Loading Configure +75 −0 Original line number Diff line number Diff line Loading @@ -647,6 +647,11 @@ my $openssldir=""; my $exe_ext=""; my $install_prefix= "$ENV{'INSTALL_PREFIX'}"; my $cross_compile_prefix=""; my $fipslibdir="/usr/local/ssl/fips-1.0/lib/"; my $nofipscanistercheck=0; my $fipsdso=0; my $fipscanisterinternal="n"; my $baseaddr="0xFB00000"; my $no_threads=0; my $threads=0; my $no_shared=0; # but "no-shared" is default Loading Loading @@ -681,6 +686,7 @@ my $cmll_enc="camellia.o cmll_misc.o cmll_cbc.o"; my $processor=""; my $default_ranlib; my $perl; my $fips=0; # All of the following is disabled by default (RC5 was enabled before 0.9.8): Loading Loading @@ -833,6 +839,26 @@ PROCESS_ARGS: # The check for the option is there so scripts aren't # broken } elsif (/^nofipscanistercheck$/) { $fips = 1; $nofipscanistercheck = 1; } elsif (/^fipscanisterbuild$/) { $fips = 1; $nofipscanistercheck = 1; $fipslibdir=""; $fipscanisterinternal="y"; } elsif (/^fipsdso$/) { $fips = 1; $nofipscanistercheck = 1; $fipslibdir=""; $fipscanisterinternal="y"; $fipsdso = 1; } elsif (/^[-+]/) { if (/^-[lL](.*)$/ or /^-Wl,/) Loading Loading @@ -1398,6 +1424,15 @@ $cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /86/); $cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /-mont/); if ($fips) { $openssl_other_defines.="#define OPENSSL_FIPS\n"; if ($fipscanisterinternal eq "y") { $openssl_other_defines.="#define OPENSSL_FIPSCANISTER\n"; } } $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/); $des_obj=$des_enc unless ($des_obj =~ /\.o$/); $bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); Loading Loading @@ -1574,6 +1609,21 @@ while (<IN>) s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/; s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/; s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; if ($fipsdso) { s/^FIPSCANLIB=.*/FIPSCANLIB=libfips/; s/^SHARED_FIPS=.*/SHARED_FIPS=libfips\$(SHLIB_EXT)/; s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl fips/; } else { s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips; s/^SHARED_FIPS=.*/SHARED_FIPS=/; s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl/; } s/^FIPSCANISTERINTERNAL=.*/FIPSCANISTERINTERNAL=$fipscanisterinternal/; s/^BASEADDR=.*/BASEADDR=$baseaddr/; s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); Loading Loading @@ -1884,9 +1934,16 @@ BEGIN BEGIN BLOCK "040904b0" BEGIN #if defined(FIPS) VALUE "Comments", "WARNING: TEST VERSION ONLY ***NOT*** FIPS 140-2 VALIDATED.\\0" #endif // Required: VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0" #if defined(FIPS) VALUE "FileDescription", "TEST UNVALIDATED FIPS140-2 DLL\\0" #else VALUE "FileDescription", "OpenSSL Shared Library\\0" #endif VALUE "FileVersion", "$version\\0" #if defined(CRYPTO) VALUE "InternalName", "libeay32\\0" Loading @@ -1894,6 +1951,9 @@ BEGIN #elif defined(SSL) VALUE "InternalName", "ssleay32\\0" VALUE "OriginalFilename", "ssleay32.dll\\0" #elif defined(FIPS) VALUE "InternalName", "libosslfips\\0" VALUE "OriginalFilename", "libosslfips.dll\\0" #endif VALUE "ProductName", "The OpenSSL Toolkit\\0" VALUE "ProductVersion", "$version\\0" Loading