X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=Configure;h=8b5efd6b1be154e1c84e4d7aa3a8f9313eed9e30;hp=e2efb5b864b479e1c2524cf230baf9d2e578d2ee;hb=1d5121552d9bbe8c03f4550ba8bbac72202cee7a;hpb=e822c756b66024d49ab936bf77b745206660fcd2 diff --git a/Configure b/Configure index e2efb5b864..8b5efd6b1b 100755 --- a/Configure +++ b/Configure @@ -123,19 +123,19 @@ my $tlib="-lnsl -lsocket"; my $bits1="THIRTY_TWO_BIT "; my $bits2="SIXTY_FOUR_BIT "; -my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes-586.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o"; +my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o:des-586.o crypt586.o:aes-586.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o"; my $x86_elf_asm="$x86_asm:elf"; -my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o aesni-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o"; +my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-gf2m.o modexp512-x86_64.o::aes-x86_64.o aesni-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o"; my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o:void"; my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::ghash-sparcv9.o:void"; my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o::::::::::::void"; my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o:::::sha1-alpha.o:::::::ghash-alpha.o:void"; my $mips32_asm=":bn-mips.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o:::::::"; my $mips64_asm=":bn-mips.o mips-mont.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o:::::::"; -my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o::aes_ctr.o aes-s390x.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o"; -my $armv4_asm=":bn_asm.o armv4-mont.o::aes_cbc.o aes-armv4.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o:void"; +my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o::aes_ctr.o aes-s390x.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o"; +my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o::aes_cbc.o aes-armv4.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o:void"; my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o:32"; my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o:64"; my $ppc32_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o:::::::"; @@ -166,7 +166,7 @@ my %table=( # Our development configs "purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::", "debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::", -"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o", +"debug-ben", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe::(unknown):::::", "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", "debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -g3 -O2 -pipe::(unknown)::::::", @@ -370,7 +370,7 @@ my %table=( # ldconfig and run-time linker to autodiscover. Unfortunately it # doesn't work just yet, because of couple of bugs in glibc # sysdep/s390/dl-procinfo.c affecting ldconfig and ld.so.1... -"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:s390xcap.o s390xcpuid.o:bn_asm.o s390x-mont.o::aes_ctr.o aes-s390x.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs", +"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".($s390x_asm=~s/bn\-s390x\.o/bn_asm.o/,$s390x_asm).":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs", #### SPARC Linux setups # Ray Miller has patiently # assisted with debugging of following two configs. @@ -398,6 +398,10 @@ my %table=( "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", +# Android: linux-* but without -DTERMIO and pointers to headers and libs. +"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + #### *BSD [do see comment about ${BSDthreads} above!] "BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -510,11 +514,11 @@ my %table=( # Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64 "VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o:ias:win32", "VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o aesni-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o:auto:win32", -"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32", -"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32", +"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o:ias:win32", +"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o:auto:win32", # x86 Win32 target defaults to ANSI API, if you want UNICODE, complement # 