From 4f828b924f54507141fb95ebe49dfcd261945e85 Mon Sep 17 00:00:00 2001 From: djm <> Date: Tue, 27 Jun 2006 05:05:40 +0000 Subject: import of openssl-0.9.7j --- src/lib/libcrypto/util/checkhash.pl | 222 ++++++++++++++++++++ src/lib/libcrypto/util/fipslink.pl | 78 +++++++ src/lib/libcrypto/util/libeay.num | 42 +++- src/lib/libcrypto/util/mk1mf.pl | 337 +++++++++++++++++++++++++------ src/lib/libcrypto/util/mkdef.pl | 11 +- src/lib/libcrypto/util/mkfiles.pl | 17 +- src/lib/libcrypto/util/mklink.pl | 7 +- src/lib/libcrypto/util/pl/BC-32.pl | 14 +- src/lib/libcrypto/util/pl/OS2-EMX.pl | 1 + src/lib/libcrypto/util/pl/VC-32-GMAKE.pl | 222 ++++++++++++++++++++ src/lib/libcrypto/util/pl/VC-32.pl | 99 +++++++-- src/lib/libcrypto/util/pod2man.pl | 1 + src/lib/libcrypto/util/selftest.pl | 26 ++- 13 files changed, 976 insertions(+), 101 deletions(-) create mode 100644 src/lib/libcrypto/util/checkhash.pl create mode 100644 src/lib/libcrypto/util/fipslink.pl create mode 100644 src/lib/libcrypto/util/pl/VC-32-GMAKE.pl (limited to 'src/lib/libcrypto/util') diff --git a/src/lib/libcrypto/util/checkhash.pl b/src/lib/libcrypto/util/checkhash.pl new file mode 100644 index 0000000000..c61fa72178 --- /dev/null +++ b/src/lib/libcrypto/util/checkhash.pl @@ -0,0 +1,222 @@ +#!/usr/bin/env perl -w + +my $package = caller; + +if (!(defined $package)) + { + my $retval = check_hashes(@ARGV); + exit $retval; + } + +1; + +sub check_hashes + { + + my @args = @_; + + my $change_dir = ""; + my $check_program = "sha/fips_standalone_sha1"; + + my $verbose = 0; + my $badfiles = 0; + my $rebuild = 0; + my $force_rewrite = 0; + my $hash_file = "fipshashes.c"; + my $recurse = 0; + + my @fingerprint_files; + + while (@args) + { + my $arg = $args[0]; + if ($arg eq "-chdir") + { + shift @args; + $change_dir = shift @args; + } + elsif ($arg eq "-rebuild") + { + shift @args; + $rebuild = 1; + } + elsif ($arg eq "-verbose") + { + shift @args; + $verbose = 1; + } + elsif ($arg eq "-force-rewrite") + { + shift @args; + $force_rewrite = 1; + } + elsif ($arg eq "-hash_file") + { + shift @args; + $hash_file = shift @args; + } + elsif ($arg eq "-recurse") + { + shift @args; + $recurse = 1; + } + elsif ($arg eq "-program_path") + { + shift @args; + $check_program = shift @args; + } + else + { + print STDERR "Unknown Option $arg"; + return 1; + } + + } + + chdir $change_dir if $change_dir ne ""; + + if ($recurse) + { + @fingerprint_files = ("fingerprint.sha1", + <*/fingerprint.sha1>); + } + else + { + push @fingerprint_files, $hash_file; + } + + foreach $fp (@fingerprint_files) + { + if (!open(IN, "$fp")) + { + print STDERR "Can't open file $fp"; + return 1; + } + print STDERR "Opening Fingerprint file $fp\n" if $verbose; + my $dir = $fp; + $dir =~ s/[^\/]*$//; + while () + { + chomp; + if (!(($file, $hash) = /^\"HMAC-SHA1\((.*)\)\s*=\s*(\w*)\",$/)) + { + /^\"/ || next; + print STDERR "FATAL: Invalid syntax in file $fp\n"; + print STDERR "Line:\n$_\n"; + fatal_error(); + return 1; + } + if (!$rebuild && length($hash) != 40) + { + print STDERR "FATAL: Invalid hash length in $fp for file $file\n"; + fatal_error(); + return 1; + } + push @hashed_files, "$dir$file"; + if (exists $hashes{"$dir$file"}) + { + print STDERR "FATAL: Duplicate Hash file $dir$file\n"; + fatal_error(); + return 1; + } + if (! -r "$dir$file") + { + print STDERR "FATAL: Can't access $dir$file\n"; + fatal_error(); + return 1; + } + $hashes{"$dir$file"} = $hash; + } + close IN; + } + + @checked_hashes = `$check_program @hashed_files`; + + if ($? != 0) + { + print STDERR "Error running hash program $check_program\n"; + fatal_error(); + return 1; + } + + if (@checked_hashes != @hashed_files) + { + print STDERR "FATAL: hash count incorrect\n"; + fatal_error(); + return 1; + } + + foreach (@checked_hashes) + { + chomp; + if (!(($file, $hash) = /^HMAC-SHA1\((.*)\)\s*=\s*(\w*)$/)) + { + print STDERR "FATAL: Invalid syntax in file $fp\n"; + print STDERR "Line:\n$_\n"; + fatal_error(); + return 1; + } + if (length($hash) != 40) + { + print STDERR "FATAL: Invalid hash length for file $file\n"; + fatal_error(); + return 1; + } + if ($hash ne $hashes{$file}) + { + if ($rebuild) + { + print STDERR "Updating hash on file $file\n"; + $hashes{$file} = $hash; + } + else + { + print STDERR "Hash check failed for file $file\n"; + } + $badfiles++; + } + elsif ($verbose) + { print "Hash Check OK for $file\n";} + } + + + if ($badfiles && !$rebuild) + { + print STDERR "FATAL: hash mismatch on $badfiles files\n"; + fatal_error(); + return 1; + } + + if ($badfiles || $force_rewrite) + { + print "Updating Hash file $hash_file\n"; + if (!open(OUT, ">$hash_file")) + { + print STDERR "Error rewriting $hash_file"; + return 1; + } + print OUT "const char * const FIPS_source_hashes[] = {\n"; + foreach (@hashed_files) + { + print OUT "\"HMAC-SHA1($_)= $hashes{$_}\",\n"; + } + print OUT "};\n"; + close OUT; + } + + if (!