diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2009-01-09 12:15:53 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2009-01-09 12:15:53 +0000 |
| commit | 6d17bf8726d06249097f42aa5b8fb41c345eeab8 (patch) | |
| tree | 791e92f5e63e9cfece89543fce77b515015ab96c /lib/libcrypto/util | |
| parent | d30d6ad00561d36a052e2a024020f6802756f04a (diff) | |
resolve conflicts
Diffstat (limited to 'lib/libcrypto/util')
| -rw-r--r-- | lib/libcrypto/util/libeay.num | 180 | ||||
| -rw-r--r-- | lib/libcrypto/util/mk1mf.pl | 404 | ||||
| -rw-r--r-- | lib/libcrypto/util/mkdef.pl | 21 | ||||
| -rw-r--r-- | lib/libcrypto/util/mkerr.pl | 3 | ||||
| -rw-r--r-- | lib/libcrypto/util/mkfiles.pl | 10 | ||||
| -rw-r--r-- | lib/libcrypto/util/mklink.pl | 12 | ||||
| -rw-r--r-- | lib/libcrypto/util/pl/VC-32.pl | 179 |
7 files changed, 662 insertions, 147 deletions
diff --git a/lib/libcrypto/util/libeay.num b/lib/libcrypto/util/libeay.num index 62664f3c374..0eb54ddc891 100644 --- a/lib/libcrypto/util/libeay.num +++ b/lib/libcrypto/util/libeay.num @@ -2804,12 +2804,12 @@ OPENSSL_cleanse 3245 EXIST::FUNCTION: ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES -FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION: -FIPS_selftest_des 3250 NOEXIST::FUNCTION: +FIPS_corrupt_rsa 3249 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_des 3250 EXIST:OPENSSL_FIPS:FUNCTION: EVP_aes_128_cfb1 3251 EXIST::FUNCTION:AES EVP_aes_192_cfb8 3252 EXIST::FUNCTION:AES -FIPS_mode_set 3253 NOEXIST::FUNCTION: -FIPS_selftest_dsa 3254 NOEXIST::FUNCTION: +FIPS_mode_set 3253 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_dsa 3254 EXIST:OPENSSL_FIPS:FUNCTION: EVP_aes_256_cfb8 3255 EXIST::FUNCTION:AES FIPS_allow_md5 3256 NOEXIST::FUNCTION: DES_ede3_cfb_encrypt 3257 EXIST::FUNCTION:DES @@ -2817,44 +2817,44 @@ EVP_des_ede3_cfb8 3258 EXIST::FUNCTION:DES FIPS_rand_seeded 3259 NOEXIST::FUNCTION: AES_cfbr_encrypt_block 3260 EXIST::FUNCTION:AES AES_cfb8_encrypt 3261 EXIST::FUNCTION:AES -FIPS_rand_seed 3262 NOEXIST::FUNCTION: -FIPS_corrupt_des 3263 NOEXIST::FUNCTION: +FIPS_rand_seed 3262 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_corrupt_des 3263 EXIST:OPENSSL_FIPS:FUNCTION: EVP_aes_192_cfb1 3264 EXIST::FUNCTION:AES -FIPS_selftest_aes 3265 NOEXIST::FUNCTION: +FIPS_selftest_aes 3265 EXIST:OPENSSL_FIPS:FUNCTION: FIPS_set_prng_key 3266 NOEXIST::FUNCTION: EVP_des_cfb8 3267 EXIST::FUNCTION:DES -FIPS_corrupt_dsa 3268 NOEXIST::FUNCTION: +FIPS_corrupt_dsa 3268 EXIST:OPENSSL_FIPS:FUNCTION: FIPS_test_mode 3269 NOEXIST::FUNCTION: -FIPS_rand_method 3270 NOEXIST::FUNCTION: +FIPS_rand_method 3270 EXIST:OPENSSL_FIPS:FUNCTION: EVP_aes_256_cfb1 3271 EXIST::FUNCTION:AES -ERR_load_FIPS_strings 3272 NOEXIST::FUNCTION: -FIPS_corrupt_aes 3273 NOEXIST::FUNCTION: -FIPS_selftest_sha1 3274 NOEXIST::FUNCTION: -FIPS_selftest_rsa 3275 NOEXIST::FUNCTION: -FIPS_corrupt_sha1 3276 NOEXIST::FUNCTION: +ERR_load_FIPS_strings 3272 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_corrupt_aes 3273 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_sha1 3274 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_rsa 3275 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_corrupt_sha1 3276 EXIST:OPENSSL_FIPS:FUNCTION: EVP_des_cfb1 3277 EXIST::FUNCTION:DES FIPS_dsa_check 3278 NOEXIST::FUNCTION: AES_cfb1_encrypt 3279 EXIST::FUNCTION:AES EVP_des_ede3_cfb1 3280 EXIST::FUNCTION:DES -FIPS_rand_check 3281 NOEXIST::FUNCTION: +FIPS_rand_check 3281 EXIST:OPENSSL_FIPS:FUNCTION: FIPS_md5_allowed 3282 NOEXIST::FUNCTION: -FIPS_mode 3283 NOEXIST::FUNCTION: -FIPS_selftest_failed 3284 NOEXIST::FUNCTION: +FIPS_mode 3283 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_failed 3284 EXIST:OPENSSL_FIPS:FUNCTION: sk_is_sorted 3285 EXIST::FUNCTION: X509_check_ca 3286 EXIST::FUNCTION: -private_idea_set_encrypt_key 3287 NOEXIST::FUNCTION: +private_idea_set_encrypt_key 3287 EXIST:OPENSSL_FIPS:FUNCTION:IDEA HMAC_CTX_set_flags 3288 EXIST::FUNCTION:HMAC -private_SHA_Init 3289 NOEXIST::FUNCTION: -private_CAST_set_key 3290 NOEXIST::FUNCTION: -private_RIPEMD160_Init 3291 NOEXIST::FUNCTION: -private_RC5_32_set_key 3292 NOEXIST::FUNCTION: -private_MD5_Init 3293 NOEXIST::FUNCTION: -private_RC4_set_key 3294 NOEXIST::FUNCTION: -private_MDC2_Init 3295 NOEXIST::FUNCTION: -private_RC2_set_key 3296 NOEXIST::FUNCTION: -private_MD4_Init 3297 NOEXIST::FUNCTION: -private_BF_set_key 3298 NOEXIST::FUNCTION: -private_MD2_Init 3299 NOEXIST::FUNCTION: +private_SHA_Init 3289 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA0 +private_CAST_set_key 3290 EXIST:OPENSSL_FIPS:FUNCTION:CAST +private_RIPEMD160_Init 3291 EXIST:OPENSSL_FIPS:FUNCTION:RIPEMD +private_RC5_32_set_key 3292 EXIST:OPENSSL_FIPS:FUNCTION:RC5 +private_MD5_Init 3293 EXIST:OPENSSL_FIPS:FUNCTION:MD5 +private_RC4_set_key 3294 EXIST:OPENSSL_FIPS:FUNCTION:RC4 +private_MDC2_Init 3295 EXIST:OPENSSL_FIPS:FUNCTION:MDC2 +private_RC2_set_key 3296 EXIST:OPENSSL_FIPS:FUNCTION:RC2 +private_MD4_Init 3297 EXIST:OPENSSL_FIPS:FUNCTION:MD4 +private_BF_set_key 3298 EXIST:OPENSSL_FIPS:FUNCTION:BF +private_MD2_Init 3299 EXIST:OPENSSL_FIPS:FUNCTION:MD2 d2i_PROXY_CERT_INFO_EXTENSION 3300 EXIST::FUNCTION: PROXY_POLICY_it 3301 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PROXY_POLICY_it 3301 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2868,13 +2868,13 @@ PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI PROXY_POLICY_free 3308 EXIST::FUNCTION: PROXY_POLICY_new 3309 EXIST::FUNCTION: BN_MONT_CTX_set_locked 3310 EXIST::FUNCTION: -FIPS_selftest_rng 3311 NOEXIST::FUNCTION: +FIPS_selftest_rng 3311 EXIST:OPENSSL_FIPS:FUNCTION: EVP_sha384 3312 EXIST::FUNCTION:SHA,SHA512 EVP_sha512 3313 EXIST::FUNCTION:SHA,SHA512 EVP_sha224 3314 EXIST::FUNCTION:SHA,SHA256 EVP_sha256 3315 EXIST::FUNCTION:SHA,SHA256 -FIPS_selftest_hmac 3316 NOEXIST::FUNCTION: -FIPS_corrupt_rng 3317 NOEXIST::FUNCTION: +FIPS_selftest_hmac 3316 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_corrupt_rng 3317 EXIST:OPENSSL_FIPS:FUNCTION: BN_mod_exp_mont_consttime 3318 EXIST::FUNCTION: RSA_X931_hash_id 3319 EXIST::FUNCTION:RSA RSA_padding_check_X931 3320 EXIST::FUNCTION:RSA @@ -2882,7 +2882,7 @@ RSA_verify_PKCS1_PSS 3321 EXIST::FUNCTION:RSA RSA_padding_add_X931 3322 EXIST::FUNCTION:RSA RSA_padding_add_PKCS1_PSS 3323 EXIST::FUNCTION:RSA PKCS1_MGF1 3324 EXIST::FUNCTION:RSA -BN_X931_generate_Xpq 3325 NOEXIST::FUNCTION: +BN_X931_generate_Xpq 3325 EXIST::FUNCTION: RSA_X931_generate_key 3326 NOEXIST::FUNCTION: BN_X931_derive_prime 3327 NOEXIST::FUNCTION: BN_X931_generate_prime 3328 NOEXIST::FUNCTION: @@ -3652,51 +3652,75 @@ CMS_set1_eContentType 4040 EXIST::FUNCTION:CMS CMS_ReceiptRequest_create0 4041 EXIST::FUNCTION:CMS CMS_add1_signer 4042 EXIST::FUNCTION:CMS CMS_RecipientInfo_set0_pkey 4043 EXIST::FUNCTION:CMS -ENGINE_set_load_ssl_client_cert_function 4044 EXIST::FUNCTION:ENGINE -ENGINE_get_ssl_client_cert_function 4045 EXIST::FUNCTION:ENGINE +ENGINE_set_load_ssl_client_cert_function 4044 EXIST:!VMS:FUNCTION:ENGINE +ENGINE_set_ld_ssl_clnt_cert_fn 4044 EXIST:VMS:FUNCTION:ENGINE +ENGINE_get_ssl_client_cert_function 4045 EXIST:!VMS:FUNCTION:ENGINE +ENGINE_get_ssl_client_cert_fn 4045 EXIST:VMS:FUNCTION:ENGINE ENGINE_load_ssl_client_cert 4046 EXIST::FUNCTION:ENGINE ENGINE_load_capi 4047 EXIST::FUNCTION:CAPIENG,ENGINE OPENSSL_isservice 4048 EXIST::FUNCTION: -FIPS_dsa_sig_decode 4049 NOEXIST::FUNCTION: -EVP_CIPHER_CTX_clear_flags 4050 NOEXIST::FUNCTION: -FIPS_rand_status 4051 NOEXIST::FUNCTION: -FIPS_rand_set_key 4052 NOEXIST::FUNCTION: -CRYPTO_set_mem_info_functions 4053 NOEXIST::FUNCTION: -RSA_X931_generate_key_ex 4054 NOEXIST::FUNCTION: -int_ERR_set_state_func 4055 NOEXIST::FUNCTION: -int_EVP_MD_set_engine_callbacks 4056 NOEXIST::FUNCTION: -int_CRYPTO_set_do_dynlock_callback 4057 NOEXIST::FUNCTION: -FIPS_rng_stick 4058 NOEXIST::FUNCTION: -EVP_CIPHER_CTX_set_flags 4059 NOEXIST::FUNCTION: -BN_X931_generate_prime_ex 4060 NOEXIST::FUNCTION: -FIPS_selftest_check 4061 NOEXIST::FUNCTION: -FIPS_rand_set_dt 4062 NOEXIST::FUNCTION: -CRYPTO_dbg_pop_info 4063 NOEXIST::FUNCTION: -FIPS_dsa_free 4064 NOEXIST::FUNCTION: -RSA_X931_derive_ex 4065 NOEXIST::FUNCTION: -FIPS_rsa_new 4066 NOEXIST::FUNCTION: -FIPS_rand_bytes 4067 NOEXIST::FUNCTION: -fips_cipher_test 4068 NOEXIST::FUNCTION: -EVP_CIPHER_CTX_test_flags 4069 NOEXIST::FUNCTION: -CRYPTO_malloc_debug_init 4070 NOEXIST::FUNCTION: -CRYPTO_dbg_push_info 4071 NOEXIST::FUNCTION: -FIPS_corrupt_rsa_keygen 4072 NOEXIST::FUNCTION: -FIPS_dh_new 4073 NOEXIST::FUNCTION: -FIPS_corrupt_dsa_keygen 4074 NOEXIST::FUNCTION: -FIPS_dh_free 4075 NOEXIST::FUNCTION: -fips_pkey_signature_test 4076 NOEXIST::FUNCTION: -EVP_add_alg_module 4077 NOEXIST::FUNCTION: -int_RAND_init_engine_callbacks 4078 NOEXIST::FUNCTION: -int_EVP_CIPHER_set_engine_callbacks 4079 NOEXIST::FUNCTION: -int_EVP_MD_init_engine_callbacks 4080 NOEXIST::FUNCTION: -FIPS_rand_test_mode 4081 NOEXIST::FUNCTION: -FIPS_rand_reset 4082 NOEXIST::FUNCTION: -FIPS_dsa_new 4083 NOEXIST::FUNCTION: -int_RAND_set_callbacks 4084 NOEXIST::FUNCTION: -BN_X931_derive_prime_ex 4085 NOEXIST::FUNCTION: -int_ERR_lib_init 4086 NOEXIST::FUNCTION: -int_EVP_CIPHER_init_engine_callbacks 4087 NOEXIST::FUNCTION: -FIPS_rsa_free 4088 NOEXIST::FUNCTION: -FIPS_dsa_sig_encode 4089 NOEXIST::FUNCTION: -CRYPTO_dbg_remove_all_info 4090 NOEXIST::FUNCTION: -OPENSSL_init 4091 NOEXIST::FUNCTION: +FIPS_dsa_sig_decode 4049 EXIST:OPENSSL_FIPS:FUNCTION:DSA +EVP_CIPHER_CTX_clear_flags 4050 EXIST::FUNCTION: +FIPS_rand_status 4051 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_rand_set_key 4052 EXIST:OPENSSL_FIPS:FUNCTION: +CRYPTO_set_mem_info_functions 4053 EXIST::FUNCTION: +RSA_X931_generate_key_ex 4054 EXIST::FUNCTION:RSA +int_ERR_set_state_func 4055 EXIST:OPENSSL_FIPS:FUNCTION: +int_EVP_MD_set_engine_callbacks 4056 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE +int_CRYPTO_set_do_dynlock_callback 4057 EXIST::FUNCTION: +FIPS_rng_stick 4058 EXIST:OPENSSL_FIPS:FUNCTION: +EVP_CIPHER_CTX_set_flags 4059 EXIST::FUNCTION: +BN_X931_generate_prime_ex 4060 EXIST::FUNCTION: +FIPS_selftest_check 4061 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_rand_set_dt 4062 EXIST:OPENSSL_FIPS:FUNCTION: +CRYPTO_dbg_pop_info 4063 EXIST::FUNCTION: +FIPS_dsa_free 4064 EXIST:OPENSSL_FIPS:FUNCTION:DSA +RSA_X931_derive_ex 4065 EXIST::FUNCTION:RSA +FIPS_rsa_new 4066 EXIST:OPENSSL_FIPS:FUNCTION:RSA +FIPS_rand_bytes 4067 EXIST:OPENSSL_FIPS:FUNCTION: +fips_cipher_test 4068 EXIST:OPENSSL_FIPS:FUNCTION: +EVP_CIPHER_CTX_test_flags 4069 EXIST::FUNCTION: +CRYPTO_malloc_debug_init 4070 EXIST::FUNCTION: +CRYPTO_dbg_push_info 4071 EXIST::FUNCTION: +FIPS_corrupt_rsa_keygen 4072 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_dh_new 4073 EXIST:OPENSSL_FIPS:FUNCTION:DH +FIPS_corrupt_dsa_keygen 4074 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_dh_free 4075 EXIST:OPENSSL_FIPS:FUNCTION:DH +fips_pkey_signature_test 4076 EXIST:OPENSSL_FIPS:FUNCTION: +EVP_add_alg_module 4077 EXIST::FUNCTION: +int_RAND_init_engine_callbacks 4078 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE +int_EVP_CIPHER_set_engine_callbacks 4079 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE +int_EVP_MD_init_engine_callbacks 4080 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE +FIPS_rand_test_mode 4081 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_rand_reset 4082 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_dsa_new 4083 EXIST:OPENSSL_FIPS:FUNCTION:DSA +int_RAND_set_callbacks 4084 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE +BN_X931_derive_prime_ex 4085 EXIST::FUNCTION: +int_ERR_lib_init 4086 EXIST:OPENSSL_FIPS:FUNCTION: +int_EVP_CIPHER_init_engine_callbacks 4087 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE +FIPS_rsa_free 4088 EXIST:OPENSSL_FIPS:FUNCTION:RSA +FIPS_dsa_sig_encode 4089 EXIST:OPENSSL_FIPS:FUNCTION:DSA +CRYPTO_dbg_remove_all_info 4090 EXIST::FUNCTION: +OPENSSL_init 4091 EXIST::FUNCTION: +private_Camellia_set_key 4092 EXIST:OPENSSL_FIPS:FUNCTION:CAMELLIA +CRYPTO_strdup 4093 EXIST::FUNCTION: +JPAKE_STEP3A_process 4094 EXIST::FUNCTION:JPAKE +JPAKE_STEP1_release 4095 EXIST::FUNCTION:JPAKE +JPAKE_get_shared_key 4096 EXIST::FUNCTION:JPAKE +JPAKE_STEP3B_init 4097 EXIST::FUNCTION:JPAKE +JPAKE_STEP1_generate 4098 EXIST::FUNCTION:JPAKE +JPAKE_STEP1_init 4099 EXIST::FUNCTION:JPAKE +JPAKE_STEP3B_process 4100 EXIST::FUNCTION:JPAKE +JPAKE_STEP2_generate 4101 EXIST::FUNCTION:JPAKE +JPAKE_CTX_new 4102 EXIST::FUNCTION:JPAKE +JPAKE_CTX_free 4103 EXIST::FUNCTION:JPAKE +JPAKE_STEP3B_release 4104 EXIST::FUNCTION:JPAKE +JPAKE_STEP3A_release 4105 EXIST::FUNCTION:JPAKE +JPAKE_STEP2_process 4106 EXIST::FUNCTION:JPAKE +JPAKE_STEP3B_generate 4107 EXIST::FUNCTION:JPAKE +JPAKE_STEP1_process 4108 EXIST::FUNCTION:JPAKE +JPAKE_STEP3A_generate 4109 EXIST::FUNCTION:JPAKE +JPAKE_STEP2_release 4110 EXIST::FUNCTION:JPAKE +JPAKE_STEP3A_init 4111 EXIST::FUNCTION:JPAKE +ERR_load_JPAKE_strings 4112 EXIST::FUNCTION:JPAKE +JPAKE_STEP2_init 4113 EXIST::FUNCTION:JPAKE diff --git a/lib/libcrypto/util/mk1mf.pl b/lib/libcrypto/util/mk1mf.pl index 7ba804ce33a..4c16f1dc9ee 100644 --- a/lib/libcrypto/util/mk1mf.pl +++ b/lib/libcrypto/util/mk1mf.pl @@ -15,6 +15,18 @@ my $engines = ""; local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic local $zlib_lib = ""; +local $fips_canister_path = ""; +my $fips_premain_dso_exe_path = ""; +my $fips_premain_c_path = ""; +my $fips_sha1_exe_path = ""; + +local $fipscanisterbuild = 0; +local $fipsdso = 0; + +my $fipslibdir = ""; +my $baseaddr = ""; + +my $ex_l_libs = ""; open(IN,"<Makefile") || die "unable to open Makefile!\n"; while(<IN>) { @@ -221,6 +233,7 @@ $cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2; $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; $cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext; $cflags.=" -DOPENSSL_NO_CMS" if $no_cms; +$cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake; $cflags.=" -DOPENSSL_NO_CAPIENG" if $no_capieng; $cflags.=" -DOPENSSL_NO_ERR" if $no_err; $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; @@ -229,7 +242,7 @@ $cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa; $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh; $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; $cflags.=" -DOPENSSL_NO_HW" if $no_hw; - +$cflags.=" -DOPENSSL_FIPS" if $fips; $cflags.= " -DZLIB" if $zlib_opt; $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2; @@ -251,9 +264,9 @@ else $ex_libs="$l_flags$ex_libs" if ($l_flags ne ""); - %shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL", - "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO"); + "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO", + "FIPS" => " -DOPENSSL_BUILD_SHLIBCRYPTO"); if ($msdos) { @@ -281,11 +294,21 @@ for (;;) { if ($lib ne "") { - $uc=$lib; - $uc =~ s/^lib(.*)\.a/$1/; - $uc =~ tr/a-z/A-Z/; - $lib_nam{$uc}=$uc; - $lib_obj{$uc}.=$libobj." "; + if ($fips && $dir =~ /^fips/) + { + $uc = "FIPS"; + } + else + { + $uc=$lib; + $uc =~ s/^lib(.*)\.a/$1/; + $uc =~ tr/a-z/A-Z/; + } + if (($uc ne "FIPS") || $fipscanisterbuild) + { + $lib_nam{$uc}=$uc; + $lib_obj{$uc}.