src - OpenBSD base system

diff options


context:
space:
mode:

author	Damien Miller <djm@cvs.openbsd.org>	2006-06-27 05:07:04 +0000
committer	Damien Miller <djm@cvs.openbsd.org>	2006-06-27 05:07:04 +0000
commit	0fa0c9fb7d6f4ad7a423044f28b55eaaedc63f28 (patch)
tree	98d6947cd8474ab98b57494ebef50e97659be043 /lib/libcrypto/util
parent	ecc645c71513728e7357c84aa8997b4dc2301936 (diff)

resolve conflicts

Diffstat (limited to 'lib/libcrypto/util')

-rw-r--r--

lib/libcrypto/util/libeay.num

-rw-r--r--

lib/libcrypto/util/mk1mf.pl

337

-rw-r--r--

lib/libcrypto/util/mkdef.pl

-rw-r--r--

lib/libcrypto/util/mkerr.pl

-rw-r--r--

lib/libcrypto/util/mkfiles.pl

-rw-r--r--

lib/libcrypto/util/mklink.pl

-rw-r--r--

lib/libcrypto/util/pl/BC-32.pl

-rw-r--r--

lib/libcrypto/util/pl/OS2-EMX.pl

-rw-r--r--

lib/libcrypto/util/pl/VC-32.pl

-rw-r--r--

lib/libcrypto/util/pod2man.pl

-rw-r--r--

lib/libcrypto/util/selftest.pl

11 files changed, 484 insertions, 108 deletions

diff --git a/lib/libcrypto/util/libeay.num b/lib/libcrypto/util/libeay.num
index 56fb7446e04..4222bef6d6c 100644
--- a/lib/libcrypto/util/libeay.num
+++ b/lib/libcrypto/util/libeay.num

@@ -2811,7 +2811,7 @@ EVP_aes_192_cfb8 3252 EXIST::FUNCTION:AES

FIPS_mode_set 3253 EXIST:OPENSSL_FIPS:FUNCTION:

FIPS_selftest_dsa 3254 EXIST:OPENSSL_FIPS:FUNCTION:

EVP_aes_256_cfb8 3255 EXIST::FUNCTION:AES

-FIPS_allow_md5 3256 EXIST:OPENSSL_FIPS:FUNCTION:

+FIPS_allow_md5 3256 NOEXIST::FUNCTION:

DES_ede3_cfb_encrypt 3257 EXIST::FUNCTION:DES

EVP_des_ede3_cfb8 3258 EXIST::FUNCTION:DES

FIPS_rand_seeded 3259 EXIST:OPENSSL_FIPS:FUNCTION:

@@ -2837,7 +2837,7 @@ FIPS_dsa_check 3278 EXIST:OPENSSL_FIPS:FUNCTION:

AES_cfb1_encrypt 3279 EXIST::FUNCTION:AES

EVP_des_ede3_cfb1 3280 EXIST::FUNCTION:DES

FIPS_rand_check 3281 EXIST:OPENSSL_FIPS:FUNCTION:

-FIPS_md5_allowed 3282 EXIST:OPENSSL_FIPS:FUNCTION:

+FIPS_md5_allowed 3282 NOEXIST::FUNCTION:

FIPS_mode 3283 EXIST:OPENSSL_FIPS:FUNCTION:

FIPS_selftest_failed 3284 EXIST:OPENSSL_FIPS:FUNCTION:

sk_is_sorted 3285 EXIST::FUNCTION:

@@ -2867,3 +2867,41 @@ PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA

PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:

PROXY_POLICY_free 3308 EXIST::FUNCTION:

PROXY_POLICY_new 3309 EXIST::FUNCTION:

+BN_MONT_CTX_set_locked 3310 EXIST::FUNCTION:

+FIPS_selftest_rng 3311 EXIST:OPENSSL_FIPS:FUNCTION:

+EVP_sha384 3312 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512

+EVP_sha512 3313 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512

+EVP_sha224 3314 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256

+EVP_sha256 3315 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256

+FIPS_selftest_hmac 3316 EXIST:OPENSSL_FIPS:FUNCTION:

+FIPS_corrupt_rng 3317 EXIST:OPENSSL_FIPS:FUNCTION:

+BN_mod_exp_mont_consttime 3318 EXIST::FUNCTION:

+RSA_X931_hash_id 3319 EXIST::FUNCTION:RSA

+RSA_padding_check_X931 3320 EXIST::FUNCTION:RSA

+RSA_verify_PKCS1_PSS 3321 EXIST::FUNCTION:RSA

+RSA_padding_add_X931 3322 EXIST::FUNCTION:RSA

+RSA_padding_add_PKCS1_PSS 3323 EXIST::FUNCTION:RSA

+PKCS1_MGF1 3324 EXIST::FUNCTION:RSA

+BN_X931_generate_Xpq 3325 EXIST:OPENSSL_FIPS:FUNCTION:

