Add FIPS support to the WIN32 build system.

author Dr. Stephen Henson <steve@openssl.org>

Thu, 3 Feb 2011 23:12:04 +0000 (23:12 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Thu, 3 Feb 2011 23:12:04 +0000 (23:12 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Thu, 3 Feb 2011 23:12:04 +0000 (23:12 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Thu, 3 Feb 2011 23:12:04 +0000 (23:12 +0000)
diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c

index d52caa49efc5241d8198dd5519857cc13a1ea262..8bc5189c162587335a1cac3e76c4b14edc45522d 100644 (file)
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -208,7 +208,9 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
         case DLL_THREAD_ATTACH:
                 break;
         case DLL_THREAD_DETACH:
         case DLL_THREAD_ATTACH:
                 break;
         case DLL_THREAD_DETACH:
+#ifndef OPENSSL_FIPS
                 ERR_remove_state(0);
                 ERR_remove_state(0);
+#endif
                 break;
         case DLL_PROCESS_DETACH:
                 break;
                 break;
         case DLL_PROCESS_DETACH:
                 break;
diff --git a/crypto/rand/rand.h b/crypto/rand/rand.h

index 7a3a79b44f02ed9b822581c2266fabd2076b0259..8db2a5f80f0bba4d5a73a90416b28a5b23b019be 100644 (file)
--- a/crypto/rand/rand.h
+++ b/crypto/rand/rand.h
@@ -94,7 +94,7 @@ extern int rand_predictable;
  
  int RAND_set_rand_method(const RAND_METHOD *meth);
  const RAND_METHOD *RAND_get_rand_method(void);
  
  int RAND_set_rand_method(const RAND_METHOD *meth);
  const RAND_METHOD *RAND_get_rand_method(void);
-#ifndef OPENSSL_NO_ENGINE
+#if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_FIPS)
  int RAND_set_rand_engine(ENGINE *engine);
  #endif
  RAND_METHOD *RAND_SSLeay(void);
  int RAND_set_rand_engine(ENGINE *engine);
  #endif
  RAND_METHOD *RAND_SSLeay(void);
diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c

index 5d134e186bb03025b8b6ad718d74ff8dff2e6b7e..07ab4eb8dfea5c219aaf88bc05656a7b7b9e3341 100644 (file)
--- a/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
@@ -109,6 +109,8 @@
   *
   */
  
   *
   */
  
+#define OPENSSL_FIPSAPI
+
  #include "cryptlib.h"
  #include <openssl/rand.h>
  #include "rand_lcl.h"
  #include "cryptlib.h"
  #include <openssl/rand.h>
  #include "rand_lcl.h"
diff --git a/util/libeay.num b/util/libeay.num

index 8aebc1ff1cb427d48c188c27bb0c1d49a0fa0828..cb013b48947f2d77a6243a0c32cb928cacf86617 100755 (executable)
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -2184,7 +2184,7 @@ X509_CERT_AUX_it                        2727      EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI
  CERTIFICATEPOLICIES_it                  2728   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
  CERTIFICATEPOLICIES_it                  2728   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
  _ossl_old_des_ede3_cbc_encrypt          2729   EXIST::FUNCTION:DES
  CERTIFICATEPOLICIES_it                  2728   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
  CERTIFICATEPOLICIES_it                  2728   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
  _ossl_old_des_ede3_cbc_encrypt          2729   EXIST::FUNCTION:DES
-RAND_set_rand_engine                    2730   EXIST::FUNCTION:ENGINE
+RAND_set_rand_engine                    2730   EXIST:!OPENSSL_FIPS:FUNCTION:ENGINE
  DSO_get_loaded_filename                 2731   EXIST::FUNCTION:
  X509_ATTRIBUTE_it                       2732   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
  X509_ATTRIBUTE_it                       2732   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
  DSO_get_loaded_filename                 2731   EXIST::FUNCTION:
  X509_ATTRIBUTE_it                       2732   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
  X509_ATTRIBUTE_it                       2732   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
diff --git a/util/mk1mf.pl b/util/mk1mf.pl

index afe8c7326ddbc38025e192be9993212db3167a1c..73bec13da7ad29063d0d4e4719f4119b03a5a34d 100755 (executable)
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -18,6 +18,18 @@ local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic
  local $zlib_lib = "";
  local $perl_asm = 0;   # 1 to autobuild asm files from perl scripts
  
  local $zlib_lib = "";
  local $perl_asm = 0;   # 1 to autobuild asm files from perl scripts
  
