes_core"} = 1;
387 $fips_exclude_obj{"aes_cbc"} = 1;
388
389 my @ltmp = split " ", $lib_obj{"CRYPTO"};
390
391
392 $lib_obj{"CRYPTO"} = "";
393
394 foreach(@ltmp)
395 {
396 if (/\/([^\/]*)$/ && exists $fips_exclude_obj{$1})
397 {
398 if ($fipscanisterbuild)
399 {
400 $lib_obj{"FIPS"} .= "$_ ";
401 }
402 }
403 else
404 {
405 $lib_obj{"CRYPTO"} .= "$_ ";
406 }
407 }
408
409 }
410
411if ($fipscanisterbuild)
412 {
413 $fips_canister_path = "\$(LIB_D)${o}fipscanister.lib" if $fips_canister_path eq "";
414 $fips_premain_c_path = "\$(LIB_D)${o}fips_premain.c";
415 }
416else
417 {
418 if ($fips_canister_path eq "")
419 {
420 $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.lib";
421 }
422
423 if ($fips_premain_c_path eq "")
424 {
425 $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c";
426 }
427 }
428
429if ($fips)
430 {
431 if ($fips_sha1_exe_path eq "")
432 {
433 $fips_sha1_exe_path =
434 "\$(BIN_D)${o}fips_standalone_sha1$exep";
435 }
436 }
437 else
438 {
439 $fips_sha1_exe_path = "";
440 }
441
442if ($fips_premain_dso_exe_path eq "")
443 {
444 $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep";
445 }
446
447# $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips);
448
449#$ex_l_libs .= " \$(L_FIPS)" if $fipsdso;
450
451if ($fips)
452 {
453 if (!$shlib)
454 {
455 $ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)";
456 $ex_l_libs .= " \$(O_FIPSCANISTER)";
457 $ex_libs_dep .= " \$(O_FIPSCANISTER)" if $fipscanisterbuild;
458 }
459 if ($fipscanisterbuild)
460 {
461 $fipslibdir = "\$(LIB_D)";
462 }
463 else
464 {
465 if ($fipslibdir eq "")
466 {
467 open (IN, "util/fipslib_path.txt") || fipslib_error();
468 $fipslibdir = <IN>;
469 chomp $fipslibdir;
470 close IN;
471 }
472 fips_check_files($fipslibdir,
473 "fipscanister.lib", "fipscanister.lib.sha1",
474 "fips_premain.c", "fips_premain.c.sha1");
475 }
476 }
477
336if ($shlib) 478if ($shlib)
337 { 479 {
338 $extra_install= <<"EOF"; 480 $extra_install= <<"EOF";
@@ -398,6 +540,7 @@ SRC_D=$src_dir
398LINK=$link 540LINK=$link
399LFLAGS=$lflags 541LFLAGS=$lflags
400RSC=$rsc 542RSC=$rsc
543FIPSLINK=\$(PERL) util${o}fipslink.pl
401 544
402AES_ASM_OBJ=$aes_asm_obj 545AES_ASM_OBJ=$aes_asm_obj
403AES_ASM_SRC=$aes_asm_src 546AES_ASM_SRC=$aes_asm_src
@@ -441,6 +584,17 @@ MKLIB=$bin_dir$mklib
441MLFLAGS=$mlflags 584MLFLAGS=$mlflags
442ASM=$bin_dir$asm 585ASM=$bin_dir$asm
443 586
587# FIPS validated module and support file locations
588
589E_PREMAIN_DSO=fips_premain_dso
590
591FIPSLIB_D=$fipslibdir
592BASEADDR=$baseaddr
593FIPS_PREMAIN_SRC=$fips_premain_c_path
594O_FIPSCANISTER=$fips_canister_path
595FIPS_SHA1_EXE=$fips_sha1_exe_path
596PREMAIN_DSO_EXE=$fips_premain_dso_exe_path
597
444###################################################### 598######################################################
445# You should not need to touch anything below this point 599# You should not need to touch anything below this point
446###################################################### 600######################################################
@@ -448,6 +602,7 @@ ASM=$bin_dir$asm
448E_EXE=openssl 602E_EXE=openssl
449SSL=$ssl 603SSL=$ssl
450CRYPTO=$crypto 604CRYPTO=$crypto
605LIBFIPS=libosslfips
451 606
452# BIN_D - Binary output directory 607# BIN_D - Binary output directory
453# TEST_D - Binary test file output directory 608# TEST_D - Binary test file output directory
@@ -468,12 +623,14 @@ INCL_D=\$(TMP_D)
468 623
469O_SSL= \$(LIB_D)$o$plib\$(SSL)$shlibp 624O_SSL= \$(LIB_D)$o$plib\$(SSL)$shlibp
470O_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$shlibp 625O_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$shlibp
626O_FIPS= \$(LIB_D)$o$plib\$(LIBFIPS)$shlibp
471SO_SSL= $plib\$(SSL)$so_shlibp 627SO_SSL= $plib\$(SSL)$so_shlibp
472SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp 628SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
473L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp 629L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp
474L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp 630L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp
631L_FIPS= \$(LIB_D)$o$plib\$(LIBFIPS)$libp
475 632
476L_LIBS= \$(L_SSL) \$(L_CRYPTO) 633L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs
477 634
478###################################################### 635######################################################
479# Don't touch anything below this point 636# Don't touch anything below this point
@@ -483,13 +640,13 @@ INC=-I\$(INC_D) -I\$(INCL_D)
483APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG) 640APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
484LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) 641LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
485SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG) 642SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
486LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) 643LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep
487 644
488############################################# 645#############################################
489EOF 646EOF
490 647
491$rules=<<"EOF"; 648$rules=<<"EOF";
492all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe 649all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) lib exe $ex_build_targets
493 650
494banner: 651banner:
495$banner 652$banner
@@ -604,6 +761,26 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
604$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj); 761$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
605$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)'); 762$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
606 763
764# Special case rules for fips_start and fips_end fips_premain_dso
765
766if ($fips)
767 {
768 if ($fipscanisterbuild)
769 {
770 $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj",
771 "fips${o}fips_canister.c",
772 "-DFIPS_START \$(SHLIB_CFLAGS)");
773 $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj",
774 "fips${o}fips_canister.c", "\$(SHLIB_CFLAGS)");
775 }
776 $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj",
777 "fips${o}sha${o}fips_standalone_sha1.c",
778 "\$(SHLIB_CFLAGS)");
779 $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj",
780 "fips${o}fips_premain.c",
781 "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)");
782 }
783
607foreach (values %lib_nam) 784foreach (values %lib_nam)
608 { 785 {
609 $lib_obj=$lib_obj{$_}; 786 $lib_obj=$lib_obj{$_};
@@ -614,27 +791,41 @@ foreach (values %lib_nam)
614 $rules.="\$(O_SSL):\n\n"; 791 $rules.="\$(O_SSL):\n\n";
615 next; 792 next;
616 } 793 }
617 if (($aes_asm_obj ne "") && ($_ eq "CRYPTO")) 794
618 { 795 if ((!$fips && ($_ eq "CRYPTO")) || ($fips && ($_ eq "FIPS")))
619 $lib_obj =~ s/\s(\S*\/aes_core\S*)/ \$(AES_ASM_OBJ)/;
620 $lib_obj =~ s/\s\S*\/aes_cbc\S*//;
621 $rules.=&do_asm_rule($aes_asm_obj,$aes_asm_src);
622 }
623 if (($bn_asm_obj ne "") && ($_ eq "CRYPTO"))
624 {
625 $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/;
626 $rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src);
627 }
628 if (($bnco_asm_obj ne "") && ($_ eq "CRYPTO"))
629 {
630 $lib_obj .= "\$(BNCO_ASM_OBJ)";
631 $rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src);
632 }
633 if (($des_enc_obj ne "") && ($_ eq "CRYPTO"))
634 { 796 {
635 $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/; 797 if ($cpuid_asm_obj ne "")
636 $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /; 798 {
637 $rules.=&do_asm_rule($des_enc_obj,$des_enc_src); 799 $lib_obj =~ s/(\S*\/cryptlib\S*)/$1 \$(CPUID_ASM_OBJ)/;
800 $rules.=&do_asm_rule($cpuid_asm_obj,$cpuid_asm_src);
801 }
802 if ($aes_asm_obj ne "")
803 {
804 $lib_obj =~ s/\s(\S*\/aes_core\S*)/ \$(AES_ASM_OBJ)/;
805 $lib_obj =~ s/\s\S*\/aes_cbc\S*//;
806 $rules.=&do_asm_rule($aes_asm_obj,$aes_asm_src);
807 }
808 if ($sha1_asm_obj ne "")
809 {
810 $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/;
811 $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src);
812 }
813 if ($bn_asm_obj ne "")
814 {
815 $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/;
816 $rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src);
817 }
818 if ($bnco_asm_obj ne "")
819 {
820 $lib_obj .= "\$(BNCO_ASM_OBJ)";
821 $rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src);
822 }
823 if ($des_enc_obj ne "")
824 {
825 $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/;
826 $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /;
827 $rules.=&do_asm_rule($des_enc_obj,$des_enc_src);
828 }
638 } 829 }
639 if (($bf_enc_obj ne "") && ($_ eq "CRYPTO")) 830 if (($bf_enc_obj ne "") && ($_ eq "CRYPTO"))
640 { 831 {
@@ -661,21 +852,11 @@ foreach (values %lib_nam)
661 $lib_obj =~ s/\s(\S*\/md5_dgst\S*)/ $1 \$(MD5_ASM_OBJ)/; 852 $lib_obj =~ s/\s(\S*\/md5_dgst\S*)/ $1 \$(MD5_ASM_OBJ)/;
662 $rules.=&do_asm_rule($md5_asm_obj,$md5_asm_src); 853 $rules.=&do_asm_rule($md5_asm_obj,$md5_asm_src);
663 } 854 }
664 if (($sha1_asm_obj ne "") && ($_ eq "CRYPTO"))
665 {
666 $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/;
667 $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src);
668 }
669 if (($rmd160_asm_obj ne "") && ($_ eq "CRYPTO")) 855 if (($rmd160_asm_obj ne "") && ($_ eq "CRYPTO"))
670 { 856 {
671 $lib_obj =~ s/\s(\S*\/rmd_dgst\S*)/ $1 \$(RMD160_ASM_OBJ)/; 857 $lib_obj =~ s/\s(\S*\/rmd_dgst\S*)/ $1 \$(RMD160_ASM_OBJ)/;
672 $rules.=&do_asm_rule($rmd160_asm_obj,$rmd160_asm_src); 858 $rules.=&do_asm_rule($rmd160_asm_obj,$rmd160_asm_src);
673 } 859 }
674 if (($cpuid_asm_obj ne "") && ($_ eq "CRYPTO"))
675 {
676 $lib_obj =~ s/\s(\S*\/cversion\S*)/ $1 \$(CPUID_ASM_OBJ)/;
677 $rules.=&do_asm_rule($cpuid_asm_obj,$cpuid_asm_src);
678 }
679 $defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj); 860 $defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj);
680 $lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)"; 861 $lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)";
681 $rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib); 862 $rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib);
@@ -690,15 +871,43 @@ if (($platform eq "VC-WIN32") || ($platform eq "VC-NT")) {
