List Info

Thread: OpenSSL: OpenSSL_0_9_7-stable: openssl/ Configure Makefile.org o...
OpenSSL: OpenSSL_0_9_7-stable: openssl/ Configure Makefile.org o...
user name
 2006-03-28 12:10:38 
  OpenSSL CVS Repository
  http://cvs.openssl.org/
 
____________________________________________________________
________________

  Server: cvs.openssl.org                  Name:   Dr.
Stephen Henson
  Root:   /v/openssl/cvs                   Email:  steveopenssl.org
  Module: openssl                          Date:  
28-Mar-2006 14:10:37
  Branch: OpenSSL_0_9_7-stable             Handle:
2006032813103304

  Modified files:           (Branch: OpenSSL_0_9_7-stable)
    openssl                 Configure Makefile.org
    openssl/fips-1.0        Makefile fipsld

  Log:
    Update build system to make use of validated module in
FIPS mode.

  Summary:
    Revision    Changes     Path
    1.314.2.130 +18 -2      openssl/Configure
    1.154.2.112 +9  -2      openssl/Makefile.org
    1.1.2.7     +6  -3      openssl/fips-1.0/Makefile
    1.1.2.2     +17 -6      openssl/fips-1.0/fipsld
 
____________________________________________________________
________________

  patch -p0 <<' .'
  Index: openssl/Configure
 
============================================================
================
  $ cvs diff -u -r1.314.2.129 -r1.314.2.130 Configure
  --- openssl/Configure	25 Feb 2006 12:01:25
-0000	1.314.2.129
  +++ openssl/Configure	28 Mar 2006 12:10:33
-0000	1.314.2.130
   -621,6 +621,7 
   my $openssldir="";
   my $exe_ext="";
   my $install_prefix="";
  +my $fipslibdir="/usr/local/ssl/lib";
   my $no_threads=0;
   my $no_shared=1;
   my $zlib=0;
   -871,7 +872,7 
   				}
   			elsif (/^--with-fipslibdir=(.*)$/)
   				{
  -				$withargs{"fipslibdir"}="$1";
  +				$fipslibdir="$1";
   				}
   			elsif (/^--with-zlib-include=(.*)$/)
   				{
   -976,6 +977,21 
   $openssldir=$prefix . "/ssl" if $openssldir
eq "";
   $openssldir=$prefix . "/" . $openssldir if
$openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
   
  +if ($fips && ! -f
"$fipslibdir/fipscanister.o")
  +	{
  +	my $fipswinerr = "";
  +	$fipswinerr = <<EOF if $IsWindows;
  + Ensure that the correct path to the FIPS module
directory
  +has been given to the --with-fipslibdir option.
  +EOF
  +	print STDERR <<EOF;
  +The file fipscanister.o could not be located. Please
build and install the
  +FIPS module using the instructions in the user guide
before compiling OpenSSL
  +in FIPS mode.$fipswinerr
  +EOF
  +	exit 1;
  +	}
  +
   
   print "IsWindows=$IsWindows\n";
   
   -1322,7 +1338,7 
  
	s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-inc
lude"}/;
  
	s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
  
	s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/;
 
-	s/^FIPSLIBDIR=.*/FIPSLIBDIR=$withargs{"fipslibdir&q
uot;}/;
  +	s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
  
	s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-inclu
de"}/;
   	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
   	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
   .
  patch -p0 <<' .'
  Index: openssl/Makefile.org
 
============================================================
================
  $ cvs diff -u -r1.154.2.111 -r1.154.2.112 Makefile.org
  --- openssl/Makefile.org	8 Feb 2006 00:58:01
-0000	1.154.2.111
  +++ openssl/Makefile.org	28 Mar 2006 12:10:35
-0000	1.154.2.112
   -176,7 +176,14 
   ZLIB_INCLUDE=
   LIBZLIB=
   
  -FIPSLIBDIR=$(INSTALLTOP)/lib
  +# This is the location of fipscanister.o and friends.
  +# The FIPS module build will place it $(INSTALLTOP)/lib
  +# but since $(INSTALLTOP) can only take the default value
  +# when the module is built it will be in
/usr/local/ssl/lib
  +# $(INSTALLTOP) for this build make be different so hard
  +# code the path.
  +
  +FIPSLIBDIR=/usr/local/ssl/lib
   