+local $fips_canister_path = "";
+my $fips_premain_dso_exe_path = "";
+my $fips_premain_c_path = "";
+my $fips_sha1_exe_path = "";
+
+local $fipscanisterbuild = 0;
+
+my $fipslibdir = "";
+my $baseaddr = "";
+
+my $ex_l_libs = "";
+
  # Options to import from top level Makefile
  
  my %mf_import = (
  # Options to import from top level Makefile
  
  my %mf_import = (
@@ -43,7 +55,6 @@ my %mf_import = (
         CMLL_ENC       => \$mf_cm_asm
  );
  
         CMLL_ENC       => \$mf_cm_asm
  );
  
-
  open(IN,"<Makefile") || die "unable to open Makefile!\n";
  while(<IN>) {
      my ($mf_opt, $mf_ref);
  open(IN,"<Makefile") || die "unable to open Makefile!\n";
  while(<IN>) {
      my ($mf_opt, $mf_ref);
@@ -270,6 +281,7 @@ $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh;
  $cflags.=" -DOPENSSL_NO_GOST" if $no_gost;
  $cflags.=" -DOPENSSL_NO_ENGINE"   if $no_engine;
  $cflags.=" -DOPENSSL_NO_HW"   if $no_hw;
  $cflags.=" -DOPENSSL_NO_GOST" if $no_gost;
  $cflags.=" -DOPENSSL_NO_ENGINE"   if $no_engine;
  $cflags.=" -DOPENSSL_NO_HW"   if $no_hw;
+$cflags.=" -DOPENSSL_FIPS"    if $fips;
  $cflags.=" -DOPENSSL_NO_JPAKE"    if $no_jpake;
  $cflags.= " -DZLIB" if $zlib_opt;
  $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
  $cflags.=" -DOPENSSL_NO_JPAKE"    if $no_jpake;
  $cflags.= " -DZLIB" if $zlib_opt;
  $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
@@ -323,11 +335,21 @@ for (;;)
                 {
                 if ($lib ne "")
                         {
                 {
                 if ($lib ne "")
                         {
-                       $uc=$lib;
-                       $uc =~ s/^lib(.*)\.a/$1/;
-                       $uc =~ tr/a-z/A-Z/;
-                       $lib_nam{$uc}=$uc;
-                       $lib_obj{$uc}.=$libobj." ";
+                       if ($fips && $dir =~ /^fips/)
+                               {
+                               $uc = "FIPS";
+                               }
+                       else
+                               {
+                               $uc=$lib;
+                               $uc =~ s/^lib(.*)\.a/$1/;
+                               $uc =~ tr/a-z/A-Z/;
+                               }
+                       if (($uc ne "FIPS") || $fipscanisterbuild)
+                               {
+                               $lib_nam{$uc}=$uc;
+                               $lib_obj{$uc}.=$libobj." ";
+                               }
                         }
                 last if ($val eq "FINISHED");
                 $lib="";
                         }
                 last if ($val eq "FINISHED");
                 $lib="";
@@ -376,11 +398,126 @@ for (;;)
         if ($key eq "LIBNAMES" && $dir eq "engines" && $no_static_engine)
                 { $engines.=$val }
  
         if ($key eq "LIBNAMES" && $dir eq "engines" && $no_static_engine)
                 { $engines.=$val }
  
+       if ($key eq "FIPS_EX_OBJ")
+               { 
+               $fips_ex_obj=&var_add("crypto",$val,0);
+               }
+
+       if ($key eq "FIPSLIBDIR")
+               {
+               $fipslibdir=$val;
+               $fipslibdir =~ s/\/$//;
+               $fipslibdir =~ s/\//$o/g;
+               }
+
+       if ($key eq "BASEADDR")
+               { $baseaddr=$val;}
+
         if (!($_=<IN>))
                 { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
         }
  close(IN);
  
         if (!($_=<IN>))
                 { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
         }
  close(IN);
  
+if ($fips)
+       {
+
+       foreach (split " ", $fips_ex_obj)
+               {
+               $fips_exclude_obj{$1} = 1 if (/\/([^\/]*)$/);
+               }
+       foreach (split " ",
+               "$mf_cpuid_asm $mf_aes_asm $mf_sha_asm $mf_bn_asm $mf_des_asm")
+               {
+               s/\.o//;
+               $fips_exclude_obj{$_} = 1;
+               }
+       my @ltmp = split " ", $lib_obj{"CRYPTO"};
+
+
+       $lib_obj{"CRYPTO"} = "";
+
+       foreach(@ltmp)
+               {
+               if (/\/([^\/]*)$/ && exists $fips_exclude_obj{$1})
+                       {
+                       if ($fipscanisterbuild)
+                               {
+                               $lib_obj{"FIPS"} .= "$_ ";
+                               }
+                       }
+               else
+                       {
+                       $lib_obj{"CRYPTO"} .= "$_ ";
+                       }
+               }
+
+       }
+
+if ($fipscanisterbuild)
+       {
+       $fips_canister_path = "\$(LIB_D)${o}fipscanister.lib" if $fips_canister_path eq "";
+       $fips_premain_c_path = "\$(LIB_D)${o}fips_premain.c";
+       }
+else
+       {
+       if ($fips_canister_path eq "")
+               {
+               $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.lib";
+               }
+
+       if ($fips_premain_c_path eq "")
+               {
+               $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c";
+               }
+       }
+
+if ($fips)
+       {
+       if ($fips_sha1_exe_path eq "")
+               {
+               $fips_sha1_exe_path =
+                       "\$(BIN_D)${o}fips_standalone_sha1$exep";
+               }
+       }
+       else
+       {
+       $fips_sha1_exe_path = "";
+       }
+
+if ($fips_premain_dso_exe_path eq "")
+       {
+       $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep";
+       }
+
+#      $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips);
+
+if ($fips)
+       {
+       if (!$shlib)
+               {
+               $ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)";
+               $ex_l_libs .= " \$(O_FIPSCANISTER)";
+               $ex_libs_dep .= " \$(O_FIPSCANISTER)" if $fipscanisterbuild;
+               }
+       if ($fipscanisterbuild)
+               {
+               $fipslibdir = "\$(LIB_D)";
+               }
+       else
+               {
+               if ($fipslibdir eq "")
+                       {
+                       open (IN, "util/fipslib_path.txt") || fipslib_error();
+                       $fipslibdir = <IN>;
+                       chomp $fipslibdir;
+                       close IN;
+                       }
+               fips_check_files($fipslibdir,
+                               "fipscanister.lib", "fipscanister.lib.sha1",
+                               "fips_premain.c", "fips_premain.c.sha1");
+               }
+       }
+
  if ($shlib)
         {
         $extra_install= <<"EOF";
  if ($shlib)
         {
         $extra_install= <<"EOF";
@@ -447,6 +584,7 @@ SRC_D=$src_dir
  LINK=$link
  LFLAGS=$lflags
  RSC=$rsc
  LINK=$link
  LFLAGS=$lflags
  RSC=$rsc
+FIPSLINK=\$(PERL) util${o}fipslink.pl
  
  # The output directory for everything intersting
  OUT_D=$out_dir
  
  # The output directory for everything intersting
  OUT_D=$out_dir
@@ -465,6 +603,17 @@ MKLIB=$bin_dir$mklib
  MLFLAGS=$mlflags
  ASM=$bin_dir$asm
  
  MLFLAGS=$mlflags
  ASM=$bin_dir$asm
  
+# FIPS validated module and support file locations
+
+E_PREMAIN_DSO=fips_premain_dso
+
+FIPSLIB_D=$fipslibdir
+BASEADDR=$baseaddr
+FIPS_PREMAIN_SRC=$fips_premain_c_path
+O_FIPSCANISTER=$fips_canister_path
+FIPS_SHA1_EXE=$fips_sha1_exe_path
+PREMAIN_DSO_EXE=$fips_premain_dso_exe_path
+
  ######################################################
  # You should not need to touch anything below this point
  ######################################################
  ######################################################
  # You should not need to touch anything below this point
  ######################################################
@@ -497,7 +646,7 @@ SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
  L_SSL=     \$(LIB_D)$o$plib\$(SSL)$libp
  L_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$libp
  
  L_SSL=     \$(LIB_D)$o$plib\$(SSL)$libp
  L_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$libp
  
-L_LIBS= \$(L_SSL) \$(L_CRYPTO)
+L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs
  
  ######################################################
  # Don't touch anything below this point
  
  ######################################################
  # Don't touch anything below this point
@@ -507,13 +656,13 @@ INC=-I\$(INC_D) -I\$(INCL_D)
  APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
  LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
  SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
  APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
  LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
  SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
-LIBS_DEP=\$(O_CRYPTO) \$(O_SSL)
+LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep
  
  #############################################
  EOF
  
  $rules=<<"EOF";
  
  #############################################
  EOF
  
  $rules=<<"EOF";
-all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe
+all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) lib exe $ex_build_targets
  
  banner:
  $banner
  
  banner:
  $banner
@@ -629,6 +778,26 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
  $defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
  $rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
  
  $defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
  $rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
  
+# Special case rules for fips_start and fips_end fips_premain_dso
+
+if ($fips)
+       {
+       if ($fipscanisterbuild)
+               {
+               $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj",
+                       "fips${o}fips_canister.c",
+                       "-DFIPS_START \$(SHLIB_CFLAGS)");
+               $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj",
+                       "fips${o}fips_canister.c", "\$(SHLIB_CFLAGS)");
+               }
+       $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj",
+               "fips${o}sha${o}fips_standalone_sha1.c",
+               "\$(SHLIB_CFLAGS)");
+       $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj",
+               "fips${o}fips_premain.c",
+               "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)");
+       }
+
  foreach (values %lib_nam)
         {
         $lib_obj=$lib_obj{$_};
  foreach (values %lib_nam)
         {
         $lib_obj=$lib_obj{$_};
@@ -659,6 +828,28 @@ EOF
  }
  
  $defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep);
  }
  
  $defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep);
+foreach (split(/\s+/,$test))
+       {
+       my $t_libs;
+       $t=&bname($_);
+       my $ltype;
+       # Check to see if test program is FIPS
+       if ($fips && /fips/)
+               {
+               # If fips perform static link to 
+               # $(O_FIPSCANISTER)
+               $t_libs = "\$(O_FIPSCANISTER)";
+               $ltype = 2;
+               }
+       else
+               {
+               $t_libs = "\$(L_LIBS)";
+               $ltype = 0;
+               }
+
+       $tt="\$(OBJ_D)${o}$t${obj}";
+       $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","$t_libs \$(EX_LIBS)", $ltype);
+       }
  foreach (split(/\s+/,$test))
         {
         $t=&bname($_);
  foreach (split(/\s+/,$test))
         {
         $t=&bname($_);
@@ -677,7 +868,7 @@ foreach (split(/\s+/,$engines))
  
  
  $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
  
  
  $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
-$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");
+#$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");
  
  foreach (split(" ",$otherlibs))
         {
  
  foreach (split(" ",$otherlibs))
         {
@@ -687,7 +878,54 @@ foreach (split(" ",$otherlibs))
  
