wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Jumbo framework update.

Browse source
This commit is contained in:
Andy Polyakov 2007-08-01 11:33:17 +00:00
parent c4a2cab0bb
commit 8f0d89092e
12 changed files with 165 additions and 148 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
Configure
View file

@ -503,8 +503,8 @@ my %table=(
##### MacOS X (a.k.a. Rhapsody or Darwin) setup ##### MacOS X (a.k.a. Rhapsody or Darwin) setup
"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::", "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::",
"darwin-ppc-cc","cc:-O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", "darwin-ppc-cc","cc:-O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", "darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", "debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
##### A/UX ##### A/UX
@ -1028,6 +1028,11 @@ my $shared_extension = $fields[$idx_shared_extension];
my $ranlib = $fields[$idx_ranlib]; my $ranlib = $fields[$idx_ranlib];
my $arflags = $fields[$idx_arflags]; my $arflags = $fields[$idx_arflags];
# '%' in $lflags is used to split flags to "pre-" and post-flags
my ($prelflags,$postlflags)=split('%',$lflags);
if (defined($postlflags)) { $lflags=$postlflags; }
else { $lflags=$prelflags; undef $prelflags; }
my $no_shared_warn=0; my $no_shared_warn=0;
my $no_user_cflags=0; my $no_user_cflags=0;
@ -1361,6 +1366,7 @@ while (<IN>)
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
s/^CFLAG=.*$/CFLAG= $cflags/; s/^CFLAG=.*$/CFLAG= $cflags/;
s/^DEPFLAG=.*$/DEPFLAG= $depflags/; s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
s/^PEX_LIBS=.*$/PEX_LIBS= $prelflags/;
s/^EX_LIBS=.*$/EX_LIBS= $lflags/; s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/; s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/; s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/;
@ -1399,7 +1405,7 @@ while (<IN>)
s/^BASEADDR=.*/BASEADDR=$baseaddr/; s/^BASEADDR=.*/BASEADDR=$baseaddr/;
s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL) \$(SHARED_FIPS)/ if (!$no_shared); s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_FIPS) \$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/) if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
{ {
my $sotmp = $1; my $sotmp = $1;

