From 53f76337393d85832a85c2c13df20cf3a3fcd8d6 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 3 Feb 2011 12:59:01 +0000 Subject: [PATCH] Add FIPS support to mkdef.pl script, update ordinals. --- util/libeay.num | 102 +++++++++++++++++++++++++----------------------- util/mkdef.pl | 9 ++++- 2 files changed, 62 insertions(+), 49 deletions(-) diff --git a/util/libeay.num b/util/libeay.num index f9d70d3783..8aebc1ff1c 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -2804,12 +2804,12 @@ OPENSSL_cleanse 3245 EXIST::FUNCTION: ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES -FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION: -FIPS_selftest_des 3250 NOEXIST::FUNCTION: +FIPS_corrupt_rsa 3249 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_des 3250 EXIST:OPENSSL_FIPS:FUNCTION: EVP_aes_128_cfb1 3251 EXIST::FUNCTION:AES EVP_aes_192_cfb8 3252 EXIST::FUNCTION:AES -FIPS_mode_set 3253 NOEXIST::FUNCTION: -FIPS_selftest_dsa 3254 NOEXIST::FUNCTION: +FIPS_mode_set 3253 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_dsa 3254 EXIST:OPENSSL_FIPS:FUNCTION: EVP_aes_256_cfb8 3255 EXIST::FUNCTION:AES FIPS_allow_md5 3256 NOEXIST::FUNCTION: DES_ede3_cfb_encrypt 3257 EXIST::FUNCTION:DES @@ -2817,29 +2817,29 @@ EVP_des_ede3_cfb8 3258 EXIST::FUNCTION:DES FIPS_rand_seeded 3259 NOEXIST::FUNCTION: AES_cfbr_encrypt_block 3260 NOEXIST::FUNCTION: AES_cfb8_encrypt 3261 EXIST::FUNCTION:AES -FIPS_rand_seed 3262 NOEXIST::FUNCTION: -FIPS_corrupt_des 3263 NOEXIST::FUNCTION: +FIPS_rand_seed 3262 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_corrupt_des 3263 EXIST:OPENSSL_FIPS:FUNCTION: EVP_aes_192_cfb1 3264 EXIST::FUNCTION:AES -FIPS_selftest_aes 3265 NOEXIST::FUNCTION: +FIPS_selftest_aes 3265 EXIST:OPENSSL_FIPS:FUNCTION: FIPS_set_prng_key 3266 NOEXIST::FUNCTION: EVP_des_cfb8 3267 EXIST::FUNCTION:DES -FIPS_corrupt_dsa 3268 NOEXIST::FUNCTION: +FIPS_corrupt_dsa 3268 EXIST:OPENSSL_FIPS:FUNCTION: FIPS_test_mode 3269 NOEXIST::FUNCTION: -FIPS_rand_method 3270 NOEXIST::FUNCTION: +FIPS_rand_method 3270 EXIST:OPENSSL_FIPS:FUNCTION: EVP_aes_256_cfb1 3271 EXIST::FUNCTION:AES -ERR_load_FIPS_strings 3272 NOEXIST::FUNCTION: -FIPS_corrupt_aes 3273 NOEXIST::FUNCTION: -FIPS_selftest_sha1 3274 NOEXIST::FUNCTION: -FIPS_selftest_rsa 3275 NOEXIST::FUNCTION: -FIPS_corrupt_sha1 3276 NOEXIST::FUNCTION: +ERR_load_FIPS_strings 3272 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_corrupt_aes 3273 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_sha1 3274 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_rsa 3275 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_corrupt_sha1 3276 EXIST:OPENSSL_FIPS:FUNCTION: EVP_des_cfb1 3277 EXIST::FUNCTION:DES FIPS_dsa_check 3278 NOEXIST::FUNCTION: AES_cfb1_encrypt 3279 EXIST::FUNCTION:AES EVP_des_ede3_cfb1 3280 EXIST::FUNCTION:DES -FIPS_rand_check 3281 NOEXIST::FUNCTION: +FIPS_rand_check 3281 EXIST:OPENSSL_FIPS:FUNCTION: FIPS_md5_allowed 3282 NOEXIST::FUNCTION: -FIPS_mode 3283 NOEXIST::FUNCTION: -FIPS_selftest_failed 3284 NOEXIST::FUNCTION: +FIPS_mode 3283 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_failed 3284 EXIST:OPENSSL_FIPS:FUNCTION: sk_is_sorted 3285 EXIST::FUNCTION: X509_check_ca 3286 EXIST::FUNCTION: private_idea_set_encrypt_key 3287 NOEXIST::FUNCTION: @@ -2868,13 +2868,13 @@ PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI PROXY_POLICY_free 3308 EXIST::FUNCTION: PROXY_POLICY_new 3309 EXIST::FUNCTION: BN_MONT_CTX_set_locked 3310 EXIST::FUNCTION: -FIPS_selftest_rng 3311 NOEXIST::FUNCTION: +FIPS_selftest_rng 3311 EXIST:OPENSSL_FIPS:FUNCTION: EVP_sha384 3312 EXIST:!VMSVAX:FUNCTION:SHA,SHA512 EVP_sha512 3313 EXIST:!VMSVAX:FUNCTION:SHA,SHA512 EVP_sha224 3314 EXIST::FUNCTION:SHA,SHA256 EVP_sha256 3315 EXIST::FUNCTION:SHA,SHA256 -FIPS_selftest_hmac 3316 NOEXIST::FUNCTION: -FIPS_corrupt_rng 3317 NOEXIST::FUNCTION: +FIPS_selftest_hmac 3316 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_corrupt_rng 3317 EXIST:OPENSSL_FIPS:FUNCTION: BN_mod_exp_mont_consttime 3318 EXIST::FUNCTION: RSA_X931_hash_id 3319 EXIST::FUNCTION:RSA RSA_padding_check_X931 3320 EXIST::FUNCTION:RSA @@ -3661,44 +3661,44 @@ ENGINE_load_capi 4047 EXIST::FUNCTION:ENGINE,STATIC_ENGIN OPENSSL_isservice 4048 EXIST::FUNCTION: FIPS_dsa_sig_decode 4049 NOEXIST::FUNCTION: EVP_CIPHER_CTX_clear_flags 4050 EXIST::FUNCTION: -FIPS_rand_status 4051 NOEXIST::FUNCTION: -FIPS_rand_set_key 4052 NOEXIST::FUNCTION: +FIPS_rand_status 4051 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_rand_set_key 4052 EXIST:OPENSSL_FIPS:FUNCTION: CRYPTO_set_mem_info_functions 4053 NOEXIST::FUNCTION: RSA_X931_generate_key_ex 4054 EXIST::FUNCTION:RSA int_ERR_set_state_func 4055 NOEXIST::FUNCTION: int_EVP_MD_set_engine_callbacks 4056 NOEXIST::FUNCTION: int_CRYPTO_set_do_dynlock_callback 4057 NOEXIST::FUNCTION: -FIPS_rng_stick 4058 NOEXIST::FUNCTION: +FIPS_rng_stick 4058 EXIST:OPENSSL_FIPS:FUNCTION: EVP_CIPHER_CTX_set_flags 4059 EXIST::FUNCTION: BN_X931_generate_prime_ex 4060 EXIST::FUNCTION: -FIPS_selftest_check 4061 NOEXIST::FUNCTION: -FIPS_rand_set_dt 4062 NOEXIST::FUNCTION: +FIPS_selftest_check 4061 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_rand_set_dt 4062 EXIST:OPENSSL_FIPS:FUNCTION: CRYPTO_dbg_pop_info 4063 NOEXIST::FUNCTION: -FIPS_dsa_free 4064 EXIST::FUNCTION:DSA +FIPS_dsa_free 4064 EXIST:OPENSSL_FIPS:FUNCTION:DSA RSA_X931_derive_ex 4065 EXIST::FUNCTION:RSA -FIPS_rsa_new 4066 EXIST::FUNCTION:RSA -FIPS_rand_bytes 4067 NOEXIST::FUNCTION: -fips_cipher_test 4068 NOEXIST::FUNCTION: +FIPS_rsa_new 4066 EXIST:OPENSSL_FIPS:FUNCTION:RSA +FIPS_rand_bytes 4067 EXIST:OPENSSL_FIPS:FUNCTION: +fips_cipher_test 4068 EXIST:OPENSSL_FIPS:FUNCTION: EVP_CIPHER_CTX_test_flags 4069 EXIST::FUNCTION: CRYPTO_malloc_debug_init 4070 NOEXIST::FUNCTION: CRYPTO_dbg_push_info 4071 NOEXIST::FUNCTION: -FIPS_corrupt_rsa_keygen 4072 NOEXIST::FUNCTION: -FIPS_dh_new 4073 EXIST::FUNCTION:DH -FIPS_corrupt_dsa_keygen 4074 NOEXIST::FUNCTION: -FIPS_dh_free 4075 EXIST::FUNCTION:DH -fips_pkey_signature_test 4076 NOEXIST::FUNCTION: +FIPS_corrupt_rsa_keygen 4072 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_dh_new 4073 EXIST:OPENSSL_FIPS:FUNCTION:DH +FIPS_corrupt_dsa_keygen 4074 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_dh_free 4075 EXIST:OPENSSL_FIPS:FUNCTION:DH +fips_pkey_signature_test 4076 EXIST:OPENSSL_FIPS:FUNCTION: EVP_add_alg_module 4077 NOEXIST::FUNCTION: int_RAND_init_engine_callbacks 4078 NOEXIST::FUNCTION: int_EVP_CIPHER_set_engine_callbacks 4079 NOEXIST::FUNCTION: int_EVP_MD_init_engine_callbacks 4080 NOEXIST::FUNCTION: -FIPS_rand_test_mode 4081 NOEXIST::FUNCTION: -FIPS_rand_reset 4082 NOEXIST::FUNCTION: -FIPS_dsa_new 4083 EXIST::FUNCTION:DSA +FIPS_rand_test_mode 4081 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_rand_reset 4082 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_dsa_new 4083 EXIST:OPENSSL_FIPS:FUNCTION:DSA int_RAND_set_callbacks 4084 NOEXIST::FUNCTION: BN_X931_derive_prime_ex 4085 EXIST::FUNCTION: int_ERR_lib_init 4086 NOEXIST::FUNCTION: int_EVP_CIPHER_init_engine_callbacks 4087 NOEXIST::FUNCTION: -FIPS_rsa_free 4088 EXIST::FUNCTION:RSA +FIPS_rsa_free 4088 EXIST:OPENSSL_FIPS:FUNCTION:RSA FIPS_dsa_sig_encode 4089 NOEXIST::FUNCTION: CRYPTO_dbg_remove_all_info 4090 NOEXIST::FUNCTION: OPENSSL_init 4091 NOEXIST::FUNCTION: @@ -4224,29 +4224,35 @@ CRYPTO_gcm128_finish 4594 EXIST::FUNCTION: ASN1_item_sign_ctx 4595 EXIST::FUNCTION:EVP X509_ALGOR_set_md 4596 EXIST::FUNCTION: CRYPTO_ctr128_encrypt_ctr32 4597 EXIST::FUNCTION: -FIPS_set_error_callbacks 4598 EXIST::FUNCTION: +FIPS_set_error_callbacks 4598 EXIST:OPENSSL_FIPS:FUNCTION: EC_KEY_set_public_key_affine_coordinates 4599 EXIST::FUNCTION:EC -FIPS_rsa_verify_digest 4600 EXIST::FUNCTION:RSA +FIPS_rsa_verify_digest 4600 EXIST:OPENSSL_FIPS:FUNCTION:RSA RSA_padding_add_PKCS1_PSS_mgf1 4601 EXIST::FUNCTION:RSA -FIPS_rsa_sign_digest 4602 EXIST::FUNCTION:RSA -FIPS_dsa_sign_digest 4603 EXIST::FUNCTION:DSA +FIPS_rsa_sign_digest 4602 EXIST:OPENSSL_FIPS:FUNCTION:RSA +FIPS_dsa_sign_digest 4603 EXIST:OPENSSL_FIPS:FUNCTION:DSA ASN1_SCTX_get_flags 4604 EXIST::FUNCTION: -FIPS_dsa_verify_ctx 4605 EXIST::FUNCTION:DSA -FIPS_dsa_sign_ctx 4606 EXIST::FUNCTION:DSA +FIPS_dsa_verify_ctx 4605 EXIST:OPENSSL_FIPS:FUNCTION:DSA +FIPS_dsa_sign_ctx 4606 EXIST:OPENSSL_FIPS:FUNCTION:DSA EVP_PKEY_meth_get0_info 4607 EXIST::FUNCTION: ASN1_SCTX_get_template 4608 EXIST::FUNCTION: ASN1_SCTX_set_app_data 4609 EXIST::FUNCTION: ASN1_SCTX_free 4610 EXIST::FUNCTION: EVP_PKEY_meth_copy 4611 EXIST::FUNCTION: -FIPS_dsa_verify_digest 4612 EXIST::FUNCTION:DSA +FIPS_dsa_verify_digest 4612 EXIST:OPENSSL_FIPS:FUNCTION:DSA ERR_add_error_vdata 4613 EXIST::FUNCTION: CRYPTO_gcm128_init 4614 EXIST::FUNCTION: RSA_verify_PKCS1_PSS_mgf1 4615 EXIST::FUNCTION:RSA ASN1_SCTX_get_item 4616 EXIST::FUNCTION: ASN1_SCTX_get_app_data 4617 EXIST::FUNCTION: -FIPS_rsa_sign_ctx 4618 EXIST::FUNCTION:RSA +FIPS_rsa_sign_ctx 4618 EXIST:OPENSSL_FIPS:FUNCTION:RSA CRYPTO_gcm128_decrypt_ctr32 4619 EXIST::FUNCTION: CRYPTO_gcm128_encrypt_ctr32 4620 EXIST::FUNCTION: ASN1_SCTX_new 4621 EXIST::FUNCTION: -EC_GFp_nistp224_method 4622 EXIST::FUNCTION:EC -FIPS_rsa_verify_ctx 4623 EXIST::FUNCTION:RSA +EC_GFp_nistp224_method 4622 EXIST:!WIN32:FUNCTION:EC +FIPS_rsa_verify_ctx 4623 EXIST:OPENSSL_FIPS:FUNCTION:RSA +FIPS_selftest 4624 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_set_locking_callback 4625 EXIST:OPENSSL_FIPS:FUNCTION: +fips_set_selftest_fail 4626 EXIST:OPENSSL_FIPS:FUNCTION: +fips_check_rsa 4627 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_check_incore_fingerprint 4628 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_incore_fingerprint 4629 EXIST:OPENSSL_FIPS:FUNCTION: diff --git a/util/mkdef.pl b/util/mkdef.pl index 1179f58a64..681c2bb776 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -79,7 +79,7 @@ my $OS2=0; my $safe_stack_def = 0; my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT", - "EXPORT_VAR_AS_FUNCTION", "ZLIB" ); + "EXPORT_VAR_AS_FUNCTION", "ZLIB", "OPENSSL_FIPS" ); my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" ); my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1", @@ -129,6 +129,8 @@ my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake; my $no_ssl2; +my $fips; + my $zlib; @@ -151,6 +153,7 @@ foreach (@ARGV, split(/ /, $options)) } $VMS=1 if $_ eq "VMS"; $OS2=1 if $_ eq "OS2"; + $fips=1 if /^fips/; if ($_ eq "zlib" || $_ eq "enable-zlib" || $_ eq "zlib-dynamic" || $_ eq "enable-zlib-dynamic") { $zlib = 1; @@ -317,6 +320,7 @@ $crypto.=" crypto/pqueue/pqueue.h"; $crypto.=" crypto/cms/cms.h"; $crypto.=" crypto/jpake/jpake.h"; $crypto.=" crypto/modes/modes.h"; +$crypto.=" fips/fips.h fips/rand/fips_rand.h"; my $symhacks="crypto/symhacks.h"; @@ -1118,6 +1122,9 @@ sub is_valid if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && ($VMSVAX || $W32 || $W16)) { return 1; } + if ($keyword eq "OPENSSL_FIPS" && $fips) { + return 1; + } if ($keyword eq "ZLIB" && $zlib) { return 1; } return 0; } else { -- 2.25.1