local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic
local $zlib_lib = "";
-my $fips_canister_path = "";
+local $fips_canister_path = "";
my $fips_premain_dso_exe_path = "";
my $fips_premain_c_path = "";
my $fips_sha1_exe_path = "";
no-md2 no-md4 no-md5 no-sha no-mdc2 - Skip this digest
no-ripemd
no-rc2 no-rc4 no-rc5 no-idea no-des - Skip this symetric cipher
- no-bf no-cast no-aes no-camellia
+ no-bf no-cast no-aes no-camellia no-seed
no-rsa no-dsa no-dh - Skip this public key cipher
no-ssl2 no-ssl3 - Skip this version of SSL
just-ssl - remove all non-ssl keys/digest
$cflags.=" -DOPENSSL_NO_IDEA" if $no_idea;
$cflags.=" -DOPENSSL_NO_AES" if $no_aes;
$cflags.=" -DOPENSSL_NO_CAMELLIA" if $no_camellia;
+$cflags.=" -DOPENSSL_NO_SEED" if $no_seed;
$cflags.=" -DOPENSSL_NO_RC2" if $no_rc2;
$cflags.=" -DOPENSSL_NO_RC4" if $no_rc4;
$cflags.=" -DOPENSSL_NO_RC5" if $no_rc5;
}
$fips_exclude_obj{"bn_asm"} = 1;
+ $fips_exclude_obj{"des_enc"} = 1;
+ $fips_exclude_obj{"fcrypt_b"} = 1;
+ $fips_exclude_obj{"aes_core"} = 1;
+ $fips_exclude_obj{"aes_cbc"} = 1;
my @ltmp = split " ", $lib_obj{"CRYPTO"};
if ($fipscanisterbuild)
{
- $fips_canister_path = "\$(LIB_D)${o}fipscanister.o";
+ $fips_canister_path = "\$(LIB_D)${o}fipscanister.o" if $fips_canister_path eq "";
$fips_premain_c_path = "\$(LIB_D)${o}fips_premain.c";
}
else
{
$ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)";
$ex_l_libs .= " \$(O_FIPSCANISTER)";
+ $ex_libs_dep .= " \$(O_FIPSCANISTER)" if $fipscanisterbuild;
}
if ($fipscanisterbuild)
{
RSC=$rsc
FIPSLINK=\$(PERL) util${o}fipslink.pl
+AES_ASM_OBJ=$aes_asm_obj
+AES_ASM_SRC=$aes_asm_src
BN_ASM_OBJ=$bn_asm_obj
BN_ASM_SRC=$bn_asm_src
BNCO_ASM_OBJ=$bnco_asm_obj
$rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj",
"fips-1.0${o}sha${o}fips_standalone_sha1.c",
"\$(SHLIB_CFLAGS)");
- $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_sha1dgst$obj",
- "fips-1.0${o}sha${o}fips_sha1dgst.c",
- "\$(SHLIB_CFLAGS)") unless $fipscanisterbuild;
$rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj",
"fips-1.0${o}fips_premain.c",
"-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)");
next;
}
- if (($bn_asm_obj ne "") && ($_ eq "CRYPTO"))
+ if ((!$fips && ($_ eq "CRYPTO")) || ($fips && ($_ eq "FIPS")))
{
- $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/;
- $rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src);
- }
- if (($bnco_asm_obj ne "") && ($_ eq "CRYPTO"))
- {
- $lib_obj .= "\$(BNCO_ASM_OBJ)";
- $rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src);
- }
- if (($des_enc_obj ne "") && ($_ eq "CRYPTO"))
- {
- $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/;
- $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /;
- $rules.=&do_asm_rule($des_enc_obj,$des_enc_src);
+ if ($aes_asm_obj ne "")
+ {
+ $lib_obj =~ s/\s(\S*\/aes_core\S*)/ \$(AES_ASM_OBJ)/;
+ $lib_obj =~ s/\s\S*\/aes_cbc\S*//;
+ $rules.=&do_asm_rule($aes_asm_obj,$aes_asm_src);
+ }
+ if ($sha1_asm_obj ne "")
+ {
+ $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/;
+ $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src);
+ }
+ if ($bn_asm_obj ne "")
+ {
+ $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/;
+ $rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src);
+ }
+ if ($bnco_asm_obj ne "")
+ {
+ $lib_obj .= "\$(BNCO_ASM_OBJ)";
+ $rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src);
+ }
+ if ($des_enc_obj ne "")
+ {
+ $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/;
+ $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /;
+ $rules.=&do_asm_rule($des_enc_obj,$des_enc_src);
+ }
}
if (($bf_enc_obj ne "") && ($_ eq "CRYPTO"))
{
$lib_obj =~ s/\s(\S*\/md5_dgst\S*)/ $1 \$(MD5_ASM_OBJ)/;
$rules.=&do_asm_rule($md5_asm_obj,$md5_asm_src);
}
- if (($sha1_asm_obj ne "") && ($_ eq "CRYPTO"))
- {
- $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/;
- $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src);
- }
if (($rmd160_asm_obj ne "") && ($_ eq "CRYPTO"))
{
$lib_obj =~ s/\s(\S*\/rmd_dgst\S*)/ $1 \$(RMD160_ASM_OBJ)/;
$defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep);
foreach (split(/\s+/,$test))
{
+ my $t_libs;
$t=&bname($_);
+ if ($fipsdso && /fips-1.0/)
+ {
+ $t_libs = "\$(L_FIPS)";
+ }
+ else
+ {
+ $t_libs = "\$(L_LIBS)";
+ }
+
$tt="\$(OBJ_D)${o}$t${obj}";
- $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
+ $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","$t_libs \$(EX_LIBS)");
}
$defs.=&do_defs("E_SHLIB",$engines,"\$(ENG_D)",$shlibp);
{
$rules.= &do_lib_rule("\$(CRYPTOOBJ)",
"\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
- $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(FIPSOBJ)",
"\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", "");
}
}
if ($fips)
{
- $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", "\$(OBJ_D)${o}fips_start$obj \$(FIPSOBJ) \$(OBJ_D)${o}fips_end$obj", "\$(FIPS_SHA1_EXE)", "") if $fipscanisterbuild;
+ $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", "\$(OBJ_D)${o}fips_start$obj", "\$(FIPSOBJ)", "\$(OBJ_D)${o}fips_end$obj", "\$(FIPS_SHA1_EXE)", "") if $fipscanisterbuild;
$rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1);
- $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)","\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}fips_sha1dgst$obj","","", 1);
+ $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)","\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}sha1dgst$obj \$(SHA1_ASM_OBJ)","","", 1);
}
$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)",0);
return("") if $no_idea && $dir =~ /\/idea/;
return("") if $no_aes && $dir =~ /\/aes/;
return("") if $no_camellia && $dir =~ /\/camellia/;
+ return("") if $no_seed && $dir =~ /\/seed/;
return("") if $no_rc2 && $dir =~ /\/rc2/;
return("") if $no_rc4 && $dir =~ /\/rc4/;
return("") if $no_rc5 && $dir =~ /\/rc5/;
@a=grep(!/^e_.*_c$/,@a) if $no_cast;
@a=grep(!/^e_rc4$/,@a) if $no_rc4;
@a=grep(!/^e_camellia$/,@a) if $no_camellia;
+ @a=grep(!/^e_seed$/,@a) if $no_seed;
@a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
@a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3;
elsif ($_ =~ /RC5_ENC/) { $t="$_ "; }
elsif ($_ =~ /MD5_ASM/) { $t="$_ "; }
elsif ($_ =~ /SHA1_ASM/){ $t="$_ "; }
+ elsif ($_ =~ /AES_ASM/){ $t="$_ "; }
elsif ($_ =~ /RMD160_ASM/){ $t="$_ "; }
elsif ($_ =~ /CPUID_ASM/){ $t="$_ "; }
else { $t="$location${o}$_$pf "; }
"no-idea" => \$no_idea,
"no-aes" => \$no_aes,
"no-camellia" => \$no_camellia,
+ "no-seed" => \$no_seed,
"no-des" => \$no_des,
"no-bf" => \$no_bf,
"no-cast" => \$no_cast,
"no-dsa" => \$no_dsa,
"no-dh" => \$no_dh,
"no-hmac" => \$no_hmac,
- "no-aes" => \$no_aes,
- "no-camellia" => \$no_camellia,
"no-asm" => \$no_asm,
"nasm" => \$nasm,
"nw-nasm" => \$nw_nasm,
[\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast,
\$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh,
\$no_ssl2, \$no_err, \$no_ripemd, \$no_rc5,
- \$no_aes, \$no_camellia],
+ \$no_aes, \$no_camellia, \$no_seed],
"rsaref" => 0,
"gcc" => \$gcc,
"debug" => \$debug,