diff options
| -rw-r--r-- | CHANGES | 4 | ||||
| -rw-r--r-- | Makefile.fips | 6 | ||||
| -rw-r--r-- | crypto/Makefile | 7 | ||||
| -rw-r--r-- | util/fipsobj.pl | 31 |
4 files changed, 45 insertions, 3 deletions
@@ -4,6 +4,10 @@ Changes between 1.0.1 and 1.1.0 [xx XXX xxxx] + *) Modify fipscanisteronly build option to only build the necessary object + files by filtering FIPS_EX_OBJ through a perl script in crypto/Makefile. + [Steve Henson] + *) Add experimental option FIPSSYMS to give all symbols in fipscanister.o and FIPS or fips prefix. This will avoid conflicts with future versions of OpenSSL. Add perl script diff --git a/Makefile.fips b/Makefile.fips index f8307cbf69..929fa95c50 100644 --- a/Makefile.fips +++ b/Makefile.fips @@ -147,8 +147,8 @@ SHLIBDIRS= crypto # dirs in crypto to build SDIRS= \ sha hmac des aes modes \ - bn ec rsa dsa ecdsa dh ecdh \ - buffer rand evp cmac + bn ec rsa dsa ecdsa dh \ + buffer rand evp # ecdh cmac # keep in mind that the above list is adjusted by ./Configure # according to no-xxx arguments... @@ -372,7 +372,7 @@ build_crypto: else \ AS='$(CC) -c' ; \ fi ; export AS ; \ - dir=crypto; target=all; $(BUILD_ONE_CMD) + dir=crypto; target=fips; $(BUILD_ONE_CMD) build_ssl: @dir=ssl; target=all; $(BUILD_ONE_CMD) build_engines: diff --git a/crypto/Makefile b/crypto/Makefile index 4147d2d638..eb066f03a5 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -50,6 +50,13 @@ top: all: shared +fips: cryptlib.o thr_id.o uid.o $(CPUID_OBJ) + [ -n "$(SDIRS)" ] && for i in $(SDIRS) ; do \ + ( obj=`$(PERL) $(TOP)/util/fipsobj.pl $$i` && \ + cd $$i && echo "making fips in $(DIR)/$$i..." && \ + $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='$(INCLUDES)' $$obj ) || exit 1; \ + done; + buildinf.h: ../Makefile ( echo "#ifndef MK1MF_BUILD"; \ echo ' /* auto-generated by crypto/Makefile for crypto/cversion.c */'; \ diff --git a/util/fipsobj.pl b/util/fipsobj.pl new file mode 100644 index 0000000000..09fe34a244 --- /dev/null +++ b/util/fipsobj.pl @@ -0,0 +1,31 @@ + +# Filter script. Take all FIPS object files from the environment +# and print out only those in the given directory. + +my $dir = $ARGV[0]; + +my $asmobjs = ""; + +# Add any needed assembly languagr files. + +$asmobjs = $ENV{AES_ENC} if $dir eq "aes"; +$asmobjs = $ENV{BN_ASM} if $dir eq "bn"; +$asmobjs = $ENV{DES_ENC} if $dir eq "des"; +$asmobjs = $ENV{SHA1_ASM_OBJ} if $dir eq "sha"; +$asmobjs = $ENV{MODES_ASM_OBJ} if $dir eq "modes"; + +# Get all other FIPS object files, filtered by directory. + +my @objlist = grep {/crypto\/$dir\//} split / /, $ENV{FIPS_EX_OBJ}; + +push @objlist, split / /, $asmobjs; + +# Fatal error if no matches +die "No objects in $dir!" if (scalar @objlist == 0); + +# Output all matches removing pathname. +foreach (@objlist) + { + s|../crypto/$dir/||; + print "$_\n"; + } |