X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=util%2Fmk1mf.pl;h=7901ff121da96845f18dd02ae1d95a79b1bff2cf;hp=6b052fa31ca85d68e495f7434475c85093cdb09f;hb=668bcfd5ca237fdf6fbef1ab463697a4a48caf39;hpb=06ddf8eb08af58e00032a5f8d381d837b82fa644 diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 6b052fa31c..7901ff121d 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -13,10 +13,29 @@ $banner="\t\@echo Building OpenSSL"; my $no_static_engine = 1; my $engines = ""; +my @engines_obj = ""; +my $otherlibs = ""; local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic local $zlib_lib = ""; local $perl_asm = 0; # 1 to autobuild asm files from perl scripts +local $fips_canister_path = ""; +my $fips_premain_dso_exe_path = ""; +my $fips_premain_c_path = ""; +my $fips_sha1_exe_path = ""; + +local $fipscanisterbuild = 0; + +my $fipscanisteronly = 0; + +my $fipslibdir = ""; +my $baseaddr = ""; + +my $ex_l_libs = ""; + +my $build_targets = "lib exe"; +my $libs_dep = "\$(O_CRYPTO) \$(O_SSL)"; + # Options to import from top level Makefile my %mf_import = ( @@ -39,10 +58,12 @@ my %mf_import = ( SHA1_ASM_OBJ => \$mf_sha_asm, RMD160_ASM_OBJ => \$mf_rmd_asm, WP_ASM_OBJ => \$mf_wp_asm, - CMLL_ENC => \$mf_cm_asm + CMLL_ENC => \$mf_cm_asm, + MODES_ASM_OBJ => \$mf_modes_asm, + FIPSCANISTERONLY => \$mf_fipscanisteronly, + FIPSCANISTERINTERNAL => \$mf_fipscanisterinternal ); - open(IN,") { my ($mf_opt, $mf_ref); @@ -54,6 +75,15 @@ while() { } close(IN); +$debug = 1 if $mf_platform =~ /^debug-/; + +if ($mf_fipscanisterinternal eq "y") { + $fips = 1; + $fipscanisterbuild = 1; + $fipscanisteronly = 1; +} + + die "Makefile is not the toplevel Makefile!\n" if $ssl_version eq ""; $infile="MINFO"; @@ -101,6 +131,7 @@ and [options] can be one of just-ssl - remove all non-ssl keys/digest no-asm - No x86 asm no-krb5 - No KRB5 + no-srp - No SRP no-ec - No EC no-ecdsa - No ECDSA no-ecdh - No ECDH @@ -258,15 +289,19 @@ $cflags.=" -DOPENSSL_NO_SOCK" if $no_sock; $cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2; $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; $cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext; +$cflags.=" -DOPENSSL_NO_SRP" if $no_srp; $cflags.=" -DOPENSSL_NO_CMS" if $no_cms; $cflags.=" -DOPENSSL_NO_ERR" if $no_err; $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; $cflags.=" -DOPENSSL_NO_EC" if $no_ec; $cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa; $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh; +$cflags.=" -DOPENSSL_NO_GOST" if $no_gost; $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; $cflags.=" -DOPENSSL_NO_HW" if $no_hw; +$cflags.=" -DOPENSSL_FIPS" if $fips; $cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake; +$cflags.=" -DOPENSSL_NO_EC2M" if $no_ec2m; $cflags.= " -DZLIB" if $zlib_opt; $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2; @@ -312,18 +347,28 @@ open(IN,"<$infile") || die "unable to open $infile:$!\n"; $_=; for (;;) { - chop; + s/\s*$//; # was chop, didn't work in mixture of perls for Windows... ($key,$val)=/^([^=]+)=(.*)/; if ($key eq "RELATIVE_DIRECTORY") { if ($lib ne "") { - $uc=$lib; - $uc =~ s/^lib(.*)\.a/$1/; - $uc =~ tr/a-z/A-Z/; - $lib_nam{$uc}=$uc; - $lib_obj{$uc}.=$libobj." "; + if ($fips && $dir =~ /^fips/) + { + $uc = "FIPS"; + } + else + { + $uc=$lib; + $uc =~ s/^lib(.*)\.a/$1/; + $uc =~ tr/a-z/A-Z/; + } + if (($uc ne "FIPS") || $fipscanisterbuild) + { + $lib_nam{$uc}=$uc; + $lib_obj{$uc}.=$libobj." "; + } } last if ($val eq "FINISHED"); $lib=""; @@ -343,7 +388,7 @@ for (;;) if ($key eq "LIBKRB5") { $ex_libs .= " $val" if $val ne "";} - if ($key eq "TEST") + if ($key eq "TEST" && (!