Support for VC++ build with in-core hashing.
This commit is contained in:
Dr. Stephen Henson
parent
ed457c6e1c
commit
15a6cf7d14
5 changed files with 166 additions and 10 deletions
|
|
@ -63,6 +63,7 @@ void fips_set_started(void);
|
|||
int fips_is_owning_thread(void);
|
||||
int fips_set_owning_thread(void);
|
||||
int fips_clear_owning_thread(void);
|
||||
unsigned char *fips_signature_witness(void);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ const char * const FIPS_source_hashes[] = {
|
|||
"HMAC-SHA1(fips_err_wrapper.c)= d3e2be316062510312269e98f964cb87e7577898",
|
||||
"HMAC-SHA1(fips.h)= 57d602d18efe0594f806fbcc64269e9440638ef4",
|
||||
"HMAC-SHA1(fips_err.h)= e0649ee1d60c8162f7eeb293f89f3b63ac85202a",
|
||||
"HMAC-SHA1(fips_locl.h)= f90a23c7f68642727012bbfd48ed58706383ad71",
|
||||
"HMAC-SHA1(fips_canister.c)= da6d0f5daf9594881fd060773a5f3e057ba302ff",
|
||||
"HMAC-SHA1(fips_premain.c)= 6a08d15c578f1258246181bf52134ae974aa5a80",
|
||||
"HMAC-SHA1(aes/fips_aes_core.c)= b70bbbd675efe0613da0d57055310926a0104d55",
|
||||
|
|
|
|||
53
util/fipslink.pl
Normal file
53
util/fipslink.pl
Normal file
|
|
@ -0,0 +1,53 @@
|
|||
#!/usr/bin/perl
|
||||
|
||||
sub check_env
|
||||
{
|
||||
my @ret;
|
||||
foreach (@_)
|
||||
{
|
||||
die "Environment variable $_ not defined!\n" unless exists $ENV{$_};
|
||||
push @ret, $ENV{$_};
|
||||
}
|
||||
return @ret;
|
||||
}
|
||||
|
||||
|
||||
my ($fips_cc,$fips_cc_args, $fips_link,$fips_target)
|
||||
= check_env("FIPS_CC", "FIPS_CC_ARGS", "FIPS_LINK", "FIPS_TARGET");
|
||||
|
||||
|
||||
|
||||
if (exists $ENV{"FIPS_PREMAIN_DSO"})
|
||||
{
|
||||
$fips_premain_dso = $ENV{"FIPS_PREMAIN_DSO"};
|
||||
}
|
||||
else
|
||||
{
|
||||
$fips_premain_dso = "";
|
||||
}
|
||||
|
||||
|
||||
print "$fips_cc $fips_cc_args\n";
|
||||
system "$fips_cc $fips_cc_args";
|
||||
die "First stage Compile failure" if $? != 0;
|
||||
|
||||
print "$fips_link @ARGV\n";
|
||||
system "$fips_link @ARGV";
|
||||
die "First stage Link failure" if $? != 0;
|
||||
|
||||
|
||||
print "$fips_premain_dso $fips_target\n";
|
||||
$fips_hash=`$fips_premain_dso $fips_target`;
|
||||
chomp $fips_hash;
|
||||
die "Get hash failure" if $? != 0;
|
||||
|
||||
|
||||
print "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args\n";
|
||||
system "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args";
|
||||
die "Second stage Compile failure" if $? != 0;
|
||||
|
||||
|
||||
print "$fips_link @ARGV\n";
|
||||
system "$fips_link @ARGV";
|
||||
die "Second stage Link failure" if $? != 0;
|
||||
|
||||
|
|
@ -108,6 +108,7 @@ $inc_def="outinc";
|
|||
$tmp_def="tmp";
|
||||
|
||||
$mkdir="-mkdir";
|
||||
$mkcanister="ld -r -o";
|
||||
|
||||
($ssl,$crypto)=("ssl","crypto");
|
||||
$ranlib="echo ranlib";
|
||||
|
|
@ -285,9 +286,16 @@ for (;;)
|
|||
{
|
||||
if ($lib ne "")
|
||||
{
|
||||
$uc=$lib;
|
||||
$uc =~ s/^lib(.*)\.a/$1/;
|
||||
$uc =~ tr/a-z/A-Z/;
|
||||
if ($fips && $dir =~ /^fips/)
|
||||
{
|
||||
$uc = "FIPS";
|
||||
}
|
||||
else
|
||||
{
|
||||
$uc=$lib;
|
||||
$uc =~ s/^lib(.*)\.a/$1/;
|
||||
$uc =~ tr/a-z/A-Z/;
|
||||
}
|
||||
$lib_nam{$uc}=$uc;
|