$badfiles) + { + print "FIPS hash check successful\n"; + } + + return 0; + + } + + +sub fatal_error + { + print STDERR "*** Your source code does not match the FIPS validated source ***\n"; + } + + diff --git a/src/lib/libcrypto/util/fipslink.pl b/src/lib/libcrypto/util/fipslink.pl new file mode 100644 index 0000000000..a893833c5c --- /dev/null +++ b/src/lib/libcrypto/util/fipslink.pl @@ -0,0 +1,78 @@ +#!/usr/bin/perl + +sub check_env + { + my @ret; + foreach (@_) + { + die "Environment variable $_ not defined!\n" unless exists $ENV{$_}; + push @ret, $ENV{$_}; + } + return @ret; + } + + +my ($fips_cc,$fips_cc_args, $fips_link,$fips_target, $fips_libdir, $sha1_exe) + = check_env("FIPS_CC", "FIPS_CC_ARGS", "FIPS_LINK", "FIPS_TARGET", + "FIPSLIB_D", "FIPS_SHA1_EXE"); + + + +if (exists $ENV{"PREMAIN_DSO_EXE"}) + { + $fips_premain_dso = $ENV{"PREMAIN_DSO_EXE"}; + } + else + { + $fips_premain_dso = ""; + } + +check_hash($sha1_exe, "fips_premain.c"); +check_hash($sha1_exe, "fipscanister.o"); + + +print "Integrity check OK\n"; + +print "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c\n"; +system "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c"; +die "First stage Compile failure" if $? != 0; + +print "$fips_link @ARGV\n"; +system "$fips_link @ARGV"; +die "First stage Link failure" if $? != 0; + + +print "$fips_premain_dso $fips_target\n"; +$fips_hash=`$fips_premain_dso $fips_target`; +chomp $fips_hash; +die "Get hash failure" if $? != 0; + + +print "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c\n"; +system "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c"; +die "Second stage Compile failure" if $? != 0; + + +print "$fips_link @ARGV\n"; +system "$fips_link @ARGV"; +die "Second stage Link failure" if $? != 0; + +sub check_hash + { + my ($sha1_exe, $filename) = @_; + my ($hashfile, $hashval); + + open(IN, "${fips_libdir}/${filename}.sha1") || die "Cannot open file hash file ${fips_libdir}/${filename}.sha1"; + $hashfile = ; + close IN; + $hashval = `$sha1_exe ${fips_libdir}/$filename`; + chomp $hashfile; + chomp $hashval; + $hashfile =~ s/^.*=\s+//; + $hashval =~ s/^.*=\s+//; + die "Invalid hash syntax in file" if (length($hashfile) != 40); + die "Invalid hash received for file" if (length($hashval) != 40); + die "***HASH VALUE MISMATCH FOR FILE $filename ***" if ($hashval ne $hashfile); + } + + diff --git a/src/lib/libcrypto/util/libeay.num b/src/lib/libcrypto/util/libeay.num index 56fb7446e0..4222bef6d6 100644 --- a/src/lib/libcrypto/util/libeay.num +++ b/src/lib/libcrypto/util/libeay.num @@ -2811,7 +2811,7 @@ EVP_aes_192_cfb8 3252 EXIST::FUNCTION:AES FIPS_mode_set 3253 EXIST:OPENSSL_FIPS:FUNCTION: FIPS_selftest_dsa 3254 EXIST:OPENSSL_FIPS:FUNCTION: EVP_aes_256_cfb8 3255 EXIST::FUNCTION:AES -FIPS_allow_md5 3256 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_allow_md5 3256 NOEXIST::FUNCTION: DES_ede3_cfb_encrypt 3257 EXIST::FUNCTION:DES EVP_des_ede3_cfb8 3258 EXIST::FUNCTION:DES FIPS_rand_seeded 3259 EXIST:OPENSSL_FIPS:FUNCTION: @@ -2837,7 +2837,7 @@ FIPS_dsa_check 3278 EXIST:OPENSSL_FIPS:FUNCTION: AES_cfb1_encrypt 3279 EXIST::FUNCTION:AES EVP_des_ede3_cfb1 3280 EXIST::FUNCTION:DES FIPS_rand_check 3281 EXIST:OPENSSL_FIPS:FUNCTION: -FIPS_md5_allowed 3282 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_md5_allowed 3282 NOEXIST::FUNCTION: FIPS_mode 3283 EXIST:OPENSSL_FIPS:FUNCTION: FIPS_selftest_failed 3284 EXIST:OPENSSL_FIPS:FUNCTION: sk_is_sorted 3285 EXIST::FUNCTION: @@ -2867,3 +2867,41 @@ PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: PROXY_POLICY_free 3308 EXIST::FUNCTION: PROXY_POLICY_new 3309 EXIST::FUNCTION: +BN_MONT_CTX_set_locked 3310 EXIST::FUNCTION: +FIPS_selftest_rng 3311 EXIST:OPENSSL_FIPS:FUNCTION: +EVP_sha384 3312 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512 +EVP_sha512 3313 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512 +EVP_sha224 3314 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256 +EVP_sha256 3315 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256 +FIPS_selftest_hmac 3316 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_corrupt_rng 3317 EXIST:OPENSSL_FIPS:FUNCTION: +BN_mod_exp_mont_consttime 3318 EXIST::FUNCTION: +RSA_X931_hash_id 3319 EXIST::FUNCTION:RSA +RSA_padding_check_X931 3320 EXIST::FUNCTION:RSA +RSA_verify_PKCS1_PSS 3321 EXIST::FUNCTION:RSA +RSA_padding_add_X931 3322 EXIST::FUNCTION:RSA +RSA_padding_add_PKCS1_PSS 3323 EXIST::FUNCTION:RSA +PKCS1_MGF1 3324 EXIST::FUNCTION:RSA +BN_X931_generate_Xpq 3325 EXIST:OPENSSL_FIPS:FUNCTION: +RSA_X931_generate_key 3326 EXIST:OPENSSL_FIPS:FUNCTION:RSA +BN_X931_derive_prime 3327 EXIST:OPENSSL_FIPS:FUNCTION: +BN_X931_generate_prime 3328 EXIST:OPENSSL_FIPS:FUNCTION: +RSA_X931_derive 3329 EXIST:OPENSSL_FIPS:FUNCTION:RSA +SHA512_Update 3356 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512 +SHA256_Init 3479 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256 +SHA224 3510 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256 +SHA384_Update 3551 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512 +SHA224_Final 3560 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256 +SHA224_Update 3562 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256 +SHA512_Final 3581 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512 +SHA224_Init 3631 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256 +SHA512_Init 3633 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512 +SHA256 3654 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256 +SHA256_Transform 3664 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256 +SHA512 3669 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512 +SHA512_Transform 3675 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512 +SHA256_Final 3712 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256 +SHA384_Init 3737 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512 +SHA384_Final 3740 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512 +SHA384 3745 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512 +SHA256_Update 3765 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256 diff --git a/src/lib/libcrypto/util/mk1mf.pl b/src/lib/libcrypto/util/mk1mf.pl index 957264c6b5..05a6086164 100644 --- a/src/lib/libcrypto/util/mk1mf.pl +++ b/src/lib/libcrypto/util/mk1mf.pl @@ -10,6 +10,20 @@ $OPTIONS=""; $ssl_version=""; $banner="\t\@echo Building OpenSSL"; +local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic +local $zlib_lib = ""; + +my $fips_canister_path = ""; +my $fips_premain_dso_exe_path = ""; +my $fips_premain_c_path = ""; +my $fips_sha1_exe_path = ""; + +my $fipslibdir = ""; +my $baseaddr = ""; + +my $ex_l_libs = ""; + + open(IN,") { $ssl_version=$1 if (/^VERSION=(.*)$/); @@ -24,6 +38,7 @@ $infile="MINFO"; %ops=( "VC-WIN32", "Microsoft Visual C++ [4-6] - Windows NT or 9X", + "VC-WIN32-GMAKE", "Microsoft Visual C++ [4-6] - Windows NT or 9X, GNU make", "VC-CE", "Microsoft eMbedded Visual C++ 3.0 - Windows CE ONLY", "VC-NT", "Microsoft Visual C++ [4-6] - Windows NT ONLY", "VC-W31-16", "Microsoft Visual C++ 1.52 - Windows 3.1 - 286", @@ -43,6 +58,7 @@ $infile="MINFO"; ); $platform=""; +my $xcflags=""; foreach (@ARGV) { if (!&read_options && !defined($ops{$_})) @@ -104,8 +120,12 @@ $inc_def="outinc"; $tmp_def="tmp"; $mkdir="-mkdir"; +$mkcanister="ld -r -o"; + +$ex_build_targets = ""; ($ssl,$crypto)=("ssl","crypto"); +$cryptocompat = ""; $ranlib="echo ranlib"; $cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc'; @@ -140,6 +160,10 @@ elsif (($platform eq "VC-WIN32") || ($platform eq "VC-NT")) $NT = 1 if $platform eq "VC-NT"; require 'VC-32.pl'; } +elsif ($platform eq "VC-WIN32-GMAKE") + { + require 'VC-32-GMAKE.pl'; + } elsif ($platform eq "VC-CE") { require 'VC-CE.pl'; @@ -210,6 +234,8 @@ $inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def; $bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq '')); +$cflags= "$xcflags$cflags" if $xcflags ne ""; + $cflags.=" -DOPENSSL_NO_IDEA" if $no_idea; $cflags.=" -DOPENSSL_NO_AES" if $no_aes; $cflags.=" -DOPENSSL_NO_RC2" if $no_rc2; @@ -239,6 +265,9 @@ $cflags.=" -DOPENSSL_NO_HW" if $no_hw; $cflags.=" -DOPENSSL_FIPS" if $fips; #$cflags.=" -DRSAref" if $rsaref ne ""; +$cflags.= " -DZLIB" if $zlib_opt; +$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2; + ## if ($unix) ## { $cflags="$c_flags" if ($c_flags ne ""); } ##else @@ -246,6 +275,7 @@ $cflags.=" -DOPENSSL_FIPS" if $fips; $ex_libs="$l_flags$ex_libs" if ($l_flags ne ""); + %shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL", "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO"); @@ -262,6 +292,135 @@ $link="$bin_dir$link" if ($link !~ /^\$/); $INSTALLTOP =~ s|/|$o|g; +############################################# +# We parse in input file and 'store' info for later printing. +open(IN,"<$infile") || die "unable to open $infile:$!\n"; +$_=; +for (;;) + { + chop; + + ($key,$val)=/^([^=]+)=(.*)/; + if ($key eq "RELATIVE_DIRECTORY") + { + if ($lib ne "") + { + if ($fips && $dir =~ /^fips/) + { + $uc = "FIPS"; + } + else + { + $uc=$lib; + $uc =~ s/^lib(.*)\.a/$1/; + $uc =~ tr/a-z/A-Z/; + } + if (($uc ne "FIPS") || $fips_canister_build) + { + $lib_nam{$uc}=$uc; + $lib_obj{$uc}.=$libobj." "; + } + } + last if ($val eq "FINISHED"); + $lib=""; + $libobj=""; + $dir=$val; + } + + if ($key eq "KRB5_INCLUDES") + { $cflags .= " $val";} + + if ($key eq "ZLIB_INCLUDE") + { $cflags .= " $val" if $val ne "";} + + if ($key eq "LIBZLIB") + { $zlib_lib = "$val" if $val ne "";} + + if ($key eq "LIBKRB5") + { $ex_libs .= " $val" if $val ne "";} + + if ($key eq "TEST") + { $test.=&var_add($dir,$val); } + + if (($key eq "PROGS") || ($key eq "E_OBJ")) + { $e_exe.=&var_add($dir,$val); } + + if ($key eq "LIB") + { + $lib=$val; + $lib =~ s/^.*\/([^\/]+)$/$1/; + } + + if ($key eq "EXHEADER") + { $exheader.=&var_add($dir,$val); } + + if ($key eq "HEADER") + { $header.=&var_add($dir,$val); } + + if ($key eq "LIBOBJ") + { $libobj=&var_add($dir,$val); } + + if ($key eq "FIPSLIBDIR") + { $fipslibdir=$val;} + + if ($key eq "BASEADDR") + { $baseaddr=$val;} + + if (!($_=)) + { $_="RELATIVE_DIRECTORY=FINISHED\n"; } + } +close(IN); + +if ($fips_canister_path eq "") + { + $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.o"; + } + +if ($fips_premain_c_path eq "") + { + $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c"; + } + +if ($fips) + { + if ($fips_sha1_exe_path eq "") + { + $fips_sha1_exe_path = + "\$(BIN_D)${o}fips_standalone_sha1$exep"; + } + } + else + { + $fips_sha1_exe_path = ""; + } + +if ($fips_premain_dso_exe_path eq "") + { + $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep"; + } + +# $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips); + +if ($fips) + { + if (!$shlib) + { + $ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)"; + $ex_l_libs .= " \$(O_FIPSCANISTER)"; + } + if ($fipslibdir eq "") + { + open (IN, "util/fipslib_path.txt") || fipslib_error(); + $fipslibdir = ; + chomp $fipslibdir; + close IN; + } + fips_check_files($fipslibdir, + "fipscanister.o", "fipscanister.o.sha1", + "fips_premain.c", "fips_premain.c.sha1"); + } + + $defs= <<"EOF"; # This makefile has been automatically generated from the OpenSSL distribution. # This single makefile will build the complete OpenSSL distribution and @@ -286,6 +445,7 @@ if ($platform eq "VC-CE") !INCLUDE <\$(WCECOMPAT)/wcedefs.mak> EOF + $ex_libs .= " $zlib_lib" if $zlib_opt == 1; } $defs.= <<"EOF"; @@ -308,6 +468,8 @@ EX_LIBS=$ex_libs SRC_D=$src_dir LINK=$link +PERL=perl +FIPSLINK=\$(PERL) util${o}fipslink.pl LFLAGS=$lflags BN_ASM_OBJ=$bn_asm_obj @@ -339,6 +501,9 @@ TMP_D=$tmp_dir INC_D=$inc_dir INCO_D=$inc_dir${o}openssl +# Directory containing FIPS module + + CP=$cp RM=$rm RANLIB=$ranlib @@ -346,6 +511,18 @@ MKDIR=$mkdir MKLIB=$bin_dir$mklib MLFLAGS=$mlflags ASM=$bin_dir$asm +MKCANISTER=$mkcanister + +# FIPS validated module and support file locations + +E_PREMAIN_DSO=fips_premain_dso + +FIPSLIB_D=$fipslibdir +BASEADDR=$baseaddr +FIPS_PREMAIN_SRC=$fips_premain_c_path +O_FIPSCANISTER=$fips_canister_path +FIPS_SHA1_EXE=$fips_sha1_exe_path +PREMAIN_DSO_EXE=$fips_premain_dso_exe_path ###################################################### # You should not need to touch anything below this point @@ -377,7 +554,7 @@ SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp -L_LIBS= \$(L_SSL) \$(L_CRYPTO) +L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs ###################################################### # Don't touch anything below this point @@ -387,13 +564,13 @@ INC=-I\$(INC_D) -I\$(INCL_D) APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG) LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG) -LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) +LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep ############################################# EOF $rules=<<"EOF"; -all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe +all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) lib exe $ex_build_targets banner: $banner @@ -479,57 +656,6 @@ printf OUT " #define DATE \"%s\"\n", scalar gmtime(); printf OUT "#endif\n"; close(OUT); -############################################# -# We parse in input file and 'store' info for later printing. -open(IN,"<$infile") || die "unable to open $infile:$!\n"; -$_=; -for (;;) - { - chop; - - ($key,$val)=/^([^=]+)=(.*)/; - if ($key eq "RELATIVE_DIRECTORY") - { - if ($lib ne "") - { - $uc=$lib; - $uc =~ s/^lib(.*)\.a/$1/; - $uc =~ tr/a-z/A-Z/; - $lib_nam{$uc}=$uc; - $lib_obj{$uc}.=$libobj." "; - } - last if ($val eq "FINISHED"); - $lib=""; - $libobj=""; - $dir=$val; - } - - if ($key eq "TEST") - { $test.=&var_add($dir,$val); } - - if (($key eq "PROGS") || ($key eq "E_OBJ")) - { $e_exe.=&var_add($dir,$val); } - - if ($key eq "LIB") - { - $lib=$val; - $lib =~ s/^.*\/([^\/]+)$/$1/; - } - - if ($key eq "EXHEADER") - { $exheader.=&var_add($dir,$val); } - - if ($key eq "HEADER") - { $header.=&var_add($dir,$val); } - - if ($key eq "LIBOBJ") - { $libobj=&var_add($dir,$val); } - - if (!($_=)) - { $_="RELATIVE_DIRECTORY=FINISHED\n"; } - } -close(IN); - # Strip of trailing ' ' foreach (keys %lib_obj) { $lib_obj{$_}=&clean_up_ws($lib_obj{$_}); } $test=&clean_up_ws($test); @@ -554,6 +680,29 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)"); $defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj); $rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)'); +# Special case rules for fips_start and fips_end fips_premain_dso + +if ($fips) + { + if ($fips_canister_build) + { + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj", + "fips-1.0${o}fips_canister.c", + "-DFIPS_START \$(SHLIB_CFLAGS)"); + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj", + "fips-1.0${o}fips_canister.c", "\$(SHLIB_CFLAGS)"); + } + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj", + "fips-1.0${o}sha${o}fips_standalone_sha1.c", + "\$(SHLIB_CFLAGS)"); + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_sha1dgst$obj", + "fips-1.0${o}sha${o}fips_sha1dgst.c", + "\$(SHLIB_CFLAGS)") unless $fips_canister_build; + $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj", + "fips-1.0${o}fips_premain.c", + "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)"); + } + foreach (values %lib_nam) { $lib_obj=$lib_obj{$_}; @@ -630,16 +779,42 @@ foreach (split(/\s+/,$test)) } $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)"); -$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)"); + if ($fips) { - $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)","\$(BIN_D)$o.sha1","\$(BIN_D)$o\$(E_EXE)$exep"); + if ($shlib) + { + $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)", + "\$(O_CRYPTO)", + "$crypto", + $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)"); + } + else + { + $rules.= &do_lib_rule("\$(CRYPTOOBJ)", + "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", ""); + $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)", + "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", ""); + } } -else + else { - $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); + $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib, + "\$(SO_CRYPTO)"); } + + +if ($fips) + { + $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", "\$(OBJ_D)${o}fips_start$obj \$(FIPSOBJ) \$(OBJ_D)${o}fips_end$obj", "\$(FIPSLIB_D)${o}fips_standalone_sha1$exep", "") if $fips_canister_build; + $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1); + + $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)","\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}fips_sha1dgst$obj","","", 1); + } + + $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)",0); + print $defs; if ($platform eq "linux-elf") { @@ -935,6 +1110,24 @@ sub read_options elsif (/^shlib$/) { $shlib=1; } elsif (/^dll$/) { $shlib=1; } elsif (/^shared$/) { } # We just need to ignore it for now... + elsif (/^zlib$/) { $zlib_opt = 1 if $zlib_opt == 0 } + elsif (/^zlib-dynamic$/){ $zlib_opt = 2; } + elsif (/^--with-krb5-flavor=(.*)$/) + { + my $krb5_flavor = $1; + if ($krb5_flavor =~ /^force-[Hh]eimdal$/) + { + $xcflags="-DKRB5_HEIMDAL $xcflags"; + } + elsif ($krb5_flavor =~ /^MIT/i) + { + $xcflags="-DKRB5_MIT $xcflags"; + if ($krb5_flavor =~ /^MIT[._-]*1[._-]*[01]/i) + { + $xcflags="-DKRB5_MIT_OLD11 $xcflags" + } + } + } elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; } elsif (/^-[lL].*$/) { $l_flags.="$_ "; } elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/) @@ -942,3 +1135,31 @@ sub read_options else { return(0); } return(1); } + +sub fipslib_error + { + print STDERR "***FIPS module directory sanity check failed***\n"; + print STDERR "FIPS module build failed, or was deleted\n"; + print STDERR "Please rebuild FIPS module.\n"; + exit 1; + } + +sub fips_check_files + { + my $dir = shift @_; + my $ret = 1; + if (!-d $dir) + { + print STDERR "FIPS module directory $dir does not exist\n"; + fipslib_error(); + } + foreach (@_) + { + if (!-f "$dir${o}$_") + { + print STDERR "FIPS module file $_ does not exist!\n"; + $ret = 0; + } + } + fipslib_error() if ($ret == 0); + } diff --git a/src/lib/libcrypto/util/mkdef.pl b/src/lib/libcrypto/util/mkdef.pl index 9918c3d549..6c1e53bb14 100644 --- a/src/lib/libcrypto/util/mkdef.pl +++ b/src/lib/libcrypto/util/mkdef.pl @@ -83,7 +83,7 @@ my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT", my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" ); my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1", - "RIPEMD", + "SHA256", "SHA512", "RIPEMD", "MDC2", "RSA", "DSA", "DH", "EC", "HMAC", "AES", # Envelope "algorithms" "EVP", "X509", "ASN1_TYPEDEFS", @@ -267,7 +267,7 @@ $crypto.=" crypto/ocsp/ocsp.h"; $crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h"; $crypto.=" crypto/krb5/krb5_asn.h"; $crypto.=" crypto/tmdiff.h"; -$crypto.=" fips/fips.h fips/rand/fips_rand.h"; +$crypto.=" fips-1.0/fips.h fips-1.0/rand/fips_rand.h fips-1.0/sha/fips_sha.h"; my $symhacks="crypto/symhacks.h"; @@ -864,6 +864,9 @@ sub do_defs $a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/); $a .= ",RSA" if($s =~ /RSAPrivateKey/); $a .= ",RSA" if($s =~ /SSLv23?_((client|server)_)?method/); + # SHA2 algorithms only defined in FIPS mode for + # OpenSSL 0.9.7 + $p .= "OPENSSL_FIPS" if($s =~ /SHA[235]/); $platform{$s} = &reduce_platforms((defined($platform{$s})?$platform{$s}.',':"").$p); @@ -1011,7 +1014,7 @@ sub is_valid { my ($keywords_txt,$platforms) = @_; my (@keywords) = split /,/,$keywords_txt; - my ($falsesum, $truesum) = (0, !grep(/^[^!]/,@keywords)); + my ($falsesum, $truesum) = (0, 1); # Param: one keyword sub recognise @@ -1079,7 +1082,7 @@ sub is_valid if ($k =~ /^!(.*)$/) { $falsesum += &recognise($1,$platforms); } else { - $truesum += &recognise($k,$platforms); + $truesum *= &recognise($k,$platforms); } } print STDERR "DEBUG: [",$#keywords,",",$#keywords < 0,"] is_valid($keywords_txt) => (\!