my $no_static_engine = 1;
my $engines = "";
+my @engines_obj = "";
my $otherlibs = "";
local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic
local $zlib_lib = "";
RMD160_ASM_OBJ => \$mf_rmd_asm,
WP_ASM_OBJ => \$mf_wp_asm,
CMLL_ENC => \$mf_cm_asm,
- MODES_ASM_OBJ => \$mf_modes_asm
+ MODES_ASM_OBJ => \$mf_modes_asm,
+ FIPSCANISTERONLY => \$mf_fipscanisteronly,
+ FIPSCANISTERINTERNAL => \$mf_fipscanisterinternal
);
open(IN,"<Makefile") || die "unable to open Makefile!\n";
$debug = 1 if $mf_platform =~ /^debug-/;
+if ($mf_fipscanisterinternal eq "y") {
+ $fips = 1;
+ $fipscanisterbuild = 1;
+ $fipscanisteronly = 1;
+}
+
+
die "Makefile is not the toplevel Makefile!\n" if $ssl_version eq "";
$infile="MINFO";
just-ssl - remove all non-ssl keys/digest
no-asm - No x86 asm
no-krb5 - No KRB5
+ no-srp - No SRP
no-ec - No EC
no-ecdsa - No ECDSA
no-ecdh - No ECDH
$cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2;
$cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3;
$cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext;
+$cflags.=" -DOPENSSL_NO_SRP" if $no_srp;
$cflags.=" -DOPENSSL_NO_CMS" if $no_cms;
$cflags.=" -DOPENSSL_NO_ERR" if $no_err;
$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
if ($key eq "HEADER")
{ $header.=&var_add($dir,$val, 1); }
- if ($key eq "LIBOBJ" && ($dir ne "engines" || !$no_static_engine))
+ if ($key eq "LIBOBJ")
+ {
+ if ($dir ne "engines" || !$no_static_engine)
{ $libobj=&var_add($dir,$val, 0); }
+ else
+ { push(@engines_obj,split(/\s+/,&var_add($dir,$val,0))); }
+ }
if ($key eq "LIBNAMES" && $dir eq "engines" && $no_static_engine)
{ $engines.=$val }
$build_targets = "\$(O_FIPSCANISTER) \$(T_EXE)";
$libs_dep = "";
}
-
-if ($shlib)
+$cp2 = $cp unless defined $cp2;
+
+$extra_install= <<"EOF";
+ \$(CP) \"\$(INCO_D)${o}*.\[ch\]\" \"\$(INSTALLTOP)${o}include${o}openssl\"
+ \$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin\"
+ \$(MKDIR) \"\$(OPENSSLDIR)\"
+ \$(CP) apps${o}openssl.cnf \"\$(OPENSSLDIR)\"
+EOF
+
+if ($fipscanisteronly)
{
- $extra_install= <<"EOF";
+ $extra_install = <<"EOF";
+ \$(CP) \"\$(O_FIPSCANISTER)\" \"\$(INSTALLTOP)${o}lib\"
+ \$(CP) \"\$(O_FIPSCANISTER).sha1\" \"\$(INSTALLTOP)${o}lib\"
+ \$(CP2) \"fips${o}fips_premain.c\" \"\$(INSTALLTOP)${o}lib\"
+ \$(CP) \"fips${o}fips_premain.c.sha1\" \"\$(INSTALLTOP)${o}lib\"
+ \$(CP) \"\$(INCO_D)${o}fips.h\" \"\$(INSTALLTOP)${o}include${o}openssl\"
+ \$(CP) \"\$(INCO_D)${o}fips_rand.h\" \"\$(INSTALLTOP)${o}include${o}openssl\"
+ \$(CP) "\$(BIN_D)${o}fips_standalone_sha1$exep" \"\$(INSTALLTOP)${o}bin\"
+ \$(CP) \"util${o}fipslink.pl\" \"\$(INSTALLTOP)${o}bin\"
+EOF
+ }
+elsif ($shlib)
+ {
+ $extra_install .= <<"EOF";
\$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}bin\"
\$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}bin\"
\$(CP) \"\$(L_SSL)\" \"\$(INSTALLTOP)${o}lib\"
}
else
{
- $extra_install= <<"EOF";