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE' -"VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", +"VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", # Unified CE target "debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", "VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32", @@ -587,6 +591,8 @@ my %table=( "OS2-EMX", "gcc::::::::", ##### VxWorks for various targets +"vxworks-ppc60x","ccppc:-D_REENTRANT -mrtp -mhard-float -mstrict-align -fno-implicit-fp -DPPC32_fp60x -O2 -fstrength-reduce -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/common:::::", +"vxworks-ppcgen","ccppc:-D_REENTRANT -mrtp -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon:::::", "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", "vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::", "vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::", @@ -647,6 +653,12 @@ my $openssldir=""; my $exe_ext=""; my $install_prefix= "$ENV{'INSTALL_PREFIX'}"; my $cross_compile_prefix=""; +my $fipslibdir="/usr/local/ssl/fips-2.0/lib/"; +my $nofipscanistercheck=0; +my $fipsdso=0; +my $fipscanisterinternal="n"; +my $fipscanisteronly = 0; +my $baseaddr="0xFB00000"; my $no_threads=0; my $threads=0; my $no_shared=0; # but "no-shared" is default @@ -681,11 +693,12 @@ my $cmll_enc="camellia.o cmll_misc.o cmll_cbc.o"; my $processor=""; my $default_ranlib; my $perl; - +my $fips=0; # All of the following is disabled by default (RC5 was enabled before 0.9.8): my %disabled = ( # "what" => "comment" [or special keyword "experimental"] + "ec-nistp224-64-gcc-128" => "default", "gmp" => "default", "jpake" => "experimental", "md2" => "default", @@ -698,6 +711,21 @@ my %disabled = ( # "what" => "comment" [or special keyword "experimental ); my @experimental = (); +# If ssl directory missing assume truncated FIPS tarball +if (!-d "ssl") + { + print STDERR "Auto Configuring fipsonly\n"; + $fips = 1; + $nofipscanistercheck = 1; + $fipslibdir=""; + $fipscanisterinternal="y"; + $fipscanisteronly = 2; + if (! -f "crypto/bn/bn_gf2m.c" ) + { + $disabled{ec2m} = "forced"; + } + } + # This is what $depflags will look like with the above defaults # (we need this to see if we should advise the user to run "make depend"): my $default_depflags = " -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_STORE"; @@ -827,12 +855,55 @@ PROCESS_ARGS: } elsif (/^386$/) { $processor=386; } + elsif (/^fips$/) + { + $fips=1; + } elsif (/^rsaref$/) { # No RSAref support any more since it's not needed. # The check for the option is there so scripts aren't # broken } + elsif (/^nofipscanistercheck$/) + { + $fips = 1; + $nofipscanistercheck = 1; + } + elsif (/^fipscheck$/) + { + if ($fipscanisteronly != 2) + { + print STDERR <<"EOF"; +ERROR: FIPS not autodetected. Not running from restricted tarball?? +EOF + exit(1); + } + } + elsif (/^fipscanisteronly$/) + { + $fips = 1; + $nofipscanistercheck = 1; + $fipslibdir=""; + $fipscanisterinternal="y"; + $fipscanisteronly = 1; + } + elsif (/^fipscanisterbuild$/) + { + $fips = 1; + $nofipscanistercheck = 1; + $fipslibdir=""; + $fipscanisterinternal="y"; + $fipscanisteronly = 1; + } + elsif (/^fipsdso$/) + { + $fips = 1; + $nofipscanistercheck = 1; + $fipslibdir=""; + $fipscanisterinternal="y"; + $fipsdso = 1; + } elsif (/^[-+]/) { if (/^-[lL](.*)$/ or /^-Wl,/) @@ -871,6 +942,14 @@ PROCESS_ARGS: { $withargs{"zlib-include"}="-I$1"; } + elsif (/^--with-fipslibdir=(.*)$/) + { + $fipslibdir="$1/"; + } + elsif (/^--with-baseaddr=(.*)$/) + { + $baseaddr="$1"; + } elsif (/^--cross-compile-prefix=(.*)$/) { $cross_compile_prefix=$1; @@ -965,6 +1044,12 @@ if (defined($disabled{"ec"}) || defined($disabled{"dsa"}) $disabled{"gost"} = "forced"; } +# SRP requires TLSEXT +if (defined($disabled{"tlsext"})) + { + $disabled{"srp"} = "forced"; + } + if ($target eq "TABLE") { foreach $target (sort keys %table) { print_table_entry($target); @@ -988,6 +1073,10 @@ print "Configuring for $target\n"; &usage if (!defined($table{$target})); +if ($fips) + { + delete $disabled{"shared"} if ($disabled{"shared"} eq "default"); + } foreach (sort (keys %disabled)) { @@ -1014,7 +1103,7 @@ foreach (sort (keys %disabled)) else { my ($ALGO, $algo); - ($ALGO = $algo = $_) =~ tr/[a-z]/[A-Z]/; + ($ALGO = $algo = $_) =~ tr/[\-a-z]/[_A-Z]/; if (/^asm$/ || /^err$/ || /^hw$/ || /^hw-/) { @@ -1045,6 +1134,7 @@ foreach (sort (keys %disabled)) } my $exp_cflags = ""; + foreach (sort @experimental) { my $ALGO; @@ -1060,7 +1150,24 @@ my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds; $exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/); $exe_ext=".nlm" if ($target =~ /netware/); $exe_ext=".pm" if ($target =~ /vos/); -$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq ""); +if ($openssldir eq "" and $prefix eq "") + { + if ($fips) + { + if (exists $ENV{FIPSDIR}) + { + $openssldir="$ENV{FIPSDIR}"; + } + else + { + $openssldir="/usr/local/ssl/fips-2.0"; + } + } + else + { + $openssldir="/usr/local/ssl"; + } + } $prefix=$openssldir if $prefix eq ""; $default_ranlib= &which("ranlib") or $default_ranlib="true"; @@ -1131,6 +1238,12 @@ my ($prelflags,$postlflags)=split('%',$lflags); if (defined($postlflags)) { $lflags=$postlflags; } else { $lflags=$prelflags; undef $prelflags; } +if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m) + { + $cflags =~ s/\-mno\-cygwin\s*//; + $shared_ldflag =~ s/\-mno\-cygwin\s*//; + } + my $no_shared_warn=0; my $no_user_cflags=0; @@ -1260,6 +1373,12 @@ if ($no_asm) $cpuid_obj=$bn_obj= $des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj= $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=""; + $cflags=~s/\-D[BL]_ENDIAN// if ($fips); + $thread_cflags=~s/\-D[BL]_ENDIAN// if ($fips); + } +elsif (defined($disabled{ec2m})) + { + $bn_obj =~ s/\w+-gf2m.o//; } if (!$no_shared) @@ -1297,7 +1416,7 @@ if ($zlib) my $shared_mark = ""; if ($shared_target eq "") { - $no_shared_warn = 1 if !$no_shared; + $no_shared_warn = 1 if !$no_shared && !$fips; $no_shared = 1; } if (!$no_shared) @@ -1391,6 +1510,17 @@ $cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn-586/); $cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /86/); $cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /-mont/); +$cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($bn_obj =~ /-gf2m/); + +if ($fips) + { + $openssl_other_defines.="#define OPENSSL_FIPS\n"; + if ($fipscanisterinternal eq "y") + { + $openssl_other_defines.="#define OPENSSL_FIPSCANISTER\n"; + $cflags = "-DOPENSSL_FIPSCANISTER $cflags"; + } + } $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/); $des_obj=$des_enc unless ($des_obj =~ /\.o$/); @@ -1492,10 +1622,12 @@ if ($strict_warnings) } } -open(IN,'$Makefile.new") || die "unable to create $Makefile.new:$!\n"; -print OUT "### Generated automatically from Makefile.org by Configure.\n\n"; +print OUT "### Generated automatically from $mforg by Configure.\n\n"; my $sdirs=0; while () { @@ -1509,6 +1641,7 @@ while () } } $sdirs = 0 unless /\\$/; + s/fips // if (/^DIRS=/ && !$fips); s/engines // if (/^DIRS=/ && $disabled{"engine"}); s/ccgost// if (/^ENGDIRS=/ && $disabled{"gost"}); s/^VERSION=.*/VERSION=$version/; @@ -1568,6 +1701,21 @@ while () s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/; s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/; + s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; + if ($fipsdso) + { + s/^FIPSCANLIB=.*/FIPSCANLIB=libfips/; + s/^SHARED_FIPS=.*/SHARED_FIPS=libfips\$(SHLIB_EXT)/; + s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl fips/; + } + else + { + s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips; + s/^SHARED_FIPS=.*/SHARED_FIPS=/; + s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl/; + } + s/^FIPSCANISTERINTERNAL=.*/FIPSCANISTERINTERNAL=$fipscanisterinternal/; + s/^BASEADDR=.*/BASEADDR=$baseaddr/; s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); @@ -1590,6 +1738,10 @@ while () s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/; } s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/; + if ($fipscanisteronly && exists $disabled{"ec2m"}) + { + next if (/ec2_/ || /bn_gf2m/); + } print OUT $_."\n"; } close(IN); @@ -1827,7 +1979,9 @@ EOF $make_targets .= " gentests" if $symlink; (system $make_command.$make_targets) == 0 or exit $? if $make_targets ne ""; - if ( $perl =~ m@^/@) { + if ( $fipscanisteronly ) + {} + elsif ( $perl =~ m@^/@) { &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";'); &dofile("apps/CA.pl",$perl,'^#!/', '#!%s'); } else { @@ -1835,7 +1989,7 @@ EOF &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";'); &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s'); } - if ($depflags ne $default_depflags && !$make_depend) { + if ($depflags ne $default_depflags && !$make_depend && !$fipscanisteronly) { print <