A generator in a `GENERATE[generated]=generator` build.info statement may
itself be generated. That needs to be taken into account.
This was always meant to be, but we missed the spot, for lack of use cases.
Now we have one.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18263)
Since this file is generated by configdata.pm, there's no need to include it
among the mandatory dependencies (which end up in the `GENERATE_MANDATORY`
Makefile variable). In fact, it shouldn't be there any more, as that would
also cause it to be removed by `make clean`.
To compensate, we add an explicit removal of that file in the `distclean`
target on all platform families.
Fixes#18396
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18398)
Following cb2764f2a8 Add riscv64 asm_arch to linux64-riscv64 target
Current ASM does not have Linux specific thing thus this is
suitable for BSD
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18309)
The FIPS module checksum needs to know that configuration.h is
generated from configuration.h.in, so that information is conserved.
To make this possible, it's now possible to have attributes with the
GENERATE keyword, and the attribute "skip" is added to make a keyword
a no-op, which makes it informative only.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/16378)
This commit removes platform defines the interfere with loading and resolution
of platform and memory model variants of integer types and includes the
appropriate files, stdint.h and sys/types.h where the types are defined.
Fixes#17669
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18325)
Otherwise, it seems nmake doesn't invoke perl properly.
Signed-off-by: Keith W. Campbell <keithc@ca.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18215)
Reviewed-by: Philipp Tomsich <philipp.tomsich@vrull.eu>
Signed-off-by: Henry Brausen <henry.brausen@vrull.eu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18275)
This avoids a run-time dependency on libgcc_s.so which may not be
present on all systems. OpenSSL already uses -static-libgcc for
the solaris-x86-gcc and solaris64-x86_64-gcc configurations.
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14538)
AIX shared libs are also .a files so the AIX platform staticname()
appends a '_a' to the name to avoid a collision. However, this
must not be done when no-shared is passed to Configure or the
binaries that link with -lcrypto and -lssl be unable to link as
those libraries won't exist without the '_a' suffix.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18006)
Before PR #15310, which reworked how build files (Makefile, ...) were
generated, everything was done when configuring, so configdata.pm
could depend on build file templates and we'd get away with it.
However, since building configdata.pm is now independent of the build
file templates, that dependency is unnecessary, and would lead to
surprises of the build file template is updated, with an unexpected
full reconfiguration as a result, when all that's needed is to run
configdata.pm with no flags to get the build file re-generated.
This change is therefore a completion of what was forgotten in #15310.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17756)
This is crucial when the build tree isn't the source tree, as they
only take effect in directories where included header files reside.
The issue only comes up when linking with the static libraries, since
the shared libraries have upper case aliases of all symbols.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17755)
Add copyright to files that were missing it.
Update license from OpenSSL to Apache as needed.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17606)
Affected file: Configurations/unix-Makefile.tmpl
Fixes#17602
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17605)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17556)
(cherry picked from commit 45036df450)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17306)
Also, the modules installation directory is version agnostic on other
platforms, there's no real reason why it shouldn't be on VMS.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16842)
(cherry picked from commit a4f1e23e6c)
The program name version info is supposed to be the major release
version number. This was forgotten when the versioning scheme was
changed for 3.0, so the minor release version number slipped in as
well.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16842)
(cherry picked from commit 3c9293b471)
OpenSSL assumes AT_HWCAP = 16 (as on Linux), but on FreeBSD AT_HWCAP = 25
Switch to using AT_HWCAP, and setting it to 16 if it is not defined.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17090)
The doc/html sub-dirs get created by Configure. Therefore they should
not be cleaned away by "nmake clean". Otherwise the following sequence
fails:
perl Configure VC-WIN64A
nmake clean
nmake
nmake install
Fixes#17114
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17128)
When remaking how programs were linked, the variable `$ress` was forgotten.
Unfortunately, perl treats this with silence.
Fixes#16870Fixes#16667
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16875)
CLA: trivial
I assume this has been an error in the initial ios conf file. In order to build for ios the shared engine library, needs to be disabled because iOS doesn't have the concept of shared libraries. But instead of only disabling `dynamic-engine` (or like in this commit disabled the `shared`) option the previous config did disable `engine` and with that the `static-engine` compilation as well. This restores the `static-engine` option being enabled by default, but keeping compilation going on iOS.
Cheers!
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16659)
OpenSSL 1.1.1 links the simple libcrypto.so to libcrypto_variant.so,
this was inadvertently dropped.
Fixes#16605
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16608)
We changed the manner in which a build needing applink is detected,
but forgot to change the installation targets accordingly.
Fixes#16570
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16577)
(cherry picked from commit de36ce47bf)
away the use of $(DEFINES), which does get populated with defines
given through configuration. This makes it impossible to configure
with extra defines on VMS. Uncommenting and moving $(DEFINES) to a
more proper spot gives the users back that ability.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16561)
(cherry picked from commit 1dc15a3330)
This function tried to shave off the pre-release and build metadata
text from the the version number it gets, but didn't do that quite
right. Since this isn't even a documented behaviour, the easier, and
arguably more correct path is for that function not to try to shave
off anything, and for the callers to feed it the short version number,
"{MAJOR}.{MINOR}.{PATCH}", nothing more.
The build file templates are adjusted accordingly.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16556)
OpenVMS for x86_64 is currently out on a field test. Building
programs for it is currently done with cross compilation on Itanium.
The cross compilation tools are made available by running a script,
which makes cross-compilation variants of most commands available, and
adds the cross-compilation C compiler XCC.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16498)
Different tests may use unexpectedly different versions of perl,
depending on whether they hardcode the path to the perl executable or if
they resolve the path from the environment. This fixes it so that the
same perl is always used.
Fix some trailing whitespace and spelling mistakes as well.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16362)
In current Configure script, libdir can be specified either an absolute
path or relative, while in Configurations/shared-info.pl, on darwin
system "-install_name" only accepts relative libdir path, and the
program fails when receiving absolute libdir path. This PR is to fix
this and match requirements of scripts.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16393)
Fixes: #16373
Co-authored-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16398)
$(SRCDIR)/doc doesn't work right on VMS.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16395)
Also fix some inconsistencies and minor bugs related to the
install_fips target on Windows and VMS.
Fixes#16194
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16208)
unix-Makefile.tmpl checks if the target LIBDIR exists on the build
machine or not and based on the result modify the final LIBDIR.
This should be avoided, build results should not depend on the build
machine root filesystem layout. It makes the build results unstable.
The fix simply removes the dir existence test from the unix-Makefile.tmpl.
Fixes: openssl#16121
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16122)
nmake is tolerant of those empty lines, but jom isn't. That tolerance
isn't standard make behaviour, so we lean towards avoiding them.
We simply use '@rem' instead.
Fixes#16014
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16048)
If platform->sharedlib_simple() and platform->sharedlib_import()
return undefined, try platform->sharedlib() as a fallback before
platform->staticlib().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16023)
On some Unix-like platforms, there is no such thing as versioned shared
libraries. In this case, platform->sharedlib_simple() should simply
return undef. Among others, this avoids the shared libraries to be
installed as symlinks on themselves.
Fixes#16012
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16023)
We introduce a new makefile target "make release-update" that forces
ordinal file renumbering, and also does the fips checksum updates. We
then call that from the release script.
Fixes#15806
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15901)
Perl's system() on VMS needs to have the command line properly fixed
up, even with arguments passed in list form. We arrange that by
having util/wrap.pl use the same command line fixups as OpenSSL::Test.
As a consequence, util/wrap.pl needs to be generated, to easily pick
up data from configdata.pm. This also removes yet another file
copying hack from the build file templates.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15791)
The in2script functions generates the build file rules for generating
scripts from .in files. A dependency on configdata.pm is needed,
since it's being used for this.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15792)
This commit adds an architecture named aix64-gcc-as which can generate
assembler source code compatible with AIX assembler (as) instead of the
GNU Assembler (gas). This architecture name is then used in a callback
for the .p2align directive which is not available in AIX as.
The motivation for this addition came out of an issue we ran into when
working on upgrading OpenSSL in Node.js. We ran into the following
compilation error on one of the CI machines that uses AIX:
05:39:05 Assembler:
05:39:05 crypto/bn/ppc64-mont-fixed.s: line 4: Error In Syntax
This machine is using AIX Version 7.2 and does not have gas installed
and the .p2align directive is causing this error. After asking around if
it would be possible to install GAS on this machine I learned that AIX
GNU utils are not maintained as well as the native AIX ones and we
(Red Hat/IBM) have run into issues with the GNU utils in the past and if
possible it would be preferable to be able to use the AIX native
assembler.
Refs: https://github.com/nodejs/node/pull/38512
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15638)
The entry point needs the option 'binitfini', but it was not being
added since the perl code to detect the match did not work.
The entry point for AIX is no longer static - so a wrapper has been
added to call the static version.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15636)
to avoid collision with rmdir.exe from cygwin or msys
Original idea by Mladen Turk @mturk
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15610)
The mechanism had special cases to guess when something was generated
from a .in file. It's better, though, to use the knowledge in
configdata.pm, especially when the generated file is in a different
location than its source.
Cleanups are added, and we change the use of sed to a use of perl
when cleaning up paths with 'something/../' in them, since perl has
more powerful tools for this sort of thing.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15514)
Remove unused -DCONF_DEBUG and -DBN_CTX_DEBUG.
Rename REF_PRINT to REF_DEBUG for consistency, and add a new
tracing category and use it for printing reference counts.
Rename -DDEBUG_UNUSED to -DUNUSED_RESULT_DEBUG
Fix BN_DEBUG_RAND so it compiles and, when set, force DEBUG_RAND to
be set also.
Rename engine_debug_ref to be ENGINE_REF_PRINT also for consistency.
Fixes#15357
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15353)
For some types of targets, we pretty much know what kinds of files all
the dependencies are. For some, however, we can't assume anything,
and are faced with dependencies in platform agnostic form. We need to
find those in diverse places in %unified_info, and deduce from there
how they should be converted to a platform specific form.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15436)
First of all, we have concluded that we can calculate the integrity
checksum with a simple perl script.
Second, having the production of providers/fipsmodule.cnf as a
dependency for run_tests wasn't quite right. What we really want is
to generate it as soon as a new providers/fips.so is produced. That
required a small bit of fiddling with how diverse dependencies are
made.
Fixes#15166
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15436)
The reason is that it currently doesn't build properly, due to the of
pvkfmt.c, causing multiply defined symbols since libcrypto exports
them as well. At the same time, it can't do without that source file,
or it won't have access to certain internal symbols from there.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15320)
Because VMS C has some trouble with recursive inclusion of header
files, we have had to help it out for object files where there is such
an inclusion structure.
Previously, we did so with temporary logical names that were the same
as the first directory in an inclusion, so for example, to enable this
inclusion (found in ssl/ssl_local.h), we created the logical name
"record" when building any of the object files in the ssl/
subdirectories:
#include "record/record.h"
However, there is another way with the VMS C compiler, to selectively
specify extra include directories in Unix form directly to the
compiler. The logic is that from the directory where the source file
to compile is located, the specified inclusion directory merged with
the inclusion string should be able to access to specified header
file.
So for example, when a file in ssl/record/ is compiled, the following
inclusion is found:
#include "../ssl_local.h"
So far so good, VMS C handles it properly. However, the recursive
inclusion of "record/record.h" fails. However, if the compiler is
helped out a little bit, with the following extra qualifier, then it
works:
/INCLUDE="../"
The reason is that the compiler merges "../" and "record/record.h"
into "../record/record.h", which is the correct path to that header
file from the directory of the source file being compiled.
All that remained was to figure out all places where this trouble may
occur, and specify extra Unix formatted inclusion directories to
specify on per object file basis.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15369)
In 1.1.1 when installing the man pages we created symlinks to the base
page for all functions described on the page. We need to continue doing
this.
Fixes#14846
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15312)
We have pretty long symbol names, so they need to be shortened to fit
in the linker's 31 character limit on symbols.
Symbol name shortening with the VMS C compiler works in such a way
that a symbol name that's longer than 31 characters is mangled into
its first original 22 characters, followed by a dollar sign and the
32-bit CRC of the original symbol name in hexadecimal.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)
crypto/ec/curve448/ has a series of inclusions that throws VMS C
off, so we compensate for it the same way as we have done before.
Fixes#14247
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)
Instead of what we used to do, put all include directories in a number
of DCL variables and generate the /INCLUDE qualifier value on the
command line, we instead generate VMS C specific header files with
include directory pragmas, to be used with the VMS C's /FIRST_INCLUDE
qualifier. This also shortens the command line, the size of which is
limited.
VMS C needs to have those include directories specified in a Unix
form, to be able to safely merge #include paths with them when
searching through them.
Fixes#14247
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)
It was looking in the wrong place in %unified_info to determine if the
library would be installed or not.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)
Get it back in sync with the other templates, and correct a few syntax
errors that have crept in.
