Loading Configure +7 −5 Original line number Diff line number Diff line Loading @@ -10,7 +10,7 @@ use strict; # see INSTALL for instructions. my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [fips] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; # Options: # Loading Loading @@ -135,12 +135,11 @@ my %table=( # Our development configs "purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::", "debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::", "debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o", "debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o", "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", "debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::", "debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -Wall -Wshadow -Werror -pipe::(unknown)::::::", "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", "debug-ben-fips","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -DFIPS -O2 -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o", "debug-ben-fips-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DFIPS -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", Loading Loading @@ -805,7 +804,10 @@ PROCESS_ARGS: elsif (/^386$/) { $processor=386; } elsif (/^fips$/) { $fips=1; } { $fips=1; $openssl_other_defines.="#define OPENSSL_FIPS\n"; } elsif (/^rsaref$/) { # No RSAref support any more since it's not needed. Loading fips/Makefile.ssl +0 −1 Original line number Diff line number Diff line Loading @@ -46,7 +46,6 @@ top: @(cd ..; $(MAKE) DIRS=$(DIR) all) all: subdirs lib check shared ls -l $(LIB) $(LIBOBJ) check: TOP=`pwd`/$(TOP) ./fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER) Loading fips/fingerprint.sha1 +3 −3 Original line number Diff line number Diff line SHA1(fips.c)= dfb2a82fcff1ee84b7674d84a0e0bf191cb759f3 SHA1(fips.c)= ffe435925e0c7a39ad32d0bd4a3be6b733d65aef SHA1(fips_err_wrapper.c)= 0cbe881739f6e7d91308e2e74b92032e69007528 SHA1(fips.h)= 5dc66fb941513cb732c51eeca6f44018d4acd7ae SHA1(fips_err.c)= 672c470bf38e01ba2a1fa2d52492bc31330dd974 SHA1(fips.h)= b4e3fb8a1f3aa03a63094552bedaa2c58a35cb19 SHA1(fips_err.c)= bd28a95630f6b2e7ac17bfae872c045216611b11 fips/fips.c +19 −1 Original line number Diff line number Diff line Loading @@ -50,6 +50,7 @@ #include <openssl/fips.h> #include <openssl/rand.h> #include <openssl/fips_rand.h> #include <openssl/err.h> #ifdef FIPS Loading @@ -62,13 +63,30 @@ int FIPS_selftest() int FIPS_mode_set(int onoff) { FIPS_mode=onoff; if(onoff) { char buf[24]; /* Don't go into FIPS mode twice, just so we can do automagic seeding */ if(FIPS_mode) FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FIPS_MODE_ALREADY_SET); /* automagically seed PRNG if not already seeded */ if(!FIPS_rand_seeded()) { RAND_bytes(buf,sizeof buf); FIPS_set_prng_key(buf,buf+8); FIPS_rand_seed(buf+16,8); } /* now switch into FIPS mode */ FIPS_rand_check=&rand_fips_meth; RAND_set_rand_method(&rand_fips_meth); FIPS_mode=onoff; return FIPS_selftest(); } FIPS_mode=onoff; return 1; } Loading fips/fips.h +3 −1 Original line number Diff line number Diff line Loading @@ -47,7 +47,7 @@ * */ #ifdef FIPS #if defined(FIPS) || defined(OPENSSL_FIPS) /* Note that these are defined in crypto/cryptlib.c so they're * available even without -lfips. */ Loading Loading @@ -76,12 +76,14 @@ void ERR_load_FIPS_strings(void); /* Function codes. */ #define FIPS_F_FIPS_DSA_CHECK 102 #define FIPS_F_FIPS_MODE_SET 105 #define FIPS_F_FIPS_SELFTEST_AES 104 #define FIPS_F_FIPS_SELFTEST_SHA1 103 #define FIPS_F_HASH_FINAL 100 #define FIPS_F_SSLEAY_RAND_BYTES 101 /* Reason codes. */ #define FIPS_R_FIPS_MODE_ALREADY_SET 102 #define FIPS_R_NON_FIPS_METHOD 100 #define FIPS_R_SELFTEST_FAILED 101 Loading Loading
