OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________
________________
Server: cvs.openssl.org Name: Dr.
Stephen Henson
Root: /v/openssl/cvs Email: steve openssl.org
Module: openssl Date:
27-Jan-2007 14:19:42
Branch: OpenSSL-fips2-0_9_7-stable Handle:
2007012713193903
Added files: (Branch:
OpenSSL-fips2-0_9_7-stable)
openssl/util mksdef.pl
Modified files: (Branch:
OpenSSL-fips2-0_9_7-stable)
openssl CHANGES Configure
openssl/fips-1.0 Makefile
openssl/util mk1mf.pl mkdef.pl
openssl/util/pl VC-32.pl
Log:
Preliminary VC++ build changes to support fipsdso. New
perl script nksdef.pl to
work out how to split the DEF file between the two DLLs
based on which symbols
the linker complains about (!).
Summary:
Revision Changes Path
1.977.2.189.2.4+2 -1 openssl/CHANGES
1.314.2.134.2.3+2 -0 openssl/Configure
1.1.2.15.2.7+2 -0 openssl/fips-1.0/Makefile
1.41.2.34.2.2+30 -4 openssl/util/mk1mf.pl
1.67.2.12.2.2+1 -2 openssl/util/mkdef.pl
1.1.2.1 +85 -0 openssl/util/mksdef.pl
1.11.2.24.2.2+44 -8 openssl/util/pl/VC-32.pl
____________________________________________________________
________________
patch -p0 <<' .'
Index: openssl/CHANGES
============================================================
================
$ cvs diff -u -r1.977.2.189.2.3 -r1.977.2.189.2.4 CHANGES
--- openssl/CHANGES 25 Jan 2007 18:47:15
-0000 1.977.2.189.2.3
+++ openssl/CHANGES 27 Jan 2007 13:19:39
-0000 1.977.2.189.2.4
-5,7 +5,8
Changes between 0.9.7l and 0.9.7m-fips2 [xx XXX xxxx]
*) New build option fipsdso to link fipscanister.o into
a DSO called
- libfips.so and modify build system to link against
it.
+ libfips.so and modify build system to link against
it. Preliminary changes
+ to VC++ build system to accomodate fipsdso.
[Steve Henson]
*) New version of RSA_{sign,verify} for FIPS code. This
uses pregenerated
.
patch -p0 <<' .'
Index: openssl/Configure
============================================================
================
$ cvs diff -u -r1.314.2.134.2.2 -r1.314.2.134.2.3
Configure
--- openssl/Configure 25 Jan 2007 22:39:08
-0000 1.314.2.134.2.2
+++ openssl/Configure 27 Jan 2007 13:19:40
-0000 1.314.2.134.2.3
-991,6 +991,8
my $IsWindows=scalar grep /^$target$/,WinTargets;
+$no_shared = 1 if ($IsWindows && $fipsdso);
+
$exe_ext=".exe" if ($target eq
"Cygwin" || $target eq "DJGPP" ||
$target eq "mingw");
$exe_ext=".pm" if ($target eq
"vos-gcc" or $target eq "debug-vos-gcc"
or $target eq "vos-vcc" or $target eq
"debug-vos-vcc");
$openssldir="/usr/local/ssl" if ($openssldir eq
"" and $prefix eq "");
.
patch -p0 <<' .'
Index: openssl/fips-1.0/Makefile
============================================================
================
$ cvs diff -u -r1.1.2.15.2.6 -r1.1.2.15.2.7 Makefile
--- openssl/fips-1.0/Makefile 26 Jan 2007 00:39:55
-0000 1.1.2.15.2.6
+++ openssl/fips-1.0/Makefile 27 Jan 2007 13:19:41
-0000 1.1.2.15.2.7
-262,6 +262,8
../crypto/des/ecb_enc.o
../crypto/des/ofb64ede.o
../crypto/des/ofb64enc.o
+ ../crypto/des/fcrypt_b.o
+ ../crypto/des/fcrypt.o
../crypto/dh/dh_lib.o
../crypto/dsa/dsa_lib.o
../crypto/dsa/dsa_sign.o
.
patch -p0 <<' .'
Index: openssl/util/mk1mf.pl
============================================================
================
$ cvs diff -u -r1.41.2.34.2.1 -r1.41.2.34.2.2 mk1mf.pl
--- openssl/util/mk1mf.pl 26 Jan 2007 14:25:30
-0000 1.41.2.34.2.1
+++ openssl/util/mk1mf.pl 27 Jan 2007 13:19:41
-0000 1.41.2.34.2.2
-19,6 +19,7
my $fips_sha1_exe_path = "";
local $fipscanisterbuild = 0;
+local $fipsdso = 0;
my $fipslibdir = "";
my $baseaddr = "";
-450,6 +451,8
# $ex_build_targets .=
"$(BIN_D)$$(E_PREMAIN_DSO)$exep" if ($fips);
+$ex_l_libs .= " $(L_FIPS)" if $fipsdso;
+
if ($fips)
{
if (!$shlib)
-587,6 +590,7
E_EXE=openssl
SSL=$ssl
CRYPTO=$crypto
+LIBFIPS=libfips
# BIN_D - Binary output directory
# TEST_D - Binary test file output directory
-605,10 +609,12
O_SSL= $(LIB_D)$o$plib$(SSL)$shlibp
O_CRYPTO= $(LIB_D)$o$plib$(CRYPTO)$shlibp
+O_FIPS= $(LIB_D)$o$plib$(LIBFIPS)$shlibp
SO_SSL= $plib$(SSL)$so_shlibp
SO_CRYPTO= $plib$(CRYPTO)$so_shlibp
L_SSL= $(LIB_D)$o$plib$(SSL)$libp
L_CRYPTO= $(LIB_D)$o$plib$(CRYPTO)$libp
+L_FIPS= $(LIB_D)$o$plib$(LIBFIPS)$libp
L_LIBS= $(L_SSL) $(L_CRYPTO) $ex_l_libs
-841,10 +847,24
{
if ($shlib)
{
- $rules.= &do_lib_rule("$(CRYPTOOBJ)
$(O_FIPSCANISTER)",
- "$(O_CRYPTO)",
- "$crypto",
- $shlib, "$(SO_CRYPTO)",
"$(BASEADDR)");
+ if ($fipsdso)
+ {
+ $rules.= &do_lib_rule("$(CRYPTOOBJ)",
+ "$(O_CRYPTO)", "$crypto",
+ $shlib, "", "");
+ $rules.= &do_lib_rule(
+ "$(O_FIPSCANISTER)",
+ "$(O_FIPS)", "libfips",
+ $shlib, "$(SO_CRYPTO)",
"$(BASEADDR)");
+ $rules.= &do_sdef_rule();
+ }
+ else
+ {
+ $rules.= &do_lib_rule(
+ "$(CRYPTOOBJ) $(O_FIPSCANISTER)",
+ "$(O_CRYPTO)", "$crypto",
+ $shlib, "$(SO_CRYPTO)",
"$(BASEADDR)");
+ }
}
else
{
-1189,6 +1209,12
$fips=1;
$fipscanisterbuild=1;
}
+ elsif (/^fipsdso$/)
+ {
+ $fips=1;
+ $fipscanisterbuild=1;
+ $fipsdso=1;
+ }
elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
elsif (/^-[lL].*$/) { $l_flags.="$_ "; }
elsif ((!/^-help/) && (!/^-h/) &&
(!/^-?/) && /^-.*$/)
.
patch -p0 <<' .'
Index: openssl/util/mkdef.pl
============================================================
================
$ cvs diff -u -r1.67.2.12.2.1 -r1.67.2.12.2.2 mkdef.pl
--- openssl/util/mkdef.pl 26 Jan 2007 14:25:30
-0000 1.67.2.12.2.1
+++ openssl/util/mkdef.pl 27 Jan 2007 13:19:41
-0000 1.67.2.12.2.2
-130,8 +130,7
}
$VMS=1 if $_ eq "VMS";
$OS2=1 if $_ eq "OS2";
- $fips=1 if $_ eq "fips";
- $fips=1 if $_ eq "fipscanisterbuild";
+ $fips=1 if /^fips/;
$do_ssl=1 if $_ eq "ssleay";
if ($_ eq "ssl") {
.
patch -p0 <<' .'
Index: openssl/util/mksdef.pl
============================================================
================
$ cvs diff -u -r0 -r1.1.2.1 mksdef.pl
--- /dev/null 2007-01-27 14:18:35 +0100
+++ mksdef.pl 2007-01-27 14:19:42 +0100
-0,0 +1,85
+
+# Perl script to split libeay32.def into two distinct DEF
files for use in
+# fipdso mode. It works out symbols in each case by
running "link" command and
+# parsing the output to find the list of missing symbols
then splitting
+# libeay32.def based on the result.
+
+
+# Get list of unknown symbols
+
+my deferr = `link ARGV`;
+
+my $preamble = "";
+my fipsdll;
+my fipsrest;
+my %nosym;
+
+# Add symbols to a hash for easy lookup
+
+foreach (deferr)
+ {
+ if (/^.*symbol (S+)$/)
+ {
+ $nosym{$1} = 1;
+ }
+ }
+
+open (IN, "ms/libeay32.def") || die "Can't
Open DEF file for splittling";
+
+my $started = 0;
+
+# Parse libeay32.def into two arrays depending on whether
the symbol matches
+# the missing list.
