diff options
Diffstat (limited to 'lib/libcrypto/util/mk1mf.pl')
| -rw-r--r-- | lib/libcrypto/util/mk1mf.pl | 337 |
1 files changed, 279 insertions, 58 deletions
diff --git a/lib/libcrypto/util/mk1mf.pl b/lib/libcrypto/util/mk1mf.pl index 957264c6b54..05a60861645 100644 --- a/lib/libcrypto/util/mk1mf.pl +++ b/lib/libcrypto/util/mk1mf.pl @@ -10,6 +10,20 @@ $OPTIONS=""; $ssl_version=""; $banner="\t\@echo Building OpenSSL"; +local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic +local $zlib_lib = ""; + +my $fips_canister_path = ""; +my $fips_premain_dso_exe_path = ""; +my $fips_premain_c_path = ""; +my $fips_sha1_exe_path = ""; + +my $fipslibdir = ""; +my $baseaddr = ""; + +my $ex_l_libs = ""; + + open(IN,"<Makefile") || die "unable to open Makefile!\n"; while(<IN>) { $ssl_version=$1 if (/^VERSION=(.*)$/); @@ -24,6 +38,7 @@ $infile="MINFO"; %ops=( "VC-WIN32", "Microsoft Visual C++ [4-6] - Windows NT or 9X", + "VC-WIN32-GMAKE", "Microsoft Visual C++ [4-6] - Windows NT or 9X, GNU make", "VC-CE", "Microsoft eMbedded Visual C++ 3.0 - Windows CE ONLY", "VC-NT", "Microsoft Visual C++ [4-6] - Windows NT ONLY", "VC-W31-16", "Microsoft Visual C++ 1.52 - Windows 3.1 - 286", @@ -43,6 +58,7 @@ $infile="MINFO"; ); $platform=""; +my $xcflags=""; foreach (@ARGV) { if (!&read_options && !defined($ops{$_})) @@ -104,8 +120,12 @@ $inc_def="outinc"; $tmp_def="tmp"; $mkdir="-mkdir"; +$mkcanister="ld -r -o"; + +$ex_build_targets = ""; ($ssl,$crypto)=("ssl","crypto"); +$cryptocompat = ""; $ranlib="echo ranlib"; $cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc'; @@ -140,6 +160,10 @@ elsif (($platform eq "VC-WIN32") || ($platform eq "VC-NT")) $NT = 1 if $platform eq "VC-NT"; require 'VC-32.pl'; } +elsif ($platform eq "VC-WIN32-GMAKE") + { + require 'VC-32-GMAKE.pl'; + } elsif ($platform eq "VC-CE") { require 'VC-CE.pl'; @@ -210,6 +234,8 @@ $inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def; $bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq '')); +$cflags= "$xcflags$cflags" if $xcflags ne ""; + $cflags.=" -DOPENSSL_NO_IDEA" if $no_idea; $cflags.=" -DOPENSSL_NO_AES" if $no_aes; $cflags.=" -DOPENSSL_NO_RC2" if $no_rc2; @@ -239,6 +265,9 @@ $cflags.=" -DOPENSSL_NO_HW" if $no_hw; $cflags.=" -DOPENSSL_FIPS" if $fips; #$cflags.=" -DRSAref" if $rsaref ne ""; +$cflags.= " -DZLIB" if $zlib_opt; +$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2; + ## if ($unix) ## { $cflags="$c_flags" if ($c_flags ne ""); } ##else @@ -246,6 +275,7 @@ $cflags.=" -DOPENSSL_FIPS" if $fips; $ex_libs="$l_flags$ex_libs" if ($l_flags ne ""); + %shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL", "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO"); @@ -262,6 +292,135 @@ $link="$bin_dir$link" if ($link !~ /^\$/); $INSTALLTOP =~ s|/|$o|g; +############################################# +# We parse in input file and 'store' info for later printing. +open(IN,"<$infile") || die "unable to open $infile:$!\n"; +$_=<IN>; +for (;;) + { + chop; + + ($key,$val)=/^([^=]+)=(.*)/; + if ($key eq "RELATIVE_DIRECTORY") + { + if ($lib ne "") + { + if ($fips && $dir =~ /^fips/) + { + $uc = "FIPS"; + } + else + { + $uc=$lib; + $uc =~ s/^lib(.*)\.a/$1/; + $uc =~ tr/a-z/A-Z/; + } + if (($uc ne "FIPS") || $fips_canister_build) + { + $lib_nam{$uc}=$uc; + $lib_obj{$uc}.=$libobj." "; + } + } + last if ($val eq "FINISHED"); + $lib=""; + $libobj=""; + $dir=$val; + } + + if ($key eq "KRB5_INCLUDES") + { $cflags .= " $val";} + + if ($key eq "ZLIB_INCLUDE") + { $cflags .= " $val" if $val ne "";} + + if ($key eq "LIBZLIB") + { $zlib_lib = "$val" if $val ne "";} + + if ($key eq "LIBKRB5") + { $ex_libs .= " $val" if $val ne "";} + + if ($key eq "TEST") + { $test.=&var_add($dir,$val); } + + if (($key eq "PROGS") || ($key eq "E_OBJ")) + { $e_exe.=&var_add($dir,$val); } + + if ($key eq "LIB") + { + $lib=$val; + $lib =~ s/^.*\/([^\/]+)$/$1/; + } + + if ($key eq "EXHEADER") + { $exheader.=&var_add($dir,$val); } + + if ($key eq "HEADER") + { $header.