From 580b60047bcc08256ae6ada438d90b3e4ee40888 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Tue, 16 Jan 2007 19:30:21 +0000
Subject: [PATCH] Add options to allow fipscanister to be built and linked
 against internally.

---
 Configure         | 19 ++++++++++++++++---
 Makefile.org      |  5 +++--
 fips-1.0/Makefile |  4 ++--
 fips-1.0/fipsld   | 13 +++++++++----
 4 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/Configure b/Configure
index c3bc9a3145..c5ba750047 100755
--- a/Configure
+++ b/Configure
@@ -621,7 +621,9 @@ my $prefix="";
 my $openssldir="";
 my $exe_ext="";
 my $install_prefix="";
-my $fipslibdir="/usr/local/ssl/lib";
+my $fipslibdir="/usr/local/ssl/lib/";
+my $nofipscanistercheck=0;
+my $fipscanisterinternal="n";
 my $baseaddr="0xFB00000";
 my $no_threads=0;
 my $no_shared=1;
@@ -871,9 +873,19 @@ PROCESS_ARGS:
 				{
 				$withargs{"zlib-lib"}=$1;
 				}
+			elsif (/^--nofipscanistercheck$/)
+				{
+				$nofipscanistercheck = 1;
+				}
+			elsif (/^--fipscanisterbuild$/)
+				{
+				$nofipscanistercheck = 1;
+				$fipslibdir="";
+				$fipscanisterinternal="y";
+				}
 			elsif (/^--with-fipslibdir=(.*)$/)
 				{
-				$fipslibdir="$1";
+				$fipslibdir="$1/";
 				}
 			elsif (/^--with-baseaddr=(.*)$/)
 				{
@@ -982,7 +994,7 @@ chop $prefix if $prefix =~ /\/$/;
 $openssldir=$prefix . "/ssl" if $openssldir eq "";
 $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
 
-if ($fips && ! -f "$fipslibdir/fipscanister.o")
+if ($fips && !$nofipscanistercheck && ! -f "${fipslibdir}fipscanister.o")
 	{
 	my $fipswinerr = "";
 	$fipswinerr = <<EOF if $IsWindows;
@@ -1344,6 +1356,7 @@ while (<IN>)
 	s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
 	s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/;
 	s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
+	s/^FIPSCANISTERINTERNAL=.*/FIPSCANISTERINTERNAL=$fipscanisterinternal/;
 	s/^BASEADDR=.*/BASEADDR=$baseaddr/;
 	s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/;
 	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
diff --git a/Makefile.org b/Makefile.org
index b9db0dd57d..daeab8e3c8 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -183,7 +183,8 @@ LIBZLIB=
 # $(INSTALLTOP) for this build make be different so hard
 # code the path.
 
-FIPSLIBDIR=/usr/local/ssl/lib
+FIPSLIBDIR=/usr/local/ssl/lib/
+FIPSCANISTERINTERNAL=n
 
 # Shared library base address. Currently only used on Windows.
 #
@@ -248,7 +249,7 @@ sub_all:
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making all in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' FIPS_AES_ENC='${FIPS_AES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' FIPSLIBDIR='${FIPSLIBDIR}' all ) || exit 1; \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' FIPS_AES_ENC='${FIPS_AES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' FIPSLIBDIR='${FIPSLIBDIR}' all ) || exit 1; \
 	else \
 		$(MAKE) $$i; \
 	fi; \
diff --git a/fips-1.0/Makefile b/fips-1.0/Makefile
index d92652b031..69e92eb055 100644
--- a/fips-1.0/Makefile
+++ b/fips-1.0/Makefile
@@ -18,7 +18,7 @@ PERL=		perl
 RM=             rm -f
 AR=		ar r
 
-FIPSCANLOC=	$(FIPSLIBDIR)/fipscanister.o
+FIPSCANLOC=	$(FIPSLIBDIR)fipscanister.o
 
 PEX_LIBS=
 EX_LIBS=
@@ -196,7 +196,7 @@ depend:
 	done;
 
 clean:
-	rm -f buildinf.h *.o *.obj fips_premain_dso$(EXE_EXT) lib tags core .pure .nfs* *.old *.bak fluff
+	rm -f buildinf.h *.o fipscanister.o.sha1 *.obj fips_premain_dso$(EXE_EXT) lib tags core .pure .nfs* *.old *.bak fluff
 	@for i in $(FDIRS) ;\
 	do \
 	(cd $$i && echo "making clean in fips/$$i..." && \
diff --git a/fips-1.0/fipsld b/fips-1.0/fipsld
index 237910de87..0698ce0886 100755
--- a/fips-1.0/fipsld
+++ b/fips-1.0/fipsld
@@ -32,10 +32,15 @@ TARGET=`(while [ "x$1" != "x" -a "x$1" != "x-o" ]; do shift; done; echo $2)`
 
 THERE="`echo $0 | sed -e 's|[^/]*$||'`"..
 
-# Location of installed validated FIPS module
-FIPSLIBDIR=${FIPSLIBDIR:-/usr/local/ssl/lib}
-# If this is a build from a validated tarball use this instead
-# FIPSLIBDIR=${THERE}/fips-1.0
+# FIPSLIBDIR is location of installed validated FIPS module
+# if FIPSCANISTERINTERNAL="y" link against internally generated fipscanister.o
+if [ "x$FIPSCANISTERINTERNAL" != "xy" ]; then
+	FIPSLIBDIR=${FIPSLIBDIR:-/usr/local/ssl/lib}
+else
+	FIPSLIBDIR=${THERE}/fips-1.0
+fi
+
+echo libdir = $FIPSLIBDIR
 
 [ -f "${FIPSLIBDIR}/fipscanister.o" ] ||
 	{ echo "fipscanister.o not found"; exit 1; }
-- 
2.25.1