OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________
________________
Server: cvs.openssl.org Name: Andy
Polyakov
Root: /v/openssl/cvs Email: appro openssl.org
Module: openssl Date:
01-Aug-2007 13:33:17
Branch: OpenSSL-fips-0_9_8-stable Handle:
2007080112330116
Modified files: (Branch:
OpenSSL-fips-0_9_8-stable)
openssl Configure Makefile.org
Makefile.shared TABLE
openssl/apps Makefile
openssl/crypto Makefile
openssl/fips-1.0 Makefile fipsld
openssl/fips-1.0/sha Makefile fips_standalone_sha1.c
openssl/ssl Makefile
openssl/test Makefile
Log:
Jumbo framework update.
Summary:
Revision Changes Path
1.488.2.35.2.20+9 -3 openssl/Configure
1.256.2.12.2.11+18 -13 openssl/Makefile.org
1.47.2.10.2.5+1 -3 openssl/Makefile.shared
1.184.2.15.2.9+2 -2 openssl/TABLE
1.9.2.8.2.3 +2 -5 openssl/apps/Makefile
1.7.2.5.2.2 +2 -2 openssl/crypto/Makefile
1.1.4.7 +20 -10 openssl/fips-1.0/Makefile
1.1.4.4 +97 -86 openssl/fips-1.0/fipsld
1.1.4.7 +3 -4 openssl/fips-1.0/sha/Makefile
1.1.4.5 +2 -0
openssl/fips-1.0/sha/fips_standalone_sha1.c
1.6.2.4.2.2 +1 -1 openssl/ssl/Makefile
1.12.2.10.2.7+10 -21 openssl/test/Makefile
____________________________________________________________
________________
patch -p0 <<' .'
Index: openssl/Configure
============================================================
================
$ cvs diff -u -r1.488.2.35.2.19 -r1.488.2.35.2.20
Configure
--- openssl/Configure 24 Jul 2007 15:42:11
-0000 1.488.2.35.2.19
+++ openssl/Configure 1 Aug 2007 11:33:01
-0000 1.488.2.35.2.20
-503,8 +503,8
##### MacOS X (a.k.a. Rhapsody or Darwin) setup
"rhapsody-ppc-cc","cc:-O3
-DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR
RC4_CHUNK DES_UNROLL BF_PTR:$::",
-"darwin-ppc-cc","cc:-O3
-DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first:BN_L
LONG RC4_CHAR RC4_CHUNK DES_UNROLL
BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC
-fno-common:-dynamiclib:.$(SHLIB_MAJOR).$(SHLIB_MINOR).dyl
ib",
-"darwin-i386-cc","cc:-O3
-fomit-frame-pointer
-fno-common::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR
RC4_CHUNK DES_UNROLL
BF_PTR:$:dlfcn:darwin-shared:-fPIC
-fno-common:-dynamiclib:.$(SHLIB_MAJOR).$(SHLIB_MINOR).dyl
ib",
+"darwin-ppc-cc","cc:-O3
-DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_
LLONG RC4_CHAR RC4_CHUNK DES_UNROLL
BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC
-fno-common:-dynamiclib:.$(SHLIB_MAJOR).$(SHLIB_MINOR).dyl
ib",
+"darwin-i386-cc","cc:-O3
-fomit-frame-pointer
-fno-common::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN
_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL
BF_PTR:$:dlfcn:darwin-shared:-fPIC
-fno-common:-dynamiclib:.$(SHLIB_MAJOR).$(SHLIB_MINOR).dyl
ib",
"debug-darwin-ppc-cc","cc:-DBN_DEBUG
-DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall
-O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK
DES_UNROLL
BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC
-fno-common:-dynamiclib:.$(SHLIB_MAJOR).$(SHLIB_MINOR).dyl
ib",
##### A/UX
-1028,6 +1028,11
my $ranlib = $fields[$idx_ranlib];
my $arflags = $fields[$idx_arflags];
+# '%' in $lflags is used to split flags to
"pre-" and post-flags
+my ($prelflags,$postlflags)=split('%',$lflags);
+if (defined($postlflags)) { $lflags=$postlflags; }
+else { $lflags=$prelflags; undef $prelflags; }
+
my $no_shared_warn=0;
my $no_user_cflags=0;
-1361,6 +1366,7
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq
"gcc";
s/^CFLAG=.*$/CFLAG= $cflags/;
s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
+ s/^PEX_LIBS=.*$/PEX_LIBS= $prelflags/;
s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/;
-1399,7 +1405,7
s/^BASEADDR=.*/BASEADDR=$baseaddr/;
s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
- s/^SHARED_LIBS=.*/SHARED_LIBS=$(SHARED_CRYPTO)
$(SHARED_SSL) $(SHARED_FIPS)/ if (!$no_shared);
+ s/^SHARED_LIBS=.*/SHARED_LIBS=$(SHARED_FIPS)
$(SHARED_CRYPTO) $(SHARED_SSL)/ if (!$no_shared);
if ($shared_extension ne "" &&
$shared_extension =~ /^.s([ol]).[^.]*$/)
{
my $sotmp = $1;
.
patch -p0 <<' .'