Loading @@ -1936,6 +1996,21 @@ libraries on this platform, they will at least look at it and try their best (but please first make sure you have tried with a current version of OpenSSL). EOF print <<\EOF if ($fipscanisterinternal eq "y"); WARNING: OpenSSL has been configured using unsupported option(s) to internally generate a fipscanister.o object module for TESTING PURPOSES ONLY; that compiled module is NOT FIPS 140-2 validated and CANNOT be used to replace the OpenSSL FIPS Object Module as identified by the CMVP (http://csrc.nist.gov/cryptval/) in any application requiring the use of FIPS 140-2 validated software. This is an OpenSSL 1.1.0 test version. See the file README.FIPS for details of how to build a test library. EOF exit(0); sub usage Loading Makefile.org +112 −3 Original line number Diff line number Diff line Loading @@ -110,7 +110,33 @@ LIBKRB5= ZLIB_INCLUDE= LIBZLIB= DIRS= crypto ssl engines apps test tools # This is the location of fipscanister.o and friends. # The FIPS module build will place it $(INSTALLTOP)/lib # but since $(INSTALLTOP) can only take the default value # when the module is built it will be in /usr/local/ssl/lib # $(INSTALLTOP) for this build make be different so hard # code the path. FIPSLIBDIR=/usr/local/ssl/$(LIBDIR)/ # This is set to "y" if fipscanister.o is compiled internally as # opposed to coming from an external validated location. FIPSCANISTERINTERNAL=n # The location of the library which contains fipscanister.o # normally it will be libcrypto unless fipsdso is set in which # case it will be libfips. If not compiling in FIPS mode at all # this is empty making it a useful test for a FIPS compile. FIPSCANLIB= # Shared library base address. Currently only used on Windows. # BASEADDR= DIRS= crypto fips ssl engines apps test tools ENGDIRS= ccgost SHLIBDIRS= crypto ssl Loading Loading @@ -207,6 +233,10 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \ WP_ASM_OBJ='$(WP_ASM_OBJ)' \ MODES_ASM_OBJ='$(MODES_ASM_OBJ)' \ PERLASM_SCHEME='$(PERLASM_SCHEME)' \ FIPSLIBDIR='${FIPSLIBDIR}' \ FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \ FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \ FIPS_EX_OBJ='${FIPS_EX_OBJ}' \ THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. Loading Loading @@ -238,13 +268,92 @@ BUILD_ONE_CMD=\ reflect: @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) # FIXME FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \ ../crypto/aes/aes_ecb.o \ ../crypto/aes/aes_ofb.o \ ../crypto/bn/bn_add.o \ ../crypto/bn/bn_blind.o \ ../crypto/bn/bn_ctx.o \ ../crypto/bn/bn_div.o \ ../crypto/bn/bn_exp2.o \ ../crypto/bn/bn_exp.o \ ../crypto/bn/bn_gcd.o \ ../crypto/bn/bn_lib.o \ ../crypto/bn/bn_mod.o \ ../crypto/bn/bn_mont.o \ ../crypto/bn/bn_mul.o \ ../crypto/bn/bn_prime.o \ ../crypto/bn/bn_rand.o \ ../crypto/bn/bn_recp.o \ ../crypto/bn/bn_shift.o \ ../crypto/bn/bn_sqr.o \ ../crypto/bn/bn_word.o \ ../crypto/bn/bn_x931p.o \ ../crypto/buffer/buf_str.o \ ../crypto/cryptlib.o \ ../crypto/des/cfb64ede.o \ ../crypto/des/cfb64enc.o \ ../crypto/des/cfb_enc.o \ ../crypto/des/ecb3_enc.o \ ../crypto/des/ofb64ede.o \ ../crypto/des/fcrypt.o \ ../crypto/des/set_key.o \ ../crypto/dh/dh_check.o \ ../crypto/dh/dh_gen.o \ ../crypto/dh/dh_key.o \ ../crypto/dsa/dsa_gen.o \ ../crypto/dsa/dsa_key.o \ ../crypto/dsa/dsa_ossl.o \ ../crypto/dsa/dsa_sign.o \ ../crypto/dsa/dsa_vrf.o \ ../crypto/evp/e_aes.o \ ../crypto/evp/e_des3.o \ ../crypto/evp/m_sha1.o \ ../crypto/hmac/hmac.o \ ../crypto/mem.o \ ../crypto/modes/cfb128.o \ ../crypto/modes/ctr128.o \ ../crypto/modes/ofb128.o \ ../crypto/rand/md_rand.o \ ../crypto/rand/rand_egd.o \ ../crypto/rand/randfile.o \ ../crypto/rand/rand_lib.o \ ../crypto/rand/rand_os2.o \ ../crypto/rand/rand_unix.o \ ../crypto/rand/rand_win.o \ ../crypto/rsa/rsa_eay.o \ ../crypto/rsa/rsa_gen.o \ ../crypto/rsa/rsa_crpt.o \ ../crypto/rsa/rsa_none.o \ ../crypto/rsa/rsa_oaep.o \ ../crypto/rsa/rsa_pk1.o \ ../crypto/rsa/rsa_pss.o \ ../crypto/rsa/rsa_ssl.o \ ../crypto/rsa/rsa_x931.o \ ../crypto/sha/sha1dgst.o \ ../crypto/sha/sha256.o \ ../crypto/sha/sha512.o \ ../crypto/uid.o sub_all: build_all build_all: build_libs build_apps build_tests build_tools build_libs: build_crypto build_ssl build_engines build_libs: build_crypto build_fips build_ssl build_engines build_fips: @dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD) build_crypto: @dir=crypto; target=all; $(BUILD_ONE_CMD) if [ -n "$(FIPSCANLIB)" ]; then \ EXCL_OBJ='$(AES_ENC) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \ ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \ else \ ARX='${AR}' ; \ fi ; export ARX ; \ dir=crypto; target=all; $(BUILD_ONE_CMD) build_ssl: @dir=ssl; target=all; $(BUILD_ONE_CMD) build_engines: Loading Loading
Configure +75 −0 Original line number Diff line number Diff line Loading @@ -647,6 +647,11 @@ my $openssldir=""; my $exe_ext=""; my $install_prefix= "$ENV{'INSTALL_PREFIX'}"; my $cross_compile_prefix=""; my $fipslibdir="/usr/local/ssl/fips-1.0/lib/"; my $nofipscanistercheck=0; my $fipsdso=0; my $fipscanisterinternal="n"; my $baseaddr="0xFB00000"; my $no_threads=0; my $threads=0; my $no_shared=0; # but "no-shared" is default Loading Loading @@ -681,6 +686,7 @@ my $cmll_enc="camellia.o cmll_misc.o cmll_cbc.o"; my $processor=""; my $default_ranlib; my $perl; my $fips=0; # All of the following is disabled by default (RC5 was enabled before 0.9.8): Loading Loading @@ -833,6 +839,26 @@ PROCESS_ARGS: # The check for the option is there so scripts aren't # broken } elsif (/^nofipscanistercheck$/) { $fips = 1; $nofipscanistercheck = 1; } elsif (/^fipscanisterbuild$/) { $fips = 1; $nofipscanistercheck = 1; $fipslibdir=""; $fipscanisterinternal="y"; } elsif (/^fipsdso$/) { $fips = 1; $nofipscanistercheck = 1; $fipslibdir=""; $fipscanisterinternal="y"; $fipsdso = 1; } elsif (/^[-+]/) { if (/^-[lL](.*)$/ or /^-Wl,/) Loading Loading @@ -1398,6 +1424,15 @@ $cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /86/); $cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /-mont/); if ($fips) { $openssl_other_defines.="#define OPENSSL_FIPS\n"; if ($fipscanisterinternal eq "y") { $openssl_other_defines.