Commit ec47bb7c authored by Richard Levitte's avatar Richard Levitte
Browse files

- Add a configuration keyword "fips" to compile with FIPS 

  implementations.
- Reorder the build so the standalone FIPS SHA1 checker is built
  first.
- Add necessary defines to avoid symbol clashes between FIPS and
  non-FIPS implementations.
- Change necessary signatures.
- Correct bugs in FIPS build Makefiles.
- make update
parent bf50d5b4

Configure

+9 −1
Original line number Diff line number Diff line
@@ -630,6 +630,7 @@ my $rmd160_obj=""; 
my $processor="";

my $default_ranlib;

my $perl;

my $fips=0;



my $no_ssl2=0;

my $no_ssl3=0;
@@ -803,6 +804,8 @@ PROCESS_ARGS: 
			}

		elsif (/^386$/)

			{ $processor=386; }

		elsif (/^fips$/)

			{ $fips=1; }

		elsif (/^rsaref$/)

			{

			# No RSAref support any more since it's not needed.
@@ -1138,7 +1141,12 @@ if ($ranlib eq "") 


$bn_obj = $bn_asm unless $bn_obj ne "";



$des_obj=$des_enc	unless ($des_obj =~ /\.o$/);

if ($fips)

	{

	$des_obj=$sha1_obj="";

	$cflags.=" -DFIPS";

	}

$des_obj=$des_enc	unless (!$fips && $des_obj =~ /\.o$/);

$bf_obj=$bf_enc		unless ($bf_obj =~ /\.o$/);

$cast_obj=$cast_enc	unless ($cast_obj =~ /\.o$/);

$rc4_obj=$rc4_enc	unless ($rc4_obj =~ /\.o$/);

Makefile.org

+2 −2
Original line number Diff line number Diff line
@@ -173,7 +173,7 @@ LIBKRB5= 
# we might set SHLIB_MARK to '$(SHARED_LIBS)'.

SHLIB_MARK=



DIRS=   crypto fips ssl $(SHLIB_MARK) apps test tools

DIRS=   fips crypto ssl $(SHLIB_MARK) apps test tools

SHLIBDIRS= fips crypto ssl



# dirs in crypto to build
@@ -184,7 +184,7 @@ SDIRS= objects \ 
	buffer bio stack lhash rand err \

	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5



FDIRS=	rand sha1 des aes dsa

FDIRS=	sha1 rand des aes dsa



# tests to perform.  "alltests" is a special word indicating that all tests

# should be performed.

apps/Makefile.ssl

+1 −1
Original line number Diff line number Diff line
@@ -145,7 +145,7 @@ $(DLIBCRYPTO): 


$(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)

	$(RM) $(PROGRAM)

	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \

	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" -o "$(SHLIB_TARGET)" = "" ] ; then \

	  $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \

	else \

	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \

crypto/sha/sha1dgst.c

+7 −0
Original line number Diff line number Diff line
@@ -63,11 +63,18 @@ 


#include <openssl/opensslv.h>



#ifndef FIPS

const char *SHA1_version="SHA1" OPENSSL_VERSION_PTEXT;



/* The implementation is in ../md32_common.h */



#include "sha_locl.h"



#else /* ndef FIPS */



static void *dummy=&dummy;



#endif /* ndef FIPS */



#endif

fips/Makefile.ssl

+3 −2
Original line number Diff line number Diff line
@@ -26,7 +26,7 @@ CFLAGS= $(INCLUDE) $(CFLAG) 


LIBS=



FDIRS=rand sha1 des aes dsa

FDIRS=sha1 rand des aes dsa



GENERAL=Makefile README fips-lib.com install.com
@@ -45,7 +45,8 @@ ALL= $(GENERAL) $(SRC) $(HEADER) 
top:

	@(cd ..; $(MAKE) DIRS=$(DIR) all)



all: check lib subdirs shared

all: subdirs lib check shared

	ls -l $(LIB) $(LIBOBJ)



check:

	TOP=`pwd`/$(TOP) ./fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER)