X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=util%2Fmk1mf.pl;h=f29e50bb776f6b80bbb54f8a33f3a063c255a9d2;hp=68a415a399c64c687544cc9a7a508d1b28f3e260;hb=ce3d25d3e5a7e82fd59fd30dff7acc39baed8b5e;hpb=4ed7b78b560e9eee7c8e201824a065c2de281ba8 diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 68a415a399..f29e50bb77 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -1,23 +1,46 @@ -#!/usr/local/bin/perl +#!/usr/bin/env perl # A bit of an evil hack but it post processes the file ../MINFO which # is generated by `make files` in the top directory. # This script outputs one mega makefile that has no shell stuff or any -# funny stuff -# +# funny stuff (if the target is not "copy"). +# If the target is "copy", then it tries to create a makefile that can be +# safely used with the -j flag and that is compatible with the top-level +# Makefile, in the sense that it uses the same options and assembler files etc. + +use Cwd; -$INSTALLTOP="/usr/local/ssl"; +$INSTALLTOP="/usr/local"; $OPENSSLDIR="/usr/local/ssl"; +$ENGINESDIR="/usr/local/lib/engines"; $OPTIONS=""; $ssl_version=""; $banner="\t\@echo Building OpenSSL"; my $no_static_engine = 1; my $engines = ""; +my @engines_obj = ""; my $otherlibs = ""; local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic local $zlib_lib = ""; local $perl_asm = 0; # 1 to autobuild asm files from perl scripts +local $fips_canister_path = ""; +my $fips_premain_dso_exe_path = ""; +my $fips_premain_c_path = ""; +my $fips_sha1_exe_path = ""; + +local $fipscanisterbuild = 0; + +my $fipscanisteronly = 0; + +my $fipslibdir = ""; +my $baseaddr = ""; + +my $ex_l_libs = ""; + +my $build_targets = "lib exe"; +my $libs_dep = "\$(O_CRYPTO) \$(O_SSL)"; + # Options to import from top level Makefile my %mf_import = ( @@ -25,9 +48,12 @@ my %mf_import = ( OPTIONS => \$OPTIONS, INSTALLTOP => \$INSTALLTOP, OPENSSLDIR => \$OPENSSLDIR, + ENGINESDIR => \$ENGINESDIR, PLATFORM => \$mf_platform, + CC => \$mf_cc, CFLAG => \$mf_cflag, - DEPFLAG => \$mf_depflag, + CFLAG_Q => \$mf_cflag_q, + DEPFLAG => \$mf_depflag, CPUID_OBJ => \$mf_cpuid_asm, BN_ASM => \$mf_bn_asm, DES_ENC => \$mf_des_asm, @@ -40,22 +66,32 @@ my %mf_import = ( SHA1_ASM_OBJ => \$mf_sha_asm, RMD160_ASM_OBJ => \$mf_rmd_asm, WP_ASM_OBJ => \$mf_wp_asm, - CMLL_ENC => \$mf_cm_asm + CMLL_ENC => \$mf_cm_asm, + MODES_ASM_OBJ => \$mf_modes_asm, + ENGINES_ASM_OBJ=> \$mf_engines_asm, + PERLASM_SCHEME => \$mf_perlasm_scheme, + FIPSCANISTERONLY => \$mf_fipscanisteronly, + FIPSCANISTERINTERNAL => \$mf_fipscanisterinternal, + EC_ASM => \$mf_ec_asm, ); - open(IN,") { my ($mf_opt, $mf_ref); while (($mf_opt, $mf_ref) = each %mf_import) { - if (/^$mf_opt\s*=\s*(.*)$/) { + if (/^$mf_opt\s*=\s*(.*)$/ && !defined($$mfref)) { $$mf_ref = $1; } } } close(IN); -$debug = 1 if $mf_platform =~ /^debug-/; +if ($mf_fipscanisterinternal eq "y") { + $fips = 1; + $fipscanisterbuild = 1; + $fipscanisteronly = 1; +} + die "Makefile is not the toplevel Makefile!\n" if $ssl_version eq ""; @@ -79,7 +115,8 @@ $infile="MINFO"; "netware-libc", "CodeWarrior for NetWare - LibC - with WinSock Sockets", "netware-libc-bsdsock", "CodeWarrior for NetWare - LibC - with BSD Sockets", "default","cc under unix", - "auto", "auto detect from top level Makefile" + "auto", "auto detect from top level Makefile", + "copy", "copy from top level Makefile" ); $platform=""; @@ -100,15 +137,17 @@ and [options] can be one of no-rc2 no-rc4 no-rc5 no-idea no-des - Skip this symetric cipher no-bf no-cast no-aes no-camellia no-seed no-rsa no-dsa no-dh - Skip this public key cipher - no-ssl2 no-ssl3 - Skip this version of SSL + no-ssl3 - Skip this version of SSL just-ssl - remove all non-ssl keys/digest no-asm - No x86 asm - no-krb5 - No KRB5 + no-srp - No SRP no-ec - No EC - no-ecdsa - No ECDSA - no-ecdh - No ECDH no-engine - No engine + no-egd - No EGD no-hw - No hw + no-async - No Async (use NULL) + no-autoalginit - Don't auto load algorithms in libcrypto + no-autoerrinit - Don't auto load error strings for libcrypto or libssl nasm - Use NASM for x86 asm nw-nasm - Use NASM x86 asm for NetWare nw-mwasm - Use Metrowerks x86 asm for NetWare @@ -140,24 +179,22 @@ $no_static_engine = 0 if (!