31
Makefile.org
View file

@ -319,7 +319,7 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
sub_all: build_all sub_all: build_all
build_all: build_libs build_apps build_tests build_tools build_all: build_libs build_apps build_tests build_tools
build_libs: build_crypto build_fips build_ssl build_engines build_libs: build_crypto build_fips build_ssl build_shared build_engines
build_crypto: build_crypto:
if [ -n "$(FIPSCANLIB)" ]; then \ if [ -n "$(FIPSCANLIB)" ]; then \
@ -330,7 +330,7 @@ build_crypto:
fi ; export ARX ; \ fi ; export ARX ; \
dir=crypto; target=all; $(BUILD_ONE_CMD) dir=crypto; target=all; $(BUILD_ONE_CMD)
build_fips: build_fips:
@dir=fips-1.0; target=all; $(BUILD_ONE_CMD) @dir=fips-1.0; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD)
build_ssl: build_ssl:
@dir=ssl; target=all; $(BUILD_ONE_CMD) @dir=ssl; target=all; $(BUILD_ONE_CMD)
build_engines: build_engines:
@ -346,43 +346,48 @@ all_testapps: build_libs build_testapps
build_testapps: build_testapps:
@dir=crypto; target=testapps; $(BUILD_ONE_CMD) @dir=crypto; target=testapps; $(BUILD_ONE_CMD)
build_shared: $(SHARED_LIBS)
libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS) libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS)
@if [ "$(SHLIB_TARGET)" != "" ]; then \ @if [ "$(SHLIB_TARGET)" != "" ]; then \
if [ "$(FIPSCANLIB)" = "libfips" ]; then \ if [ "$(FIPSCANLIB)" = "libfips" ]; then \
( dir=fips-1.0; target=all; $(BUILD_ONE_CMD) ) ; \
$(ARD) libcrypto.a fipscanister.o ; \ $(ARD) libcrypto.a fipscanister.o ; \
$(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \ $(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \
$(AR) libcrypto.a fips-1.0/fipscanister.o ; \ $(AR) libcrypto.a fips-1.0/fipscanister.o ; \
else \ else \
if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \ if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
FIPSLD_CC=$(CC); CC=fips-1.0/fipsld; \ FIPSLD_CC=$(CC); CC=fips-1.0/fipsld; \
FIPSLD_NPT="y"; FIPSLD_LIBFIPS=y; \ export CC FIPSLD_CC; \
export CC FIPSLD_CC FIPSLD_NPT FIPSLD_LIBFIPS; \
fi; \ fi; \
$(MAKE) -e SHLIBDIRS='crypto' build-shared; \ $(MAKE) -e SHLIBDIRS='crypto' build-shared; \
fi \ fi \
else \ else \
echo "There's no support for shared libraries on this platform" >&2; \ echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
fi fi
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \ @if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ shlibdeps=-lcrypto; \
[ "$(FIPSCANLIB)" = "libfips" ] && shlibdeps="$$shlibdeps -lfips"; \
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS="$$shlibdeps" build-shared; \
else \ else \
echo "There's no support for shared libraries on this platform" >&2 ; \ echo "There's no support for shared libraries on this platform" >&2 ; \
exit 1; \ exit 1; \
fi fi
libfips$(SHLIB_EXT): libfips.a fips-1.0/fipscanister.o: build_fips
libfips$(SHLIB_EXT): fips-1.0/fipscanister.o
@if [ "$(SHLIB_TARGET)" != "" ]; then \ @if [ "$(SHLIB_TARGET)" != "" ]; then \
if [ "$(FIPSCANLIB)" = "libfips" ]; then \ FIPSLD_CC=$(CC); CC=fips-1.0/fipsld; export CC FIPSLD_CC; \
FIPSLD_CC=$(CC); CC=fips-1.0/fipsld; FIPSLD_NPT="y"; \ $(MAKE) -f Makefile.shared -e $(BUILDENV) \
FIPSLD_LIBFIPS=y; \ CC=$${CC} LIBNAME=fips THIS=$@ \
export CC FIPSLD_CC FIPSLD_NPT FIPSLD_LIBFIPS; \ LIBEXTRAS=fips-1.0/fipscanister.o \
fi; \ LIBDEPS="$(EX_LIBS)" \
$(MAKE) -e SHLIBDIRS=fips build-shared; \ LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
link_o.$(SHLIB_TARGET) || { rm -f $@; exit 1; } \
else \ else \
echo "There's no support for shared libraries on this platform" >&2; \ echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
fi fi
libfips.a: libfips.a:

4
Makefile.shared
View file

@ -101,15 +101,13 @@ LINK_SO= \
LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \ LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \ SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \
LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \ LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${SHAREDCMD} $${SHAREDFLAGS} \ $${SHAREDCMD} $${SHAREDFLAGS} \
-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \ $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
) && $(SYMLINK_SO); \ ) && $(SYMLINK_SO)
( $(SET_X); rm -f lib$(LIBNAME).exp )
SYMLINK_SO= \ SYMLINK_SO= \
if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \ if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \

4
TABLE
View file

@ -951,7 +951,7 @@ $cflags = -O3 -fomit-frame-pointer -fno-common
$unistd = $unistd =
$thread_cflag = -D_REENTRANT $thread_cflag = -D_REENTRANT
$sys_id = MACOSX $sys_id = MACOSX
$lflags = $lflags = -Wl,-search_paths_first%
$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
$cpuid_obj = $cpuid_obj =
$bn_obj = $bn_obj =
@ -978,7 +978,7 @@ $cflags = -O3 -DB_ENDIAN
$unistd = $unistd =
$thread_cflag = -D_REENTRANT $thread_cflag = -D_REENTRANT
$sys_id = MACOSX $sys_id = MACOSX
$lflags = -Wl,-search_paths_first $lflags = -Wl,-search_paths_first%
$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
$cpuid_obj = $cpuid_obj =
$bn_obj = osx_ppc32.o $bn_obj = osx_ppc32.o

