Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
1ab2f7f1
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
1ab2f7f1
编写于
1月 26, 2011
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add fipscanisterbuild configuration option and update Makefile.org: doesn't compile yet
上级
9bafd8f7
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
187 addition
and
3 deletion
+187
-3
Configure
Configure
+75
-0
Makefile.org
Makefile.org
+112
-3
未找到文件。
Configure
浏览文件 @
1ab2f7f1
...
...
@@ -647,6 +647,11 @@ my $openssldir="";
my $exe_ext="";
my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
my $cross_compile_prefix="";
my $fipslibdir="/usr/local/ssl/fips-1.0/lib/";
my $nofipscanistercheck=0;
my $fipsdso=0;
my $fipscanisterinternal="n";
my $baseaddr="0xFB00000";
my $no_threads=0;
my $threads=0;
my $no_shared=0; # but "no-shared" is default
...
...
@@ -681,6 +686,7 @@ my $cmll_enc="camellia.o cmll_misc.o cmll_cbc.o";
my $processor="";
my $default_ranlib;
my $perl;
my $fips=0;
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
...
...
@@ -833,6 +839,26 @@ PROCESS_ARGS:
# The check for the option is there so scripts aren't
# broken
}
elsif (/^nofipscanistercheck$/)
{
$fips = 1;
$nofipscanistercheck = 1;
}
elsif (/^fipscanisterbuild$/)
{
$fips = 1;
$nofipscanistercheck = 1;
$fipslibdir="";
$fipscanisterinternal="y";
}
elsif (/^fipsdso$/)
{
$fips = 1;
$nofipscanistercheck = 1;
$fipslibdir="";
$fipscanisterinternal="y";
$fipsdso = 1;
}
elsif (/^[-+]/)
{
if (/^-[lL](.*)$/ or /^-Wl,/)
...
...
@@ -1398,6 +1424,15 @@ $cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /86/);
$cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /-mont/);
if ($fips)
{
$openssl_other_defines.="#define OPENSSL_FIPS\n";
if ($fipscanisterinternal eq "y")
{
$openssl_other_defines.="#define OPENSSL_FIPSCANISTER\n";
}
}
$cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/);
$des_obj=$des_enc unless ($des_obj =~ /\.o$/);
$bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/);
...
...
@@ -1574,6 +1609,21 @@ while (<IN>)
s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/;
s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/;
s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
if ($fipsdso)
{
s/^FIPSCANLIB=.*/FIPSCANLIB=libfips/;
s/^SHARED_FIPS=.*/SHARED_FIPS=libfips\$(SHLIB_EXT)/;
s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl fips/;
}
else
{
s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips;
s/^SHARED_FIPS=.*/SHARED_FIPS=/;
s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl/;
}
s/^FIPSCANISTERINTERNAL=.*/FIPSCANISTERINTERNAL=$fipscanisterinternal/;
s/^BASEADDR=.*/BASEADDR=$baseaddr/;
s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
...
...
@@ -1884,9 +1934,16 @@ BEGIN
BEGIN
BLOCK "040904b0"
BEGIN
#if defined(FIPS)
VALUE "Comments", "WARNING: TEST VERSION ONLY ***NOT*** FIPS 140-2 VALIDATED.\\0"
#endif
// Required:
VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0"
#if defined(FIPS)
VALUE "FileDescription", "TEST UNVALIDATED FIPS140-2 DLL\\0"
#else
VALUE "FileDescription", "OpenSSL Shared Library\\0"
#endif
VALUE "FileVersion", "$version\\0"
#if defined(CRYPTO)
VALUE "InternalName", "libeay32\\0"
...
...
@@ -1894,6 +1951,9 @@ BEGIN
#elif defined(SSL)
VALUE "InternalName", "ssleay32\\0"
VALUE "OriginalFilename", "ssleay32.dll\\0"
#elif defined(FIPS)
VALUE "InternalName", "libosslfips\\0"
VALUE "OriginalFilename", "libosslfips.dll\\0"
#endif
VALUE "ProductName", "The OpenSSL Toolkit\\0"
VALUE "ProductVersion", "$version\\0"
...