="#define OPENSSL_FIPSCANISTER\n"; } } $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/); $des_obj=$des_enc unless ($des_obj =~ /\.o$/); $bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); Loading Loading @@ -1574,6 +1609,21 @@ while (<IN>) s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/; s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/; s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; if ($fipsdso) { s/^FIPSCANLIB=.*/FIPSCANLIB=libfips/; s/^SHARED_FIPS=.*/SHARED_FIPS=libfips\$(SHLIB_EXT)/; s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl fips/; } else { s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips; s/^SHARED_FIPS=.*/SHARED_FIPS=/; s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl/; } s/^FIPSCANISTERINTERNAL=.*/FIPSCANISTERINTERNAL=$fipscanisterinternal/; s/^BASEADDR=.*/BASEADDR=$baseaddr/; s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); Loading Loading @@ -1884,9 +1934,16 @@ BEGIN BEGIN BLOCK "040904b0" BEGIN #if defined(FIPS) VALUE "Comments", "WARNING: TEST VERSION ONLY ***NOT*** FIPS 140-2 VALIDATED.\\0" #endif // Required: VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0" #if defined(FIPS) VALUE "FileDescription", "TEST UNVALIDATED FIPS140-2 DLL\\0" #else VALUE "FileDescription", "OpenSSL Shared Library\\0" #endif VALUE "FileVersion", "$version\\0" #if defined(CRYPTO) VALUE "InternalName", "libeay32\\0" Loading @@ -1894,6 +1951,9 @@ BEGIN #elif defined(SSL) VALUE "InternalName", "ssleay32\\0" VALUE "OriginalFilename", "ssleay32.dll\\0" #elif defined(FIPS) VALUE "InternalName", "libosslfips\\0" VALUE "OriginalFilename", "libosslfips.dll\\0" #endif VALUE "ProductName", "The OpenSSL Toolkit\\0" VALUE "ProductVersion", "$version\\0" Loading Loading @@ -1936,6 +1996,21 @@ libraries on this platform, they will at least look at it and try their best (but please first make sure you have tried with a current version of OpenSSL). EOF print <<\EOF if ($fipscanisterinternal eq "y"); WARNING: OpenSSL has been configured using unsupported option(s) to internally generate a fipscanister.o object module for TESTING PURPOSES ONLY; that compiled module is NOT FIPS 140-2 validated and CANNOT be used to replace the OpenSSL FIPS Object Module as identified by the CMVP (http://csrc.nist.gov/cryptval/) in any application requiring the use of FIPS 140-2 validated software. This is an OpenSSL 1.1.0 test version. See the file README.FIPS for details of how to build a test library. EOF exit(0); sub usage Loading
Makefile.org +112 −3 Original line number Diff line number Diff line Loading @@ -110,7 +110,33 @@ LIBKRB5= ZLIB_INCLUDE= LIBZLIB= DIRS= crypto ssl engines apps test tools # This is the location of fipscanister.o and friends. # The FIPS module build will place it $(INSTALLTOP)/lib # but since $(INSTALLTOP) can only take the default value # when the module is built it will be in /usr/local/ssl/lib # $(INSTALLTOP) for this build make be different so hard # code the path. FIPSLIBDIR=/usr/local/ssl/$(LIBDIR)/ # This is set to "y" if fipscanister.o is compiled internally as # opposed to coming from an external validated location. FIPSCANISTERINTERNAL=n # The location of the library which contains fipscanister.o # normally it will be libcrypto unless fipsdso is set in which # case it will be libfips. If not