diff options
Diffstat (limited to 'src/lib/libcrypto/util/mk1mf.pl')
-rw-r--r-- | src/lib/libcrypto/util/mk1mf.pl | 404 |
1 files changed, 360 insertions, 44 deletions
diff --git a/src/lib/libcrypto/util/mk1mf.pl b/src/lib/libcrypto/util/mk1mf.pl index 7ba804ce33..4c16f1dc9e 100644 --- a/src/lib/libcrypto/util/mk1mf.pl +++ b/src/lib/libcrypto/util/mk1mf.pl | |||
@@ -15,6 +15,18 @@ my $engines = ""; | |||
15 | local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic | 15 | local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic |
16 | local $zlib_lib = ""; | 16 | local $zlib_lib = ""; |
17 | 17 | ||
18 | local $fips_canister_path = ""; | ||
19 | my $fips_premain_dso_exe_path = ""; | ||
20 | my $fips_premain_c_path = ""; | ||
21 | my $fips_sha1_exe_path = ""; | ||
22 | |||
23 | local $fipscanisterbuild = 0; | ||
24 | local $fipsdso = 0; | ||
25 | |||
26 | my $fipslibdir = ""; | ||
27 | my $baseaddr = ""; | ||
28 | |||
29 | my $ex_l_libs = ""; | ||
18 | 30 | ||
19 | open(IN,"<Makefile") || die "unable to open Makefile!\n"; | 31 | open(IN,"<Makefile") || die "unable to open Makefile!\n"; |
20 | while(<IN>) { | 32 | while(<IN>) { |
@@ -221,6 +233,7 @@ $cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2; | |||
221 | $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; | 233 | $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; |
222 | $cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext; | 234 | $cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext; |
223 | $cflags.=" -DOPENSSL_NO_CMS" if $no_cms; | 235 | $cflags.=" -DOPENSSL_NO_CMS" if $no_cms; |
236 | $cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake; | ||
224 | $cflags.=" -DOPENSSL_NO_CAPIENG" if $no_capieng; | 237 | $cflags.=" -DOPENSSL_NO_CAPIENG" if $no_capieng; |
225 | $cflags.=" -DOPENSSL_NO_ERR" if $no_err; | 238 | $cflags.=" -DOPENSSL_NO_ERR" if $no_err; |
226 | $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; | 239 | $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; |
@@ -229,7 +242,7 @@ $cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa; | |||
229 | $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh; | 242 | $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh; |
230 | $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; | 243 | $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; |
231 | $cflags.=" -DOPENSSL_NO_HW" if $no_hw; | 244 | $cflags.=" -DOPENSSL_NO_HW" if $no_hw; |
232 | 245 | $cflags.=" -DOPENSSL_FIPS" if $fips; | |
233 | $cflags.= " -DZLIB" if $zlib_opt; | 246 | $cflags.= " -DZLIB" if $zlib_opt; |
234 | $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2; | 247 | $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2; |
235 | 248 | ||
@@ -251,9 +264,9 @@ else | |||
251 | 264 | ||
252 | $ex_libs="$l_flags$ex_libs" if ($l_flags ne ""); | 265 | $ex_libs="$l_flags$ex_libs" if ($l_flags ne ""); |
253 | 266 | ||
254 | |||
255 | %shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL", | 267 | %shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL", |
256 | "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO"); | 268 | "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO", |