+RSA_X931_generate_key 3326 EXIST:OPENSSL_FIPS:FUNCTION:RSA

+BN_X931_derive_prime 3327 EXIST:OPENSSL_FIPS:FUNCTION:

+BN_X931_generate_prime 3328 EXIST:OPENSSL_FIPS:FUNCTION:

+RSA_X931_derive 3329 EXIST:OPENSSL_FIPS:FUNCTION:RSA

+SHA512_Update 3356 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512

+SHA256_Init 3479 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256

+SHA224 3510 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256

+SHA384_Update 3551 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512

+SHA224_Final 3560 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256

+SHA224_Update 3562 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256

+SHA512_Final 3581 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512

+SHA224_Init 3631 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256

+SHA512_Init 3633 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512

+SHA256 3654 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256

+SHA256_Transform 3664 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256

+SHA512 3669 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512

+SHA512_Transform 3675 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512

+SHA256_Final 3712 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256

+SHA384_Init 3737 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512

+SHA384_Final 3740 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512

+SHA384 3745 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512

+SHA256_Update 3765 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256

diff --git a/lib/libcrypto/util/mk1mf.pl b/lib/libcrypto/util/mk1mf.pl
index 957264c6b54..05a60861645 100644
--- a/lib/libcrypto/util/mk1mf.pl
+++ b/lib/libcrypto/util/mk1mf.pl

@@ -10,6 +10,20 @@ $OPTIONS="";

$ssl_version="";

$banner="\t\@echo Building OpenSSL";

+local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic

+local $zlib_lib = "";

+my $fips_canister_path = "";

+my $fips_premain_dso_exe_path = "";

+my $fips_premain_c_path = "";

+my $fips_sha1_exe_path = "";

+my $fipslibdir = "";

+my $baseaddr = "";

+my $ex_l_libs = "";

open(IN,"<Makefile") || die "unable to open Makefile!\n";

while(<IN>) {

$ssl_version=$1 if (/^VERSION=(.*)$/);

@@ -24,6 +38,7 @@ $infile="MINFO";

%ops=(

"VC-WIN32", "Microsoft Visual C++ [4-6] - Windows NT or 9X",

+ "VC-WIN32-GMAKE", "Microsoft Visual C++ [4-6] - Windows NT or 9X, GNU make",

"VC-CE", "Microsoft eMbedded Visual C++ 3.0 - Windows CE ONLY",

"VC-NT", "Microsoft Visual C++ [4-6] - Windows NT ONLY",

"VC-W31-16", "Microsoft Visual C++ 1.52 - Windows 3.1 - 286",

@@ -43,6 +58,7 @@ $infile="MINFO";

);

$platform="";

+my $xcflags="";

foreach (@ARGV)

{

if (!&read_options && !defined($ops{$_}))

@@ -104,8 +120,12 @@ $inc_def="outinc";

$tmp_def="tmp";

$mkdir="-mkdir";

+$mkcanister="ld -r -o";

+$ex_build_targets = "";

($ssl,$crypto)=("ssl","crypto");

+$cryptocompat = "";

$ranlib="echo ranlib";

$cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc';

@@ -140,6 +160,10 @@ elsif (($platform eq "VC-WIN32") || ($platform eq "VC-NT"))

$NT = 1 if $platform eq "VC-NT";

require 'VC-32.pl';

}

+elsif ($platform eq "VC-WIN32-GMAKE")

+ {

+ require 'VC-32-GMAKE.pl';

+ }

elsif ($platform eq "VC-CE")

{

require 'VC-CE.pl';

@@ -210,6 +234,8 @@ $inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def;

$bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq ''));

+$cflags= "$xcflags$cflags" if $xcflags ne "";

$cflags.=" -DOPENSSL_NO_IDEA" if $no_idea;

$cflags.=" -DOPENSSL_NO_AES" if $no_aes;

$cflags.=" -DOPENSSL_NO_RC2" if $no_rc2;

@@ -239,6 +265,9 @@ $cflags.=" -DOPENSSL_NO_HW" if $no_hw;

$cflags.=" -DOPENSSL_FIPS" if $fips;

#$cflags.=" -DRSAref" if $rsaref ne "";

+$cflags.= " -DZLIB" if $zlib_opt;

+$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;

## if ($unix)

## { $cflags="$c_flags" if ($c_flags ne ""); }

##else

@@ -246,6 +275,7 @@ $cflags.=" -DOPENSSL_FIPS" if $fips;

$ex_libs="$l_flags$ex_libs" if ($l_flags ne "");

%shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL",

"CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO");

@@ -262,6 +292,135 @@ $link="$bin_dir$link" if ($link !~ /^\$/);

$INSTALLTOP =~ s|/|$o|g;

+#############################################

+# We parse in input file and 'store' info for later printing.