         }
  
  
         }
  
-$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
+if ($fips)
+       {
+       if ($shlib)
+               {
+               $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
+                               "\$(O_CRYPTO)", "$crypto",
+                               $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
+               }
+       else
+               {
+               $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
+                       "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
+               $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(FIPSOBJ)",
+                       "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", "");
+               }
+       }
+       else
+       {
+       $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,
+                                                       "\$(SO_CRYPTO)");
+       }
+
+if ($fips)
+       {
+       if ($fipscanisterbuild)
+               {
+               $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)",
+                                       "\$(OBJ_D)${o}fips_start$obj",
+                                       "\$(FIPSOBJ)",
+                                       "\$(OBJ_D)${o}fips_end$obj",
+                                       "\$(FIPS_SHA1_EXE)", "");
+               # FIXME
+               $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)",
+                                       "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}sha1dgst$obj $sha1_asm_obj",
+                                       "","\$(EX_LIBS)", 1);
+               }
+       else
+               {
+               $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)",
+                                       "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(O_FIPSCANISTER)",
+                                       "","", 1);
+
+               }
+       $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1);
+       
+       }
+
+$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)", ($fips && !$shlib) ? 2 : 0);
  
  print $defs;
  
  
  print $defs;
  
@@ -727,6 +965,7 @@ sub var_add
         return("") if $no_gost   && $dir =~ /\/ccgost/;
         return("") if $no_cms  && $dir =~ /\/cms/;
         return("") if $no_jpake  && $dir =~ /\/jpake/;
         return("") if $no_gost   && $dir =~ /\/ccgost/;
         return("") if $no_cms  && $dir =~ /\/cms/;
         return("") if $no_jpake  && $dir =~ /\/jpake/;
+       return("") if !$fips   && $dir =~ /^fips/;
         if ($no_des && $dir =~ /\/des/)
                 {
                 if ($val =~ /read_pwd/)
         if ($no_des && $dir =~ /\/des/)
                 {
                 if ($val =~ /read_pwd/)
@@ -1086,6 +1325,8 @@ sub read_options
                 "no-store" => 0,
                 "no-zlib" => 0,
                 "no-zlib-dynamic" => 0,
                 "no-store" => 0,
                 "no-zlib" => 0,
                 "no-zlib-dynamic" => 0,
+               "fips" => \$fips,
+               "fipscanisterbuild" => [\$fips, \$fipscanisterbuild],
                 );
  
         if (exists $valid_options{$_})
                 );
  
         if (exists $valid_options{$_})
@@ -1162,3 +1403,31 @@ sub read_options
         else { return(0); }
         return(1);
         }
         else { return(0); }
         return(1);
         }
+
+sub fipslib_error
+       {
+       print STDERR "***FIPS module directory sanity check failed***\n";
+       print STDERR "FIPS module build failed, or was deleted\n";
+       print STDERR "Please rebuild FIPS module.\n"; 
+       exit 1;
+       }
+
+sub fips_check_files
+       {
+       my $dir = shift @_;
+       my $ret = 1;
+       if (!-d $dir)
+               {
+               print STDERR "FIPS module directory $dir does not exist\n";
+               fipslib_error();
+               }
+       foreach (@_)
+               {
+               if (!-f "$dir${o}$_")
+                       {
+                       print STDERR "FIPS module file $_ does not exist!\n";
+                       $ret = 0;
+                       }
+               }
+       fipslib_error() if ($ret == 0);
+       }
diff --git a/util/mkfiles.pl b/util/mkfiles.pl

index 8bfbcae255f1c84abba728ec322c9c021c413ea5..9a657dadcf70e54ee4024e2b661aa826a1668114 100755 (executable)
--- a/util/mkfiles.pl
+++ b/util/mkfiles.pl
@@ -63,6 +63,16 @@ my @dirs = (
  "crypto/pqueue",
  "crypto/whrlpool",
  "crypto/ts",
  "crypto/pqueue",
  "crypto/whrlpool",
  "crypto/ts",
+"fips",
+"fips/aes",
+"fips/des",
+"fips/dsa",
+"fips/dh",
+"fips/hmac",
+"fips/rand",
+"fips/rsa",
+"fips/utl",
+"fips/sha",
  "ssl",
  "apps",
  "engines",
  "ssl",
  "apps",
  "engines",
diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl

index 5f25fc41bfa7bf9936b4b33ce2fbda4733edbffa..ce8cd733c73c2042f54a7130c4e9652d1637beba 100644 (file)
--- a/util/pl/VC-32.pl
+++ b/util/pl/VC-32.pl
@@ -6,6 +6,21 @@
  $ssl=  "ssleay32";
  $crypto="libeay32";
  
  $ssl=  "ssleay32";
  $crypto="libeay32";
  
+if ($fips && !$shlib)
+       {
+       $crypto="libeayfips32";
+       $crypto_compat = "libeaycompat32.lib";
+       }
+else
+       {
+       $crypto="libeay32";
+       }
+
+if ($fipscanisterbuild)
+       {
+       $fips_canister_path = "\$(LIB_D)\\fipscanister.lib";
+       }
+
  $o='\\';
  $cp='$(PERL) util/copy.pl';
  $mkdir='$(PERL) util/mkdir-p.pl';
  $o='\\';
  $cp='$(PERL) util/copy.pl';
  $mkdir='$(PERL) util/mkdir-p.pl';
@@ -266,10 +281,19 @@ elsif ($shlib && $FLAVOR =~ /CE/)
  
  sub do_lib_rule
         {
  
  sub do_lib_rule
         {
-       local($objs,$target,$name,$shlib)=@_;
+       my($objs,$target,$name,$shlib,$ign,$base_addr) = @_;
         local($ret);
  
         $taget =~ s/\//$o/g if $o ne '/';
         local($ret);
  
         $taget =~ s/\//$o/g if $o ne '/';
+       my $base_arg;
+       if ($base_addr ne "")
+               {
+               $base_arg= " /base:$base_addr";
+               }
+       else
+               {
+               $base_arg = "";
+               }
         if ($name ne "")
                 {
                 $name =~ tr/a-z/A-Z/;
         if ($name ne "")
                 {
                 $name =~ tr/a-z/A-Z/;
@@ -277,7 +301,7 @@ sub do_lib_rule
                 }
  
  #      $target="\$(LIB_D)$o$target";
                 }
  
  #      $target="\$(LIB_D)$o$target";
-       $ret.="$target: $objs\n";
+#      $ret.="$target: $objs\n";
         if (!$shlib)
                 {
  #              $ret.="\t\$(RM) \$(O_$Name)\n";
         if (!$shlib)
                 {
  #              $ret.="\t\$(RM) \$(O_$Name)\n";
@@ -287,7 +311,27 @@ sub do_lib_rule
                 {
                 local($ex)=($target =~ /O_CRYPTO/)?'':' $(L_CRYPTO)';
                 $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
                 {
                 local($ex)=($target =~ /O_CRYPTO/)?'':' $(L_CRYPTO)';
                 $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
-               $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n  \$(SHLIB_EX_OBJ) $objs $ex \$(EX_LIBS)\n<<\n";
+
+               if ($fips && $target =~ /O_CRYPTO/)
+                       {
+                       $ret.="$target: $objs \$(PREMAIN_DSO_EXE)";
+                       $ret.="\n\tSET FIPS_LINK=\$(LINK)\n";
+                       $ret.="\tSET FIPS_CC=\$(CC)\n";
+                       $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
+                       $ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n";
+                       $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
+                       $ret.="\tSET FIPS_TARGET=$target\n";
+                       $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
+                       $ret.="\t\$(FIPSLINK) \$(MLFLAGS) /map $base_arg $efile$target ";
+                       $ret.="$name @<<\n  \$(SHLIB_EX_OBJ) $objs \$(EX_LIBS) ";
+                       $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n";
+                       }
+               else
+                       {
+                       $ret.="$target: $objs";
+                       $ret.="\n\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n  \$(SHLIB_EX_OBJ) $objs $ex \$(EX_LIBS)\n<<\n";
+                       }
+
                 $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;2\n\n";
                 }
         $ret.="\n";
                 $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;2\n\n";
                 }
         $ret.="\n";
@@ -296,15 +340,55 @@ sub do_lib_rule
  