+ $extra_install .= <<"EOF";
\$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}lib\"
\$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}lib\"
EOF
PERL=$perl
CP=$cp
+CP2=$cp2
RM=$rm
RANLIB=$ranlib
MKDIR=$mkdir
\$(MKDIR) \"\$(INSTALLTOP)${o}include\"
\$(MKDIR) \"\$(INSTALLTOP)${o}include${o}openssl\"
\$(MKDIR) \"\$(INSTALLTOP)${o}lib\"
- \$(CP) \"\$(INCO_D)${o}*.\[ch\]\" \"\$(INSTALLTOP)${o}include${o}openssl\"
- \$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin\"
- \$(MKDIR) \"\$(OPENSSLDIR)\"
- \$(CP) apps${o}openssl.cnf \"\$(OPENSSLDIR)\"
$extra_install
foreach (split(/\s+/,$engines))
{
- $rules.=&do_compile_rule("\$(OBJ_D)","engines${o}e_$_",$lib);
- $rules.= &do_lib_rule("\$(OBJ_D)${o}e_${_}.obj","\$(ENG_D)$o$_$shlibp","",$shlib,"");
+ my $engine = $_;
+ my @objs = grep(/$engine/,@engines_obj);
+ $rules.=&do_compile_rule("\$(OBJ_D)",join(" ",@objs),$lib);
+ map {$_=~s/[^\/]*\/*([^\/]+)/\$(OBJ_D)${o}$1.obj/} @objs;
+ $rules.= &do_lib_rule(join(" ",@objs),"\$(ENG_D)$o$engine$shlibp","",$shlib,"");
}
{
$rules.= &do_lib_rule("\$(CRYPTOOBJ)",
"\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
- $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(FIPSOBJ)",
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
"\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", "");
}
}
@a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
@a=grep(!/_mdc2$/,@a) if $no_mdc2;
+ @a=grep(!/(srp)/,@a) if $no_srp;
+
@a=grep(!/^engine$/,@a) if $no_engine;
@a=grep(!/^hw$/,@a) if $no_hw;
@a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa;
{
my($target,$source,$bname)=@_;
my($ret);
-
$bname =~ s/(.*)\.[^\.]$/$1/;
$ret ="\$(TMP_D)$o$bname.asm: $source\n";
- $ret.="\t\$(PERL) $source $asmtype \$(CFLAG) >\$\@\n\n";
+ $ret.="\t\$(PERL) $source $asmtype \$(CFLAG) >\$\@\n";
+ if ($fipscanisteronly)
+ {
+ $ret .= "\t\$(PERL) util\\fipsas.pl . \$@ norunasm \$(CFLAG)\n";
+ }
+ $ret .= "\n";
$ret.="$target: \$(TMP_D)$o$bname.asm\n";
$ret.="\t\$(ASM) $afile\$\@ \$(TMP_D)$o$bname.asm\n\n";
return($ret);
"no-ssl2" => \$no_ssl2,
"no-ssl3" => \$no_ssl3,
"no-tlsext" => \$no_tlsext,
+ "no-srp" => \$no_srp,
"no-cms" => \$no_cms,
"no-jpake" => \$no_jpake,
"no-ec2m" => \$no_ec2m,
+ "no-ec_nistp_64_gcc_128" => 0,
"no-err" => \$no_err,
"no-sock" => \$no_sock,
"no-krb5" => \$no_krb5,
[\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast,
\$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh,
\$no_ssl2, \$no_err, \$no_ripemd, \$no_rc5,
- \$no_aes, \$no_camellia, \$no_seed],
+ \$no_aes, \$no_camellia, \$no_seed, \$no_srp],
"rsaref" => 0,
"gcc" => \$gcc,
"debug" => \$debug,
"fips" => \$fips,
"fipscanisterbuild" => [\$fips, \$fipscanisterbuild],
"fipscanisteronly" => [\$fips, \$fipscanisterbuild, \$fipscanisteronly],
+ "fipscheck" => [\$fips, \$fipscanisterbuild, \$fipscanisteronly],
);
if (exists $valid_options{$_})