$shlib); $no_mdc2=1 if ($no_des); -$no_ssl3=1 if ($no_md5 || $no_sha); +$no_ssl3=1 if ($no_md5); $no_ssl3=1 if ($no_rsa && $no_dh); -$no_ssl2=1 if ($no_md5); -$no_ssl2=1 if ($no_rsa); - $out_def="out"; $inc_def="outinc"; $tmp_def="tmp"; $perl="perl" unless defined $perl; $mkdir="-mkdir" unless defined $mkdir; +$mv="mv" unless defined $mv; ($ssl,$crypto)=("ssl","crypto"); $ranlib="echo ranlib"; $cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc'; -$src_dir=(defined($VARS{'SRC'}))?$VARS{'SRC'}:'.'; +$src_dir=(defined($VARS{'SRC'}))?$VARS{'SRC'}: $platform eq 'copy' ? getcwd() : '.'; $bin_dir=(defined($VARS{'BIN'}))?$VARS{'BIN'}:''; # $bin_dir.=$o causes a core dump on my sparc :-( @@ -167,7 +204,8 @@ $NT=0; push(@INC,"util/pl","pl"); -if ($platform eq "auto") { +if ($platform eq "auto" || $platform eq 'copy') { + $orig_platform = $platform; $platform = $mf_platform; print STDERR "Imported platform $mf_platform\n"; } @@ -246,9 +284,7 @@ $cflags.=" -DOPENSSL_NO_RC5" if $no_rc5; $cflags.=" -DOPENSSL_NO_MD2" if $no_md2; $cflags.=" -DOPENSSL_NO_MD4" if $no_md4; $cflags.=" -DOPENSSL_NO_MD5" if $no_md5; -$cflags.=" -DOPENSSL_NO_SHA" if $no_sha; -$cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1; -$cflags.=" -DOPENSSL_NO_RIPEMD" if $no_ripemd; +$cflags.=" -DOPENSSL_NO_RMD160" if $no_ripemd; $cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2; $cflags.=" -DOPENSSL_NO_BF" if $no_bf; $cflags.=" -DOPENSSL_NO_CAST" if $no_cast; @@ -258,19 +294,20 @@ $cflags.=" -DOPENSSL_NO_DSA" if $no_dsa; $cflags.=" -DOPENSSL_NO_DH" if $no_dh; $cflags.=" -DOPENSSL_NO_WHIRLPOOL" if $no_whirlpool; $cflags.=" -DOPENSSL_NO_SOCK" if $no_sock; -$cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2; $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; -$cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext; +$cflags.=" -DOPENSSL_NO_SRP" if $no_srp; $cflags.=" -DOPENSSL_NO_CMS" if $no_cms; $cflags.=" -DOPENSSL_NO_ERR" if $no_err; -$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; $cflags.=" -DOPENSSL_NO_EC" if $no_ec; -$cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa; -$cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh; $cflags.=" -DOPENSSL_NO_GOST" if $no_gost; $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; $cflags.=" -DOPENSSL_NO_HW" if $no_hw; +$cflags.=" -DOPENSSL_NO_ASYNC" if $no_async; +$cflags.=" -DOPENSSL_NO_AUTOALGINIT" if $no_autoalginit; +$cflags.=" -DOPENSSL_NO_AUTOERRINIT" if $no_autoerrinit; +$cflags.=" -DOPENSSL_FIPS" if $fips; $cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake; +$cflags.=" -DOPENSSL_NO_EC2M" if $no_ec2m; $cflags.= " -DZLIB" if $zlib_opt; $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2; @@ -290,6 +327,11 @@ else ##else { $cflags="$c_flags$cflags" if ($c_flags ne ""); } +if ($orig_platform eq 'copy') { + $cflags = $mf_cflag; + $cc = $mf_cc; +} + $ex_libs="$l_flags$ex_libs" if ($l_flags ne ""); @@ -316,18 +358,28 @@ open(IN,"<$infile") || die "unable to open $infile:$!\n"; $_=; for (;;) { - chop; + s/\s*$//; # was chop, didn't work in mixture of perls for Windows... ($key,$val)=/^([^=]+)=(.*)/; if ($key eq "RELATIVE_DIRECTORY") { if ($lib ne "") { - $uc=$lib; - $uc =~ s/^lib(.*)\.a/$1/; - $uc =~ tr/a-z/A-Z/; - $lib_nam{$uc}=$uc; - $lib_obj{$uc}.=$libobj." "; + if ($fips && $dir =~ /^fips/) + { + $uc = "FIPS"; + } + else + { + $uc=$lib; + $uc =~ s/^lib(.*)\.a/$1/; + $uc =~ tr/a-z/A-Z/; + } + if (($uc ne "FIPS") || $fipscanisterbuild) + { + $lib_nam{$uc}=$uc; + $lib_obj{$uc}.=$libobj." "; + } } last if ($val eq "FINISHED"); $lib=""; @@ -335,22 +387,26 @@ for (;;) $dir=$val; } - if ($key eq "KRB5_INCLUDES") - { $cflags .= " $val";} - if ($key eq "ZLIB_INCLUDE") { $cflags .= " $val" if $val ne "";} if ($key eq "LIBZLIB") { $zlib_lib = "$val" if $val ne "";} - if ($key eq "LIBKRB5") + if ($key eq "EX_LIBS") { $ex_libs .= " $val" if $val ne "";} - if ($key eq "TEST") - { $test.=&var_add($dir,$val, 0); } + # There was a condition here before: + # !$fipscanisteronly || $dir =~ /^fips/ + # It currently fills no function and needs to be rewritten anyway, so + # removed for now. + if ($dir eq "test" && $key eq "EXE") + { + foreach my $t (split /\s+/, $val) { + $test.=&var_add($dir,$t, 0) if $t; } + } - if (($key eq "PROGS") || ($key eq "E_OBJ")) + if ($key eq "EXE_OBJ") { $e_exe.=&var_add($dir,$val, 0); } if ($key eq "LIB") @@ -365,25 +421,180 @@ for (;;) $otherlibs .= " $lib"; } - if ($key eq "EXHEADER") - { $exheader.=&var_add($dir,$val, 1); } - if ($key eq "HEADER") { $header.=&var_add($dir,$val, 1); } - if ($key eq "LIBOBJ" && ($dir ne "engines" || !$no_static_engine)) + if ($key eq "LIBOBJ") + { + if ($dir ne "engines" || !$no_static_engine) { $libobj=&var_add($dir,$val, 0); } + else + { push(@engines_obj,split(/\s+/,&var_add($dir,$val,0))); } + } if ($key eq "LIBNAMES" && $dir eq "engines" && $no_static_engine) { $engines.=$val } + if ($key eq "FIPS_EX_OBJ") + { + $fips_ex_obj=&var_add("crypto",$val,0); + } + + if ($key eq "FIPSLIBDIR") + { + $fipslibdir=$val; + $fipslibdir =~ s/\/$//; + $fipslibdir =~ s/\//$o/g; + } + + if ($key eq "BASEADDR") + { $baseaddr=$val;} + if (!($_=)) { $_="RELATIVE_DIRECTORY=FINISHED\n"; } } close(IN); -if ($shlib) +if ($orig_platform eq 'copy') + { + # Remove opensslconf.h so it doesn't get updated if we configure a + # different branch. + $header =~ s/[^ ]+\/opensslconf.h//; + } + +if ($fips) + { + + foreach (split " ", $fips_ex_obj) + { + $fips_exclude_obj{$1} = 1 if (/\/([^\/]*)$/); + } + foreach (split " ", + "$mf_cpuid_asm $mf_aes_asm $mf_sha_asm $mf_bn_asm " . + "$mf_des_asm $mf_modes_asm") + { + s/\.o//; + $fips_exclude_obj{$_} = 1; + } + my @ltmp = split " ", $lib_obj{"CRYPTO"}; + + + $lib_obj{"CRYPTO"} = ""; + + foreach(@ltmp) + { + if (/\/([^\/]*)$/ && exists $fips_exclude_obj{$1}) + { + if ($fipscanisterbuild) + { + $lib_obj{"FIPS"} .= "$_ "; + } + } + elsif (!$fipscanisteronly) + { + $lib_obj{"CRYPTO"} .= "$_ "; + } + } + + } + +if ($fipscanisterbuild) { - $extra_install= <<"EOF"; + $fips_canister_path = "\$(LIB_D)${o}fipscanister.lib" if $fips_canister_path eq ""; + $fips_premain_c_path = "\$(LIB_D)${o}fips_premain.c"; + } +else + { + if ($fips_canister_path eq "") + { + $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.lib"; + } + + if ($fips_premain_c_path eq "") + { + $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c"; + } + } + +if ($fips) + { + if ($fips_sha1_exe_path eq "") + { + $fips_sha1_exe_path = + "\$(BIN_D)${o}fips_standalone_sha1$exep"; + } + } + else + { + $fips_sha1_exe_path = ""; + } + +if ($fips_premain_dso_exe_path eq "") + { + $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep"; + } + +# $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips); + +if ($fips) + { + if (!$shlib) + { + $build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)"; + $ex_l_libs .= " \$(O_FIPSCANISTER)"; + $ex_libs_dep .= " \$(O_FIPSCANISTER)" if $fipscanisterbuild; + } + if ($fipscanisterbuild) + { + $fipslibdir = "\$(LIB_D)"; + } + else + { + if ($fipslibdir eq "") + { + open (IN, "util/fipslib_path.txt") || fipslib_error(); + $fipslibdir = ; + close IN; + $fipslibdir = "" unless defined($fipslibdir); + $fipslibdir =~ s{\R$}{}; + fipslib_error() if ($fipslibdir eq ""); + } + fips_check_files($fipslibdir, + "fipscanister.lib", "fipscanister.lib.sha1", + "fips_premain.c", "fips_premain.c.sha1"); + } + } + +if ($fipscanisteronly) + { + $build_targets = "\$(O_FIPSCANISTER) \$(T_EXE)"; + $libs_dep = ""; + } + +$cp2 = $cp unless defined $cp2; + +$extra_install= <<"EOF"; + \$(CP) \"include${o}openssl${o}*.\[ch\]\" \"\$(INSTALLTOP)${o}include${o}openssl\" + \$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin\" + \$(MKDIR) \"\$(OPENSSLDIR)\" + \$(CP) apps${o}openssl.cnf \"\$(OPENSSLDIR)\" +EOF + +if ($fipscanisteronly) + { + $extra_install = <<"EOF"; + \$(CP) \"\$(O_FIPSCANISTER)\" \"\$(INSTALLTOP)${o}lib\" + \$(CP) \"\$(O_FIPSCANISTER).sha1\" \"\$(INSTALLTOP)${o}lib\" + \$(CP2) \"fips${o}fips_premain.c\" \"\$(INSTALLTOP)${o}lib\" + \$(CP) \"fips${o}fips_premain.c.sha1\" \"\$(INSTALLTOP)${o}lib\" + \$(CP) \"include${o}openssl${o}fips.h\" \"\$(INSTALLTOP)${o}include${o}openssl\" + \$(CP) \"include${o}openssl${o}fips_rand.h\" \"\$(INSTALLTOP)${o}include${o}openssl\" + \$(CP) "\$(BIN_D)${o}fips_standalone_sha1$exep" \"\$(INSTALLTOP)${o}bin\" + \$(CP) \"util${o}fipslink.pl\" \"\$(INSTALLTOP)${o}bin\" +EOF + } +elsif ($shlib) + { + $extra_install .