OpenSSL: OpenSSL-fips2-0_9_7-stable: openssl/ CHANGES Configure ...

Thread: OpenSSL: OpenSSL-fips2-0_9_7-stable: openssl/ CHANGES Configure ...

Search this list only Search all lists
OpenSSL: OpenSSL-fips2-0_9_7-stable: openssl/ CHANGES Configure ...
	2007-01-25 12:47:20

OpenSSL CVS Repository http://cvs.openssl.org/ ____________________________________________________________________________ Server: cvs.openssl.org Name: Dr. Stephen Henson Root: /v/openssl/cvs Email: steveopenssl.org Module: openssl Date: 25-Jan-2007 19:47:20 Branch: OpenSSL-fips2-0_9_7-stable Handle: 2007012518471504 Modified files: (Branch: OpenSSL-fips2-0_9_7-stable) openssl CHANGES Configure Makefile.org openssl/fips-1.0 fipsld openssl/test Makefile Log: New build option fipsdso Summary: Revision Changes Path 1.977.2.189.2.3+4 -0 openssl/CHANGES 1.314.2.134.2.1+32 -10 openssl/Configure 1.154.2.114.2.1+18 -3 openssl/Makefile.org 1.1.2.6.2.1 +11 -6 openssl/fips-1.0/fipsld 1.1.4.29.2.1+7 -2 openssl/test/Makefile ____________________________________________________________________________ patch -p0 <<' .' Index: openssl/CHANGES ============================================================================ $ cvs diff -u -r1.977.2.189.2.2 -r1.977.2.189.2.3 CHANGES --- openssl/CHANGES 24 Jan 2007 13:00:11 -0000 1.977.2.189.2.2 +++ openssl/CHANGES 25 Jan 2007 18:47:15 -0000 1.977.2.189.2.3 -4,6 +4,10 Changes between 0.9.7l and 0.9.7m-fips2 [xx XXX xxxx] + ) New build option fipsdso to link fipscanister.o into a DSO called + libfips.so and modify build system to link against it. + [Steve Henson] + ) New version of RSA_{sign,verify} for FIPS code. This uses pregenerated DigestInfo encodings and thus avoids all ASN1 library dependencies. Update FIPS digests to use new functions. Remove large numbers of obsolete . patch -p0 <<' .' Index: openssl/Configure ============================================================================ $ cvs diff -u -r1.314.2.134 -r1.314.2.134.2.1 Configure --- openssl/Configure 16 Jan 2007 19:30:18 -0000 1.314.2.134 +++ openssl/Configure 25 Jan 2007 18:47:16 -0000 1.314.2.134.2.1 -623,6 +623,7 my $install_prefix=""; my $fipslibdir="/usr/local/ssl/lib/"; my $nofipscanistercheck=0; +my $fipsdso=0; my $fipscanisterinternal="n"; my $baseaddr="0xFB00000"; my $no_threads=0; -843,6 +844,27 # The check for the option is there so scripts aren't # broken } + elsif (/^nofipscanistercheck$/) + { + $fips = 1; + $nofipscanistercheck = 1; + } + elsif (/^fipscanisterbuild$/) + { + $fips = 1; + $nofipscanistercheck = 1; + $fipslibdir=""; + $fipscanisterinternal="y"; + } + elsif (/^fipsdso$/) + { + $fips = 1; + $nofipscanistercheck = 1; + $fipslibdir=""; + $fipscanisterinternal="y"; + $fipsdso = 1; + $no_shared = 0; + } elsif (/^[-+]/) { if (/^-[lL](.)$/) -873,16 +895,6 { $withargs{"zlib-lib"}=$1; } - elsif (/^--nofipscanistercheck$/) - { - $nofipscanistercheck = 1; - } - elsif (/^--fipscanisterbuild$/) - { - $nofipscanistercheck = 1; - $fipslibdir=""; - $fipscanisterinternal="y"; - } elsif (/^--with-fipslibdir=(.)