Add FIPS support to mkdef.pl script, update ordinals.
authorDr. Stephen Henson <steve@openssl.org>
Thu, 3 Feb 2011 12:59:01 +0000 (12:59 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 3 Feb 2011 12:59:01 +0000 (12:59 +0000)
util/libeay.num
util/mkdef.pl

index f9d70d3..8aebc1f 100755 (executable)
@@ -2804,12 +2804,12 @@ OPENSSL_cleanse                         3245    EXIST::FUNCTION:
 ENGINE_setup_bsd_cryptodev              3246   EXIST:__FreeBSD__:FUNCTION:ENGINE
 ERR_release_err_state_table             3247   EXIST::FUNCTION:LHASH
 EVP_aes_128_cfb8                        3248   EXIST::FUNCTION:AES
-FIPS_corrupt_rsa                        3249   NOEXIST::FUNCTION:
-FIPS_selftest_des                       3250   NOEXIST::FUNCTION:
+FIPS_corrupt_rsa                        3249   EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_des                       3250   EXIST:OPENSSL_FIPS:FUNCTION:
 EVP_aes_128_cfb1                        3251   EXIST::FUNCTION:AES
 EVP_aes_192_cfb8                        3252   EXIST::FUNCTION:AES
-FIPS_mode_set                           3253   NOEXIST::FUNCTION:
-FIPS_selftest_dsa                       3254   NOEXIST::FUNCTION:
+FIPS_mode_set                           3253   EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_dsa                       3254   EXIST:OPENSSL_FIPS:FUNCTION:
 EVP_aes_256_cfb8                        3255   EXIST::FUNCTION:AES
 FIPS_allow_md5                          3256   NOEXIST::FUNCTION:
 DES_ede3_cfb_encrypt                    3257   EXIST::FUNCTION:DES
@@ -2817,29 +2817,29 @@ EVP_des_ede3_cfb8                       3258    EXIST::FUNCTION:DES
 FIPS_rand_seeded                        3259   NOEXIST::FUNCTION:
 AES_cfbr_encrypt_block                  3260   NOEXIST::FUNCTION:
 AES_cfb8_encrypt                        3261   EXIST::FUNCTION:AES
-FIPS_rand_seed                          3262   NOEXIST::FUNCTION:
-FIPS_corrupt_des                        3263   NOEXIST::FUNCTION:
+FIPS_rand_seed                          3262   EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_des                        3263   EXIST:OPENSSL_FIPS:FUNCTION:
 EVP_aes_192_cfb1                        3264   EXIST::FUNCTION:AES
-FIPS_selftest_aes                       3265   NOEXIST::FUNCTION:
+FIPS_selftest_aes                       3265   EXIST:OPENSSL_FIPS:FUNCTION:
 FIPS_set_prng_key                       3266   NOEXIST::FUNCTION:
 EVP_des_cfb8                            3267   EXIST::FUNCTION:DES
-FIPS_corrupt_dsa                        3268   NOEXIST::FUNCTION:
+FIPS_corrupt_dsa                        3268   EXIST:OPENSSL_FIPS:FUNCTION:
 FIPS_test_mode                          3269   NOEXIST::FUNCTION:
-FIPS_rand_method                        3270   NOEXIST::FUNCTION:
+FIPS_rand_method                        3270   EXIST:OPENSSL_FIPS:FUNCTION:
 EVP_aes_256_cfb1                        3271   EXIST::FUNCTION:AES
-ERR_load_FIPS_strings                   3272   NOEXIST::FUNCTION:
-FIPS_corrupt_aes                        3273   NOEXIST::FUNCTION:
-FIPS_selftest_sha1                      3274   NOEXIST::FUNCTION:
-FIPS_selftest_rsa                       3275   NOEXIST::FUNCTION:
-FIPS_corrupt_sha1                       3276   NOEXIST::FUNCTION:
+ERR_load_FIPS_strings                   3272   EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_aes                        3273   EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_sha1                      3274   EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_rsa                       3275   EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_sha1                       3276   EXIST:OPENSSL_FIPS:FUNCTION:
 EVP_des_cfb1                            3277   EXIST::FUNCTION:DES
 FIPS_dsa_check                          3278   NOEXIST::FUNCTION:
 AES_cfb1_encrypt                        3279   EXIST::FUNCTION:AES
 EVP_des_ede3_cfb1                       3280   EXIST::FUNCTION:DES
-FIPS_rand_check                         3281   NOEXIST::FUNCTION:
+FIPS_rand_check                         3281   EXIST:OPENSSL_FIPS:FUNCTION:
 FIPS_md5_allowed                        3282   NOEXIST::FUNCTION:
-FIPS_mode                               3283   NOEXIST::FUNCTION:
-FIPS_selftest_failed                    3284   NOEXIST::FUNCTION:
+FIPS_mode                               3283   EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_failed                    3284   EXIST:OPENSSL_FIPS:FUNCTION:
 sk_is_sorted                            3285   EXIST::FUNCTION:
 X509_check_ca                           3286   EXIST::FUNCTION:
 private_idea_set_encrypt_key            3287   NOEXIST::FUNCTION:
@@ -2868,13 +2868,13 @@ PROXY_CERT_INFO_EXTENSION_it            3307    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI
 PROXY_POLICY_free                       3308   EXIST::FUNCTION:
 PROXY_POLICY_new                        3309   EXIST::FUNCTION:
 BN_MONT_CTX_set_locked                  3310   EXIST::FUNCTION:
-FIPS_selftest_rng                       3311   NOEXIST::FUNCTION:
+FIPS_selftest_rng                       3311   EXIST:OPENSSL_FIPS:FUNCTION:
 EVP_sha384                              3312   EXIST:!VMSVAX:FUNCTION:SHA,SHA512
 EVP_sha512                              3313   EXIST:!VMSVAX:FUNCTION:SHA,SHA512
 EVP_sha224                              3314   EXIST::FUNCTION:SHA,SHA256
 EVP_sha256                              3315   EXIST::FUNCTION:SHA,SHA256
-FIPS_selftest_hmac                      3316   NOEXIST::FUNCTION:
-FIPS_corrupt_rng                        3317   NOEXIST::FUNCTION:
+FIPS_selftest_hmac                      3316   EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_rng                        3317   EXIST:OPENSSL_FIPS:FUNCTION:
 BN_mod_exp_mont_consttime               3318   EXIST::FUNCTION:
 RSA_X931_hash_id                        3319   EXIST::FUNCTION:RSA
 RSA_padding_check_X931                  3320   EXIST::FUNCTION:RSA
@@ -3661,44 +3661,44 @@ ENGINE_load_capi                        4047    EXIST::FUNCTION:ENGINE,STATIC_ENGIN
 OPENSSL_isservice                       4048   EXIST::FUNCTION:
 FIPS_dsa_sig_decode                     4049   NOEXIST::FUNCTION:
 EVP_CIPHER_CTX_clear_flags              4050   EXIST::FUNCTION:
-FIPS_rand_status                        4051   NOEXIST::FUNCTION:
-FIPS_rand_set_key                       4052   NOEXIST::FUNCTION:
+FIPS_rand_status                        4051   EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_set_key                       4052   EXIST:OPENSSL_FIPS:FUNCTION:
 CRYPTO_set_mem_info_functions           4053   NOEXIST::FUNCTION:
 RSA_X931_generate_key_ex                4054   EXIST::FUNCTION:RSA
 int_ERR_set_state_func                  4055   NOEXIST::FUNCTION:
 int_EVP_MD_set_engine_callbacks         4056   NOEXIST::FUNCTION:
 int_CRYPTO_set_do_dynlock_callback      4057   NOEXIST::FUNCTION:
-FIPS_rng_stick                          4058   NOEXIST::FUNCTION:
+FIPS_rng_stick                          4058   EXIST:OPENSSL_FIPS:FUNCTION:
 EVP_CIPHER_CTX_set_flags                4059   EXIST::FUNCTION:
 BN_X931_generate_prime_ex               4060   EXIST::FUNCTION:
-FIPS_selftest_check                     4061   NOEXIST::FUNCTION:
-FIPS_rand_set_dt                        4062   NOEXIST::FUNCTION:
+FIPS_selftest_check                     4061   EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_set_dt                        4062   EXIST:OPENSSL_FIPS:FUNCTION:
 CRYPTO_dbg_pop_info                     4063   NOEXIST::FUNCTION:
-FIPS_dsa_free                           4064   EXIST::FUNCTION:DSA
+FIPS_dsa_free                           4064   EXIST:OPENSSL_FIPS:FUNCTION:DSA
 RSA_X931_derive_ex                      4065   EXIST::FUNCTION:RSA
-FIPS_rsa_new                            4066   EXIST::FUNCTION:RSA
-FIPS_rand_bytes                         4067   NOEXIST::FUNCTION:
-fips_cipher_test                        4068   NOEXIST::FUNCTION:
+FIPS_rsa_new                            4066   EXIST:OPENSSL_FIPS:FUNCTION:RSA
+FIPS_rand_bytes                         4067   EXIST:OPENSSL_FIPS:FUNCTION:
+fips_cipher_test                        4068   EXIST:OPENSSL_FIPS:FUNCTION:
 EVP_CIPHER_CTX_test_flags               4069   EXIST::FUNCTION:
 CRYPTO_malloc_debug_init                4070   NOEXIST::FUNCTION:
 CRYPTO_dbg_push_info                    4071   NOEXIST::FUNCTION:
-FIPS_corrupt_rsa_keygen                 4072   NOEXIST::FUNCTION:
-FIPS_dh_new                             4073   EXIST::FUNCTION:DH
-FIPS_corrupt_dsa_keygen                 4074   NOEXIST::FUNCTION:
-FIPS_dh_free                            4075   EXIST::FUNCTION:DH
-fips_pkey_signature_test                4076   NOEXIST::FUNCTION:
+FIPS_corrupt_rsa_keygen                 4072   EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_dh_new                             4073   EXIST:OPENSSL_FIPS:FUNCTION:DH
+FIPS_corrupt_dsa_keygen                 4074   EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_dh_free                            4075   EXIST:OPENSSL_FIPS:FUNCTION:DH
+fips_pkey_signature_test                4076   EXIST:OPENSSL_FIPS:FUNCTION:
 EVP_add_alg_module                      4077   NOEXIST::FUNCTION:
 int_RAND_init_engine_callbacks          4078   NOEXIST::FUNCTION:
 int_EVP_CIPHER_set_engine_callbacks     4079   NOEXIST::FUNCTION:
 int_EVP_MD_init_engine_callbacks        4080   NOEXIST::FUNCTION:
-FIPS_rand_test_mode                     4081   NOEXIST::FUNCTION:
-FIPS_rand_reset                         4082   NOEXIST::FUNCTION:
-FIPS_dsa_new                            4083   EXIST::FUNCTION:DSA
+FIPS_rand_test_mode                     4081   EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_reset                         4082   EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_dsa_new                            4083   EXIST:OPENSSL_FIPS:FUNCTION:DSA
 int_RAND_set_callbacks                  4084   NOEXIST::FUNCTION:
 BN_X931_derive_prime_ex                 4085   EXIST::FUNCTION:
 int_ERR_lib_init                        4086   NOEXIST::FUNCTION:
 int_EVP_CIPHER_init_engine_callbacks    4087   NOEXIST::FUNCTION:
-FIPS_rsa_free                           4088   EXIST::FUNCTION:RSA
+FIPS_rsa_free                           4088   EXIST:OPENSSL_FIPS:FUNCTION:RSA
 FIPS_dsa_sig_encode                     4089   NOEXIST::FUNCTION:
 CRYPTO_dbg_remove_all_info              4090   NOEXIST::FUNCTION:
 OPENSSL_init                            4091   NOEXIST::FUNCTION:
@@ -4224,29 +4224,35 @@ CRYPTO_gcm128_finish                    4594    EXIST::FUNCTION:
 ASN1_item_sign_ctx                      4595   EXIST::FUNCTION:EVP
 X509_ALGOR_set_md                       4596   EXIST::FUNCTION:
 CRYPTO_ctr128_encrypt_ctr32             4597   EXIST::FUNCTION:
-FIPS_set_error_callbacks                4598   EXIST::FUNCTION:
+FIPS_set_error_callbacks                4598   EXIST:OPENSSL_FIPS:FUNCTION:
 EC_KEY_set_public_key_affine_coordinates 4599  EXIST::FUNCTION:EC
-FIPS_rsa_verify_digest                  4600   EXIST::FUNCTION:RSA
+FIPS_rsa_verify_digest                  4600   EXIST:OPENSSL_FIPS:FUNCTION:RSA
 RSA_padding_add_PKCS1_PSS_mgf1          4601   EXIST::FUNCTION:RSA
-FIPS_rsa_sign_digest                    4602   EXIST::FUNCTION:RSA
-FIPS_dsa_sign_digest                    4603   EXIST::FUNCTION:DSA
+FIPS_rsa_sign_digest                    4602   EXIST:OPENSSL_FIPS:FUNCTION:RSA
+FIPS_dsa_sign_digest                    4603   EXIST:OPENSSL_FIPS:FUNCTION:DSA
 ASN1_SCTX_get_flags                     4604   EXIST::FUNCTION:
-FIPS_dsa_verify_ctx                     4605   EXIST::FUNCTION:DSA
-FIPS_dsa_sign_ctx                       4606   EXIST::FUNCTION:DSA
+FIPS_dsa_verify_ctx                     4605   EXIST:OPENSSL_FIPS:FUNCTION:DSA
+FIPS_dsa_sign_ctx                       4606   EXIST:OPENSSL_FIPS:FUNCTION:DSA
 EVP_PKEY_meth_get0_info                 4607   EXIST::FUNCTION:
 ASN1_SCTX_get_template                  4608   EXIST::FUNCTION:
 ASN1_SCTX_set_app_data                  4609   EXIST::FUNCTION:
 ASN1_SCTX_free                          4610   EXIST::FUNCTION:
 EVP_PKEY_meth_copy                      4611   EXIST::FUNCTION:
-FIPS_dsa_verify_digest                  4612   EXIST::FUNCTION:DSA
+FIPS_dsa_verify_digest                  4612   EXIST:OPENSSL_FIPS:FUNCTION:DSA
 ERR_add_error_vdata                     4613   EXIST::FUNCTION:
 CRYPTO_gcm128_init                      4614   EXIST::FUNCTION:
 RSA_verify_PKCS1_PSS_mgf1               4615   EXIST::FUNCTION:RSA
 ASN1_SCTX_get_item                      4616   EXIST::FUNCTION:
 ASN1_SCTX_get_app_data                  4617   EXIST::FUNCTION:
-FIPS_rsa_sign_ctx                       4618   EXIST::FUNCTION:RSA
+FIPS_rsa_sign_ctx                       4618   EXIST:OPENSSL_FIPS:FUNCTION:RSA
 CRYPTO_gcm128_decrypt_ctr32             4619   EXIST::FUNCTION:
 CRYPTO_gcm128_encrypt_ctr32             4620   EXIST::FUNCTION:
 ASN1_SCTX_new                           4621   EXIST::FUNCTION:
-EC_GFp_nistp224_method                  4622   EXIST::FUNCTION:EC
-FIPS_rsa_verify_ctx                     4623   EXIST::FUNCTION:RSA
+EC_GFp_nistp224_method                  4622   EXIST:!WIN32:FUNCTION:EC
+FIPS_rsa_verify_ctx                     4623   EXIST:OPENSSL_FIPS:FUNCTION:RSA
+FIPS_selftest                           4624   EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_set_locking_callback               4625   EXIST:OPENSSL_FIPS:FUNCTION:
+fips_set_selftest_fail                  4626   EXIST:OPENSSL_FIPS:FUNCTION:
+fips_check_rsa                          4627   EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_check_incore_fingerprint           4628   EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_incore_fingerprint                 4629   EXIST:OPENSSL_FIPS:FUNCTION:
index 1179f58..681c2bb 100755 (executable)
@@ -79,7 +79,7 @@ my $OS2=0;
 my $safe_stack_def = 0;
 
 my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",
-                       "EXPORT_VAR_AS_FUNCTION", "ZLIB" );
+                       "EXPORT_VAR_AS_FUNCTION", "ZLIB", "OPENSSL_FIPS" );
 my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
 my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
                         "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
@@ -129,6 +129,8 @@ my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
 my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
 my $no_jpake; my $no_ssl2;
 
+my $fips;
+
 my $zlib;
 
 
@@ -151,6 +153,7 @@ foreach (@ARGV, split(/ /, $options))
        }
        $VMS=1 if $_ eq "VMS";
        $OS2=1 if $_ eq "OS2";
+       $fips=1 if /^fips/;
        if ($_ eq "zlib" || $_ eq "enable-zlib" || $_ eq "zlib-dynamic"
                         || $_ eq "enable-zlib-dynamic") {
                $zlib = 1;
@@ -317,6 +320,7 @@ $crypto.=" crypto/pqueue/pqueue.h";
 $crypto.=" crypto/cms/cms.h";
 $crypto.=" crypto/jpake/jpake.h";
 $crypto.=" crypto/modes/modes.h";
+$crypto.=" fips/fips.h fips/rand/fips_rand.h";
 
 my $symhacks="crypto/symhacks.h";
 
@@ -1118,6 +1122,9 @@ sub is_valid
                        if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && ($VMSVAX || $W32 || $W16)) {
                                return 1;
                        }
+                       if ($keyword eq "OPENSSL_FIPS" && $fips) {
+                               return 1;
+                       }
                        if ($keyword eq "ZLIB" && $zlib) { return 1; }
                        return 0;
                } else {