||||
$lib_obj{$uc}.=$libobj." ";
|
||||
}
|
||||
|
|
@ -382,6 +390,8 @@ EX_LIBS=$ex_libs
|
|||
SRC_D=$src_dir
|
||||
|
||||
LINK=$link
|
||||
PERL=perl
|
||||
FIPSLINK=\$(PERL) util${o}fipslink.pl
|
||||
LFLAGS=$lflags
|
||||
|
||||
BN_ASM_OBJ=$bn_asm_obj
|
||||
|
|
@ -420,12 +430,14 @@ MKDIR=$mkdir
|
|||
MKLIB=$bin_dir$mklib
|
||||
MLFLAGS=$mlflags
|
||||
ASM=$bin_dir$asm
|
||||
MKCANISTER=$mkcanister
|
||||
|
||||
######################################################
|
||||
# You should not need to touch anything below this point
|
||||
######################################################
|
||||
|
||||
E_EXE=openssl
|
||||
E_PREMAIN_DSO=fips_premain_dso
|
||||
SSL=$ssl
|
||||
CRYPTO=$crypto
|
||||
|
||||
|
|
@ -446,6 +458,7 @@ INCL_D=\$(TMP_D)
|
|||
|
||||
O_SSL= \$(LIB_D)$o$plib\$(SSL)$shlibp
|
||||
O_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$shlibp
|
||||
O_FIPSCANISTER= \$(LIB_D)${o}fipscanister$obj
|
||||
SO_SSL= $plib\$(SSL)$so_shlibp
|
||||
SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
|
||||
L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp
|
||||
|
|
@ -577,6 +590,21 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
|
|||
$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
|
||||
$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
|
||||
|
||||
# Special case rules for fips_start and fips_end fips_premain_dso
|
||||
|
||||
if ($fips)
|
||||
{
|
||||
$rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj",
|
||||
"fips${o}fips_canister.c", "-DFIPS_START \$(SHLIB_CFLAGS)");
|
||||
$rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj",
|
||||
"fips${o}fips_canister.c", "\$(SHLIB_CFLAGS)");
|
||||
$rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj",
|
||||
"fips${o}fips_premain.c",
|
||||
"-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)");
|
||||
}
|
||||
|
||||
|
||||
|
||||
foreach (values %lib_nam)
|
||||
{
|
||||
$lib_obj=$lib_obj{$_};
|
||||
|
|
@ -653,10 +681,34 @@ foreach (split(/\s+/,$test))
|
|||
}
|
||||
|
||||
$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
|
||||
$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");
|
||||
|
||||
|
||||
if ($fips)
|
||||
{
|
||||
if ($shlib)
|
||||
{
|
||||
$rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
|
||||
"\$(O_CRYPTO)",$crypto,$shlib, "\$(SO_CRYPTO)",
|
||||
"0xFB00000", "\$(BIN_D)$o\$(E_PREMAIN_DSO)$exep",
|
||||
"fips${o}fips_premain.c");
|
||||
}
|
||||
else
|
||||
{
|
||||
$rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
|
||||
"\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,
|
||||
"\$(SO_CRYPTO)");
|
||||
}
|
||||
|
||||
|
||||
if ($fips)
|
||||
{
|
||||
$rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", "\$(OBJ_D)${o}fips_start$obj \$(FIPSOBJ) \$(OBJ_D)${o}fips_end$obj");
|
||||
$rules.=&do_link_rule("\$(BIN_D)$o\$(E_PREMAIN_DSO)$exep","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPCANISTER)","","\$(EX_LIBS) \$(O_FIPSCANISTER)");
|
||||
$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)","\$(BIN_D)$o.sha1","\$(BIN_D)$o\$(E_EXE)$exep");
|
||||
}
|
||||
else
|
||||
|
|
|
|||
|
|