$falsesum) && $truesum = ",(!$falsesum) && $truesum,"\n" if $debug; diff --git a/src/lib/libcrypto/util/mkfiles.pl b/src/lib/libcrypto/util/mkfiles.pl index 928a274303..bc78510f56 100644 --- a/src/lib/libcrypto/util/mkfiles.pl +++ b/src/lib/libcrypto/util/mkfiles.pl @@ -51,14 +51,15 @@ my @dirs = ( "crypto/ocsp", "crypto/ui", "crypto/krb5", -"fips", -"fips/aes", -"fips/des", -"fips/dsa", -"fips/dh", -"fips/rand", -"fips/rsa", -"fips/sha1", +"fips-1.0", +"fips-1.0/aes", +"fips-1.0/des", +"fips-1.0/dsa", +"fips-1.0/dh", +"fips-1.0/hmac", +"fips-1.0/rand", +"fips-1.0/rsa", +"fips-1.0/sha", "ssl", "apps", "test", diff --git a/src/lib/libcrypto/util/mklink.pl b/src/lib/libcrypto/util/mklink.pl index c8653cecc3..182732d959 100644 --- a/src/lib/libcrypto/util/mklink.pl +++ b/src/lib/libcrypto/util/mklink.pl @@ -14,13 +14,16 @@ # not contain symbolic links and that the parent of / is never referenced. # Apart from this, this script should be able to handle even the most # pathological cases. +# + +use Cwd; my $from = shift; my @files = @ARGV; my @from_path = split(/[\\\/]/, $from); -my $pwd = `pwd`; -chop($pwd); +my $pwd = getcwd(); +chomp($pwd); my @pwd_path = split(/[\\\/]/, $pwd); my @to_path = (); diff --git a/src/lib/libcrypto/util/pl/BC-32.pl b/src/lib/libcrypto/util/pl/BC-32.pl index 897ae9d824..28869c868d 100644 --- a/src/lib/libcrypto/util/pl/BC-32.pl +++ b/src/lib/libcrypto/util/pl/BC-32.pl @@ -18,7 +18,7 @@ $out_def="out32"; $tmp_def="tmp32"; $inc_def="inc32"; #enable max error messages, disable most common warnings -$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp "; +$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp "; if ($debug) { $cflags.="-Od -y -v -vi- -D_DEBUG"; @@ -51,7 +51,7 @@ $lfile=''; $shlib_ex_obj=""; $app_ex_obj="c0x32.obj"; -$asm='nasmw -f obj'; +$asm='nasmw -f obj -d__omf__'; $asm.=" /Zi" if $debug; $afile='-o'; @@ -106,9 +106,13 @@ sub do_lib_rule $ret.="$target: $objs\n"; if (!$shlib) { - # $ret.="\t\$(RM) \$(O_$Name)\n"; - $ret.="\techo LIB $<\n"; - $ret.="\t&\$(MKLIB) $lfile$target -+\$**\n"; + $ret.=<<___; + -\$(RM) $lfile$target + \$(MKLIB) $lfile$target \@&&! ++\$(**: = &^ ++) +! +___ } else { diff --git a/src/lib/libcrypto/util/pl/OS2-EMX.pl b/src/lib/libcrypto/util/pl/OS2-EMX.pl index 75d72ebbcb..8dbeaa7a08 100644 --- a/src/lib/libcrypto/util/pl/OS2-EMX.pl +++ b/src/lib/libcrypto/util/pl/OS2-EMX.pl @@ -68,6 +68,7 @@ if (!$no_asm && !$fips) $sha1_asm_src="crypto/sha/asm/s1-os2.asm"; $rmd160_asm_obj="crypto/ripemd/asm/rm-os2$obj"; $rmd160_asm_src="crypto/ripemd/asm/rm-os2.asm"; + $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS"; } if ($shlib) diff --git a/src/lib/libcrypto/util/pl/VC-32-GMAKE.pl b/src/lib/libcrypto/util/pl/VC-32-GMAKE.pl new file mode 100644 index 0000000000..b5bbcac6c2 --- /dev/null +++ b/src/lib/libcrypto/util/pl/VC-32-GMAKE.pl @@ -0,0 +1,222 @@ +#!/usr/local/bin/perl +# VCw32lib.pl - the file for Visual C++ 4.[01] for windows NT, static libraries +# + + +if ($fips && !$shlib) + { + $crypto="libeayfips32"; + $crypto_compat = "libeaycompat32.lib"; + } +else + { + $crypto="libeay32"; + } +$ssl= "ssleay32"; + +$o='/'; +#$cp='copy nul+'; # Timestamps get stuffed otherwise +#$rm='del'; + +$cp='cp'; +$rm='rm'; + +$zlib_lib="zlib1.lib"; + +# C compiler stuff +$cc='cl'; +$cflags=' -MD -W3 -WX -Ox -O2 -Ob2 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32'; +$cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8 +$cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8 +$lflags="-nologo -subsystem:console -machine:I386 -opt:ref"; +$mlflags=''; + +$out_def="gmout32"; +$tmp_def="gmtmp32"; +$inc_def="gminc32"; + +if ($debug) + { + $cflags=" -MDd -W3 -WX -Zi -Yd -Od -nologo -DOPENSSL_SYSNAME_WIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32"; + $lflags.=" -debug"; + $mlflags.=' -debug'; + } +$cflags .= " -DOPENSSL_SYSNAME_WINNT" if $NT == 1; + +$obj='.obj'; +$ofile="-Fo"; + +# EXE linking stuff +$link="link"; +$efile="-out:"; +$exep='.exe'; +if ($no_sock) + { $ex_libs=""; } +else { $ex_libs="wsock32.lib user32.lib gdi32.lib"; } + +# static library stuff +$mklib='lib'; +$ranlib=''; +$plib=""; +$libp=".lib"; +$shlibp=($shlib)?".dll":".lib"; +$lfile='-out:'; + +$shlib_ex_obj=""; +$app_ex_obj="setargv.obj"; +if ($nasm) { + $asm='nasmw -f win32'; + $afile='-o '; +} else { + $asm='ml -Cp -coff -c -Cx'; + $asm.=" -Zi" if $debug; + $afile='-Fo'; +} + +$bn_asm_obj=''; +$bn_asm_src=''; +$des_enc_obj=''; +$des_enc_src=''; +$bf_enc_obj=''; +$bf_enc_src=''; + +if (!$no_asm && !