+open(IN,"<$infile") || die "unable to open $infile:$!\n";

+$_=<IN>;

+for (;;)

+ {

+ chop;

+ ($key,$val)=/^([^=]+)=(.*)/;

+ if ($key eq "RELATIVE_DIRECTORY")

+ {

+ if ($lib ne "")

+ {

+ if ($fips && $dir =~ /^fips/)

+ {

+ $uc = "FIPS";

+ }

+ else

+ {

+ $uc=$lib;

+ $uc =~ s/^lib(.*)\.a/$1/;

+ $uc =~ tr/a-z/A-Z/;

+ }

+ if (($uc ne "FIPS") || $fips_canister_build)

+ {

+ $lib_nam{$uc}=$uc;

+ $lib_obj{$uc}.=$libobj." ";

+ }

+ last if ($val eq "FINISHED");

+ $lib="";

+ $libobj="";

+ $dir=$val;

+ }

+ if ($key eq "KRB5_INCLUDES")

+ { $cflags .= " $val";}

+ if ($key eq "ZLIB_INCLUDE")

+ { $cflags .= " $val" if $val ne "";}

+ if ($key eq "LIBZLIB")

+ { $zlib_lib = "$val" if $val ne "";}

+ if ($key eq "LIBKRB5")

+ { $ex_libs .= " $val" if $val ne "";}

+ if ($key eq "TEST")

+ { $test.=&var_add($dir,$val); }

+ if (($key eq "PROGS") || ($key eq "E_OBJ"))

+ { $e_exe.=&var_add($dir,$val); }

+ if ($key eq "LIB")

+ {

+ $lib=$val;

+ $lib =~ s/^.*\/([^\/]+)$/$1/;

+ }

+ if ($key eq "EXHEADER")

+ { $exheader.=&var_add($dir,$val); }

+ if ($key eq "HEADER")

+ { $header.=&var_add($dir,$val); }

+ if ($key eq "LIBOBJ")

+ { $libobj=&var_add($dir,$val); }

+ if ($key eq "FIPSLIBDIR")

+ { $fipslibdir=$val;}

+ if ($key eq "BASEADDR")

+ { $baseaddr=$val;}

+ if (!($_=<IN>))

+ { $_="RELATIVE_DIRECTORY=FINISHED\n"; }

+ }

+close(IN);

+if ($fips_canister_path eq "")

+ {

+ $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.o";

+ }

+if ($fips_premain_c_path eq "")

+ {

+ $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c";

+ }

+if ($fips)

+ {

+ if ($fips_sha1_exe_path eq "")

+ {

+ $fips_sha1_exe_path =

+ "\$(BIN_D)${o}fips_standalone_sha1$exep";

+ }

+ else

+ {

+ $fips_sha1_exe_path = "";

+ }

+if ($fips_premain_dso_exe_path eq "")

+ {

+ $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep";

+ }

+# $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips);

+if ($fips)

+ {

+ if (!$shlib)

+ {

+ $ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)";

+ $ex_l_libs .= " \$(O_FIPSCANISTER)";

+ }

+ if ($fipslibdir eq "")

+ {

+ open (IN, "util/fipslib_path.txt") || fipslib_error();

+ $fipslibdir = <IN>;

+ chomp $fipslibdir;

+ close IN;

+ }

+ fips_check_files($fipslibdir,

+ "fipscanister.o", "fipscanister.o.sha1",

+ "fips_premain.c", "fips_premain.c.sha1");

+ }

$defs= <<"EOF";

# This makefile has been automatically generated from the OpenSSL distribution.

# This single makefile will build the complete OpenSSL distribution and

@@ -286,6 +445,7 @@ if ($platform eq "VC-CE")

!INCLUDE <\$(WCECOMPAT)/wcedefs.mak>

EOF

+ $ex_libs .= " $zlib_lib" if $zlib_opt == 1;

}

$defs.= <<"EOF";

@@ -308,6 +468,8 @@ EX_LIBS=$ex_libs

SRC_D=$src_dir

LINK=$link

+PERL=perl

+FIPSLINK=\$(PERL) util${o}fipslink.pl

LFLAGS=$lflags

BN_ASM_OBJ=$bn_asm_obj

@@ -339,6 +501,9 @@ TMP_D=$tmp_dir

INC_D=$inc_dir

INCO_D=$inc_dir${o}openssl

+# Directory containing FIPS module

CP=$cp

RM=$rm

RANLIB=$ranlib

@@ -346,6 +511,18 @@ MKDIR=$mkdir

MKLIB=$bin_dir$mklib

MLFLAGS=$mlflags

ASM=$bin_dir$asm

+MKCANISTER=$mkcanister

+# FIPS validated module and support file locations

+E_PREMAIN_DSO=fips_premain_dso

+FIPSLIB_D=$fipslibdir

+BASEADDR=$baseaddr

+FIPS_PREMAIN_SRC=$fips_premain_c_path

+O_FIPSCANISTER=$fips_canister_path

+FIPS_SHA1_EXE=$fips_sha1_exe_path

+PREMAIN_DSO_EXE=$fips_premain_dso_exe_path

######################################################

# You should not need to touch anything below this point

@@ -377,7 +554,7 @@ SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp

L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp

L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp

-L_LIBS= \$(L_SSL) \$(L_CRYPTO)