Index: openssl/Makefile.org
============================================================
================
$ cvs diff -u -r1.256.2.12.2.10 -r1.256.2.12.2.11
Makefile.org
--- openssl/Makefile.org 23 Jul 2007 16:35:30
-0000 1.256.2.12.2.10
+++ openssl/Makefile.org 1 Aug 2007 11:33:05
-0000 1.256.2.12.2.11
-319,7 +319,7
sub_all: build_all
build_all: build_libs build_apps build_tests build_tools
-build_libs: build_crypto build_fips build_ssl
build_engines
+build_libs: build_crypto build_fips build_ssl
build_shared build_engines
build_crypto:
if [ -n "$(FIPSCANLIB)" ]; then
-330,7 +330,7
fi ; export ARX ;
dir=crypto; target=all; $(BUILD_ONE_CMD)
build_fips:
- dir=fips-1.0; target=all; $(BUILD_ONE_CMD)
+ dir=fips-1.0; target=all; [ -z
"$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD)
build_ssl:
dir=ssl; target=all; $(BUILD_ONE_CMD)
build_engines:
-346,43 +346,48
build_testapps:
dir=crypto; target=testapps; $(BUILD_ONE_CMD)
+build_shared: $(SHARED_LIBS)
libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS)
if [ "$(SHLIB_TARGET)" != "" ];
then
if [ "$(FIPSCANLIB)" = "libfips" ];
then
- ( dir=fips-1.0; target=all; $(BUILD_ONE_CMD) ) ;
$(ARD) libcrypto.a fipscanister.o ;
$(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips'
build-shared;
$(AR) libcrypto.a fips-1.0/fipscanister.o ;
else
if [ "$(FIPSCANLIB)" = "libcrypto"
]; then
FIPSLD_CC=$(CC); CC=fips-1.0/fipsld;
- FIPSLD_NPT="y"; FIPSLD_LIBFIPS=y;
- export CC FIPSLD_CC FIPSLD_NPT FIPSLD_LIBFIPS;
+ export CC FIPSLD_CC;
fi;
$(MAKE) -e SHLIBDIRS='crypto' build-shared;
fi
else
echo "There's no support for shared libraries on
this platform" >&2;
+ exit 1;
fi
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
if [ "$(SHLIB_TARGET)" != "" ];
then
- $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto'
build-shared;
+ shlibdeps=-lcrypto;
+ [ "$(FIPSCANLIB)" = "libfips" ]
&& shlibdeps="$$shlibdeps -lfips";
+ $(MAKE) SHLIBDIRS=ssl SHLIBDEPS="$$shlibdeps"
build-shared;
else
echo "There's no support for shared libraries on
this platform" >&2 ;
exit 1;
fi
-libfips$(SHLIB_EXT): libfips.a
+fips-1.0/fipscanister.o: build_fips
+libfips$(SHLIB_EXT): fips-1.0/fipscanister.o
if [ "$(SHLIB_TARGET)" != "" ];
then
- if [ "$(FIPSCANLIB)" = "libfips" ];
then
- FIPSLD_CC=$(CC); CC=fips-1.0/fipsld;
FIPSLD_NPT="y";
- FIPSLD_LIBFIPS=y;
- export CC FIPSLD_CC FIPSLD_NPT FIPSLD_LIBFIPS;
- fi;
- $(MAKE) -e SHLIBDIRS=fips build-shared;
+ FIPSLD_CC=$(CC); CC=fips-1.0/fipsld; export CC
FIPSLD_CC;
+ $(MAKE) -f Makefile.shared -e $(BUILDENV)
+ CC=$$ LIBNAME=fips THIS=$
+ LIBEXTRAS=fips-1.0/fipscanister.o
+ LIBDEPS="$(EX_LIBS)"
+ LIBVERSION=$.$
+ link_o.$(SHLIB_TARGET) || { rm -f $; exit 1;
}
else
echo "There's no support for shared libraries on
this platform" >&2;
+ exit 1;
fi
libfips.a:
.
patch -p0 <<' .'
