wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Preliminary VC++ build changes to support fipsdso. New perl script nksdef.pl to

Browse source 
work out how to split the DEF file between the two DLLs based on which symbols
the linker complains about (!).
This commit is contained in:
Dr. Stephen Henson 2007-01-27 13:19:42 +00:00
parent f47f786fe9
commit 385075063e
7 changed files with 166 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CHANGES
View file

@ -5,7 +5,8 @@
Changes between 0.9.7l and 0.9.7m-fips2 [xx XXX xxxx] Changes between 0.9.7l and 0.9.7m-fips2 [xx XXX xxxx]
*) New build option fipsdso to link fipscanister.o into a DSO called *) New build option fipsdso to link fipscanister.o into a DSO called
libfips.so and modify build system to link against it. libfips.so and modify build system to link against it. Preliminary changes
to VC++ build system to accomodate fipsdso.
[Steve Henson] [Steve Henson]
*) New version of RSA_{sign,verify} for FIPS code. This uses pregenerated *) New version of RSA_{sign,verify} for FIPS code. This uses pregenerated

2
Configure
View file

@ -991,6 +991,8 @@ print "Configuring for $target\n";
my $IsWindows=scalar grep /^$target$/,@WinTargets; my $IsWindows=scalar grep /^$target$/,@WinTargets;
$no_shared = 1 if ($IsWindows && $fipsdso);
$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target eq "mingw"); $exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target eq "mingw");
$exe_ext=".pm" if ($target eq "vos-gcc" or $target eq "debug-vos-gcc" or $target eq "vos-vcc" or $target eq "debug-vos-vcc"); $exe_ext=".pm" if ($target eq "vos-gcc" or $target eq "debug-vos-gcc" or $target eq "vos-vcc" or $target eq "debug-vos-vcc");
$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq ""); $openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");

2
fips-1.0/Makefile
View file

@ -262,6 +262,8 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \
../crypto/des/ecb_enc.o \ ../crypto/des/ecb_enc.o \
../crypto/des/ofb64ede.o \ ../crypto/des/ofb64ede.o \
../crypto/des/ofb64enc.o \ ../crypto/des/ofb64enc.o \
../crypto/des/fcrypt_b.o \
../crypto/des/fcrypt.o \
../crypto/dh/dh_lib.o \ ../crypto/dh/dh_lib.o \
../crypto/dsa/dsa_lib.o \ ../crypto/dsa/dsa_lib.o \
../crypto/dsa/dsa_sign.o \ ../crypto/dsa/dsa_sign.o \

34
util/mk1mf.pl
View file

@ -19,6 +19,7 @@ my $fips_premain_c_path = "";
my $fips_sha1_exe_path = ""; my $fips_sha1_exe_path = "";
local $fipscanisterbuild = 0; local $fipscanisterbuild = 0;
local $fipsdso = 0;
my $fipslibdir = ""; my $fipslibdir = "";
my $baseaddr = ""; my $baseaddr = "";
@ -450,6 +451,8 @@ if ($fips_premain_dso_exe_path eq "")
# $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips); # $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips);
$ex_l_libs .= " \$(L_FIPS)" if $fipsdso;
if ($fips) if ($fips)
{ {
if (!$shlib) if (!$shlib)
@ -587,6 +590,7 @@ PREMAIN_DSO_EXE=$fips_premain_dso_exe_path
E_EXE=openssl E_EXE=openssl
SSL=$ssl SSL=$ssl
CRYPTO=$crypto CRYPTO=$crypto
LIBFIPS=libfips
# BIN_D - Binary output directory # BIN_D - Binary output directory
# TEST_D - Binary test file output directory # TEST_D - Binary test file output directory
@ -605,10 +609,12 @@ INCL_D=\$(TMP_D)
O_SSL= \$(LIB_D)$o$plib\$(SSL)$shlibp O_SSL= \$(LIB_D)$o$plib\$(SSL)$shlibp
O_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$shlibp O_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$shlibp
O_FIPS= \$(LIB_D)$o$plib\$(LIBFIPS)$shlibp
SO_SSL= $plib\$(SSL)$so_shlibp SO_SSL= $plib\$(SSL)$so_shlibp
SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp
L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp
L_FIPS= \$(LIB_D)$o$plib\$(LIBFIPS)$libp
L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs
@ -841,10 +847,24 @@ if ($fips)
{ {
if ($shlib) if ($shlib)
{ {
$rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)", if ($fipsdso)
"\$(O_CRYPTO)", {
"$crypto", $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
$shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)"); "\$(O_CRYPTO)", "$crypto",
$shlib, "", "");
$rules.= &do_lib_rule(
"\$(O_FIPSCANISTER)",
"\$(O_FIPS)", "libfips",
$shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
$rules.= &do_sdef_rule();
}
else
{
$rules.= &do_lib_rule(
"\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
"\$(O_CRYPTO)", "$crypto",
$shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
}
} }
else else
{ {
@ -1189,6 +1209,12 @@ sub read_options
$fips=1; $fips=1;
$fipscanisterbuild=1; $fipscanisterbuild=1;
} }
elsif (/^fipsdso$/)
{
$fips=1;
$fipscanisterbuild=1;
$fipsdso=1;
}
elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; } elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
elsif (/^-[lL].*$/) { $l_flags.="$_ "; } elsif (/^-[lL].*$/) { $l_flags.="$_ "; }
elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/) elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)

3
util/mkdef.pl
View file

@ -130,8 +130,7 @@ foreach (@ARGV, split(/ /, $options))
} }
$VMS=1 if $_ eq "VMS"; $VMS=1 if $_ eq "VMS";
$OS2=1 if $_ eq "OS2"; $OS2=1 if $_ eq "OS2";
$fips=1 if $_ eq "fips"; $fips=1 if /^fips/;
$fips=1 if $_ eq "fipscanisterbuild";
$do_ssl=1 if $_ eq "ssleay"; $do_ssl=1 if $_ eq "ssleay";
if ($_ eq "ssl") { if ($_ eq "ssl") {

85
util/mksdef.pl Normal file
View file

@ -0,0 +1,85 @@
# Perl script to split libeay32.def into two distinct DEF files for use in
# fipdso mode. It works out symbols in each case by running "link" command and
# parsing the output to find the list of missing symbols then splitting
# libeay32.def based on the result.
# Get list of unknown symbols
my @deferr = `link @ARGV`;
my $preamble = "";
my @fipsdll;
my @fipsrest;
my %nosym;
# Add symbols to a hash for easy lookup
foreach (@deferr)
{
if (/^.*symbol (\S+)$/)
{
$nosym{$1} = 1;
}
}
open (IN, "ms/libeay32.def") || die "Can't Open DEF file for splittling";
my $started = 0;
# Parse libeay32.def into two arrays depending on whether the symbol matches
# the missing list.
foreach (<IN>)
{
if (/^\s*(\S+)\s*\@/)
{
$started = 1;
if (exists $nosym{$1})
{
push @fipsrest, $_;
}
else
{
push @fipsdll, "\t$1\n";
}
}
$preamble .= $_ unless $started;
}
close IN;
# Hack! Add some additional exports needed to libcryptofips.dll
#
push @fipsdll, "\tengine_table_unregister\n";
push @fipsdll, "\tengine_table_register\n";
push @fipsdll, "\tengine_table_cleanup\n";
push @fipsdll, "\tengine_table_select\n";
push @fipsdll, "\tengine_set_all_null\n";
# Write out DEF files for each array
write_def("ms/libfips.def", "LIBFIPS", $preamble, \@fipsdll);
write_def("ms/libcryptofips.def", "LIBCRYPTOFIPS", $preamble, \@fipsrest);
sub write_def
{
my ($fnam, $defname, $preamble, $rdefs) = @_;
open (OUT, ">$fnam") || die "Can't Open DEF file $fnam for Writing\n";
$preamble =~ s/LIBEAY32/$defname/g;
$preamble =~ s/LIBEAY/$defname/g;
print OUT $preamble;
foreach (@$rdefs)
{
print OUT $_;
}
close OUT;
}

52
util/pl/VC-32.pl
View file

@ -13,7 +13,14 @@ if ($fips && !$shlib)
} }
else else
{ {
$crypto="libeay32"; if ($fipsdso)
{
$crypto="libcryptofips";
}
else
{
$crypto="libeay32";
}
} }
$o='\\'; $o='\\';
@ -119,6 +126,7 @@ sub do_lib_rule
local($objs,$target,$name,$shlib,$ign,$base_addr) = @_; local($objs,$target,$name,$shlib,$ign,$base_addr) = @_;
local($ret,$Name); local($ret,$Name);
$taget =~ s/\//$o/g if $o ne '/'; $taget =~ s/\//$o/g if $o ne '/';
($Name=$name) =~ tr/a-z/A-Z/; ($Name=$name) =~ tr/a-z/A-Z/;
my $base_arg; my $base_arg;
@ -143,14 +151,29 @@ sub do_lib_rule
} }
else else
{ {
local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':''; my $ex = "";
if ($target =~ /O_SSL/)
{
$ex = " \$(L_CRYPTO)";
$ex .= " \$(L_FIPS)" if $fipsdso;
}
my $fipstarget;
if ($fipsdso)
{
$fipstarget = "O_FIPS";
}
else
{
$fipstarget = "O_CRYPTO";
}
$ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib'; $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib';
$ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/; $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
if ($fips && $target =~ /O_CRYPTO/) if ($fips && $target =~ /$fipstarget/)
{ {
$ex.= $mwex unless $fipscanisterbuild; $ex.= $mwex unless $fipscanisterbuild;
$ret.="$target: $objs \$(PREMAIN_DSO_EXE)\n"; $ret.="$target: $objs \$(PREMAIN_DSO_EXE)";
$ret.="\tSET FIPS_LINK=\$(LINK)\n"; $ret.=" ms/libfips.def" if $fipsdso;
$ret.="\n\tSET FIPS_LINK=\$(LINK)\n";
$ret.="\tSET FIPS_CC=\$(CC)\n"; $ret.="\tSET FIPS_CC=\$(CC)\n";
$ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n"; $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
$ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n"; $ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n";
@ -163,8 +186,13 @@ sub do_lib_rule
} }
else else
{ {
$ret.="$target: $objs\n"; $ret.="$target: $objs";
$ret.="\t\$(LINK) \$(MLFLAGS) $base_arg $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; if ($target =~ /O_CRYPTO/ && $fipsdso)
{
$ret .= " \$(O_FIPS)";
$ex .= " \$(L_FIPS)";
}
$ret.="\n\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
} }
} }
$ret.="\n"; $ret.="\n";
@ -173,7 +201,7 @@ sub do_lib_rule
sub do_link_rule sub do_link_rule
{ {
local($target,$files,$dep_libs,$libs,$standalone)=@_; my($target,$files,$dep_libs,$libs,$standalone)=@_;
local($ret,$_); local($ret,$_);
$file =~ s/\//$o/g if $o ne '/'; $file =~ s/\//$o/g if $o ne '/';
$n=&bname($targer); $n=&bname($targer);
@ -222,5 +250,13 @@ sub do_rlink_rule
return($ret); return($ret);
} }
sub do_sdef_rule
{
my $ret = "ms/libfips.def: \$(O_FIPSCANISTER)\n";
$ret.="\t\$(PERL) util/mksdef.pl \$(MLFLAGS) /out:dummy.dll /def:ms/libeay32.def @<<\n \$(O_FIPSCANISTER)\n<<\n";
$ret.="\n";
return $ret;
}
1; 1;