$fipscanisteronly || $dir =~ /^fips/ )) { $test.=&var_add($dir,$val, 0); } if (($key eq "PROGS") || ($key eq "E_OBJ")) @@ -354,6 +399,12 @@ for (;;) $lib=$val; $lib =~ s/^.*\/([^\/]+)$/$1/; } + if ($key eq "LIBNAME" && $no_static_engine) + { + $lib=$val; + $lib =~ s/^.*\/([^\/]+)$/$1/; + $otherlibs .= " $lib"; + } if ($key eq "EXHEADER") { $exheader.=&var_add($dir,$val, 1); } @@ -361,19 +412,168 @@ for (;;) if ($key eq "HEADER") { $header.=&var_add($dir,$val, 1); } - if ($key eq "LIBOBJ" && ($dir ne "engines" || !$no_static_engine)) + if ($key eq "LIBOBJ") + { + if ($dir ne "engines" || !$no_static_engine) { $libobj=&var_add($dir,$val, 0); } + else + { push(@engines_obj,split(/\s+/,&var_add($dir,$val,0))); } + } if ($key eq "LIBNAMES" && $dir eq "engines" && $no_static_engine) { $engines.=$val } + if ($key eq "FIPS_EX_OBJ") + { + $fips_ex_obj=&var_add("crypto",$val,0); + } + + if ($key eq "FIPSLIBDIR") + { + $fipslibdir=$val; + $fipslibdir =~ s/\/$//; + $fipslibdir =~ s/\//$o/g; + } + + if ($key eq "BASEADDR") + { $baseaddr=$val;} + if (!($_=)) { $_="RELATIVE_DIRECTORY=FINISHED\n"; } } close(IN); -if ($shlib) +if ($fips) + { + + foreach (split " ", $fips_ex_obj) + { + $fips_exclude_obj{$1} = 1 if (/\/([^\/]*)$/); + } + foreach (split " ", + "$mf_cpuid_asm $mf_aes_asm $mf_sha_asm $mf_bn_asm " . + "$mf_des_asm $mf_modes_asm") + { + s/\.o//; + $fips_exclude_obj{$_} = 1; + } + my @ltmp = split " ", $lib_obj{"CRYPTO"}; + + + $lib_obj{"CRYPTO"} = ""; + + foreach(@ltmp) + { + if (/\/([^\/]*)$/ && exists $fips_exclude_obj{$1}) + { + if ($fipscanisterbuild) + { + $lib_obj{"FIPS"} .= "$_ "; + } + } + elsif (!$fipscanisteronly) + { + $lib_obj{"CRYPTO"} .= "$_ "; + } + } + + } + +if ($fipscanisterbuild) + { + $fips_canister_path = "\$(LIB_D)${o}fipscanister.lib" if $fips_canister_path eq ""; + $fips_premain_c_path = "\$(LIB_D)${o}fips_premain.c"; + } +else { - $extra_install= <<"EOF"; + if ($fips_canister_path eq "") + { + $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.lib"; + } + + if ($fips_premain_c_path eq "") + { + $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c"; + } + } + +if ($fips) + { + if ($fips_sha1_exe_path eq "") + { + $fips_sha1_exe_path = + "\$(BIN_D)${o}fips_standalone_sha1$exep"; + } + } + else + { + $fips_sha1_exe_path = ""; + } + +if ($fips_premain_dso_exe_path eq "") + { + $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep"; + } + +# $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips); + +if ($fips) + { + if (!$shlib) + { + $build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)"; + $ex_l_libs .= " \$(O_FIPSCANISTER)"; + $ex_libs_dep .= " \$(O_FIPSCANISTER)" if $fipscanisterbuild; + } + if ($fipscanisterbuild) + { + $fipslibdir = "\$(LIB_D)"; + } + else + { + if ($fipslibdir eq "") + { + open (IN, "util/fipslib_path.txt") || fipslib_error(); + $fipslibdir = ; + chomp $fipslibdir; + close IN; + } + fips_check_files($fipslibdir, + "fipscanister.lib", "fipscanister.lib.sha1", + "fips_premain.c", "fips_premain.c.sha1"); + } + } + +if ($fipscanisteronly) + { + $build_targets = "\$(O_FIPSCANISTER) \$(T_EXE)"; + $libs_dep = ""; + } + +$cp2 = $cp unless defined $cp2; + +$extra_install= <<"EOF"; + \$(CP) \"\$(INCO_D)${o}*.