From 571d90db242aa56c1001a7be0058dd700f7bef86 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 5 Feb 2006 20:52:56 +0000 Subject: [PATCH] Update VC++ build for FIPS mode. --- config | 26 +++++++++-------- util/mk1mf.pl | 72 ++++++++++++++++++++++++++++++++++++++---------- util/pl/VC-32.pl | 2 ++ 3 files changed, 75 insertions(+), 25 deletions(-) diff --git a/config b/config index 7f24e7f29c..dbe1595341 100755 --- a/config +++ b/config @@ -58,17 +58,17 @@ VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown" # Check for VC++ presence first. - -if [ "x$MSVCDIR" != "x" -o "x$VCINSTALLDIR" != "x" ]; then - perl Configure VC-WIN32 $* - cmd /c ms\\do_masm.bat - perl util/mk1mf.pl VC-WIN32-GMAKE >mak.tmp - rm Makefile - mv mak.tmp Makefile - echo "Configured for VC++ using GNU make" - exit 0 -fi - +# +#if [ "x$MSVCDIR" != "x" -o "x$VCINSTALLDIR" != "x" ]; then +# perl Configure VC-WIN32 $* +# cmd /c ms\\do_masm.bat +# perl util/mk1mf.pl VC-WIN32-GMAKE >mak.tmp +# rm Makefile +# mv mak.tmp Makefile +# echo "Configured for VC++ using GNU make" +# exit 0 +#fi +# # Now test for ISC and SCO, since it is has a braindamaged uname. # @@ -355,6 +355,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in MINGW*) echo "${MACHINE}-whatever-mingw"; echo 0; + # Save fipslib path so VC++ build can find it + (cd /usr/local/ssl/lib ; pwd -W ) > util/fipslib_path.txt + # Extract _chkstk.o so VC++ can use it, to avoid __alloca link error + (cd ms ; ar x `gcc -print-libgcc-file-name` _chkstk.o) ;; CYGWIN*) case "$RELEASE" in diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 2487da5ad1..c722269477 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -14,7 +14,11 @@ local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic local $zlib_lib = ""; my $fips_canister_path = ""; -my $fipslibdir = "fipslib"; +my $fips_premain_dso_exe_path = ""; +my $fips_premain_c_path = ""; +my $fips_sha1_exe_path = ""; + +my $fipslibdir = ""; my $ex_l_libs = ""; @@ -365,13 +369,41 @@ if ($fips_canister_path eq "") $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.o"; } - $ex_build_targets .= "\$(FIPSLIB_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips_canister_build); +if ($fips_premain_c_path eq "") + { + $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c"; + } + +if ($fips_sha1_exe_path eq "") + { + $fips_sha1_exe_path = + "fips-1.0${o}sha${o}fips_sha1_standalone$exep"; + } + +if ($fips_premain_dso_exe_path eq "") + { + $fips_premain_dso_exe_path = "fips-1.0${o}fips_premain_dso$exep"; + } -if ($fips && !$shlib) +# $ex_build_targets .= "\$(FIPSLIB_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips_canister_build); + +if ($fips) { - $ex_build_targets .= " \$(LIB_D)$o$crypto_compat"; - $ex_l_libs .= " \$(O_FIPSCANISTER)"; + if (!$shlib) + { + $ex_build_targets .= " \$(LIB_D)$o$crypto_compat"; + $ex_l_libs .= " \$(O_FIPSCANISTER)"; + } + if ($fipslibpath == "") + { + open (IN, "util/fipslib_path.txt") || fipslib_error(); + $fipslibdir = ; + chomp $fipslibdir; + close IN; + } + } + $defs= <<"EOF"; # This makefile has been automatically generated from the OpenSSL distribution. @@ -455,7 +487,6 @@ INCO_D=$inc_dir${o}openssl # Directory containing FIPS module -FIPSLIB_D=$fipslibdir CP=$cp RM=$rm @@ -471,10 +502,19 @@ MKCANISTER=$mkcanister ###################################################### E_EXE=openssl -E_PREMAIN_DSO=fips_premain_dso SSL=$ssl CRYPTO=$crypto +# FIPS validated module and support file locations + +E_PREMAIN_DSO=fips_premain_dso + +FIPSLIB_D=$fipslibdir +FIPS_PREMAIN_SRC=$fips_premain_c_path +O_FIPSCANISTER=$fips_canister_path +FIPS_SHA1_EXE=$fips_sha1_exe_path +PREMAIN_DSO_EXE=$fips_premain_dso_exe_path + # BIN_D - Binary output directory # TEST_D - Binary test file output directory # LIB_D - library output directory @@ -492,7 +532,6 @@ INCL_D=\$(TMP_D) O_SSL= \$(LIB_D)$o$plib\$(SSL)$shlibp O_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$shlibp -O_FIPSCANISTER= $fips_canister_path SO_SSL= $plib\$(SSL)$so_shlibp SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp @@ -514,7 +553,7 @@ LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep EOF $rules=<<"EOF"; -all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) \$(FIPSLIB_D) headers lib exe $ex_build_targets +all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe $ex_build_targets banner: $banner @@ -537,9 +576,6 @@ $banner \$(INC_D): \$(MKDIR) \$(INC_D) -\$(FIPSLIB_D): - \$(MKDIR) \$(FIPSLIB_D) - headers: \$(HEADER) \$(EXHEADER) @ @@ -727,7 +763,7 @@ if ($fips) $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)", "\$(O_CRYPTO)",$crypto,$shlib, "\$(SO_CRYPTO)", "0xFB00000", "\$(FIPSLIB_D)$o\$(E_PREMAIN_DSO)$exep", - "\$(FIPSLIB_D)${o}fips_premain.c"); + "\$(FIPS_PREMAIN_SRC)"); } else { @@ -746,7 +782,7 @@ if ($fips) if ($fips && $fips_canister_build) { - $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", "\$(OBJ_D)${o}fips_start$obj \$(FIPSOBJ) \$(OBJ_D)${o}fips_end$obj", "\$(FIPSLIB_D)${o}fips_standalone_sha1$exep", "") if $fips_canister_build; + $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", "\$(OBJ_D)${o}fips_start$obj \$(FIPSOBJ) \$(OBJ_D)${o}fips_end$obj", "\$(FIPSLIB_D)${o}fips_standalone_sha1$exep", ""); $rules.=&do_link_rule("\$(FIPSLIB_D)${o}\$(E_PREMAIN_DSO)$exep","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(O_CRYPTO) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1); } @@ -1080,3 +1116,11 @@ sub read_options else { return(0); } return(1); } + +sub fipslib_error + { + print STDERR "FIPS install directory sanity check failed\n"; + print STDERR "Either FIPS module build was not completed, or"; + print STDERR "was deleted.\nPlease rebuild FIPS module\n"; + exit 1; + } diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl index 52dc566b79..74dd690a90 100644 --- a/util/pl/VC-32.pl +++ b/util/pl/VC-32.pl @@ -135,6 +135,7 @@ sub do_lib_rule # $ret.="\t\$(RM) \$(O_$Name)\n"; $ret.="$target: $objs\n"; $ex =' advapi32.lib'; + $ex.=" ms${o}_chkstk.o" if $fips && $target =~ /O_CRYPTO/; $ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n"; } else @@ -142,6 +143,7 @@ sub do_lib_rule local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':''; $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib'; $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/; + $ex.=" ms${o}_chkstk.o" if $fips && $target =~ /O_CRYPTO/; if (defined $fips_get_sig) { $ret.="$target: $objs $fips_get_sig\n"; -- 2.25.1