GMAKE target. Use precompiled fipscanister.o from other targets.
Update fipslink.pl script to check fipscanister.o and fips_premain.c hashes.
}
-my ($fips_cc,$fips_cc_args, $fips_link,$fips_target)
- = check_env("FIPS_CC", "FIPS_CC_ARGS", "FIPS_LINK", "FIPS_TARGET");
+my ($fips_cc,$fips_cc_args, $fips_link,$fips_target, $fips_libdir)
+ = check_env("FIPS_CC", "FIPS_CC_ARGS", "FIPS_LINK", "FIPS_TARGET",
+ "FIPS_LIBDIR");
$fips_premain_dso = "";
}
+check_hash("fips_premain.c");
+check_hash("fipscanister.o");
-print "$fips_cc $fips_cc_args\n";
-system "$fips_cc $fips_cc_args";
+
+print "Integrity check OK\n";
+
+print "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c\n";
+system "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c";
die "First stage Compile failure" if $? != 0;
print "$fips_link @ARGV\n";
die "Get hash failure" if $? != 0;
-print "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args\n";
-system "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args";
+print "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c\n";
+system "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c";
die "Second stage Compile failure" if $? != 0;
system "$fips_link @ARGV";
die "Second stage Link failure" if $? != 0;
+sub check_hash
+ {
+ my ($filename) = @_;
+ my ($hashfile, $hashval);
+
+ open(IN, "${fips_libdir}/${filename}.sha1") || die "Cannot open file hash file ${fips_libdir}/${filename}.sha1";
+ $hashfile = <IN>;
+ close IN;
+ $hashval = `${fips_libdir}/fips_standalone_sha1.exe ${fips_libdir}/$filename`;
+ chomp $hashfile;
+ chomp $hashval;
+ $hashfile =~ s/^.*=\s+//;
+ $hashval =~ s/^.*=\s+//;
+ die "Invalid hash syntax in file" if (length($hashfile) != 40);
+ die "Invalid hash received for file" if (length($hashval) != 40);
+ die "***HASH VALUE MISMATCH FOR FILE $filename ***" if ($hashval ne $hashfile);
+ }
+
+
local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic
local $zlib_lib = "";
+my $fips_canister_path = "";
+my $fipslibdir = "fipslib";
+
open(IN,"<Makefile") || die "unable to open Makefile!\n";
while(<IN>) {
$ssl_version=$1 if (/^VERSION=(.*)$/);
$mkdir="-mkdir";
$mkcanister="ld -r -o";
+$ex_build_targets = "";
+
($ssl,$crypto)=("ssl","crypto");
$ranlib="echo ranlib";
$uc =~ s/^lib(.*)\.a/$1/;
$uc =~ tr/a-z/A-Z/;
}
- $lib_nam{$uc}=$uc;
- $lib_obj{$uc}.=$libobj." ";
+ if (($uc ne "FIPS") || $fips_canister_build)
+ {
+ $lib_nam{$uc}=$uc;
+ $lib_obj{$uc}.=$libobj." ";
+ }
}
last if ($val eq "FINISHED");
$lib="";
}
close(IN);
+if ($fips_canister_path eq "")
+ {
+ $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.o";
+ }
+
+ $ex_build_targets .= "\$(FIPSLIB_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips_canister_build);
+
$defs= <<"EOF";
# This makefile has been automatically generated from the OpenSSL distribution.
# This single makefile will build the complete OpenSSL distribution and
INC_D=$inc_dir
INCO_D=$inc_dir${o}openssl
+# Directory containing FIPS module
+
+FIPSLIB_D=$fipslibdir
+
CP=$cp
RM=$rm
RANLIB=$ranlib
O_SSL= \$(LIB_D)$o$plib\$(SSL)$shlibp
O_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$shlibp
-O_FIPSCANISTER= \$(LIB_D)${o}fipscanister$obj
+O_FIPSCANISTER= $fips_canister_path
SO_SSL= $plib\$(SSL)$so_shlibp
SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp
EOF
$rules=<<"EOF";
-all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe
+all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) \$(FIPSLIB_D) headers lib exe $ex_build_targets
banner:
$banner
\$(INC_D):
\$(MKDIR) \$(INC_D)
+\$(FIPSLIB_D):
+ \$(MKDIR) \$(FIPSLIB_D)
+
headers: \$(HEADER) \$(EXHEADER)
@
# Special case rules for fips_start and fips_end fips_premain_dso
-if ($fips)
+if ($fips && $fips_canister_build)
{
$rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj",
"fips${o}fips_canister.c", "-DFIPS_START \$(SHLIB_CFLAGS)");
$rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj",
"fips${o}fips_canister.c", "\$(SHLIB_CFLAGS)");
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj",
+ "fips${o}sha${o}fips_standalone_sha1.c", "\$(SHLIB_CFLAGS)");
$rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj",
"fips${o}fips_premain.c",
"-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)");
- $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj",
- "fips${o}sha${o}fips_standalone_sha1.c", "\$(SHLIB_CFLAGS)");
}
-
-
foreach (values %lib_nam)
{
$lib_obj=$lib_obj{$_};
{
$rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
"\$(O_CRYPTO)",$crypto,$shlib, "\$(SO_CRYPTO)",
- "0xFB00000", "\$(BIN_D)$o\$(E_PREMAIN_DSO)$exep",
+ "0xFB00000", "\$(FIPSLIB_D)$o\$(E_PREMAIN_DSO)$exep",
"fips${o}fips_premain.c");
}
else
{
$rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
+# $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
"\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
}
}
}
-if ($fips)
+if ($fips && $fips_canister_build)
{
- $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", "\$(OBJ_D)${o}fips_start$obj \$(FIPSOBJ) \$(OBJ_D)${o}fips_end$obj", "\$(BIN_D)${o}fips_standalone_sha1$exep");
- $rules.=&do_link_rule("\$(BIN_D)$o\$(E_PREMAIN_DSO)$exep","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPCANISTER)","","\$(EX_LIBS) \$(O_FIPSCANISTER)");
- $rules.=&do_link_rule("\$(BIN_D)${o}fips_standalone_sha1$exep","\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}fips_sha1dgst$obj","","", 1);
+ $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", "\$(OBJ_D)${o}fips_start$obj \$(FIPSOBJ) \$(OBJ_D)${o}fips_end$obj", "\$(FIPSLIB_D)${o}fips_standalone_sha1$exep", "") if $fips_canister_build;
+ $rules.=&do_link_rule("\$(FIPSLIB_D)${o}\$(E_PREMAIN_DSO)$exep","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(O_CRYPTO)","","\$(EX_LIBS)", 1);
+ }
+
+ $rules.=&do_link_rule("\$(FIPSLIB_D)${o}fips_standalone_sha1$exep","\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}fips_sha1dgst$obj","","", 1);
+if ($fips)
+ {
$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)",0,"\$(BIN_D)$o\$(E_EXE)$exep");
}
else
$zlib_lib="zlib1.lib";
+$fips_canister_build = 1 if $fips;
+
# C compiler stuff
$cc='cl';
$cflags=' -MD -W3 -WX -G5 -Ox -O2 -Ob2 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
$lflags="-nologo -subsystem:console -machine:I386 -opt:ref";
$mlflags='';
-$out_def="out32";
-$tmp_def="tmp32";
-$inc_def="inc32";
+$out_def="gmout32";
+$tmp_def="gmtmp32";
+$inc_def="gminc32";
if ($debug)
{
$mlflags.=" $lflags -dll";
# $cflags =~ s| -MD| -MT|;
$lib_cflag=" -D_WINDLL";
- $out_def="out32dll";
- $tmp_def="tmp32dll";
+ $out_def="gmout32dll";
+ $tmp_def="gmtmp32dll";
}
$cflags.=" -Fd$out_def";
$ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
if (defined $fips_get_sig)
{
- $ret.="$target: $objs $fips_get_sig\n";
+ $ret.="$target: \$(O_FIPSCANISTER) $objs $fips_get_sig\n";
$ret.="\tFIPS_LINK=\$(LINK) ";
$ret.="FIPS_CC=\$(CC) ";
- $ret.="FIPS_CC_ARGS=\"-Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c \$(SRC_D)${o}fips${o}fips_premain.c\" ";
+ $ret.="FIPS_CC_ARGS=\"-Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\" ";
$ret.="FIPS_PREMAIN_DSO=$fips_get_sig ";
$ret.="FIPS_TARGET=$target ";
+ $ret.="FIPS_LIBDIR=\$(FIPSLIB_D) ";
$ret.="\$(FIPSLINK) \$(MLFLAGS) $base_arg $efile$target ";
$ret.="-def:ms/${Name}.def \$(SHLIB_EX_OBJ) $objs ";
$ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n\n";
local($ret,$_);
$file =~ s/\//$o/g if $o ne '/';
$n=&bname($targer);
- $ret.="$target: $files $dep_libs\n";
if ($standalone)
{
+ $ret.="$target: $files $dep_libs\n";
$ret.="\t\$(LINK) \$(LFLAGS) $efile$target ";
$ret.="$files $libs\n\n";
}
elsif ($fips && !$shlib)
{
+ $ret.="$target: \$(O_FIPSCANISTER) $files $dep_libs\n";
$ret.="\tFIPS_LINK=\$(LINK) ";
$ret.="FIPS_CC=\$(CC) ";
- $ret.="FIPS_CC_ARGS=\"-Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c \$(SRC_D)${o}fips${o}fips_premain.c\" ";
+ $ret.="FIPS_CC_ARGS=\"-Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\" ";
$ret.="FIPS_PREMAIN_DSO= ";
$ret.="FIPS_TARGET=$target ";
+ $ret.="FIPS_LIBDIR=\$(FIPSLIB_D) ";
$ret.=" \$(FIPSLINK) \$(LFLAGS) $efile$target ";
$ret.="\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n\n";
}
else
{
+ $ret.="$target: $files $dep_libs\n";
$ret.="\t\$(LINK) \$(LFLAGS) $efile$target ";
$ret.="\$(APP_EX_OBJ) $files $libs\n\n";
}
sub do_rlink_rule
{
- local($target,$files,$check_hash)=@_;
+ local($target,$files,$check_hash, $deps)=@_;
local($ret,$_);
$file =~ s/\//$o/g if $o ne '/';
$n=&bname($targer);
- $ret.="$target: $check_hash $files $dep_libs\n";
+ $ret.="$target: $check_hash $files $deps\n";
$ret.="\t\$(PERL) util${o}checkhash.pl -chdir fips -program_path ..$o$check_hash\n";
- $ret.="\t\$(MKCANISTER) $target $files\n\n";
+ $ret.="\t\$(MKCANISTER) $target $files\n";
+ $ret.="\t$check_hash $target > $target.sha1\n";
+ $ret.="\t\$(CP) fips${o}fips_premain.c \$(FIPSLIB_D)\n";
+ $ret.="\t$check_hash \$(FIPSLIB_D)${o}fips_premain.c > \$(FIPSLIB_D)${o}fips_premain.c.sha1\n\n";
return($ret);
}
$ret.="$target: $objs $fips_get_sig\n";
$ret.="\tSET FIPS_LINK=\$(LINK)\n";
$ret.="\tSET FIPS_CC=\$(CC)\n";
- $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c \$(SRC_D)${o}fips${o}fips_premain.c\n";
+ $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
$ret.="\tSET FIPS_PREMAIN_DSO=$fips_get_sig\n";
$ret.="\tSET FIPS_TARGET=$target\n";
+ $ret.="\tSET FIPS_LIBDIR=\$(FIPSLIB_D)\n";
$ret.="\t\$(FIPSLINK) \$(MLFLAGS) $base_arg $efile$target ";
$ret.="/def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs ";
$ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n";
{
$ret.="\tSET FIPS_LINK=\$(LINK)\n";
$ret.="\tSET FIPS_CC=\$(CC)\n";
- $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c \$(SRC_D)${o}fips${o}fips_premain.c\n";
+ $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
$ret.="\tSET FIPS_PREMAIN_DSO=\n";
$ret.="\tSET FIPS_TARGET=$target\n";
+ $ret.="\tSET FIPS_LIBDIR=\$(FIPSLIB_D)\n";
$ret.=" \$(FIPSLINK) \$(LFLAGS) $efile$target @<<\n";
$ret.=" \$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n";
}
projects / oweals / openssl.git / commitdiff