diff options
| author | simon <simon@FreeBSD.org> | 2009-06-14 19:45:16 +0000 |
|---|---|---|
| committer | simon <simon@FreeBSD.org> | 2009-06-14 19:45:16 +0000 |
| commit | 5fb395764b4b691c877e526b4e65bbedb5cb67c7 (patch) | |
| tree | 90cf0e59374e08e88c1514f35c4b2aab0cccd66d /crypto/openssl/util | |
| parent | 07b720e0fe4141d966e129428ee8eb96f394787f (diff) | |
| parent | d5528ae65fadeed6bcb5c766bf12ed4b275a9271 (diff) | |
| download | FreeBSD-src-5fb395764b4b691c877e526b4e65bbedb5cb67c7.zip FreeBSD-src-5fb395764b4b691c877e526b4e65bbedb5cb67c7.tar.gz | |
Merge OpenSSL 0.9.8k into head.
Approved by: re
Diffstat (limited to 'crypto/openssl/util')
| -rwxr-xr-x | crypto/openssl/util/arx.pl | 15 | ||||
| -rwxr-xr-x | crypto/openssl/util/clean-depend.pl | 7 | ||||
| -rw-r--r-- | crypto/openssl/util/copy.pl | 11 | ||||
| -rwxr-xr-x | crypto/openssl/util/domd | 2 | ||||
| -rwxr-xr-x | crypto/openssl/util/fipslink.pl | 78 | ||||
| -rwxr-xr-x | crypto/openssl/util/libeay.num | 295 | ||||
| -rwxr-xr-x | crypto/openssl/util/mk1mf.pl | 467 | ||||
| -rwxr-xr-x | crypto/openssl/util/mkdef.pl | 43 | ||||
| -rw-r--r-- | crypto/openssl/util/mkerr.pl | 7 | ||||
| -rwxr-xr-x | crypto/openssl/util/mkfiles.pl | 12 | ||||
| -rwxr-xr-x | crypto/openssl/util/mklink.pl | 12 | ||||
| -rwxr-xr-x | crypto/openssl/util/mksdef.pl | 87 | ||||
| -rwxr-xr-x | crypto/openssl/util/opensslwrap.sh | 4 | ||||
| -rw-r--r-- | crypto/openssl/util/pl/VC-32.pl | 216 | ||||
| -rw-r--r-- | crypto/openssl/util/pl/netware.pl | 375 | ||||
| -rwxr-xr-x | crypto/openssl/util/shlib_wrap.sh | 33 | ||||
| -rwxr-xr-x | crypto/openssl/util/ssleay.num | 4 |
17 files changed, 1421 insertions, 247 deletions
diff --git a/crypto/openssl/util/arx.pl b/crypto/openssl/util/arx.pl new file mode 100755 index 0000000..ce62625 --- /dev/null +++ b/crypto/openssl/util/arx.pl @@ -0,0 +1,15 @@ +#!/bin/perl + +# Simple perl script to wrap round "ar" program and exclude any +# object files in the environment variable EXCL_OBJ + +map { s/^.*\/([^\/]*)$/$1/ ; $EXCL{$_} = 1} split(' ', $ENV{EXCL_OBJ}); + +#my @ks = keys %EXCL; +#print STDERR "Excluding: @ks \n"; + +my @ARGS = grep { !exists $EXCL{$_} } @ARGV; + +system @ARGS; + +exit $? >> 8; diff --git a/crypto/openssl/util/clean-depend.pl b/crypto/openssl/util/clean-depend.pl index 6c485d1..2b2bdb4 100755 --- a/crypto/openssl/util/clean-depend.pl +++ b/crypto/openssl/util/clean-depend.pl @@ -37,8 +37,11 @@ foreach $file (sort keys %files) { $file=~s/^\.\///; push @{$files{$file}},$origfile; my $prevdep=""; - foreach $dep (sort @{$files{$file}}) { - $dep=~s/^\.\///; + + # Remove leading ./ before sorting + my @deps = map { $_ =~ s/^\.\///; $_ } @{$files{$file}}; + + foreach $dep (sort @deps) { next if $prevdep eq $dep; # to exterminate duplicates... $prevdep = $dep; $len=0 if $len+length($dep)+1 >= 80; diff --git a/crypto/openssl/util/copy.pl b/crypto/openssl/util/copy.pl index e20b455..eba6d58 100644 --- a/crypto/openssl/util/copy.pl +++ b/crypto/openssl/util/copy.pl @@ -8,9 +8,16 @@ use Fcntl; # Perl script 'copy' comment. On Windows the built in "copy" command also # copies timestamps: this messes up Makefile dependencies. +my $stripcr = 0; + my $arg; foreach $arg (@ARGV) { + if ($arg eq "-stripcr") + { + $stripcr = 1; + next; + } $arg =~ s|\\|/|g; # compensate for bug/feature in cygwin glob... foreach (glob $arg) { @@ -49,6 +56,10 @@ foreach (@filelist) || die "Can't Open $dfile"; while (sysread IN, $buf, 10240) { + if ($stripcr) + { + $buf =~ tr/\015//d; + } syswrite(OUT, $buf, length($buf)); } close(IN); diff --git a/crypto/openssl/util/domd b/crypto/openssl/util/domd index 691be7a..560ebea 100755 --- a/crypto/openssl/util/domd +++ b/crypto/openssl/util/domd @@ -22,7 +22,7 @@ if [ "$MAKEDEPEND" = "gcc" ]; then done sed -e '/^# DO NOT DELETE.*/,$d' < Makefile > Makefile.tmp echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp - gcc -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp + ${CC:-gcc} -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new rm -f Makefile.tmp else diff --git a/crypto/openssl/util/fipslink.pl b/crypto/openssl/util/fipslink.pl new file mode 100755 index 0000000..3597bc1 --- /dev/null +++ b/crypto/openssl/util/fipslink.pl @@ -0,0 +1,78 @@ +#!/usr/bin/perl + +sub check_env + { + my @ret; + foreach (@_) + { + die "Environment variable $_ not defined!\n" unless exists $ENV{$_}; + push @ret, $ENV{$_}; + } + return @ret; + } + + +my ($fips_cc,$fips_cc_args, $fips_link,$fips_target, $fips_libdir, $sha1_exe) + = check_env("FIPS_CC", "FIPS_CC_ARGS", "FIPS_LINK", "FIPS_TARGET", + "FIPSLIB_D", "FIPS_SHA1_EXE"); + + + +if (exists $ENV{"PREMAIN_DSO_EXE"}) + { + $fips_premain_dso = $ENV{"PREMAIN_DSO_EXE"}; + } + else + { + $fips_premain_dso = ""; + } + +check_hash($sha1_exe, "fips_premain.c"); +check_hash($sha1_exe, "fipscanister.lib"); + + +print "Integrity check OK\n"; + +print "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c\n"; +system "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c"; +die "First stage Compile failure" if $? != 0; + +print "$fips_link @ARGV\n"; +system "$fips_link @ARGV"; +die "First stage Link failure" if $? != 0; + + +print "$fips_premain_dso $fips_target\n"; +$fips_hash=`$fips_premain_dso $fips_target`; +chomp $fips_hash; +die "Get hash failure" if $? != 0; + + +print "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c\n"; +system "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c"; +die "Second stage Compile failure" if $? != 0; + + +print "$fips_link @ARGV\n"; +system "$fips_link @ARGV"; +die "Second stage Link failure" if $? != 0; + +sub check_hash + { + my ($sha1_exe, $filename) = @_; + my ($hashfile, $hashval); + + open(IN, "${fips_libdir}/${filename}.sha1") || die "Cannot open file hash file ${fips_libdir}/${filename}.sha1"; + $hashfile = <IN>; + close IN; + $hashval = `$sha1_exe ${fips_libdir}/$filename`; + chomp $hashfile; + chomp $hashval; + $hashfile =~ s/^.*=\s+//; + $hashval =~ s/^.*=\s+//; + die "Invalid hash syntax in file" if (length($hashfile) != 40); + die "Invalid hash received for file" if (length($hashval) != 40); + die "***HASH VALUE MISMATCH FOR FILE $filename ***" if ($hashval ne $hashfile); + } + + diff --git a/crypto/openssl/util/libeay.num b/crypto/openssl/util/libeay.num index a8a0ff6..74eb337 100755 --- a/crypto/openssl/util/libeay.num +++ b/crypto/openssl/util/libeay.num @@ -725,7 +725,7 @@ d2i_DSAPublicKey 731 EXIST::FUNCTION:DSA d2i_DSAparams 732 EXIST::FUNCTION:DSA d2i_NETSCAPE_SPKAC 733 EXIST::FUNCTION: d2i_NETSCAPE_SPKI 734 EXIST::FUNCTION: -d2i_Netscape_RSA 735 EXIST::FUNCTION:RSA +d2i_Netscape_RSA 735 EXIST::FUNCTION:RC4,RSA d2i_PKCS7 736 EXIST::FUNCTION: d2i_PKCS7_DIGEST 737 EXIST::FUNCTION: d2i_PKCS7_ENCRYPT 738 EXIST::FUNCTION: @@ -802,7 +802,7 @@ DES_set_odd_parity 809 EXIST::FUNCTION:DES DES_string_to_2keys 810 EXIST::FUNCTION:DES DES_string_to_key 811 EXIST::FUNCTION:DES DES_xcbc_encrypt 812 EXIST::FUNCTION:DES -DES_xwhite_in2out 813 EXIST::FUNCTION:DES +DES_xwhite_in2out 813 NOEXIST::FUNCTION: fcrypt_body 814 NOEXIST::FUNCTION: i2a_ASN1_INTEGER 815 EXIST::FUNCTION:BIO i2a_ASN1_OBJECT 816 EXIST::FUNCTION:BIO @@ -827,7 +827,7 @@ i2d_DSAPublicKey 834 EXIST::FUNCTION:DSA i2d_DSAparams 835 EXIST::FUNCTION:DSA i2d_NETSCAPE_SPKAC 836 EXIST::FUNCTION: i2d_NETSCAPE_SPKI 837 EXIST::FUNCTION: -i2d_Netscape_RSA 838 EXIST::FUNCTION:RSA +i2d_Netscape_RSA 838 EXIST::FUNCTION:RC4,RSA i2d_PKCS7 839 EXIST::FUNCTION: i2d_PKCS7_DIGEST 840 EXIST::FUNCTION: i2d_PKCS7_ENCRYPT 841 EXIST::FUNCTION: @@ -1814,9 +1814,9 @@ RAND_egd_bytes 2402 EXIST::FUNCTION: X509_REQ_get1_email 2403 EXIST::FUNCTION: X509_get1_email 2404 EXIST::FUNCTION: X509_email_free 2405 EXIST::FUNCTION: -i2d_RSA_NET 2406 EXIST::FUNCTION:RSA +i2d_RSA_NET 2406 EXIST::FUNCTION:RC4,RSA d2i_RSA_NET_2 2407 NOEXIST::FUNCTION: -d2i_RSA_NET 2408 EXIST::FUNCTION:RSA +d2i_RSA_NET 2408 EXIST::FUNCTION:RC4,RSA DSO_bind_func 2409 EXIST::FUNCTION: CRYPTO_get_new_dynlockid 2410 EXIST::FUNCTION: sk_new_null 2411 EXIST::FUNCTION: @@ -2089,7 +2089,7 @@ OCSP_BASICRESP_get_ext_by_crit 2646 EXIST:VMS:FUNCTION: OCSP_cert_status_str 2647 EXIST::FUNCTION: d2i_OCSP_REQUEST 2648 EXIST::FUNCTION: UI_dup_info_string 2649 EXIST::FUNCTION: -_ossl_old_des_xwhite_in2out 2650 EXIST::FUNCTION:DES +_ossl_old_des_xwhite_in2out 2650 NOEXIST::FUNCTION: PKCS12_it 2651 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS12_it 2651 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: OCSP_SINGLERESP_get_ext_by_critical 2652 EXIST:!VMS:FUNCTION: @@ -2804,12 +2804,12 @@ OPENSSL_cleanse 3245 EXIST::FUNCTION: ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES -FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION: -FIPS_selftest_des 3250 NOEXIST::FUNCTION: +FIPS_corrupt_rsa 3249 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_des 3250 EXIST:OPENSSL_FIPS:FUNCTION: EVP_aes_128_cfb1 3251 EXIST::FUNCTION:AES EVP_aes_192_cfb8 3252 EXIST::FUNCTION:AES -FIPS_mode_set 3253 NOEXIST::FUNCTION: -FIPS_selftest_dsa 3254 NOEXIST::FUNCTION: +FIPS_mode_set 3253 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_dsa 3254 EXIST:OPENSSL_FIPS:FUNCTION: EVP_aes_256_cfb8 3255 EXIST::FUNCTION:AES FIPS_allow_md5 3256 NOEXIST::FUNCTION: DES_ede3_cfb_encrypt 3257 EXIST::FUNCTION:DES @@ -2817,44 +2817,44 @@ EVP_des_ede3_cfb8 3258 EXIST::FUNCTION:DES FIPS_rand_seeded 3259 NOEXIST::FUNCTION: AES_cfbr_encrypt_block 3260 EXIST::FUNCTION:AES AES_cfb8_encrypt 3261 EXIST::FUNCTION:AES -FIPS_rand_seed 3262 NOEXIST::FUNCTION: -FIPS_corrupt_des 3263 NOEXIST::FUNCTION: +FIPS_rand_seed 3262 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_corrupt_des 3263 EXIST:OPENSSL_FIPS:FUNCTION: EVP_aes_192_cfb1 3264 EXIST::FUNCTION:AES -FIPS_selftest_aes 3265 NOEXIST::FUNCTION: +FIPS_selftest_aes 3265 EXIST:OPENSSL_FIPS:FUNCTION: FIPS_set_prng_key 3266 NOEXIST::FUNCTION: EVP_des_cfb8 3267 EXIST::FUNCTION:DES -FIPS_corrupt_dsa 3268 NOEXIST::FUNCTION: +FIPS_corrupt_dsa 3268 EXIST:OPENSSL_FIPS:FUNCTION: FIPS_test_mode 3269 NOEXIST::FUNCTION: -FIPS_rand_method 3270 NOEXIST::FUNCTION: +FIPS_rand_method 3270 EXIST:OPENSSL_FIPS:FUNCTION: EVP_aes_256_cfb1 3271 EXIST::FUNCTION:AES -ERR_load_FIPS_strings 3272 NOEXIST::FUNCTION: -FIPS_corrupt_aes 3273 NOEXIST::FUNCTION: -FIPS_selftest_sha1 3274 NOEXIST::FUNCTION: -FIPS_selftest_rsa 3275 NOEXIST::FUNCTION: -FIPS_corrupt_sha1 3276 NOEXIST::FUNCTION: +ERR_load_FIPS_strings 3272 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_corrupt_aes 3273 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_sha1 3274 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_rsa 3275 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_corrupt_sha1 