= <<"EOF"; \$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}bin\" \$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}bin\" \$(CP) \"\$(L_SSL)\" \"\$(INSTALLTOP)${o}lib\" @@ -399,17 +610,29 @@ EOF } else { - $extra_install= <<"EOF"; + $extra_install .= <<"EOF"; \$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}lib\" \$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}lib\" EOF $ex_libs .= " $zlib_lib" if $zlib_opt == 1; } +my $asm_def = $orig_platform eq 'copy' ? "" : "ASM=$bin_dir$asm"; + +$cflags =~ s/\((ENGINESDIR|OPENSSLDIR)\)/\(${1}_QQ\)/g; +(my $cflags_q = $cflags) =~ s/([\\"])/\\$1/g; +(my $INSTALLTOP_Q = $INSTALLTOP) =~ s/([\\"])/\\$1/g; +(my $INSTALLTOP_QQ = $INSTALLTOP_Q) =~ s/\\/\\\\/g; +(my $OPENSSLDIR_Q = $OPENSSLDIR) =~ s/([\\"])/\\$1/g; +(my $OPENSSLDIR_QQ = $OPENSSLDIR_Q) =~ s/\\/\\\\/g; +(my $ENGINESDIR_Q = $ENGINESDIR) =~ s/([\\"])/\\$1/g; +(my $ENGINESDIR_QQ = $ENGINESDIR_Q) =~ s/\\/\\\\/g; + $defs= <<"EOF"; +# N.B. You MUST use -j on FreeBSD. # This makefile has been automatically generated from the OpenSSL distribution. # This single makefile will build the complete OpenSSL distribution and -# by default leave the 'intertesting' output files in .${o}out and the stuff +# by default leave the 'interesting' output files in .${o}out and the stuff # that needs deleting in .${o}tmp. # The file was generated by running 'make makefile.one', which # does a 'make files', which writes all the environment variables from all @@ -426,12 +649,17 @@ $defs .= $preamble if defined $preamble; $defs.= <<"EOF"; INSTALLTOP=$INSTALLTOP +INSTALLTOP_QQ=$INSTALLTOP_QQ OPENSSLDIR=$OPENSSLDIR +OPENSSLDIR_QQ=$OPENSSLDIR_QQ +ENGINESDIR=$ENGINESDIR +ENGINESDIR_QQ=$ENGINESDIR_QQ # Set your compiler options PLATFORM=$platform CC=$bin_dir${cc} CFLAG=$cflags +CFLAG_Q=$cflags_q APP_CFLAG=$app_cflag LIB_CFLAG=$lib_cflag SHLIB_CFLAG=$shl_cflag @@ -444,26 +672,38 @@ EX_LIBS=$ex_libs # The OpenSSL directory SRC_D=$src_dir -LINK=$link +LINK_CMD=$link LFLAGS=$lflags RSC=$rsc +FIPSLINK=\$(PERL) util${o}fipslink.pl -# The output directory for everything intersting +# The output directory for everything interesting OUT_D=$out_dir # The output directory for all the temporary muck TMP_D=$tmp_dir -# The output directory for the header files -INC_D=$inc_dir -INCO_D=$inc_dir${o}openssl PERL=$perl +PERLASM_SCHEME=$mf_perlasm_scheme CP=$cp +CP2=$cp2 RM=$rm +MV=$mv RANLIB=$ranlib MKDIR=$mkdir MKLIB=$bin_dir$mklib MLFLAGS=$mlflags -ASM=$bin_dir$asm +$asm_def + +# FIPS validated module and support file locations + +E_PREMAIN_DSO=fips_premain_dso + +FIPSLIB_D=$fipslibdir +BASEADDR=$baseaddr +FIPS_PREMAIN_SRC=$fips_premain_c_path +O_FIPSCANISTER=$fips_canister_path +FIPS_SHA1_EXE=$fips_sha1_exe_path +PREMAIN_DSO_EXE=$fips_premain_dso_exe_path ###################################################### # You should not need to touch anything below this point @@ -497,23 +737,23 @@ SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp -L_LIBS= \$(L_SSL) \$(L_CRYPTO) +L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs ###################################################### # Don't touch anything below this point ###################################################### -INC=-I\$(INC_D) -I\$(INCL_D) +INC=-I\$(SRC_D)${o}include -I\$(INCL_D) -I\$(SRC_D)${o}crypto${o}include APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG) LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG) -LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) +LIBS_DEP=$libs_dep ############################################# EOF $rules=<<"EOF"; -all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe +all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) headers \$(FIPS_SHA1_EXE) $build_targets banner: $banner @@ -530,18 +770,18 @@ $banner \$(LIB_D): \$(MKDIR) \"\$(LIB_D)\" -\$(INCO_D): \$(INC_D) - \$(MKDIR) \"\$(INCO_D)\" +# This needs to be invoked once, when the makefile is first constructed, or +# after cleaning. +init: \$(TMP_D) \$(LIB_D) \$(BIN_D) \$(TEST_D) headers -\$(INC_D): - \$(MKDIR) \"\$(INC_D)\" - -headers: \$(HEADER) \$(EXHEADER) - @ +headers: \$(HEADER) lib: \$(LIBS_DEP) \$(E_SHLIB) -exe: \$(T_EXE) \$(BIN_D)$o\$(E_EXE)$exep +exe: apps tools testapps +apps: \$(BIN_D)$o\$(E_EXE)$exep \$(BIN_D)${o}CA.pl +testapps: \$(T_EXE) +tools: \$(BIN_D)${o}c_rehash install: all \$(MKDIR) \"\$(INSTALLTOP)\" @@ -549,17 +789,9 @@ install: all \$(MKDIR) \"\$(INSTALLTOP)${o}include\" \$(MKDIR) \"\$(INSTALLTOP)${o}include${o}openssl\" \$(MKDIR) \"\$(INSTALLTOP)${o}lib\" - \$(CP) \"\$(INCO_D)${o}*.\[ch\]\" \"\$(INSTALLTOP)${o}include${o}openssl\" - \$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin\" - \$(MKDIR) \"\$(OPENSSLDIR)\" - \$(CP) apps${o}openssl.cnf \"\$(OPENSSLDIR)\" + \$(MKDIR) \"\$(INSTALLTOP)${o}lib${o}engines\" $extra_install - -test: \$(T_EXE) - cd \$(BIN_D) - ..${o}ms${o}test - clean: \$(RM) \$(TMP_D)$o*.* @@ -567,79 +799,89 @@ vclean: \$(RM) \$(TMP_D)$o*.* \$(RM) \$(OUT_D)$o*.* -EOF - -my $platform_cpp_symbol = "MK1MF_PLATFORM_$platform"; -$platform_cpp_symbol =~ s/-/_/g; -if (open(IN,"crypto/buildinf.h")) - { - # Remove entry for this platform in existing file buildinf.h. +reallyclean: + \$(RM) -rf \$(TMP_D) + \$(RM) -rf \$(BIN_D) + \$(RM) -rf \$(TEST_D) + \$(RM) -rf \$(LIB_D) - my $old_buildinf_h = ""; - while () - { - if (/^\#ifdef $platform_cpp_symbol$/) - { - while () { last if (/^\#endif/); } - } - else - { - $old_buildinf_h .= $_; - } - } - close(IN); +EOF - open(OUT,">crypto/buildinf.h") || die "Can't open buildinf.h"; - print OUT $old_buildinf_h; - close(OUT); - } +$rules .= &do_rehash_rule("rehash.time", "certs/demo apps tools"); +$rules .= &do_test_rule("test", "rehash.time", "run_tests.pl"); -open (OUT,">>crypto/buildinf.h") || die "Can't open buildinf.h"; -printf OUT < crypto${o}buildinf.h +$(OBJ_D)${o}cversion${obj} : crypto${o}buildinf.h EOF -printf OUT " #define DATE \"%s\"\n", scalar gmtime(); -printf OUT "#endif\n"; -close(OUT); -# Strip of trailing ' ' +# Strip off trailing ' ' foreach (keys %lib_obj) { $lib_obj{$_}=&clean_up_ws($lib_obj{$_}); } $test=&clean_up_ws($test); $e_exe=&clean_up_ws($e_exe); -$exheader=&clean_up_ws($exheader); $header=&clean_up_ws($header); -# First we strip the exheaders from the headers list -foreach (split(/\s+/,$exheader)){ $h{$_}=1; } -foreach (split(/\s+/,$header)) { $h.=$_." " unless $h{$_}; } -chop($h); $header=$h; - $defs.=&do_defs("HEADER",$header,"\$(INCL_D)",""); $rules.=&do_copy_rule("\$(INCL_D)",$header,""); -$defs.=&do_defs("EXHEADER",$exheader,"\$(INCO_D)",""); -$rules.=&do_copy_rule("\$(INCO_D)",$exheader,""); - $defs.=&do_defs("T_OBJ",$test,"\$(OBJ_D)",$obj); $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)"); $defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj); $rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)'); +# Special case rules for fips_start and fips_end fips_premain_dso + +if ($fips) + { + if ($fipscanisterbuild) + { + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj", + "fips${o}fips_canister.c", + "-DFIPS_START \$(SHLIB_CFLAGS)"); + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj", + "fips${o}fips_canister.c", "\$(SHLIB_CFLAGS)"); + } + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj", + "fips${o}sha${o}fips_standalone_sha1.c", + "\$(APP_CFLAGS)"); + $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj", + "fips${o}fips_premain.c", + "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(APP_CFLAGS)"); + } + +sub fix_asm + { + my($asm, $dir) = @_; + + $asm = " $asm"; + $asm =~ s/\s+/ $dir\//g; + $asm =~ s/\.o//g; + $asm =~ s/^ //; + + return $asm . ' '; + } + +if ($orig_platform eq 'copy') { + $lib_obj{CRYPTO} .= fix_asm($mf_md5_asm, 'crypto/md5'); + $lib_obj{CRYPTO} .= fix_asm($mf_bn_asm, 'crypto/bn'); + # cpuid is included by the crypto dir + #$lib_obj{CRYPTO} .= fix_asm($mf_cpuid_asm, 'crypto'); + # AES asm files end up included by the aes dir itself + #$lib_obj{CRYPTO} .= fix_asm($mf_aes_asm, 'crypto/aes'); + $lib_obj{CRYPTO} .= fix_asm($mf_sha_asm, 'crypto/sha'); + $lib_obj{CRYPTO} .= fix_asm($mf_engines_asm, 'engines'); + $lib_obj{CRYPTO} .= fix_asm($mf_rc4_asm, 'crypto/rc4'); + $lib_obj{CRYPTO} .= fix_asm($mf_modes_asm, 'crypto/modes'); + $lib_obj{CRYPTO} .= fix_asm($mf_ec_asm, 'crypto/ec'); +} + foreach (values %lib_nam) { $lib_obj=$lib_obj{$_}; local($slib)=$shlib; - if (($_ eq "SSL") && $no_ssl2 && $no_ssl3) - { - $rules.="\$(O_SSL):\n\n"; - next; - } - $defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj); $lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)"; $rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib); @@ -661,25 +903,44 @@ EOF $defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep); foreach (split(/\s+/,$test)) { + my $t_libs; $t=&bname($_); + my $ltype; + # Check to see if test program is FIPS + if ($fips && /fips/) + { + # If fips perform static link to + # $(O_FIPSCANISTER) + $t_libs = "\$(O_FIPSCANISTER)"; + $ltype = 2; + } + else + { + $t_libs = "\$(L_LIBS)"; + $ltype = 0; + } + $tt="\$(OBJ_D)${o}$t${obj}"; - $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); + $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","$t_libs \$(EX_LIBS)", $ltype); } $defs.=&do_defs("E_SHLIB",$engines . $otherlibs,"\$(ENG_D)",$shlibp); foreach (split(/\s+/,$engines)) { - $rules.=&do_compile_rule("\$(OBJ_D)","engines${o}e_$_",$lib); - $rules.= &do_lib_rule("\$(OBJ_D)${o}e_${_}.obj","\$(ENG_D)$o$_$shlibp","",$shlib,""); + my $engine = $_; + my @objs = grep {/e_$engine/} @engines_obj; + $rules.=&do_compile_rule("\$(OBJ_D)",join(" ",@objs),$lib); + map {$_=~s/.*\/([^\/]+)$/\$(OBJ_D)${o}$1$obj/} @objs; + $rules.= &do_lib_rule(join(" ",@objs),"\$(ENG_D)$o$engine$shlibp","",$shlib,""); } $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)"); -$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)"); +#$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)"); -foreach (split(/\s+/,$otherlibs)) +foreach (split(" ",$otherlibs)) { my $uc = $_; $uc =~ tr /a-z/A-Z/; @@ -687,7 +948,57 @@ foreach (split(/\s+/,$otherlibs)) } -$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); +if ($fips) + { + if ($shlib) + { + $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)", + "\$(O_CRYPTO)", "$crypto", + $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)"); + } + else + { + $rules.= &do_lib_rule("\$(CRYPTOOBJ)", + "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", ""); + $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)", + "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", ""); + } + } + else + { + $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib, + "\$(SO_CRYPTO)"); + } + +if ($fips) + { + if ($fipscanisterbuild) + { + $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", + "\$(OBJ_D)${o}fips_start$obj", + "\$(FIPSOBJ)", + "\$(OBJ_D)${o}fips_end$obj", + "\$(FIPS_SHA1_EXE)", ""); + # FIXME + $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)", + "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}sha1dgst$obj $sha1_asm_obj", + "","\$(EX_LIBS)", 1); + } + else + { + $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)", + "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(O_FIPSCANISTER)", + "","", 1); + + } + $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1); + + } + +$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)", ($fips && !$shlib) ? 2 : 0); + +$rules.=&do_dofile_rule("\$(BIN_D)","c_rehash","tools/c_rehash.in"); +$rules.=&do_dofile_rule("\$(BIN_D)","CA.pl","apps/CA.pl.in"); print $defs; @@ -724,9 +1035,9 @@ sub var_add return("") if $no_dsa && $dir =~ /\/dsa/; return("") if $no_dh && $dir =~ /\/dh/; return("") if $no_ec && $dir =~ /\/ec/; - return("") if $no_gost && $dir =~ /\/ccgost/; return("") if $no_cms && $dir =~ /\/cms/; return("") if $no_jpake && $dir =~ /\/jpake/; + return("") if !$fips && $dir =~ /^fips/; if ($no_des && $dir =~ /\/des/) { if ($val =~ /read_pwd/) @@ -756,7 +1067,6 @@ sub var_add @a=grep(!/^e_camellia$/,@a) if $no_camellia; @a=grep(!