+L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs

######################################################

# Don't touch anything below this point

@@ -387,13 +564,13 @@ INC=-I\$(INC_D) -I\$(INCL_D)

APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)

LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)

SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)

-LIBS_DEP=\$(O_CRYPTO) \$(O_SSL)

+LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep

#############################################

EOF

$rules=<<"EOF";

-all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe

+all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) lib exe $ex_build_targets

banner:

$banner

@@ -479,57 +656,6 @@ printf OUT " #define DATE \"%s\"\n", scalar gmtime();

printf OUT "#endif\n";

close(OUT);

-#############################################

-# We parse in input file and 'store' info for later printing.

-open(IN,"<$infile") || die "unable to open $infile:$!\n";

-$_=<IN>;

-for (;;)

- {

- chop;

- ($key,$val)=/^([^=]+)=(.*)/;

- if ($key eq "RELATIVE_DIRECTORY")

- {

- if ($lib ne "")

- {

- $uc=$lib;

- $uc =~ s/^lib(.*)\.a/$1/;

- $uc =~ tr/a-z/A-Z/;

- $lib_nam{$uc}=$uc;

- $lib_obj{$uc}.=$libobj." ";

- }

- last if ($val eq "FINISHED");

- $lib="";

- $libobj="";

- $dir=$val;

- }

- if ($key eq "TEST")

- { $test.=&var_add($dir,$val); }

- if (($key eq "PROGS") || ($key eq "E_OBJ"))

- { $e_exe.=&var_add($dir,$val); }

- if ($key eq "LIB")

- {

- $lib=$val;

- $lib =~ s/^.*\/([^\/]+)$/$1/;

- }

- if ($key eq "EXHEADER")

- { $exheader.=&var_add($dir,$val); }

- if ($key eq "HEADER")

- { $header.=&var_add($dir,$val); }

- if ($key eq "LIBOBJ")

- { $libobj=&var_add($dir,$val); }

- if (!($_=<IN>))

- { $_="RELATIVE_DIRECTORY=FINISHED\n"; }

- }

-close(IN);

# Strip of trailing ' '

foreach (keys %lib_obj) { $lib_obj{$_}=&clean_up_ws($lib_obj{$_}); }

$test=&clean_up_ws($test);

@@ -554,6 +680,29 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");

$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);

$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');

+# Special case rules for fips_start and fips_end fips_premain_dso

+if ($fips)

+ {

+ if ($fips_canister_build)

+ {

+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj",

+ "fips-1.0${o}fips_canister.c",

+ "-DFIPS_START \$(SHLIB_CFLAGS)");

+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj",

+ "fips-1.0${o}fips_canister.c", "\$(SHLIB_CFLAGS)");

+ }

+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj",

+ "fips-1.0${o}sha${o}fips_standalone_sha1.c",

+ "\$(SHLIB_CFLAGS)");

+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_sha1dgst$obj",

+ "fips-1.0${o}sha${o}fips_sha1dgst.c",

+ "\$(SHLIB_CFLAGS)") unless $fips_canister_build;

+ $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj",

+ "fips-1.0${o}fips_premain.c",

+ "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)");

+ }

foreach (values %lib_nam)

{

$lib_obj=$lib_obj{$_};

@@ -630,16 +779,42 @@ foreach (split(/\s+/,$test))

}

$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");

-$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");

if ($fips)

{

- $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)","\$(BIN_D)$o.sha1","\$(BIN_D)$o\$(E_EXE)$exep");

+ if ($shlib)

+ {

+ $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",

+ "\$(O_CRYPTO)",

+ "$crypto",

+ $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");

+ }

+ else

+ {

+ $rules.= &do_lib_rule("\$(CRYPTOOBJ)",

+ "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");

+ $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",

+ "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", "");

+ }

}

-else

+ else

{

- $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");

+ $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,

+ "\$(SO_CRYPTO)");

}

+if ($fips)

+ {

+ $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", "\$(OBJ_D)${o}fips_start$obj \$(FIPSOBJ) \$(OBJ_D)${o}fips_end$obj", "\$(FIPSLIB_D)${o}fips_standalone_sha1$exep", "") if $fips_canister_build;

+ $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1);

+ $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)","\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}fips_sha1dgst$obj","","", 1);

+ }

+ $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)",0);

print $defs;

if ($platform eq "linux-elf") {

@@ -935,6 +1110,24 @@ sub read_options

elsif (/^shlib$/) { $shlib=1; }

elsif (/^dll$/) { $shlib=1; }

elsif (/^shared$/) { } # We just need to ignore it for now...