$fips) + { + $bn_asm_obj='crypto/bn/asm/bn_win32.obj'; + $bn_asm_src='crypto/bn/asm/bn_win32.asm'; + $des_enc_obj='crypto/des/asm/d_win32.obj crypto/des/asm/y_win32.obj'; + $des_enc_src='crypto/des/asm/d_win32.asm crypto/des/asm/y_win32.asm'; + $bf_enc_obj='crypto/bf/asm/b_win32.obj'; + $bf_enc_src='crypto/bf/asm/b_win32.asm'; + $cast_enc_obj='crypto/cast/asm/c_win32.obj'; + $cast_enc_src='crypto/cast/asm/c_win32.asm'; + $rc4_enc_obj='crypto/rc4/asm/r4_win32.obj'; + $rc4_enc_src='crypto/rc4/asm/r4_win32.asm'; + $rc5_enc_obj='crypto/rc5/asm/r5_win32.obj'; + $rc5_enc_src='crypto/rc5/asm/r5_win32.asm'; + $md5_asm_obj='crypto/md5/asm/m5_win32.obj'; + $md5_asm_src='crypto/md5/asm/m5_win32.asm'; + $sha1_asm_obj='crypto/sha/asm/s1_win32.obj'; + $sha1_asm_src='crypto/sha/asm/s1_win32.asm'; + $rmd160_asm_obj='crypto/ripemd/asm/rm_win32.obj'; + $rmd160_asm_src='crypto/ripemd/asm/rm_win32.asm'; + $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; + } + +if ($shlib) + { + $mlflags.=" $lflags -dll"; +# $cflags =~ s| -MD| -MT|; + $lib_cflag=" -D_WINDLL"; + $out_def="gmout32dll"; + $tmp_def="gmtmp32dll"; + } + +$cflags.=" -Fd$out_def"; + +sub do_lib_rule + { + local($objs,$target,$name,$shlib,$ign,$base_addr, $fips_get_sig, $fips_premain_src)=@_; + local($ret,$Name); + + $taget =~ s/\//$o/g if $o ne '/'; + ($Name=$name) =~ tr/a-z/A-Z/; + my $base_arg; + if ($base_addr ne "") + { + $base_arg= " -base:$base_addr"; + } + else + { + $base_arg = ""; + } + + +# $target="\$(LIB_D)$o$target"; + if (!$shlib) + { +# $ret.="\t\$(RM) \$(O_$Name)\n"; + $ret.="$target: $objs\n"; + $ex =' advapi32.lib'; + $ret.="\t\$(MKLIB) $lfile$target $objs $ex\n\n"; + } + else + { + local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':''; + $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib'; + $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/; + if (defined $fips_get_sig) + { + $ret.="$target: \$(O_FIPSCANISTER) $objs $fips_get_sig\n"; + $ret.="\tFIPS_LINK=\$(LINK) "; + $ret.="FIPS_CC=\$(CC) "; + $ret.="FIPS_CC_ARGS=\"-Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\" "; + $ret.="FIPS_PREMAIN_DSO=$fips_get_sig "; + $ret.="FIPS_TARGET=$target "; + $ret.="FIPS_LIBDIR=\$(FIPSLIB_D) "; + $ret.="\$(FIPSLINK) \$(MLFLAGS) $base_arg $efile$target "; + $ret.="-def:ms/${Name}.def \$(SHLIB_EX_OBJ) $objs "; + $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n\n"; + } + else + { + $ret.="$target: $objs\n"; + $ret.="\t\$(LINK) \$(MLFLAGS) $base_arg $efile$target /def:ms/${Name}.def \$(SHLIB_EX_OBJ) $objs $ex\n\n"; + } + } + $ret.="\n"; + return($ret); + } + +sub do_link_rule + { + local($target,$files,$dep_libs,$libs,$standalone)=@_; + local($ret,$_); + $file =~ s/\//$o/g if $o ne '/'; + $n=&bname($targer); + if ($standalone) + { + $ret.="$target: $files $dep_libs\n"; + $ret.="\t\$(LINK) \$(LFLAGS) $efile$target "; + $ret.="$files $libs\n\n"; + } + elsif ($fips && !$shlib) + { + $ret.="$target: \$(O_FIPSCANISTER) $files $dep_libs\n"; + $ret.="\tFIPS_LINK=\$(LINK) "; + $ret.="FIPS_CC=\$(CC) "; + $ret.="FIPS_CC_ARGS=\"-Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\" "; + $ret.="FIPS_PREMAIN_DSO= "; + $ret.="FIPS_TARGET=$target "; + $ret.="FIPS_LIBDIR=\$(FIPSLIB_D) "; + $ret.=" \$(FIPSLINK) \$(LFLAGS) $efile$target "; + $ret.="\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n\n"; + } + else + { + $ret.="$target: $files $dep_libs\n"; + $ret.="\t\$(LINK) \$(LFLAGS) $efile$target "; + $ret.="\$(APP_EX_OBJ) $files $libs\n\n"; + } + $ret.="\n"; + return($ret); + } + +sub do_rlink_rule + { + local($target,$files,$check_hash, $deps)=@_; + local($ret,$_); + + $file =~ s/\//$o/g if $o ne '/'; + $n=&bname($targer); + $ret.="$target: $check_hash $files $deps\n"; + $ret.="\t\$(PERL) util${o}checkhash.pl -chdir fips-1.0 -program_path ..$o$check_hash\n"; + $ret.="\t\$(MKCANISTER) $target $files\n"; + $ret.="\t$check_hash $target > $target.sha1\n"; + $ret.="\t\$(CP) fips-1.0${o}fips_premain.c \$(FIPSLIB_D)\n"; + $ret.="\t$check_hash \$(FIPSLIB_D)${o}fips_premain.c > \$(FIPSLIB_D)${o}fips_premain.c.sha1\n\n"; + return($ret); + } + + +1; diff --git a/src/lib/libcrypto/util/pl/VC-32.pl b/src/lib/libcrypto/util/pl/VC-32.pl index cf689b9feb..4e97dfa9af 100644 --- a/src/lib/libcrypto/util/pl/VC-32.pl +++ b/src/lib/libcrypto/util/pl/VC-32.pl @@ -3,15 +3,28 @@ # $ssl= "ssleay32"; -$crypto="libeay32"; + +if ($fips && !$shlib) + { + $crypto="libeayfips32"; + $crypto_compat = "libeaycompat32.lib"; + } +else + { + $crypto="libeay32"; + } $o='\\'; $cp='copy nul+'; # Timestamps get stuffed otherwise $rm='del'; +$zlib_lib="zlib1.lib"; + # C compiler stuff $cc='cl'; -$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32'; +$cflags=' /MD /W3 /WX /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32'; +$cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8 +$cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8 $lflags="/nologo /subsystem:console /machine:I386 /opt:ref"; $mlflags=''; @@ -100,25 +113,56 @@ $cflags.=" /Fd$out_def"; sub do_lib_rule { - local($objs,$target,$name,$shlib)=@_; + local($objs,$target,$name,$shlib,$ign,$base_addr) = @_; local($ret,$Name); $taget =~ s/\//$o/g if $o ne '/'; ($Name=$name) =~ tr/a-z/A-Z/; + my $base_arg; + if ($base_addr ne "") + { + $base_arg= " /base:$base_addr"; + } + else + { + $base_arg = ""; + } + # $target="\$(LIB_D)$o$target"; - $ret.