7
apps/Makefile
View file

@ -155,11 +155,8 @@ $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
elif [ -n "$(FIPSCANLIB)" ]; then \ elif [ -n "$(FIPSCANLIB)" ]; then \
FIPSLD_CC=$(CC); CC=$(TOP)/fips-1.0/fipsld; export CC FIPSLD_CC; \ FIPSLD_CC=$(CC); CC=$(TOP)/fips-1.0/fipsld; export CC FIPSLD_CC; \
fi; \ fi; \
if [ "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
LIBRARIES="$(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO)" ; \ [ "x$(FIPSCANLIB)" = "xlibfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
else \
LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
fi; \
$(MAKE) -f $(TOP)/Makefile.shared -e \ $(MAKE) -f $(TOP)/Makefile.shared -e \
CC=$${CC} APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \ CC=$${CC} APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \
LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \

4
crypto/Makefile
View file

@ -47,7 +47,7 @@ ALL= $(GENERAL) $(SRC) $(HEADER)
top: top:
@(cd ..; $(MAKE) DIRS=$(DIR) all) @(cd ..; $(MAKE) DIRS=$(DIR) all)
all: shared all: lib
buildinf.h: ../Makefile buildinf.h: ../Makefile
( echo "#ifndef MK1MF_BUILD"; \ ( echo "#ifndef MK1MF_BUILD"; \
@ -95,7 +95,7 @@ links:
@target=links; $(RECURSIVE_MAKE) @target=links; $(RECURSIVE_MAKE)
# lib: and $(LIB): are splitted to avoid end-less loop # lib: and $(LIB): are splitted to avoid end-less loop
lib: $(LIB) lib: buildinf.h $(LIB) subdirs
@touch lib @touch lib
$(LIB): $(LIBOBJ) $(LIB): $(LIBOBJ)
$(ARX) $(LIB) $(LIBOBJ) $(ARX) $(LIB) $(LIBOBJ)

30
fips-1.0/Makefile
View file

@ -61,8 +61,10 @@ testapps:
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
all: all:
@if [ -n "$(FIPSCANLIB)" ]; then \ @if [ -z "$(FIPSLIBDIR)" ]; then \
$(MAKE) -e subdirs lib shared; \ $(MAKE) -e subdirs lib fips_premain_dso$(EXE_EXT); \
else \
$(MAKE) -e lib fips_premain_dso$(EXE_EXT) fips_standalone_sha1$(EXE_EXT); \
fi fi
# Idea behind fipscanister.o is to "seize" the sequestered code between # Idea behind fipscanister.o is to "seize" the sequestered code between
@ -97,16 +99,17 @@ fipscanister.o: fips_start.o $(LIBOBJ) $(FIPS_OBJ_LISTS) fips_end.o
objs="$$objs `sed "$$script" $$i`"; \ objs="$$objs `sed "$$script" $$i`"; \
done; \ done; \
objs="$$objs fips_end.o" ; \ objs="$$objs fips_end.o" ; \
os="`(uname -s) 2>/dev/null`"; cflags="$(CFLAGS)"; \
[ "$$os" = "AIX" ] && cflags="$$cflags -Wl,-bnoobjreorder"; \
if [ -n "${FIPS_SITE_LD}" ]; then \ if [ -n "${FIPS_SITE_LD}" ]; then \
set -x; ${FIPS_SITE_LD} -r -o $@ $$objs; \ set -x; ${FIPS_SITE_LD} -r -o $@ $$objs; \
elif $(CC) -dumpversion >/dev/null 2>&1; then \ elif $(CC) -dumpversion >/dev/null 2>&1; then \