+ elsif (/^zlib$/) { $zlib_opt = 1 if $zlib_opt == 0 }

+ elsif (/^zlib-dynamic$/){ $zlib_opt = 2; }

+ elsif (/^--with-krb5-flavor=(.*)$/)

+ {

+ my $krb5_flavor = $1;

+ if ($krb5_flavor =~ /^force-[Hh]eimdal$/)

+ {

+ $xcflags="-DKRB5_HEIMDAL $xcflags";

+ }

+ elsif ($krb5_flavor =~ /^MIT/i)

+ {

+ $xcflags="-DKRB5_MIT $xcflags";

+ if ($krb5_flavor =~ /^MIT[._-]*1[._-]*[01]/i)

+ {

+ $xcflags="-DKRB5_MIT_OLD11 $xcflags"

+ }

elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }

elsif (/^-[lL].*$/) { $l_flags.="$_ "; }

elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)

@@ -942,3 +1135,31 @@ sub read_options

else { return(0); }

return(1);

}

+sub fipslib_error

+ {

+ print STDERR "***FIPS module directory sanity check failed***\n";

+ print STDERR "FIPS module build failed, or was deleted\n";

+ print STDERR "Please rebuild FIPS module.\n";

+ exit 1;

+ }

+sub fips_check_files

+ {

+ my $dir = shift @_;

+ my $ret = 1;

+ if (!-d $dir)

+ {

+ print STDERR "FIPS module directory $dir does not exist\n";

+ fipslib_error();

+ }

+ foreach (@_)

+ {

+ if (!-f "$dir${o}$_")

+ {

+ print STDERR "FIPS module file $_ does not exist!\n";

+ $ret = 0;

+ }

+ fipslib_error() if ($ret == 0);

+ }

diff --git a/lib/libcrypto/util/mkdef.pl b/lib/libcrypto/util/mkdef.pl
index 9918c3d549c..6c1e53bb146 100644
--- a/lib/libcrypto/util/mkdef.pl
+++ b/lib/libcrypto/util/mkdef.pl

@@ -83,7 +83,7 @@ my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",

my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );

my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",

"CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",

- "RIPEMD",

+ "SHA256", "SHA512", "RIPEMD",

"MDC2", "RSA", "DSA", "DH", "EC", "HMAC", "AES",

# Envelope "algorithms"

"EVP", "X509", "ASN1_TYPEDEFS",

@@ -267,7 +267,7 @@ $crypto.=" crypto/ocsp/ocsp.h";

$crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h";

$crypto.=" crypto/krb5/krb5_asn.h";

$crypto.=" crypto/tmdiff.h";

-$crypto.=" fips/fips.h fips/rand/fips_rand.h";

+$crypto.=" fips-1.0/fips.h fips-1.0/rand/fips_rand.h fips-1.0/sha/fips_sha.h";

my $symhacks="crypto/symhacks.h";

@@ -864,6 +864,9 @@ sub do_defs

$a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/);

$a .= ",RSA" if($s =~ /RSAPrivateKey/);

$a .= ",RSA" if($s =~ /SSLv23?_((client|server)_)?method/);

+ # SHA2 algorithms only defined in FIPS mode for

+ # OpenSSL 0.9.7

+ $p .= "OPENSSL_FIPS" if($s =~ /SHA[235]/);

$platform{$s} =

&reduce_platforms((defined($platform{$s})?$platform{$s}.',':"").$p);

@@ -1011,7 +1014,7 @@ sub is_valid

{

my ($keywords_txt,$platforms) = @_;

my (@keywords) = split /,/,$keywords_txt;

- my ($falsesum, $truesum) = (0, !grep(/^[^!]/,@keywords));

+ my ($falsesum, $truesum) = (0, 1);

# Param: one keyword

sub recognise

@@ -1079,7 +1082,7 @@ sub is_valid

if ($k =~ /^!(.*)$/) {

$falsesum += &recognise($1,$platforms);

} else {

- $truesum += &recognise($k,$platforms);

+ $truesum *= &recognise($k,$platforms);

}

print STDERR "DEBUG: [",$#keywords,",",$#keywords < 0,"] is_valid($keywords_txt) => (\!$falsesum) && $truesum = ",(!$falsesum) && $truesum,"\n" if $debug;

diff --git a/lib/libcrypto/util/mkerr.pl b/lib/libcrypto/util/mkerr.pl
index 60e534807eb..9678514604b 100644
--- a/lib/libcrypto/util/mkerr.pl
+++ b/lib/libcrypto/util/mkerr.pl