269 | "FIPS" => " -DOPENSSL_BUILD_SHLIBCRYPTO"); | ||
257 | 270 | ||
258 | if ($msdos) | 271 | if ($msdos) |
259 | { | 272 | { |
@@ -281,11 +294,21 @@ for (;;) | |||
281 | { | 294 | { |
282 | if ($lib ne "") | 295 | if ($lib ne "") |
283 | { | 296 | { |
284 | $uc=$lib; | 297 | if ($fips && $dir =~ /^fips/) |
285 | $uc =~ s/^lib(.*)\.a/$1/; | 298 | { |
286 | $uc =~ tr/a-z/A-Z/; | 299 | $uc = "FIPS"; |
287 | $lib_nam{$uc}=$uc; | 300 | } |
288 | $lib_obj{$uc}.=$libobj." "; | 301 | else |
302 | { | ||
303 | $uc=$lib; | ||
304 | $uc =~ s/^lib(.*)\.a/$1/; | ||
305 | $uc =~ tr/a-z/A-Z/; | ||
306 | } | ||
307 | if (($uc ne "FIPS") || $fipscanisterbuild) | ||
308 | { | ||
309 | $lib_nam{$uc}=$uc; | ||
310 | $lib_obj{$uc}.=$libobj." "; | ||
311 | } | ||
289 | } | 312 | } |
290 | last if ($val eq "FINISHED"); | 313 | last if ($val eq "FINISHED"); |
291 | $lib=""; | 314 | $lib=""; |
@@ -328,11 +351,130 @@ for (;;) | |||
328 | if ($key eq "LIBNAMES" && $dir eq "engines" && $no_static_engine) | 351 | if ($key eq "LIBNAMES" && $dir eq "engines" && $no_static_engine) |
329 | { $engines.=$val } | 352 | { $engines.=$val } |
330 | 353 | ||
354 | if ($key eq "FIPS_EX_OBJ") | ||
355 | { | ||
356 | $fips_ex_obj=&var_add("crypto",$val,0); | ||
357 | } | ||
358 | |||
359 | if ($key eq "FIPSLIBDIR") | ||
360 | { | ||
361 | $fipslibdir=$val; | ||
362 | $fipslibdir =~ s/\/$//; | ||
363 | $fipslibdir =~ s/\//$o/g; | ||
364 | } | ||
365 | |||
366 | if ($key eq "BASEADDR") | ||
367 | { $baseaddr=$val;} | ||
368 | |||
331 | if (!($_=<IN>)) | 369 | if (!($_=<IN>)) |
332 | { $_="RELATIVE_DIRECTORY=FINISHED\n"; } | 370 | { $_="RELATIVE_DIRECTORY=FINISHED\n"; } |
333 | } | 371 | } |
334 | close(IN); | 372 | close(IN); |
335 | 373 | ||
374 | if ($fips) | ||
375 | { | ||
376 | |||
377 | foreach (split " ", $fips_ex_obj) | ||
378 | { | ||
379 | $fips_exclude_obj{$1} = 1 if (/\/([^\/]*)$/); | ||
380 | } | ||
381 | |||
382 | $fips_exclude_obj{"cpu_win32"} = 1; | ||
383 | $fips_exclude_obj{"bn_asm"} = 1; | ||
384 | $fips_exclude_obj{"des_enc"} = 1; | ||
385 | $fips_exclude_obj{"fcrypt_b"} = 1; | ||
386 | $fips_exclude_obj{"aes_core"} = 1; | ||
387 | $fips_exclude_obj{"aes_cbc"} = 1; | ||
388 | |||
389 | my @ltmp = split " ", $lib_obj{"CRYPTO"}; | ||
390 | |||
391 | |||
392 | $lib_obj{"CRYPTO"} = ""; | ||
393 | |||
394 | foreach(@ltmp) | ||
395 | { | ||
396 | if (/\/([^\/]*)$/ && exists $fips_exclude_obj{$1}) | ||
397 | { | ||
398 | if ($fipscanisterbuild) | ||
399 | { | ||
400 | $lib_obj{"FIPS"} .= "$_ "; | ||
401 | } | ||
402 | } | ||
403 | else | ||
404 | { | ||
405 | $lib_obj{"CRYPTO"} .= "$_ "; | ||
406 | } | ||
407 | } | ||
408 | |||
409 | } | ||
410 | |||
411 | if ($fipscanisterbuild) | ||
412 | { | ||
413 | $fips_canister_path = "\$(LIB_D)${o}fipscanister.lib" if $fips_canister_path eq ""; | ||
414 | $fips_premain_c_path = "\$(LIB_D)${o}fips_premain.c"; | ||
415 | } | ||
416 | else | ||
417 | { | ||
418 | if ($fips_canister_path eq "") | ||
419 | { | ||
420 | $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.lib"; | ||
421 | } | ||
422 | |||
423 | if ($fips_premain_c_path eq "") | ||
424 | { | ||
425 | $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c"; | ||
426 | } | ||
427 | } | ||
428 | |||