set -x; $(CC) $(CFLAGS) -r -nostdlib -o $@ $$objs ; \ set -x; $(CC) $$cflags -r -nostdlib -o $@ $$objs ; \
else case "`(uname -s) 2>/dev/null`" in \ else case "$$os" in \
HP-UX|OSF1|SunOS) set -x; /usr/ccs/bin/ld -r -o $@ $$objs ;; \ HP-UX|OSF1|SunOS) set -x; /usr/ccs/bin/ld -r -o $@ $$objs ;; \
AIX) set -x; $(CC) $(CFLAGS) -Wl,-bnoobjreorder -r -o $@ $$objs ;; \ *) set -x; $(CC) $$cflags -r -o $@ $$objs ;; \
*) set -x; $(CC) $(CFLAGS) -r -o $@ $$objs ;; \
esac fi esac fi
sha/fips_standalone_sha1 fipscanister.o > fipscanister.o.sha1 ./fips_standalone_sha1 fipscanister.o > fipscanister.o.sha1
# If another exception is immediately required, assign approprite # If another exception is immediately required, assign approprite
# site-specific ld command to FIPS_SITE_LD environment variable. # site-specific ld command to FIPS_SITE_LD environment variable.
@ -117,7 +120,10 @@ fips_end.o: fips_canister.c
$(CC) $(CFLAGS) -DFIPS_END -c -o $@ fips_canister.c $(CC) $(CFLAGS) -DFIPS_END -c -o $@ fips_canister.c
fips_premain_dso$(EXE_EXT): fips_premain.c fips_premain_dso$(EXE_EXT): fips_premain.c
$(CC) $(CFLAGS) -DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ fips_premain.c \ $(CC) $(CFLAGS) -DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ fips_premain.c \
../libcrypto.a $(EX_LIBS) $(FIPSLIBDIR)fipscanister.o ../libcrypto.a $(EX_LIBS)
# this is executed only when linking with external fipscanister.o
fips_standalone_sha1$(EXE_EXT): sha/fips_standalone_sha1.c
$(CC) $(CFLAGS) -DFIPSCANISTER_O -o $@ sha/fips_standalone_sha1.c $(FIPSLIBDIR)fipscanister.o
subdirs: subdirs:
@target=all; $(RECURSIVE_MAKE) @target=all; $(RECURSIVE_MAKE)
@ -132,9 +138,13 @@ links:
@target=links; $(RECURSIVE_MAKE) @target=links; $(RECURSIVE_MAKE)
# lib: and $(LIB): are splitted to avoid end-less loop # lib: and $(LIB): are splitted to avoid end-less loop
lib: $(FIPSCANLIB) $(FIPSCANLOC) lib: $(LIB)
@touch lib @touch lib
$(LIB): $(FIPSLIBDIR)fipscanister.o
$(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
$(RANLIB) $(LIB) || echo Never mind.
$(FIPSCANLIB): $(FIPSCANLOC) $(FIPSCANLIB): $(FIPSCANLOC)
$(AR) ../$(FIPSCANLIB).a $(FIPSCANLOC) $(AR) ../$(FIPSCANLIB).a $(FIPSCANLOC)
if [ "$(FIPSCANLIB)" = "libfips" ]; then \ if [ "$(FIPSCANLIB)" = "libfips" ]; then \
@ -182,7 +192,7 @@ depend:
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
clean: clean:
rm -f fipscanister.o.sha1 fips_premain_dso$(EXE_EXT) \ rm -f fipscanister.o.sha1 fips_premain_dso$(EXE_EXT) fips_standalone_sha1$(EXE_EXT) \
*.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
@target=clean; $(RECURSIVE_MAKE) @target=clean; $(RECURSIVE_MAKE)

179
fips-1.0/fipsld
View file

@ -1,6 +1,6 @@
#!/bin/sh -e #!/bin/sh -e
# #
# Copyright (c) 2005 The OpenSSL Project. # Copyright (c) 2005-2007 The OpenSSL Project.
# #
# Depending on output file name, the script either embeds fingerprint # Depending on output file name, the script either embeds fingerprint
# into libcrypto.so or static application. "Static" refers to static # into libcrypto.so or static application. "Static" refers to static
@ -18,54 +18,51 @@ CC=${FIPSLD_CC:-${CC}}
# Initially -c wasn't intended to be interpreted here, but it might # Initially -c wasn't intended to be interpreted here, but it might
# make life easier for those who want to build FIPS-ified applications # make life easier for those who want to build FIPS-ified applications
# with minimal [if any] modifications to their Makefiles... # with minimal [if any] modifications to their Makefiles...
( while [ "x$1" != "x" -a "x$1" != "x-c" ]; do shift; done; ( while [ "x$1" != "x" -a "x$1" != "x-c" -a "x$1" != "x-E" ]; do shift; done;
[ $# -ge 1 ] [ $# -ge 1 ]
) && exec ${CC} "$@" ) && exec ${CC} "$@"
TARGET=`(while [ "x$1" != "x" -a "x$1" != "x-o" ]; do shift; done; echo $2)`
# If using an auto-tooled (autoconf/automake/libtool) project, # If using an auto-tooled (autoconf/automake/libtool) project,
# configure will fail when testing the compiler or even performing # configure will fail when testing the compiler or even performing
# simple checks. Pass-thru to compiler directly if not linking # simple checks. Pass-through to compiler directly if application is
# to libcrypto, allowing auto-tooled applications to utilize fipsld # is not being linked with libcrypto, allowing auto-tooled applications
# (e.g. CC=/usr/local/ssl/bin/fipsld FIPSLD_CC=gcc ./configure && make ) # to utilize fipsld (e.g. CC=/usr/local/ssl/bin/fipsld FIPSLD_CC=gcc
# If FIPSLD_NPT is set never call the pass-thru: the standalone fips commands # ./configure && make). But keep in mind[!] that if certified code
# need this because they don't link to libcrypto # resides in a shared library, then fipsld *may not* be used and
[ -z "$FIPSLD_NPT" -a -z "$FIPSLD_LIBFIPS" ] && { # end-developer should not modify application configuration and build
case "$*" in # procedures. This is because in-core fingerprint and associated
*libcrypto.a*) # procedures are already embedded into and executed in shared library
;; # context.
*-lcrypto*) case `basename "${TARGET}"` in
;; libcrypto*|libfips*|*.dll) ;;
*) *) case "$*" in
exec ${CC} $* *libcrypto.a*|*-lcrypto*) ;;
;; *) exec ${CC} "$@" ;;
esac
esac esac
}
[ -n "${TARGET}" ] || { echo 'no -o specified'; exit 1; }
# Turn on debugging output? # Turn on debugging output?
( while [ "x$1" != "x" -a "x$1" != "x-DDEBUG_FINGERPRINT_PREMAIN" ]; do shift; done; ( while [ "x$1" != "x" -a "x$1" != "x-DDEBUG_FINGERPRINT_PREMAIN" ]; do shift; done;
[ $# -ge 1 ] [ $# -ge 1 ]
) && set -x ) && set -x
TARGET=`(while [ "x$1" != "x" -a "x$1" != "x-o" ]; do shift; done; echo $2)`
[ -n "${TARGET}" ] || { echo 'no -o specified'; exit 1; }
THERE="`echo $0 | sed -e 's|[^/]*$||'`".. THERE="`echo $0 | sed -e 's|[^/]*$||'`"..
# FIPSCANLIB is the library containing fipscanister.o by default it is # If set, FIPSLIBDIR is location of installed validated FIPS module
# libcrypto.a if [ -n "${FIPSLIBDIR}" ]; then
CANISTER_O="${FIPSLIBDIR}"
FIPSCANLIB=${FIPSCANLIB:-libcrypto} elif [ -f "${THERE}/fips-1.0/fipscanister.o" ]; then
CANISTER_O="${THERE}/fips-1.0/fipscanister.o"
# FIPSLIBDIR is location of installed validated FIPS module elif [ -f "${THERE}/lib/fipscanister.o" ]; then
# if FIPSCANISTERINTERNAL="y" link against internally generated fipscanister.o CANISTER_O="${THERE}/lib/fipscanister.o"
if [ "x$FIPSCANISTERINTERNAL" != "xy" ]; then