Fixes#14247
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)
VMS C can be notoriously informative about certain things, such as
unsupported pragmas. The case here is that it doesn't support
"#pragma once", and since we use those quite a lot, that's a lot of
repeated information. We simply turn that warning off.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)
The memory footprint of how we produced the Makefile was quite...
important, because we have all the processing in one perl snippet, and
generate the details of the build file by appending to the "magic"
variable $OUT. The result is that this variable gets to hold the
majority of the build file text, and depending on memory reallocation
strategies for strings, the heap may hold multiple (possibly not just
a few) copies of this string, almost all of them "freed" but still
taking up space. This has resulted in memory exhaustion.
We therefore change strategy, and generate the build file in two
phases, where the first phase generates the full template using small
perl snippets for each detail, and the second phase processes this
template. This is much kinder to process memory.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15310)
quotify1() and quotify_l() were in OpenSSL::Template, but should be
more widely usable.
configdata.pm.in's out_item() is also more widely useful and is
therefore moved to OpenSSL::Util as well, and renamed to dump_data().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15310)
Use it in the automated workflows.
Fixes: #15247
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15248)
Add also update-fips-checksums to update the checksums in the
$(SRCDIR) if the $(SRCDIR) and $(BLDDIR) is different.
The fips-checksums and generate_fips_sources targets are always
produced (regardless of enable-fips) as nothing else depends on them
and they are developer targets.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15229)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15167)
This adds the following scripts:
util/lang-compress.pl:
Compress source code, which language is determined by the first argument.
For the moment, we know 'perl' (perlasm source code), 'C' (C source code)
and 'S' (Assembler with C preprocessor directives).
This removes comments and empty lines, and compresses series of horizontal
spaces to one single space in the languages where that's appropriate.
util/fips-checksums.sh:
Takes source file names as arguments, pushes them through
util/lang-compress.pl and unifdef with FIPS_MODE defined, and calculates
the checksum on the result.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8871)
It might not be necessary with the most recent toolchain versions
but apparently many 32bit linux architectures and commonly used
toolchain versions require this.
It is also harmless to include even on architectures that do not
need it.
Fixes#14083
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15086)
Pull request #14320 introduced the ability to use compiled programs
as generators in GENERATE rules of build.info files. Those generator
calls were wrapped by the Perl wrapper (wrap.pl) in the Unix makefile
template, but not on Windows.
This commit adds the missing wrapper for Windows, because for the
`fipsmodule.cnf` target it is essential that the `openssl fipsinstall`
command does not load any preinstalled openssl configuration file.
Fixes#13680
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13684)
To follow the principle "what you configure is what you install",
the `make install` target now includes the installation of the
fips provider (`make install_fips`) if (and only if) OpenSSL was
configured with fips support (`enable-fips`).
The `make install_fips` target exists as well and can be used
to install just the fips provider. It requires `enable-fips`
and issues an error message if `no-fips` was configured.
The anologue holds for the 'uninstall_fips' target.
Fixes#13693
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13684)
There is already a `providers/fipsmodule.cnf` target which is required by
the tests. Instead of creating another fipsmodule.cnf, the `install_fips`
target simply copies that configuration file to its final destination.
This commit also restores the minimal dependencies to build the `install_fips`
target immediately after configuring, which was broken after the removal
of the `install_sw` dependency.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13684)
According to the OpenSSL 3.0 Wiki, the file should be located at
$(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf
next to the openssl.cnf file.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13684)
The `openssl` app was previously called without a path, which
would generally invoke the system's copy of the openssl application.
Currently, that's most likely an openssl version 1.1.1 application,
which does not recognize the `fipsinstall` command and terminates
with an error message.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13684)
The FIPS hmac key is provided as a hexadezimal string, which needs to
be be prefixed with `hexkey:`, not `key:`.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13684)
Richard Levitte
Hongren (Zenithal) Zheng
Randall S. Becker
Daniel Fiala
Keith W. Campbell
Henry Brausen
Todd C. Miller
Todd C. Miller
Shi Pujin
Marcel Raad
Todd Short
Piotr Kubaj
Allan Jude
Matt Caswell
Dominic Letz
Tomas Mraz
a1346054
Xiaofei Bai
jenda1
Daniel Bevenius
Shane Lontis
FdaSilvaYY
Rich Salz
Pauli
Dr. David von Oheimb
Dr. Matthias St. Pierre