compiling in FIPS mode at all # this is empty making it a useful test for a FIPS compile. FIPSCANLIB= # Shared library base address. Currently only used on Windows. # BASEADDR= DIRS= crypto fips ssl engines apps test tools ENGDIRS= ccgost SHLIBDIRS= crypto ssl Loading Loading @@ -207,6 +233,10 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \ WP_ASM_OBJ='$(WP_ASM_OBJ)' \ MODES_ASM_OBJ='$(MODES_ASM_OBJ)' \ PERLASM_SCHEME='$(PERLASM_SCHEME)' \ FIPSLIBDIR='${FIPSLIBDIR}' \ FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \ FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \ FIPS_EX_OBJ='${FIPS_EX_OBJ}' \ THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. Loading Loading @@ -238,13 +268,92 @@ BUILD_ONE_CMD=\ reflect: @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) # FIXME FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \ ../crypto/aes/aes_ecb.o \ ../crypto/aes/aes_ofb.o \ ../crypto/bn/bn_add.o \ ../crypto/bn/bn_blind.o \ ../crypto/bn/bn_ctx.o \ ../crypto/bn/bn_div.o \ ../crypto/bn/bn_exp2.o \ ../crypto/bn/bn_exp.o \ ../crypto/bn/bn_gcd.o \ ../crypto/bn/bn_lib.o \ ../crypto/bn/bn_mod.o \ ../crypto/bn/bn_mont.o \ ../crypto/bn/bn_mul.o \ ../crypto/bn/bn_prime.o \ ../crypto/bn/bn_rand.o \ ../crypto/bn/bn_recp.o \ ../crypto/bn/bn_shift.o \ ../crypto/bn/bn_sqr.o \ ../crypto/bn/bn_word.o \ ../crypto/bn/bn_x931p.o \ ../crypto/buffer/buf_str.o \ ../crypto/cryptlib.o \ ../crypto/des/cfb64ede.o \ ../crypto/des/cfb64enc.o \ ../crypto/des/cfb_enc.o \ ../crypto/des/ecb3_enc.o \ ../crypto/des/ofb64ede.o \ ../crypto/des/fcrypt.o \ ../crypto/des/set_key.o \ ../crypto/dh/dh_check.o \ ../crypto/dh/dh_gen.o \ ../crypto/dh/dh_key.o \ ../crypto/dsa/dsa_gen.o \ ../crypto/dsa/dsa_key.o \ ../crypto/dsa/dsa_ossl.o \ ../crypto/dsa/dsa_sign.o \ ../crypto/dsa/dsa_vrf.o \ ../crypto/evp/e_aes.o \ ../crypto/evp/e_des3.o \ ../crypto/evp/m_sha1.o \ ../crypto/hmac/hmac.o \ ../crypto/mem.o \ ../crypto/modes/cfb128.o \ ../crypto/modes/ctr128.o \ ../crypto/modes/ofb128.o \ ../crypto/rand/md_rand.o \ ../crypto/rand/rand_egd.o \ ../crypto/rand/randfile.o \ ../crypto/rand/rand_lib.o \ ../crypto/rand/rand_os2.o \ ../crypto/rand/rand_unix.o \ ../crypto/rand/rand_win.o \ ../crypto/rsa/rsa_eay.o \ ../crypto/rsa/rsa_gen.o \ ../crypto/rsa/rsa_crpt.o \ ../crypto/rsa/rsa_none.o \ ../crypto/rsa/rsa_oaep.o \ ../crypto/rsa/rsa_pk1.o \ ../crypto/rsa/rsa_pss.o \ ../crypto/rsa/rsa_ssl.o \ ../crypto/rsa/rsa_x931.o \ ../crypto/sha/sha1dgst.o \ ../crypto/sha/sha256.o \ ../crypto/sha/sha512.o \ ../crypto/uid.o sub_all: build_all build_all: build_libs build_apps build_tests build_tools build_libs: build_crypto build_ssl build_engines build_libs: build_crypto build_fips build_ssl build_engines build_fips: @dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD) build_crypto: @dir=crypto; target=all; $(BUILD_ONE_CMD) if [ -n "$(FIPSCANLIB)" ]; then \ EXCL_OBJ='$(AES_ENC) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \ ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \ else \ ARX='${AR}' ; \ fi ; export ARX ; \ dir=crypto; target=all; $(BUILD_ONE_CMD) build_ssl: @dir=ssl; target=all; $(BUILD_ONE_CMD) build_engines: Loading