429 | if ($fips) | ||
430 | { | ||
431 | if ($fips_sha1_exe_path eq "") | ||
432 | { | ||
433 | $fips_sha1_exe_path = | ||
434 | "\$(BIN_D)${o}fips_standalone_sha1$exep"; | ||
435 | } | ||
436 | } | ||
437 | else | ||
438 | { | ||
439 | $fips_sha1_exe_path = ""; | ||
440 | } | ||
441 | |||
442 | if ($fips_premain_dso_exe_path eq "") | ||
443 | { | ||
444 | $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep"; | ||
445 | } | ||
446 | |||
447 | # $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips); | ||
448 | |||
449 | #$ex_l_libs .= " \$(L_FIPS)" if $fipsdso; | ||
450 | |||
451 | if ($fips) | ||
452 | { | ||
453 | if (!$shlib) | ||
454 | { | ||
455 | $ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)"; | ||
456 | $ex_l_libs .= " \$(O_FIPSCANISTER)"; | ||
457 | $ex_libs_dep .= " \$(O_FIPSCANISTER)" if $fipscanisterbuild; | ||
458 | } | ||
459 | if ($fipscanisterbuild) | ||
460 | { | ||
461 | $fipslibdir = "\$(LIB_D)"; | ||
462 | } | ||
463 | else | ||
464 | { | ||
465 | if ($fipslibdir eq "") | ||
466 | { | ||
467 | open (IN, "util/fipslib_path.txt") || fipslib_error(); | ||
468 | $fipslibdir = <IN>; | ||
469 | chomp $fipslibdir; | ||
470 | close IN; | ||
471 | } | ||
472 | fips_check_files($fipslibdir, | ||
473 | "fipscanister.lib", "fipscanister.lib.sha1", | ||
474 | "fips_premain.c", "fips_premain.c.sha1"); | ||
475 | } | ||
476 | } | ||
477 | |||
336 | if ($shlib) | 478 | if ($shlib) |
337 | { | 479 | { |
338 | $extra_install= <<"EOF"; | 480 | $extra_install= <<"EOF"; |
@@ -398,6 +540,7 @@ SRC_D=$src_dir | |||
398 | LINK=$link | 540 | LINK=$link |
399 | LFLAGS=$lflags | 541 | LFLAGS=$lflags |
400 | RSC=$rsc | 542 | RSC=$rsc |
543 | FIPSLINK=\$(PERL) util${o}fipslink.pl | ||
401 | 544 | ||
402 | AES_ASM_OBJ=$aes_asm_obj | 545 | AES_ASM_OBJ=$aes_asm_obj |
403 | AES_ASM_SRC=$aes_asm_src | 546 | AES_ASM_SRC=$aes_asm_src |
@@ -441,6 +584,17 @@ MKLIB=$bin_dir$mklib | |||
441 | MLFLAGS=$mlflags | 584 | MLFLAGS=$mlflags |
442 | ASM=$bin_dir$asm | 585 | ASM=$bin_dir$asm |
443 | 586 | ||
587 | # FIPS validated module and support file locations | ||
588 | |||
589 | E_PREMAIN_DSO=fips_premain_dso | ||
590 | |||
591 | FIPSLIB_D=$fipslibdir | ||
592 | BASEADDR=$baseaddr | ||
593 | FIPS_PREMAIN_SRC=$fips_premain_c_path | ||
594 | O_FIPSCANISTER=$fips_canister_path | ||
595 | FIPS_SHA1_EXE=$fips_sha1_exe_path | ||
596 | PREMAIN_DSO_EXE=$fips_premain_dso_exe_path | ||
597 | |||
444 | ###################################################### | 598 | ###################################################### |
445 | # You should not need to touch anything below this point | 599 | # You should not need to touch anything below this point |
446 | ###################################################### | 600 | ###################################################### |
@@ -448,6 +602,7 @@ ASM=$bin_dir$asm | |||
448 | E_EXE=openssl | 602 | E_EXE=openssl |
449 | SSL=$ssl | 603 | SSL=$ssl |
450 | CRYPTO=$crypto | 604 | CRYPTO=$crypto |
605 | LIBFIPS=libosslfips | ||
451 | 606 | ||
452 | # BIN_D - Binary output directory | 607 | # BIN_D - Binary output directory |
453 | # TEST_D - Binary test file output directory | 608 | # TEST_D - Binary test file output directory |