@ -103,11 +103,21 @@ $cflags.=" /Fd$out_def";
|
|||
|
||||
sub do_lib_rule
|
||||
{
|
||||
local($objs,$target,$name,$shlib)=@_;
|
||||
local($objs,$target,$name,$shlib,$ign,$base_addr, $fips_get_sig, $fips_premain_src)=@_;
|
||||
local($ret,$Name);
|
||||
|
||||
$taget =~ s/\//$o/g if $o ne '/';
|
||||
($Name=$name) =~ tr/a-z/A-Z/;
|
||||
my $base_arg;
|
||||
if ($base_addr ne "")
|
||||
{
|
||||
$base_arg= " /base:$base_addr";
|
||||
}
|
||||
else
|
||||
{
|
||||
$base_arg = "";
|
||||
}
|
||||
|
||||
|
||||
# $target="\$(LIB_D)$o$target";
|
||||
$ret.="$target: $objs\n";
|
||||
|
|
@ -122,7 +132,21 @@ sub do_lib_rule
|
|||
local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
|
||||
$ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib';
|
||||
$ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
|
||||
$ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
|
||||
if (defined $fips_get_sig)
|
||||
{
|
||||
$ret.="\tSET FIPS_LINK=\$(LINK)\n";
|
||||
$ret.="\tSET FIPS_CC=\$(CC)\n";
|
||||
$ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c \$(SRC_D)${o}fips${o}fips_premain.c\n";
|
||||
$ret.="\tSET FIPS_PREMAIN_DSO=$fips_get_sig\n";
|
||||
$ret.="\tSET FIPS_TARGET=$target\n";
|
||||
$ret.="\t\$(FIPSLINK) \$(MLFLAGS) $base_arg $efile$target ";
|
||||
$ret.="/def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs ";
|
||||
$ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n";
|
||||
}
|
||||
else
|
||||
{
|
||||
$ret.="\t\$(LINK) \$(MLFLAGS) $base_arg $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
|
||||
}
|
||||
}
|
||||
$ret.="\n";
|
||||
return($ret);
|
||||
|
|
@ -136,14 +160,39 @@ sub do_link_rule
|
|||
$file =~ s/\//$o/g if $o ne '/';
|
||||
$n=&bname($targer);
|
||||
$ret.="$target: $files $dep_libs\n";
|
||||
$ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n";
|
||||
$ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n";
|
||||
if (defined $sha1file)
|
||||
if ($fips && !$shlib)
|
||||
{
|
||||
$ret.=" $openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file";
|
||||
$ret.="$target: $files $dep_libs\n";
|
||||
$ret.="\tSET FIPS_LINK=\$(LINK)\n";
|
||||
$ret.="\tSET FIPS_CC=\$(CC)\n";
|
||||
$ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c \$(SRC_D)${o}fips${o}fips_premain.c\n";
|
||||
$ret.="\tSET FIPS_PREMAIN_DSO=\n";
|
||||
$ret.="\tSET FIPS_TARGET=$target\n";
|
||||
$ret.=" \$(FIPSLINK) \$(LFLAGS) $efile$target @<<\n";
|
||||
$ret.=" \$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n";
|
||||
}
|
||||
else
|
||||
{
|
||||
$ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n";
|
||||
}
|
||||
$ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n";
|
||||
$ret.="\n";
|
||||
return($ret);
|
||||
}
|
||||
|
||||
sub do_rlink_rule
|
||||
{
|
||||
local($target,$files,$dep_libs,$libs)=@_;
|
||||
local($ret,$_);
|
||||
|
||||
$file =~ s/\//$o/g if $o ne '/';
|
||||
$n=&bname($targer);
|
||||
$ret.="$target: $files $dep_libs\n";
|
||||
$ret.=" \$(MKCANISTER) $target <<\n";
|
||||
$ret.="INPUT($files)\n<<\n";
|
||||
$ret.="\n";
|
||||
return($ret);
|
||||
}
|
||||
|
||||
|
||||
1;
|
||||
|
|
|
|||
Loading…
Reference in a new issue