Now the FIPS capable OpenSSL is available simplify the various FIPS test

[openssl.git] / util / mk1mf.pl

diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index afad229ebc781e216cf8db30f6988cd849a0173f..5d024b15cb8be8f02be31c78ba347e210f0992df 100755 (executable)
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -58,7 +58,9 @@ my %mf_import = (
        RMD160_ASM_OBJ => \$mf_rmd_asm,
        WP_ASM_OBJ     => \$mf_wp_asm,
        CMLL_ENC       => \$mf_cm_asm,
-       MODES_ASM_OBJ  => \$mf_modes_asm
+       MODES_ASM_OBJ  => \$mf_modes_asm,
+       FIPSCANISTERONLY  => \$mf_fipscanisteronly
+       FIPSCANISTERINTERNAL  => \$mf_fipscanisterinternal
 );
 
 open(IN,"<Makefile") || die "unable to open Makefile!\n";
@@ -74,6 +76,13 @@ close(IN);
 
 $debug = 1 if $mf_platform =~ /^debug-/;
 
+if ($mf_fipscanisterinternal eq "y") {
+       $fips = 1;
+       $fipscanisterbuild = 1;
+       $fipscanisteronly = 1;
+}
+
+
 die "Makefile is not the toplevel Makefile!\n" if $ssl_version eq "";
 
 $infile="MINFO";
@@ -533,11 +542,32 @@ if ($fipscanisteronly)
        $build_targets = "\$(O_FIPSCANISTER) \$(T_EXE)";
        $libs_dep = "";
        }
-       
 
-if ($shlib)
+$cp2 = $cp unless defined $cp2;
+
+$extra_install= <<"EOF";
+       \$(CP) \"\$(INCO_D)${o}*.\[ch\]\" \"\$(INSTALLTOP)${o}include${o}openssl\"
+       \$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin\"
+       \$(MKDIR) \"\$(OPENSSLDIR)\"
+       \$(CP) apps${o}openssl.cnf \"\$(OPENSSLDIR)\"
+EOF
+
+if ($fipscanisteronly)
+       {
+       $extra_install = <<"EOF";
+       \$(CP) \"\$(O_FIPSCANISTER)\" \"\$(INSTALLTOP)${o}lib\"
+       \$(CP) \"\$(O_FIPSCANISTER).sha1\" \"\$(INSTALLTOP)${o}lib\"
+       \$(CP2) \"fips${o}fips_premain.c\" \"\$(INSTALLTOP)${o}lib\"
+       \$(CP) \"fips${o}fips_premain.c.sha1\" \"\$(INSTALLTOP)${o}lib\"
+       \$(CP) \"\$(INCO_D)${o}fips.h\" \"\$(INSTALLTOP)${o}include${o}openssl\"
+       \$(CP) \"\$(INCO_D)${o}fips_rand.h\" \"\$(INSTALLTOP)${o}include${o}openssl\"
+       \$(CP) "\$(BIN_D)${o}fips_standalone_sha1$exep" \"\$(INSTALLTOP)${o}bin\"
+       \$(CP) \"util${o}fipslink.pl\" \"\$(INSTALLTOP)${o}bin\"
+EOF
+       }
+elsif ($shlib)
        {
-       $extra_install= <<"EOF";
+       $extra_install .= <<"EOF";
        \$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}bin\"
        \$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}bin\"
        \$(CP) \"\$(L_SSL)\" \"\$(INSTALLTOP)${o}lib\"
@@ -553,7 +583,7 @@ EOF
        }
 else
        {
-       $extra_install= <<"EOF";
+       $extra_install .= <<"EOF";
        \$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}lib\"
        \$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}lib\"
 EOF
@@ -613,6 +643,7 @@ INCO_D=$inc_dir${o}openssl
 
 PERL=$perl
 CP=$cp
+CP2=$cp2
 RM=$rm
 RANLIB=$ranlib
 MKDIR=$mkdir
@@ -715,10 +746,6 @@ install: all
        \$(MKDIR) \"\$(INSTALLTOP)${o}include\"
        \$(MKDIR) \"\$(INSTALLTOP)${o}include${o}openssl\"
        \$(MKDIR) \"\$(INSTALLTOP)${o}lib\"
-       \$(CP) \"\$(INCO_D)${o}*.\[ch\]\" \"\$(INSTALLTOP)${o}include${o}openssl\"
-       \$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin\"
-       \$(MKDIR) \"\$(OPENSSLDIR)\"
-       \$(CP) apps${o}openssl.cnf \"\$(OPENSSLDIR)\"
 $extra_install
 
 
@@ -901,7 +928,7 @@ if ($fips)
                {
                $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
                        "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
-               $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(FIPSOBJ)",
+               $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
                        "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", "");
                }
        }
@@ -1170,7 +1197,7 @@ sub perlasm_compile_target
        $bname =~ s/(.*)\.[^\.]$/$1/;
        $ret ="\$(TMP_D)$o$bname.asm: $source\n";
        $ret.="\t\$(PERL) $source $asmtype \$(CFLAG) >\$\@\n";
-       if ($cflags =~ /-DOPENSSL_FIPSSYMS/)
+       if ($fipscanisteronly)
                {
                $ret .= "\t\$(PERL) util\\fipsas.pl . \$@ norunasm \$(CFLAG)\n";
                }
@@ -1316,6 +1343,7 @@ sub read_options
                "no-cms" => \$no_cms,
                "no-jpake" => \$no_jpake,
                "no-ec2m" => \$no_ec2m,
+               "no-ec-nistp224-64-gcc-128" => 0,
                "no-err" => \$no_err,
                "no-sock" => \$no_sock,
                "no-krb5" => \$no_krb5,