@@ -468,12 +623,14 @@ INCL_D=\$(TMP_D) | |||
468 | 623 | ||
469 | O_SSL= \$(LIB_D)$o$plib\$(SSL)$shlibp | 624 | O_SSL= \$(LIB_D)$o$plib\$(SSL)$shlibp |
470 | O_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$shlibp | 625 | O_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$shlibp |
626 | O_FIPS= \$(LIB_D)$o$plib\$(LIBFIPS)$shlibp | ||
471 | SO_SSL= $plib\$(SSL)$so_shlibp | 627 | SO_SSL= $plib\$(SSL)$so_shlibp |
472 | SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp | 628 | SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp |
473 | L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp | 629 | L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp |
474 | L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp | 630 | L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp |
631 | L_FIPS= \$(LIB_D)$o$plib\$(LIBFIPS)$libp | ||
475 | 632 | ||
476 | L_LIBS= \$(L_SSL) \$(L_CRYPTO) | 633 | L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs |
477 | 634 | ||
478 | ###################################################### | 635 | ###################################################### |
479 | # Don't touch anything below this point | 636 | # Don't touch anything below this point |
@@ -483,13 +640,13 @@ INC=-I\$(INC_D) -I\$(INCL_D) | |||
483 | APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG) | 640 | APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG) |
484 | LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) | 641 | LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) |
485 | SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG) | 642 | SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG) |
486 | LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) | 643 | LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep |
487 | 644 | ||
488 | ############################################# | 645 | ############################################# |
489 | EOF | 646 | EOF |
490 | 647 | ||
491 | $rules=<<"EOF"; | 648 | $rules=<<"EOF"; |
492 | all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe | 649 | all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) lib exe $ex_build_targets |
493 | 650 | ||
494 | banner: | 651 | banner: |
495 | $banner | 652 | $banner |
@@ -604,6 +761,26 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)"); | |||
604 | $defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj); | 761 | $defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj); |
605 | $rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)'); | 762 | $rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)'); |
606 | 763 | ||
764 | # Special case rules for fips_start and fips_end fips_premain_dso | ||
765 | |||
766 | if ($fips) | ||
767 | { | ||
768 | if ($fipscanisterbuild) | ||
769 | { | ||
770 | $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj", | ||
771 | "fips${o}fips_canister.c", | ||
772 | "-DFIPS_START \$(SHLIB_CFLAGS)"); | ||
773 | $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj", | ||
774 | "fips${o}fips_canister.c", "\$(SHLIB_CFLAGS)"); | ||
775 | } | ||
776 | $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj", | ||
777 | "fips${o}sha${o}fips_standalone_sha1.c", | ||