690\$(OBJ_D)\\\$(SSL).res: ms\\version32.rc 871\$(OBJ_D)\\\$(SSL).res: ms\\version32.rc
691 \$(RSC) /fo"\$(OBJ_D)\\\$(SSL).res" /d SSL ms\\version32.rc 872 \$(RSC) /fo"\$(OBJ_D)\\\$(SSL).res" /d SSL ms\\version32.rc
692 873
874\$(OBJ_D)\\\$(LIBFIPS).res: ms\\version32.rc
875 \$(RSC) /fo"\$(OBJ_D)\\\$(LIBFIPS).res" /d FIPS ms\\version32.rc
876
693EOF 877EOF
694} 878}
695 879
696$defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep); 880$defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep);
697foreach (split(/\s+/,$test)) 881foreach (split(/\s+/,$test))
698 { 882 {
883 my $t_libs;
699 $t=&bname($_); 884 $t=&bname($_);
885 my $ltype;
886 # Check to see if test program is FIPS
887 if ($fips && /fips/)
888 {
889 # If fipsdso link to libosslfips.dll
890 # otherwise perform static link to
891 # $(O_FIPSCANISTER)
892 if ($fipsdso)
893 {
894 $t_libs = "\$(L_FIPS)";
895 $ltype = 0;
896 }
897 else
898 {
899 $t_libs = "\$(O_FIPSCANISTER)";
900 $ltype = 2;
901 }
902 }
903 else
904 {
905 $t_libs = "\$(L_LIBS)";
906 $ltype = 0;
907 }
908
700 $tt="\$(OBJ_D)${o}$t${obj}"; 909 $tt="\$(OBJ_D)${o}$t${obj}";
701 $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); 910 $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","$t_libs \$(EX_LIBS)", $ltype);
702 } 911 }
703 912
704$defs.=&do_defs("E_SHLIB",$engines,"\$(ENG_D)",$shlibp); 913$defs.=&do_defs("E_SHLIB",$engines,"\$(ENG_D)",$shlibp);
@@ -712,9 +921,69 @@ foreach (split(/\s+/,$engines))
712 921
713 922
714$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)"); 923$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
715$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");
716 924
717$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); 925if ($fips)
926 {
927 if ($shlib)
928 {
929 if ($fipsdso)
930 {
931 $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
932 "\$(O_CRYPTO)", "$crypto",
933 $shlib, "", "");
934 $rules.= &do_lib_rule(
935 "\$(O_FIPSCANISTER)",
936 "\$(O_FIPS)", "\$(LIBFIPS)",
937 $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
938 $rules.= &do_sdef_rule();
939 }
940 else
941 {
942 $rules.= &do_lib_rule(
943 "\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
944 "\$(O_CRYPTO)", "$crypto",
945 $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
946 }
947 }
948 else
949 {
950 $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
951 "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
952 $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(FIPSOBJ)",
953 "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", "");
954 }
955 }
956 else
957 {
958 $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,
959 "\$(SO_CRYPTO)");
960 }
961
962if ($fips)
963 {
964 if ($fipscanisterbuild)
965 {
966 $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)",
967 "\$(OBJ_D)${o}fips_start$obj",
968 "\$(FIPSOBJ)",
969 "\$(OBJ_D)${o}fips_end$obj",
970 "\$(FIPS_SHA1_EXE)", "");
971 $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)",
972 "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}sha1dgst$obj \$(SHA1_ASM_OBJ)",
973 "","\$(EX_LIBS)", 1);
974 }
975 else
976 {
977 $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)",
978 "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(O_FIPSCANISTER)",
979 "","", 1);
980
981 }
982 $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1);
983
984 }
985
