my $perl;
my $fips=0;
-
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
my %disabled = ( # "what" => "comment" [or special keyword "experimental"]
);
my @experimental = ();
+# If ssl directory missing assume truncated FIPS tarball
+if (!-d "ssl")
+ {
+ print STDERR "Auto Configuring fipsonly\n";
+ $fips = 1;
+ $nofipscanistercheck = 1;
+ $fipslibdir="";
+ $fipscanisterinternal="y";
+ $fipscanisteronly = 2;
+ if (! -f "crypto/bn/bn_gf2m.c" )
+ {
+ $disabled{ec2m} = "forced";
+ }
+ }
+
# This is what $depflags will look like with the above defaults
# (we need this to see if we should advise the user to run "make depend"):
my $default_depflags = " -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_STORE";
}
my $exp_cflags = "";
+
+if ($fipscanisteronly == 2)
+ {
+print STDERR "ADDING FIPSSYM\n";
+ $exp_cflags .= " -DOPENSSL_FIPSSYMS";
+ }
+
foreach (sort @experimental)
{
my $ALGO;
s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/;
}
s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/;
+ if ($fipscanisteronly == 2 && exists $disabled{"ec2m"})
+ {
+ next if (/ec2_/ || /bn_gf2m/);
+ }
print OUT $_."\n";
}
close(IN);
&dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
}
- if ($depflags ne $default_depflags && !$make_depend) {
+ if ($depflags ne $default_depflags && !$make_depend && $fipscanisteronly != 2) {
print <<EOF;
Since you've disabled or enabled at least one algorithm, you need to do
(http://csrc.nist.gov/cryptval/) in any application requiring the use of FIPS
140-2 validated software.
-This is an OpenSSL 1.1.0 test version.
+This is a test OpenSSL 2.0 FIPS module.
See the file README.FIPS for details of how to build a test library.