/^e_seed$/,@a) if $no_seed; - #@a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2; #@a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3; @a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock; @@ -767,8 +1077,7 @@ sub var_add @a=grep(!/(rmd)|(ripemd)/,@a) if $no_ripemd; @a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa; - @a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa; - @a=grep(!/(^pem_seal$)/,@a) if $no_rsa; + @a=grep(!/(^p_open$)/,@a) if $no_rsa; @a=grep(!/(m_dss$)|(m_dss1$)/,@a) if $no_dsa; @a=grep(!/(^d2i_s_)|(^i2d_s_)|(_dsap$)/,@a) if $no_dsa; @@ -777,19 +1086,16 @@ sub var_add @a=grep(!/_dhp$/,@a) if $no_dh; - @a=grep(!/(^sha[^1])|(_sha$)|(m_dss$)/,@a) if $no_sha; - @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; @a=grep(!/_mdc2$/,@a) if $no_mdc2; + @a=grep(!/(srp)/,@a) if $no_srp; + @a=grep(!/^engine$/,@a) if $no_engine; @a=grep(!/^hw$/,@a) if $no_hw; @a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa; @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa; - @a=grep(!/^gendsa$/,@a) if $no_sha1; @a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh; - @a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; - grep($_="$dir/$_",@a); @a=grep(!/(^|\/)s_/,@a) if $no_sock; @a=grep(!/(^|\/)bio_sock/,@a) if $no_sock; @@ -855,7 +1161,7 @@ sub do_defs elsif ($var eq "SSLOBJ") { $ret.="\$(OBJ_D)\\\$(SSL).res "; } } - chomp($ret); + chomp($ret); # Does this actually do something? /RL $ret.="\n\n"; return($ret); } @@ -904,6 +1210,11 @@ sub do_compile_rule { $ret.=&Sasm_compile_target("$to${o}$n$obj",$s,$n); } + elsif (defined &special_compile_target and + ($s=special_compile_target($_))) + { + $ret.=$s; + } else { die "no rule for $_"; } } return($ret); @@ -914,13 +1225,21 @@ sub do_compile_rule sub perlasm_compile_target { my($target,$source,$bname)=@_; - my($ret); + return platform_perlasm_compile_target($target, $source, $bname) + if defined &platform_perlasm_compile_target; + + my($ret); $bname =~ s/(.*)\.[^\.]$/$1/; - $ret ="\$(TMP_D)$o$bname.asm: $source\n"; - $ret.="\t\$(PERL) $source $asmtype \$(CFLAG) >\$\@\n\n"; - $ret.="$target: \$(TMP_D)$o$bname.asm\n"; - $ret.="\t\$(ASM) $afile\$\@ \$(TMP_D)$o$bname.asm\n\n"; + $ret ="\$(TMP_D)$o$bname$asm_suffix: $source\n"; + $ret.="\t\$(PERL) $source $asmtype \$(CFLAG) >\$\@\n"; + if ($fipscanisteronly) + { + $ret .= "\t\$(PERL) util$o.pl . \$@ norunasm \$(CFLAG)\n"; + } + $ret .= "\n"; + $ret.="$target: \$(TMP_D)$o$bname$asm_suffix\n"; + $ret.="\t\$(ASM) $afile\$\@ \$(TMP_D)$o$bname$asm_suffix\n\n"; return($ret); } @@ -931,7 +1250,9 @@ sub Sasm_compile_target $bname =~ s/(.*)\.[^\.]$/$1/; $ret ="\$(TMP_D)$o$bname.asm: $source\n"; - $ret.="\t\$(CC) -E \$(CFLAG) $source >\$\@\n\n"; + $ret.="\t\$(CC) -E \$(CFLAG) $source >\$\@\n"; + $ret.="\t\$(PERL) util\\fipsas.pl . \$@ norunasm \$(CFLAG)\n" if $fipscanisteronly; + $ret.="\n"; $ret.="$target: \$(TMP_D)$o$bname.asm\n"; $ret.="\t\$(ASM) $afile\$\@ \$(TMP_D)$o$bname.asm\n\n"; return($ret); @@ -942,11 +1263,14 @@ sub cc_compile_target local($target,$source,$ex_flags)=@_; local($ret); - $ex_flags.=" -DMK1MF_BUILD -D$platform_cpp_symbol" if ($source =~ /cversion/); $target =~ s/\//$o/g if $o ne "/"; $source =~ s/\//$o/g if $o ne "/"; $ret ="$target: \$(SRC_D)$o$source\n\t"; - $ret.="\$(CC) ${ofile}$target $ex_flags -c \$(SRC_D)$o$source\n\n"; + $ret.="\$(CC)"; + $ret.= " -MMD" if $orig_platform eq "copy"; + $ret.= " ${ofile}$target $ex_flags -c \$(SRC_D)$o$source\n\n"; + $target =~ s/\.o$/.d/; + $ret.=".sinclude \"$target\"\n\n" if $orig_platform eq "copy"; return($ret); } @@ -1004,6 +1328,7 @@ sub do_copy_rule local($to,$files,$p)=@_; local($ret,$_,$n,$pp); + $files =~ s/\//$o/g if $o ne '/'; foreach (split(/\s+/,$files)) { @@ -1011,17 +1336,34 @@ sub do_copy_rule if ($n =~ /bss_file/) { $pp=".c"; } else { $pp=$p; } - $ret.="$to${o}$n$pp: \$(SRC_D)$o$_$pp\n\t\$(CP) \"\$(SRC_D)$o$_$pp\" \"$to${o}$n$pp\"\n\n"; + $ret.="$to${o}$n$pp: \$(SRC_D)$o$_$pp\n\t\$(PERL) \$(SRC_D)${o}util${o}copy-if-different.pl \"\$(SRC_D)$o$_$pp\" \"$to${o}$n$pp\"\n\n"; } return($ret); } +sub do_dofile_rule + { + (my $to, my $file, my $tmpl) = @_; + + $file =~ s|/|$o|g if $o ne '/'; + return <<"EOF"; +$to${o}$file: $tmpl + \$(PERL) "-I." "-Mconfigdata" util/dofile.pl "$tmpl" > "$to${o}$file.new" + \$(MV) "$to${o}$file.new" "$to${o}$file" +EOF + } + +# Options picked up from the OPTIONS line in the top level Makefile +# generated by Configure. + sub read_options { # Many options are handled in a similar way. In particular # no-xxx sets zero or more scalars to 1. - # Process these using a hash containing the option name and - # reference to the scalars to set. + # Process these using the %valid_options hash containing the option + # name and reference to the scalars to set. In some cases the option + # needs no special handling and can be ignored: this is done by + # setting the value to 0. my %valid_options = ( "no-rc2" => \$no_rc2, @@ -1037,8 +1379,6 @@ sub read_options "no-md2" => \$no_md2, "no-md4" => \$no_md4, "no-md5" => \$no_md5, - "no-sha" => \$no_sha, - "no-sha1" => \$no_sha1, "no-ripemd" => \$no_ripemd, "no-mdc2" => \$no_mdc2, "no-whirlpool" => \$no_whirlpool, @@ -1047,38 +1387,43 @@ sub read_options "no-rsa" => \$no_rsa, "no-dsa" => \$no_dsa, "no-dh" => \$no_dh, - "no-hmac" => \$no_hmac, "no-asm" => \$no_asm, "nasm" => \$nasm, "nw-nasm" => \$nw_nasm, "nw-mwasm" => \$nw_mwasm, "gaswin" => \$gaswin, - "no-ssl2" => \$no_ssl2, "no-ssl3" => \$no_ssl3, - "no-tlsext" => \$no_tlsext, + "no-ssl3-method" => 0, + "no-srp" => \$no_srp, "no-cms" => \$no_cms, "no-jpake" => \$no_jpake, + "no-ec2m" => \$no_ec2m, + "no-ec_nistp_64_gcc_128" => 0, "no-err" => \$no_err, "no-sock" => \$no_sock, - "no-krb5" => \$no_krb5, "no-ec" => \$no_ec, - "no-ecdsa" => \$no_ecdsa, - "no-ecdh" => \$no_ecdh, "no-gost" => \$no_gost, "no-engine" => \$no_engine, + "no-egd" => 0, "no-hw" => \$no_hw, + "no-async" => \$no_async, + "no-autoalginit" => \$no_autoalginit, + "no-autoerrinit" => \$no_autoerrinit, "just-ssl" => [\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast, - \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh, - \$no_ssl2, \$no_err, \$no_ripemd, \$no_rc5, - \$no_aes, \$no_camellia, \$no_seed], + \$no_md2, \$no_mdc2, \$no_dsa, \$no_dh, + \$no_err, \$no_ripemd, \$no_rc5, + \$no_aes, \$no_camellia, \$no_seed, \$no_srp], "rsaref" => 0, "gcc" => \$gcc, "debug" => \$debug, + "--debug" => \$debug, "profile" => \$profile, "shlib" => \$shlib, "dll" => \$shlib, "shared" => 0, + "no-sctp" => 0, + "no-srtp" => 0, "no-gmp" => 0, "no-rfc3779" => 0, "no-montasm" => 0, @@ -1086,6 +1431,15 @@ sub read_options "no-store" => 0, "no-zlib" => 0, "no-zlib-dynamic" => 0, + "no-ssl-trace" => 0, + "no-unit-test" => 0, + "no-deprecated" => 0, + "no-ocb" => 0, + "no-crypto-mdebug" => 0, + "fips" => \$fips, + "fipscanisterbuild" => [\$fips, \$fipscanisterbuild], + "fipscanisteronly" => [\$fips, \$fipscanisterbuild, \$fipscanisteronly], + "fipscheck" => [\$fips, \$fipscanisterbuild, \$fipscanisteronly], ); if (exists $valid_options{$_}) @@ -1139,22 +1493,6 @@ sub read_options $xcflags="-DOPENSSL_EXPERIMENTAL_$ALGO $xcflags"; } - elsif (/^--with-krb5-flavor=(.*)$/) - { - my $krb5_flavor = $1; - if ($krb5_flavor =~ /^force-[Hh]eimdal$/) - { - $xcflags="-DKRB5_HEIMDAL $xcflags"; - } - elsif ($krb5_flavor =~ /^MIT/i) - { - $xcflags="-DKRB5_MIT $xcflags"; - if ($krb5_flavor =~ /^MIT[._-]*1[._-]*[01]/i) - { - $xcflags="-DKRB5_MIT_OLD11 $xcflags" - } - } - } elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; } elsif (/^-[lL].*$/) { $l_flags.="$_ "; } elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/) @@ -1162,3 +1500,31 @@ sub read_options else { return(0); } return(1); } + +sub fipslib_error + { + print STDERR "***FIPS module directory sanity check failed***\n"; + print STDERR "FIPS module build failed, or was deleted\n"; + print STDERR "Please rebuild FIPS module.\n"; + exit 1; + } + +sub fips_check_files + { + my $dir = shift @_; + my $ret = 1; + if (!-d $dir) + { + print STDERR "FIPS module directory $dir does not exist\n"; + fipslib_error(); + } + foreach (@_) + { + if (!-f "$dir${o}$_") + { + print STDERR "FIPS module file $_ does not exist!\n"; + $ret = 0; + } + } + fipslib_error() if ($ret == 0); + }