LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @libs) -}
SHLIBS={- join(", ", map { "-\n\t".$_.".EXE" } @shlibs) -}
-FIPSMODULENAME={- # We do some extra checking here, as there should be only one
- use File::Basename;
- my @fipsmodules =
- grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
- && $unified_info{attributes}->{modules}->{$_}->{fips} }
- @{$unified_info{modules}};
- die "More that one FIPS module" if scalar @fipsmodules > 1;
+MODULES={- join(", ", map { "-\n\t".$_.".EXE" }
+ # Drop all modules that are dependencies, they will
+ # be processed through their dependents
+ grep { my $x = $_;
+ !grep { grep { $_ eq $x } @$_ }
+ values %{$unified_info{depends}} }
+ @{$unified_info{modules}}) -}
+FIPSMODULE={- # We do some extra checking here, as there should be only one
+ use File::Basename;
+ our @fipsmodules =
+ grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
+ && $unified_info{attributes}->{modules}->{$_}->{fips} }
+ @{$unified_info{modules}};
+ die "More that one FIPS module" if scalar @fipsmodules > 1;
+ join(" ", map { platform->dso($_) } @fipsmodules) -}
+FIPSMODULENAME={- die "More that one FIPS module" if scalar @fipsmodules > 1;
join(", ", map { basename(platform->dso($_)) } @fipsmodules) -}
-MODULES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{modules}}) -}
PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{programs}}) -}
SCRIPTS={- join(", ", map { "-\n\t".$_ } @{$unified_info{scripts}}) -}
{- output_off() if $disabled{makedepend}; "" -}
MODULES={- join(" \\\n" . ' ' x 8,
fill_lines(" ", $COLUMNS - 8,
map { platform->dso($_) }
+ # Drop all modules that are dependencies, they will
+ # be processed through their dependents
+ grep { my $x = $_;
+ !grep { grep { $_ eq $x } @$_ }
+ values %{$unified_info{depends}} }
@{$unified_info{modules}})) -}
-FIPSMODULENAME={- # We do some extra checking here, as there should be only one
- use File::Basename;
- my @fipsmodules =
- grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
- && $unified_info{attributes}->{modules}->{$_}->{fips} }
- @{$unified_info{modules}};
- die "More that one FIPS module" if scalar @fipsmodules > 1;
+FIPSMODULE={- # We do some extra checking here, as there should be only one
+ use File::Basename;
+ our @fipsmodules =
+ grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
+ && $unified_info{attributes}->{modules}->{$_}->{fips} }
+ @{$unified_info{modules}};
+ die "More that one FIPS module" if scalar @fipsmodules > 1;
+ join(" ", map { platform->dso($_) } @fipsmodules) -}
+FIPSMODULENAME={- die "More that one FIPS module" if scalar @fipsmodules > 1;
join(" ", map { basename(platform->dso($_)) } @fipsmodules) -}
PROGRAMS={- join(" \\\n" . ' ' x 9,
LIBS={- join(" ", map { ( platform->sharedlib_import($_), platform->staticlib($_) ) } @{$unified_info{libraries}}) -}
SHLIBS={- join(" ", map { platform->sharedlib($_) // () } @{$unified_info{libraries}}) -}
SHLIBPDBS={- join(" ", map { platform->sharedlibpdb($_) // () } @{$unified_info{libraries}}) -}
-MODULES={- our @MODULES = map { platform->dso($_) } @{$unified_info{modules}};
+MODULES={- our @MODULES = map { platform->dso($_) }
+ # Drop all modules that are dependencies, they will
+ # be processed through their dependents
+ grep { my $x = $_;
+ !grep { grep { $_ eq $x } @$_ }
+ values %{$unified_info{depends}} }
+ @{$unified_info{modules}};
join(" ", @MODULES) -}
MODULEPDBS={- join(" ", map { platform->dsopdb($_) } @{$unified_info{modules}}) -}
-FIPSMODULENAME={- # We do some extra checking here, as there should be only one
- use File::Basename;
- my @fipsmodules =
- grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
- && $unified_info{attributes}->{modules}->{$_}->{fips} }
- @{$unified_info{modules}};
- die "More that one FIPS module" if scalar @fipsmodules > 1;
- join(" ", map { basename(platform->dso($_)) } @fipsmodules) -}
+FIPSMODULE={- # We do some extra checking here, as there should be only one
+ use File::Basename;
+ our @fipsmodules =
+ grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
+ && $unified_info{attributes}->{modules}->{$_}->{fips} }
+ @{$unified_info{modules}};
+ die "More that one FIPS module" if scalar @fipsmodules > 1;
+ join(" ", map { basename(platform->dso($_)) } @fipsmodules) -}
+FIPSMODULENAME={- die "More that one FIPS module" if scalar @fipsmodules > 1;
+ join(", ", map { basename(platform->dso($_)) } @fipsmodules) -}
PROGRAMS={- our @PROGRAMS = map { platform->bin($_) } @{$unified_info{programs}}; join(" ", @PROGRAMS) -}
PROGRAMPDBS={- join(" ", map { $_.".pdb" } @{$unified_info{programs}}) -}
SCRIPTS={- our @SCRIPTS = @{$unified_info{scripts}}; join(" ", @SCRIPTS) -}
GENERATE[fips.ld]=../util/providers.num
ENDIF
- # For tests that try to use the FIPS module, we need to make a local fips
- # module installation. We have the output go to standard output, because
- # the generated commands in build templates are expected to catch that,
- # and thereby keep control over the exact output file location.
- IF[{- !$disabled{tests} -}]
- DEPEND[|run_tests|]=fipsmodule.cnf
- GENERATE[fipsmodule.cnf]=../apps/openssl fipsinstall \
- -module providers/$(FIPSMODULENAME) -provider_name fips \
- -mac_name HMAC -section_name fips_sect
- DEPEND[fipsmodule.cnf]=$FIPSGOAL
- ENDIF
+ DEPEND[|build_modules_nodep|]=fipsmodule.cnf
+ GENERATE[fipsmodule.cnf]=../util/mk-fipsmodule-cnf.pl \
+ -module $(FIPSMODULE) -section_name fips_sect -key $(FIPSKEY)
+ DEPEND[fipsmodule.cnf]=$FIPSGOAL
ENDIF
#
--- /dev/null
+#! /usr/bin/env perl
+# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use Getopt::Long;
+
+my $activate = 1;
+my $conditional_errors = 1;
+my $security_checks = 1;
+my $mac_key;
+my $module_name;
+my $section_name = "fips_sect";
+
+GetOptions("key=s" => \$mac_key,
+ "module=s" => \$module_name,
+ "section_name=s" => \$section_name)
+ or die "Error when getting command line arguments";
+
+my $mac_keylen = length($mac_key);
+
+use Digest::SHA qw(hmac_sha256_hex);
+my $module_size = [ stat($module_name) ]->[7];
+
+open my $fh, "<:raw", $module_name or die "Trying to open $module_name: $!";
+read $fh, my $data, $module_size or die "Trying to read $module_name: $!";
+close $fh;
+
+# Calculate HMAC-SHA256 in hex, and split it into a list of two character
+# chunks, and join the chunks with colons.
+my @module_mac
+ = ( uc(hmac_sha256_hex($data, pack("H$mac_keylen", $mac_key))) =~ m/../g );
+my $module_mac = join(':', @module_mac);
+
+print <<_____;
+[$section_name]
+activate = $activate
+conditional-errors = $conditional_errors
+security-checks = $security_checks
+module-mac = $module_mac
+_____
projects / thirdparty / openssl.git / commitdiff