986$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)", ($fips && !$shlib) ? 2 : 0);
718 987
719print $defs; 988print $defs;
720 989
@@ -752,6 +1021,8 @@ sub var_add
752 return("") if $no_dh && $dir =~ /\/dh/; 1021 return("") if $no_dh && $dir =~ /\/dh/;
753 return("") if $no_ec && $dir =~ /\/ec/; 1022 return("") if $no_ec && $dir =~ /\/ec/;
754 return("") if $no_cms && $dir =~ /\/cms/; 1023 return("") if $no_cms && $dir =~ /\/cms/;
1024 return("") if $no_jpake && $dir =~ /\/jpake/;
1025 return("") if !$fips && $dir =~ /^fips/;
755 if ($no_des && $dir =~ /\/des/) 1026 if ($no_des && $dir =~ /\/des/)
756 { 1027 {
757 if ($val =~ /read_pwd/) 1028 if ($val =~ /read_pwd/)
@@ -1011,6 +1282,7 @@ sub read_options
1011 "no-hmac" => \$no_hmac, 1282 "no-hmac" => \$no_hmac,
1012 "no-asm" => \$no_asm, 1283 "no-asm" => \$no_asm,
1013 "nasm" => \$nasm, 1284 "nasm" => \$nasm,
1285 "ml64" => \$ml64,
1014 "nw-nasm" => \$nw_nasm, 1286 "nw-nasm" => \$nw_nasm,
1015 "nw-mwasm" => \$nw_mwasm, 1287 "nw-mwasm" => \$nw_mwasm,
1016 "gaswin" => \$gaswin, 1288 "gaswin" => \$gaswin,
@@ -1018,6 +1290,7 @@ sub read_options
1018 "no-ssl3" => \$no_ssl3, 1290 "no-ssl3" => \$no_ssl3,
1019 "no-tlsext" => \$no_tlsext, 1291 "no-tlsext" => \$no_tlsext,
1020 "no-cms" => \$no_cms, 1292 "no-cms" => \$no_cms,
1293 "no-jpake" => \$no_jpake,
1021 "no-capieng" => \$no_capieng, 1294 "no-capieng" => \$no_capieng,
1022 "no-err" => \$no_err, 1295 "no-err" => \$no_err,
1023 "no-sock" => \$no_sock, 1296 "no-sock" => \$no_sock,
@@ -1045,6 +1318,9 @@ sub read_options
1045 "no-shared" => 0, 1318 "no-shared" => 0,
1046 "no-zlib" => 0, 1319 "no-zlib" => 0,
1047 "no-zlib-dynamic" => 0, 1320 "no-zlib-dynamic" => 0,
1321 "fips" => \$fips,
1322 "fipscanisterbuild" => [\$fips, \$fipscanisterbuild],
1323 "fipsdso" => [\$fips, \$fipscanisterbuild, \$fipsdso],
1048 ); 1324 );
1049 1325
1050 if (exists $valid_options{$_}) 1326 if (exists $valid_options{$_})
@@ -1086,6 +1362,18 @@ sub read_options
1086 {return 1;} 1362 {return 1;}
1087 return 0; 1363 return 0;
1088 } 1364 }
1365 # experimental-xxx is mostly like enable-xxx, but opensslconf.v
1366 # will still set OPENSSL_NO_xxx unless we set OPENSSL_EXPERIMENTAL_xxx.
1367 # (No need to fail if we don't know the algorithm -- this is for adventurous users only.)
1368 elsif (/^experimental-/)
1369 {
1370 my $algo, $ALGO;
1371 ($algo = $_) =~ s/^experimental-//;
1372 ($ALGO = $algo) =~ tr/[a-z]/[A-Z]/;
1373
1374 $xcflags="-DOPENSSL_EXPERIMENTAL_$ALGO $xcflags";
1375
1376 }
1089 elsif (/^--with-krb5-flavor=(.*)$/) 1377 elsif (/^--with-krb5-flavor=(.*)$/)
1090 { 1378 {
1091 my $krb5_flavor = $1; 1379 my $krb5_flavor = $1;
@@ -1109,3 +1397,31 @@ sub read_options
1109 else { return(0); } 1397 else { return(0); }
1110 return(1); 1398 return(1);
1111 } 1399 }
1400
1401sub fipslib_error
1402 {
1403 print STDERR "***FIPS module directory sanity check failed***\n";
1404 print STDERR "FIPS module build failed, or was deleted\n";
1405 print STDERR "Please rebuild FIPS module.\n";
1406 exit 1;
1407 }
1408
1409sub fips_check_files
1410 {
1411 my $dir = shift @_;
1412 my $ret = 1;
1413 if (!-d $dir)
1414 {
1415 print STDERR "FIPS module directory $dir does not exist\n";
1416 fipslib_error();
1417 }
1418 foreach (@_)
1419 {
1420 if (!-f "$dir${o}$_")
1421 {
1422 print STDERR "FIPS module file $_ does not exist!\n";
1423 $ret = 0;
1424 }
1425 }
1426 fipslib_error() if ($ret == 0);
1427 }