Index: openssl/Makefile.shared
============================================================
================
$ cvs diff -u -r1.47.2.10.2.4 -r1.47.2.10.2.5
Makefile.shared
--- openssl/Makefile.shared 19 May 2007 19:41:28
-0000 1.47.2.10.2.4
+++ openssl/Makefile.shared 1 Aug 2007 11:33:06
-0000 1.47.2.10.2.5
-101,15 +101,13
LIBDEPS="$${LIBDEPS (LIBDEPS)}&q
uot;;
SHAREDCMD="$${SHAREDCMD(CC)}";
SHAREDFLAGS="$${SHAREDFLAGS(CFLAGS)
$(SHARED_LDFLAGS)}";
- nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' '
> lib$(LIBNAME).exp;
LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^
*-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^
*-L//'; fi; done | uniq`;
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`;
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH
$$ $$
-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS
- ) && $(SYMLINK_SO);
- ( $(SET_X); rm -f lib$(LIBNAME).exp )
+ ) && $(SYMLINK_SO)
SYMLINK_SO=
if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else
.
patch -p0 <<' .'
Index: openssl/TABLE
============================================================
================
$ cvs diff -u -r1.184.2.15.2.8 -r1.184.2.15.2.9 TABLE
--- openssl/TABLE 24 Jul 2007 15:42:12
-0000 1.184.2.15.2.8
+++ openssl/TABLE 1 Aug 2007 11:33:06
-0000 1.184.2.15.2.9
-951,7 +951,7
$unistd =
$thread_cflag = -D_REENTRANT
$sys_id = MACOSX
-$lflags =
+$lflags = -Wl,-search_paths_first%
$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL
BF_PTR
$cpuid_obj =
$bn_obj =
-978,7 +978,7
$unistd =
$thread_cflag = -D_REENTRANT
$sys_id = MACOSX
-$lflags = -Wl,-search_paths_first
+$lflags = -Wl,-search_paths_first%
$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL
BF_PTR
$cpuid_obj =
$bn_obj = osx_ppc32.o
.
patch -p0 <<' .'
Index: openssl/apps/Makefile
============================================================
================
$ cvs diff -u -r1.9.2.8.2.2 -r1.9.2.8.2.3 Makefile
--- openssl/apps/Makefile 25 Mar 2007 14:40:32
-0000 1.9.2.8.2.2
+++ openssl/apps/Makefile 1 Aug 2007 11:33:09
-0000 1.9.2.8.2.3
-155,11 +155,8
elif [ -n "$(FIPSCANLIB)" ]; then
FIPSLD_CC=$(CC); CC=$(TOP)/fips-1.0/fipsld; export CC
FIPSLD_CC;
fi;
- if [ "$$" =
"darwin-shared" ] ; then
- LIBRARIES="$(DLIBSSL) $(LIBKRB5)
$(DLIBCRYPTO)" ;
- else
- LIBRARIES="$(LIBSSL) $(LIBKRB5)
$(LIBCRYPTO)" ;
- fi;
+ LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)"
;
+ [ "x$(FIPSCANLIB)" = "xlibfips" ]
&& LIBRARIES="$$LIBRARIES -lfips";
$(MAKE) -f $(TOP)/Makefile.shared -e
CC=$$ APPNAME=$(EXE) OBJECTS="$(PROGRAM).o
$(E_OBJ)"
LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)"
.
patch -p0 <<' .'
Index: openssl/crypto/Makefile
============================================================
================
$ cvs diff -u -r1.7.2.5.2.1 -r1.7.2.5.2.2 Makefile
--- openssl/crypto/Makefile 22 Mar 2007 00:37:45
-0000 1.7.2.5.2.1
+++ openssl/crypto/Makefile 1 Aug 2007 11:33:10
-0000 1.7.2.5.2.2
-47,7 +47,7
top:
(cd ..; $(MAKE) DIRS=$(DIR) all)
-all: shared
+all: lib
buildinf.h: ../Makefile
( echo "#ifndef MK1MF_BUILD";
-95,7 +95,7
target=links; $(RECURSIVE_MAKE)
# lib: and $(LIB): are splitted to avoid end-less loop
-lib: $(LIB)
+lib: buildinf.h $(LIB) subdirs
touch lib
$(LIB): $(LIBOBJ)
$(ARX) $(LIB) $(LIBOBJ)
.
patch -p0 <<' .'
Index: openssl/fips-1.0/Makefile
============================================================
================
$ cvs diff -u -r1.1.4.6 -r1.1.4.7 Makefile
--- openssl/fips-1.0/Makefile 21 Jul 2007 12:07:08
-0000 1.1.4.6
+++ openssl/fips-1.0/Makefile 1 Aug 2007 11:33:11
-0000 1.1.4.7
-61,8 +61,10
if [ -z "$(THIS)" ]; then $(MAKE) -f
$(TOP)/Makefile reflect THIS=$; fi
all:
- if [ -n "$(FIPSCANLIB)" ]; then
- $(MAKE) -e subdirs lib shared;
+ if [ -z "$(FIPSLIBDIR)" ]; then
+ $(MAKE) -e subdirs lib fips_premain_dso$(EXE_EXT);
+ else
+ $(MAKE) -e lib fips_premain_dso$(EXE_EXT)
fips_standalone_sha1$(EXE_EXT);
fi
# Idea behind fipscanister.o is to "seize" the
sequestered code between
-97,16 +99,17
objs="$$objs `sed "$$script" $$i`";
done;
objs="$$objs fips_end.o" ;
+ os="`(uname -s) 2>/dev/null`";
cflags="$(CFLAGS)";
+ [ "$$os" = "AIX" ] &&
cflags="$$cflags -Wl,-bnoobjreorder";
if [ -n "$" ]; then
set -x; $ -r -o $ $$objs;
elif $(CC) -dumpversion >/dev/null 2>&1; then
- set -x; $(CC) $(CFLAGS) -r -nostdlib -o $ $$objs ;
- else case "`(uname -s) 2>/dev/null`" in
+ set -x; $(CC) $$cflags -r -nostdlib -o $ $$objs ;
+ else case "$$os" in
HP-UX SF1|SunOS
) set -x; /usr/ccs/bin/ld -r -o $ $$objs ;;
- AIX) set -x; $(CC) $(CFLAGS) -Wl,-bnoobjreorder -r -o
$
$$objs ;;
- *) set -x; $(CC) $(CFLAGS) -r -o $ $$objs
;;
+ *) set -x; $(CC) $$cflags -r -o $ $$objs ;;
esac fi
- sha/fips_standalone_sha1 fipscanister.o >
fipscanister.o.sha1
+ ./fips_standalone_sha1 fipscanister.o >
fipscanister.o.sha1
# If another exception is immediately required, assign
approprite
# site-specific ld command to FIPS_SITE_LD environment
variable.
-117,7 +120,10
$(CC) $(CFLAGS) -DFIPS_END -c -o $ fips_canister.c
fips_premain_dso$(EXE_EXT): fips_premain.c
$(CC) $(CFLAGS) -DFINGERPRINT_PREMAIN_DSO_LOAD -o $
fips_premain.c
- ../libcrypto.a $(EX_LIBS)
+ $(FIPSLIBDIR)fipscanister.o ../libcrypto.a $(EX_LIBS)
+# this is executed only when linking with external
fipscanister.o
+fips_standalone_sha1$(EXE_EXT): sha/fips_standalone_sha1.c
+ $(CC) $(CFLAGS) -DFIPSCANISTER_O -o $
sha/fips_standalone_sha1.c $(FIPSLIBDIR)fipscanister.o
subdirs:
target=all; $(RECURSIVE_MAKE)
-132,9 +138,13
target=links; $(RECURSIVE_MAKE)
# lib: and $(LIB): are splitted to avoid end-less loop
-lib: $(FIPSCANLIB) $(FIPSCANLOC)
+lib: $(LIB)
touch lib
+$(LIB): $(FIPSLIBDIR)fipscanister.o
+ $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
+ $(RANLIB) $(LIB) || echo Never mind.
+
$(FIPSCANLIB): $(FIPSCANLOC)
$(AR) ../$(FIPSCANLIB).a $(FIPSCANLOC)
if [ "$(FIPSCANLIB)" = "libfips" ];
then
-182,7 +192,7
if [ -z "$(THIS)" ]; then $(MAKE) -f
$(TOP)/Makefile reflect THIS=$; fi
clean:
- rm -f fipscanister.o.sha1 fips_premain_dso$(EXE_EXT)
+ rm -f fipscanister.o.sha1 fips_premain_dso$(EXE_EXT)
fips_standalone_sha1$(EXE_EXT)
*.s *.o */*.o *.obj lib tags core .pure .nfs* *.old
*.bak fluff
target=clean; $(RECURSIVE_MAKE)
.
patch -p0 <<' .'