FIPSLIBDIR=${FIPSLIBDIR:-/usr/local/ssl/lib}
else
FIPSLIBDIR=${THERE}/fips-1.0
fi fi
[ -f ${CANISTER_O} ] || { echo "unable to find ${CANISTER_O}"; exit 1; }
[ -f "${FIPSLIBDIR}/fipscanister.o" ] || PREMAIN_C=`dirname "${CANISTER_O}"`/fips_premain.c
{ echo "fipscanister.o not found"; exit 1; }
HMAC_KEY="etaonrishdlcupfm" HMAC_KEY="etaonrishdlcupfm"
@ -82,95 +79,109 @@ case "${TARGET}" in
[!/]*) TARGET=./${TARGET} ;; [!/]*) TARGET=./${TARGET} ;;
esac esac
case "${TARGET}" in case `basename "${TARGET}"` in
*${FIPSCANLIB}*|*.dll) # must be linking a shared lib... libfips*|*fips.dll)
# Shared lib creation can be taking place in the source # libfips.so creation can be taking place in the source
# directory only!!! # directory only!!!
FINGERTYPE="${THERE}/fips-1.0/sha/fips_standalone_sha1" FINGERTYPE="${THERE}/fips-1.0/fips_standalone_sha1"
CANISTER_O="${FIPSLIBDIR}/fipscanister.o" # fipscanister.o should be specified on command line...
PREMAIN_C="${FIPSLIBDIR}/fips_premain.c" CANISTER_O=`(while [ "x$1" != "x" ]; do case "$1" in *fipscanister.o) echo $1; exit;; esac; shift; done)`
echo Canister: $CANISTER_O [ -n "$CANISTER_O" ] || { echo "fipscanister.o is not found"; exit 1; }
PREMAIN_C=`dirname "${CANISTER_O}"`/fips_premain.c
# verify fipspremain.c against its detached signature... # verify fipspremain.c against its detached signature...
${FINGERTYPE} "${PREMAIN_C}" | sed "s/(.*\//(/" | \ ${FINGERTYPE} "${PREMAIN_C}" | sed "s/(.*\//(/" | \
diff -w "${PREMAIN_C}.sha1" - || \ diff -w "${PREMAIN_C}.sha1" - || \
{ echo "${PREMAIN_C} fingerprint mismatch"; exit 1; } { echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }
# Special case: if FIPSLD_LIBFIPS is asserted we are building # verify fipscanister.o against its detached signature...
# libfips shared library and fipscanister.o is already present ${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \
# in libfips.a diff -w "${CANISTER_O}.sha1" - || \
if [ -n "$FIPSLD_LIBFIPS" ] ; then { echo "${CANISTER_O} fingerprint mismatch"; exit 1; }
${CC} "${PREMAIN_C}" \
${_WL_PREMAIN} "$@"
else
# verify fipscanister.o against its detached signature... /bin/rm -f "${TARGET}"
${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \ ${CC} "${PREMAIN_C}" ${_WL_PREMAIN} "$@"
diff -w "${CANISTER_O}.sha1" - || \
{ echo "${CANISTER_O} fingerprint mismatch"; exit 1; }
# Temporarily remove fipscanister.o from library!
# We are required to use the standalone copy...
trap 'ar r "${THERE}/$FIPSCANLIB.a" "${CANISTER_O}";
(ranlib "${THERE}/$FIPSCANLIB.a") 2>/dev/null;
sleep 1;
touch -c "${TARGET}"' 0
ar d "${THERE}/$FIPSCANLIB.a" fipscanister.o 2>&1 > /dev/null || :
(ranlib "${THERE}/$FIPSCANLIB.a") 2>/dev/null || :
${CC} "${CANISTER_O}" \
"${PREMAIN_C}" \
${_WL_PREMAIN} "$@"
fi
# generate signature... # generate signature...
SIG=`("${THERE}/fips-1.0/fips_premain_dso" "${TARGET}" || rm "${TARGET}")` SIG=`"${THERE}/fips-1.0/fips_premain_dso" "${TARGET}"`
/bin/rm -f "${TARGET}"
if [ -z "${SIG}" ]; then if [ -z "${SIG}" ]; then
echo "unable to collect signature"; exit 1 echo "unable to collect signature"; exit 1
fi fi
if [ -n "$FIPSLD_LIBFIPS" ] ; then # recompile with signature...
${CC} -DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \ ${CC} -DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" ${_WL_PREMAIN} "$@"
${_WL_PREMAIN} "$@" ;;
else libcrypto*|*.dll) # must be linking a shared lib...
# Shared lib creation can be taking place in the source
# directory only, but fipscanister.o can reside elsewhere...
FINGERTYPE="${THERE}/fips-1.0/fips_standalone_sha1"