778 | "\$(SHLIB_CFLAGS)"); | ||
779 | $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj", | ||
780 | "fips${o}fips_premain.c", | ||
781 | "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)"); | ||
782 | } | ||
783 | |||
607 | foreach (values %lib_nam) | 784 | foreach (values %lib_nam) |
608 | { | 785 | { |
609 | $lib_obj=$lib_obj{$_}; | 786 | $lib_obj=$lib_obj{$_}; |
@@ -614,27 +791,41 @@ foreach (values %lib_nam) | |||
614 | $rules.="\$(O_SSL):\n\n"; | 791 | $rules.="\$(O_SSL):\n\n"; |
615 | next; | 792 | next; |
616 | } | 793 | } |
617 | if (($aes_asm_obj ne "") && ($_ eq "CRYPTO")) | 794 | |
618 | { | 795 | if ((!$fips && ($_ eq "CRYPTO")) || ($fips && ($_ eq "FIPS"))) |
619 | $lib_obj =~ s/\s(\S*\/aes_core\S*)/ \$(AES_ASM_OBJ)/; | ||
620 | $lib_obj =~ s/\s\S*\/aes_cbc\S*//; | ||
621 | $rules.=&do_asm_rule($aes_asm_obj,$aes_asm_src); | ||
622 | } | ||
623 | if (($bn_asm_obj ne "") && ($_ eq "CRYPTO")) | ||
624 | { | ||
625 | $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/; | ||
626 | $rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src); | ||
627 | } | ||
628 | if (($bnco_asm_obj ne "") && ($_ eq "CRYPTO")) | ||
629 | { | ||
630 | $lib_obj .= "\$(BNCO_ASM_OBJ)"; | ||
631 | $rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src); | ||
632 | } | ||
633 | if (($des_enc_obj ne "") && ($_ eq "CRYPTO")) | ||
634 | { | 796 | { |
635 | $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/; | 797 | if ($cpuid_asm_obj ne "") |
636 | $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /; | 798 | { |
637 | $rules.=&do_asm_rule($des_enc_obj,$des_enc_src); | 799 | $lib_obj =~ s/(\S*\/cryptlib\S*)/$1 \$(CPUID_ASM_OBJ)/; |
800 | $rules.=&do_asm_rule($cpuid_asm_obj,$cpuid_asm_src); | ||
801 | } | ||
802 | if ($aes_asm_obj ne "") | ||
803 | { | ||
804 | $lib_obj =~ s/\s(\S*\/aes_core\S*)/ \$(AES_ASM_OBJ)/; | ||
805 | $lib_obj =~ s/\s\S*\/aes_cbc\S*//; | ||
806 | $rules.=&do_asm_rule($aes_asm_obj,$aes_asm_src); | ||
807 | } | ||
808 | if ($sha1_asm_obj ne "") | ||
809 | { | ||
810 | $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/; | ||
811 | $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src); | ||
812 | } | ||
813 | if ($bn_asm_obj ne "") | ||
814 | { | ||
815 | $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/; | ||
816 | $rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src); | ||
817 | } | ||
818 | if ($bnco_asm_obj ne "") | ||
819 | { | ||
820 | $lib_obj .= "\$(BNCO_ASM_OBJ)"; | ||
821 | $rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src); | ||
822 | } | ||
823 | if ($des_enc_obj ne "") | ||
824 | { | ||
825 | $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/; | ||
826 | $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /; | ||
827 | $rules.=&do_asm_rule($des_enc_obj,$des_enc_src); | ||
828 | } | ||
638 | } | 829 | } |
639 | if (($bf_enc_obj ne "") && ($_ eq "CRYPTO")) | 830 | if (($bf_enc_obj ne "") && ($_ eq "CRYPTO")) |
640 | { | 831 | { |
@@ -661,21 +852,11 @@ foreach (values %lib_nam) | |||
661 | $lib_obj =~ s/\s(\S*\/md5_dgst\S*)/ $1 \$(MD5_ASM_OBJ)/; | 852 | $lib_obj =~ s/\s(\S*\/md5_dgst\S*)/ $1 \$(MD5_ASM_OBJ)/; |
662 | $rules.=&do_asm_rule($md5_asm_obj,$md5_asm_src); | 853 | $rules.=&do_asm_rule($md5_asm_obj,$md5_asm_src); |
663 | } | 854 | } |
664 | if (($sha1_asm_obj ne "") && ($_ eq "CRYPTO")) | ||
665 | { | ||
666 | $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/; | ||
667 | $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src); | ||
668 | } | ||
669 | if (($rmd160_asm_obj ne "") && ($_ eq "CRYPTO")) | 855 | if (($rmd160_asm_obj ne "") && ($_ eq "CRYPTO")) |
670 | { | 856 | { |
671 | $lib_obj =~ s/\s(\S*\/rmd_dgst\S*)/ $1 \$(RMD160_ASM_OBJ)/; | 857 | $lib_obj =~ s/\s(\S*\/rmd_dgst\S*)/ $1 \$(RMD160_ASM_OBJ)/; |
672 | $rules.=&do_asm_rule($rmd160_asm_obj,$rmd160_asm_src); | 858 | $rules.=&do_asm_rule($rmd160_asm_obj,$rmd160_asm_src); |
673 | } | 859 | } |
674 | if (($cpuid_asm_obj ne "") && ($_ eq "CRYPTO")) | ||
675 | { | ||
676 | $lib_obj =~ s/\s(\S*\/cversion\S*)/ $1 \$(CPUID_ASM_OBJ)/; | ||
677 | $rules.=&do_asm_rule($cpuid_asm_obj,$cpuid_asm_src); | ||
678 | } | ||
679 | $defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj); | 860 | $defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj); |
680 | $lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)"; | 861 | $lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)"; |
681 | $rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib); | 862 | $rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib); |
@@ -690,15 +871,43 @@ if (($platform eq "VC-WIN32") || ($platform eq "VC-NT")) { | |||
690 | \$(OBJ_D)\\\$(SSL).res: ms\\version32.rc | 871 | \$(OBJ_D)\\\$(SSL).res: ms\\version32.rc |
691 | \$(RSC) /fo"\$(OBJ_D)\\\$(SSL).res" /d SSL ms\\version32.rc | 872 | \$(RSC) /fo"\$(OBJ_D)\\\$(SSL).res" /d SSL ms\\version32.rc |
692 | 873 | ||
874 | \$(OBJ_D)\\\$(LIBFIPS).res: ms\\version32.rc | ||
875 | \$(RSC) /fo"\$(OBJ_D)\\\$(LIBFIPS).res" /d FIPS ms\\version32.rc | ||
876 | |||
693 | EOF | 877 | EOF |
694 | } | 878 | } |
695 | 879 | ||
696 | $defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep); | 880 | $defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep); |
697 | foreach (split(/\s+/,$test)) | 881 | foreach (split(/\s+/,$test)) |
698 | { | 882 | { |
883 | my $t_libs; | ||
699 | $t=&bname($_); | 884 | $t=&bname($_); |
885 | my $ltype; | ||
886 | # Check to see if test program is FIPS | ||
887 | if ($fips && /fips/) | ||
888 | { | ||
889 | # If fipsdso link to libosslfips.dll | ||
890 | # otherwise perform static link to | ||
891 | # $(O_FIPSCANISTER) | ||
892 | if ($fipsdso) | ||
893 | { | ||
894 | $t_libs = "\$(L_FIPS)"; | ||
895 | $ltype = 0; | ||
896 | } | ||
897 | else | ||
898 | { | ||
899 | $t_libs = "\$(O_FIPSCANISTER)"; | ||
900 | $ltype = 2; | ||
901 | } | ||
902 | } | ||
903 | else | ||
904 | { | ||
905 | $t_libs = "\$(L_LIBS)"; | ||
906 | $ltype = 0; | ||
907 | } | ||
908 | |||
700 | $tt="\$(OBJ_D)${o}$t${obj}"; | 909 | $tt="\$(OBJ_D)${o}$t${obj}"; |
701 | $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); | 910 | $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","$t_libs \$(EX_LIBS)", $ltype); |
702 | } | 911 | } |
703 | 912 | ||
704 | $defs.=&do_defs("E_SHLIB",$engines,"\$(ENG_D)",$shlibp); | 913 | $defs.=&do_defs("E_SHLIB",$engines,"\$(ENG_D)",$shlibp); |
@@ -712,9 +921,69 @@ foreach (split(/\s+/,$engines)) | |||
712 | 921 | ||
713 | 922 | ||
714 | $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)"); | 923 | $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)"); |
715 | $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)"); | ||
716 | 924 | ||
717 | $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); | 925 | if ($fips) |
926 | { | ||
927 | if ($shlib) | ||
928 | { | ||
929 | if ($fipsdso) | ||
930 | { | ||
931 | $rules.= &do_lib_rule("\$(CRYPTOOBJ)", | ||
932 | "\$(O_CRYPTO)", "$crypto", | ||
933 | $shlib, "", ""); | ||
934 | $rules.= &do_lib_rule( | ||
935 | "\$(O_FIPSCANISTER)", | ||
936 | "\$(O_FIPS)", "\$(LIBFIPS)", | ||
937 | $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)"); | ||
938 | $rules.= &do_sdef_rule(); | ||
939 | } | ||
940 | else | ||
941 | { | ||
942 | $rules.= &do_lib_rule( | ||
943 | "\$(CRYPTOOBJ) \$(O_FIPSCANISTER)", | ||
944 | "\$(O_CRYPTO)", "$crypto", | ||
945 | $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)"); | ||
946 | } | ||
947 | } | ||
948 | else | ||
949 | { | ||
950 | $rules.= &do_lib_rule("\$(CRYPTOOBJ)", | ||
951 | "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", ""); | ||
952 | $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(FIPSOBJ)", | ||
953 | "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", ""); | ||
954 | } | ||
955 | } | ||
956 | else | ||
957 | { | ||
958 | $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib, | ||
959 | "\$(SO_CRYPTO)"); | ||
960 | } | ||
961 | |||
962 | if ($fips) | ||
963 | { | ||
964 | if ($fipscanisterbuild) | ||
965 | { | ||
966 | $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", | ||
967 | "\$(OBJ_D)${o}fips_start$obj", | ||
968 | "\$(FIPSOBJ)", | ||
969 | "\$(OBJ_D)${o}fips_end$obj", | ||
970 | "\$(FIPS_SHA1_EXE)", ""); | ||
971 | $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)", | ||
972 | "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}sha1dgst$obj \$(SHA1_ASM_OBJ)", | ||
973 | "","\$(EX_LIBS)", 1); | ||
974 | } | ||
975 | else | ||
976 | { | ||
977 | $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)", | ||
978 | "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(O_FIPSCANISTER)", | ||
979 | "","", 1); | ||
980 | |||
981 | } | ||
982 | $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1); | ||
983 | |||
984 | } | ||
985 | |||
986 | $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)", ($fips && !$shlib) ? 2 : 0); | ||
718 | 987 | ||
719 | print $defs; | 988 | print $defs; |
720 | 989 | ||
@@ -752,6 +1021,8 @@ sub var_add | |||
752 | return("") if $no_dh && $dir =~ /\/dh/; | 1021 | return("") if $no_dh && $dir =~ /\/dh/; |
753 | return("") if $no_ec && $dir =~ /\/ec/; | 1022 | return("") if $no_ec && $dir =~ /\/ec/; |
754 | return("") if $no_cms && $dir =~ /\/cms/; | 1023 | return("") if $no_cms && $dir =~ /\/cms/; |
1024 | return("") if $no_jpake && $dir =~ /\/jpake/; | ||
1025 | return("") if !$fips && $dir =~ /^fips/; | ||
755 | if ($no_des && $dir =~ /\/des/) | 1026 | if ($no_des && $dir =~ /\/des/) |
756 | { | 1027 | { |
757 | if ($val =~ /read_pwd/) | 1028 | if ($val =~ /read_pwd/) |
@@ -1011,6 +1282,7 @@ sub read_options | |||
1011 | "no-hmac" => \$no_hmac, | 1282 | "no-hmac" => \$no_hmac, |
1012 | "no-asm" => \$no_asm, | 1283 | "no-asm" => \$no_asm, |
1013 | "nasm" => \$nasm, | 1284 | "nasm" => \$nasm, |
1285 | "ml64" => \$ml64, | ||
1014 | "nw-nasm" => \$nw_nasm, | 1286 | "nw-nasm" => \$nw_nasm, |
1015 | "nw-mwasm" => \$nw_mwasm, | 1287 | "nw-mwasm" => \$nw_mwasm, |
1016 | "gaswin" => \$gaswin, | 1288 | "gaswin" => \$gaswin, |
@@ -1018,6 +1290,7 @@ sub read_options | |||
1018 | "no-ssl3" => \$no_ssl3, | 1290 | "no-ssl3" => \$no_ssl3, |
1019 | "no-tlsext" => \$no_tlsext, | 1291 | "no-tlsext" => \$no_tlsext, |
1020 | "no-cms" => \$no_cms, | 1292 | "no-cms" => \$no_cms, |
1293 | "no-jpake" => \$no_jpake, | ||
1021 | "no-capieng" => \$no_capieng, | 1294 | "no-capieng" => \$no_capieng, |
1022 | "no-err" => \$no_err, | 1295 | "no-err" => \$no_err, |
1023 | "no-sock" => \$no_sock, | 1296 | "no-sock" => \$no_sock, |
@@ -1045,6 +1318,9 @@ sub read_options | |||
1045 | "no-shared" => 0, | 1318 | "no-shared" => 0, |
1046 | "no-zlib" => 0, | 1319 | "no-zlib" => 0, |
1047 | "no-zlib-dynamic" => 0, | 1320 | "no-zlib-dynamic" => 0, |
1321 | "fips" => \$fips, | ||
1322 | "fipscanisterbuild" => [\$fips, \$fipscanisterbuild], | ||
1323 | "fipsdso" => [\$fips, \$fipscanisterbuild, \$fipsdso], | ||
1048 | ); | 1324 | ); |
1049 | 1325 | ||
1050 | if (exists $valid_options{$_}) | 1326 | if (exists $valid_options{$_}) |
@@ -1086,6 +1362,18 @@ sub read_options | |||
1086 | {return 1;} | 1362 | {return 1;} |
1087 | return 0; | 1363 | return 0; |
1088 | } | 1364 | } |
1365 | # experimental-xxx is mostly like enable-xxx, but opensslconf.v | ||
1366 | # will still set OPENSSL_NO_xxx unless we set OPENSSL_EXPERIMENTAL_xxx. | ||
1367 | # (No need to fail if we don't know the algorithm -- this is for adventurous users only.) | ||
1368 | elsif (/^experimental-/) | ||
1369 | { | ||
1370 | my $algo, $ALGO; | ||
1371 | ($algo = $_) =~ s/^experimental-//; | ||
1372 | ($ALGO = $algo) =~ tr/[a-z]/[A-Z]/; | ||
1373 | |||
1374 | $xcflags="-DOPENSSL_EXPERIMENTAL_$ALGO $xcflags"; | ||
1375 | |||
1376 | } | ||
1089 | elsif (/^--with-krb5-flavor=(.*)$/) | 1377 | elsif (/^--with-krb5-flavor=(.*)$/) |
1090 | { | 1378 | { |
1091 | my $krb5_flavor = $1; | 1379 | my $krb5_flavor = $1; |
@@ -1109,3 +1397,31 @@ sub read_options | |||
1109 | else { return(0); } | 1397 | else { return(0); } |
1110 | return(1); | 1398 | return(1); |
1111 | } | 1399 | } |
1400 | |||
1401 | sub fipslib_error | ||
1402 | { | ||
1403 | print STDERR "***FIPS module directory sanity check failed***\n"; | ||
1404 | print STDERR "FIPS module build failed, or was deleted\n"; | ||
1405 | print STDERR "Please rebuild FIPS module.\n"; | ||
1406 | exit 1; | ||
1407 | } | ||
1408 | |||
1409 | sub fips_check_files | ||
1410 | { | ||
1411 | my $dir = shift @_; | ||
1412 | my $ret = 1; | ||
1413 | if (!-d $dir) | ||
1414 | { | ||
1415 | print STDERR "FIPS module directory $dir does not exist\n"; | ||
1416 | fipslib_error(); | ||
1417 | } | ||
1418 | foreach (@_) | ||
1419 | { | ||
1420 | if (!-f "$dir${o}$_") | ||
1421 | { | ||
1422 | print STDERR "FIPS module file $_ does not exist!\n"; | ||
1423 | $ret = 0; | ||
1424 | } | ||
1425 | } | ||
1426 | fipslib_error() if ($ret == 0); | ||
1427 | } | ||