projects / oweals / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4a54d59)
Update VC++ build for FIPS mode.
authorDr. Stephen Henson <steve@openssl.org>
Sun, 5 Feb 2006 20:52:56 +0000 (20:52 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sun, 5 Feb 2006 20:52:56 +0000 (20:52 +0000)
config patch | blob | history
util/mk1mf.pl patch | blob | history
util/pl/VC-32.pl patch | blob | history

diff --git a/config b/config
index 7f24e7f29c5eff71c3108a1fc24dd2fcd2cb51e0..dbe1595341491a4794072a003ec0c46b8f164b28 100755 (executable)
--- a/config
+++ b/config
@@ -58,17 +58,17 @@ VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
  
 
 # Check for VC++ presence first.
-
-if [ "x$MSVCDIR" != "x" -o "x$VCINSTALLDIR" != "x" ]; then
-       perl Configure VC-WIN32 $*
-       cmd /c ms\\do_masm.bat
-       perl util/mk1mf.pl VC-WIN32-GMAKE >mak.tmp
-       rm Makefile
-       mv mak.tmp Makefile
-       echo "Configured for VC++ using GNU make"
-       exit 0
-fi
-
+#
+#if [ "x$MSVCDIR" != "x" -o "x$VCINSTALLDIR" != "x" ]; then
+#      perl Configure VC-WIN32 $*
+#      cmd /c ms\\do_masm.bat
+#      perl util/mk1mf.pl VC-WIN32-GMAKE >mak.tmp
+#      rm Makefile
+#      mv mak.tmp Makefile
+#      echo "Configured for VC++ using GNU make"
+#      exit 0
+#fi
+#
 
 # Now test for ISC and SCO, since it is has a braindamaged uname.
 #
@@ -355,6 +355,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 
     MINGW*)
        echo "${MACHINE}-whatever-mingw"; echo 0;
+       # Save fipslib path so VC++ build can find it
+       (cd /usr/local/ssl/lib ; pwd -W ) > util/fipslib_path.txt
+       # Extract _chkstk.o so VC++ can use it, to avoid __alloca link error
+       (cd ms ; ar x `gcc -print-libgcc-file-name` _chkstk.o)
        ;;
     CYGWIN*)
        case "$RELEASE" in
diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index 2487da5ad1c898be937b856a0f56f8fc5af08b92..c722269477eb769974a606b9dbee7cd651bb86ec 100755 (executable)
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -14,7 +14,11 @@ local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic
 local $zlib_lib = "";
 
 my $fips_canister_path = "";
-my $fipslibdir = "fipslib";
+my $fips_premain_dso_exe_path = "";
+my $fips_premain_c_path = "";
+my $fips_sha1_exe_path = "";
+
+my $fipslibdir = "";
 
 my $ex_l_libs = "";
 
@@ -365,13 +369,41 @@ if ($fips_canister_path eq "")
        $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.o";
        }
 
-       $ex_build_targets .= "\$(FIPSLIB_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips_canister_build);
+if ($fips_premain_c_path eq "")
+       {
+       $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c";
+       }
+
+if ($fips_sha1_exe_path eq "")
+       {
+       $fips_sha1_exe_path =
+                       "fips-1.0${o}sha${o}fips_sha1_standalone$exep";
+       }
+
+if ($fips_premain_dso_exe_path eq "")
+       {
+       $fips_premain_dso_exe_path = "fips-1.0${o}fips_premain_dso$exep";
+       }
 
-if ($fips && !$shlib)
+#      $ex_build_targets .= "\$(FIPSLIB_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips_canister_build);
+
+if ($fips)
        {
-       $ex_build_targets .= " \$(LIB_D)$o$crypto_compat";
-       $ex_l_libs .= " \$(O_FIPSCANISTER)";
+       if (!$shlib)
+               {
+               $ex_build_targets .= " \$(LIB_D)$o$crypto_compat";
+               $ex_l_libs .= " \$(O_FIPSCANISTER)";
+               }
+       if ($fipslibpath == "")
+               {
+               open (IN, "util/fipslib_path.txt") || fipslib_error();
+               $fipslibdir = <IN>;
+               chomp $fipslibdir;
+               close IN;
+               }
+
        }
+       
 
 $defs= <<"EOF";
 # This makefile has been automatically generated from the OpenSSL distribution.
@@ -455,7 +487,6 @@ INCO_D=$inc_dir${o}openssl
 
 # Directory containing FIPS module
 
-FIPSLIB_D=$fipslibdir
 
 CP=$cp
 RM=$rm
@@ -471,10 +502,19 @@ MKCANISTER=$mkcanister
 ######################################################
 
 E_EXE=openssl
-E_PREMAIN_DSO=fips_premain_dso
 SSL=$ssl
 CRYPTO=$crypto
 
+# FIPS validated module and support file locations
+
+E_PREMAIN_DSO=fips_premain_dso
+
+FIPSLIB_D=$fipslibdir
+FIPS_PREMAIN_SRC=$fips_premain_c_path
+O_FIPSCANISTER=$fips_canister_path
+FIPS_SHA1_EXE=$fips_sha1_exe_path
+PREMAIN_DSO_EXE=$fips_premain_dso_exe_path
+
 # BIN_D  - Binary output directory
 # TEST_D - Binary test file output directory
 # LIB_D  - library output directory
@@ -492,7 +532,6 @@ INCL_D=\$(TMP_D)
 
 O_SSL=     \$(LIB_D)$o$plib\$(SSL)$shlibp
 O_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$shlibp
-O_FIPSCANISTER= $fips_canister_path
 SO_SSL=    $plib\$(SSL)$so_shlibp
 SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
 L_SSL=     \$(LIB_D)$o$plib\$(SSL)$libp
@@ -514,7 +553,7 @@ LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep
 EOF
 
 $rules=<<"EOF";
-all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) \$(FIPSLIB_D) headers lib exe $ex_build_targets
+all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe $ex_build_targets
 
 banner:
 $banner
@@ -537,9 +576,6 @@ $banner
 \$(INC_D):
        \$(MKDIR) \$(INC_D)
 
-\$(FIPSLIB_D):
-       \$(MKDIR) \$(FIPSLIB_D)
-
 headers: \$(HEADER) \$(EXHEADER)
        @
 
@@ -727,7 +763,7 @@ if ($fips)
                $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
                        "\$(O_CRYPTO)",$crypto,$shlib, "\$(SO_CRYPTO)",
                        "0xFB00000", "\$(FIPSLIB_D)$o\$(E_PREMAIN_DSO)$exep",
-                                       "\$(FIPSLIB_D)${o}fips_premain.c");
+                                       "\$(FIPS_PREMAIN_SRC)");
                }
        else
                {
@@ -746,7 +782,7 @@ if ($fips)
 
 if ($fips && $fips_canister_build)
        {
-       $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", "\$(OBJ_D)${o}fips_start$obj \$(FIPSOBJ) \$(OBJ_D)${o}fips_end$obj", "\$(FIPSLIB_D)${o}fips_standalone_sha1$exep", "") if $fips_canister_build;
+       $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", "\$(OBJ_D)${o}fips_start$obj \$(FIPSOBJ) \$(OBJ_D)${o}fips_end$obj", "\$(FIPSLIB_D)${o}fips_standalone_sha1$exep", "");
        $rules.=&do_link_rule("\$(FIPSLIB_D)${o}\$(E_PREMAIN_DSO)$exep","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(O_CRYPTO) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1);
        }
        
@@ -1080,3 +1116,11 @@ sub read_options
        else { return(0); }
        return(1);
        }
+
+sub fipslib_error
+       {
+       print STDERR "FIPS install directory sanity check failed\n";
+       print STDERR "Either FIPS module build was not completed, or";
+       print STDERR "was deleted.\nPlease rebuild FIPS module\n"; 
+       exit 1;
+       }
diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl
index 52dc566b798aa28d63a9fd5edaf65a336a4d9848..74dd690a90f8af1b6b42730fcbd93e0a3d0407f8 100644 (file)
--- a/util/pl/VC-32.pl
+++ b/util/pl/VC-32.pl
@@ -135,6 +135,7 @@ sub do_lib_rule
 #              $ret.="\t\$(RM) \$(O_$Name)\n";
                $ret.="$target: $objs\n";
                $ex =' advapi32.lib';
+               $ex.=" ms${o}_chkstk.o" if $fips && $target =~ /O_CRYPTO/;
                $ret.="\t\$(MKLIB) $lfile$target @<<\n  $objs $ex\n<<\n";
                }
        else
@@ -142,6 +143,7 @@ sub do_lib_rule
                local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
                $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib';
                $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
+               $ex.=" ms${o}_chkstk.o" if $fips && $target =~ /O_CRYPTO/;
                if (defined $fips_get_sig)
                        {
                        $ret.="$target: $objs $fips_get_sig\n";
Unnamed repository; edit this file 'description' to name the repository.