Index: openssl/fips-1.0/fipsld
============================================================
================
$ cvs diff -u -r1.1.4.3 -r1.1.4.4 fipsld
--- openssl/fips-1.0/fipsld 16 Jul 2007 10:00:36
-0000 1.1.4.3
+++ openssl/fips-1.0/fipsld 1 Aug 2007 11:33:11
-0000 1.1.4.4
-1,6 +1,6
#!/bin/sh -e
#
-# Copyright (c) 2005 The OpenSSL Project.
+# Copyright (c) 2005-2007 The OpenSSL Project.
#
# Depending on output file name, the script either embeds
fingerprint
# into libcrypto.so or static application.
"Static" refers to static
-18,54 +18,51
# Initially -c wasn't intended to be interpreted here,
but it might
# make life easier for those who want to build FIPS-ified
applications
# with minimal [if any] modifications to their
Makefiles...
-( while [ "x$1" != "x" -a
"x$1" != "x-c" ]; do shift; done;
+( while [ "x$1" != "x" -a
"x$1" != "x-c" -a "x$1" !=
"x-E" ]; do shift; done;
[ $# -ge 1 ]
) && exec $ "$"
+TARGET=`(while [ "x$1" != "x" -a
"x$1" != "x-o" ]; do shift; done; echo
$2)`
+
# If using an auto-tooled (autoconf/automake/libtool)
project,
# configure will fail when testing the compiler or even
performing
-# simple checks. Pass-thru to compiler directly if not
linking
-# to libcrypto, allowing auto-tooled applications to
utilize fipsld
-# (e.g. CC=/usr/local/ssl/bin/fipsld FIPSLD_CC=gcc
./configure && make )
-# If FIPSLD_NPT is set never call the pass-thru: the
standalone fips commands
-# need this because they don't link to libcrypto
-[ -z "$FIPSLD_NPT" -a -z
"$FIPSLD_LIBFIPS" ] && {
-case "$*" in
- *libcrypto.a*)
- ;;
- *-lcrypto*)
- ;;
- *)
- exec $ $*
- ;;
+# simple checks. Pass-through to compiler directly if
application is
+# is not being linked with libcrypto, allowing
auto-tooled applications
+# to utilize fipsld (e.g. CC=/usr/local/ssl/bin/fipsld
FIPSLD_CC=gcc
+# ./configure && make). But keep in mind[!] that
if certified code
+# resides in a shared library, then fipsld *may not* be
used and
+# end-developer should not modify application
configuration and build
+# procedures. This is because in-core fingerprint and
associated
+# procedures are already embedded into and executed in
shared library
+# context.
+case `basename "$"` in
+libcrypto*|libfips*|*.dll) ;;
+*) case "$*" in
+ *libcrypto.a*|*-lcrypto*) ;;
+ *) exec $ "$" ;;
+ esac
esac
-}
+
+[ -n "$" ] || { echo 'no -o specified';
exit 1; }
# Turn on debugging output?
( while [ "x$1" != "x" -a
"x$1" != "x-DDEBUG_FINGERPRINT_PREMAIN"
]; do shift; done;
[ $# -ge 1 ]
) && set -x
-TARGET=`(while [ "x$1" != "x" -a
"x$1" != "x-o" ]; do shift; done; echo
$2)`
-[ -n "$" ] || { echo 'no -o specified';
exit 1; }
-
THERE="`echo $0 | sed -e 's|[^/]*$||'`"..
-# FIPSCANLIB is the library containing fipscanister.o by
default it is
-# libcrypto.a
-
-FIPSCANLIB=${FIPSCANLIB:-libcrypto}
-
-# FIPSLIBDIR is location of installed validated FIPS
module
-# if FIPSCANISTERINTERNAL="y" link against
internally generated fipscanister.o
-if [ "x$FIPSCANISTERINTERNAL" != "xy"
]; then
- FIPSLIBDIR=${FIPSLIBDIR:-/usr/local/ssl/lib}
-else
- FIPSLIBDIR=$/fips-1.0
+# If set, FIPSLIBDIR is location of installed validated
FIPS module
+if [ -n "$" ]; then
+ CANISTER_O="$"
+elif [ -f "$/fips-1.0/fipscanister.o" ];
then
+ CANISTER_O="$/fips-1.0/fipscanister.o"
+elif [ -f "$/lib/fipscanister.o" ];
then
+ CANISTER_O="$/lib/fipscanister.o"
fi
+[ -f $ ] || { echo "unable to find
$"; exit 1; }
-[ -f "$/fipscanister.o" ] ||
- { echo "fipscanister.o not found"; exit 1; }
+PREMAIN_C=`dirname
"$"`/fips_premain.c
HMAC_KEY="etaonrishdlcupfm"
-82,95 +79,109
[!/]*) TARGET=./$ ;;
esac
-case "$" in
-*$*|*.dll) # must be linking a shared lib...
- # Shared lib creation can be taking place in the source
+case `basename "$"` in
+libfips*|*fips.dll)
+ # libfips.so creation can be taking place in the source
# directory only!!!
- FINGERTYPE="$/fips-1.0/sha/fips_standalone_sha
1"
- CANISTER_O="$/fipscanister.o"
- PREMAIN_C="$/fips_premain.c"
-echo Canister: $CANISTER_O
+ FINGERTYPE="$/fips-1.0/fips_standalone_sha1&qu
ot;
+ # fipscanister.o should be specified on command line...
+ CANISTER_O=`(while [ "x$1" != "x" ];
do case "$1" in *fipscanister.o) echo $1; exit;;
esac; shift; done)`
+ [ -n "$CANISTER_O" ] || { echo
"fipscanister.o is not found"; exit 1; }
+ PREMAIN_C=`dirname
"$"`/fips_premain.c
# verify fipspremain.c against its detached
signature...
$ "$" | sed
"s/(.*//(/" |
diff -w "$.sha1" - ||
{ echo "$ fingerprint mismatch";
exit 1; }
- # Special case: if FIPSLD_LIBFIPS is asserted we are
building
- # libfips shared library and fipscanister.o is already
present
- # in libfips.a
- if [ -n "$FIPSLD_LIBFIPS" ] ; then
- $ "$"
- $ "$"
- else
-
- # verify fipscanister.o against its detached
signature...
- $ "$" | sed
"s/(.*//(/" |
- diff -w "$.sha1" - ||
- { echo "$ fingerprint mismatch";
exit 1; }
-
- # Temporarily remove fipscanister.o from library!
- # We are required to use the standalone copy...
- trap 'ar r "$/$FIPSCANLIB.a"
"$";
- (ranlib "$/$FIPSCANLIB.a")
2>/dev/null;
- sleep 1;
- touch -c "$"' 0
-
- ar d "$/$FIPSCANLIB.a" fipscanister.o
2>&1 > /dev/null || :
- (ranlib "$/$FIPSCANLIB.a")
2>/dev/null || :
-
- $ "$"
- "$"
- $ "$"
- fi
+ # verify fipscanister.o against its detached
signature...
+ $ "$" | sed
"s/(.*//(/" |
+ diff -w "$.sha1" - ||
+ { echo "$ fingerprint mismatch";
exit 1; }
+
+ /bin/rm -f "$"
+ $ "$" $
"$"
# generate signature...
- SIG=`("$/fips-1.0/fips_premain_dso"
"$" || rm "$")`
+ SIG=`"$/fips-1.0/fips_premain_dso"
"$"`
+ /bin/rm -f "$"
if [ -z "$" ]; then
echo "unable to collect signature"; exit 1
fi
- if [ -n "$FIPSLD_LIBFIPS" ] ; then
- $ -DHMAC_SHA1_SIG="$"
"$"
- $ "$"
- else
-
- # recompile with signature...
- $ "$"
- -DHMAC_SHA1_SIG="$"
"$"
- $ "$"
+ # recompile with signature...
+ $ -DHMAC_SHA1_SIG="$"
"$" $ "$"
+ ;;
+libcrypto*|*.dll) # must be linking a shared lib...
+ # Shared lib creation can be taking place in the source
+ # directory only, but fipscanister.o can reside
elsewhere...
+ FINGERTYPE="$/fips-1.0/fips_standalone_sha1&qu
ot;
+
+ # verify fipspremain.c against its detached
signature...
+ $ "$" | sed
"s/(.*//(/" |
+ diff -w "$.sha1" - ||
+ { echo "$ fingerprint mismatch";
exit 1; }
+ # verify fipscanister.o against its detached
signature...
+ $ "$" | sed
"s/(.*//(/" |
+ diff -w "$.sha1" - ||
+ { echo "$ fingerprint mismatch";
exit 1; }
+
+ # Temporarily remove fipscanister.o from libcrypto.a!
+ # We are required to use the standalone copy...
+ trap 'ar r "$/libcrypto.a"
"$";
+ (ranlib "$/libcrypto.a")
2>/dev/null;
+ sleep 1;
+ touch -c "$"' 0
+
+ ar d "$/libcrypto.a" fipscanister.o
2>&1 > /dev/null || :
+ (ranlib "$/libcrypto.a") 2>/dev/null
|| :
+
+ /bin/rm -f "$"
+ $ "$"
+ "$"
+ $ "$"
+
+ # generate signature...
+ SIG=`"$/fips-1.0/fips_premain_dso"
"$"`
+ /bin/rm -f "$"
+ if [ -z "$" ]; then
+ echo "unable to collect signature"; exit 1
fi
+
+ # recompile with signature...
+ $ "$"
+ -DHMAC_SHA1_SIG="$"
"$"
+ $ "$"
;;
*) # must be linking statically...
# Static linking can be taking place either in the
source
# directory or off the installed binary target
destination.
- if [ -x
"$/fips-1.0/sha/fips_standalone_sha1" ];
then
- FINGERTYPE="$/fips-1.0/sha/fips_standalone_sh
a1"
+ if [ -x
"$/fips-1.0/fips_standalone_sha1" ]; then
+ FINGERTYPE="$/fips-1.0/fips_standalone_sha1&q
uot;
else # Installed tree is expected to contain
# lib/fipscanister.o, lib/fipscanister.o.sha1 and
# lib/fips_premain.c [not to mention bin/openssl].
FINGERTYPE="$/bin/openssl sha1 -hmac
$"
fi
- CANISTER_O="$/fipscanister.o"
- PREMAIN_C="$/fips_premain.c"
-
# verify fipscanister.o against its detached
signature...
$ "$" | sed
"s/(.*//(/" |
diff -w "$.sha1" - ||
{ echo "$ fingerprint mismatch";
exit 1; }
# verify fips_premain.c against its detached
signature...
-# $ "$" | sed
"s/(.*//(/" |
-# diff -w "$.sha1" - ||
-# { echo "$ fingerprint mismatch";
exit 1; }
+ $ "$" | sed
"s/(.*//(/" |
+ diff -w "$.sha1" - ||
+ { echo "$ fingerprint mismatch";
exit 1; }
+ /bin/rm -f "$"
$ "$"
"$"
$ "$"
# generate signature...
- SIG=`("$" || /bin/rm
"$")`
+ SIG=`"$"`
+ /bin/rm -f "$"
if [ -z "$" ]; then
echo "unable to collect signature"; exit 1
fi
.
patch -p0 <<' .'
Index: openssl/fips-1.0/sha/Makefile
============================================================
================
$ cvs diff -u -r1.1.4.6 -r1.1.4.7 Makefile
--- openssl/fips-1.0/sha/Makefile 11 Jul 2007 11:53:20
-0000 1.1.4.6
+++ openssl/fips-1.0/sha/Makefile 1 Aug 2007 11:33:12
-0000 1.1.4.7
-41,15 +41,14
top:
(cd $(TOP); $(MAKE) DIRS=fips-1.0 SDIRS=$(DIR) sub_all)
-all: fips_standalone_sha1$(EXE_EXT) lib
+all: ../fips_standalone_sha1$(EXE_EXT) lib
lib: $(LIBOBJ)
echo $(LIBOBJ) > lib
-fips_standalone_sha1$(EXE_EXT): fips_standalone_sha1.o
+../fips_standalone_sha1$(EXE_EXT):
fips_standalone_sha1.o
FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ)
sha1dgst.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM
../../crypto/sha/$$i" ; done;
- $(CC) -o fips_standalone_sha1$(EXE_EXT) $(CFLAGS)
- fips_standalone_sha1.o $$FIPS_SHA_ASM
+ $(CC) -o $ $(CFLAGS) fips_standalone_sha1.o
$$FIPS_SHA_ASM
files:
$(PERL) $(TOP)/util/files.pl Makefile >>
$(TOP)/MINFO
.
patch -p0 <<' .'
Index: openssl/fips-1.0/sha/fips_standalone_sha1.c
============================================================
================
$ cvs diff -u -r1.1.4.4 -r1.1.4.5 fips_standalone_sha1.c
--- openssl/fips-1.0/sha/fips_standalone_sha1.c 15 Jul
2007 12:06:23 -0000 1.1.4.4
+++ openssl/fips-1.0/sha/fips_standalone_sha1.c 1 Aug 2007
11:33:13 -0000 1.1.4.5
-54,9 +54,11
#include <openssl/sha.h>
#include <openssl/hmac.h>
+#ifndef FIPSCANISTER_O
int FIPS_selftest_failed() { return 0; }
void FIPS_selftest_check() {}
void OPENSSL_cleanse(void *p,size_t len) {}
+#endif
#ifdef OPENSSL_FIPS
.
patch -p0 <<' .'