...
@@ -1936,6 +1996,21 @@ libraries on this platform, they will at least look at it and try their best
(but please first make sure you have tried with a current version of OpenSSL).
EOF
print <<\EOF if ($fipscanisterinternal eq "y");
WARNING: OpenSSL has been configured using unsupported option(s) to internally
generate a fipscanister.o object module for TESTING PURPOSES ONLY; that
compiled module is NOT FIPS 140-2 validated and CANNOT be used to replace the
OpenSSL FIPS Object Module as identified by the CMVP
(http://csrc.nist.gov/cryptval/) in any application requiring the use of FIPS
140-2 validated software.
This is an OpenSSL 1.1.0 test version.
See the file README.FIPS for details of how to build a test library.
EOF
exit(0);
sub usage
...
...
Makefile.org
浏览文件 @
1ab2f7f1
...
...
@@ -110,7 +110,33 @@ LIBKRB5=
ZLIB_INCLUDE
=
LIBZLIB
=
DIRS
=
crypto ssl engines apps
test
tools
# This is the location of fipscanister.o and friends.
# The FIPS module build will place it $(INSTALLTOP)/lib
# but since $(INSTALLTOP) can only take the default value
# when the module is built it will be in /usr/local/ssl/lib
# $(INSTALLTOP) for this build make be different so hard
# code the path.
FIPSLIBDIR
=
/usr/local/ssl/
$(LIBDIR)
/
# This is set to "y" if fipscanister.o is compiled internally as
# opposed to coming from an external validated location.
FIPSCANISTERINTERNAL
=
n
# The location of the library which contains fipscanister.o
# normally it will be libcrypto unless fipsdso is set in which
# case it will be libfips. If not compiling in FIPS mode at all
# this is empty making it a useful test for a FIPS compile.
FIPSCANLIB
=
# Shared library base address. Currently only used on Windows.
#
BASEADDR
=
DIRS
=
crypto fips ssl engines apps
test
tools
ENGDIRS
=
ccgost
SHLIBDIRS
=
crypto ssl
...
...
@@ -207,6 +233,10 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
WP_ASM_OBJ
=
'
$(WP_ASM_OBJ)
'
\
MODES_ASM_OBJ
=
'
$(MODES_ASM_OBJ)
'
\
PERLASM_SCHEME
=
'
$(PERLASM_SCHEME)
'
\
FIPSLIBDIR
=
'
${FIPSLIBDIR}
'
\
FIPSCANLIB
=
"
$
${
FIPSCANLIB
:-
$(FIPSCANLIB)
}
"
\
FIPSCANISTERINTERNAL
=
'
${FIPSCANISTERINTERNAL}
'
\
FIPS_EX_OBJ
=
'
${FIPS_EX_OBJ}
'
\
THIS
=
$
${
THIS
:-
$@
}
MAKEFILE
=
Makefile
MAKEOVERRIDES
=
# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
# which in turn eliminates ambiguities in variable treatment with -e.
...
...