@@ -9,6 +9,9 @@ my $reindex = 0;

my $dowrite = 0;

my $staticloader = "";

+my $pack_errcode;

+my $load_errcode;

while (@ARGV) {

my $arg = $ARGV[0];

if($arg eq "-conf") {

@@ -41,8 +44,8 @@ while (@ARGV) {

}

if($recurse) {

- @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>, <fips/*.c>,

- <fips/*/*.c>);

+ @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>, <fips-1.0/*.c>,

+ <fips-1.0/*/*.c>);

} else {

@source = @ARGV;

}

@@ -399,6 +402,20 @@ EOF

$hincf = "\"$hfile\"";

}

+ # If static we know the error code at compile time so use it

+ # in error definitions.

+ if ($static)

+ {

+ $pack_errcode = "ERR_LIB_${lib}";

+ $load_errcode = "0";

+ }

+ else

+ {

+ $pack_errcode = "0";

+ $load_errcode = "ERR_LIB_${lib}";

+ }

open (OUT,">$cfile") || die "Can't open $cfile for writing";

@@ -469,6 +486,10 @@ EOF

/* BEGIN ERROR CODES */

#ifndef OPENSSL_NO_ERR

+#define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0)

+#define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason)

static ERR_STRING_DATA ${lib}_str_functs[]=

{

EOF

@@ -480,7 +501,8 @@ EOF

if(exists $ftrans{$fn}) {

$fn = $ftrans{$fn};

}

- print OUT "{ERR_PACK(0,$i,0),\t\"$fn\"},\n";

+# print OUT "{ERR_PACK($pack_errcode,$i,0),\t\"$fn\"},\n";

+ print OUT "{ERR_FUNC($i),\t\"$fn\"},\n";

}

print OUT <<"EOF";

{0,NULL}

@@ -492,6 +514,7 @@ EOF

# Add each reason code.

foreach $i (@reasons) {

my $rn;

+ my $rstr = "ERR_REASON($i)";

my $nspc = 0;

if (exists $err_reason_strings{$i}) {

$rn = $err_reason_strings{$i};

@@ -500,9 +523,9 @@ EOF

$rn = $1;

$rn =~ tr/_[A-Z]/ [a-z]/;

}

- $nspc = 40 - length($i) unless length($i) > 40;

+ $nspc = 40 - length($rstr) unless length($rstr) > 40;

$nspc = " " x $nspc;

- print OUT "{${i}${nspc},\"$rn\"},\n";

+ print OUT "{${rstr}${nspc},\"$rn\"},\n";

}

if($static) {

print OUT <<"EOF";

@@ -519,8 +542,8 @@ ${staticloader}void ERR_load_${lib}_strings(void)

{

init=0;

#ifndef OPENSSL_NO_ERR

- ERR_load_strings(ERR_LIB_${lib},${lib}_str_functs);

- ERR_load_strings(ERR_LIB_${lib},${lib}_str_reasons);

+ ERR_load_strings($load_errcode,${lib}_str_functs);

+ ERR_load_strings($load_errcode,${lib}_str_reasons);

#endif

}

diff --git a/lib/libcrypto/util/mkfiles.pl b/lib/libcrypto/util/mkfiles.pl
index 928a274303d..bc78510f569 100644
--- a/lib/libcrypto/util/mkfiles.pl
+++ b/lib/libcrypto/util/mkfiles.pl

@@ -51,14 +51,15 @@ my @dirs = (

"crypto/ocsp",

"crypto/ui",

"crypto/krb5",

-"fips",

-"fips/aes",

-"fips/des",

-"fips/dsa",

-"fips/dh",

-"fips/rand",

-"fips/rsa",

-"fips/sha1",

+"fips-1.0",

+"fips-1.0/aes",

+"fips-1.0/des",

+"fips-1.0/dsa",

+"fips-1.0/dh",

+"fips-1.0/hmac",

+"fips-1.0/rand",

+"fips-1.0/rsa",

+"fips-1.0/sha",

"ssl",

"apps",

"test",

diff --git a/lib/libcrypto/util/mklink.pl b/lib/libcrypto/util/mklink.pl
index c8653cecc37..182732d9594 100644
--- a/lib/libcrypto/util/mklink.pl
+++ b/lib/libcrypto/util/mklink.pl

@@ -14,13 +14,16 @@

# not contain symbolic links and that the parent of / is never referenced.

# Apart from this, this script should be able to handle even the most

# pathological cases.

+use Cwd;

my $from = shift;

my @files = @ARGV;

my @from_path = split(/[\\\/]/, $from);

-my $pwd = `pwd`;

-chop($pwd);

+my $pwd = getcwd();

+chomp($pwd);

my @pwd_path = split(/[\\\/]/, $pwd);

my @to_path = ();

diff --git a/lib/libcrypto/util/pl/BC-32.pl b/lib/libcrypto/util/pl/BC-32.pl
index 897ae9d8249..28869c868df 100644
--- a/lib/libcrypto/util/pl/BC-32.pl
+++ b/lib/libcrypto/util/pl/BC-32.pl

@@ -18,7 +18,7 @@ $out_def="out32";

$tmp_def="tmp32";

$inc_def="inc32";

#enable max error messages, disable most common warnings

-$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp ";

+$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp ";

if ($debug)

{

$cflags.="-Od -y -v -vi- -D_DEBUG";

@@ -51,7 +51,7 @@ $lfile='';

$shlib_ex_obj="";

$app_ex_obj="c0x32.obj";

-$asm='nasmw -f obj';

+$asm='nasmw -f obj -d__omf__';

$asm.=" /Zi" if $debug;

$afile='-o';

@@ -106,9 +106,13 @@ sub do_lib_rule

$ret.="$target: $objs\n";

if (!$shlib)

{

- # $ret.="\t\$(RM) \$(O_$Name)\n";

- $ret.="\techo LIB $<\n";

- $ret.="\t&\$(MKLIB) $lfile$target -+\$**\n";

+ $ret.=<<___;

+ -\$(RM) $lfile$target

+ \$(MKLIB) $lfile$target \@&&!

++\$(**: = &^

++)

+___

}

else

{

diff --git a/lib/libcrypto/util/pl/OS2-EMX.pl b/lib/libcrypto/util/pl/OS2-EMX.pl
index 75d72ebbcbd..8dbeaa7a087 100644
--- a/lib/libcrypto/util/pl/OS2-EMX.pl
+++ b/lib/libcrypto/util/pl/OS2-EMX.pl

@@ -68,6 +68,7 @@ if (!$no_asm && !$fips)

$sha1_asm_src="crypto/sha/asm/s1-os2.asm";

$rmd160_asm_obj="crypto/ripemd/asm/rm-os2$obj";

$rmd160_asm_src="crypto/ripemd/asm/rm-os2.asm";

+ $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS";

}

if ($shlib)

diff --git a/lib/libcrypto/util/pl/VC-32.pl b/lib/libcrypto/util/pl/VC-32.pl
index cf689b9feb4..4e97dfa9aff 100644
--- a/lib/libcrypto/util/pl/VC-32.pl
+++ b/lib/libcrypto/util/pl/VC-32.pl

@@ -3,15 +3,28 @@

$ssl= "ssleay32";

-$crypto="libeay32";

+if ($fips && !$shlib)

+ {

+ $crypto="libeayfips32";

+ $crypto_compat = "libeaycompat32.lib";

+ }

+else

+ {

+ $crypto="libeay32";

+ }

$o='\\';

$cp='copy nul+'; # Timestamps get stuffed otherwise

$rm='del';

+$zlib_lib="zlib1.lib";

# C compiler stuff

$cc='cl';

-$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';

+$cflags=' /MD /W3 /WX /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';

+$cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8

+$cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8

$lflags="/nologo /subsystem:console /machine:I386 /opt:ref";

$mlflags='';

@@ -100,25 +113,56 @@ $cflags.=" /Fd$out_def";

sub do_lib_rule

{

- local($objs,$target,$name,$shlib)=@_;

+ local($objs,$target,$name,$shlib,$ign,$base_addr) = @_;

local($ret,$Name);

$taget =~ s/\//$o/g if $o ne '/';

($Name=$name) =~ tr/a-z/A-Z/;

+ my $base_arg;

+ if ($base_addr ne "")

+ {

+ $base_arg= " /base:$base_addr";

+ }

+ else

+ {

+ $base_arg = "";

+ }

# $target="\$(LIB_D)$o$target";

- $ret.="$target: $objs\n";

if (!$shlib)

{

# $ret.="\t\$(RM) \$(O_$Name)\n";

+ $ret.="$target: $objs\n";

$ex =' advapi32.lib';

+ $ex.=" \$(FIPSLIB_D)${o}_chkstk.o" if $fips && $target =~ /O_CRYPTO/;

$ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n";

}

else

{

local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';

- $ex.=' wsock32.lib gdi32.lib advapi32.lib';

- $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";

+ $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib';

+ $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;

+ if ($fips && $target =~ /O_CRYPTO/)

+ {

+ $ex.=" \$(FIPSLIB_D)${o}_chkstk.o";

+ $ret.="$target: $objs \$(PREMAIN_DSO_EXE)\n";

+ $ret.="\tSET FIPS_LINK=\$(LINK)\n";

