"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-# Android: linux-armv4 but without -DTERMIO and pointers to headers and libs.
-"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# Android: linux-* but without -DTERMIO and pointers to headers and libs.
+"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### *BSD [do see comment about ${BSDthreads} above!]
"BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
my $perl;
my $fips=0;
-
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
my %disabled = ( # "what" => "comment" [or special keyword "experimental"]
+ "ec-nistp224-64-gcc-128" => "default",
"gmp" => "default",
"jpake" => "experimental",
"md2" => "default",
);
my @experimental = ();
+# If ssl directory missing assume truncated FIPS tarball
+if (!-d "ssl")
+ {
+ print STDERR "Auto Configuring fipsonly\n";
+ $fips = 1;
+ $nofipscanistercheck = 1;
+ $fipslibdir="";
+ $fipscanisterinternal="y";
+ $fipscanisteronly = 2;
+ if (! -f "crypto/bn/bn_gf2m.c" )
+ {
+ $disabled{ec2m} = "forced";
+ }
+ }
+
# This is what $depflags will look like with the above defaults
# (we need this to see if we should advise the user to run "make depend"):
my $default_depflags = " -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_STORE";
else
{
my ($ALGO, $algo);
- ($ALGO = $algo = $_) =~ tr/[a-z]/[A-Z]/;
+ ($ALGO = $algo = $_) =~ tr/[\-a-z]/[_A-Z]/;
if (/^asm$/ || /^err$/ || /^hw$/ || /^hw-/)
{
}
my $exp_cflags = "";
+
+if ($fipscanisteronly == 2)
+ {
+print STDERR "ADDING FIPSSYM\n";
+ $exp_cflags .= " -DOPENSSL_FIPSSYMS";
+ }
+
foreach (sort @experimental)
{
my $ALGO;
s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/;
}
s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/;
+ if ($fipscanisteronly == 2 && exists $disabled{"ec2m"})
+ {
+ next if (/ec2_/ || /bn_gf2m/);
+ }
print OUT $_."\n";
}
close(IN);
&dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
}
- if ($depflags ne $default_depflags && !$make_depend) {
+ if ($depflags ne $default_depflags && !$make_depend && $fipscanisteronly != 2) {
print <<EOF;
Since you've disabled or enabled at least one algorithm, you need to do
(http://csrc.nist.gov/cryptval/) in any application requiring the use of FIPS
140-2 validated software.
-This is an OpenSSL 1.1.0 test version.
+This is a test OpenSSL 2.0 FIPS module.
See the file README.FIPS for details of how to build a test library.
projects / openssl.git / blobdiff