@@ -238,13 +268,92 @@ BUILD_ONE_CMD=\
reflect
:
@
[
-n
"
$(THIS)
"
]
&&
$(CLEARENV)
&&
$(MAKE)
$(THIS)
-e
$(BUILDENV)
# FIXME
FIPS_EX_OBJ
=
../crypto/aes/aes_cfb.o
\
../crypto/aes/aes_ecb.o
\
../crypto/aes/aes_ofb.o
\
../crypto/bn/bn_add.o
\
../crypto/bn/bn_blind.o
\
../crypto/bn/bn_ctx.o
\
../crypto/bn/bn_div.o
\
../crypto/bn/bn_exp2.o
\
../crypto/bn/bn_exp.o
\
../crypto/bn/bn_gcd.o
\
../crypto/bn/bn_lib.o
\
../crypto/bn/bn_mod.o
\
../crypto/bn/bn_mont.o
\
../crypto/bn/bn_mul.o
\
../crypto/bn/bn_prime.o
\
../crypto/bn/bn_rand.o
\
../crypto/bn/bn_recp.o
\
../crypto/bn/bn_shift.o
\
../crypto/bn/bn_sqr.o
\
../crypto/bn/bn_word.o
\
../crypto/bn/bn_x931p.o
\
../crypto/buffer/buf_str.o
\
../crypto/cryptlib.o
\
../crypto/des/cfb64ede.o
\
../crypto/des/cfb64enc.o
\
../crypto/des/cfb_enc.o
\
../crypto/des/ecb3_enc.o
\
../crypto/des/ofb64ede.o
\
../crypto/des/fcrypt.o
\
../crypto/des/set_key.o
\
../crypto/dh/dh_check.o
\
../crypto/dh/dh_gen.o
\
../crypto/dh/dh_key.o
\
../crypto/dsa/dsa_gen.o
\
../crypto/dsa/dsa_key.o
\
../crypto/dsa/dsa_ossl.o
\
../crypto/dsa/dsa_sign.o
\
../crypto/dsa/dsa_vrf.o
\
../crypto/evp/e_aes.o
\
../crypto/evp/e_des3.o
\
../crypto/evp/m_sha1.o
\
../crypto/hmac/hmac.o
\
../crypto/mem.o
\
../crypto/modes/cfb128.o
\
../crypto/modes/ctr128.o
\
../crypto/modes/ofb128.o
\
../crypto/rand/md_rand.o
\
../crypto/rand/rand_egd.o
\
../crypto/rand/randfile.o
\
../crypto/rand/rand_lib.o
\
../crypto/rand/rand_os2.o
\
../crypto/rand/rand_unix.o
\
../crypto/rand/rand_win.o
\
../crypto/rsa/rsa_eay.o
\
../crypto/rsa/rsa_gen.o
\
../crypto/rsa/rsa_crpt.o
\
../crypto/rsa/rsa_none.o
\
../crypto/rsa/rsa_oaep.o
\
../crypto/rsa/rsa_pk1.o
\
../crypto/rsa/rsa_pss.o
\
../crypto/rsa/rsa_ssl.o
\
../crypto/rsa/rsa_x931.o
\
../crypto/sha/sha1dgst.o
\
../crypto/sha/sha256.o
\
../crypto/sha/sha512.o
\
../crypto/uid.o
sub_all
:
build_all
build_all
:
build_libs build_apps build_tests build_tools
build_libs
:
build_crypto build_ssl build_engines
build_libs
:
build_crypto build_fips build_ssl build_engines
build_fips
:
@
dir
=
fips
;
target
=
all
;
[
-z
"
$(FIPSCANLIB)
"
]
||
$(BUILD_ONE_CMD)
build_crypto
:
@
dir
=
crypto
;
target
=
all
;
$(BUILD_ONE_CMD)
if
[
-n
"
$(FIPSCANLIB)
"
]
;
then
\
EXCL_OBJ
=
'
$(AES_ENC)
$(BN_ASM)
$(DES_ENC)
$(CPUID_OBJ)
$(SHA1_ASM_OBJ)
$(FIPS_EX_OBJ)
'
;
export
EXCL_OBJ
;
\
ARX
=
'
$(PERL)
$
${TOP}
/util/arx.pl
$(AR)
'
;
\
else
\
ARX
=
'
${AR}
'
;
\
fi
;
export
ARX
;
\
dir
=
crypto
;
target
=
all
;
$(BUILD_ONE_CMD)
build_ssl
:
@
dir
=
ssl
;
target
=
all
;
$(BUILD_ONE_CMD)
build_engines
:
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录