Configure +7 −5 Original line number Diff line number Diff line Loading @@ -10,7 +10,7 @@ use strict; # see INSTALL for instructions. my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [fips] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; # Options: # Loading Loading @@ -135,12 +135,11 @@ my %table=( # Our development configs "purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::", "debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::", "debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o", "debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o", "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", "debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::", "debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -Wall -Wshadow -Werror -pipe::(unknown)::::::", "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", "debug-ben-fips","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -DFIPS -O2 -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o", "debug-ben-fips-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DFIPS -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", Loading Loading @@ -805,7 +804,10 @@ PROCESS_ARGS: elsif (/^386$/) { $processor=386; } elsif (/^fips$/) { $fips=1; } { $fips=1; $openssl_other_defines.="#define OPENSSL_FIPS\n"; } elsif (/^rsaref$/) { # No RSAref support any more since it's not needed. Loading
fips/Makefile.ssl +0 −1 Original line number Diff line number Diff line Loading @@ -46,7 +46,6 @@ top: @(cd ..; $(MAKE) DIRS=$(DIR) all) all: subdirs lib check shared ls -l $(LIB) $(LIBOBJ) check: TOP=`pwd`/$(TOP) ./fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER) Loading
fips/fingerprint.sha1 +3 −3 Original line number Diff line number Diff line SHA1(fips.c)= dfb2a82fcff1ee84b7674d84a0e0bf191cb759f3 SHA1(fips.c)= ffe435925e0c7a39ad32d0bd4a3be6b733d65aef SHA1(fips_err_wrapper.c)= 0cbe881739f6e7d91308e2e74b92032e69007528 SHA1(fips.h)= 5dc66fb941513cb732c51eeca6f44018d4acd7ae SHA1(fips_err.c)= 672c470bf38e01ba2a1fa2d52492bc31330dd974 SHA1(fips.h)= b4e3fb8a1f3aa03a63094552bedaa2c58a35cb19 SHA1(fips_err.c)= bd28a95630f6b2e7ac17bfae872c045216611b11
fips/fips.c +19 −1 Original line number Diff line number Diff line Loading @@ -50,6 +50,7 @@ #include <openssl/fips.h> #include <openssl/rand.h> #include <openssl/fips_rand.h> #include <openssl/err.h> #ifdef FIPS Loading @@ -62,13 +63,30 @@ int FIPS_selftest() int FIPS_mode_set(int onoff) { FIPS_mode=onoff; if(onoff) { char buf[24]; /* Don't go into FIPS mode twice, just so we can do automagic seeding */ if(FIPS_mode) FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FIPS_MODE_ALREADY_SET); /* automagically seed PRNG if not already seeded */ if(!FIPS_rand_seeded()) { RAND_bytes(buf,sizeof buf); FIPS_set_prng_key(buf,buf+8); FIPS_rand_seed(buf+16,8); } /* now switch into FIPS mode */ FIPS_rand_check=&rand_fips_meth; RAND_set_rand_method(&rand_fips_meth); FIPS_mode=onoff; return FIPS_selftest(); } FIPS_mode=onoff; return 1; } Loading
fips/fips.h +3 −1 Original line number Diff line number Diff line Loading @@ -47,7 +47,7 @@ * */ #ifdef FIPS #if defined(FIPS) || defined(OPENSSL_FIPS) /* Note that these are defined in crypto/cryptlib.c so they're * available even without -lfips. */ Loading Loading @@ -76,12 +76,14 @@ void ERR_load_FIPS_strings(void); /* Function codes. */ #define FIPS_F_FIPS_DSA_CHECK 102 #define FIPS_F_FIPS_MODE_SET 105 #define FIPS_F_FIPS_SELFTEST_AES 104 #define FIPS_F_FIPS_SELFTEST_SHA1 103 #define FIPS_F_HASH_FINAL 100 #define FIPS_F_SSLEAY_RAND_BYTES 101 /* Reason codes. */ #define FIPS_R_FIPS_MODE_ALREADY_SET 102 #define FIPS_R_NON_FIPS_METHOD 100 #define FIPS_R_SELFTEST_FAILED 101 Loading