$/) { $fipslibdir="$1/"; -1356,6 +1368,16 s/^LIBKRB5=./LIBKRB5=$withargs{"krb5-lib"}/; s/^LIBZLIB=./LIBZLIB=$withargs{"zlib-lib"}/; s/^FIPSLIBDIR=./FIPSLIBDIR=$fipslibdir/; + if ($fipsdso) + { + s/^FIPSCANLIB=./FIPSCANLIB=libfips/; + s/^SHARED_FIPS=./SHARED_FIPS=libfips$(SHLIB_EXT)/; + } + else + { + s/^FIPSCANLIB=./FIPSCANLIB=/; + s/^SHARED_FIPS=./SHARED_FIPS=/; + } s/^FIPSCANISTERINTERNAL=./FIPSCANISTERINTERNAL=$fipscanisterinternal/; s/^BASEADDR=./BASEADDR=$baseaddr/; s/^ZLIB_INCLUDE=./ZLIB_INCLUDE=$withargs{"zlib-include"}/; . patch -p0 <<' .' Index: openssl/Makefile.org ============================================================================ $ cvs diff -u -r1.154.2.114 -r1.154.2.114.2.1 Makefile.org --- openssl/Makefile.org 16 Jan 2007 19:30:19 -0000 1.154.2.114 +++ openssl/Makefile.org 25 Jan 2007 18:47:17 -0000 1.154.2.114.2.1 -185,6 +185,7 FIPSLIBDIR=/usr/local/ssl/lib/ FIPSCANISTERINTERNAL=n +FIPSCANLIB= # Shared library base address. Currently only used on Windows. # -227,6 +228,7 LIBS= libcrypto.a libssl.a SHARED_CRYPTO=libcrypto$(SHLIB_EXT) SHARED_SSL=libssl$(SHLIB_EXT) +SHARED_FIPS= SHARED_LIBS= SHARED_LIBS_LINK_EXTS= SHARED_LDFLAGS= -249,7 +251,7 do if [ -d "$$i" ]; then (cd $$i && echo "making all in $$i..." && - $(MAKE) CC='$' PLATFORM='$' CFLAG='${CFLAG}' AS='$' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='$' EX_LIBS='$' BN_ASM='${BN_ASM}' DES_ENC='$' FIPS_DES_ENC='${FIPS_DES_ENC}' FIPS_AES_ENC='${FIPS_AES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='$' RC4_ENC='$' RC5_ENC='$' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='$' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='$' EXE_EXT='$' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' FIPSLIBDIR='${FIPSLIBDIR}' all ) \|\| exit 1; + $(MAKE) CC='$' PLATFORM='$' CFLAG='${CFLAG}' AS='$' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='$' EX_LIBS='$' BN_ASM='${BN_ASM}' DES_ENC='$' FIPS_DES_ENC='${FIPS_DES_ENC}' FIPS_AES_ENC='${FIPS_AES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='$' RC4_ENC='$' RC5_ENC='$' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='$' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='$' EXE_EXT='$' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' FIPSLIBDIR='${FIPSLIBDIR}' FIPSCANLIB='${FIPSCANLIB}' all ) \|\| exit 1; else $(MAKE) $$i; fi; -266,9 +268,15 fi; done; -libcrypto$(SHLIB_EXT): libcrypto.a +libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS) if [ "$(SHLIB_TARGET)" != "" ]; then - $(MAKE) SHLIBDIRS=crypto build-shared; + if [ "$(FIPSCANLIB)" = "libfips" ]; then + $(ARD) libcrypto.a fipscanister.o ; + $(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; + $(AR) libcrypto.a fips-1.0/fipscanister.o ; + else + $(MAKE) SHLIBDIRS='crypto' build-shared; + fi else echo "There's no support for shared libraries on this platform" >&2; fi -280,6 +288,13 echo "There's no support for shared libraries on this platform" >&2; fi +libfips$(SHLIB_EXT): + if [ "$(SHLIB_TARGET)" != "" ]; then + $(MAKE) SHLIBDIRS=fips build-shared; + else + echo "There's no support for shared libraries on this platform" >&2; + fi + clean-shared: for i in $(SHLIBDIRS); do if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then . patch -p0 <<' .' Index: openssl/fips-1.0/fipsld ============================================================================ $ cvs diff -u -r1.1.2.6 -r1.1.2.6.2.1 fipsld --- openssl/fips-1.0/fipsld 16 Jan 2007 19:45:14 -0000 1.1.2.6 +++ openssl/fips-1.0/fipsld 25 Jan 2007 18:47:18 -0000 1.1.2.6.2.1 -32,6 +32,11 THERE="`echo $0 \| sed -e 's\|[^/]$\|\|'`".. +# FIPSCANLIB is the library containing fipscanister.o by default it is +# libcrypto.a + +FIPSCANLIB=${FIPSCANLIB:-libcrypto} + # FIPSLIBDIR is location of installed validated FIPS module # if FIPSCANISTERINTERNAL="y" link against internally generated fipscanister.o if [ "x$FIPSCANISTERINTERNAL" != "xy" ]; then -59,7 +64,7 esac case "$" in -libcrypto\|.dll) # must be linking a shared lib... +${FIPCANLIB}\|*.dll) # must be linking a shared lib... # Shared lib creation can be taking place in the source # directory only!!! FINGERTYPE="$/fips-1.0/sha/fips_standalone_sha1" -78,15 +83,15 diff -w "${PREMAIN_C}.sha1" - \|\| { echo "${PREMAIN_C} fingerprint mismatch"; exit 1; } - # Temporarily remove fipscanister.o from libcrypto.a! + # Temporarily remove fipscanister.o from library! # We are required to use the standalone copy... - trap 'ar r "$/libcrypto.a" "${CANISTER_O}"; - (ranlib "$/libcrypto.a") 2>/dev/null; + trap 'ar r "$/$FIPSCANLIB.a" "${CANISTER_O}"; + (ranlib "$/$FIPSCANLIB.a") 2>/dev/null; sleep 1; touch -c "$"' 0 - ar d "$/libcrypto.a" fipscanister.o 2>&1 > /dev/null \|\| : - (ranlib "$/libcrypto.a") 2>/dev/null \|\| : + ar d "$/$FIPSCANLIB.a" fipscanister.o 2>&1 > /dev/null \|\| : + (ranlib "$/$FIPSCANLIB.a") 2>/dev/null \|\| : $ "${CANISTER_O}" "${PREMAIN_C}" . patch -p0 <<' .' Index: openssl/test/Makefile ============================================================================ $ cvs diff -u -r1.1.4.29 -r1.1.4.29.2.1 Makefile --- openssl/test/Makefile 20 Jan 2007 18:49:05 -0000 1.1.4.29 +++ openssl/test/Makefile 25 Jan 2007 18:47:19 -0000 1.1.4.29.2.1 -342,8 +342,13 fi; if [ -z "$$SHARED_LIBS" ]; then set -x; $${CC(CC)} -o $$target$(EXE_EXT) $(CFLAGS) $$target.o $(PEX_LIBS) $(LIBKRB5) $(EX_LIBS) ; - else set -x; LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH - $(CC) -o $$target$(EXE_EXT) $(CFLAGS) $$target.o $(PEX_LIBS) $(LIBKRB5) $(EX_LIBS) ; + else set -x; LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH ; + if [ "$(FIPSCANLIB)" = "libfips" ]; then + fipsexlib="-lfips" ; + else + fipsexlib="-lcrypto" ; + fi ; + $(CC) -o $$target$(EXE_EXT) $(CFLAGS) $$target.o $(PEX_LIBS) $(LIBKRB5) $(EX_LIBS) -L.. $$fipsexlib ; fi FIPS_BUILD_CMD=if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then . ______________________________________________________________________ OpenSSL Project http://www.openssl.org CVS Repository Commit List openssl-cvsopenssl.org Automated List Manager majordomoopenssl.org

[1]

about | contact Other archives ( Real Estate discussion Medical topics )