\[ch\]\" \"\$(INSTALLTOP)${o}include${o}openssl\" + \$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin\" + \$(MKDIR) \"\$(OPENSSLDIR)\" + \$(CP) apps${o}openssl.cnf \"\$(OPENSSLDIR)\" +EOF + +if ($fipscanisteronly) + { + $extra_install = <<"EOF"; + \$(CP) \"\$(O_FIPSCANISTER)\" \"\$(INSTALLTOP)${o}lib\" + \$(CP) \"\$(O_FIPSCANISTER).sha1\" \"\$(INSTALLTOP)${o}lib\" + \$(CP2) \"fips${o}fips_premain.c\" \"\$(INSTALLTOP)${o}lib\" + \$(CP) \"fips${o}fips_premain.c.sha1\" \"\$(INSTALLTOP)${o}lib\" + \$(CP) \"\$(INCO_D)${o}fips.h\" \"\$(INSTALLTOP)${o}include${o}openssl\" + \$(CP) \"\$(INCO_D)${o}fips_rand.h\" \"\$(INSTALLTOP)${o}include${o}openssl\" + \$(CP) "\$(BIN_D)${o}fips_standalone_sha1$exep" \"\$(INSTALLTOP)${o}bin\" + \$(CP) \"util${o}fipslink.pl\" \"\$(INSTALLTOP)${o}bin\" +EOF + } +elsif ($shlib) + { + $extra_install .= <<"EOF"; \$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}bin\" \$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}bin\" \$(CP) \"\$(L_SSL)\" \"\$(INSTALLTOP)${o}lib\" @@ -389,7 +589,7 @@ EOF } else { - $extra_install= <<"EOF"; + $extra_install .= <<"EOF"; \$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}lib\" \$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}lib\" EOF @@ -437,6 +637,7 @@ SRC_D=$src_dir LINK=$link LFLAGS=$lflags RSC=$rsc +FIPSLINK=\$(PERL) util${o}fipslink.pl # The output directory for everything intersting OUT_D=$out_dir @@ -448,6 +649,7 @@ INCO_D=$inc_dir${o}openssl PERL=$perl CP=$cp +CP2=$cp2 RM=$rm RANLIB=$ranlib MKDIR=$mkdir @@ -455,6 +657,17 @@ MKLIB=$bin_dir$mklib MLFLAGS=$mlflags ASM=$bin_dir$asm +# FIPS validated module and support file locations + +E_PREMAIN_DSO=fips_premain_dso + +FIPSLIB_D=$fipslibdir +BASEADDR=$baseaddr +FIPS_PREMAIN_SRC=$fips_premain_c_path +O_FIPSCANISTER=$fips_canister_path +FIPS_SHA1_EXE=$fips_sha1_exe_path +PREMAIN_DSO_EXE=$fips_premain_dso_exe_path + ###################################################### # You should not need to touch anything below this point ###################################################### @@ -487,7 +700,7 @@ SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp -L_LIBS= \$(L_SSL) \$(L_CRYPTO) +L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs ###################################################### # Don't touch anything below this point @@ -497,13 +710,13 @@ INC=-I\$(INC_D) -I\$(INCL_D) APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG) LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG) -LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) +LIBS_DEP=$libs_dep ############################################# EOF $rules=<<"EOF"; -all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe +all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) $build_targets banner: $banner @@ -539,10 +752,6 @@ install: all \$(MKDIR) \"\$(INSTALLTOP)${o}include\" \$(MKDIR) \"\$(INSTALLTOP)${o}include${o}openssl\" \$(MKDIR) \"\$(INSTALLTOP)${o}lib\" - \$(CP) \"\$(INCO_D)${o}*.\[ch\]\" \"\$(INSTALLTOP)${o}include${o}openssl\" - \$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin\" - \$(MKDIR) \"\$(OPENSSLDIR)\" - \$(CP) apps${o}openssl.cnf \"\$(OPENSSLDIR)\" $extra_install @@ -619,6 +828,26 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)"); $defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj); $rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)'); +# Special case rules for fips_start and fips_end fips_premain_dso + +if ($fips) + { + if ($fipscanisterbuild) + { + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj", + "fips${o}fips_canister.c", + "-DFIPS_START \$(SHLIB_CFLAGS)"); + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj", + "fips${o}fips_canister.c", "\$(SHLIB_CFLAGS)"); + } + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj", + "fips${o}sha${o}fips_standalone_sha1.c", + "\$(APP_CFLAGS)"); + $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj", + "fips${o}fips_premain.c", + "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(APP_CFLAGS)"); + } + foreach (values %lib_nam) { $lib_obj=$lib_obj{$_}; @@ -636,7 +865,8 @@ foreach (values %lib_nam) } # hack to add version info on MSVC -if (($platform eq "VC-WIN32") || ($platform eq "VC-NT")) { +if (($platform eq "VC-WIN32") || ($platform eq "VC-WIN64A") + || ($platform eq "VC-WIN64I") || ($platform eq "VC-NT")) { $rules.