=$libobj." "; + } } last if ($val eq "FINISHED"); $lib=""; @@ -328,11 +351,130 @@ for (;;) if ($key eq "LIBNAMES" && $dir eq "engines" && $no_static_engine) { $engines.=$val } + if ($key eq "FIPS_EX_OBJ") + { + $fips_ex_obj=&var_add("crypto",$val,0); + } + + if ($key eq "FIPSLIBDIR") + { + $fipslibdir=$val; + $fipslibdir =~ s/\/$//; + $fipslibdir =~ s/\//$o/g; + } + + if ($key eq "BASEADDR") + { $baseaddr=$val;} + if (!($_=<IN>)) { $_="RELATIVE_DIRECTORY=FINISHED\n"; } } close(IN); +if ($fips) + { + + foreach (split " ", $fips_ex_obj) + { + $fips_exclude_obj{$1} = 1 if (/\/([^\/]*)$/); + } + + $fips_exclude_obj{"cpu_win32"} = 1; + $fips_exclude_obj{"bn_asm"} = 1; + $fips_exclude_obj{"des_enc"} = 1; + $fips_exclude_obj{"fcrypt_b"} = 1; + $fips_exclude_obj{"aes_core"} = 1; + $fips_exclude_obj{"aes_cbc"} = 1; + + my @ltmp = split " ", $lib_obj{"CRYPTO"}; + + + $lib_obj{"CRYPTO"} = ""; + + foreach(@ltmp) + { + if (/\/([^\/]*)$/ && exists $fips_exclude_obj{$1}) + { + if ($fipscanisterbuild) + { + $lib_obj{"FIPS"} .= "$_ "; + } + } + else + { + $lib_obj{"CRYPTO"} .= "$_ "; + } + } + + } + +if ($fipscanisterbuild) + { + $fips_canister_path = "\$(LIB_D)${o}fipscanister.lib" if $fips_canister_path eq ""; + $fips_premain_c_path = "\$(LIB_D)${o}fips_premain.c"; + } +else + { + if ($fips_canister_path eq "") + { + $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.lib"; + } + + if ($fips_premain_c_path eq "") + { + $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c"; + } + } + +if ($fips) + { + if ($fips_sha1_exe_path eq "") + { + $fips_sha1_exe_path = + "\$(BIN_D)${o}fips_standalone_sha1$exep"; + } + } + else + { + $fips_sha1_exe_path = ""; + } + +if ($fips_premain_dso_exe_path eq "") + { + $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep"; + } + +# $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips); + +#$ex_l_libs .= " \$(L_FIPS)" if $fipsdso; + +if ($fips) + { + if (!$shlib) + { + $ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)"; + $ex_l_libs .= " \$(O_FIPSCANISTER)"; + $ex_libs_dep .= " \$(O_FIPSCANISTER)" if $fipscanisterbuild; + } + if ($fipscanisterbuild) + { + $fipslibdir = "\$(LIB_D)"; + } + else + { + if ($fipslibdir eq "") + { + open (IN, "util/fipslib_path.txt") || fipslib_error(); + $fipslibdir = <IN>; + chomp $fipslibdir; + close IN; + } + fips_check_files($fipslibdir, + "fipscanister.lib", "fipscanister.lib.sha1", + "fips_premain.c", "fips_premain.c.sha1"); + } + } + if ($shlib) { $extra_install= <<"EOF"; @@ -398,6 +540,7 @@ SRC_D=$src_dir LINK=$link LFLAGS=$lflags RSC=$rsc +FIPSLINK=\$(PERL) util${o}fipslink.pl AES_ASM_OBJ=$aes_asm_obj AES_ASM_SRC=$aes_asm_src @@ -441,6 +584,17 @@ MKLIB=$bin_dir$mklib MLFLAGS=$mlflags ASM=$bin_dir$asm +# FIPS validated module and support file locations + +E_PREMAIN_DSO=fips_premain_dso + +FIPSLIB_D=$fipslibdir +BASEADDR=$baseaddr +FIPS_PREMAIN_SRC=$fips_premain_c_path +O_FIPSCANISTER=$fips_canister_path +FIPS_SHA1_EXE=$fips_sha1_exe_path +PREMAIN_DSO_EXE=$fips_premain_dso_exe_path + ###################################################### # You should not need to touch anything below this point ###################################################### @@ -448,6 +602,7 @@ ASM=$bin_dir$asm E_EXE=openssl SSL=$ssl CRYPTO=$crypto +LIBFIPS=libosslfips # BIN_D - Binary output directory # TEST_D - Binary test file output directory @@ -468,12 +623,14 @@ INCL_D=\$(TMP_D) O_SSL= \$(LIB_D)$o$plib\$(SSL)$shlibp O_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$shlibp +O_FIPS= \$(LIB_D)$o$plib\$(LIBFIPS)$shlibp SO_SSL= $plib\$(SSL)$so_shlibp SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp +L_FIPS= \$(LIB_D)$o$plib\$(LIBFIPS)$libp -L_LIBS= \$(L_SSL) \$(L_CRYPTO) +L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs ###################################################### # Don't touch anything below this point @@ -483,13 +640,13 @@ INC=-I\$(INC_D) -I\$(INCL_D) APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG) LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG) -LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) +LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep ############################################# EOF $rules=<<"EOF"; -all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe +all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) lib exe $ex_build_targets banner: $banner @@ -604,6 +761,26 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)"); $defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj); $rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)'); +# Special case rules for fips_start and fips_end fips_premain_dso + +if ($fips) + { + if ($fipscanisterbuild) + { + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj", + "fips${o}fips_canister.c", + "-DFIPS_START \$(SHLIB_CFLAGS)"); + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj", + "fips${o}fips_canister.c", "\$(SHLIB_CFLAGS)"); + } + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj", + "fips${o}sha${o}fips_standalone_sha1.c", + "\$(SHLIB_CFLAGS)"); + $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj", + "fips${o}fips_premain.c", + "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)"); + } + foreach (values %lib_nam) { $lib_obj=$lib_obj{$_}; @@ -614,27 +791,41 @@ foreach (values %lib_nam) $rules.="\$(O_SSL):\n\n"; next; } - if (($aes_asm_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s(\S*\/aes_core\S*)/ \$(AES_ASM_OBJ)/; - $lib_obj =~ s/\s\S*\/aes_cbc\S*//; - $rules.=&do_asm_rule($aes_asm_obj,$aes_asm_src); - } - if (($bn_asm_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/; - $rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src); - } - if (($bnco_asm_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj .= "\$(BNCO_ASM_OBJ)"; - $rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src); - } - if (($des_enc_obj ne "") && ($_ eq "CRYPTO")) + + if ((!$fips && ($_ eq "CRYPTO")) || ($fips && ($_ eq "FIPS"))) { - $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/; - $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /; - $rules.=&do_asm_rule($des_enc_obj,$des_enc_src); + if ($cpuid_asm_obj ne "") + { + $lib_obj =~ s/(\S*\/cryptlib\S*)/$1 \$(CPUID_ASM_OBJ)/; + $rules.=&do_asm_rule($cpuid_asm_obj,$cpuid_asm_src); + } + if ($aes_asm_obj ne "") + { + $lib_obj =~ s/\s(\S*\/aes_core\S*)/ \$(AES_ASM_OBJ)/; + $lib_obj =~ s/\s\S*\/aes_cbc\S*//; + $rules.=&do_asm_rule($aes_asm_obj,$aes_asm_src); + } + if ($sha1_asm_obj ne "") + { + $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/; + $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src); + } + if ($bn_asm_obj ne "") + { + $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/; + $rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src); + } + if ($bnco_asm_obj ne "") + { + $lib_obj .= "\$(BNCO_ASM_OBJ)"; + $rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src); + } + if ($des_enc_obj ne "") + { + $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/; + $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /; + $rules.=&do_asm_rule($des_enc_obj,$des_enc_src); + } } if (($bf_enc_obj ne "") && ($_ eq "CRYPTO")) { @@ -661,21 +852,11 @@ foreach (values %lib_nam) $lib_obj =~ s/\s(\S*\/md5_dgst\S*)/ $1 \$(MD5_ASM_OBJ)/; $rules.=&do_asm_rule($md5_asm_obj,$md5_asm_src); } - if (($sha1_asm_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/; - $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src); - } if (($rmd160_asm_obj ne "") && ($_ eq "CRYPTO")) { $lib_obj =~ s/\s(\S*\/rmd_dgst\S*)/ $1 \$(RMD160_ASM_OBJ)/; $rules.=&do_asm_rule($rmd160_asm_obj,$rmd160_asm_src); } - if (($cpuid_asm_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s(\S*\/cversion\S*)/ $1 \$(CPUID_ASM_OBJ)/; - $rules.=&do_asm_rule($cpuid_asm_obj,$cpuid_asm_src); - } $defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj); $lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)"; $rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib); @@ -690,15 +871,43 @@ if (($platform eq "VC-WIN32") || ($platform eq "VC-NT")) { \$(OBJ_D)\\\$(SSL).res: ms\\version32.rc \$(RSC) /fo"\$(OBJ_D)\\\$(SSL).res" /d SSL ms\\version32.rc +\$(OBJ_D)\\\$(LIBFIPS).res: ms\\version32.rc + \$(RSC) /fo"\$(OBJ_D)\\\$(LIBFIPS).res" /d FIPS ms\\version32.rc + EOF } $defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep); foreach (split(/\s+/,$test)) { + my $t_libs; $t=&bname($_); + my $ltype; + # Check to see if test program is FIPS + if ($fips && /fips/) + { + # If fipsdso link to libosslfips.dll + # otherwise perform static link to + # $(O_FIPSCANISTER) + if ($fipsdso) + { + $t_libs = "\$(L_FIPS)"; + $ltype = 0; + } + else + { + $t_libs = "\$(O_FIPSCANISTER)"; + $ltype = 2; + } + } + else + { + $t_libs = "\$(L_LIBS)"; + $ltype = 0; + } + $tt="\$(OBJ_D)${o}$t${obj}"; - $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); + $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","$t_libs \$(EX_LIBS)", $ltype); } $defs.=&do_defs("E_SHLIB",$engines,"\$(ENG_D)",$shlibp); @@ -712,9 +921,69 @@ foreach (split(/\s+/,$engines)) $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)"); -$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)"); -$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); +if ($fips) + { + if ($shlib) + { + if ($fipsdso) + { + $rules.= &do_lib_rule("\$(CRYPTOOBJ)", + "\$(O_CRYPTO)", "$crypto", + $shlib, "", ""); + $rules.= &do_lib_rule( + "\$(O_FIPSCANISTER)", + "\$(O_FIPS)", "\$(LIBFIPS)", + $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)"); + $rules.= &do_sdef_rule(); + } + else + { + $rules.= &do_lib_rule( + "\$(CRYPTOOBJ) \$(O_FIPSCANISTER)", + "\$(O_CRYPTO)", "$crypto", + $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)"); + } + } + else + { + $rules.