set OPENSSL_FIPSSYMS for restricted buils and auto detect no-ec2m

[openssl.git] / Configure

diff --git a/Configure b/Configure
index 6040e75b83752b9ea890492b62b9c7f137a14885..22a5793e24502669e5834875a8ba9ac9ab692393 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -398,8 +398,9 @@ my %table=(
 "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
 "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
 
-# Android: linux-armv4 but without -DTERMIO and pointers to headers and libs.
-"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# Android: linux-* but without -DTERMIO and pointers to headers and libs.
+"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### *BSD [do see comment about ${BSDthreads} above!]
 "BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -692,7 +693,6 @@ my $default_ranlib;
 my $perl;
 my $fips=0;
 
-
 # All of the following is disabled by default (RC5 was enabled before 0.9.8):
 
 my %disabled = ( # "what"         => "comment" [or special keyword "experimental"]
@@ -709,6 +709,21 @@ my %disabled = ( # "what"         => "comment" [or special keyword "experimental
                );
 my @experimental = ();
 
+# If ssl directory missing assume truncated FIPS tarball
+if (! -d ssl)
+       {
+       print STDERR "Auto Configuring fipsonly\n";
+       $fips = 1;
+       $nofipscanistercheck = 1;
+       $fipslibdir="";
+       $fipscanisterinternal="y";
+       $fipscanisteronly = 2;
+       if (! -f "crypto/bn/bn_gf2m.c" )
+               {
+               $disabled{ec2m} = "forced";
+               }
+       }
+
 # This is what $depflags will look like with the above defaults
 # (we need this to see if we should advise the user to run "make depend"):
 my $default_depflags = " -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_STORE";
@@ -1106,6 +1121,12 @@ foreach (sort (keys %disabled))
        }
 
 my $exp_cflags = "";
+
+if ($fipscanisteronly == 2)
+       {
+       $exp_cflags .= " -DOPENSSL_FIPSSYMS";
+       }
+
 foreach (sort @experimental)
        {
        my $ALGO;