="$target: $objs\n"; if (!$shlib) { # $ret.="\t\$(RM) \$(O_$Name)\n"; + $ret.="$target: $objs\n"; $ex =' advapi32.lib'; + $ex.=" \$(FIPSLIB_D)${o}_chkstk.o" if $fips && $target =~ /O_CRYPTO/; $ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n"; } else { local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':''; - $ex.=' wsock32.lib gdi32.lib advapi32.lib'; - $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; + $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib'; + $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/; + if ($fips && $target =~ /O_CRYPTO/) + { + $ex.=" \$(FIPSLIB_D)${o}_chkstk.o"; + $ret.="$target: $objs \$(PREMAIN_DSO_EXE)\n"; + $ret.="\tSET FIPS_LINK=\$(LINK)\n"; + $ret.="\tSET FIPS_CC=\$(CC)\n"; + $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n"; + $ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n"; + $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n"; + $ret.="\tSET FIPS_TARGET=$target\n"; + $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n"; + $ret.="\t\$(FIPSLINK) \$(MLFLAGS) $base_arg $efile$target "; + $ret.="/def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs "; + $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n"; + } + else + { + $ret.="$target: $objs\n"; + $ret.="\t\$(LINK) \$(MLFLAGS) $base_arg $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; + } } $ret.="\n"; return($ret); @@ -126,20 +170,51 @@ sub do_lib_rule sub do_link_rule { - local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_; + local($target,$files,$dep_libs,$libs,$standalone)=@_; local($ret,$_); - $file =~ s/\//$o/g if $o ne '/'; $n=&bname($targer); $ret.="$target: $files $dep_libs\n"; - $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n"; - $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n"; - if (defined $sha1file) + if ($standalone) + { + $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t"; + $ret.="\$(FIPSLIB_D)${o}_chkstk.o " if ($files =~ /O_FIPSCANISTER/); + $ret.="$files $libs\n<<\n"; + } + elsif ($fips && !$shlib) { - $ret.=" $openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file"; + $ret.="\tSET FIPS_LINK=\$(LINK)\n"; + $ret.="\tSET FIPS_CC=\$(CC)\n"; + $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n"; + $ret.="\tSET PREMAIN_DSO_EXE=\n"; + $ret.="\tSET FIPS_TARGET=$target\n"; + $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n"; + $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n"; + $ret.=" \$(FIPSLINK) \$(LFLAGS) $efile$target @<<\n"; + $ret.=" \$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n"; } + else + { + $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n"; + $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n"; + } + $ret.="\n"; + return($ret); + } + +sub do_rlink_rule + { + local($target,$files,$dep_libs,$libs)=@_; + local($ret,$_); + + $file =~ s/\//$o/g if $o ne '/'; + $n=&bname($targer); + $ret.="$target: $files $dep_libs\n"; + $ret.=" \$(MKCANISTER) $target <<\n"; + $ret.="INPUT($files)\n<<\n"; $ret.="\n"; return($ret); } + 1; diff --git a/src/lib/libcrypto/util/pod2man.pl b/src/lib/libcrypto/util/pod2man.pl index 657e4e264e..546d1ec186 100644 --- a/src/lib/libcrypto/util/pod2man.pl +++ b/src/lib/libcrypto/util/pod2man.pl @@ -425,6 +425,7 @@ if ($name ne 'something') { } next if /^=cut\b/; # DB_File and Net::Ping have =cut before NAME next if /^=pod\b/; # It is OK to have =pod before NAME + next if /^=for\s+comment\b/; # It is OK to have =for comment before NAME die "$0: Invalid man page - 1st pod line is not NAME in $ARGV[0]\n" unless $lax; } die "$0: Invalid man page - no documentation in $ARGV[0]\n" unless $lax; diff --git a/src/lib/libcrypto/util/selftest.pl b/src/lib/libcrypto/util/selftest.pl index e9d5aa8938..4778c5ab01 100644 --- a/src/lib/libcrypto/util/selftest.pl +++ b/src/lib/libcrypto/util/selftest.pl @@ -49,7 +49,7 @@ if (open(IN,"&1`; -$cversion=`$cc -V 2>&1` if $cversion =~ "usage"; +$cversion=`$cc -V 2>&1` if $cversion =~ "[Uu]sage"; $cversion=`$cc -V |head -1` if $cversion =~ "Error"; $cversion=`$cc --version` if $cversion eq ""; $cversion =~ s/Reading specs.*\n//; @@ -130,15 +130,21 @@ if (system("make 2>&1 | tee make.log") > 255) { goto err; } -$_=$options; -s/no-asm//; -s/no-shared//; -s/no-krb5//; -if (/no-/) -{ - print OUT "Test skipped.\n"; - goto err; -} +# Not sure why this is here. The tests themselves can detect if their +# particular feature isn't included, and should therefore skip themselves. +# To skip *all* tests just because one algorithm isn't included is like +# shooting mosquito with an elephant gun... +# -- Richard Levitte, inspired by problem report 1089 +# +#$_=$options; +#s/no-asm//; +#s/no-shared//; +#s/no-krb5//; +#if (/no-/) +#{ +# print OUT "Test skipped.\n"; +# goto err; +#} print "Running make test...\n"; if (system("make test 2>&1 | tee maketest.log") > 255) -- cgit v1.2.3-55-g6feb