= &do_lib_rule("\$(CRYPTOOBJ)", + "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", ""); + $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(FIPSOBJ)", + "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", ""); + } + } + else + { + $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib, + "\$(SO_CRYPTO)"); + } + +if ($fips) + { + if ($fipscanisterbuild) + { + $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", + "\$(OBJ_D)${o}fips_start$obj", + "\$(FIPSOBJ)", + "\$(OBJ_D)${o}fips_end$obj", + "\$(FIPS_SHA1_EXE)", ""); + $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)", + "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}sha1dgst$obj \$(SHA1_ASM_OBJ)", + "","\$(EX_LIBS)", 1); + } + else + { + $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)", + "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(O_FIPSCANISTER)", + "","", 1); + + } + $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1); + + } + +$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)", ($fips && !$shlib) ? 2 : 0); print $defs; @@ -752,6 +1021,8 @@ sub var_add return("") if $no_dh && $dir =~ /\/dh/; return("") if $no_ec && $dir =~ /\/ec/; return("") if $no_cms && $dir =~ /\/cms/; + return("") if $no_jpake && $dir =~ /\/jpake/; + return("") if !$fips && $dir =~ /^fips/; if ($no_des && $dir =~ /\/des/) { if ($val =~ /read_pwd/) @@ -1011,6 +1282,7 @@ sub read_options "no-hmac" => \$no_hmac, "no-asm" => \$no_asm, "nasm" => \$nasm, + "ml64" => \$ml64, "nw-nasm" => \$nw_nasm, "nw-mwasm" => \$nw_mwasm, "gaswin" => \$gaswin, @@ -1018,6 +1290,7 @@ sub read_options "no-ssl3" => \$no_ssl3, "no-tlsext" => \$no_tlsext, "no-cms" => \$no_cms, + "no-jpake" => \$no_jpake, "no-capieng" => \$no_capieng, "no-err" => \$no_err, "no-sock" => \$no_sock, @@ -1045,6 +1318,9 @@ sub read_options "no-shared" => 0, "no-zlib" => 0, "no-zlib-dynamic" => 0, + "fips" => \$fips, + "fipscanisterbuild" => [\$fips, \$fipscanisterbuild], + "fipsdso" => [\$fips, \$fipscanisterbuild, \$fipsdso], ); if (exists $valid_options{$_}) @@ -1086,6 +1362,18 @@ sub read_options {return 1;} return 0; } + # experimental-xxx is mostly like enable-xxx, but opensslconf.v + # will still set OPENSSL_NO_xxx unless we set OPENSSL_EXPERIMENTAL_xxx. + # (No need to fail if we don't know the algorithm -- this is for adventurous users only.) + elsif (/^experimental-/) + { + my $algo, $ALGO; + ($algo = $_) =~ s/^experimental-//; + ($ALGO = $algo) =~ tr/[a-z]/[A-Z]/; + + $xcflags="-DOPENSSL_EXPERIMENTAL_$ALGO $xcflags"; + + } elsif (/^--with-krb5-flavor=(.*)$/) { my $krb5_flavor = $1; @@ -1109,3 +1397,31 @@ sub read_options else { return(0); } return(1); } + +sub fipslib_error + { + print STDERR "***FIPS module directory sanity check failed***\n"; + print STDERR "FIPS module build failed, or was deleted\n"; + print STDERR "Please rebuild FIPS module.\n"; + exit 1; + } + +sub fips_check_files + { + my $dir = shift @_; + my $ret = 1; + if (!-d $dir) + { + print STDERR "FIPS module directory $dir does not exist\n"; + fipslib_error(); + } + foreach (@_) + { + if (!-f "$dir${o}$_") + { + print STDERR "FIPS module file $_ does not exist!\n"; + $ret = 0; + } + } + fipslib_error() if ($ret == 0); + } diff --git a/lib/libcrypto/util/mkdef.pl b/lib/libcrypto/util/mkdef.pl index 8ecfde1848a..5ae9ebb6191 100644 --- a/lib/libcrypto/util/mkdef.pl +++ b/lib/libcrypto/util/mkdef.pl @@ -79,7 +79,7 @@ my $OS2=0; my $safe_stack_def = 0; my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT", - "EXPORT_VAR_AS_FUNCTION", "ZLIB" ); + "EXPORT_VAR_AS_FUNCTION", "ZLIB", "OPENSSL_FIPS"); my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" ); my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1", @@ -102,6 +102,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CMS", # CryptoAPI Engine "CAPIENG", + # JPAKE + "JPAKE", # Deprecated functions "DEPRECATED" ); @@ -122,7 +124,8 @@ my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_camellia; my $no_seed; my $no_fp_api; my $no_static_engine; my $no_gmp; my $no_deprecated; -my $no_rfc3779; my $no_tlsext; my $no_cms; my $no_capieng; +my $no_rfc3779; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake; +my $fips; foreach (@ARGV, split(/ /, $options)) @@ -144,12 +147,13 @@ foreach (@ARGV, split(/ /, $options)) } $VMS=1 if $_ eq "VMS"; $OS2=1 if $_ eq "OS2"; + $fips=1 if /^fips/; + if ($_ eq "zlib" || $_ eq "zlib-dynamic" - || $_ eq "enable-zlib-dynamic") { - $zlib = 1; + || $_ eq "enable-zlib-dynamic") { + $zlib = 1; } - $do_ssl=1 if $_ eq "ssleay"; if ($_ eq "ssl") { $do_ssl=1; @@ -209,6 +213,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-tlsext$/) { $no_tlsext=1; } elsif (/^no-cms$/) { $no_cms=1; } elsif (/^no-capieng$/) { $no_capieng=1; } + elsif (/^no-jpake$/) { $no_jpake=1; } } @@ -305,6 +310,8 @@ $crypto.=" crypto/tmdiff.h"; $crypto.=" crypto/store/store.h"; $crypto.=" crypto/pqueue/pqueue.h"; $crypto.=" crypto/cms/cms.h"; +$crypto.=" crypto/jpake/jpake.h"; +$crypto.=" fips/fips.h fips/rand/fips_rand.h"; my $symhacks="crypto/symhacks.h"; @@ -1090,6 +1097,9 @@ sub is_valid if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && ($VMSVAX || $W32 || $W16)) { return 1; } + if ($keyword eq "OPENSSL_FIPS" && $fips) { + return 1; + } if ($keyword eq "ZLIB" && $zlib) { return 1; } return 0; } else { @@ -1135,6 +1145,7 @@ sub is_valid if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; } if ($keyword eq "CMS" && $no_cms) { return 0; } if ($keyword eq "CAPIENG" && $no_capieng) { return 0; } + if ($keyword eq "JPAKE" && $no_jpake) { return 0; } if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; } # Nothing recognise as true diff --git a/lib/libcrypto/util/mkerr.pl b/lib/libcrypto/util/mkerr.pl index 53e14ab4df9..554bebb1590 100644 --- a/lib/libcrypto/util/mkerr.pl +++ b/lib/libcrypto/util/mkerr.pl @@ -44,7 +44,8 @@ while (@ARGV) { } if($recurse) { - @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>); + @source = ( <crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>, + <fips/*.c>, <fips/*/*.c>); } else { @source = @ARGV; } diff --git a/lib/libcrypto/util/mkfiles.pl b/lib/libcrypto/util/mkfiles.pl index 1282392feae..67fb8694c88 100644 --- a/lib/libcrypto/util/mkfiles.pl +++ b/lib/libcrypto/util/mkfiles.pl @@ -47,6 +47,7 @@ my @dirs = ( "crypto/x509", "crypto/x509v3", "crypto/conf", +"crypto/jpake", "crypto/txt_db", "crypto/pkcs7", "crypto/pkcs12", @@ -58,6 +59,15 @@ my @dirs = ( "crypto/store", "crypto/pqueue", "crypto/cms", +"fips", +"fips/aes", +"fips/des", +"fips/dsa", +"fips/dh", +"fips/hmac", +"fips/rand", +"fips/rsa", +"fips/sha", "ssl", "apps", "engines", diff --git a/lib/libcrypto/util/mklink.pl b/lib/libcrypto/util/mklink.pl index d9bc98aab87..eacc3278826 100644 --- a/lib/libcrypto/util/mklink.pl +++ b/lib/libcrypto/util/mklink.pl @@ -15,13 +15,21 @@ # Apart from this, this script should be able to handle even the most # pathological cases. -use Cwd; +my $pwd; +eval 'use Cwd;'; +if ($@) + { + $pwd = `pwd`; + } +else + { + $pwd = getcwd(); + } my $from = shift; my @files = @ARGV; my @from_path = split(/[\\\/]/, $from); -my $pwd = getcwd(); chomp($pwd); my @pwd_path = split(/[\\\/]/, $pwd); diff --git a/lib/libcrypto/util/pl/VC-32.pl b/lib/libcrypto/util/pl/VC-32.pl index 1e254119e6a..166785db8d3 100644 --- a/lib/libcrypto/util/pl/VC-32.pl +++ b/lib/libcrypto/util/pl/VC-32.pl @@ -4,12 +4,26 @@ # $ssl= "ssleay32"; -$crypto="libeay32"; + +if ($fips && !$shlib) + { + $crypto="libeayfips32"; + $crypto_compat = "libeaycompat32.lib"; + } +else + { + $crypto="libeay32"; + } + +if ($fipscanisterbuild) + { + $fips_canister_path = "\$(LIB_D)\\fipscanister.lib"; + } $o='\\'; $cp='$(PERL) util/copy.pl'; $mkdir='$(PERL) util/mkdir-p.pl'; -$rm='del'; +$rm='del /Q'; $zlib_lib="zlib1.lib"; @@ -96,7 +110,7 @@ else # Win32 $base_cflags=' /W3 /WX /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32'; $base_cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8 $base_cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8 - my $f = $shlib?' /MD':' /MT'; + my $f = $shlib || $fips ?' /MD':' /MT'; $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib $opt_cflags=$f.' /Ox /O2 /Ob2'; $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG'; @@ -165,12 +179,17 @@ if ($nasm) { # pick newest version $asm=($ver gt $vew?"nasm":"nasmw")." -f win32"; $afile='-o '; +} elsif ($ml64) { + $asm='ml64 /c /Cp /Cx'; + $asm.=' /Zi' if $debug; + $afile='/Fo'; } else { $asm='ml /Cp /coff /c /Cx'; $asm.=" /Zi" if $debug; $afile='/Fo'; } +$aes_asm_obj=''; $bn_asm_obj=''; $bn_asm_src=''; $des_enc_obj=''; @@ -179,11 +198,13 @@ $bf_enc_obj=''; $bf_enc_src=''; if (!$no_asm) + { + if ($FLAVOR =~ "WIN32") { $aes_asm_obj='crypto\aes\asm\a_win32.obj'; $aes_asm_src='crypto\aes\asm\a_win32.asm'; - $bn_asm_obj='crypto\bn\asm\bn_win32.obj'; - $bn_asm_src='crypto\bn\asm\bn_win32.asm'; + $bn_asm_obj='crypto\bn\asm\bn_win32.obj crypto\bn\asm\mt_win32.obj'; + $bn_asm_src='crypto\bn\asm\bn_win32.asm crypto\bn\asm\mt_win32.asm'; $bnco_asm_obj='crypto\bn\asm\co_win32.obj'; $bnco_asm_src='crypto\bn\asm\co_win32.asm'; $des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj'; @@ -204,12 +225,26 @@ if (!$no_asm) $rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm'; $cpuid_asm_obj='crypto\cpu_win32.obj'; $cpuid_asm_src='crypto\cpu_win32.asm'; - $cflags.=" -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DAES_ASM -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; + $cflags.=" -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DAES_ASM -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; } + elsif ($FLAVOR =~ "WIN64A") + { + $aes_asm_obj='$(OBJ_D)\aes-x86_64.obj'; + $aes_asm_src='crypto\aes\asm\aes-x86_64.asm'; + $bn_asm_obj='$(OBJ_D)\x86_64-mont.obj $(OBJ_D)\bn_asm.obj'; + $bn_asm_src='crypto\bn\asm\x86_64-mont.asm'; + $sha1_asm_obj='$(OBJ_D)\sha1-x86_64.obj $(OBJ_D)\sha256-x86_64.obj $(OBJ_D)\sha512-x86_64.obj'; + $sha1_asm_src='crypto\sha\asm\sha1-x86_64.asm crypto\sha\asm\sha256-x86_64.asm crypto\sha\asm\sha512-x86_64.asm'; + $cpuid_asm_obj='$(OBJ_D)\cpuid-x86_64.obj'; + $cpuid_asm_src='crypto\cpuid-x86_64.asm'; + $cflags.=" -DOPENSSL_CPUID_OBJ -DAES_ASM -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM"; + } + } if ($shlib && $FLAVOR !~ /CE/) { $mlflags.=" $lflags /dll"; +# $cflags =~ s| /MD| /MT|; $lib_cflag=" -D_WINDLL"; $out_def="out32dll"; $tmp_def="tmp32dll"; @@ -232,8 +267,8 @@ $(INCO_D)\applink.c: ms\applink.c EXHEADER= $(EXHEADER) $(INCO_D)\applink.c LIBS_DEP=$(LIBS_DEP) $(OBJ_D)\applink.obj -CRYPTOOBJ=$(OBJ_D)\uplink.obj $(CRYPTOOBJ) ___ +$banner .= "CRYPTOOBJ=\$(OBJ_D)\\uplink.obj \$(CRYPTOOBJ)\n"; $banner.=<<'___' if ($FLAVOR =~ /WIN64/); CRYPTOOBJ=ms\uptable.obj $(CRYPTOOBJ) ___ @@ -250,26 +285,56 @@ $cflags.=" /Fd$out_def"; sub do_lib_rule { - local($objs,$target,$name,$shlib)=@_; + my($objs,$target,$name,$shlib,$ign,$base_addr) = @_; local($ret); $taget =~ s/\//$o/g if $o ne '/'; - if ($name ne "") + my $base_arg; + if ($base_addr ne "") + { + $base_arg= " /base:$base_addr"; + } + else + { + $base_arg = ""; + } + if ($target =~ /O_CRYPTO/ && $fipsdso) + { + $name = "/def:ms/libeayfips.def"; + } + elsif ($name ne "") { $name =~ tr/a-z/A-Z/; $name = "/def:ms/${name}.def"; } # $target="\$(LIB_D)$o$target"; - $ret.="$target: $objs\n"; +# $ret.="$target: $objs\n"; if (!$shlib) { # $ret.="\t\$(RM) \$(O_$Name)\n"; $ex =' '; + $ret.="$target: $objs\n"; $ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n"; } else { - local($ex)=($target =~ /O_CRYPTO/)?'':' $(L_CRYPTO)'; + my $ex = ""; + if ($target =~ /O_SSL/) + { + $ex .= " \$(L_CRYPTO)"; + #$ex .= " \$(L_FIPS)" if $fipsdso; + } + my $fipstarget; + if ($fipsdso) + { + $fipstarget = "O_FIPS"; + } + else + { + $fipstarget = "O_CRYPTO"; + } + + if ($name eq "") { $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/); @@ -290,7 +355,39 @@ sub do_lib_rule $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/); } $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/; - $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; + + if ($fips && $target =~ /$fipstarget/) + { + $ex.= $mwex unless $fipscanisterbuild; + $ret.="$target: $objs \$(PREMAIN_DSO_EXE)"; + if ($fipsdso) + { + $ex.=" \$(OBJ_D)\\\$(LIBFIPS).res"; + $ret.=" \$(OBJ_D)\\\$(LIBFIPS).res"; + $ret.=" ms/\$(LIBFIPS).def"; + } + $ret.="\n\tSET FIPS_LINK=\$(LINK)\n"; + $ret.="\tSET FIPS_CC=\$(CC)\n"; + $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n"; + $ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n"; + $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n"; + $ret.="\tSET FIPS_TARGET=$target\n"; + $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n"; + $ret.="\t\$(FIPSLINK) \$(MLFLAGS) /map $base_arg $efile$target "; + $ret.="$name @<<\n \$(SHLIB_EX_OBJ) $objs "; + $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n"; + } + else + { + $ret.="$target: $objs"; + if ($target =~ /O_CRYPTO/ && $fipsdso) + { + $ret .= " \$(O_FIPS)"; + $ex .= " \$(L_FIPS)"; + } + $ret.="\n\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; + } + $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;2\n\n"; } $ret.="\n"; @@ -299,16 +396,64 @@ sub do_lib_rule sub do_link_rule { - local($target,$files,$dep_libs,$libs)=@_; + my($target,$files,$dep_libs,$libs,$standalone)=@_; local($ret,$_); - $file =~ s/\//$o/g if $o ne '/'; $n=&bname($targer); $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n"; - $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n"; - $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n"; + if ($standalone == 1) + { + $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t"; + $ret.= "$mwex advapi32.lib " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild); + $ret.="$files $libs\n<<\n"; + } + elsif ($standalone == 2) + { + $ret.="\tSET FIPS_LINK=\$(LINK)\n"; + $ret.="\tSET FIPS_CC=\$(CC)\n"; + $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n"; + $ret.="\tSET PREMAIN_DSO_EXE=\n"; + $ret.="\tSET FIPS_TARGET=$target\n"; + $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n"; + $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n"; + $ret.="\t\$(FIPSLINK) \$(LFLAGS) /map $efile$target @<<\n"; + $ret.="\t\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n"; + } + else + { + $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n"; + $ret.="\t\$(APP_EX_OBJ) $files $libs\n<<\n"; + } + $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n"; return($ret); } +sub do_rlink_rule + { + local($target,$rl_start, $rl_mid, $rl_end,$dep_libs,$libs)=@_; + local($ret,$_); + my $files = "$rl_start $rl_mid $rl_end"; + + $file =~ s/\//$o/g if $o ne '/'; + $n=&bname($targer); + $ret.="$target: $files $dep_libs \$(FIPS_SHA1_EXE)\n"; + $ret.="\t\$(PERL) ms\\segrenam.pl \$\$a $rl_start\n"; + $ret.="\t\$(PERL) ms\\segrenam.pl \$\$b $rl_mid\n"; + $ret.="\t\$(PERL) ms\\segrenam.pl \$\$c $rl_end\n"; + $ret.="\t\$(MKLIB) $lfile$target @<<\n\t$files\n<<\n"; + $ret.="\t\$(FIPS_SHA1_EXE) $target > ${target}.sha1\n"; + $ret.="\t\$(PERL) util${o}copy.pl -stripcr fips${o}fips_premain.c \$(LIB_D)${o}fips_premain.c\n"; + $ret.="\t\$(CP) fips${o}fips_premain.c.sha1 \$(LIB_D)${o}fips_premain.c.sha1\n"; + $ret.="\n"; + return($ret); + } + +sub do_sdef_rule + { + my $ret = "ms/\$(LIBFIPS).def: \$(O_FIPSCANISTER)\n"; + $ret.="\t\$(PERL) util/mksdef.pl \$(MLFLAGS) /out:dummy.dll /def:ms/libeay32.def @<<\n \$(O_FIPSCANISTER)\n<<\n"; + $ret.="\n"; + return $ret; + } + 1; |