# recompile with signature... # verify fipspremain.c against its detached signature...
${CC} "${CANISTER_O}" \ ${FINGERTYPE} "${PREMAIN_C}" | sed "s/(.*\//(/" | \
-DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \ diff -w "${PREMAIN_C}.sha1" - || \
${_WL_PREMAIN} "$@" { echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }
# verify fipscanister.o against its detached signature...
${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \
diff -w "${CANISTER_O}.sha1" - || \
{ echo "${CANISTER_O} fingerprint mismatch"; exit 1; }
# Temporarily remove fipscanister.o from libcrypto.a!
# We are required to use the standalone copy...
trap 'ar r "${THERE}/libcrypto.a" "${CANISTER_O}";
(ranlib "${THERE}/libcrypto.a") 2>/dev/null;
sleep 1;
touch -c "${TARGET}"' 0
ar d "${THERE}/libcrypto.a" fipscanister.o 2>&1 > /dev/null || :
(ranlib "${THERE}/libcrypto.a") 2>/dev/null || :
/bin/rm -f "${TARGET}"
${CC} "${CANISTER_O}" \
"${PREMAIN_C}" \
${_WL_PREMAIN} "$@"
# generate signature...
SIG=`"${THERE}/fips-1.0/fips_premain_dso" "${TARGET}"`
/bin/rm -f "${TARGET}"
if [ -z "${SIG}" ]; then
echo "unable to collect signature"; exit 1
fi fi
# recompile with signature...
${CC} "${CANISTER_O}" \
-DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \
${_WL_PREMAIN} "$@"
;; ;;
*) # must be linking statically... *) # must be linking statically...
# Static linking can be taking place either in the source # Static linking can be taking place either in the source
# directory or off the installed binary target destination. # directory or off the installed binary target destination.
if [ -x "${THERE}/fips-1.0/sha/fips_standalone_sha1" ]; then if [ -x "${THERE}/fips-1.0/fips_standalone_sha1" ]; then
FINGERTYPE="${THERE}/fips-1.0/sha/fips_standalone_sha1" FINGERTYPE="${THERE}/fips-1.0/fips_standalone_sha1"
else # Installed tree is expected to contain else # Installed tree is expected to contain
# lib/fipscanister.o, lib/fipscanister.o.sha1 and # lib/fipscanister.o, lib/fipscanister.o.sha1 and
# lib/fips_premain.c [not to mention bin/openssl]. # lib/fips_premain.c [not to mention bin/openssl].
FINGERTYPE="${THERE}/bin/openssl sha1 -hmac ${HMAC_KEY}" FINGERTYPE="${THERE}/bin/openssl sha1 -hmac ${HMAC_KEY}"
fi fi
CANISTER_O="${FIPSLIBDIR}/fipscanister.o"
PREMAIN_C="${FIPSLIBDIR}/fips_premain.c"
# verify fipscanister.o against its detached signature... # verify fipscanister.o against its detached signature...
${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \ ${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \
diff -w "${CANISTER_O}.sha1" - || \ diff -w "${CANISTER_O}.sha1" - || \
{ echo "${CANISTER_O} fingerprint mismatch"; exit 1; } { echo "${CANISTER_O} fingerprint mismatch"; exit 1; }
# verify fips_premain.c against its detached signature... # verify fips_premain.c against its detached signature...
# ${FINGERTYPE} "${PREMAIN_C}" | sed "s/(.*\//(/" | \ ${FINGERTYPE} "${PREMAIN_C}" | sed "s/(.*\//(/" | \
# diff -w "${PREMAIN_C}.sha1" - || \ diff -w "${PREMAIN_C}.sha1" - || \
# { echo "${PREMAIN_C} fingerprint mismatch"; exit 1; } { echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }
/bin/rm -f "${TARGET}"
${CC} "${CANISTER_O}" \ ${CC} "${CANISTER_O}" \
"${PREMAIN_C}" \ "${PREMAIN_C}" \
${_WL_PREMAIN} "$@" ${_WL_PREMAIN} "$@"
# generate signature... # generate signature...
SIG=`("${TARGET}" || /bin/rm "${TARGET}")` SIG=`"${TARGET}"`
/bin/rm -f "${TARGET}"
if [ -z "${SIG}" ]; then if [ -z "${SIG}" ]; then
echo "unable to collect signature"; exit 1 echo "unable to collect signature"; exit 1
fi fi