Index: openssl/ssl/Makefile
============================================================
================
$ cvs diff -u -r1.6.2.4.2.1 -r1.6.2.4.2.2 Makefile
--- openssl/ssl/Makefile 22 Mar 2007 00:39:13
-0000 1.6.2.4.2.1
+++ openssl/ssl/Makefile 1 Aug 2007 11:33:16
-0000 1.6.2.4.2.2
-53,7 +53,7
top:
(cd ..; $(MAKE) DIRS=$(DIR) all)
-all: shared
+all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
.
patch -p0 <<' .'
Index: openssl/test/Makefile
============================================================
================
$ cvs diff -u -r1.12.2.10.2.6 -r1.12.2.10.2.7 Makefile
--- openssl/test/Makefile 21 Jul 2007 20:18:47
-0000 1.12.2.10.2.6
+++ openssl/test/Makefile 1 Aug 2007 11:33:17
-0000 1.12.2.10.2.7
-354,11 +354,8
BUILD_CMD=shlib_target=; if [ -n
"$(SHARED_LIBS)" ]; then
shlib_target="$(SHLIB_TARGET)";
fi;
- if [ "$$" =
"hpux-shared" -o "$$" =
"darwin-shared" ] ; then
- LIBRARIES="$(DLIBSSL) $(DLIBCRYPTO)
$(LIBKRB5)";
- else
- LIBRARIES="$(LIBSSL) $(LIBCRYPTO)
$(LIBKRB5)";
- fi;
+ LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)";
+ [ "$(FIPSCANLIB)" = "libfips" ]
&& LIBRARIES="$$LIBRARIES -lfips";
$(MAKE) -f $(TOP)/Makefile.shared -e
APPNAME=$$target$(EXE_EXT)
OBJECTS="$$target.o"
LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)"
-397,15 +394,11
FIPS_BUILD_CMD=shlib_target=; if [ -n
"$(SHARED_LIBS)" ]; then
shlib_target="$(SHLIB_TARGET)";
fi;
- if [ "$(FIPSCANLIB)" != "libfips" -o
-z "$(SHARED_LIBS)" -o
"$$" = "darwin-shared" ] ;
then
- LIBRARIES="";
- if [ -n "$(FIPSCANLIB)" ]; then
- FIPSLD_CC=$(CC); CC=$(TOP)/fips-1.0/fipsld;
FIPSLD_NPT="y"
- export CC FIPSLD_CC FIPSLD_NPT ;
- fi;
- else
- LIBRARIES="$(LIBFIPS)";
+ LIBRARIES="$(LIBCRYPTO) $(LIBKRB5)";
+ if [ -z "$(SHARED_LIBS)" ] ; then
+ FIPSLD_CC=$(CC); CC=$(TOP)/fips-1.0/fipsld; export CC
FIPSLD_CC;
fi;
+ [ "$(FIPSCANLIB)" = "libfips" ]
&& LIBRARIES="-L$(TOP) -lfips";
$(MAKE) -f $(TOP)/Makefile.shared -e
CC=$$ APPNAME=$$target$(EXE_EXT)
OBJECTS="$$target.o"
LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)"
-414,15 +407,11
FIPS_CRYPTO_BUILD_CMD=shlib_target=; if [ -n
"$(SHARED_LIBS)" ]; then
shlib_target="$(SHLIB_TARGET)";
fi;
- if [ -z "$(SHARED_LIBS)" -o
"$$" = "darwin-shared" ] ;
then
- LIBRARIES="$(DLIBSSL) $(DLIBCRYPTO)
$(LIBKRB5)";
- if [ -n "$(FIPSCANLIB)" ]; then
- FIPSLD_CC=$(CC); CC=$(TOP)/fips-1.0/fipsld;
FIPSLD_NPT="y"
- export CC FIPSLD_CC FIPSLD_NPT ;
- fi;
- else
- LIBRARIES="$(LIBSSL) $(LIBCRYPTO)
$(LIBKRB5)";
+ LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)";
+ if [ -z "$(SHARED_LIBS)" ] ; then
+ FIPSLD_CC=$(CC); CC=$(TOP)/fips-1.0/fipsld; export CC
FIPSLD_CC;
fi;
+ [ "$(FIPSCANLIB)" = "libfips" ]
&& LIBRARIES="$$LIBRARIES -lfips";
$(MAKE) -f $(TOP)/Makefile.shared -e
CC=$$ APPNAME=$$target$(EXE_EXT)
OBJECTS="$$target.o"
LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)"
.
____________________________________________________________
__________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List
openssl-cvsopenssl.org
Automated List Manager
majordomoopenssl.org
|
