Building: For the FIPS module checksum, keep track of configuration,h

The FIPS module checksum needs to know that configuration.h is
generated from configuration.h.in, so that information is conserved.
To make this possible, it's now possible to have attributes with the
GENERATE keyword, and the attribute "skip" is added to make a keyword
a no-op, which makes it informative only.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/16378)

diff --git a/Configurations/gentemplate.pm b/Configurations/gentemplate.pm
index a02b19a688101aeb6a3eb9eaee082d01eff88a99..4bf19af9c2cc587a85ce339318fc0fd344d9ad2c 100644 (file)
--- a/Configurations/gentemplate.pm
+++ b/Configurations/gentemplate.pm
@@ -56,7 +56,8 @@ sub emit {
     my $fh = $self->{output};
 
     die "No name?" unless $name;
-    print $fh "{-\n ", $name, '(', dump_data(\%opts), ');', " \n-}";
+    print $fh "{-\n ", $name, '(', dump_data(\%opts), ');', " \n-}"
+        unless defined $opts{attrs}->{skip};
 }
 
 my $debug_resolvedepends = $ENV{BUILDFILE_DEBUG_DEPENDS};
@@ -200,7 +201,7 @@ sub dogenerate {
     my $self = shift;
     my $src = shift;
     # Safety measure
-    return "" unless defined $self->{info}->{generate}->{$_};
+    return "" unless defined $self->{info}->{generate}->{$src};
     return "" if $cache{$src};
     my $obj = shift;
     my $bin = shift;
@@ -209,6 +210,7 @@ sub dogenerate {
         die "$src is generated by Configure, should not appear in build file\n"
             if ref $self->{info}->{generate}->{$src} eq "";
         my $script = $self->{info}->{generate}->{$src}->[0];
+        my %attrs = %{$self->{info}->{attributes}->{generate}->{$src} // {}};
         $self->emit('generatesrc',
              src => $src,
              product => $bin,
@@ -220,6 +222,7 @@ sub dogenerate {
                        defined $bin ? @{$self->{info}->{includes}->{$bin} // []} : () ],
              defs => [ defined $obj ? @{$self->{info}->{defines}->{$obj} // []} : (),
                        defined $bin ? @{$self->{info}->{defines}->{$bin} // []} : () ],
+             attrs => { %attrs },
              %opts);
         foreach (@{$self->{info}->{depends}->{$src} // []}) {
             $self->dogenerate($_, $obj, $bin, %opts);

diff --git a/Configure b/Configure
index 1992f907aaa49782260e04d6278b83593388bef8..ce0fcb6e51a9d44b2b6ac044ff10909706708b7e 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -2202,9 +2202,10 @@ if ($builder eq "unified") {
                                 \$attributes{depends}, $+{ATTRIBS},
                                 tokenize($expand_variables->($+{VALUE})))
                          if !@skip || $skip[$#skip] > 0; },
-            qr/^\s* GENERATE ${index_re} \s* = \s* ${value_re} \s* $/x
+            qr/^\s* GENERATE ${index_re} ${attribs_re} \s* = \s* ${value_re} \s* $/x
             => sub { $push_to->(\%generate, $expand_variables->($+{INDEX}),
-                                undef, undef, $expand_variables->($+{VALUE}))
+                                \$attributes{generate}, $+{ATTRIBS},
+                                $expand_variables->($+{VALUE}))
                          if !@skip || $skip[$#skip] > 0; },
             qr/^\s* (?:\#.*)? $/x => sub { },
             "OTHERWISE" => sub { die "Something wrong with this line:\n$_\nat $sourced/$f" },
@@ -2372,6 +2373,10 @@ EOF
             $check_generate{$ddest}->{$generator[0]}++;
 
             $unified_info{generate}->{$ddest} = [ @generator ];
+            # Fix up associated attributes
+            $unified_info{attributes}->{generate}->{$ddest} =
+                $attributes{generate}->{$dest}->{$gen}
+                if defined $attributes{generate}->{$dest}->{$gen};
         }
 
         foreach (keys %depends) {

diff --git a/build.info b/build.info
index 881dc907b55302b82255c6d4b2ba0222d762c187..76284cb70f1ad8f077140aa6257bb11e1c86e869 100644 (file)
--- a/build.info
+++ b/build.info
@@ -22,6 +22,7 @@ DEPEND[]=include/openssl/asn1.h \
          include/openssl/cmp.h \
          include/openssl/cms.h \
          include/openssl/conf.h \
+         include/openssl/configuration.h \
          include/openssl/crmf.h \
          include/openssl/crypto.h \
          include/openssl/ct.h \
@@ -48,6 +49,10 @@ GENERATE[include/openssl/bio.h]=include/openssl/bio.h.in
 GENERATE[include/openssl/cmp.h]=include/openssl/cmp.h.in
 GENERATE[include/openssl/cms.h]=include/openssl/cms.h.in
 GENERATE[include/openssl/conf.h]=include/openssl/conf.h.in
+# include/openssl/configuration.h is generated by configdata.pm
+# We still need this information for the FIPS module checksum, but the attribute
+# 'skip' ensures that nothing is actually done with it.
+GENERATE[include/openssl/configuration.h]{skip}=include/openssl/configuration.h.in
 GENERATE[include/openssl/crmf.h]=include/openssl/crmf.h.in
 GENERATE[include/openssl/crypto.h]=include/openssl/crypto.h.in
 GENERATE[include/openssl/ct.h]=include/openssl/ct.h.in