+
+
+foreach (<IN>)
+ {
+ if (/^s*(S+)s*/)
+ {
+ $started = 1;
+ if (exists $nosym{$1})
+ {
+ push fipsrest, $_;
+ }
+ else
+ {
+ push fipsdll, "t$1n";
+ }
+ }
+ $preamble .= $_ unless $started;
+ }
+
+close IN;
+
+# Hack! Add some additional exports needed to
libcryptofips.dll
+#
+
+push fipsdll, "tengine_table_unregistern";
+push fipsdll, "tengine_table_registern";
+push fipsdll, "tengine_table_cleanupn";
+push fipsdll, "tengine_table_selectn";
+push fipsdll, "tengine_set_all_nulln";
+
+# Write out DEF files for each array
+
+write_def("ms/libfips.def",
"LIBFIPS", $preamble, fipsdll);
+write_def("ms/libcryptofips.def",
"LIBCRYPTOFIPS", $preamble, fipsrest);
+
+
+sub write_def
+ {
+ my ($fnam, $defname, $preamble, $rdefs) = _;
+ open (OUT, ">$fnam") || die "Can't
Open DEF file $fnam for Writingn";
+
+ $preamble =~ s/LIBEAY32/$defname/g;
+ $preamble =~ s/LIBEAY/$defname/g;
+
+ print OUT $preamble;
+ foreach ($rdefs)
+ {
+ print OUT $_;
+ }
+ close OUT;
+ }
+
+
.
patch -p0 <<' .'
Index: openssl/util/pl/VC-32.pl
============================================================
================
$ cvs diff -u -r1.11.2.24.2.1 -r1.11.2.24.2.2 VC-32.pl
--- openssl/util/pl/VC-32.pl 26 Jan 2007 17:01:47
-0000 1.11.2.24.2.1
+++ openssl/util/pl/VC-32.pl 27 Jan 2007 13:19:42
-0000 1.11.2.24.2.2
-13,7 +13,14
}
else
{
- $crypto="libeay32";
+ if ($fipsdso)
+ {
+ $crypto="libcryptofips";
+ }
+ else
+ {
+ $crypto="libeay32";
+ }
}
$o='\';
-119,6 +126,7
local($objs,$target,$name,$shlib,$ign,$base_addr) = _;
local($ret,$Name);
+
$taget =~ s///$o/g if $o ne '/';
($Name=$name) =~ tr/a-z/A-Z/;
my $base_arg;
-143,14 +151,29
}
else
{
- local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
+ my $ex = "";
+ if ($target =~ /O_SSL/)
+ {
+ $ex = " $(L_CRYPTO)";
+ $ex .= " $(L_FIPS)" if $fipsdso;
+ }
+ my $fipstarget;
+ if ($fipsdso)
+ {
+ $fipstarget = "O_FIPS";
+ }
+ else
+ {
+ $fipstarget = "O_CRYPTO";
+ }
$ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib';
$ex.=" $zlib_lib" if $zlib_opt == 1
&& $target =~ /O_CRYPTO/;
- if ($fips && $target =~ /O_CRYPTO/)
+ if ($fips && $target =~ /$fipstarget/)
{
$ex.= $mwex unless $fipscanisterbuild;
- $ret.="$target: $objs
$(PREMAIN_DSO_EXE)n";
- $ret.="tSET FIPS_LINK=$(LINK)n";
+ $ret.="$target: $objs $(PREMAIN_DSO_EXE)";
+ $ret.=" ms/libfips.def" if $fipsdso;
+ $ret.="ntSET FIPS_LINK=$(LINK)n";
$ret.="tSET FIPS_CC=$(CC)n";
$ret.="tSET
FIPS_CC_ARGS=/Fo$(OBJ_D)$fips_premain.obj
$(SHLIB_CFLAGS) -cn";
$ret.="tSET
PREMAIN_DSO_EXE=$(PREMAIN_DSO_EXE)n";
-163,8 +186,13
}
else
{
- $ret.="$target: $objsn";
- $ret.="t$(LINK) $(MLFLAGS) $base_arg
$efile$target /def:ms/$.def <<n
$(SHLIB_EX_OBJ) $objs $exn<<n";
+ $ret.="$target: $objs";
+ if ($target =~ /O_CRYPTO/ && $fipsdso)
+ {
+ $ret .= " $(O_FIPS)";
+ $ex .= " $(L_FIPS)";
+ }
+ $ret.="nt$(LINK) $(MLFLAGS) $efile$target
/def:ms/$.def <<n $(SHLIB_EX_OBJ) $objs
$exn<<n";
}
}
$ret.="n";
-173,7 +201,7
sub do_link_rule
{
- local($target,$files,$dep_libs,$libs,$standalone)=_;
+ my($target,$files,$dep_libs,$libs,$standalone)=_;
local($ret,$_);
$file =~ s///$o/g if $o ne '/';
$n=&bname($targer);
-222,5 +250,13
return($ret);
}
+sub do_sdef_rule
+ {
+ my $ret = "ms/libfips.def:
$(O_FIPSCANISTER)n";
+ $ret.="t$(PERL) util/mksdef.pl $(MLFLAGS)
/out:dummy.dll /def:ms/libeay32.def <<n
$(O_FIPSCANISTER)n<<n";
+ $ret.="n";
+ return $ret;
+ }
+
1;
.
____________________________________________________________
__________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List
openssl-cvsopenssl.org
Automated List Manager
majordomoopenssl.org
|