=&var_add($dir,$val); } + + if ($key eq "LIBOBJ") + { $libobj=&var_add($dir,$val); } + + if ($key eq "FIPSLIBDIR") + { $fipslibdir=$val;} + + if ($key eq "BASEADDR") + { $baseaddr=$val;} + + if (!($_=<IN>)) + { $_="RELATIVE_DIRECTORY=FINISHED\n"; } + } +close(IN); + +if ($fips_canister_path eq "") + { + $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.o"; + } + +if ($fips_premain_c_path eq "") + { + $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c"; + } + +if ($fips) + { + if ($fips_sha1_exe_path eq "") + { + $fips_sha1_exe_path = + "\$(BIN_D)${o}fips_standalone_sha1$exep"; + } + } + else + { + $fips_sha1_exe_path = ""; + } + +if ($fips_premain_dso_exe_path eq "") + { + $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep"; + } + +# $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips); + +if ($fips) + { + if (!$shlib) + { + $ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)"; + $ex_l_libs .= " \$(O_FIPSCANISTER)"; + } + if ($fipslibdir eq "") + { + open (IN, "util/fipslib_path.txt") || fipslib_error(); + $fipslibdir = <IN>; + chomp $fipslibdir; + close IN; + } + fips_check_files($fipslibdir, + "fipscanister.o", "fipscanister.o.sha1", + "fips_premain.c", "fips_premain.c.sha1"); + } + + $defs= <<"EOF"; # This makefile has been automatically generated from the OpenSSL distribution. # This single makefile will build the complete OpenSSL distribution and @@ -286,6 +445,7 @@ if ($platform eq "VC-CE") !INCLUDE <\$(WCECOMPAT)/wcedefs.mak> EOF + $ex_libs .= " $zlib_lib" if $zlib_opt == 1; } $defs.= <<"EOF"; @@ -308,6 +468,8 @@ EX_LIBS=$ex_libs SRC_D=$src_dir LINK=$link +PERL=perl +FIPSLINK=\$(PERL) util${o}fipslink.pl LFLAGS=$lflags BN_ASM_OBJ=$bn_asm_obj @@ -339,6 +501,9 @@ TMP_D=$tmp_dir INC_D=$inc_dir INCO_D=$inc_dir${o}openssl +# Directory containing FIPS module + + CP=$cp RM=$rm RANLIB=$ranlib @@ -346,6 +511,18 @@ MKDIR=$mkdir MKLIB=$bin_dir$mklib MLFLAGS=$mlflags ASM=$bin_dir$asm +MKCANISTER=$mkcanister + +# FIPS validated module and support file locations + +E_PREMAIN_DSO=fips_premain_dso + +FIPSLIB_D=$fipslibdir +BASEADDR=$baseaddr +FIPS_PREMAIN_SRC=$fips_premain_c_path +O_FIPSCANISTER=$fips_canister_path +FIPS_SHA1_EXE=$fips_sha1_exe_path +PREMAIN_DSO_EXE=$fips_premain_dso_exe_path ###################################################### # You should not need to touch anything below this point @@ -377,7 +554,7 @@ SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp -L_LIBS= \$(L_SSL) \$(L_CRYPTO) +L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs ###################################################### # Don't touch anything below this point @@ -387,13 +564,13 @@ INC=-I\$(INC_D) -I\$(INCL_D) APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG) LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG) -LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) +LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep ############################################# EOF $rules=<<"EOF"; -all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe +all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) lib exe $ex_build_targets banner: $banner @@ -479,57 +656,6 @@ printf OUT " #define DATE \"%s\"\n", scalar gmtime(); printf OUT "#endif\n"; close(OUT); -############################################# -# We parse in input file and 'store' info for later printing. -open(IN,"<$infile") || die "unable to open $infile:$!\n"; -$_=<IN>; -for (;;) - { - chop; - - ($key,$val)=/^([^=]+)=(.*)/; - if ($key eq "RELATIVE_DIRECTORY") - { - if ($lib ne "") - { - $uc=$lib; - $uc =~ s/^lib(.*)\.a/$1/; - $uc =~ tr/a-z/A-Z/; - $lib_nam{$uc}=$uc; - $lib_obj{$uc}.=$libobj." "; - } - last if ($val eq "FINISHED"); - $lib=""; - $libobj=""; - $dir=$val; - } - - if ($key eq "TEST") - { $test.=&var_add($dir,$val); } - - if (($key eq "PROGS") || ($key eq "E_OBJ")) - { $e_exe.=&var_add($dir,$val); } - - if ($key eq "LIB") - { - $lib=$val; - $lib =~ s/^.*\/([^\/]+)$/$1/; - } - - if ($key eq "EXHEADER") - { $exheader.=&var_add($dir,$val); } - - if ($key eq "HEADER") - { $header.=&var_add($dir,$val); } - - if ($key eq "LIBOBJ") - { $libobj=&var_add($dir,$val); } - - if (!($_=<IN>)) - { $_="RELATIVE_DIRECTORY=FINISHED\n"; } - } -close(IN); - # Strip of trailing ' ' foreach (keys %lib_obj) { $lib_obj{$_}=&clean_up_ws($lib_obj{$_}); } $test=&clean_up_ws($test); @@ -554,6 +680,29 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)"); $defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj); $rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)'); +# Special case rules for fips_start and fips_end fips_premain_dso + +if ($fips) + { + if ($fips_canister_build) + { + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj", + "fips-1.0${o}fips_canister.c", + "-DFIPS_START \$(SHLIB_CFLAGS)"); + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj", + "fips-1.0${o}fips_canister.c", "\$(SHLIB_CFLAGS)"); + } + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj", + "fips-1.0${o}sha${o}fips_standalone_sha1.c", + "\$(SHLIB_CFLAGS)"); + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_sha1dgst$obj", + "fips-1.0${o}sha${o}fips_sha1dgst.c", + "\$(SHLIB_CFLAGS)") unless $fips_canister_build; + $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj", + "fips-1.0${o}fips_premain.c", + "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)"); + } + foreach (values %lib_nam) { $lib_obj=$lib_obj{$_}; @@ -630,16 +779,42 @@ foreach (split(/\s+/,$test)) } $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)"); -$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)"); + if ($fips) { - $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)","\$(BIN_D)$o.sha1","\$(BIN_D)$o\$(E_EXE)$exep"); + if ($shlib) + { + $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)", + "\$(O_CRYPTO)", + "$crypto", + $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)"); + } + else + { + $rules.= &do_lib_rule("\$(CRYPTOOBJ)", + "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", ""); + $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)", + "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", ""); + } } -else + else { - $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); + $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib, + "\$(SO_CRYPTO)"); } + + +if ($fips) + { + $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", "\$(OBJ_D)${o}fips_start$obj \$(FIPSOBJ) \$(OBJ_D)${o}fips_end$obj", "\$(FIPSLIB_D)${o}fips_standalone_sha1$exep", "") if $fips_canister_build; + $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1); + + $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)","\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}fips_sha1dgst$obj","","", 1); + } + + $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)",0); + print $defs; if ($platform eq "linux-elf") { @@ -935,6 +1110,24 @@ sub read_options elsif (/^shlib$/) { $shlib=1; } elsif (/^dll$/) { $shlib=1; } elsif (/^shared$/) { } # We just need to ignore it for now... + elsif (/^zlib$/) { $zlib_opt = 1 if $zlib_opt == 0 } + elsif (/^zlib-dynamic$/){ $zlib_opt = 2; } + elsif (/^--with-krb5-flavor=(.*)$/) + { + my $krb5_flavor = $1; + if ($krb5_flavor =~ /^force-[Hh]eimdal$/) + { + $xcflags="-DKRB5_HEIMDAL $xcflags"; + } + elsif ($krb5_flavor =~ /^MIT/i) + { + $xcflags="-DKRB5_MIT $xcflags"; + if ($krb5_flavor =~ /^MIT[._-]*1[._-]*[01]/i) + { + $xcflags="-DKRB5_MIT_OLD11 $xcflags" + } + } + } elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; } elsif (/^-[lL].*$/) { $l_flags.="$_ "; } elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/) @@ -942,3 +1135,31 @@ sub read_options else { return(0); } return(1); } + +sub fipslib_error + { + print STDERR "***FIPS module directory sanity check failed***\n"; + print STDERR "FIPS module build failed, or was deleted\n"; + print STDERR "Please rebuild FIPS module.\n"; + exit 1; + } + +sub fips_check_files + { + my $dir = shift @_; + my $ret = 1; + if (!-d $dir) + { + print STDERR "FIPS module directory $dir does not exist\n"; + fipslib_error(); + } + foreach (@_) + { + if (!-f "$dir${o}$_") + { + print STDERR "FIPS module file $_ does not exist!\n"; + $ret = 0; + } + } + fipslib_error() if ($ret == 0); + } |