7
fips-1.0/sha/Makefile
View file

@ -41,15 +41,14 @@ ALL= $(GENERAL) $(SRC) $(HEADER)
top: top:
(cd $(TOP); $(MAKE) DIRS=fips-1.0 SDIRS=$(DIR) sub_all) (cd $(TOP); $(MAKE) DIRS=fips-1.0 SDIRS=$(DIR) sub_all)
all: fips_standalone_sha1$(EXE_EXT) lib all: ../fips_standalone_sha1$(EXE_EXT) lib
lib: $(LIBOBJ) lib: $(LIBOBJ)
@echo $(LIBOBJ) > lib @echo $(LIBOBJ) > lib
fips_standalone_sha1$(EXE_EXT): fips_standalone_sha1.o ../fips_standalone_sha1$(EXE_EXT): fips_standalone_sha1.o
FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha1dgst.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../../crypto/sha/$$i" ; done; \ FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha1dgst.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../../crypto/sha/$$i" ; done; \
$(CC) -o fips_standalone_sha1$(EXE_EXT) $(CFLAGS) \ $(CC) -o $@ $(CFLAGS) fips_standalone_sha1.o $$FIPS_SHA_ASM
fips_standalone_sha1.o $$FIPS_SHA_ASM
files: files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

2
fips-1.0/sha/fips_standalone_sha1.c
View file

@ -54,9 +54,11 @@
#include <openssl/sha.h> #include <openssl/sha.h>
#include <openssl/hmac.h> #include <openssl/hmac.h>
#ifndef FIPSCANISTER_O
int FIPS_selftest_failed() { return 0; } int FIPS_selftest_failed() { return 0; }
void FIPS_selftest_check() {} void FIPS_selftest_check() {}
void OPENSSL_cleanse(void *p,size_t len) {} void OPENSSL_cleanse(void *p,size_t len) {}
#endif
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS

2
ssl/Makefile
View file

@ -53,7 +53,7 @@ ALL= $(GENERAL) $(SRC) $(HEADER)
top: top:
(cd ..; $(MAKE) DIRS=$(DIR) all) (cd ..; $(MAKE) DIRS=$(DIR) all)
all: shared all: lib
lib: $(LIBOBJ) lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ)

31
test/Makefile
View file

@ -354,11 +354,8 @@ $(DLIBCRYPTO):
BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
shlib_target="$(SHLIB_TARGET)"; \ shlib_target="$(SHLIB_TARGET)"; \
fi; \ fi; \
if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \
LIBRARIES="$(DLIBSSL) $(DLIBCRYPTO) $(LIBKRB5)"; \ [ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
else \
LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \
fi; \
$(MAKE) -f $(TOP)/Makefile.shared -e \ $(MAKE) -f $(TOP)/Makefile.shared -e \
APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
@ -397,15 +394,11 @@ $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
FIPS_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ FIPS_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
shlib_target="$(SHLIB_TARGET)"; \ shlib_target="$(SHLIB_TARGET)"; \
fi; \ fi; \
if [ "$(FIPSCANLIB)" != "libfips" -o -z "$(SHARED_LIBS)" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(LIBCRYPTO) $(LIBKRB5)"; \
LIBRARIES=""; \ if [ -z "$(SHARED_LIBS)" ] ; then \
if [ -n "$(FIPSCANLIB)" ]; then \ FIPSLD_CC=$(CC); CC=$(TOP)/fips-1.0/fipsld; export CC FIPSLD_CC; \
FIPSLD_CC=$(CC); CC=$(TOP)/fips-1.0/fipsld; FIPSLD_NPT="y" \
export CC FIPSLD_CC FIPSLD_NPT ; \
fi; \
else \
LIBRARIES="$(LIBFIPS)"; \
fi; \ fi; \
[ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="-L$(TOP) -lfips"; \
$(MAKE) -f $(TOP)/Makefile.shared -e \ $(MAKE) -f $(TOP)/Makefile.shared -e \
CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
@ -414,15 +407,11 @@ FIPS_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
FIPS_CRYPTO_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ FIPS_CRYPTO_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
shlib_target="$(SHLIB_TARGET)"; \ shlib_target="$(SHLIB_TARGET)"; \
fi; \ fi; \
if [ -z "$(SHARED_LIBS)" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \
LIBRARIES="$(DLIBSSL) $(DLIBCRYPTO) $(LIBKRB5)"; \ if [ -z "$(SHARED_LIBS)" ] ; then \
if [ -n "$(FIPSCANLIB)" ]; then \ FIPSLD_CC=$(CC); CC=$(TOP)/fips-1.0/fipsld; export CC FIPSLD_CC; \
FIPSLD_CC=$(CC); CC=$(TOP)/fips-1.0/fipsld; FIPSLD_NPT="y" \
export CC FIPSLD_CC FIPSLD_NPT ; \
fi; \
else \
LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \
fi; \ fi; \
[ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
$(MAKE) -f $(TOP)/Makefile.shared -e \ $(MAKE) -f $(TOP)/Makefile.shared -e \
CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \