my $no_static_engine = 1;
my $engines = "";
+my @engines_obj = "";
+my $otherlibs = "";
local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic
local $zlib_lib = "";
local $perl_asm = 0; # 1 to autobuild asm files from perl scripts
+local $fips_canister_path = "";
+my $fips_premain_dso_exe_path = "";
+my $fips_premain_c_path = "";
+my $fips_sha1_exe_path = "";
+
+local $fipscanisterbuild = 0;
+
+my $fipscanisteronly = 0;
+
+my $fipslibdir = "";
+my $baseaddr = "";
+
+my $ex_l_libs = "";
+
+my $build_targets = "lib exe";
+my $libs_dep = "\$(O_CRYPTO) \$(O_SSL)";
+
# Options to import from top level Makefile
my %mf_import = (
INSTALLTOP => \$INSTALLTOP,
OPENSSLDIR => \$OPENSSLDIR,
PLATFORM => \$mf_platform,
+ CC => \$mf_cc,
CFLAG => \$mf_cflag,
DEPFLAG => \$mf_depflag,
CPUID_OBJ => \$mf_cpuid_asm,
SHA1_ASM_OBJ => \$mf_sha_asm,
RMD160_ASM_OBJ => \$mf_rmd_asm,
WP_ASM_OBJ => \$mf_wp_asm,
- CMLL_ENC => \$mf_cm_asm
+ CMLL_ENC => \$mf_cm_asm,
+ MODES_ASM_OBJ => \$mf_modes_asm,
+ FIPSCANISTERONLY => \$mf_fipscanisteronly,
+ FIPSCANISTERINTERNAL => \$mf_fipscanisterinternal
);
-
open(IN,"<Makefile") || die "unable to open Makefile!\n";
while(<IN>) {
my ($mf_opt, $mf_ref);
}
close(IN);
+$debug = 1 if $mf_platform =~ /^debug-/;
+
+if ($mf_fipscanisterinternal eq "y") {
+ $fips = 1;
+ $fipscanisterbuild = 1;
+ $fipscanisteronly = 1;
+}
+
+
die "Makefile is not the toplevel Makefile!\n" if $ssl_version eq "";
$infile="MINFO";
just-ssl - remove all non-ssl keys/digest
no-asm - No x86 asm
no-krb5 - No KRB5
+ no-srp - No SRP
no-ec - No EC
no-ecdsa - No ECDSA
no-ecdh - No ECDH
push(@INC,"util/pl","pl");
if ($platform eq "auto") {
+ $orig_platform = $platform;
$platform = $mf_platform;
print STDERR "Imported platform $mf_platform\n";
}
$cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2;
$cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3;
$cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext;
+$cflags.=" -DOPENSSL_NO_SRP" if $no_srp;
$cflags.=" -DOPENSSL_NO_CMS" if $no_cms;
$cflags.=" -DOPENSSL_NO_ERR" if $no_err;
$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
$cflags.=" -DOPENSSL_NO_EC" if $no_ec;
$cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa;
$cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh;
+$cflags.=" -DOPENSSL_NO_GOST" if $no_gost;
$cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine;
$cflags.=" -DOPENSSL_NO_HW" if $no_hw;
+$cflags.=" -DOPENSSL_FIPS" if $fips;
$cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake;
+$cflags.=" -DOPENSSL_NO_EC2M" if $no_ec2m;
$cflags.= " -DZLIB" if $zlib_opt;
$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
##else
{ $cflags="$c_flags$cflags" if ($c_flags ne ""); }
+$cflags = $mf_cflag if $orig_platform eq 'auto';
+$cc = $mf_cc if $orig_platform eq 'auto';
+
$ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
$_=<IN>;
for (;;)
{
- chop;
+ s/\s*$//; # was chop, didn't work in mixture of perls for Windows...
($key,$val)=/^([^=]+)=(.*)/;
if ($key eq "RELATIVE_DIRECTORY")
{
if ($lib ne "")
{
- $uc=$lib;
- $uc =~ s/^lib(.*)\.a/$1/;
- $uc =~ tr/a-z/A-Z/;
- $lib_nam{$uc}=$uc;
- $lib_obj{$uc}.=$libobj." ";
+ if ($fips && $dir =~ /^fips/)
+ {
+ $uc = "FIPS";
+ }
+ else
+ {
+ $uc=$lib;
+ $uc =~ s/^lib(.*)\.a/$1/;
+ $uc =~ tr/a-z/A-Z/;
+ }
+ if (($uc ne "FIPS") || $fipscanisterbuild)
+ {
+ $lib_nam{$uc}=$uc;
+ $lib_obj{$uc}.=$libobj." ";
+ }
}
last if ($val eq "FINISHED");
$lib="";
if ($key eq "LIBKRB5")
{ $ex_libs .= " $val" if $val ne "";}
- if ($key eq "TEST")
+ if ($key eq "TEST" && (!$fipscanisteronly || $dir =~ /^fips/ ))
{ $test.=&var_add($dir,$val, 0); }
if (($key eq "PROGS") || ($key eq "E_OBJ"))
$lib=$val;
$lib =~ s/^.*\/([^\/]+)$/$1/;
}
+ if ($key eq "LIBNAME" && $no_static_engine)
+ {
+ $lib=$val;
+ $lib =~ s/^.*\/([^\/]+)$/$1/;
+ $otherlibs .= " $lib";
+ }
if ($key eq "EXHEADER")
{ $exheader.=&var_add($dir,$val, 1); }
if ($key eq "HEADER")
{ $header.=&var_add($dir,$val, 1); }
- if ($key eq "LIBOBJ" && ($dir ne "engines" || !$no_static_engine))
+ if ($key eq "LIBOBJ")
+ {
+ if ($dir ne "engines" || !$no_static_engine)
{ $libobj=&var_add($dir,$val, 0); }
+ else
+ { push(@engines_obj,split(/\s+/,&var_add($dir,$val,0))); }
+ }
if ($key eq "LIBNAMES" && $dir eq "engines" && $no_static_engine)
{ $engines.=$val }
+ if ($key eq "FIPS_EX_OBJ")
+ {
+ $fips_ex_obj=&var_add("crypto",$val,0);
+ }
+
+ if ($key eq "FIPSLIBDIR")
+ {
+ $fipslibdir=$val;
+ $fipslibdir =~ s/\/$//;
+ $fipslibdir =~ s/\//$o/g;
+ }
+
+ if ($key eq "BASEADDR")
+ { $baseaddr=$val;}
+
if (!($_=<IN>))
{ $_="RELATIVE_DIRECTORY=FINISHED\n"; }
}
close(IN);
-if ($shlib)
+if ($fips)
{
- $extra_install= <<"EOF";
+
+ foreach (split " ", $fips_ex_obj)
+ {
+ $fips_exclude_obj{$1} = 1 if (/\/([^\/]*)$/);
+ }
+ foreach (split " ",
+ "$mf_cpuid_asm $mf_aes_asm $mf_sha_asm $mf_bn_asm " .
+ "$mf_des_asm $mf_modes_asm")
+ {
+ s/\.o//;
+ $fips_exclude_obj{$_} = 1;
+ }
+ my @ltmp = split " ", $lib_obj{"CRYPTO"};
+
+
+ $lib_obj{"CRYPTO"} = "";
+
+ foreach(@ltmp)
+ {
+ if (/\/([^\/]*)$/ && exists $fips_exclude_obj{$1})
+ {
+ if ($fipscanisterbuild)
+ {
+ $lib_obj{"FIPS"} .= "$_ ";
+ }
+ }
+ elsif (!$fipscanisteronly)
+ {
+ $lib_obj{"CRYPTO"} .= "$_ ";
+ }
+ }
+
+ }
+
+if ($fipscanisterbuild)
+ {
+ $fips_canister_path = "\$(LIB_D)${o}fipscanister.lib" if $fips_canister_path eq "";
+ $fips_premain_c_path = "\$(LIB_D)${o}fips_premain.c";
+ }
+else
+ {
+ if ($fips_canister_path eq "")
+ {
+ $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.lib";
+ }
+
+ if ($fips_premain_c_path eq "")
+ {
+ $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c";
+ }
+ }
+
+if ($fips)
+ {
+ if ($fips_sha1_exe_path eq "")
+ {
+ $fips_sha1_exe_path =
+ "\$(BIN_D)${o}fips_standalone_sha1$exep";
+ }
+ }
+ else
+ {
+ $fips_sha1_exe_path = "";
+ }
+
+if ($fips_premain_dso_exe_path eq "")
+ {
+ $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep";
+ }
+
+# $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips);
+
+if ($fips)
+ {
+ if (!$shlib)
+ {
+ $build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)";
+ $ex_l_libs .= " \$(O_FIPSCANISTER)";
+ $ex_libs_dep .= " \$(O_FIPSCANISTER)" if $fipscanisterbuild;
+ }
+ if ($fipscanisterbuild)
+ {
+ $fipslibdir = "\$(LIB_D)";
+ }
+ else
+ {
+ if ($fipslibdir eq "")
+ {
+ open (IN, "util/fipslib_path.txt") || fipslib_error();
+ $fipslibdir = <IN>;
+ chomp $fipslibdir;
+ close IN;
+ }
+ fips_check_files($fipslibdir,
+ "fipscanister.lib", "fipscanister.lib.sha1",
+ "fips_premain.c", "fips_premain.c.sha1");
+ }
+ }
+
+if ($fipscanisteronly)
+ {
+ $build_targets = "\$(O_FIPSCANISTER) \$(T_EXE)";
+ $libs_dep = "";
+ }
+
+$cp2 = $cp unless defined $cp2;
+
+$extra_install= <<"EOF";
+ \$(CP) \"\$(INCO_D)${o}*.\[ch\]\" \"\$(INSTALLTOP)${o}include${o}openssl\"
+ \$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin\"
+ \$(MKDIR) \"\$(OPENSSLDIR)\"
+ \$(CP) apps${o}openssl.cnf \"\$(OPENSSLDIR)\"
+EOF
+
+if ($fipscanisteronly)
+ {
+ $extra_install = <<"EOF";
+ \$(CP) \"\$(O_FIPSCANISTER)\" \"\$(INSTALLTOP)${o}lib\"
+ \$(CP) \"\$(O_FIPSCANISTER).sha1\" \"\$(INSTALLTOP)${o}lib\"
+ \$(CP2) \"fips${o}fips_premain.c\" \"\$(INSTALLTOP)${o}lib\"
+ \$(CP) \"fips${o}fips_premain.c.sha1\" \"\$(INSTALLTOP)${o}lib\"
+ \$(CP) \"\$(INCO_D)${o}fips.h\" \"\$(INSTALLTOP)${o}include${o}openssl\"
+ \$(CP) \"\$(INCO_D)${o}fips_rand.h\" \"\$(INSTALLTOP)${o}include${o}openssl\"
+ \$(CP) "\$(BIN_D)${o}fips_standalone_sha1$exep" \"\$(INSTALLTOP)${o}bin\"
+ \$(CP) \"util${o}fipslink.pl\" \"\$(INSTALLTOP)${o}bin\"
+EOF
+ }
+elsif ($shlib)
+ {
+ $extra_install .= <<"EOF";
\$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}bin\"
\$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}bin\"
\$(CP) \"\$(L_SSL)\" \"\$(INSTALLTOP)${o}lib\"
}
else
{
- $extra_install= <<"EOF";
+ $extra_install .= <<"EOF";
\$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}lib\"
\$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}lib\"
EOF
LINK=$link
LFLAGS=$lflags
RSC=$rsc
+FIPSLINK=\$(PERL) util${o}fipslink.pl
-# The output directory for everything intersting
+# The output directory for everything interesting
OUT_D=$out_dir
# The output directory for all the temporary muck
TMP_D=$tmp_dir
PERL=$perl
CP=$cp
+CP2=$cp2
RM=$rm
RANLIB=$ranlib
MKDIR=$mkdir
MLFLAGS=$mlflags
ASM=$bin_dir$asm
+# FIPS validated module and support file locations
+
+E_PREMAIN_DSO=fips_premain_dso
+
+FIPSLIB_D=$fipslibdir
+BASEADDR=$baseaddr
+FIPS_PREMAIN_SRC=$fips_premain_c_path
+O_FIPSCANISTER=$fips_canister_path
+FIPS_SHA1_EXE=$fips_sha1_exe_path
+PREMAIN_DSO_EXE=$fips_premain_dso_exe_path
+
######################################################
# You should not need to touch anything below this point
######################################################
L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp
L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp
-L_LIBS= \$(L_SSL) \$(L_CRYPTO)
+L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs
######################################################
# Don't touch anything below this point
APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
-LIBS_DEP=\$(O_CRYPTO) \$(O_SSL)
+LIBS_DEP=$libs_dep
#############################################
EOF
$rules=<<"EOF";
-all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe
+all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) $build_targets
banner:
$banner
\$(MKDIR) \"\$(INC_D)\"
headers: \$(HEADER) \$(EXHEADER)
- @
lib: \$(LIBS_DEP) \$(E_SHLIB)
\$(MKDIR) \"\$(INSTALLTOP)${o}include\"
\$(MKDIR) \"\$(INSTALLTOP)${o}include${o}openssl\"
\$(MKDIR) \"\$(INSTALLTOP)${o}lib\"
- \$(CP) \"\$(INCO_D)${o}*.\[ch\]\" \"\$(INSTALLTOP)${o}include${o}openssl\"
- \$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin\"
- \$(MKDIR) \"\$(OPENSSLDIR)\"
- \$(CP) apps${o}openssl.cnf \"\$(OPENSSLDIR)\"
$extra_install
\$(RM) \$(TMP_D)$o*.*
\$(RM) \$(OUT_D)$o*.*
+reallyclean:
+ \$(RM) -rf \$(TMP_D)
+ \$(RM) -rf \$(BIN_D)
+ \$(RM) -rf \$(TEST_D)
+ \$(RM) -rf \$(LIB_D)
+ \$(RM) -rf \$(INC_D)
+
EOF
my $platform_cpp_symbol = "MK1MF_PLATFORM_$platform";
printf OUT "#endif\n";
close(OUT);
-# Strip of trailing ' '
+# Strip off trailing ' '
foreach (keys %lib_obj) { $lib_obj{$_}=&clean_up_ws($lib_obj{$_}); }
$test=&clean_up_ws($test);
$e_exe=&clean_up_ws($e_exe);
$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
+# Special case rules for fips_start and fips_end fips_premain_dso
+
+if ($fips)
+ {
+ if ($fipscanisterbuild)
+ {
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj",
+ "fips${o}fips_canister.c",
+ "-DFIPS_START \$(SHLIB_CFLAGS)");
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj",
+ "fips${o}fips_canister.c", "\$(SHLIB_CFLAGS)");
+ }
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj",
+ "fips${o}sha${o}fips_standalone_sha1.c",
+ "\$(APP_CFLAGS)");
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj",
+ "fips${o}fips_premain.c",
+ "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(APP_CFLAGS)");
+ }
+
foreach (values %lib_nam)
{
$lib_obj=$lib_obj{$_};
}
# hack to add version info on MSVC
-if (($platform eq "VC-WIN32") || ($platform eq "VC-NT")) {
+if (($platform eq "VC-WIN32") || ($platform eq "VC-WIN64A")
+ || ($platform eq "VC-WIN64I") || ($platform eq "VC-NT")) {
$rules.= <<"EOF";
\$(OBJ_D)\\\$(CRYPTO).res: ms\\version32.rc
\$(RSC) /fo"\$(OBJ_D)\\\$(CRYPTO).res" /d CRYPTO ms\\version32.rc
$defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep);
foreach (split(/\s+/,$test))
{
+ my $t_libs;
$t=&bname($_);
+ my $ltype;
+ # Check to see if test program is FIPS
+ if ($fips && /fips/)
+ {
+ # If fips perform static link to
+ # $(O_FIPSCANISTER)
+ $t_libs = "\$(O_FIPSCANISTER)";
+ $ltype = 2;
+ }
+ else
+ {
+ $t_libs = "\$(L_LIBS)";
+ $ltype = 0;
+ }
+
$tt="\$(OBJ_D)${o}$t${obj}";
- $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
+ $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","$t_libs \$(EX_LIBS)", $ltype);
}
-$defs.=&do_defs("E_SHLIB",$engines,"\$(ENG_D)",$shlibp);
+$defs.=&do_defs("E_SHLIB",$engines . $otherlibs,"\$(ENG_D)",$shlibp);
foreach (split(/\s+/,$engines))
{
- $rules.=&do_compile_rule("\$(OBJ_D)","engines${o}e_$_",$lib);
- $rules.= &do_lib_rule("\$(OBJ_D)${o}e_${_}.obj","\$(ENG_D)$o$_$shlibp","",$shlib,"");
+ my $engine = $_;
+ my @objs = grep {/e_$engine/} @engines_obj;
+ $rules.=&do_compile_rule("\$(OBJ_D)",join(" ",@objs),$lib);
+ map {$_=~s/.*\/([^\/]+)$/\$(OBJ_D)${o}$1$obj/} @objs;
+ $rules.= &do_lib_rule(join(" ",@objs),"\$(ENG_D)$o$engine$shlibp","",$shlib,"");
}
$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
-$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");
+#$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");
+
+foreach (split(" ",$otherlibs))
+ {
+ my $uc = $_;
+ $uc =~ tr /a-z/A-Z/;
+ $rules.= &do_lib_rule("\$(${uc}OBJ)","\$(ENG_D)$o$_$shlibp", "", $shlib, "");
-$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
+ }
+
+if ($fips)
+ {
+ if ($shlib)
+ {
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
+ "\$(O_CRYPTO)", "$crypto",
+ $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
+ }
+ else
+ {
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