= <<"EOF"; \$(OBJ_D)\\\$(CRYPTO).res: ms\\version32.rc \$(RSC) /fo"\$(OBJ_D)\\\$(CRYPTO).res" /d CRYPTO ms\\version32.rc @@ -650,25 +880,99 @@ EOF $defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep); foreach (split(/\s+/,$test)) { + my $t_libs; $t=&bname($_); + my $ltype; + # Check to see if test program is FIPS + if ($fips && /fips/) + { + # If fips perform static link to + # $(O_FIPSCANISTER) + $t_libs = "\$(O_FIPSCANISTER)"; + $ltype = 2; + } + else + { + $t_libs = "\$(L_LIBS)"; + $ltype = 0; + } + $tt="\$(OBJ_D)${o}$t${obj}"; - $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); + $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","$t_libs \$(EX_LIBS)", $ltype); } -$defs.=&do_defs("E_SHLIB",$engines,"\$(ENG_D)",$shlibp); +$defs.=&do_defs("E_SHLIB",$engines . $otherlibs,"\$(ENG_D)",$shlibp); foreach (split(/\s+/,$engines)) { - $rules.=&do_compile_rule("\$(OBJ_D)","engines${o}e_$_",$lib); - $rules.= &do_lib_rule("\$(OBJ_D)${o}e_${_}.obj","\$(ENG_D)$o$_$shlibp","",$shlib,""); + my $engine = $_; + my @objs = grep {/e_$engine/} @engines_obj; + $rules.=&do_compile_rule("\$(OBJ_D)",join(" ",@objs),$lib); + map {$_=~s/.*\/([^\/]+)$/\$(OBJ_D)${o}$1$obj/} @objs; + $rules.= &do_lib_rule(join(" ",@objs),"\$(ENG_D)$o$engine$shlibp","",$shlib,""); } $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)"); -$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)"); +#$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)"); + +foreach (split(" ",$otherlibs)) + { + my $uc = $_; + $uc =~ tr /a-z/A-Z/; + $rules.= &do_lib_rule("\$(${uc}OBJ)","\$(ENG_D)$o$_$shlibp", "", $shlib, ""); -$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); + } + +if ($fips) + { + if ($shlib) + { + $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)", + "\$(O_CRYPTO)", "$crypto", + $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)"); + } + else + { + $rules.= &do_lib_rule("\$(CRYPTOOBJ)", + "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", ""); + $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)", + "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", ""); + } + } + else + { + $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib, + "\$(SO_CRYPTO)"); + } + +if ($fips) + { + if ($fipscanisterbuild) + { + $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", + "\$(OBJ_D)${o}fips_start$obj", + "\$(FIPSOBJ)", + "\$(OBJ_D)${o}fips_end$obj", + "\$(FIPS_SHA1_EXE)", ""); + # FIXME + $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)", + "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}sha1dgst$obj $sha1_asm_obj", + "","\$(EX_LIBS)", 1); + } + else + { + $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)", + "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(O_FIPSCANISTER)", + "","", 1); + + } + $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1); + + } + +$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)", ($fips && !$shlib) ? 2 : 0); print $defs; @@ -705,8 +1009,10 @@ sub var_add return("") if $no_dsa && $dir =~ /\/dsa/; return("") if $no_dh && $dir =~ /\/dh/; return("") if $no_ec && $dir =~ /\/ec/; + return("") if $no_gost && $dir =~ /\/ccgost/; return("") if $no_cms && $dir =~ /\/cms/; return("") if $no_jpake && $dir =~ /\/jpake/; + return("") if !$fips && $dir =~ /^fips/; if ($no_des && $dir =~ /\/des/) { if ($val =~ /read_pwd/) @@ -761,6 +1067,8 @@ sub var_add @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; @a=grep(!/_mdc2$/,@a) if $no_mdc2; + @a=grep(!/(srp)/,@a) if $no_srp; + @a=grep(!/^engine$/,@a) if $no_engine; @a=grep(!/^hw$/,@a) if $no_hw; @a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa; @@ -828,7 +1136,7 @@ sub do_defs $ret.=$t; } # hack to add version info on MSVC - if ($shlib && (($platform eq "VC-WIN32") || ($platform eq "VC-NT"))) + if ($shlib && (($platform eq "VC-WIN32") || ($platfrom eq "VC-WIN64I") || ($platform eq "VC-WIN64A") || ($platform eq "VC-NT"))) { if ($var eq "CRYPTOOBJ") { $ret.="\$(OBJ_D)\\\$(CRYPTO).res "; } @@ -895,10 +1203,14 @@ sub perlasm_compile_target { my($target,$source,$bname)=@_; my($ret); - $bname =~ s/(.*)\.[^\.]$/$1/; $ret ="\$(TMP_D)$o$bname.asm: $source\n"; - $ret.="\t\$(PERL) $source $asmtype \$(CFLAG) >\$\@\n\n"; + $ret.="\t\$(PERL) $source $asmtype \$(CFLAG) >\$\@\n"; + if ($fipscanisteronly) + { + $ret .= "\t\$(PERL) util\\fipsas.pl . \$@ norunasm \$(CFLAG)\n"; + } + $ret .= "\n"; $ret.="$target: \$(TMP_D)$o$bname.asm\n"; $ret.="\t\$(ASM) $afile\$\@ \$(TMP_D)$o$bname.asm\n\n"; return($ret); @@ -911,7 +1223,9 @@ sub Sasm_compile_target $bname =~ s/(.*)\.[^\.]$/$1/; $ret ="\$(TMP_D)$o$bname.asm: $source\n"; - $ret.="\t\$(CC) -E \$(CFLAG) $source >\$\@\n\n"; + $ret.="\t\$(CC) -E \$(CFLAG) $source >\$\@\n"; + $ret.="\t\$(PERL) util\\fipsas.pl . \$@ norunasm \$(CFLAG)\n" if $fipscanisteronly; + $ret.="\n"; $ret.="$target: \$(TMP_D)$o$bname.asm\n"; $ret.="\t\$(ASM) $afile\$\@ \$(TMP_D)$o$bname.asm\n\n"; return($ret); @@ -1036,21 +1350,25 @@ sub read_options "no-ssl2" => \$no_ssl2, "no-ssl3" => \$no_ssl3, "no-tlsext" => \$no_tlsext, + "no-srp" => \$no_srp, "no-cms" => \$no_cms, "no-jpake" => \$no_jpake, + "no-ec2m" => \$no_ec2m, + "no-ec_nistp_64_gcc_128" => 0, "no-err" => \$no_err, "no-sock" => \$no_sock, "no-krb5" => \$no_krb5, "no-ec" => \$no_ec, "no-ecdsa" => \$no_ecdsa, "no-ecdh" => \$no_ecdh, + "no-gost" => \$no_gost, "no-engine" => \$no_engine, "no-hw" => \$no_hw, "just-ssl" => [\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast, \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh, \$no_ssl2, \$no_err, \$no_ripemd, \$no_rc5, - \$no_aes, \$no_camellia, \$no_seed], + \$no_aes, \$no_camellia, \$no_seed, \$no_srp], "rsaref" => 0, "gcc" => \$gcc, "debug" => \$debug, @@ -1058,6 +1376,7 @@ sub read_options "shlib" => \$shlib, "dll" => \$shlib, "shared" => 0, + "no-sctp" => 0, "no-gmp" => 0, "no-rfc3779" => 0, "no-montasm" => 0, @@ -1065,6 +1384,11 @@ sub read_options "no-store" => 0, "no-zlib" => 0, "no-zlib-dynamic" => 0, + "no-ssl-trace" => 0, + "fips" => \$fips, + "fipscanisterbuild" => [\$fips, \$fipscanisterbuild], + "fipscanisteronly" => [\$fips, \$fipscanisterbuild, \$fipscanisteronly], + "fipscheck" => [\$fips, \$fipscanisterbuild, \$fipscanisteronly], ); if (exists $valid_options{$_}) @@ -1141,3 +1465,31 @@ sub read_options else { return(0); } return(1); } + +sub fipslib_error + { + print STDERR "***FIPS module directory sanity check failed***\n"; + print STDERR "FIPS module build failed, or was deleted\n"; + print STDERR "Please rebuild FIPS module.\n"; + exit 1; + } + +sub fips_check_files + { + my $dir = shift @_; + my $ret = 1; + if (!-d $dir) + { + print STDERR "FIPS module directory $dir does not exist\n"; + fipslib_error(); + } + foreach (@_) + { + if (!-f "$dir${o}$_") + { + print STDERR "FIPS module file $_ does not exist!\n"; + $ret = 0; + } + } + fipslib_error() if ($ret == 0); + }