Don't use vpaes in fips builds and exclude from restricted tarball.
authorDr. Stephen Henson <steve@openssl.org>
Thu, 15 Sep 2011 21:06:37 +0000 (21:06 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 15 Sep 2011 21:06:37 +0000 (21:06 +0000)
Configure
util/fipsdist.pl

index d8c93e9..29068b0 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -1552,6 +1552,7 @@ if ($aes_obj =~ /\.o$/)
        # module implements AES_ctr32_encrypt...
        $cflags.=" -DAES_CTR_ASM" if ($aes_obj =~ s/\s*aes_ctr\.o//);
        $aes_obj =~ s/\s*(vpaes|aesni)\-x86\.o// if ($no_sse2);
+       $aes_obj =~ s/\s*vpaes-\w*\.o// if ($fipscanisterinternal eq "y");
        $cflags.=" -DVPAES_ASM" if ($aes_obj =~ m/vpaes/);
        }
 else   {
index 07a09ce..b191fbe 100644 (file)
@@ -66,6 +66,7 @@ while (<STDIN>)
                next if -d "crypto/$1" && !exists $cdirs{$1};
                # Skip GF2m assembly language perl scripts
                next if $noec2m && /gf2m\.pl/;
+               next if /vpaes-\w*\.pl/;
                # Keep assembly language dir, Makefile or certain extensions
                if (!/\/asm\// && !/\/Makefile$/ && !/\.(in|pl|h|S)$/)
                        {