+ "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
+ "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", "");
+ }
+ }
+ else
+ {
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,
+ "\$(SO_CRYPTO)");
+ }
+
+if ($fips)
+ {
+ if ($fipscanisterbuild)
+ {
+ $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)",
+ "\$(OBJ_D)${o}fips_start$obj",
+ "\$(FIPSOBJ)",
+ "\$(OBJ_D)${o}fips_end$obj",
+ "\$(FIPS_SHA1_EXE)", "");
+ # FIXME
+ $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)",
+ "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}sha1dgst$obj $sha1_asm_obj",
+ "","\$(EX_LIBS)", 1);
+ }
+ else
+ {
+ $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)",
+ "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(O_FIPSCANISTER)",
+ "","", 1);
+
+ }
+ $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1);
+
+ }
+
+$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)", ($fips && !$shlib) ? 2 : 0);
print $defs;
return("") if $no_dsa && $dir =~ /\/dsa/;
return("") if $no_dh && $dir =~ /\/dh/;
return("") if $no_ec && $dir =~ /\/ec/;
+ return("") if $no_gost && $dir =~ /\/ccgost/;
return("") if $no_cms && $dir =~ /\/cms/;
return("") if $no_jpake && $dir =~ /\/jpake/;
+ return("") if !$fips && $dir =~ /^fips/;
if ($no_des && $dir =~ /\/des/)
{
if ($val =~ /read_pwd/)
@a=grep(!/^e_camellia$/,@a) if $no_camellia;
@a=grep(!/^e_seed$/,@a) if $no_seed;
- @a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
- @a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3;
+ #@a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
+ #@a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3;
@a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock;
@a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
@a=grep(!/_mdc2$/,@a) if $no_mdc2;
+ @a=grep(!/(srp)/,@a) if $no_srp;
+
@a=grep(!/^engine$/,@a) if $no_engine;
@a=grep(!/^hw$/,@a) if $no_hw;
@a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa;
$ret.=$t;
}
# hack to add version info on MSVC
- if ($shlib && (($platform eq "VC-WIN32") || ($platform eq "VC-NT")))
+ if ($shlib && (($platform eq "VC-WIN32") || ($platfrom eq "VC-WIN64I") || ($platform eq "VC-WIN64A") || ($platform eq "VC-NT")))
{
if ($var eq "CRYPTOOBJ")
{ $ret.="\$(OBJ_D)\\\$(CRYPTO).res "; }
{
my($target,$source,$bname)=@_;
my($ret);
-
$bname =~ s/(.*)\.[^\.]$/$1/;
$ret ="\$(TMP_D)$o$bname.asm: $source\n";
- $ret.="\t\$(PERL) $source $asmtype \$(CFLAG) >\$\@\n\n";
+ $ret.="\t\$(PERL) $source $asmtype \$(CFLAG) >\$\@\n";
+ if ($fipscanisteronly)
+ {
+ $ret .= "\t\$(PERL) util\\fipsas.pl . \$@ norunasm \$(CFLAG)\n";
+ }
+ $ret .= "\n";
$ret.="$target: \$(TMP_D)$o$bname.asm\n";
$ret.="\t\$(ASM) $afile\$\@ \$(TMP_D)$o$bname.asm\n\n";
return($ret);
$bname =~ s/(.*)\.[^\.]$/$1/;
$ret ="\$(TMP_D)$o$bname.asm: $source\n";
- $ret.="\t\$(CC) -E \$(CFLAG) $source >\$\@\n\n";
+ $ret.="\t\$(CC) -E \$(CFLAG) $source >\$\@\n";
+ $ret.="\t\$(PERL) util\\fipsas.pl . \$@ norunasm \$(CFLAG)\n" if $fipscanisteronly;
+ $ret.="\n";
$ret.="$target: \$(TMP_D)$o$bname.asm\n";
$ret.="\t\$(ASM) $afile\$\@ \$(TMP_D)$o$bname.asm\n\n";
return($ret);
$ex_flags.=" -DMK1MF_BUILD -D$platform_cpp_symbol" if ($source =~ /cversion/);
$target =~ s/\//$o/g if $o ne "/";
$source =~ s/\//$o/g if $o ne "/";
- $ret ="$target: \$(SRC_D)$o$source\n\t";
+# FIXME: do dependencies instead of all headers.
+ $ret ="$target: \$(SRC_D)$o$source \$(HEADER) \$(EXHEADER)\n\t";
$ret.="\$(CC) ${ofile}$target $ex_flags -c \$(SRC_D)$o$source\n\n";
return($ret);
}
if ($n =~ /bss_file/)
{ $pp=".c"; }
else { $pp=$p; }
- $ret.="$to${o}$n$pp: \$(SRC_D)$o$_$pp\n\t\$(CP) \"\$(SRC_D)$o$_$pp\" \"$to${o}$n$pp\"\n\n";
+ $ret.="$to${o}$n$pp: \$(SRC_D)$o$_$pp $to\n\t\$(CP) \"\$(SRC_D)$o$_$pp\" \"$to${o}$n$pp\"\n\n";
}
return($ret);
}
"no-ssl2" => \$no_ssl2,
"no-ssl3" => \$no_ssl3,
"no-tlsext" => \$no_tlsext,
+ "no-srp" => \$no_srp,
"no-cms" => \$no_cms,
"no-jpake" => \$no_jpake,
+ "no-ec2m" => \$no_ec2m,
+ "no-ec_nistp_64_gcc_128" => 0,
"no-err" => \$no_err,
"no-sock" => \$no_sock,
"no-krb5" => \$no_krb5,
"no-ec" => \$no_ec,
"no-ecdsa" => \$no_ecdsa,
"no-ecdh" => \$no_ecdh,
+ "no-gost" => \$no_gost,
"no-engine" => \$no_engine,
"no-hw" => \$no_hw,
"just-ssl" =>
[\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast,
\$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh,
\$no_ssl2, \$no_err, \$no_ripemd, \$no_rc5,
- \$no_aes, \$no_camellia, \$no_seed],
+ \$no_aes, \$no_camellia, \$no_seed, \$no_srp],
"rsaref" => 0,
"gcc" => \$gcc,
"debug" => \$debug,
"shlib" => \$shlib,
"dll" => \$shlib,
"shared" => 0,
+ "no-sctp" => 0,
"no-gmp" => 0,
"no-rfc3779" => 0,
"no-montasm" => 0,
"no-shared" => 0,
+ "no-store" => 0,
"no-zlib" => 0,
"no-zlib-dynamic" => 0,
+ "no-ssl-trace" => 0,
+ "fips" => \$fips,
+ "fipscanisterbuild" => [\$fips, \$fipscanisterbuild],
+ "fipscanisteronly" => [\$fips, \$fipscanisterbuild, \$fipscanisteronly],
+ "fipscheck" => [\$fips, \$fipscanisterbuild, \$fipscanisteronly],
);
if (exists $valid_options{$_})
else { return(0); }
return(1);
}
+
+sub fipslib_error
+ {
+ print STDERR "***FIPS module directory sanity check failed***\n";
+ print STDERR "FIPS module build failed, or was deleted\n";
+ print STDERR "Please rebuild FIPS module.\n";
+ exit 1;
+ }
+
+sub fips_check_files
+ {
+ my $dir = shift @_;
+ my $ret = 1;
+ if (!-d $dir)
+ {
+ print STDERR "FIPS module directory $dir does not exist\n";
+ fipslib_error();
+ }
+ foreach (@_)
+ {
+ if (!-f "$dir${o}$_")
+ {
+ print STDERR "FIPS module file $_ does not exist!\n";
+ $ret = 0;
+ }
+ }
+ fipslib_error() if ($ret == 0);
+ }