$fips = 1;
$nofipscanistercheck = 1;
}
+ elsif (/^fipscheck$/)
+ {
+ if ($fipscanisteronly != 2)
+ {
+ print STDERR <<"EOF";
+ERROR: FIPS not autodetected. Not running from restricted tarball??
+EOF
+ exit(1);
+ }
+ }
elsif (/^fipscanisteronly$/)
{
$fips = 1;
$nofipscanistercheck = 1;
$fipslibdir="";
$fipscanisterinternal="y";
+ $fipscanisteronly = 1;
}
elsif (/^fipsdso$/)
{
my $exp_cflags = "";
-if ($fipscanisteronly == 2)
- {
- $exp_cflags .= " -DOPENSSL_FIPSSYMS";
- }
-
foreach (sort @experimental)
{
my $ALGO;
{
if ($fips)
{
- $openssldir="/usr/local/ssl/fips-2.0";
+ if (exists $ENV{FIPSDIR})
+ {
+ $openssldir="$ENV{FIPSDIR}";
+ }
+ else
+ {
+ $openssldir="/usr/local/ssl/fips-2.0";
+ }
}
else
{
s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/;
}
s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/;
- if ($fipscanisteronly == 2 && exists $disabled{"ec2m"})
+ if ($fipscanisteronly && exists $disabled{"ec2m"})
{
next if (/ec2_/ || /bn_gf2m/);
}
&dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
}
- if ($depflags ne $default_depflags && !$make_depend && $fipscanisteronly != 2) {
+ if ($depflags ne $default_depflags && !$make_depend && !$fipscanisteronly) {
print <<EOF;
Since you've disabled or enabled at least one algorithm, you need to do