   # When we're prepared to use shared libraries in the
programs we link here
   # we might set SHLIB_MARK to '$(SHARED_LIBS)'.
   -236,7 +243,7 
   	do \
   	if [ -d "$$i" ]; then \
   		(cd $$i && echo "making all in
$$i..." && \
  -		$(MAKE) CC='$' PLATFORM='$'
CFLAG='$' AS='$' ASFLAG='$'
SDIRS='$(SDIRS)' FDIRS='$(FDIRS)'
INSTALLTOP='$' PEX_LIBS='$'
EX_LIBS='$' BN_ASM='$'
DES_ENC='$' FIPS_DES_ENC='$'
FIPS_AES_ENC='$' BF_ENC='$'
CAST_ENC='$' RC4_ENC='$'
RC5_ENC='$' SHA1_ASM_OBJ='$'
FIPS_SHA1_ASM_OBJ='$'
MD5_ASM_OBJ='$'
RMD160_ASM_OBJ='$' AR='$'
PROCESSOR='$' PERL='$'
RANLIB='$' KRB5_INCLUDES='$'
LIBKRB5='$' EXE_EXT='$'
SHARED_LIBS='$' SHLIB_EXT='$'
SHLIB_TARGET='$' all ) || exit 1; \
  +		$(MAKE) CC='$' PLATFORM='$'
CFLAG='$' AS='$' ASFLAG='$'
SDIRS='$(SDIRS)' FDIRS='$(FDIRS)'
INSTALLTOP='$' PEX_LIBS='$'
EX_LIBS='$' BN_ASM='$'
DES_ENC='$' FIPS_DES_ENC='$'
FIPS_AES_ENC='$' BF_ENC='$'
CAST_ENC='$' RC4_ENC='$'
RC5_ENC='$' SHA1_ASM_OBJ='$'
FIPS_SHA1_ASM_OBJ='$'
MD5_ASM_OBJ='$'
RMD160_ASM_OBJ='$' AR='$'
PROCESSOR='$' PERL='$'
RANLIB='$' KRB5_INCLUDES='$'
LIBKRB5='$' EXE_EXT='$'
SHARED_LIBS='$' SHLIB_EXT='$'
SHLIB_TARGET='$'
FIPSLIBDIR='$' all ) || exit 1; \
   	else \
   		$(MAKE) $$i; \
   	fi; \
   .
  patch -p0 <<' .'
  Index: openssl/fips-1.0/Makefile
 
============================================================
================
  $ cvs diff -u -r1.1.2.6 -r1.1.2.7 Makefile
  --- openssl/fips-1.0/Makefile	5 Feb 2006 13:35:24
-0000	1.1.2.6
  +++ openssl/fips-1.0/Makefile	28 Mar 2006 12:10:37
-0000	1.1.2.7
   -55,7 +55,8 
   	fi
   
   check:
  -	$(PERL) ../util/checkhash.pl || (rm fipscanister.o*
2>/dev/null; exit 1)
  +#	$(PERL) ../util/checkhash.pl || (rm fipscanister.o*
2>/dev/null; exit 1)
  +	echo FIPS module not built: no check done
   
   # Idea behind fipscanister.o is to "seize"
the sequestered code between
   # known symbols for fingerprinting purposes, which would
be commonly
   -71,6 +72,7 
   # flag and simply assume that all objects are of the same
type as first
   # one in command line. So the idea is to identify gcc and
deficient
   # vendor compiler drivers...
  +
   fipscanister.o: fips_start.o $(LIBOBJ) $(FIPS_OBJ_LISTS)
fips_end.o
   	objs="fips_start.o $(LIBOBJ)"; \
   	for i in $(FIPS_OBJ_LISTS); do \
   -87,6 +89,7 
   		*) set -x; $(CC) $(CFLAGS) -r -o $ $$objs
;; \
   	esac fi
   	sha/fips_standalone_sha1 fipscanister.o >
fipscanister.o.sha1
  +
   # If another exception is immediately required, assign
approprite
   # site-specific ld command to FIPS_SITE_LD environment
variable.
   