3276 EXIST:OPENSSL_FIPS:FUNCTION: EVP_des_cfb1 3277 EXIST::FUNCTION:DES FIPS_dsa_check 3278 NOEXIST::FUNCTION: AES_cfb1_encrypt 3279 EXIST::FUNCTION:AES EVP_des_ede3_cfb1 3280 EXIST::FUNCTION:DES -FIPS_rand_check 3281 NOEXIST::FUNCTION: +FIPS_rand_check 3281 EXIST:OPENSSL_FIPS:FUNCTION: FIPS_md5_allowed 3282 NOEXIST::FUNCTION: -FIPS_mode 3283 NOEXIST::FUNCTION: -FIPS_selftest_failed 3284 NOEXIST::FUNCTION: +FIPS_mode 3283 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_failed 3284 EXIST:OPENSSL_FIPS:FUNCTION: sk_is_sorted 3285 EXIST::FUNCTION: X509_check_ca 3286 EXIST::FUNCTION: -private_idea_set_encrypt_key 3287 NOEXIST::FUNCTION: -HMAC_CTX_set_flags 3288 NOEXIST::FUNCTION: -private_SHA_Init 3289 NOEXIST::FUNCTION: -private_CAST_set_key 3290 NOEXIST::FUNCTION: -private_RIPEMD160_Init 3291 NOEXIST::FUNCTION: -private_RC5_32_set_key 3292 NOEXIST::FUNCTION: -private_MD5_Init 3293 NOEXIST::FUNCTION: -private_RC4_set_key 3294 NOEXIST::FUNCTION: -private_MDC2_Init 3295 NOEXIST::FUNCTION: -private_RC2_set_key 3296 NOEXIST::FUNCTION: -private_MD4_Init 3297 NOEXIST::FUNCTION: -private_BF_set_key 3298 NOEXIST::FUNCTION: -private_MD2_Init 3299 NOEXIST::FUNCTION: +private_idea_set_encrypt_key 3287 EXIST:OPENSSL_FIPS:FUNCTION:IDEA +HMAC_CTX_set_flags 3288 EXIST::FUNCTION:HMAC +private_SHA_Init 3289 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA0 +private_CAST_set_key 3290 EXIST:OPENSSL_FIPS:FUNCTION:CAST +private_RIPEMD160_Init 3291 EXIST:OPENSSL_FIPS:FUNCTION:RIPEMD +private_RC5_32_set_key 3292 EXIST:OPENSSL_FIPS:FUNCTION:RC5 +private_MD5_Init 3293 EXIST:OPENSSL_FIPS:FUNCTION:MD5 +private_RC4_set_key 3294 EXIST:OPENSSL_FIPS:FUNCTION:RC4 +private_MDC2_Init 3295 EXIST:OPENSSL_FIPS:FUNCTION:MDC2 +private_RC2_set_key 3296 EXIST:OPENSSL_FIPS:FUNCTION:RC2 +private_MD4_Init 3297 EXIST:OPENSSL_FIPS:FUNCTION:MD4 +private_BF_set_key 3298 EXIST:OPENSSL_FIPS:FUNCTION:BF +private_MD2_Init 3299 EXIST:OPENSSL_FIPS:FUNCTION:MD2 d2i_PROXY_CERT_INFO_EXTENSION 3300 EXIST::FUNCTION: PROXY_POLICY_it 3301 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PROXY_POLICY_it 3301 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2868,13 +2868,13 @@ PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI PROXY_POLICY_free 3308 EXIST::FUNCTION: PROXY_POLICY_new 3309 EXIST::FUNCTION: BN_MONT_CTX_set_locked 3310 EXIST::FUNCTION: -FIPS_selftest_rng 3311 NOEXIST::FUNCTION: +FIPS_selftest_rng 3311 EXIST:OPENSSL_FIPS:FUNCTION: EVP_sha384 3312 EXIST::FUNCTION:SHA,SHA512 EVP_sha512 3313 EXIST::FUNCTION:SHA,SHA512 EVP_sha224 3314 EXIST::FUNCTION:SHA,SHA256 EVP_sha256 3315 EXIST::FUNCTION:SHA,SHA256 -FIPS_selftest_hmac 3316 NOEXIST::FUNCTION: -FIPS_corrupt_rng 3317 NOEXIST::FUNCTION: +FIPS_selftest_hmac 3316 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_corrupt_rng 3317 EXIST:OPENSSL_FIPS:FUNCTION: BN_mod_exp_mont_consttime 3318 EXIST::FUNCTION: RSA_X931_hash_id 3319 EXIST::FUNCTION:RSA RSA_padding_check_X931 3320 EXIST::FUNCTION:RSA @@ -2882,7 +2882,7 @@ RSA_verify_PKCS1_PSS 3321 EXIST::FUNCTION:RSA RSA_padding_add_X931 3322 EXIST::FUNCTION:RSA RSA_padding_add_PKCS1_PSS 3323 EXIST::FUNCTION:RSA PKCS1_MGF1 3324 EXIST::FUNCTION:RSA -BN_X931_generate_Xpq 3325 NOEXIST::FUNCTION: +BN_X931_generate_Xpq 3325 EXIST::FUNCTION: RSA_X931_generate_key 3326 NOEXIST::FUNCTION: BN_X931_derive_prime 3327 NOEXIST::FUNCTION: BN_X931_generate_prime 3328 NOEXIST::FUNCTION: @@ -3510,3 +3510,218 @@ BIO_get_callback_arg 3902 EXIST::FUNCTION: BIO_set_callback 3903 EXIST::FUNCTION: d2i_ASIdOrRange 3904 EXIST::FUNCTION:RFC3779 i2d_ASIdentifiers 3905 EXIST::FUNCTION:RFC3779 +SEED_decrypt 3908 EXIST::FUNCTION:SEED +SEED_encrypt 3909 EXIST::FUNCTION:SEED +SEED_cbc_encrypt 3910 EXIST::FUNCTION:SEED +EVP_seed_ofb 3911 EXIST::FUNCTION:SEED +SEED_cfb128_encrypt 3912 EXIST::FUNCTION:SEED +SEED_ofb128_encrypt 3913 EXIST::FUNCTION:SEED +EVP_seed_cbc 3914 EXIST::FUNCTION:SEED +SEED_ecb_encrypt 3915 EXIST::FUNCTION:SEED +EVP_seed_ecb 3916 EXIST::FUNCTION:SEED +SEED_set_key 3917 EXIST::FUNCTION:SEED +EVP_seed_cfb128 3918 EXIST::FUNCTION:SEED +X509_EXTENSIONS_it 3919 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +X509_EXTENSIONS_it 3919 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +X509_get1_ocsp 3920 EXIST::FUNCTION: +OCSP_REQ_CTX_free 3921 EXIST::FUNCTION: +i2d_X509_EXTENSIONS 3922 EXIST::FUNCTION: +OCSP_sendreq_nbio 3923 EXIST::FUNCTION: +OCSP_sendreq_new 3924 EXIST::FUNCTION: +d2i_X509_EXTENSIONS 3925 EXIST::FUNCTION: +X509_ALGORS_it 3926 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +X509_ALGORS_it 3926 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +X509_ALGOR_get0 3927 EXIST::FUNCTION: +X509_ALGOR_set0 3928 EXIST::FUNCTION: +AES_unwrap_key 3929 EXIST::FUNCTION:AES +AES_wrap_key 3930 EXIST::FUNCTION:AES +X509at_get0_data_by_OBJ 3931 EXIST::FUNCTION: +ASN1_TYPE_set1 3932 EXIST::FUNCTION: +ASN1_STRING_set0 3933 EXIST::FUNCTION: +i2d_X509_ALGORS 3934 EXIST::FUNCTION: +BIO_f_zlib 3935 EXIST:ZLIB:FUNCTION: +COMP_zlib_cleanup 3936 EXIST::FUNCTION: +d2i_X509_ALGORS 3937 EXIST::FUNCTION: +CMS_ReceiptRequest_free 3938 EXIST::FUNCTION:CMS +PEM_write_CMS 3939 EXIST:!WIN16:FUNCTION:CMS +CMS_add0_CertificateChoices 3940 EXIST::FUNCTION:CMS +CMS_unsigned_add1_attr_by_OBJ 3941 EXIST::FUNCTION:CMS +ERR_load_CMS_strings 3942 EXIST::FUNCTION:CMS +CMS_sign_receipt 3943 EXIST::FUNCTION:CMS +i2d_CMS_ContentInfo 3944 EXIST::FUNCTION:CMS +CMS_signed_delete_attr 3945 EXIST::FUNCTION:CMS +d2i_CMS_bio 3946 EXIST::FUNCTION:CMS +CMS_unsigned_get_attr_by_NID 3947 EXIST::FUNCTION:CMS +CMS_verify 3948 EXIST::FUNCTION:CMS +SMIME_read_CMS 3949 EXIST::FUNCTION:CMS +CMS_decrypt_set1_key 3950 EXIST::FUNCTION:CMS +CMS_SignerInfo_get0_algs 3951 EXIST::FUNCTION:CMS +CMS_add1_cert 3952 EXIST::FUNCTION:CMS +CMS_set_detached 3953 EXIST::FUNCTION:CMS +CMS_encrypt 3954 EXIST::FUNCTION:CMS +CMS_EnvelopedData_create 3955 EXIST::FUNCTION:CMS +CMS_uncompress 3956 EXIST::FUNCTION:CMS +CMS_add0_crl 3957 EXIST::FUNCTION:CMS +CMS_SignerInfo_verify_content 3958 EXIST::FUNCTION:CMS +CMS_unsigned_get0_data_by_OBJ 3959 EXIST::FUNCTION:CMS +PEM_write_bio_CMS 3960 EXIST::FUNCTION:CMS +CMS_unsigned_get_attr 3961 EXIST::FUNCTION:CMS +CMS_RecipientInfo_ktri_cert_cmp 3962 EXIST::FUNCTION:CMS +CMS_RecipientInfo_ktri_get0_algs 3963 EXIST:!VMS:FUNCTION:CMS +CMS_RecipInfo_ktri_get0_algs 3963 EXIST:VMS:FUNCTION:CMS +CMS_ContentInfo_free 3964 EXIST::FUNCTION:CMS +CMS_final 3965 EXIST::FUNCTION:CMS +CMS_add_simple_smimecap 3966 EXIST::FUNCTION:CMS +CMS_SignerInfo_verify 3967 EXIST::FUNCTION:CMS +CMS_data 3968 EXIST::FUNCTION:CMS +CMS_ContentInfo_it 3969 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMS +CMS_ContentInfo_it 3969 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMS +d2i_CMS_ReceiptRequest 3970 EXIST::FUNCTION:CMS +CMS_compress 3971 EXIST::FUNCTION:CMS +CMS_digest_create 3972 EXIST::FUNCTION:CMS +CMS_SignerInfo_cert_cmp 3973 EXIST::FUNCTION:CMS +CMS_SignerInfo_sign 3974 EXIST::FUNCTION:CMS +CMS_data_create 3975 EXIST::FUNCTION:CMS +i2d_CMS_bio 3976 EXIST::FUNCTION:CMS +CMS_EncryptedData_set1_key 3977 EXIST::FUNCTION:CMS +CMS_decrypt 3978 EXIST::FUNCTION:CMS +int_smime_write_ASN1 3979 EXIST::FUNCTION: +CMS_unsigned_delete_attr 3980 EXIST::FUNCTION:CMS +CMS_unsigned_get_attr_count 3981 EXIST::FUNCTION:CMS +CMS_add_smimecap 3982 EXIST::FUNCTION:CMS +PEM_read_CMS 3983 EXIST:!WIN16:FUNCTION:CMS +CMS_signed_get_attr_by_OBJ 3984 EXIST::FUNCTION:CMS +d2i_CMS_ContentInfo 3985 EXIST::FUNCTION:CMS +CMS_add_standard_smimecap 3986 EXIST::FUNCTION:CMS +CMS_ContentInfo_new 3987 EXIST::FUNCTION:CMS +CMS_RecipientInfo_type 3988 EXIST::FUNCTION:CMS +CMS_get0_type 3989 EXIST::FUNCTION:CMS +CMS_is_detached 3990 EXIST::FUNCTION:CMS +CMS_sign 3991 EXIST::FUNCTION:CMS +CMS_signed_add1_attr 3992 EXIST::FUNCTION:CMS +CMS_unsigned_get_attr_by_OBJ 3993 EXIST::FUNCTION:CMS +SMIME_write_CMS 3994 EXIST::FUNCTION:CMS +CMS_EncryptedData_decrypt 3995 EXIST::FUNCTION:CMS +CMS_get0_RecipientInfos 3996 EXIST::FUNCTION:CMS +CMS_add0_RevocationInfoChoice 3997 EXIST::FUNCTION:CMS +CMS_decrypt_set1_pkey 3998 EXIST::FUNCTION:CMS +CMS_SignerInfo_set1_signer_cert 3999 EXIST::FUNCTION:CMS +CMS_get0_signers 4000 EXIST::FUNCTION:CMS +CMS_ReceiptRequest_get0_values 4001 EXIST::FUNCTION:CMS +CMS_signed_get0_data_by_OBJ 4002 EXIST::FUNCTION:CMS +CMS_get0_SignerInfos 4003 EXIST::FUNCTION:CMS +CMS_add0_cert 4004 EXIST::FUNCTION:CMS +CMS_EncryptedData_encrypt 4005 EXIST::FUNCTION:CMS +CMS_digest_verify 4006 EXIST::FUNCTION:CMS +CMS_set1_signers_certs 4007 EXIST::FUNCTION:CMS +CMS_signed_get_attr 4008 EXIST::FUNCTION:CMS +CMS_RecipientInfo_set0_key 4009 EXIST::FUNCTION:CMS +CMS_SignedData_init 4010 EXIST::FUNCTION:CMS +CMS_RecipientInfo_kekri_get0_id 4011 EXIST::FUNCTION:CMS +CMS_verify_receipt 4012 EXIST::FUNCTION:CMS +CMS_ReceiptRequest_it 4013 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMS +CMS_ReceiptRequest_it 4013 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMS +PEM_read_bio_CMS 4014 EXIST::FUNCTION:CMS +CMS_get1_crls 4015 EXIST::FUNCTION:CMS +CMS_add0_recipient_key 4016 EXIST::FUNCTION:CMS +SMIME_read_ASN1 4017 EXIST::FUNCTION: +CMS_ReceiptRequest_new 4018 EXIST::FUNCTION:CMS +CMS_get0_content 4019 EXIST::FUNCTION:CMS +CMS_get1_ReceiptRequest 4020 EXIST::FUNCTION:CMS +CMS_signed_add1_attr_by_OBJ 4021 EXIST::FUNCTION:CMS +CMS_RecipientInfo_kekri_id_cmp 4022 EXIST::FUNCTION:CMS +CMS_add1_ReceiptRequest 4023 EXIST::FUNCTION:CMS +CMS_SignerInfo_get0_signer_id 4024 EXIST::FUNCTION:CMS +CMS_unsigned_add1_attr_by_NID 4025 EXIST::FUNCTION:CMS +CMS_unsigned_add1_attr 4026 EXIST::FUNCTION:CMS +CMS_signed_get_attr_by_NID 4027 EXIST::FUNCTION:CMS +CMS_get1_certs 4028 EXIST::FUNCTION:CMS +CMS_signed_add1_attr_by_NID 4029 EXIST::FUNCTION:CMS +CMS_unsigned_add1_attr_by_txt 4030 EXIST::FUNCTION:CMS +CMS_dataFinal 4031 EXIST::FUNCTION:CMS +CMS_RecipientInfo_ktri_get0_signer_id 4032 EXIST:!VMS:FUNCTION:CMS +CMS_RecipInfo_ktri_get0_sigr_id 4032 EXIST:VMS:FUNCTION:CMS +i2d_CMS_ReceiptRequest 4033 EXIST::FUNCTION:CMS +CMS_add1_recipient_cert 4034 EXIST::FUNCTION:CMS +CMS_dataInit 4035 EXIST::FUNCTION:CMS +CMS_signed_add1_attr_by_txt 4036 EXIST::FUNCTION:CMS +CMS_RecipientInfo_decrypt 4037 EXIST::FUNCTION:CMS +CMS_signed_get_attr_count 4038 EXIST::FUNCTION:CMS +CMS_get0_eContentType 4039 EXIST::FUNCTION:CMS +CMS_set1_eContentType 4040 EXIST::FUNCTION:CMS +CMS_ReceiptRequest_create0 4041 EXIST::FUNCTION:CMS +CMS_add1_signer 4042 EXIST::FUNCTION:CMS +CMS_RecipientInfo_set0_pkey 4043 EXIST::FUNCTION:CMS +ENGINE_set_load_ssl_client_cert_function 4044 EXIST:!VMS:FUNCTION:ENGINE +ENGINE_set_ld_ssl_clnt_cert_fn 4044 EXIST:VMS:FUNCTION:ENGINE +ENGINE_get_ssl_client_cert_function 4045 EXIST:!VMS:FUNCTION:ENGINE +ENGINE_get_ssl_client_cert_fn 4045 EXIST:VMS:FUNCTION:ENGINE +ENGINE_load_ssl_client_cert 4046 EXIST::FUNCTION:ENGINE +ENGINE_load_capi 4047 EXIST::FUNCTION:CAPIENG,ENGINE +OPENSSL_isservice 4048 EXIST::FUNCTION: +FIPS_dsa_sig_decode 4049 EXIST:OPENSSL_FIPS:FUNCTION:DSA +EVP_CIPHER_CTX_clear_flags 4050 EXIST::FUNCTION: +FIPS_rand_status 4051 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_rand_set_key 4052 EXIST:OPENSSL_FIPS:FUNCTION: +CRYPTO_set_mem_info_functions 4053 EXIST::FUNCTION: +RSA_X931_generate_key_ex 4054 EXIST::FUNCTION:RSA +int_ERR_set_state_func 4055 EXIST:OPENSSL_FIPS:FUNCTION: +int_EVP_MD_set_engine_callbacks 4056 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE +int_CRYPTO_set_do_dynlock_callback 4057 EXIST:!VMS:FUNCTION: +int_CRYPTO_set_do_dynlock_cb 4057 EXIST:VMS:FUNCTION: +FIPS_rng_stick 4058 EXIST:OPENSSL_FIPS:FUNCTION: +EVP_CIPHER_CTX_set_flags 4059 EXIST::FUNCTION: +BN_X931_generate_prime_ex 4060 EXIST::FUNCTION: +FIPS_selftest_check 4061 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_rand_set_dt 4062 EXIST:OPENSSL_FIPS:FUNCTION: +CRYPTO_dbg_pop_info 4063 EXIST::FUNCTION: +FIPS_dsa_free 4064 EXIST:OPENSSL_FIPS:FUNCTION:DSA +RSA_X931_derive_ex 4065 EXIST::FUNCTION:RSA +FIPS_rsa_new 4066 EXIST:OPENSSL_FIPS:FUNCTION:RSA +FIPS_rand_bytes 4067 EXIST:OPENSSL_FIPS:FUNCTION: +fips_cipher_test 4068 EXIST:OPENSSL_FIPS:FUNCTION: +EVP_CIPHER_CTX_test_flags 4069 EXIST::FUNCTION: +CRYPTO_malloc_debug_init 4070 EXIST::FUNCTION: +CRYPTO_dbg_push_info 4071 EXIST::FUNCTION: +FIPS_corrupt_rsa_keygen 4072 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_dh_new 4073 EXIST:OPENSSL_FIPS:FUNCTION:DH +FIPS_corrupt_dsa_keygen 4074 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_dh_free 4075 EXIST:OPENSSL_FIPS:FUNCTION:DH +fips_pkey_signature_test 4076 EXIST:OPENSSL_FIPS:FUNCTION: +EVP_add_alg_module 4077 EXIST::FUNCTION: +int_RAND_init_engine_callbacks 4078 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE +int_EVP_CIPHER_set_engine_callbacks 4079 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE +int_EVP_MD_init_engine_callbacks 4080 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE +FIPS_rand_test_mode 4081 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_rand_reset 4082 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_dsa_new 4083 EXIST:OPENSSL_FIPS:FUNCTION:DSA +int_RAND_set_callbacks 4084 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE +BN_X931_derive_prime_ex 4085 EXIST::FUNCTION: +int_ERR_lib_init 4086 EXIST:OPENSSL_FIPS:FUNCTION: +int_EVP_CIPHER_init_engine_callbacks 4087 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE +FIPS_rsa_free 4088 EXIST:OPENSSL_FIPS:FUNCTION:RSA +FIPS_dsa_sig_encode 4089 EXIST:OPENSSL_FIPS:FUNCTION:DSA +CRYPTO_dbg_remove_all_info 4090 EXIST::FUNCTION: +OPENSSL_init 4091 EXIST::FUNCTION: +private_Camellia_set_key 4092 EXIST:OPENSSL_FIPS:FUNCTION:CAMELLIA +CRYPTO_strdup 4093 EXIST::FUNCTION: +JPAKE_STEP3A_process 4094 EXIST::FUNCTION:JPAKE +JPAKE_STEP1_release 4095 EXIST::FUNCTION:JPAKE +JPAKE_get_shared_key 4096 EXIST::FUNCTION:JPAKE +JPAKE_STEP3B_init 4097 EXIST::FUNCTION:JPAKE +JPAKE_STEP1_generate 4098 EXIST::FUNCTION:JPAKE +JPAKE_STEP1_init 4099 EXIST::FUNCTION:JPAKE +JPAKE_STEP3B_process 4100 EXIST::FUNCTION:JPAKE +JPAKE_STEP2_generate 4101 EXIST::FUNCTION:JPAKE +JPAKE_CTX_new 4102 EXIST::FUNCTION:JPAKE +JPAKE_CTX_free 4103 EXIST::FUNCTION:JPAKE +JPAKE_STEP3B_release 4104 EXIST::FUNCTION:JPAKE +JPAKE_STEP3A_release 4105 EXIST::FUNCTION:JPAKE +JPAKE_STEP2_process 4106 EXIST::FUNCTION:JPAKE +JPAKE_STEP3B_generate 4107 EXIST::FUNCTION:JPAKE +JPAKE_STEP1_process 4108 EXIST::FUNCTION:JPAKE +JPAKE_STEP3A_generate 4109 EXIST::FUNCTION:JPAKE +JPAKE_STEP2_release 4110 EXIST::FUNCTION:JPAKE +JPAKE_STEP3A_init 4111 EXIST::FUNCTION:JPAKE +ERR_load_JPAKE_strings 4112 EXIST::FUNCTION:JPAKE +JPAKE_STEP2_init 4113 EXIST::FUNCTION:JPAKE diff --git a/crypto/openssl/util/mk1mf.pl b/crypto/openssl/util/mk1mf.pl index 863e5e4..f2b92b2 100755 --- a/crypto/openssl/util/mk1mf.pl +++ b/crypto/openssl/util/mk1mf.pl @@ -15,6 +15,18 @@ my $engines = ""; local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic local $zlib_lib = ""; +local $fips_canister_path = ""; +my $fips_premain_dso_exe_path = ""; +my $fips_premain_c_path = ""; +my $fips_sha1_exe_path = ""; + +local $fipscanisterbuild = 0; +local $fipsdso = 0; + +my $fipslibdir = ""; +my $baseaddr = ""; + +my $ex_l_libs = ""; open(IN,"<Makefile") || die "unable to open Makefile!\n"; while(<IN>) { @@ -42,6 +54,7 @@ $infile="MINFO"; "FreeBSD","FreeBSD distribution", "OS2-EMX", "EMX GCC OS/2", "netware-clib", "CodeWarrior for NetWare - CLib - with WinSock Sockets", + "netware-clib-bsdsock", "CodeWarrior for NetWare - CLib - with BSD Sockets", "netware-libc", "CodeWarrior for NetWare - LibC - with WinSock Sockets", "netware-libc-bsdsock", "CodeWarrior for NetWare - LibC - with BSD Sockets", "default","cc under unix", @@ -63,7 +76,7 @@ and [options] can be one of no-md2 no-md4 no-md5 no-sha no-mdc2 - Skip this digest no-ripemd no-rc2 no-rc4 no-rc5 no-idea no-des - Skip this symetric cipher - no-bf no-cast no-aes no-camellia + no-bf no-cast no-aes no-camellia no-seed no-rsa no-dsa no-dh - Skip this public key cipher no-ssl2 no-ssl3 - Skip this version of SSL just-ssl - remove all non-ssl keys/digest @@ -76,7 +89,7 @@ and [options] can be one of no-hw - No hw nasm - Use NASM for x86 asm nw-nasm - Use NASM x86 asm for NetWare - nw-mwasm - Use Metrowerks x86 asm for NetWare + nw-mwasm - Use Metrowerks x86 asm for NetWare gaswin - Use GNU as with Mingw32 no-socks - No socket code no-err - No error strings @@ -173,10 +186,10 @@ elsif ($platform eq "OS2-EMX") require 'OS2-EMX.pl'; } elsif (($platform eq "netware-clib") || ($platform eq "netware-libc") || - ($platform eq "netware-libc-bsdsock")) + ($platform eq "netware-clib-bsdsock") || ($platform eq "netware-libc-bsdsock")) { $LIBC=1 if $platform eq "netware-libc" || $platform eq "netware-libc-bsdsock"; - $BSDSOCK=1 if $platform eq "netware-libc-bsdsock"; + $BSDSOCK=1 if ($platform eq "netware-libc-bsdsock") || ($platform eq "netware-clib-bsdsock"); require 'netware.pl'; } else @@ -198,6 +211,7 @@ $cflags= "$xcflags$cflags" if $xcflags ne ""; $cflags.=" -DOPENSSL_NO_IDEA" if $no_idea; $cflags.=" -DOPENSSL_NO_AES" if $no_aes; $cflags.=" -DOPENSSL_NO_CAMELLIA" if $no_camellia; +$cflags.=" -DOPENSSL_NO_SEED" if $no_seed; $cflags.=" -DOPENSSL_NO_RC2" if $no_rc2; $cflags.=" -DOPENSSL_NO_RC4" if $no_rc4; $cflags.=" -DOPENSSL_NO_RC5" if $no_rc5; @@ -217,6 +231,10 @@ $cflags.=" -DOPENSSL_NO_DH" if $no_dh; $cflags.=" -DOPENSSL_NO_SOCK" if $no_sock; $cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2; $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; +$cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext; +$cflags.=" -DOPENSSL_NO_CMS" if $no_cms; +$cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake; +$cflags.=" -DOPENSSL_NO_CAPIENG" if $no_capieng; $cflags.=" -DOPENSSL_NO_ERR" if $no_err; $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; $cflags.=" -DOPENSSL_NO_EC" if $no_ec; @@ -224,7 +242,7 @@ $cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa; $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh; $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; $cflags.=" -DOPENSSL_NO_HW" if $no_hw; - +$cflags.=" -DOPENSSL_FIPS" if $fips; $cflags.= " -DZLIB" if $zlib_opt; $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2; @@ -246,9 +264,9 @@ else $ex_libs="$l_flags$ex_libs" if ($l_flags ne ""); - %shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL", - "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO"); + "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO", + "FIPS" => " -DOPENSSL_BUILD_SHLIBCRYPTO"); if ($msdos) { @@ -276,11 +294,21 @@ for (;;) { if ($lib ne "") { - $uc=$lib; - $uc =~ s/^lib(.*)\.a/$1/; - $uc =~ tr/a-z/A-Z/; - $lib_nam{$uc}=$uc; - $lib_obj{$uc}.=$libobj." "; + if ($fips && $dir =~ /^fips/) + { + $uc = "FIPS"; + } + else + { + $uc=$lib; + $uc =~ s/^lib(.*)\.a/$1/; + $uc =~ tr/a-z/A-Z/; + } + if (($uc ne "FIPS") || $fipscanisterbuild) + { + $lib_nam{$uc}=$uc; + $lib_obj{$uc}.=$libobj." "; + } } last if ($val eq "FINISHED"); $lib=""; @@ -323,32 +351,151 @@ for (;;) if ($key eq "LIBNAMES" && $dir eq "engines" && $no_static_engine) { $engines.=$val } + if ($key eq "FIPS_EX_OBJ") + { + $fips_ex_obj=&var_add("crypto",$val,0); + } + + if ($key eq "FIPSLIBDIR") + { + $fipslibdir=$val; + $fipslibdir =~ s/\/$//; + $fipslibdir =~ s/\//$o/g; + } + + if ($key eq "BASEADDR") + { $baseaddr=$val;} + if (!($_=<IN>)) { $_="RELATIVE_DIRECTORY=FINISHED\n"; } } close(IN); +if ($fips) + { + + foreach (split " ", $fips_ex_obj) + { + $fips_exclude_obj{$1} = 1 if (/\/([^\/]*)$/); + } + + $fips_exclude_obj{"cpu_win32"} = 1; + $fips_exclude_obj{"bn_asm"} = 1; + $fips_exclude_obj{"des_enc"} = 1; + $fips_exclude_obj{"fcrypt_b"} = 1; + $fips_exclude_obj{"aes_core"} = 1; + $fips_exclude_obj{"aes_cbc"} = 1; + + my @ltmp = split " ", $lib_obj{"CRYPTO"}; + + + $lib_obj{"CRYPTO"} = ""; + + foreach(@ltmp) + { + if (/\/([^\/]*)$/ && exists $fips_exclude_obj{$1}) + { + if ($fipscanisterbuild) + { + $lib_obj{"FIPS"} .= "$_ "; + } + } + else + { + $lib_obj{"CRYPTO"} .= "$_ "; + } + } + + } + +if ($fipscanisterbuild) + { + $fips_canister_path = "\$(LIB_D)${o}fipscanister.lib" if $fips_canister_path eq ""; + $fips_premain_c_path = "\$(LIB_D)${o}fips_premain.c"; + } +else + { + if ($fips_canister_path eq "") + { + $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.lib"; + } + + if ($fips_premain_c_path eq "") + { + $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c"; + } + } + +if ($fips) + { + if ($fips_sha1_exe_path eq "") + { + $fips_sha1_exe_path = + "\$(BIN_D)${o}fips_standalone_sha1$exep"; + } + } + else + { + $fips_sha1_exe_path = ""; + } + +if ($fips_premain_dso_exe_path eq "") + { + $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep"; + } + +# $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips); + +#$ex_l_libs .= " \$(L_FIPS)" if $fipsdso; + +if ($fips) + { + if (!$shlib) + { + $ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)"; + $ex_l_libs .= " \$(O_FIPSCANISTER)"; + $ex_libs_dep .= " \$(O_FIPSCANISTER)" if $fipscanisterbuild; + } + if ($fipscanisterbuild) + { + $fipslibdir = "\$(LIB_D)"; + } + else + { + if ($fipslibdir eq "") + { + open (IN, "util/fipslib_path.txt") || fipslib_error(); + $fipslibdir = <IN>; + chomp $fipslibdir; + close IN; + } + fips_check_files($fipslibdir, + "fipscanister.lib", "fipscanister.lib.sha1", + "fips_premain.c", "fips_premain.c.sha1"); + } + } + if ($shlib) { $extra_install= <<"EOF"; - \$(CP) \$(O_SSL) \$(INSTALLTOP)${o}bin - \$(CP) \$(O_CRYPTO) \$(INSTALLTOP)${o}bin - \$(CP) \$(L_SSL) \$(INSTALLTOP)${o}lib - \$(CP) \$(L_CRYPTO) \$(INSTALLTOP)${o}lib + \$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}bin\" + \$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}bin\" + \$(CP) \"\$(L_SSL)\" \"\$(INSTALLTOP)${o}lib\" + \$(CP) \"\$(L_CRYPTO)\" \"\$(INSTALLTOP)${o}lib\" EOF if ($no_static_engine) { $extra_install .= <<"EOF" - \$(MKDIR) \$(INSTALLTOP)${o}lib${o}engines - \$(CP) \$(E_SHLIB) \$(INSTALLTOP)${o}lib${o}engines + \$(MKDIR) \"\$(INSTALLTOP)${o}lib${o}engines\" + \$(CP) \"\$(E_SHLIB)\" \"\$(INSTALLTOP)${o}lib${o}engines\" EOF } } else { $extra_install= <<"EOF"; - \$(CP) \$(O_SSL) \$(INSTALLTOP)${o}lib - \$(CP) \$(O_CRYPTO) \$(INSTALLTOP)${o}lib + \$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}lib\" + \$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}lib\" EOF $ex_libs .= " $zlib_lib" if $zlib_opt == 1; } @@ -393,7 +540,10 @@ SRC_D=$src_dir LINK=$link LFLAGS=$lflags RSC=$rsc +FIPSLINK=\$(PERL) util${o}fipslink.pl +AES_ASM_OBJ=$aes_asm_obj +AES_ASM_SRC=$aes_asm_src BN_ASM_OBJ=$bn_asm_obj BN_ASM_SRC=$bn_asm_src BNCO_ASM_OBJ=$bnco_asm_obj @@ -434,6 +584,17 @@ MKLIB=$bin_dir$mklib MLFLAGS=$mlflags ASM=$bin_dir$asm +# FIPS validated module and support file locations + +E_PREMAIN_DSO=fips_premain_dso + +FIPSLIB_D=$fipslibdir +BASEADDR=$baseaddr +FIPS_PREMAIN_SRC=$fips_premain_c_path +O_FIPSCANISTER=$fips_canister_path +FIPS_SHA1_EXE=$fips_sha1_exe_path +PREMAIN_DSO_EXE=$fips_premain_dso_exe_path + ###################################################### # You should not need to touch anything below this point ###################################################### @@ -441,6 +602,7 @@ ASM=$bin_dir$asm E_EXE=openssl SSL=$ssl CRYPTO=$crypto +LIBFIPS=libosslfips # BIN_D - Binary output directory # TEST_D - Binary test file output directory @@ -461,12 +623,14 @@ INCL_D=\$(TMP_D) O_SSL= \$(LIB_D)$o$plib\$(SSL)$shlibp O_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$shlibp +O_FIPS= \$(LIB_D)$o$plib\$(LIBFIPS)$shlibp SO_SSL= $plib\$(SSL)$so_shlibp SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp +L_FIPS= \$(LIB_D)$o$plib\$(LIBFIPS)$libp -L_LIBS= \$(L_SSL) \$(L_CRYPTO) +L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs ###################################################### # Don't touch anything below this point @@ -476,19 +640,19 @@ INC=-I\$(INC_D) -I\$(INCL_D) APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG) LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG) -LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) +LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep ############################################# EOF $rules=<<"EOF"; -all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe +all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) lib exe $ex_build_targets banner: $banner \$(TMP_D): - \$(MKDIR) \$(TMP_D) + \$(MKDIR) \"\$(TMP_D)\" # NB: uncomment out these lines if BIN_D, TEST_D and LIB_D are different #\$(BIN_D): # \$(MKDIR) \$(BIN_D) @@ -497,13 +661,13 @@ $banner # \$(MKDIR) \$(TEST_D) \$(LIB_D): - \$(MKDIR) \$(LIB_D) + \$(MKDIR) \"\$(LIB_D)\" \$(INCO_D): \$(INC_D) - \$(MKDIR) \$(INCO_D) + \$(MKDIR) \"\$(INCO_D)\" \$(INC_D): - \$(MKDIR) \$(INC_D) + \$(MKDIR) \"\$(INC_D)\" headers: \$(HEADER) \$(EXHEADER) @ @@ -513,14 +677,14 @@ lib: \$(LIBS_DEP) \$(E_SHLIB) exe: \$(T_EXE) \$(BIN_D)$o\$(E_EXE)$exep install: all - \$(MKDIR) \$(INSTALLTOP) - \$(MKDIR) \$(INSTALLTOP)${o}bin - \$(MKDIR) \$(INSTALLTOP)${o}include - \$(MKDIR) \$(INSTALLTOP)${o}include${o}openssl - \$(MKDIR) \$(INSTALLTOP)${o}lib - \$(CP) \$(INCO_D)${o}*.\[ch\] \$(INSTALLTOP)${o}include${o}openssl - \$(CP) \$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin - \$(CP) apps${o}openssl.cnf \$(INSTALLTOP) + \$(MKDIR) \"\$(INSTALLTOP)\" + \$(MKDIR) \"\$(INSTALLTOP)${o}bin\" + \$(MKDIR) \"\$(INSTALLTOP)${o}include\" + \$(MKDIR) \"\$(INSTALLTOP)${o}include${o}openssl\" + \$(MKDIR) \"\$(INSTALLTOP)${o}lib\" + \$(CP) \"\$(INCO_D)${o}*.\[ch\]\" \"\$(INSTALLTOP)${o}include${o}openssl\" + \$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep\" \"\$(INSTALLTOP)${o}bin\" + \$(CP) \"apps${o}openssl.cnf\" \"\$(INSTALLTOP)\" $extra_install @@ -597,6 +761,26 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)"); $defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj); $rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)'); +# Special case rules for fips_start and fips_end fips_premain_dso + +if ($fips) + { + if ($fipscanisterbuild) + { + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj", + "fips${o}fips_canister.c", + "-DFIPS_START \$(SHLIB_CFLAGS)"); + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj", + "fips${o}fips_canister.c", "\$(SHLIB_CFLAGS)"); + } + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj", + "fips${o}sha${o}fips_standalone_sha1.c", + "\$(SHLIB_CFLAGS)"); + $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj", + "fips${o}fips_premain.c", + "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)"); + } + foreach (values %lib_nam) { $lib_obj=$lib_obj{$_}; @@ -608,21 +792,40 @@ foreach (values %lib_nam) next; } - if (($bn_asm_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/; - $rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src); - } - if (($bnco_asm_obj ne "") && ($_ eq "CRYPTO")) + if ((!$fips && ($_ eq "CRYPTO")) || ($fips && ($_ eq "FIPS"))) { - $lib_obj .= "\$(BNCO_ASM_OBJ)"; - $rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src); - } - if (($des_enc_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/; - $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /; - $rules.=&do_asm_rule($des_enc_obj,$des_enc_src); + if ($cpuid_asm_obj ne "") + { + $lib_obj =~ s/(\S*\/cryptlib\S*)/$1 \$(CPUID_ASM_OBJ)/; + $rules.=&do_asm_rule($cpuid_asm_obj,$cpuid_asm_src); + } + if ($aes_asm_obj ne "") + { + $lib_obj =~ s/\s(\S*\/aes_core\S*)/ \$(AES_ASM_OBJ)/; + $lib_obj =~ s/\s\S*\/aes_cbc\S*//; + $rules.=&do_asm_rule($aes_asm_obj,$aes_asm_src); + } + if ($sha1_asm_obj ne "") + { + $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/; + $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src); + } + if ($bn_asm_obj ne "") + { + $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/; + $rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src); + } + if ($bnco_asm_obj ne "") + { + $lib_obj .= "\$(BNCO_ASM_OBJ)"; + $rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src); + } + if ($des_enc_obj ne "") + { + $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/; + $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /; + $rules.=&do_asm_rule($des_enc_obj,$des_enc_src); + } } if (($bf_enc_obj ne "") && ($_ eq "CRYPTO")) { @@ -649,21 +852,11 @@ foreach (values %lib_nam) $lib_obj =~ s/\s(\S*\/md5_dgst\S*)/ $1 \$(MD5_ASM_OBJ)/; $rules.=&do_asm_rule($md5_asm_obj,$md5_asm_src); } - if (($sha1_asm_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/; - $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src); - } if (($rmd160_asm_obj ne "") && ($_ eq "CRYPTO")) { $lib_obj =~ s/\s(\S*\/rmd_dgst\S*)/ $1 \$(RMD160_ASM_OBJ)/; $rules.=&do_asm_rule($rmd160_asm_obj,$rmd160_asm_src); } - if (($cpuid_asm_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s(\S*\/cversion\S*)/ $1 \$(CPUID_ASM_OBJ)/; - $rules.=&do_asm_rule($cpuid_asm_obj,$cpuid_asm_src); - } $defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj); $lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)"; $rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib); @@ -678,15 +871,43 @@ if (($platform eq "VC-WIN32") || ($platform eq "VC-NT")) { \$(OBJ_D)\\\$(SSL).res: ms\\version32.rc \$(RSC) /fo"\$(OBJ_D)\\\$(SSL).res" /d SSL ms\\version32.rc +\$(OBJ_D)\\\$(LIBFIPS).res: ms\\version32.rc + \$(RSC) /fo"\$(OBJ_D)\\\$(LIBFIPS).res" /d FIPS ms\\version32.rc + EOF } $defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep); foreach (split(/\s+/,$test)) { + my $t_libs; $t=&bname($_); + my $ltype; + # Check to see if test program is FIPS + if ($fips && /fips/) + { + # If fipsdso link to libosslfips.dll + # otherwise perform static link to + # $(O_FIPSCANISTER) + if ($fipsdso) + { + $t_libs = "\$(L_FIPS)"; + $ltype = 0; + } + else + { + $t_libs = "\$(O_FIPSCANISTER)"; + $ltype = 2; + } + } + else + { + $t_libs = "\$(L_LIBS)"; + $ltype = 0; + } + $tt="\$(OBJ_D)${o}$t${obj}"; - $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); + $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","$t_libs \$(EX_LIBS)", $ltype); } $defs.=&do_defs("E_SHLIB",$engines,"\$(ENG_D)",$shlibp); @@ -700,9 +921,69 @@ foreach (split(/\s+/,$engines)) $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)"); -$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)"); -$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); +if ($fips) + { + if ($shlib) + { + if ($fipsdso) + { + $rules.= &do_lib_rule("\$(CRYPTOOBJ)", + "\$(O_CRYPTO)", "$crypto", + $shlib, "", ""); + $rules.= &do_lib_rule( + "\$(O_FIPSCANISTER)", + "\$(O_FIPS)", "\$(LIBFIPS)", + $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)"); + $rules.= &do_sdef_rule(); + } + else + { + $rules.= &do_lib_rule( + "\$(CRYPTOOBJ) \$(O_FIPSCANISTER)", + "\$(O_CRYPTO)", "$crypto", + $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)"); + } + } + else + { + $rules.= &do_lib_rule("\$(CRYPTOOBJ)", + "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", ""); + $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(FIPSOBJ)", + "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", ""); + } + } + else + { + $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib, + "\$(SO_CRYPTO)"); + } + +if ($fips) + { + if ($fipscanisterbuild) + { + $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", + "\$(OBJ_D)${o}fips_start$obj", + "\$(FIPSOBJ)", + "\$(OBJ_D)${o}fips_end$obj", + "\$(FIPS_SHA1_EXE)", ""); + $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)", + "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}sha1dgst$obj \$(SHA1_ASM_OBJ)", + "","\$(EX_LIBS)", 1); + } + else + { + $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)", + "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(O_FIPSCANISTER)", + "","", 1); + + } + $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1); + + } + +$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)", ($fips && !$shlib) ? 2 : 0); print $defs; @@ -730,6 +1011,7 @@ sub var_add return("") if $no_idea && $dir =~ /\/idea/; return("") if $no_aes && $dir =~ /\/aes/; return("") if $no_camellia && $dir =~ /\/camellia/; + return("") if $no_seed && $dir =~ /\/seed/; return("") if $no_rc2 && $dir =~ /\/rc2/; return("") if $no_rc4 && $dir =~ /\/rc4/; return("") if $no_rc5 && $dir =~ /\/rc5/; @@ -738,6 +1020,9 @@ sub var_add return("") if $no_dsa && $dir =~ /\/dsa/; return("") if $no_dh && $dir =~ /\/dh/; return("") if $no_ec && $dir =~ /\/ec/; + return("") if $no_cms && $dir =~ /\/cms/; + return("") if $no_jpake && $dir =~ /\/jpake/; + return("") if !$fips && $dir =~ /^fips/; if ($no_des && $dir =~ /\/des/) { if ($val =~ /read_pwd/) @@ -764,6 +1049,7 @@ sub var_add @a=grep(!/^e_.*_c$/,@a) if $no_cast; @a=grep(!/^e_rc4$/,@a) if $no_rc4; @a=grep(!/^e_camellia$/,@a) if $no_camellia; + @a=grep(!/^e_seed$/,@a) if $no_seed; @a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2; @a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3; @@ -847,6 +1133,7 @@ sub do_defs elsif ($_ =~ /RC5_ENC/) { $t="$_ "; } elsif ($_ =~ /MD5_ASM/) { $t="$_ "; } elsif ($_ =~ /SHA1_ASM/){ $t="$_ "; } + elsif ($_ =~ /AES_ASM/){ $t="$_ "; } elsif ($_ =~ /RMD160_ASM/){ $t="$_ "; } elsif ($_ =~ /CPUID_ASM/){ $t="$_ "; } else { $t="$location${o}$_$pf "; } @@ -957,7 +1244,7 @@ sub do_copy_rule if ($n =~ /bss_file/) { $pp=".c"; } else { $pp=$p; } - $ret.="$to${o}$n$pp: \$(SRC_D)$o$_$pp\n\t\$(CP) \$(SRC_D)$o$_$pp $to${o}$n$pp\n\n"; + $ret.="$to${o}$n$pp: \$(SRC_D)$o$_$pp\n\t\$(CP) \"\$(SRC_D)$o$_$pp\" \"$to${o}$n$pp\"\n\n"; } return($ret); } @@ -976,6 +1263,7 @@ sub read_options "no-idea" => \$no_idea, "no-aes" => \$no_aes, "no-camellia" => \$no_camellia, + "no-seed" => \$no_seed, "no-des" => \$no_des, "no-bf" => \$no_bf, "no-cast" => \$no_cast, @@ -992,15 +1280,18 @@ sub read_options "no-dsa" => \$no_dsa, "no-dh" => \$no_dh, "no-hmac" => \$no_hmac, - "no-aes" => \$no_aes, - "no-camellia" => \$no_camellia, "no-asm" => \$no_asm, "nasm" => \$nasm, + "ml64" => \$ml64, "nw-nasm" => \$nw_nasm, "nw-mwasm" => \$nw_mwasm, "gaswin" => \$gaswin, "no-ssl2" => \$no_ssl2, "no-ssl3" => \$no_ssl3, + "no-tlsext" => \$no_tlsext, + "no-cms" => \$no_cms, + "no-jpake" => \$no_jpake, + "no-capieng" => \$no_capieng, "no-err" => \$no_err, "no-sock" => \$no_sock, "no-krb5" => \$no_krb5, @@ -1013,7 +1304,7 @@ sub read_options [\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast, \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh, \$no_ssl2, \$no_err, \$no_ripemd, \$no_rc5, - \$no_aes, \$no_camellia], + \$no_aes, \$no_camellia, \$no_seed], "rsaref" => 0, "gcc" => \$gcc, "debug" => \$debug, @@ -1023,9 +1314,13 @@ sub read_options "shared" => 0, "no-gmp" => 0, "no-rfc3779" => 0, + "no-montasm" => 0, "no-shared" => 0, "no-zlib" => 0, "no-zlib-dynamic" => 0, + "fips" => \$fips, + "fipscanisterbuild" => [\$fips, \$fipscanisterbuild], + "fipsdso" => [\$fips, \$fipscanisterbuild, \$fipsdso], ); if (exists $valid_options{$_}) @@ -1067,6 +1362,18 @@ sub read_options {return 1;} return 0; } + # experimental-xxx is mostly like enable-xxx, but opensslconf.v + # will still set OPENSSL_NO_xxx unless we set OPENSSL_EXPERIMENTAL_xxx. + # (No need to fail if we don't know the algorithm -- this is for adventurous users only.) + elsif (/^experimental-/) + { + my $algo, $ALGO; + ($algo = $_) =~ s/^experimental-//; + ($ALGO = $algo) =~ tr/[a-z]/[A-Z]/; + + $xcflags="-DOPENSSL_EXPERIMENTAL_$ALGO $xcflags"; + + } elsif (/^--with-krb5-flavor=(.*)$/) { my $krb5_flavor = $1; @@ -1090,3 +1397,31 @@ sub read_options else { return(0); } return(1); } + +sub fipslib_error + { + print STDERR "***FIPS module directory sanity check failed***\n"; + print STDERR "FIPS module build failed, or was deleted\n"; + print STDERR "Please rebuild FIPS module.\n"; + exit 1; + } + +sub fips_check_files + { + my $dir = shift @_; + my $ret = 1; + if (!-d $dir) + { + print STDERR "FIPS module directory $dir does not exist\n"; + fipslib_error(); + } + foreach (@_) + { + if (!-f "$dir${o}$_") + { + print STDERR "FIPS module file $_ does not exist!\n"; + $ret = 0; + } + } + fipslib_error() if ($ret == 0); + } diff --git a/crypto/openssl/util/mkdef.pl b/crypto/openssl/util/mkdef.pl index 352932f..5ae9ebb 100755 --- a/crypto/openssl/util/mkdef.pl +++ b/crypto/openssl/util/mkdef.pl @@ -79,12 +79,12 @@ my $OS2=0; my $safe_stack_def = 0; my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT", - "EXPORT_VAR_AS_FUNCTION" ); + "EXPORT_VAR_AS_FUNCTION", "ZLIB", "OPENSSL_FIPS"); my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" ); my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1", "SHA256", "SHA512", "RIPEMD", - "MDC2", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "HMAC", "AES", "CAMELLIA", + "MDC2", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "HMAC", "AES", "CAMELLIA", "SEED", # Envelope "algorithms" "EVP", "X509", "ASN1_TYPEDEFS", # Helper "algorithms" @@ -96,6 +96,14 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "STATIC_ENGINE", "ENGINE", "HW", "GMP", # RFC3779 support "RFC3779", + # TLS extension support + "TLSEXT", + # CMS + "CMS", + # CryptoAPI Engine + "CAPIENG", + # JPAKE + "JPAKE", # Deprecated functions "DEPRECATED" ); @@ -114,8 +122,10 @@ my $no_cast; my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_camellia; +my $no_seed; my $no_fp_api; my $no_static_engine; my $no_gmp; my $no_deprecated; -my $no_rfc3779; +my $no_rfc3779; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake; +my $fips; foreach (@ARGV, split(/ /, $options)) @@ -137,6 +147,12 @@ foreach (@ARGV, split(/ /, $options)) } $VMS=1 if $_ eq "VMS"; $OS2=1 if $_ eq "OS2"; + $fips=1 if /^fips/; + + if ($_ eq "zlib" || $_ eq "zlib-dynamic" + || $_ eq "enable-zlib-dynamic") { + $zlib = 1; + } $do_ssl=1 if $_ eq "ssleay"; if ($_ eq "ssl") { @@ -179,6 +195,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-hmac$/) { $no_hmac=1; } elsif (/^no-aes$/) { $no_aes=1; } elsif (/^no-camellia$/) { $no_camellia=1; } + elsif (/^no-seed$/) { $no_seed=1; } elsif (/^no-evp$/) { $no_evp=1; } elsif (/^no-lhash$/) { $no_lhash=1; } elsif (/^no-stack$/) { $no_stack=1; } @@ -193,6 +210,10 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-hw$/) { $no_hw=1; } elsif (/^no-gmp$/) { $no_gmp=1; } elsif (/^no-rfc3779$/) { $no_rfc3779=1; } + elsif (/^no-tlsext$/) { $no_tlsext=1; } + elsif (/^no-cms$/) { $no_cms=1; } + elsif (/^no-capieng$/) { $no_capieng=1; } + elsif (/^no-jpake$/) { $no_jpake=1; } } @@ -228,6 +249,7 @@ $max_crypto = $max_num; my $ssl="ssl/ssl.h"; $ssl.=" ssl/kssl.h"; +$ssl.=" ssl/tls1.h"; my $crypto ="crypto/crypto.h"; $crypto.=" crypto/o_dir.h"; @@ -246,6 +268,7 @@ $crypto.=" crypto/sha/sha.h" ; # unless $no_sha; $crypto.=" crypto/ripemd/ripemd.h" ; # unless $no_ripemd; $crypto.=" crypto/aes/aes.h" ; # unless $no_aes; $crypto.=" crypto/camellia/camellia.h" ; # unless $no_camellia; +$crypto.=" crypto/seed/seed.h"; # unless $no_seed; $crypto.=" crypto/bn/bn.h"; $crypto.=" crypto/rsa/rsa.h" ; # unless $no_rsa; @@ -286,6 +309,9 @@ $crypto.=" crypto/krb5/krb5_asn.h"; $crypto.=" crypto/tmdiff.h"; $crypto.=" crypto/store/store.h"; $crypto.=" crypto/pqueue/pqueue.h"; +$crypto.=" crypto/cms/cms.h"; +$crypto.=" crypto/jpake/jpake.h"; +$crypto.=" fips/fips.h fips/rand/fips_rand.h"; my $symhacks="crypto/symhacks.h"; @@ -1071,6 +1097,10 @@ sub is_valid if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && ($VMSVAX || $W32 || $W16)) { return 1; } + if ($keyword eq "OPENSSL_FIPS" && $fips) { + return 1; + } + if ($keyword eq "ZLIB" && $zlib) { return 1; } return 0; } else { # algorithms @@ -1096,6 +1126,7 @@ sub is_valid if ($keyword eq "HMAC" && $no_hmac) { return 0; } if ($keyword eq "AES" && $no_aes) { return 0; } if ($keyword eq "CAMELLIA" && $no_camellia) { return 0; } + if ($keyword eq "SEED" && $no_seed) { return 0; } if ($keyword eq "EVP" && $no_evp) { return 0; } if ($keyword eq "LHASH" && $no_lhash) { return 0; } if ($keyword eq "STACK" && $no_stack) { return 0; } @@ -1111,6 +1142,10 @@ sub is_valid if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; } if ($keyword eq "GMP" && $no_gmp) { return 0; } if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; } + if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; } + if ($keyword eq "CMS" && $no_cms) { return 0; } + if ($keyword eq "CAPIENG" && $no_capieng) { return 0; } + if ($keyword eq "JPAKE" && $no_jpake) { return 0; } if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; } # Nothing recognise as true @@ -1214,8 +1249,6 @@ EOO LIBRARY $libname $liboptions -DESCRIPTION '$description' - EOF if ($W16) { diff --git a/crypto/openssl/util/mkerr.pl b/crypto/openssl/util/mkerr.pl index fac7125..554bebb 100644 --- a/crypto/openssl/util/mkerr.pl +++ b/crypto/openssl/util/mkerr.pl @@ -44,7 +44,8 @@ while (@ARGV) { } if($recurse) { - @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>); + @source = ( <crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>, + <fips/*.c>, <fips/*/*.c>); } else { @source = @ARGV; } @@ -312,7 +313,7 @@ foreach $lib (keys %csrc) } else { push @out, "/* ====================================================================\n", -" * Copyright (c) 2001-2005 The OpenSSL Project. All rights reserved.\n", +" * Copyright (c) 2001-2008 The OpenSSL Project. All rights reserved.\n", " *\n", " * Redistribution and use in source and binary forms, with or without\n", " * modification, are permitted provided that the following conditions\n", @@ -486,7 +487,7 @@ EOF print OUT <<"EOF"; /* $cfile */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/openssl/util/mkfiles.pl b/crypto/openssl/util/mkfiles.pl index f55d5b6..67fb869 100755 --- a/crypto/openssl/util/mkfiles.pl +++ b/crypto/openssl/util/mkfiles.pl @@ -25,6 +25,7 @@ my @dirs = ( "crypto/cast", "crypto/aes", "crypto/camellia", +"crypto/seed", "crypto/bn", "crypto/rsa", "crypto/dsa", @@ -46,6 +47,7 @@ my @dirs = ( "crypto/x509", "crypto/x509v3", "crypto/conf", +"crypto/jpake", "crypto/txt_db", "crypto/pkcs7", "crypto/pkcs12", @@ -56,6 +58,16 @@ my @dirs = ( "crypto/krb5", "crypto/store", "crypto/pqueue", +"crypto/cms", +"fips", +"fips/aes", +"fips/des", +"fips/dsa", +"fips/dh", +"fips/hmac", +"fips/rand", +"fips/rsa", +"fips/sha", "ssl", "apps", "engines", diff --git a/crypto/openssl/util/mklink.pl b/crypto/openssl/util/mklink.pl index d9bc98a..eacc327 100755 --- a/crypto/openssl/util/mklink.pl +++ b/crypto/openssl/util/mklink.pl @@ -15,13 +15,21 @@ # Apart from this, this script should be able to handle even the most # pathological cases. -use Cwd; +my $pwd; +eval 'use Cwd;'; +if ($@) + { + $pwd = `pwd`; + } +else + { + $pwd = getcwd(); + } my $from = shift; my @files = @ARGV; my @from_path = split(/[\\\/]/, $from); -my $pwd = getcwd(); chomp($pwd); my @pwd_path = split(/[\\\/]/, $pwd); diff --git a/crypto/openssl/util/mksdef.pl b/crypto/openssl/util/mksdef.pl new file mode 100755 index 0000000..065dc67 --- /dev/null +++ b/crypto/openssl/util/mksdef.pl @@ -0,0 +1,87 @@ + +# Perl script to split libeay32.def into two distinct DEF files for use in +# fipdso mode. It works out symbols in each case by running "link" command and +# parsing the output to find the list of missing symbols then splitting +# libeay32.def based on the result. + + +# Get list of unknown symbols + +my @deferr = `link @ARGV`; + +my $preamble = ""; +my @fipsdll; +my @fipsrest; +my %nosym; + +# Add symbols to a hash for easy lookup + +foreach (@deferr) + { + if (/^.*symbol (\S+)$/) + { + $nosym{$1} = 1; + } + } + +open (IN, "ms/libeay32.def") || die "Can't Open DEF file for spliting"; + +my $started = 0; + +# Parse libeay32.def into two arrays depending on whether the symbol matches +# the missing list. + + +foreach (<IN>) + { + if (/^\s*(\S+)\s*(\@\S+)\s*$/) + { + $started = 1; + if (exists $nosym{$1}) + { + push @fipsrest, $_; + } + else + { + my $imptmp = sprintf " %-39s %s\n", + "$1=libosslfips.$1", $2; + push @fipsrest, $imptmp; + push @fipsdll, "\t$1\n"; + } + } + $preamble .= $_ unless $started; + } + +close IN; + +# Hack! Add some additional exports needed for libcryptofips.dll +# + +push @fipsdll, "\tOPENSSL_showfatal\n"; +push @fipsdll, "\tOPENSSL_cpuid_setup\n"; + +# Write out DEF files for each array + +write_def("ms/libosslfips.def", "LIBOSSLFIPS", $preamble, \@fipsdll); +write_def("ms/libeayfips.def", "", $preamble, \@fipsrest); + + +sub write_def + { + my ($fnam, $defname, $preamble, $rdefs) = @_; + open (OUT, ">$fnam") || die "Can't Open DEF file $fnam for Writing\n"; + + if ($defname ne "") + { + $preamble =~ s/LIBEAY32/$defname/g; + $preamble =~ s/LIBEAY/$defname/g; + } + print OUT $preamble; + foreach (@$rdefs) + { + print OUT $_; + } + close OUT; + } + + diff --git a/crypto/openssl/util/opensslwrap.sh b/crypto/openssl/util/opensslwrap.sh index 91d29e2..b27cbb8 100755 --- a/crypto/openssl/util/opensslwrap.sh +++ b/crypto/openssl/util/opensslwrap.sh @@ -3,6 +3,10 @@ HERE="`echo $0 | sed -e 's|[^/]*$||'`" OPENSSL="${HERE}../apps/openssl" +if [ -d "${HERE}../engines" -a "x$OPENSSL_ENGINES" = "x" ]; then + OPENSSL_ENGINES="${HERE}../engines"; export OPENSSL_ENGINES +fi + if [ -x "${OPENSSL}.exe" ]; then # The original reason for this script existence is to work around # certain caveats in run-time linker behaviour. On Windows platforms diff --git a/crypto/openssl/util/pl/VC-32.pl b/crypto/openssl/util/pl/VC-32.pl index 81e92f0..85121c8 100644 --- a/crypto/openssl/util/pl/VC-32.pl +++ b/crypto/openssl/util/pl/VC-32.pl @@ -4,12 +4,26 @@ # $ssl= "ssleay32"; -$crypto="libeay32"; + +if ($fips && !$shlib) + { + $crypto="libeayfips32"; + $crypto_compat = "libeaycompat32.lib"; + } +else + { + $crypto="libeay32"; + } + +if ($fipscanisterbuild) + { + $fips_canister_path = "\$(LIB_D)\\fipscanister.lib"; + } $o='\\'; $cp='$(PERL) util/copy.pl'; $mkdir='$(PERL) util/mkdir-p.pl'; -$rm='del'; +$rm='del /Q'; $zlib_lib="zlib1.lib"; @@ -31,8 +45,10 @@ if ($FLAVOR =~ /WIN64/) $base_cflags=' /W3 /Gs0 /GF /Gy /nologo -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DOPENSSL_SYSNAME_WIN32 -DOPENSSL_SYSNAME_WINNT -DUNICODE -D_UNICODE'; $base_cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8 $base_cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8 - $opt_cflags=' /MD /Ox'; - $dbg_cflags=' /MDd /Od -DDEBUG -D_DEBUG'; + my $f = $shlib?' /MD':' /MT'; + $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib + $opt_cflags=$f.' /Ox'; + $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG'; $lflags="/nologo /subsystem:console /opt:ref"; } elsif ($FLAVOR =~ /CE/) @@ -94,8 +110,10 @@ else # Win32 $base_cflags=' /W3 /WX /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32'; $base_cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8 $base_cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8 - $opt_cflags=' /MD /Ox /O2 /Ob2'; - $dbg_cflags=' /MDd /Od -DDEBUG -D_DEBUG'; + my $f = $shlib || $fips ?' /MD':' /MT'; + $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib + $opt_cflags=$f.' /Ox /O2 /Ob2'; + $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG'; $lflags="/nologo /subsystem:console /opt:ref"; } $mlflags=''; @@ -134,7 +152,7 @@ if ($FLAVOR =~ /CE/) } else { - $ex_libs.=' gdi32.lib advapi32.lib user32.lib'; + $ex_libs.=' gdi32.lib crypt32.lib advapi32.lib user32.lib'; $ex_libs.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/); } @@ -146,7 +164,7 @@ if ($FLAVOR =~ /NT/) $ex_libs="unicows.lib $ex_libs"; } # static library stuff -$mklib='lib'; +$mklib='lib /nologo'; $ranlib=''; $plib=""; $libp=".lib"; @@ -156,14 +174,22 @@ $lfile='/out:'; $shlib_ex_obj=""; $app_ex_obj="setargv.obj" if ($FLAVOR !~ /CE/); if ($nasm) { - $asm='nasmw -f win32'; + my $ver=`nasm -v 2>NUL`; + my $vew=`nasmw -v 2>NUL`; + # pick newest version + $asm=($ver gt $vew?"nasm":"nasmw")." -f win32"; $afile='-o '; +} elsif ($ml64) { + $asm='ml64 /c /Cp /Cx'; + $asm.=' /Zi' if $debug; + $afile='/Fo'; } else { - $asm='ml /Cp /coff /c /Cx'; + $asm='ml /nologo /Cp /coff /c /Cx'; $asm.=" /Zi" if $debug; $afile='/Fo'; } +$aes_asm_obj=''; $bn_asm_obj=''; $bn_asm_src=''; $des_enc_obj=''; @@ -172,9 +198,15 @@ $bf_enc_obj=''; $bf_enc_src=''; if (!$no_asm) + { + if ($FLAVOR =~ "WIN32") { - $bn_asm_obj='crypto\bn\asm\bn_win32.obj'; - $bn_asm_src='crypto\bn\asm\bn_win32.asm'; + $aes_asm_obj='crypto\aes\asm\a_win32.obj'; + $aes_asm_src='crypto\aes\asm\a_win32.asm'; + $bn_asm_obj='crypto\bn\asm\bn_win32.obj crypto\bn\asm\mt_win32.obj'; + $bn_asm_src='crypto\bn\asm\bn_win32.asm crypto\bn\asm\mt_win32.asm'; + $bnco_asm_obj='crypto\bn\asm\co_win32.obj'; + $bnco_asm_src='crypto\bn\asm\co_win32.asm'; $des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj'; $des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm'; $bf_enc_obj='crypto\bf\asm\b_win32.obj'; @@ -187,12 +219,27 @@ if (!$no_asm) $rc5_enc_src='crypto\rc5\asm\r5_win32.asm'; $md5_asm_obj='crypto\md5\asm\m5_win32.obj'; $md5_asm_src='crypto\md5\asm\m5_win32.asm'; - $sha1_asm_obj='crypto\sha\asm\s1_win32.obj'; - $sha1_asm_src='crypto\sha\asm\s1_win32.asm'; + $sha1_asm_obj='crypto\sha\asm\s1_win32.obj crypto\sha\asm\sha512-sse2.obj'; + $sha1_asm_src='crypto\sha\asm\s1_win32.asm crypto\sha\asm\sha512-sse2.asm'; $rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj'; $rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm'; - $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; + $cpuid_asm_obj='crypto\cpu_win32.obj'; + $cpuid_asm_src='crypto\cpu_win32.asm'; + $cflags.=" -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DAES_ASM -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; } + elsif ($FLAVOR =~ "WIN64A") + { + $aes_asm_obj='$(OBJ_D)\aes-x86_64.obj'; + $aes_asm_src='crypto\aes\asm\aes-x86_64.asm'; + $bn_asm_obj='$(OBJ_D)\x86_64-mont.obj $(OBJ_D)\bn_asm.obj'; + $bn_asm_src='crypto\bn\asm\x86_64-mont.asm'; + $sha1_asm_obj='$(OBJ_D)\sha1-x86_64.obj $(OBJ_D)\sha256-x86_64.obj $(OBJ_D)\sha512-x86_64.obj'; + $sha1_asm_src='crypto\sha\asm\sha1-x86_64.asm crypto\sha\asm\sha256-x86_64.asm crypto\sha\asm\sha512-x86_64.asm'; + $cpuid_asm_obj='$(OBJ_D)\cpuid-x86_64.obj'; + $cpuid_asm_src='crypto\cpuid-x86_64.asm'; + $cflags.=" -DOPENSSL_CPUID_OBJ -DAES_ASM -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM"; + } + } if ($shlib && $FLAVOR !~ /CE/) { @@ -220,8 +267,8 @@ $(INCO_D)\applink.c: ms\applink.c EXHEADER= $(EXHEADER) $(INCO_D)\applink.c LIBS_DEP=$(LIBS_DEP) $(OBJ_D)\applink.obj -CRYPTOOBJ=$(OBJ_D)\uplink.obj $(CRYPTOOBJ) ___ +$banner .= "CRYPTOOBJ=\$(OBJ_D)\\uplink.obj \$(CRYPTOOBJ)\n"; $banner.=<<'___' if ($FLAVOR =~ /WIN64/); CRYPTOOBJ=ms\uptable.obj $(CRYPTOOBJ) ___ @@ -238,30 +285,64 @@ $cflags.=" /Fd$out_def"; sub do_lib_rule { - local($objs,$target,$name,$shlib)=@_; + my($objs,$target,$name,$shlib,$ign,$base_addr) = @_; local($ret); $taget =~ s/\//$o/g if $o ne '/'; - if ($name ne "") + my $base_arg; + if ($base_addr ne "") + { + $base_arg= " /base:$base_addr"; + } + else + { + $base_arg = ""; + } + if ($target =~ /O_CRYPTO/ && $fipsdso) + { + $name = "/def:ms/libeayfips.def"; + } + elsif ($name ne "") { $name =~ tr/a-z/A-Z/; $name = "/def:ms/${name}.def"; } # $target="\$(LIB_D)$o$target"; - $ret.="$target: $objs\n"; +# $ret.="$target: $objs\n"; if (!$shlib) { # $ret.="\t\$(RM) \$(O_$Name)\n"; $ex =' '; + $ret.="$target: $objs\n"; $ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n"; } else { - local($ex)=($target =~ /O_CRYPTO/)?'':' $(L_CRYPTO)'; + my $ex = ""; + if ($target =~ /O_SSL/) + { + $ex .= " \$(L_CRYPTO)"; + #$ex .= " \$(L_FIPS)" if $fipsdso; + } + my $fipstarget; + if ($fipsdso) + { + $fipstarget = "O_FIPS"; + } + else + { + $fipstarget = "O_CRYPTO"; + } + + if ($name eq "") { $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/); + if ($target =~ /capi/) + { + $ex.=' crypt32.lib advapi32.lib'; + } } elsif ($FLAVOR =~ /CE/) { @@ -271,11 +352,44 @@ sub do_lib_rule { $ex.=' unicows.lib' if ($FLAVOR =~ /NT/); $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib'; + $ex.=' crypt32.lib'; $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/); } $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/; - $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; - $ret.="\tIF EXIST \$@.manifest mt -manifest \$@.manifest -outputresource:\$@;2\n\n"; + + if ($fips && $target =~ /$fipstarget/) + { + $ex.= $mwex unless $fipscanisterbuild; + $ret.="$target: $objs \$(PREMAIN_DSO_EXE)"; + if ($fipsdso) + { + $ex.=" \$(OBJ_D)\\\$(LIBFIPS).res"; + $ret.=" \$(OBJ_D)\\\$(LIBFIPS).res"; + $ret.=" ms/\$(LIBFIPS).def"; + } + $ret.="\n\tSET FIPS_LINK=\$(LINK)\n"; + $ret.="\tSET FIPS_CC=\$(CC)\n"; + $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n"; + $ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n"; + $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n"; + $ret.="\tSET FIPS_TARGET=$target\n"; + $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n"; + $ret.="\t\$(FIPSLINK) \$(MLFLAGS) /map $base_arg $efile$target "; + $ret.="$name @<<\n \$(SHLIB_EX_OBJ) $objs "; + $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n"; + } + else + { + $ret.="$target: $objs"; + if ($target =~ /O_CRYPTO/ && $fipsdso) + { + $ret .= " \$(O_FIPS)"; + $ex .= " \$(L_FIPS)"; + } + $ret.="\n\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; + } + + $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;2\n\n"; } $ret.="\n"; return($ret); @@ -283,16 +397,64 @@ sub do_lib_rule sub do_link_rule { - local($target,$files,$dep_libs,$libs)=@_; + my($target,$files,$dep_libs,$libs,$standalone)=@_; local($ret,$_); - $file =~ s/\//$o/g if $o ne '/'; $n=&bname($targer); $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n"; - $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n"; - $ret.="\tIF EXIST \$@.manifest mt -manifest \$@.manifest -outputresource:\$@;1\n\n"; + if ($standalone == 1) + { + $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t"; + $ret.= "\$(EX_LIBS) " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild); + $ret.="$files $libs\n<<\n"; + } + elsif ($standalone == 2) + { + $ret.="\tSET FIPS_LINK=\$(LINK)\n"; + $ret.="\tSET FIPS_CC=\$(CC)\n"; + $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n"; + $ret.="\tSET PREMAIN_DSO_EXE=\n"; + $ret.="\tSET FIPS_TARGET=$target\n"; + $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n"; + $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n"; + $ret.="\t\$(FIPSLINK) \$(LFLAGS) /map $efile$target @<<\n"; + $ret.="\t\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n"; + } + else + { + $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n"; + $ret.="\t\$(APP_EX_OBJ) $files $libs\n<<\n"; + } + $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n"; + return($ret); + } + +sub do_rlink_rule + { + local($target,$rl_start, $rl_mid, $rl_end,$dep_libs,$libs)=@_; + local($ret,$_); + my $files = "$rl_start $rl_mid $rl_end"; + + $file =~ s/\//$o/g if $o ne '/'; + $n=&bname($targer); + $ret.="$target: $files $dep_libs \$(FIPS_SHA1_EXE)\n"; + $ret.="\t\$(PERL) ms\\segrenam.pl \$\$a $rl_start\n"; + $ret.="\t\$(PERL) ms\\segrenam.pl \$\$b $rl_mid\n"; + $ret.="\t\$(PERL) ms\\segrenam.pl \$\$c $rl_end\n"; + $ret.="\t\$(MKLIB) $lfile$target @<<\n\t$files\n<<\n"; + $ret.="\t\$(FIPS_SHA1_EXE) $target > ${target}.sha1\n"; + $ret.="\t\$(PERL) util${o}copy.pl -stripcr fips${o}fips_premain.c \$(LIB_D)${o}fips_premain.c\n"; + $ret.="\t\$(CP) fips${o}fips_premain.c.sha1 \$(LIB_D)${o}fips_premain.c.sha1\n"; + $ret.="\n"; return($ret); } +sub do_sdef_rule + { + my $ret = "ms/\$(LIBFIPS).def: \$(O_FIPSCANISTER)\n"; + $ret.="\t\$(PERL) util/mksdef.pl \$(MLFLAGS) /out:dummy.dll /def:ms/libeay32.def @<<\n \$(O_FIPSCANISTER)\n<<\n"; + $ret.="\n"; + return $ret; + } + 1; diff --git a/crypto/openssl/util/pl/netware.pl b/crypto/openssl/util/pl/netware.pl index c05789b..173c991 100644 --- a/crypto/openssl/util/pl/netware.pl +++ b/crypto/openssl/util/pl/netware.pl @@ -1,26 +1,74 @@ -# Metrowerks Codewarrior for NetWare +# Metrowerks Codewarrior or gcc / nlmconv for NetWare # +$version_header = "crypto/opensslv.h"; +open(IN, "$version_header") or die "Couldn't open $version_header: $!"; +while (<IN>) { + if (/^#define[\s\t]+OPENSSL_VERSION_NUMBER[\s\t]+0x(\d)(\d{2})(\d{2})(\d{2})/) + { + # die "OpenSSL version detected: $1.$2.$3.$4\n"; + #$nlmvernum = "$1,$2,$3"; + $nlmvernum = "$1,".($2*10+$3).",".($4*1); + #$nlmverstr = "$1.".($2*1).".".($3*1).($4?(chr(96+$4)):""); + break; + } +} +close(IN) or die "Couldn't close $version_header: $!"; + +$readme_file = "README"; +open(IN, $readme_file) or die "Couldn't open $readme_file: $!"; +while (<IN>) { + if (/^[\s\t]+OpenSSL[\s\t]+(\d)\.(\d{1,2})\.(\d{1,2})([a-z])(.*)/) + { + #$nlmvernum = "$1,$2,$3"; + #$nlmvernum = "$1,".($2*10+$3).",".($4*1); + $nlmverstr = "$1.$2.$3$4$5"; + } + elsif (/^[\s\t]+(Copyright \(c\) \d{4}\-\d{4} The OpenSSL Project)$/) + { + $nlmcpystr = $1; + } + break if ($nlmvernum && $nlmcpystr); +} +close(IN) or die "Couldn't close $readme_file: $!"; + +# Define stacksize here +$nlmstack = "32768"; + +# some default settings here in case we failed to find them in README +$nlmvernum = "1,0,0" if (!$nlmvernum); +$nlmverstr = "OpenSSL" if (!$nlmverstr); +$nlmcpystr = "Copyright (c) 1998-now The OpenSSL Project" if (!$nlmcpystr); + +# die "OpenSSL copyright: $nlmcpystr\nOpenSSL verstring: $nlmverstr\nOpenSSL vernumber: $nlmvernum\n"; + # The import files and other misc imports needed to link -@misc_imports = ("GetProcessSwitchCount", "RunningProcess", +@misc_imports = ("GetProcessSwitchCount", "RunningProcess", "GetSuperHighResolutionTimer"); if ($LIBC) { @import_files = ("libc.imp"); @module_files = ("libc"); + $libarch = "LIBC"; } else { # clib build @import_files = ("clib.imp"); + push(@import_files, "socklib.imp") if ($BSDSOCK); @module_files = ("clib"); - push(@misc_imports, "_rt_modu64%16", "_rt_divu64%16"); + # push(@misc_imports, "_rt_modu64%16", "_rt_divu64%16"); + $libarch = "CLIB"; } -if (!$BSDSOCK) +if ($BSDSOCK) +{ + $libarch .= "-BSD"; +} +else { + $libarch .= "-WS2"; push(@import_files, "ws2nlm.imp"); } - # The "IMPORTS" environment variable must be set and point to the location # where import files (*.imp) can be found. @@ -33,30 +81,68 @@ $import_path = $ENV{"IMPORTS"} || die ("IMPORTS environment variable not set\n") # Example: set PRELUDE=c:\codewar\novell support\metrowerks support\libraries\runtime\nwpre.obj $prelude = $ENV{"PRELUDE"} || die ("PRELUDE environment variable not set\n"); -#$ssl= "ssleay32"; -#$crypto="libeay32"; - -$o='\\\\'; -$cp='copy >nul:'; -$rm='del'; +# The "INCLUDES" environment variable must be set and point to the location +# where import files (*.imp) can be found. +$include_path = $ENV{"INCLUDE"} || die ("INCLUDES environment variable not set\n"); +$include_path =~ s/\\/\//g; +$include_path = join(" -I", split(/;/, $include_path)); -# C compiler -$cc="mwccnlm"; +# check for gcc compiler +$gnuc = $ENV{"GNUC"}; -# Linker -$link="mwldnlm"; +#$ssl= "ssleay32"; +#$crypto="libeay32"; -# librarian -$mklib="mwldnlm"; +if ($gnuc) +{ + # C compiler + $cc='gcc'; + # Linker + $link='nlmconv'; + # librarian + $mklib='ar'; + $o='/'; + # cp command + $cp='cp -af'; + # rm command + $rm='rm -f'; + # mv command + $mv='mv -f'; + # mkdir command + $mkdir='gmkdir'; + #$ranlib='ranlib'; +} +else +{ + # C compiler + $cc='mwccnlm'; + # Linker + $link='mwldnlm'; + # librarian + $mklib='mwldnlm'; + # Path separator + $o='\\'; + # cp command + $cp='copy >nul:'; + # rm command + $rm='del /f /q'; +} -# assembler -if ($nw_nasm) +# assembler +if ($nw_nasm) { - $asm="nasmw -s -f coff"; + if ($gnuc) + { + $asm="nasmw -s -f elf"; + } + else + { + $asm="nasmw -s -f coff"; + } $afile="-o "; $asm.=" -g" if $debug; } -elsif ($nw_mwasm) +elsif ($nw_mwasm) { $asm="mwasmnlm -maxerrors 20"; $afile="-o "; @@ -64,14 +150,14 @@ elsif ($nw_mwasm) } elsif ($nw_masm) { -# masm assembly settings - it should be possible to use masm but haven't +# masm assembly settings - it should be possible to use masm but haven't # got it working. # $asm='ml /Cp /coff /c /Cx'; # $asm.=" /Zi" if $debug; # $afile='/Fo'; die("Support for masm assembler not yet functional\n"); } -else +else { $asm=""; $afile=""; @@ -79,59 +165,89 @@ else -# compile flags -# -# NOTES: Several c files in the crypto subdirectory include headers from -# their local directories. Metrowerks wouldn't find these h files -# without adding individual include directives as compile flags -# or modifying the c files. Instead of adding individual include -# paths for each subdirectory a recursive include directive -# is used ( -ir crypto ). -# -# A similar issue exists for the engines and apps subdirectories. -# -# Turned off the "possible" warnings ( -w nopossible ). Metrowerks -# complained a lot about various stuff. May want to turn back -# on for further development. -$cflags="-ir crypto -ir engines -ir apps -msgstyle gcc -align 4 -processor pentium \\ - -char unsigned -w on -w nolargeargs -w nopossible -w nounusedarg \\ - -w noimplicitconv -relax_pointers -nosyspath -DL_ENDIAN \\ - -DOPENSSL_SYSNAME_NETWARE -U_WIN32 -maxerrors 20 "; - -# link flags -$lflags="-msgstyle gcc -zerobss -stacksize 32768 -nostdlib -sym internal "; - - -# additional flags based upon debug | non-debug -if ($debug) +if ($gnuc) { - $cflags.=" -opt off -g -sym internal -DDEBUG"; + # compile flags for GNUC + # additional flags based upon debug | non-debug + if ($debug) + { + $cflags="-g -DDEBUG"; + } + else + { + $cflags="-O2"; + } + $cflags.=" -nostdinc -I$include_path \\ + -fno-builtin -fpcc-struct-return -fno-strict-aliasing \\ + -funsigned-char -Wall -Wno-unused -Wno-uninitialized"; + + # link flags + $lflags="-T"; } else { -# CodeWarrior compiler has a problem with optimizations for floating -# points - no optimizations until further investigation -# $cflags.=" -opt all"; + # compile flags for CodeWarrior + # additional flags based upon debug | non-debug + if ($debug) + { + $cflags="-opt off -g -sym internal -DDEBUG"; + } + else + { + # CodeWarrior compiler has a problem with optimizations for floating + # points - no optimizations until further investigation + # $cflags="-opt all"; + } + + # NOTES: Several c files in the crypto subdirectory include headers from + # their local directories. Metrowerks wouldn't find these h files + # without adding individual include directives as compile flags + # or modifying the c files. Instead of adding individual include + # paths for each subdirectory a recursive include directive + # is used ( -ir crypto ). + # + # A similar issue exists for the engines and apps subdirectories. + # + # Turned off the "possible" warnings ( -w nopossible ). Metrowerks + # complained a lot about various stuff. May want to turn back + # on for further development. + $cflags.=" -nostdinc -ir crypto -ir engines -ir apps -I$include_path \\ + -msgstyle gcc -align 4 -processor pentium -char unsigned \\ + -w on -w nolargeargs -w nopossible -w nounusedarg -w nounusedexpr \\ + -w noimplicitconv -relax_pointers -nosyspath -maxerrors 20"; + + # link flags + $lflags="-msgstyle gcc -zerobss -nostdlib -sym internal -commandfile"; } +# common defines +$cflags.=" -DL_ENDIAN -DOPENSSL_SYSNAME_NETWARE -U_WIN32"; + # If LibC build add in NKS_LIBC define and set the entry/exit # routines - The default entry/exit routines are for CLib and don't exist # in LibC if ($LIBC) { $cflags.=" -DNETWARE_LIBC"; - $lflags.=" -entry _LibCPrelude -exit _LibCPostlude -flags pseudopreemption"; + $nlmstart = "_LibCPrelude"; + $nlmexit = "_LibCPostlude"; + @nlm_flags = ("pseudopreemption", "flag_on 64"); } else { $cflags.=" -DNETWARE_CLIB"; - $lflags.=" -entry _Prelude -exit _Stop"; + $nlmstart = "_Prelude"; + $nlmexit = "_Stop"; } # If BSD Socket support is requested, set a define for the compiler if ($BSDSOCK) { $cflags.=" -DNETWARE_BSDSOCK"; + if (!$LIBC) + { + $cflags.=" -DNETDB_USE_INTERNET"; + } } @@ -154,16 +270,25 @@ if ($shlib) } else { - $libp=".lib"; - $shlibp=".lib"; - $lib_flags="-nodefaults -type library"; + if ($gnuc) # GNUC Tools + { + $libp=".a"; + $shlibp=".a"; + $lib_flags="-cr"; + } + else # CodeWarrior + { + $libp=".lib"; + $shlibp=".lib"; + $lib_flags="-nodefaults -type library -o"; + } if ($LIBC) { $out_def.="_nw_libc"; $tmp_def.="_nw_libc"; $inc_def.="_nw_libc"; } - else # NETWARE_CLIB + else # NETWARE_CLIB { $out_def.="_nw_clib"; $tmp_def.="_nw_clib"; @@ -172,7 +297,7 @@ else } # used by mk1mf.pl -$obj='.obj'; +$obj='.o'; $ofile='-o '; $efile=''; $exep='.nlm'; @@ -180,30 +305,41 @@ $ex_libs=''; if (!$no_asm) { - $bn_asm_obj="crypto${o}bn${o}asm${o}bn-nw.obj"; + $bn_asm_obj="\$(OBJ_D)${o}bn-nw${obj}"; $bn_asm_src="crypto${o}bn${o}asm${o}bn-nw.asm"; - $des_enc_obj="crypto${o}des${o}asm${o}d-nw.obj crypto${o}des${o}asm${o}y-nw.obj"; + $bnco_asm_obj="\$(OBJ_D)${o}co-nw${obj}"; + $bnco_asm_src="crypto${o}bn${o}asm${o}co-nw.asm"; + $aes_asm_obj="\$(OBJ_D)${o}a-nw${obj}"; + $aes_asm_src="crypto${o}aes${o}asm${o}a-nw.asm"; + $des_enc_obj="\$(OBJ_D)${o}d-nw${obj} \$(OBJ_D)${o}y-nw${obj}"; $des_enc_src="crypto${o}des${o}asm${o}d-nw.asm crypto${o}des${o}asm${o}y-nw.asm"; - $bf_enc_obj="crypto${o}bf${o}asm${o}b-nw.obj"; + $bf_enc_obj="\$(OBJ_D)${o}b-nw${obj}"; $bf_enc_src="crypto${o}bf${o}asm${o}b-nw.asm"; - $cast_enc_obj="crypto${o}cast${o}asm${o}c-nw.obj"; + $cast_enc_obj="\$(OBJ_D)${o}c-nw${obj}"; $cast_enc_src="crypto${o}cast${o}asm${o}c-nw.asm"; - $rc4_enc_obj="crypto${o}rc4${o}asm${o}r4-nw.obj"; + $rc4_enc_obj="\$(OBJ_D)${o}r4-nw${obj}"; $rc4_enc_src="crypto${o}rc4${o}asm${o}r4-nw.asm"; - $rc5_enc_obj="crypto${o}rc5${o}asm${o}r5-nw.obj"; + $rc5_enc_obj="\$(OBJ_D)${o}r5-nw${obj}"; $rc5_enc_src="crypto${o}rc5${o}asm${o}r5-nw.asm"; - $md5_asm_obj="crypto${o}md5${o}asm${o}m5-nw.obj"; + $md5_asm_obj="\$(OBJ_D)${o}m5-nw${obj}"; $md5_asm_src="crypto${o}md5${o}asm${o}m5-nw.asm"; - $sha1_asm_obj="crypto${o}sha${o}asm${o}s1-nw.obj"; + $sha1_asm_obj="\$(OBJ_D)${o}s1-nw${obj}"; $sha1_asm_src="crypto${o}sha${o}asm${o}s1-nw.asm"; - $rmd160_asm_obj="crypto${o}ripemd${o}asm${o}rm-nw.obj"; + $rmd160_asm_obj="\$(OBJ_D)${o}rm-nw${obj}"; $rmd160_asm_src="crypto${o}ripemd${o}asm${o}rm-nw.asm"; - $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; + $cpuid_asm_obj="\$(OBJ_D)${o}x86cpuid-nw${obj}"; + $cpuid_asm_src="crypto${o}x86cpuid-nw.asm"; + $cflags.=" -DOPENSSL_CPUID_OBJ -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DMD5_ASM -DSHA1_ASM"; + $cflags.=" -DAES_ASM -DRMD160_ASM"; } else { $bn_asm_obj=''; $bn_asm_src=''; + $bnco_asm_obj=''; + $bnco_asm_src=''; + $aes_asm_obj=''; + $aes_asm_src=''; $des_enc_obj=''; $des_enc_src=''; $bf_enc_obj=''; @@ -220,15 +356,15 @@ else $sha1_asm_src=''; $rmd160_asm_obj=''; $rmd160_asm_src=''; + $cpuid_asm_obj=''; + $cpuid_asm_src=''; } # create the *.def linker command files in \openssl\netware\ directory sub do_def_file { # strip off the leading path - my($target) = bname(@_); - my($def_file); - my($mod_file); + my($target) = bname(shift); my($i); if ($target =~ /(.*).nlm/) @@ -239,35 +375,72 @@ sub do_def_file # special case for openssl - the mk1mf.pl defines E_EXE = openssl if ($target =~ /E_EXE/) { - $target = "openssl"; + $target =~ s/\$\(E_EXE\)/openssl/; } # Note: originally tried to use full path ( \openssl\netware\$target.def ) # Metrowerks linker choked on this with an assertion failure. bug??? # - $def_file = "netware\\$target.def"; + my($def_file) = "netware${o}$target.def"; open(DEF_OUT, ">$def_file") || die("unable to open file $def_file\n"); - print( DEF_OUT "# command file generated by netware.pl for Metrowerks build\n" ); + print( DEF_OUT "# command file generated by netware.pl for NLM target.\n" ); + print( DEF_OUT "# do not edit this file - all your changes will be lost!!\n" ); print( DEF_OUT "#\n"); - print( DEF_OUT "DESCRIPTION \"$target\"\n"); - + print( DEF_OUT "DESCRIPTION \"$target ($libarch) - OpenSSL $nlmverstr\"\n"); + print( DEF_OUT "COPYRIGHT \"$nlmcpystr\"\n"); + print( DEF_OUT "VERSION $nlmvernum\n"); + print( DEF_OUT "STACK $nlmstack\n"); + print( DEF_OUT "START $nlmstart\n"); + print( DEF_OUT "EXIT $nlmexit\n"); + + # special case for openssl + if ($target eq "openssl") + { + print( DEF_OUT "SCREENNAME \"OpenSSL $nlmverstr\"\n"); + } + else + { + print( DEF_OUT "SCREENNAME \"DEFAULT\"\n"); + } + foreach $i (@misc_imports) { print( DEF_OUT "IMPORT $i\n"); } - + foreach $i (@import_files) { - print( DEF_OUT "IMPORT \@$import_path\\$i\n"); + print( DEF_OUT "IMPORT \@$import_path${o}$i\n"); } - + foreach $i (@module_files) { print( DEF_OUT "MODULE $i\n"); } + foreach $i (@nlm_flags) + { + print( DEF_OUT "$i\n"); + } + + if ($gnuc) + { + if ($target =~ /openssl/) + { + print( DEF_OUT "INPUT ${tmp_def}${o}openssl${obj}\n"); + print( DEF_OUT "INPUT ${tmp_def}${o}openssl${libp}\n"); + } + else + { + print( DEF_OUT "INPUT ${tmp_def}${o}${target}${obj}\n"); + } + print( DEF_OUT "INPUT $prelude\n"); + print( DEF_OUT "INPUT ${out_def}${o}${ssl}${libp} ${out_def}${o}${crypto}${libp}\n"); + print( DEF_OUT "OUTPUT $target.nlm\n"); + } + close(DEF_OUT); return($def_file); } @@ -281,7 +454,7 @@ sub do_lib_rule if (!$shlib) { $ret.="\t\@echo Building Lib: $name\n"; - $ret.="\t\$(MKLIB) $lib_flags -o $target $objs\n"; + $ret.="\t\$(MKLIB) $lib_flags $target $objs\n"; $ret.="\t\@echo .\n" } else @@ -297,17 +470,15 @@ sub do_link_rule { my($target,$files,$dep_libs,$libs)=@_; my($ret); - my($def_file); - - $def_file = do_def_file($target); + my($def_file) = do_def_file($target); - # special case for openssl - the mk1mf.pl defines E_EXE = openssl + $ret.="$target: $files $dep_libs\n"; # NOTE: When building the test nlms no screen name is given # which causes the console screen to be used. By using the console # screen there is no "<press any key to continue>" message which - # requires user interaction. The test script ( tests.pl ) needs to be - # able to run the tests without requiring user interaction. + # requires user interaction. The test script ( do_tests.pl ) needs + # to be able to run the tests without requiring user interaction. # # However, the sample program "openssl.nlm" is used by the tests and is # a interactive sample so a screen is desired when not be run by the @@ -315,27 +486,41 @@ sub do_link_rule # openssl2 - no screen used by tests # openssl - default screen - use for normal interactive modes # + + # special case for openssl - the mk1mf.pl defines E_EXE = openssl if ($target =~ /E_EXE/) { my($target2) = $target; $target2 =~ s/\(E_EXE\)/\(E_EXE\)2/; - $ret.="$target: $files $dep_libs\n"; - - # openssl - $ret.="\t\$(LINK) \$(LFLAGS) -screenname openssl -commandfile $def_file $files \"$prelude\" $libs -o $target\n"; - # openssl2 - $ret.="\t\$(LINK) \$(LFLAGS) -commandfile $def_file $files \"$prelude\" $libs -o $target2\n"; + # openssl2 + my($def_file2) = do_def_file($target2); + + if ($gnuc) + { + $ret.="\t\$(MKLIB) $lib_flags \$(TMP_D)${o}\$(E_EXE).a \$(filter-out \$(TMP_D)${o}\$(E_EXE)${obj},$files)\n"; + $ret.="\t\$(LINK) \$(LFLAGS) $def_file2\n"; + $ret.="\t\@$mv \$(E_EXE)2.nlm \$(TEST_D)\n"; + } + else + { + $ret.="\t\$(LINK) \$(LFLAGS) $def_file2 $files \"$prelude\" $libs -o $target2\n"; + } + } + if ($gnuc) + { + $ret.="\t\$(LINK) \$(LFLAGS) $def_file\n"; + $ret.="\t\@$mv \$(\@F) \$(TEST_D)\n"; } else { - $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) \$(LFLAGS) -commandfile $def_file $files \"$prelude\" $libs -o $target\n"; + $ret.="\t\$(LINK) \$(LFLAGS) $def_file $files \"$prelude\" $libs -o $target\n"; } $ret.="\n"; return($ret); + } 1; diff --git a/crypto/openssl/util/shlib_wrap.sh b/crypto/openssl/util/shlib_wrap.sh index dc5f5b1c..a2f62d6 100755 --- a/crypto/openssl/util/shlib_wrap.sh +++ b/crypto/openssl/util/shlib_wrap.sh @@ -22,19 +22,39 @@ SunOS|IRIX*) # variables depending on target ABI... rld_var=LD_LIBRARY_PATH case "`(/usr/bin/file "$LIBCRYPTOSO") 2>/dev/null`" in - *ELF\ 64*SPARC*) + *ELF\ 64*SPARC*|*ELF\ 64*AMD64*) [ -n "$LD_LIBRARY_PATH_64" ] && rld_var=LD_LIBRARY_PATH_64 + LD_PRELOAD_64="$LIBCRYPTOSO $LIBSSLSO"; export LD_PRELOAD_64 + preload_var=LD_PRELOAD_64 + ;; + # Why are newly built .so's preloaded anyway? Because run-time + # .so lookup path embedded into application takes precedence + # over LD_LIBRARY_PATH and as result application ends up linking + # to previously installed .so's. On IRIX instead of preloading + # newly built .so's we trick run-time linker to fail to find + # the installed .so by setting _RLD_ROOT variable. + *ELF\ 32*MIPS*) + #_RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD_LIST + _RLD_ROOT=/no/such/dir; export _RLD_ROOT + eval $rld_var=\"/usr/lib'${'$rld_var':+:$'$rld_var'}'\" + preload_var=_RLD_LIST ;; *ELF\ N32*MIPS*) [ -n "$LD_LIBRARYN32_PATH" ] && rld_var=LD_LIBRARYN32_PATH - _RLDN32_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLDN32_LIST + #_RLDN32_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLDN32_LIST + _RLDN32_ROOT=/no/such/dir; export _RLDN32_ROOT + eval $rld_var=\"/usr/lib32'${'$rld_var':+:$'$rld_var'}'\" + preload_var=_RLDN32_LIST ;; *ELF\ 64*MIPS*) [ -n "$LD_LIBRARY64_PATH" ] && rld_var=LD_LIBRARY64_PATH - _RLD64_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD64_LIST + #_RLD64_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD64_LIST + _RLD64_ROOT=/no/such/dir; export _RLD64_ROOT + eval $rld_var=\"/usr/lib64'${'$rld_var':+:$'$rld_var'}'\" + preload_var=_RLD64_LIST ;; esac - eval $rld_var=\"${THERE}:'$'$rld_var\"; export $rld_var + eval $rld_var=\"${THERE}'${'$rld_var':+:$'$rld_var'}'\"; export $rld_var unset rld_var ;; *) LD_LIBRARY_PATH="${THERE}:$LD_LIBRARY_PATH" # Linux, ELF HP-UX @@ -52,7 +72,7 @@ SunOS|IRIX*) ;; esac -if [ -f "$LIBCRYPTOSO" ]; then +if [ -f "$LIBCRYPTOSO" -a -z "$preload_var" ]; then # Following three lines are major excuse for isolating them into # this wrapper script. Original reason for setting LD_PRELOAD # was to make it possible to pass 'make test' when user linked @@ -64,7 +84,8 @@ if [ -f "$LIBCRYPTOSO" ]; then *) LD_PRELOAD="$LIBCRYPTOSO $LIBSSLSO" ;; # SunOS, Linux, ELF HP-UX esac _RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT" # Tru64, o32 IRIX - export LD_PRELOAD _RLD_LIST + DYLD_INSERT_LIBRARIES="$LIBCRYPTOSO:$LIBSSLSO" # MacOS X + export LD_PRELOAD _RLD_LIST DYLD_INSERT_LIBRARIES fi exec "$@" diff --git a/crypto/openssl/util/ssleay.num b/crypto/openssl/util/ssleay.num index b424aec..2055cc1 100755 --- a/crypto/openssl/util/ssleay.num +++ b/crypto/openssl/util/ssleay.num @@ -238,3 +238,7 @@ SSL_CTX_set_info_callback 286 EXIST::FUNCTION: SSL_CTX_sess_get_new_cb 287 EXIST::FUNCTION: SSL_CTX_get_client_cert_cb 288 EXIST::FUNCTION: SSL_CTX_sess_get_remove_cb 289 EXIST::FUNCTION: +SSL_set_SSL_CTX 290 EXIST::FUNCTION: +SSL_get_servername 291 EXIST::FUNCTION:TLSEXT +SSL_get_servername_type 292 EXIST::FUNCTION:TLSEXT +SSL_CTX_set_client_cert_engine 293 EXIST::FUNCTION:ENGINE |
