From 5d439d69552e753debc48461293517b66b0b94b4 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 17 Feb 2011 19:03:52 +0000 Subject: [PATCH] Make -DOPENSSL_FIPSSYMS work for assembly language builds. --- CHANGES | 5 +++-- Makefile.fips | 9 +++++++-- Makefile.org | 9 +++++++-- util/fipsas.pl | 13 +++++++++++++ 4 files changed, 30 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index 99172adc52..e1cbe370c1 100644 --- a/CHANGES +++ b/CHANGES @@ -6,8 +6,9 @@ *) Add experimental option FIPSSYMS to give all symbols in fipscanister.o and FIPS or fips prefix. This will avoid - conflicts with future versions of OpenSSL. Only works for - no-asm at present. + conflicts with future versions of OpenSSL. Add perl script + util/fipsas.pl to preprocess assembly language source files + and rename any affected symbols. [Steve Henson] *) Add selftest checks and algorithm block of non-fips algorithms in diff --git a/Makefile.fips b/Makefile.fips index 2344a5823a..f8307cbf69 100644 --- a/Makefile.fips +++ b/Makefile.fips @@ -78,7 +78,7 @@ LIBDIR=lib # dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC # gcc, then the driver will automatically translate it to -xarch=v8plus # and pass it down to assembler. -AS=$(CC) -c +#AS=$(CC) -c ASFLAG=$(CFLAG) # For x86 assembler: Set PROCESSOR to 386 if you want to support @@ -205,7 +205,7 @@ CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \ BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \ CC='$(CC)' CFLAG='$(CFLAG)' \ - AS='$(CC)' ASFLAG='$(CFLAG) -c' \ + ASFLAG='$(CFLAG) -c' \ AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \ CROSS_COMPILE='$(CROSS_COMPILE)' \ PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \ @@ -367,6 +367,11 @@ build_crypto: else \ ARX='${AR}' ; \ fi ; export ARX ; \ + if [ $(FIPSCANISTERINTERNAL) = "y" ]; then \ + AS='$(PERL) $${TOP}/util/fipsas.pl $${TOP} $${<} $(CC)' ; \ + else \ + AS='$(CC) -c' ; \ + fi ; export AS ; \ dir=crypto; target=all; $(BUILD_ONE_CMD) build_ssl: @dir=ssl; target=all; $(BUILD_ONE_CMD) diff --git a/Makefile.org b/Makefile.org index 09cb9a07a2..deaf792546 100644 --- a/Makefile.org +++ b/Makefile.org @@ -78,7 +78,7 @@ LIBDIR=lib # dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC # gcc, then the driver will automatically translate it to -xarch=v8plus # and pass it down to assembler. -AS=$(CC) -c +#AS=$(CC) -c ASFLAG=$(CFLAG) # For x86 assembler: Set PROCESSOR to 386 if you want to support @@ -205,7 +205,7 @@ CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \ BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \ CC='$(CC)' CFLAG='$(CFLAG)' \ - AS='$(CC)' ASFLAG='$(CFLAG) -c' \ + ASFLAG='$(CFLAG) -c' \ AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \ CROSS_COMPILE='$(CROSS_COMPILE)' \ PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \ @@ -367,6 +367,11 @@ build_crypto: else \ ARX='${AR}' ; \ fi ; export ARX ; \ + if [ $(FIPSCANISTERINTERNAL) = "y" ]; then \ + AS='$(PERL) $${TOP}/util/fipsas.pl $${TOP} $${<} $(CC) -c' ; \ + else \ + AS='$(CC) -c' ; \ + fi ; export AS ; \ dir=crypto; target=all; $(BUILD_ONE_CMD) build_ssl: @dir=ssl; target=all; $(BUILD_ONE_CMD) diff --git a/util/fipsas.pl b/util/fipsas.pl index cd8b8c02f4..c6964e19cf 100644 --- a/util/fipsas.pl +++ b/util/fipsas.pl @@ -9,6 +9,19 @@ my @ARGS = @ARGV; my $top = shift @ARGS; my $target = shift @ARGS; +# HACK to disable operation if no OPENSSL_FIPSSYMS option. +# will go away when tested more fully. + +my $enabled = 0; + +foreach (@ARGS) { $enabled = 1 if /-DOPENSSL_FIPSSYMS/ ; } + +if ($enabled == 0) + { + system @ARGS; + exit $? + } + # Open symbol rename file. open(IN, "$top/fips/fipssyms.h") || die "Can't open fipssyms.h";