+ $ret.="\tSET FIPS_CC=\$(CC)\n";

+ $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";

+ $ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n";

+ $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";

+ $ret.="\tSET FIPS_TARGET=$target\n";

+ $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";

+ $ret.="\t\$(FIPSLINK) \$(MLFLAGS) $base_arg $efile$target ";

+ $ret.="/def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs ";

+ $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n";

+ }

+ else

+ {

+ $ret.="$target: $objs\n";

+ $ret.="\t\$(LINK) \$(MLFLAGS) $base_arg $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";

+ }

}

$ret.="\n";

return($ret);

@@ -126,20 +170,51 @@ sub do_lib_rule

sub do_link_rule

{

- local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_;

+ local($target,$files,$dep_libs,$libs,$standalone)=@_;

local($ret,$_);

$file =~ s/\//$o/g if $o ne '/';

$n=&bname($targer);

$ret.="$target: $files $dep_libs\n";

- $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n";

- $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n";

- if (defined $sha1file)

+ if ($standalone)

+ {

+ $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t";

+ $ret.="\$(FIPSLIB_D)${o}_chkstk.o " if ($files =~ /O_FIPSCANISTER/);

+ $ret.="$files $libs\n<<\n";

+ }

+ elsif ($fips && !$shlib)

{

- $ret.=" $openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file";

+ $ret.="\tSET FIPS_LINK=\$(LINK)\n";

+ $ret.="\tSET FIPS_CC=\$(CC)\n";

+ $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";

+ $ret.="\tSET PREMAIN_DSO_EXE=\n";

+ $ret.="\tSET FIPS_TARGET=$target\n";

+ $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";

+ $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";

+ $ret.=" \$(FIPSLINK) \$(LFLAGS) $efile$target @<<\n";

+ $ret.=" \$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n";

}

+ else

+ {

+ $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n";

+ $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n";

+ }

+ $ret.="\n";

+ return($ret);

+ }

+sub do_rlink_rule

+ {

+ local($target,$files,$dep_libs,$libs)=@_;

+ local($ret,$_);

+ $file =~ s/\//$o/g if $o ne '/';

+ $n=&bname($targer);

+ $ret.="$target: $files $dep_libs\n";

+ $ret.=" \$(MKCANISTER) $target <<\n";

+ $ret.="INPUT($files)\n<<\n";

$ret.="\n";

return($ret);

}

diff --git a/lib/libcrypto/util/pod2man.pl b/lib/libcrypto/util/pod2man.pl
index 657e4e264e0..546d1ec1860 100644
--- a/lib/libcrypto/util/pod2man.pl
+++ b/lib/libcrypto/util/pod2man.pl

@@ -425,6 +425,7 @@ if ($name ne 'something') {

}

next if /^=cut\b/; # DB_File and Net::Ping have =cut before NAME

next if /^=pod\b/; # It is OK to have =pod before NAME

+ next if /^=for\s+comment\b/; # It is OK to have =for comment before NAME

die "$0: Invalid man page - 1st pod line is not NAME in $ARGV[0]\n" unless $lax;

}

die "$0: Invalid man page - no documentation in $ARGV[0]\n" unless $lax;

diff --git a/lib/libcrypto/util/selftest.pl b/lib/libcrypto/util/selftest.pl
index e9d5aa8938e..4778c5ab01d 100644
--- a/lib/libcrypto/util/selftest.pl
+++ b/lib/libcrypto/util/selftest.pl

@@ -49,7 +49,7 @@ if (open(IN,"<Makefile")) {

}

$cversion=`$cc -v 2>&1`;

-$cversion=`$cc -V 2>&1` if $cversion =~ "usage";

+$cversion=`$cc -V 2>&1` if $cversion =~ "[Uu]sage";

$cversion=`$cc -V |head -1` if $cversion =~ "Error";

$cversion=`$cc --version` if $cversion eq "";

$cversion =~ s/Reading specs.*\n//;

@@ -130,15 +130,21 @@ if (system("make 2>&1 | tee make.log") > 255) {

goto err;

}

-$_=$options;

-s/no-asm//;

-s/no-shared//;

-s/no-krb5//;

-if (/no-/)

- print OUT "Test skipped.\n";

- goto err;

+# Not sure why this is here. The tests themselves can detect if their

+# particular feature isn't included, and should therefore skip themselves.

+# To skip *all* tests just because one algorithm isn't included is like

+# shooting mosquito with an elephant gun...

+# -- Richard Levitte, inspired by problem report 1089

+#$_=$options;

+#s/no-asm//;

+#s/no-shared//;

+#s/no-krb5//;

+#if (/no-/)

+#{

+# print OUT "Test skipped.\n";

+# goto err;

+#}

print "Running make test...\n";

if (system("make test 2>&1 | tee maketest.log") > 255)