  sub do_link_rule
         {
  
  sub do_link_rule
         {
-       local($target,$files,$dep_libs,$libs)=@_;
+       my($target,$files,$dep_libs,$libs,$standalone)=@_;
         local($ret,$_);
         local($ret,$_);
-       
         $file =~ s/\//$o/g if $o ne '/';
         $n=&bname($targer);
         $ret.="$target: $files $dep_libs\n";
         $file =~ s/\//$o/g if $o ne '/';
         $n=&bname($targer);
         $ret.="$target: $files $dep_libs\n";
-       $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n";
-       $ret.="  \$(APP_EX_OBJ) $files $libs\n<<\n";
-       $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n";
+       if ($standalone == 1)
+               {
+               $ret.="  \$(LINK) \$(LFLAGS) $efile$target @<<\n\t";
+               $ret.= "\$(EX_LIBS) " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild);
+               $ret.="$files $libs\n<<\n";
+               }
+       elsif ($standalone == 2)
+               {
+               $ret.="\tSET FIPS_LINK=\$(LINK)\n";
+               $ret.="\tSET FIPS_CC=\$(CC)\n";
+               $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
+               $ret.="\tSET PREMAIN_DSO_EXE=\n";
+               $ret.="\tSET FIPS_TARGET=$target\n";
+               $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
+               $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
+               $ret.="\t\$(FIPSLINK) \$(LFLAGS) /map $efile$target @<<\n";
+               $ret.="\t\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n";
+               }
+       else
+               {
+               $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n";
+               $ret.="\t\$(APP_EX_OBJ) $files $libs\n<<\n";
+               }
+       $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n";
+       return($ret);
+       }
+
+sub do_rlink_rule
+       {
+       local($target,$rl_start, $rl_mid, $rl_end,$dep_libs,$libs)=@_;
+       local($ret,$_);
+       my $files = "$rl_start $rl_mid $rl_end";
+
+       $file =~ s/\//$o/g if $o ne '/';
+       $n=&bname($targer);
+       $ret.="$target: $files $dep_libs \$(FIPS_SHA1_EXE)\n";
+       $ret.="\t\$(PERL) ms\\segrenam.pl \$\$a $rl_start\n";
+       $ret.="\t\$(PERL) ms\\segrenam.pl \$\$b $rl_mid\n";
+       $ret.="\t\$(PERL) ms\\segrenam.pl \$\$c $rl_end\n";
+       $ret.="\t\$(MKLIB) $lfile$target @<<\n\t$files\n<<\n";
+       $ret.="\t\$(FIPS_SHA1_EXE) $target > ${target}.sha1\n";
+       $ret.="\t\$(PERL) util${o}copy.pl -stripcr fips${o}fips_premain.c \$(LIB_D)${o}fips_premain.c\n";
+       $ret.="\t\$(CP) fips${o}fips_premain.c.sha1 \$(LIB_D)${o}fips_premain.c.sha1\n";
+       $ret.="\n";
         return($ret);
         }
  
         return($ret);
         }
  
@@ -322,15 +406,19 @@ sub win32_import_asm
                 }
  
         $$oref = "";
                 }
  
         $$oref = "";
-       $mf_var =~ s/\.o$/.obj/g;
+       $$sref = "";
+       $mf_var =~ s/\.o//g;
  
         foreach (split(/ /, $mf_var))
                 {
  
         foreach (split(/ /, $mf_var))
                 {
-               $$oref .= $asm_dir . $_ . " ";
+               $$sref .= $asm_dir . $_ . ".asm ";
+               }
+       foreach (split(/ /, $mf_var))
+               {
+               $$oref .= "\$(TMP_D)\\" . $_ . ".obj ";
                 }
         $$oref =~ s/ $//;
                 }
         $$oref =~ s/ $//;
-       $$sref = $$oref;
-       $$sref =~ s/\.obj/.asm/g;
+       $$sref =~ s/ $//;
  
         }
  
  
         }
author	Dr. Stephen Henson <steve@openssl.org>
	Thu, 3 Feb 2011 23:12:04 +0000 (23:12 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Thu, 3 Feb 2011 23:12:04 +0000 (23:12 +0000)
crypto/cryptlib.c		patch \| blob \| history
crypto/rand/rand.h		patch \| blob \| history
crypto/rand/rand_win.c		patch \| blob \| history
util/libeay.num		patch \| blob \| history
util/mk1mf.pl		patch \| blob \| history
util/mkfiles.pl		patch \| blob \| history
util/pl/VC-32.pl		patch \| blob \| history