   -128,8 +131,8 
   	$(MAKE) CC='$(CC)' INCLUDES='$'
CFLAG='$' INSTALLTOP='$'
PEX_LIBS='$' EX_LIBS='$'
BN_ASM='$' DES_ENC='$'
FIPS_DES_ENC='$'
SHA1_ASM_OBJ='$'
FIPS_SHA1_ASM_OBJ='$'
MD5_ASM_OBJ='$'
RMD160_ASM_OBJ='$' BF_ENC='$'
CAST_ENC='$' RC4_ENC='$'
RC5_ENC='$' AR='$' PERL='$' links
); \
   	done;
   
  -lib:	fipscanister.o
  -	$(AR) $(LIB) fipscanister.o
  +lib:	$(FIPSLIBDIR)/fipscanister.o
  +	$(AR) $(LIB) $(FIPSLIBDIR)/fipscanister.o
   	$(RANLIB) $(LIB) || echo Never mind.
   	touch lib
   
   .
  patch -p0 <<' .'
  Index: openssl/fips-1.0/fipsld
 
============================================================
================
  $ cvs diff -u -r1.1.2.1 -r1.1.2.2 fipsld
  --- openssl/fips-1.0/fipsld	30 Jan 2006 18:14:16
-0000	1.1.2.1
  +++ openssl/fips-1.0/fipsld	28 Mar 2006 12:10:37
-0000	1.1.2.2
   -10,6 +10,8 
   # command line syntax and $FIPSLD_CC or $CC environment
variable set
   # and can even be used to compile source files.
   
  +#set -x
  +
   CC=${FIPSLD_CC}
   [ -n "$" ] || { echo '$CC is not
defined'; exit 1; }
   
   -30,6 +32,14 
   
   THERE="`echo $0 | sed -e 's|[^/]*$||'`"..
   
  +# Location of installed validated FIPS module
  +FIPSLIBDIR=${FIPSLIBDIR:-/usr/local/ssl/lib}
  +# If this is a build from a validated tarball use this
instead
  +# FIPSLIBDIR=$/fips-1.0
  +
  +[ -f "$/fipscanister.o" ] ||
  +	{ echo "fipscanister.o not found"; exit 1; }
  +
   HMAC_KEY="etaonrishdlcupfm"
   
   case "`(uname -s) 2>/dev/null`" in
   -50,8 +60,10 
   	# Shared lib creation can be taking place in the source
   	# directory only!!!
  
	FINGERTYPE="$/fips-1.0/sha/fips_standalone_sha
1"
 
-	CANISTER_O="$/fips-1.0/fipscanister.o"
  -	PREMAIN_C="$/fips-1.0/fips_premain.c"
  +	CANISTER_O="$/fipscanister.o"
  +	PREMAIN_C="$/fips_premain.c"
  +
  +echo Canister: $CANISTER_O
   
   	# verify fipscanister.o against its detached
signature...
   	$ "$" | sed
"s/(.*\//(/" | \
   -96,16 +108,15 
   	# directory or off the installed binary target
destination.
   	if [ -x
"$/fips-1.0/sha/fips_standalone_sha1" ];
then
  
		FINGERTYPE="$/fips-1.0/sha/fips_standalone_sh
a1"
 
-		CANISTER_O="$/fips-1.0/fipscanister.o"
 
-		PREMAIN_C="$/fips-1.0/fips_premain.c"
   	else	# Installed tree is expected to contain
   		# lib/fipscanister.o, lib/fipscanister.o.sha1 and
   		# lib/fips_premain.c [not to mention bin/openssl].
   		FINGERTYPE="$/bin/openssl sha1 -hmac
$"
  -		CANISTER_O="$/lib/fipscanister.o"
  -		PREMAIN_C="$/lib/fips_premain.c"
   	fi
   
  +	CANISTER_O="$/fipscanister.o"
  +	PREMAIN_C="$/fips_premain.c"
  +
   	# verify fipscanister.o against its detached
signature...
   	$ "$" | sed
"s/(.*\//(/" | \
   		diff -w "$.sha1" - || \
   .
____________________________________________________________
__________
OpenSSL Project                                 http://www.openssl.org
CVS Repository Commit List                    
openssl-cvsopenssl.org
Automated List Manager                          
majordomoopenssl.org
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )