From 55768cf7732bac44f2fc7abefec0dc669e0aeac5 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 22 Mar 2007 18:31:35 +0000 Subject: [PATCH] Forward FIPS DLL implementations from libcrypto DLL under Win32. --- CHANGES | 4 ++++ Configure | 2 +- util/mk1mf.pl | 6 +++--- util/mksdef.pl | 19 ++++++++++++------- util/pl/VC-32.pl | 27 ++++++++++++--------------- 5 files changed, 32 insertions(+), 26 deletions(-) diff --git a/CHANGES b/CHANGES index a10b4b526c..d67252d68e 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 0.9.8e and 0.9.8f-fips [xx XXX xxxx] + *) Modify WIN32 build system to forward references to functions implemented + in FIPS DLL. + [Steve Henson] + *) Move error library so that all lhash dependencies are in a separate file. Include a simplified ERR_get_state() function for stand alone FIPS applications. Include a initialization function OPENSSL_init() diff --git a/Configure b/Configure index e0a49e69a4..293e5e5380 100755 --- a/Configure +++ b/Configure @@ -1746,7 +1746,7 @@ OpenSSL FIPS Object Module as identified by the CMVP (http://csrc.nist.gov/cryptval/) in any application requiring the use of FIPS 140-2 validated software. -This is a OpenSSL 0.9.8-fips test version. +This is an OpenSSL 0.9.8-fips test version. See the file README.FIPS for details of how to build a test library. diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 5293b97720..6ab1c644bd 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -433,7 +433,7 @@ if ($fips_premain_dso_exe_path eq "") # $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips); -$ex_l_libs .= " \$(L_FIPS)" if $fipsdso; +#$ex_l_libs .= " \$(L_FIPS)" if $fipsdso; if ($fips) { @@ -587,7 +587,7 @@ PREMAIN_DSO_EXE=$fips_premain_dso_exe_path E_EXE=openssl SSL=$ssl CRYPTO=$crypto -LIBFIPS=libfips +LIBFIPS=libosslfips # BIN_D - Binary output directory # TEST_D - Binary test file output directory @@ -884,7 +884,7 @@ if ($fips) $shlib, "", ""); $rules.= &do_lib_rule( "\$(O_FIPSCANISTER)", - "\$(O_FIPS)", "libfips", + "\$(O_FIPS)", "\$(LIBFIPS)", $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)"); $rules.= &do_sdef_rule(); } diff --git a/util/mksdef.pl b/util/mksdef.pl index 18fdef5b2d..065dc675f1 100644 --- a/util/mksdef.pl +++ b/util/mksdef.pl @@ -24,7 +24,7 @@ foreach (@deferr) } } -open (IN, "ms/libeay32.def") || die "Can't Open DEF file for splittling"; +open (IN, "ms/libeay32.def") || die "Can't Open DEF file for spliting"; my $started = 0; @@ -34,7 +34,7 @@ my $started = 0; foreach () { - if (/^\s*(\S+)\s*\@/) + if (/^\s*(\S+)\s*(\@\S+)\s*$/) { $started = 1; if (exists $nosym{$1}) @@ -43,6 +43,9 @@ foreach () } else { + my $imptmp = sprintf " %-39s %s\n", + "$1=libosslfips.$1", $2; + push @fipsrest, $imptmp; push @fipsdll, "\t$1\n"; } } @@ -59,8 +62,8 @@ push @fipsdll, "\tOPENSSL_cpuid_setup\n"; # Write out DEF files for each array -write_def("ms/libfips.def", "LIBFIPS", $preamble, \@fipsdll); -write_def("ms/libcryptofips.def", "LIBCRYPTOFIPS", $preamble, \@fipsrest); +write_def("ms/libosslfips.def", "LIBOSSLFIPS", $preamble, \@fipsdll); +write_def("ms/libeayfips.def", "", $preamble, \@fipsrest); sub write_def @@ -68,9 +71,11 @@ sub write_def my ($fnam, $defname, $preamble, $rdefs) = @_; open (OUT, ">$fnam") || die "Can't Open DEF file $fnam for Writing\n"; - $preamble =~ s/LIBEAY32/$defname/g; - $preamble =~ s/LIBEAY/$defname/g; - + if ($defname ne "") + { + $preamble =~ s/LIBEAY32/$defname/g; + $preamble =~ s/LIBEAY/$defname/g; + } print OUT $preamble; foreach (@$rdefs) { diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl index 8997ac507b..9f897aa4bb 100644 --- a/util/pl/VC-32.pl +++ b/util/pl/VC-32.pl @@ -14,20 +14,13 @@ if ($fips && !$shlib) } else { - if ($fipsdso) - { - $crypto="libcryptofips"; - } - else - { - $crypto="libeay32"; - } + $crypto="libeay32"; } $o='\\'; $cp='$(PERL) util/copy.pl'; $mkdir='$(PERL) util/mkdir-p.pl'; -$rm='del'; +$rm='del /Q'; $zlib_lib="zlib1.lib"; @@ -269,7 +262,11 @@ sub do_lib_rule { $base_arg = ""; } - if ($name ne "") + if ($target =~ /O_CRYPTO/ && $fipsdso) + { + $name = "/def:ms/libeayfips.def"; + } + elsif ($name ne "") { $name =~ tr/a-z/A-Z/; $name = "/def:ms/${name}.def"; @@ -291,7 +288,7 @@ sub do_lib_rule if ($target =~ /O_SSL/) { $ex .= " \$(L_CRYPTO)"; - $ex .= " \$(L_FIPS)" if $fipsdso; + #$ex .= " \$(L_FIPS)" if $fipsdso; } my $fipstarget; if ($fipsdso) @@ -324,7 +321,7 @@ sub do_lib_rule { $ex.= $mwex unless $fipscanisterbuild; $ret.="$target: $objs \$(PREMAIN_DSO_EXE)"; - $ret.=" ms/libfips.def" if $fipsdso; + $ret.=" ms/\$(LIBFIPS).def" if $fipsdso; $ret.="\n\tSET FIPS_LINK=\$(LINK)\n"; $ret.="\tSET FIPS_CC=\$(CC)\n"; $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n"; @@ -347,7 +344,7 @@ sub do_lib_rule $ret.="\n\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; } - $ret.="\tIF EXIST \$@.manifest mt -manifest \$@.manifest -outputresource:\$@;2\n\n"; + $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;2\n\n"; } $ret.="\n"; return($ret); @@ -383,7 +380,7 @@ sub do_link_rule $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n"; $ret.="\t\$(APP_EX_OBJ) $files $libs\n<<\n"; } - $ret.="\tIF EXIST \$@.manifest mt -manifest \$@.manifest -outputresource:\$@;1\n\n"; + $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n"; return($ret); } @@ -406,7 +403,7 @@ sub do_rlink_rule sub do_sdef_rule { - my $ret = "ms/libfips.def: \$(O_FIPSCANISTER)\n"; + my $ret = "ms/\$(LIBFIPS).def: \$(O_FIPSCANISTER)\n"; $ret.="\t\$(PERL) util/mksdef.pl \$(MLFLAGS) /out:dummy.dll /def:ms/libeay32.def @<<\n \$(O_FIPSCANISTER)\n<<\n"; $ret.="\n"; return $ret; -- 2.25.1