From 27ca03ea829443ee750db148dde87cf3da900d9c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 26 Apr 2021 19:44:24 +0200 Subject: [PATCH] Unix build file: Add a target to create providers/fips.module.sources This file will be the basis for the FIPS module checksum calculation Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/8871) --- Configurations/unix-Makefile.tmpl | 36 +++ providers/fips.module.sources | 467 ++++++++++++++++++++++++++++++ 2 files changed, 503 insertions(+) create mode 100644 providers/fips.module.sources diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 4ace44477d..e730e1dee1 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -1137,6 +1137,42 @@ generate_doc_buildinfo: mv $(SRCDIR)/doc/build.info.new $(SRCDIR)/doc/build.info; \ fi ) +{- output_off() if $disabled{fips}; "" -} +generate_fips_sources: $(SRCDIR)/providers/fips.module.sources +$(SRCDIR)/providers/fips.module.sources: \ + $(SRCDIR)/Configure \ + {- join(" \\\n" . ' ' x 16, + fill_lines(" ", $COLUMNS - 16, + @{$config{build_file_templates}}, + @{$config{build_infos}}, + @{$config{conf_files}})) -} + rm -rf sources-tmp + mkdir sources-tmp + ( \ + srcdir=`cd $(SRCDIR); pwd`; \ + cd sources-tmp \ + && $$srcdir/Configure enable-fips \ + && ./configdata.pm --query 'get_sources("providers/fips")' > sources1 \ + && $$srcdir/Configure enable-fips no-asm \ + && ./configdata.pm --query 'get_sources("providers/fips")' > sources2 \ + ) + ( \ + srcdir2=`if [ "$(SRCDIR)" = "." ]; then echo ".."; elif echo "$(SRCDIR)" | grep '^/' > /dev/null; then echo "$(SRCDIR)"; else echo "../$(SRCDIR)"; fi`; \ + cat sources-tmp/sources1 sources-tmp/sources2 \ + | grep -v ' : \\$$' | sed -e 's| \\$$||' -e "s|^ $$srcdir2/||"; \ + cd $(SRCDIR); \ + for x in crypto/bn/asm/*.pl crypto/bn/asm/*.S \ + crypto/aes/asm/*.pl crypto/aes/asm/*.S \ + crypto/ec/asm/*.pl \ + crypto/md5/asm/*.pl \ + crypto/modes/asm/*.pl \ + crypto/sha/asm/*.pl; do \ + echo "$$x"; \ + done \ + ) | sort | uniq > $(SRCDIR)/providers/fips.module.sources + rm -rf sources-tmp +{- output_on() if $disabled{fips}; "" -} + # Set to -force to force a rebuild ERROR_REBUILD= errors: diff --git a/providers/fips.module.sources b/providers/fips.module.sources new file mode 100644 index 0000000000..79b532fe89 --- /dev/null +++ b/providers/fips.module.sources @@ -0,0 +1,467 @@ +crypto/aes/aes_cbc.c +crypto/aes/aes_core.c +crypto/aes/aes_ecb.c +crypto/aes/aes_misc.c +crypto/aes/asm/aes-586.pl +crypto/aes/asm/aes-armv4.pl +crypto/aes/asm/aes-c64xplus.pl +crypto/aes/asm/aes-ia64.S +crypto/aes/asm/aes-mips.pl +crypto/aes/asm/aes-parisc.pl +crypto/aes/asm/aes-ppc.pl +crypto/aes/asm/aes-s390x.pl +crypto/aes/asm/aes-sparcv9.pl +crypto/aes/asm/aes-x86_64.pl +crypto/aes/asm/aesfx-sparcv9.pl +crypto/aes/asm/aesni-mb-x86_64.pl +crypto/aes/asm/aesni-sha1-x86_64.pl +crypto/aes/asm/aesni-sha256-x86_64.pl +crypto/aes/asm/aesni-x86.pl +crypto/aes/asm/aesni-x86_64.pl +crypto/aes/asm/aesp8-ppc.pl +crypto/aes/asm/aest4-sparcv9.pl +crypto/aes/asm/aesv8-armx.pl +crypto/aes/asm/bsaes-armv7.pl +crypto/aes/asm/bsaes-x86_64.pl +crypto/aes/asm/vpaes-armv8.pl +crypto/aes/asm/vpaes-ppc.pl +crypto/aes/asm/vpaes-x86.pl +crypto/aes/asm/vpaes-x86_64.pl +crypto/asn1_dsa.c +crypto/bn/asm/alpha-mont.pl +crypto/bn/asm/armv4-gf2m.pl +crypto/bn/asm/armv4-mont.pl +crypto/bn/asm/armv8-mont.pl +crypto/bn/asm/bn-586.pl +crypto/bn/asm/c64xplus-gf2m.pl +crypto/bn/asm/co-586.pl +crypto/bn/asm/ia64-mont.pl +crypto/bn/asm/ia64.S +crypto/bn/asm/mips-mont.pl +crypto/bn/asm/mips.pl +crypto/bn/asm/parisc-mont.pl +crypto/bn/asm/ppc-mont.pl +crypto/bn/asm/ppc.pl +crypto/bn/asm/ppc64-mont.pl +crypto/bn/asm/rsaz-avx2.pl +crypto/bn/asm/rsaz-avx512.pl +crypto/bn/asm/rsaz-x86_64.pl +crypto/bn/asm/s390x-gf2m.pl +crypto/bn/asm/s390x-mont.pl +crypto/bn/asm/s390x.S +crypto/bn/asm/sparct4-mont.pl +crypto/bn/asm/sparcv8.S +crypto/bn/asm/sparcv8plus.S +crypto/bn/asm/sparcv9-gf2m.pl +crypto/bn/asm/sparcv9-mont.pl +crypto/bn/asm/sparcv9a-mont.pl +crypto/bn/asm/via-mont.pl +crypto/bn/asm/vis3-mont.pl +crypto/bn/asm/x86-gf2m.pl +crypto/bn/asm/x86-mont.pl +crypto/bn/asm/x86_64-gcc.c +crypto/bn/asm/x86_64-gf2m.pl +crypto/bn/asm/x86_64-mont.pl +crypto/bn/asm/x86_64-mont5.pl +crypto/bn/bn_add.c +crypto/bn/bn_asm.c +crypto/bn/bn_blind.c +crypto/bn/bn_const.c +crypto/bn/bn_conv.c +crypto/bn/bn_ctx.c +crypto/bn/bn_dh.c +crypto/bn/bn_div.c +crypto/bn/bn_exp.c +crypto/bn/bn_exp2.c +crypto/bn/bn_gcd.c +crypto/bn/bn_gf2m.c +crypto/bn/bn_intern.c +crypto/bn/bn_kron.c +crypto/bn/bn_lib.c +crypto/bn/bn_mod.c +crypto/bn/bn_mont.c +crypto/bn/bn_mpi.c +crypto/bn/bn_mul.c +crypto/bn/bn_nist.c +crypto/bn/bn_prime.c +crypto/bn/bn_rand.c +crypto/bn/bn_recp.c +crypto/bn/bn_rsa_fips186_4.c +crypto/bn/bn_shift.c +crypto/bn/bn_sqr.c +crypto/bn/bn_sqrt.c +crypto/bn/bn_word.c +crypto/bn/rsaz_exp.c +crypto/bn/rsaz_exp_x2.c +crypto/bsearch.c +crypto/buffer/buffer.c +crypto/cmac/cmac.c +crypto/context.c +crypto/core_algorithm.c +crypto/core_fetch.c +crypto/core_namemap.c +crypto/cpuid.c +crypto/cryptlib.c +crypto/ctype.c +crypto/der_writer.c +crypto/des/des_enc.c +crypto/des/ecb3_enc.c +crypto/des/fcrypt_b.c +crypto/des/set_key.c +crypto/dh/dh_backend.c +crypto/dh/dh_check.c +crypto/dh/dh_gen.c +crypto/dh/dh_group_params.c +crypto/dh/dh_kdf.c +crypto/dh/dh_key.c +crypto/dh/dh_lib.c +crypto/dsa/dsa_backend.c +crypto/dsa/dsa_check.c +crypto/dsa/dsa_gen.c +crypto/dsa/dsa_key.c +crypto/dsa/dsa_lib.c +crypto/dsa/dsa_ossl.c +crypto/dsa/dsa_sign.c +crypto/dsa/dsa_vrf.c +crypto/ec/asm/ecp_nistz256-armv4.pl +crypto/ec/asm/ecp_nistz256-armv8.pl +crypto/ec/asm/ecp_nistz256-ppc64.pl +crypto/ec/asm/ecp_nistz256-sparcv9.pl +crypto/ec/asm/ecp_nistz256-x86.pl +crypto/ec/asm/ecp_nistz256-x86_64.pl +crypto/ec/asm/x25519-ppc64.pl +crypto/ec/asm/x25519-x86_64.pl +crypto/ec/curve25519.c +crypto/ec/curve448/arch_32/f_impl32.c +crypto/ec/curve448/arch_64/f_impl64.c +crypto/ec/curve448/curve448.c +crypto/ec/curve448/curve448_tables.c +crypto/ec/curve448/eddsa.c +crypto/ec/curve448/f_generic.c +crypto/ec/curve448/scalar.c +crypto/ec/ec2_oct.c +crypto/ec/ec2_smpl.c +crypto/ec/ec_asn1.c +crypto/ec/ec_backend.c +crypto/ec/ec_check.c +crypto/ec/ec_curve.c +crypto/ec/ec_cvt.c +crypto/ec/ec_deprecated.c +crypto/ec/ec_key.c +crypto/ec/ec_kmeth.c +crypto/ec/ec_lib.c +crypto/ec/ec_mult.c +crypto/ec/ec_oct.c +crypto/ec/ec_print.c +crypto/ec/ecdh_kdf.c +crypto/ec/ecdh_ossl.c +crypto/ec/ecdsa_ossl.c +crypto/ec/ecdsa_sign.c +crypto/ec/ecdsa_vrf.c +crypto/ec/ecp_mont.c +crypto/ec/ecp_nist.c +crypto/ec/ecp_nistz256.c +crypto/ec/ecp_oct.c +crypto/ec/ecp_smpl.c +crypto/ec/ecx_backend.c +crypto/ec/ecx_key.c +crypto/evp/asymcipher.c +crypto/evp/cmeth_lib.c +crypto/evp/dh_support.c +crypto/evp/digest.c +crypto/evp/ec_support.c +crypto/evp/evp_enc.c +crypto/evp/evp_fetch.c +crypto/evp/evp_lib.c +crypto/evp/evp_rand.c +crypto/evp/evp_utils.c +crypto/evp/exchange.c +crypto/evp/kdf_lib.c +crypto/evp/kdf_meth.c +crypto/evp/kem.c +crypto/evp/keymgmt_lib.c +crypto/evp/keymgmt_meth.c +crypto/evp/m_sigver.c +crypto/evp/mac_lib.c +crypto/evp/mac_meth.c +crypto/evp/p_lib.c +crypto/evp/pmeth_check.c +crypto/evp/pmeth_gn.c +crypto/evp/pmeth_lib.c +crypto/evp/signature.c +crypto/ex_data.c +crypto/ffc/ffc_backend.c +crypto/ffc/ffc_dh.c +crypto/ffc/ffc_key_generate.c +crypto/ffc/ffc_key_validate.c +crypto/ffc/ffc_params.c +crypto/ffc/ffc_params_generate.c +crypto/ffc/ffc_params_validate.c +crypto/hmac/hmac.c +crypto/initthread.c +crypto/lhash/lhash.c +crypto/md5/asm/md5-586.pl +crypto/md5/asm/md5-sparcv9.pl +crypto/md5/asm/md5-x86_64.pl +crypto/md5/md5_dgst.c +crypto/md5/md5_one.c +crypto/md5/md5_sha1.c +crypto/mem_clr.c +crypto/modes/asm/aes-gcm-armv8_64.pl +crypto/modes/asm/aesni-gcm-x86_64.pl +crypto/modes/asm/ghash-alpha.pl +crypto/modes/asm/ghash-armv4.pl +crypto/modes/asm/ghash-c64xplus.pl +crypto/modes/asm/ghash-ia64.pl +crypto/modes/asm/ghash-parisc.pl +crypto/modes/asm/ghash-s390x.pl +crypto/modes/asm/ghash-sparcv9.pl +crypto/modes/asm/ghash-x86.pl +crypto/modes/asm/ghash-x86_64.pl +crypto/modes/asm/ghashp8-ppc.pl +crypto/modes/asm/ghashv8-armx.pl +crypto/modes/cbc128.c +crypto/modes/ccm128.c +crypto/modes/cfb128.c +crypto/modes/ctr128.c +crypto/modes/gcm128.c +crypto/modes/ofb128.c +crypto/modes/wrap128.c +crypto/modes/xts128.c +crypto/o_str.c +crypto/packet.c +crypto/param_build.c +crypto/param_build_set.c +crypto/params.c +crypto/params_dup.c +crypto/params_from_text.c +crypto/passphrase.c +crypto/property/defn_cache.c +crypto/property/property.c +crypto/property/property_parse.c +crypto/property/property_string.c +crypto/provider_core.c +crypto/provider_predefined.c +crypto/rand/rand_lib.c +crypto/rand/rand_meth.c +crypto/rsa/rsa_backend.c +crypto/rsa/rsa_chk.c +crypto/rsa/rsa_crpt.c +crypto/rsa/rsa_gen.c +crypto/rsa/rsa_lib.c +crypto/rsa/rsa_mp_names.c +crypto/rsa/rsa_none.c +crypto/rsa/rsa_oaep.c +crypto/rsa/rsa_ossl.c +crypto/rsa/rsa_pk1.c +crypto/rsa/rsa_pss.c +crypto/rsa/rsa_schemes.c +crypto/rsa/rsa_sign.c +crypto/rsa/rsa_sp800_56b_check.c +crypto/rsa/rsa_sp800_56b_gen.c +crypto/rsa/rsa_x931.c +crypto/self_test_core.c +crypto/sha/asm/keccak1600-armv4.pl +crypto/sha/asm/keccak1600-armv8.pl +crypto/sha/asm/keccak1600-avx2.pl +crypto/sha/asm/keccak1600-avx512.pl +crypto/sha/asm/keccak1600-avx512vl.pl +crypto/sha/asm/keccak1600-c64x.pl +crypto/sha/asm/keccak1600-mmx.pl +crypto/sha/asm/keccak1600-ppc64.pl +crypto/sha/asm/keccak1600-s390x.pl +crypto/sha/asm/keccak1600-x86_64.pl +crypto/sha/asm/keccak1600p8-ppc.pl +crypto/sha/asm/sha1-586.pl +crypto/sha/asm/sha1-alpha.pl +crypto/sha/asm/sha1-armv4-large.pl +crypto/sha/asm/sha1-armv8.pl +crypto/sha/asm/sha1-c64xplus.pl +crypto/sha/asm/sha1-ia64.pl +crypto/sha/asm/sha1-mb-x86_64.pl +crypto/sha/asm/sha1-mips.pl +crypto/sha/asm/sha1-parisc.pl +crypto/sha/asm/sha1-ppc.pl +crypto/sha/asm/sha1-s390x.pl +crypto/sha/asm/sha1-sparcv9.pl +crypto/sha/asm/sha1-sparcv9a.pl +crypto/sha/asm/sha1-thumb.pl +crypto/sha/asm/sha1-x86_64.pl +crypto/sha/asm/sha256-586.pl +crypto/sha/asm/sha256-armv4.pl +crypto/sha/asm/sha256-c64xplus.pl +crypto/sha/asm/sha256-mb-x86_64.pl +crypto/sha/asm/sha512-586.pl +crypto/sha/asm/sha512-armv4.pl +crypto/sha/asm/sha512-armv8.pl +crypto/sha/asm/sha512-c64xplus.pl +crypto/sha/asm/sha512-ia64.pl +crypto/sha/asm/sha512-mips.pl +crypto/sha/asm/sha512-parisc.pl +crypto/sha/asm/sha512-ppc.pl +crypto/sha/asm/sha512-s390x.pl +crypto/sha/asm/sha512-sparcv9.pl +crypto/sha/asm/sha512-x86_64.pl +crypto/sha/asm/sha512p8-ppc.pl +crypto/sha/keccak1600.c +crypto/sha/sha1dgst.c +crypto/sha/sha256.c +crypto/sha/sha3.c +crypto/sha/sha512.c +crypto/sparse_array.c +crypto/stack/stack.c +crypto/threads_lib.c +crypto/threads_none.c +crypto/threads_pthread.c +crypto/threads_win.c +crypto/x86_64cpuid.pl +providers/common/bio_prov.c +providers/common/capabilities.c +providers/common/der/der_digests_gen.c.in +providers/common/der/der_dsa_gen.c.in +providers/common/der/der_dsa_key.c +providers/common/der/der_dsa_sig.c +providers/common/der/der_ec_gen.c.in +providers/common/der/der_ec_key.c +providers/common/der/der_ec_sig.c +providers/common/der/der_ecx_gen.c.in +providers/common/der/der_ecx_key.c +providers/common/der/der_rsa_gen.c.in +providers/common/der/der_rsa_key.c +providers/common/der/der_rsa_sig.c +providers/common/der/der_sm2_gen.c.in +providers/common/der/der_sm2_key.c +providers/common/der/der_sm2_sig.c +providers/common/der/der_wrap_gen.c.in +providers/common/digest_to_nid.c +providers/common/provider_ctx.c +providers/common/provider_err.c +providers/common/provider_seeding.c +providers/common/provider_util.c +providers/common/securitycheck.c +providers/common/securitycheck_default.c +providers/common/securitycheck_fips.c +providers/fips/fipsprov.c +providers/fips/self_test.c +providers/fips/self_test_kats.c +providers/implementations/asymciphers/rsa_enc.c +providers/implementations/asymciphers/sm2_enc.c +providers/implementations/ciphers/cipher_aes.c +providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c +providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c +providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c +providers/implementations/ciphers/cipher_aes_ccm.c +providers/implementations/ciphers/cipher_aes_ccm_hw.c +providers/implementations/ciphers/cipher_aes_cts.c +providers/implementations/ciphers/cipher_aes_gcm.c +providers/implementations/ciphers/cipher_aes_gcm_hw.c +providers/implementations/ciphers/cipher_aes_hw.c +providers/implementations/ciphers/cipher_aes_ocb.c +providers/implementations/ciphers/cipher_aes_ocb_hw.c +providers/implementations/ciphers/cipher_aes_siv.c +providers/implementations/ciphers/cipher_aes_siv_hw.c +providers/implementations/ciphers/cipher_aes_wrp.c +providers/implementations/ciphers/cipher_aes_xts.c +providers/implementations/ciphers/cipher_aes_xts_fips.c +providers/implementations/ciphers/cipher_aes_xts_hw.c +providers/implementations/ciphers/cipher_aria.c +providers/implementations/ciphers/cipher_aria_ccm.c +providers/implementations/ciphers/cipher_aria_ccm_hw.c +providers/implementations/ciphers/cipher_aria_gcm.c +providers/implementations/ciphers/cipher_aria_gcm_hw.c +providers/implementations/ciphers/cipher_aria_hw.c +providers/implementations/ciphers/cipher_camellia.c +providers/implementations/ciphers/cipher_camellia_hw.c +providers/implementations/ciphers/cipher_chacha20.c +providers/implementations/ciphers/cipher_chacha20_hw.c +providers/implementations/ciphers/cipher_chacha20_poly1305.c +providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c +providers/implementations/ciphers/cipher_null.c +providers/implementations/ciphers/cipher_sm4.c +providers/implementations/ciphers/cipher_sm4_hw.c +providers/implementations/ciphers/cipher_tdes.c +providers/implementations/ciphers/cipher_tdes_common.c +providers/implementations/ciphers/cipher_tdes_default.c +providers/implementations/ciphers/cipher_tdes_default_hw.c +providers/implementations/ciphers/cipher_tdes_hw.c +providers/implementations/ciphers/cipher_tdes_wrap.c +providers/implementations/ciphers/cipher_tdes_wrap_hw.c +providers/implementations/ciphers/ciphercommon.c +providers/implementations/ciphers/ciphercommon_block.c +providers/implementations/ciphers/ciphercommon_ccm.c +providers/implementations/ciphers/ciphercommon_ccm_hw.c +providers/implementations/ciphers/ciphercommon_gcm.c +providers/implementations/ciphers/ciphercommon_gcm_hw.c +providers/implementations/ciphers/ciphercommon_hw.c +providers/implementations/digests/blake2_prov.c +providers/implementations/digests/blake2b_prov.c +providers/implementations/digests/blake2s_prov.c +providers/implementations/digests/digestcommon.c +providers/implementations/digests/md5_prov.c +providers/implementations/digests/md5_sha1_prov.c +providers/implementations/digests/sha2_prov.c +providers/implementations/digests/sha3_prov.c +providers/implementations/digests/sm3_prov.c +providers/implementations/encode_decode/decode_der2key.c +providers/implementations/encode_decode/decode_msblob2key.c +providers/implementations/encode_decode/decode_pem2der.c +providers/implementations/encode_decode/decode_pvk2key.c +providers/implementations/encode_decode/encode_key2any.c +providers/implementations/encode_decode/encode_key2blob.c +providers/implementations/encode_decode/encode_key2ms.c +providers/implementations/encode_decode/encode_key2text.c +providers/implementations/encode_decode/endecoder_common.c +providers/implementations/exchange/dh_exch.c +providers/implementations/exchange/ecdh_exch.c +providers/implementations/exchange/ecx_exch.c +providers/implementations/exchange/kdf_exch.c +providers/implementations/kdfs/hkdf.c +providers/implementations/kdfs/kbkdf.c +providers/implementations/kdfs/krb5kdf.c +providers/implementations/kdfs/pbkdf2.c +providers/implementations/kdfs/pbkdf2_fips.c +providers/implementations/kdfs/pkcs12kdf.c +providers/implementations/kdfs/scrypt.c +providers/implementations/kdfs/sshkdf.c +providers/implementations/kdfs/sskdf.c +providers/implementations/kdfs/tls1_prf.c +providers/implementations/kdfs/x942kdf.c +providers/implementations/kem/rsa_kem.c +providers/implementations/keymgmt/dh_kmgmt.c +providers/implementations/keymgmt/dsa_kmgmt.c +providers/implementations/keymgmt/ec_kmgmt.c +providers/implementations/keymgmt/ecx_kmgmt.c +providers/implementations/keymgmt/kdf_legacy_kmgmt.c +providers/implementations/keymgmt/mac_legacy_kmgmt.c +providers/implementations/keymgmt/rsa_kmgmt.c +providers/implementations/macs/blake2b_mac.c +providers/implementations/macs/blake2s_mac.c +providers/implementations/macs/cmac_prov.c +providers/implementations/macs/gmac_prov.c +providers/implementations/macs/hmac_prov.c +providers/implementations/macs/kmac_prov.c +providers/implementations/macs/poly1305_prov.c +providers/implementations/macs/siphash_prov.c +providers/implementations/rands/crngt.c +providers/implementations/rands/drbg.c +providers/implementations/rands/drbg_ctr.c +providers/implementations/rands/drbg_hash.c +providers/implementations/rands/drbg_hmac.c +providers/implementations/rands/seed_src.c +providers/implementations/rands/seeding/rand_cpu_x86.c +providers/implementations/rands/seeding/rand_tsc.c +providers/implementations/rands/seeding/rand_unix.c +providers/implementations/rands/seeding/rand_win.c +providers/implementations/rands/test_rng.c +providers/implementations/signature/dsa.c +providers/implementations/signature/ecdsa.c +providers/implementations/signature/eddsa.c +providers/implementations/signature/mac_legacy.c +providers/implementations/signature/rsa.c +providers/implementations/signature/sm2sig.c +providers/implementations/storemgmt/file_store.c +providers/implementations/storemgmt/file_store_der2obj.c +providers/prov_running.c +ssl/record/tls_pad.c +ssl/s3_cbc.c +util/providers.num -- 2.39.2