From: Dr. Stephen Henson Date: Thu, 18 Jan 2007 13:29:15 +0000 (+0000) Subject: Expand security boundary to match 1.1.1 module. X-Git-Tag: OpenSSL_0_9_7m~31 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=eee04c54aecefce749cd4ca35e94ec0d4ea4a216;p=oweals%2Fopenssl.git Expand security boundary to match 1.1.1 module. --- diff --git a/CHANGES b/CHANGES index badb8d42a9..426aff7673 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes between 0.9.7l and 0.9.7m [xx XXX xxxx] + *) Expand security boundary to match 1.1.1 module. + [Steve Henson] + *) Remove redundant features: hash file source, editing of test vectors modify fipsld to use external fips_premain.c signature. [Steve Henson] diff --git a/fips-1.0/Makefile b/fips-1.0/Makefile index 69e92eb055..917da8b5da 100644 --- a/fips-1.0/Makefile +++ b/fips-1.0/Makefile @@ -17,6 +17,7 @@ MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) PERL= perl RM= rm -f AR= ar r +ARD= ar d FIPSCANLOC= $(FIPSLIBDIR)fipscanister.o @@ -72,7 +73,8 @@ all: # vendor compiler drivers... fipscanister.o: fips_start.o $(LIBOBJ) $(FIPS_OBJ_LISTS) fips_end.o - @objs="fips_start.o $(LIBOBJ)"; \ + @FIPS_BN_ASM=`for i in $(BN_ASM) ; do echo -n "../crypto/bn/$$i " ; done`; \ + objs="fips_start.o $(LIBOBJ) $(FIPS_EX_OBJ) $$FIPS_BN_ASM"; \ for i in $(FIPS_OBJ_LISTS); do \ dir=`dirname $$i`; script="s|^|$$dir/|;s| | $$dir/|g"; \ objs="$$objs `sed "$$script" $$i`"; \ @@ -129,7 +131,7 @@ links: $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \ done; -lib: $(FIPSCANLOC) +lib: $(FIPSCANLOC) delexobj $(AR) $(LIB) $(FIPSCANLOC) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -212,6 +214,145 @@ dclean: $(MAKE) PERL='${PERL}' CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \ done; +delexobj: + exdel=""; \ + for i in $(FIPS_EX_OBJ) $(BN_ASM);\ + do \ + exdel="$$exdel "`basename $$i`""; \ + done ; \ + $(ARD) $(LIB) $$exdel + +FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \ + ../crypto/aes/aes_cfb.o \ + ../crypto/aes/aes_ecb.o \ + ../crypto/aes/aes_ofb.o \ + ../crypto/asn1/a_bitstr.o \ + ../crypto/asn1/a_bytes.o \ + ../crypto/asn1/a_dup.o \ + ../crypto/asn1/a_int.o \ + ../crypto/asn1/a_object.o \ + ../crypto/asn1/asn1_err.o \ + ../crypto/asn1/asn1_lib.o \ + ../crypto/asn1/a_type.o \ + ../crypto/asn1/evp_asn1.o \ + ../crypto/asn1/tasn_dec.o \ + ../crypto/asn1/tasn_enc.o \ + ../crypto/asn1/tasn_fre.o \ + ../crypto/asn1/tasn_new.o \ + ../crypto/asn1/tasn_typ.o \ + ../crypto/asn1/tasn_utl.o \ + ../crypto/asn1/t_pkey.o \ + ../crypto/asn1/x_algor.o \ + ../crypto/asn1/x_bignum.o \ + ../crypto/asn1/x_long.o \ + ../crypto/asn1/x_sig.o \ + ../crypto/bio/bio_err.o \ + ../crypto/bio/bio_lib.o \ + ../crypto/bio/b_print.o \ + ../crypto/bio/bss_file.o \ + ../crypto/bn/bn_add.o \ + ../crypto/bn/bn_blind.o \ + ../crypto/bn/bn_ctx.o \ + ../crypto/bn/bn_div.o \ + ../crypto/bn/bn_err.o \ + ../crypto/bn/bn_exp2.o \ + ../crypto/bn/bn_exp.o \ + ../crypto/bn/bn_gcd.o \ + ../crypto/bn/bn_lib.o \ + ../crypto/bn/bn_mod.o \ + ../crypto/bn/bn_mont.o \ + ../crypto/bn/bn_mul.o \ + ../crypto/bn/bn_prime.o \ + ../crypto/bn/bn_print.o \ + ../crypto/bn/bn_rand.o \ + ../crypto/bn/bn_recp.o \ + ../crypto/bn/bn_shift.o \ + ../crypto/bn/bn_sqr.o \ + ../crypto/bn/bn_word.o \ + ../crypto/bn/bn_x931p.o \ + ../crypto/buffer/buf_err.o \ + ../crypto/buffer/buffer.o \ + ../crypto/conf/conf_err.o \ + ../crypto/cpt_err.o \ + ../crypto/cryptlib.o \ + ../crypto/des/cfb64ede.o \ + ../crypto/des/cfb64enc.o \ + ../crypto/des/cfb_enc.o \ + ../crypto/des/des_enc.o \ + ../crypto/des/ecb3_enc.o \ + ../crypto/des/ecb_enc.o \ + ../crypto/des/ofb64ede.o \ + ../crypto/des/ofb64enc.o \ + ../crypto/dh/dh_err.o \ + ../crypto/dh/dh_lib.o \ + ../crypto/dsa/dsa_asn1.o \ + ../crypto/dsa/dsa_err.o \ + ../crypto/dsa/dsa_lib.o \ + ../crypto/dsa/dsa_sign.o \ + ../crypto/dsa/dsa_vrf.o \ + ../crypto/dso/dso_err.o \ + ../crypto/ec/ec_err.o \ + ../crypto/engine/eng_err.o \ + ../crypto/engine/eng_init.o \ + ../crypto/engine/eng_lib.o \ + ../crypto/engine/eng_list.o \ + ../crypto/engine/eng_table.o \ + ../crypto/engine/tb_cipher.o \ + ../crypto/engine/tb_dh.o \ + ../crypto/engine/tb_digest.o \ + ../crypto/engine/tb_dsa.o \ + ../crypto/engine/tb_rand.o \ + ../crypto/engine/tb_rsa.o \ + ../crypto/err/err_all.o \ + ../crypto/err/err.o \ + ../crypto/err/err_prn.o \ + ../crypto/evp/digest.o \ + ../crypto/evp/e_aes.o \ + ../crypto/evp/e_des3.o \ + ../crypto/evp/e_des.o \ + ../crypto/evp/evp_enc.o \ + ../crypto/evp/evp_err.o \ + ../crypto/evp/evp_lib.o \ + ../crypto/evp/m_sha1.o \ + ../crypto/evp/p_lib.o \ + ../crypto/evp/p_sign.o \ + ../crypto/evp/p_verify.o \ + ../crypto/ex_data.o \ + ../crypto/lhash/lhash.o \ + ../crypto/mem_clr.o \ + ../crypto/mem_dbg.o \ + ../crypto/mem.o \ + ../crypto/objects/obj_dat.o \ + ../crypto/objects/obj_err.o \ + ../crypto/objects/obj_lib.o \ + ../crypto/ocsp/ocsp_err.o \ + ../crypto/pem/pem_err.o \ + ../crypto/pkcs12/pk12err.o \ + ../crypto/pkcs7/pkcs7err.o \ + ../crypto/rand/md_rand.o \ + ../crypto/rand/rand_egd.o \ + ../crypto/rand/rand_err.o \ + ../crypto/rand/randfile.o \ + ../crypto/rand/rand_lib.o \ + ../crypto/rand/rand_os2.o \ + ../crypto/rand/rand_unix.o \ + ../crypto/rand/rand_win.o \ + ../crypto/rsa/rsa_err.o \ + ../crypto/rsa/rsa_lib.o \ + ../crypto/rsa/rsa_none.o \ + ../crypto/rsa/rsa_oaep.o \ + ../crypto/rsa/rsa_pk1.o \ + ../crypto/rsa/rsa_pss.o \ + ../crypto/rsa/rsa_sign.o \ + ../crypto/rsa/rsa_ssl.o \ + ../crypto/rsa/rsa_x931.o \ + ../crypto/stack/stack.o \ + ../crypto/uid.o \ + ../crypto/ui/ui_err.o \ + ../crypto/x509v3/v3err.o \ + ../crypto/x509v3/v3_hex.o \ + ../crypto/x509/x509_err.o + # DO NOT DELETE THIS LINE -- make depend depends on it. fips.o: ../include/openssl/aes.h ../include/openssl/asn1.h