/[smeserver]/rpms/openssl/sme8/openssl-fips-0.9.8e-use-fipscheck.patch
ViewVC logotype

Annotation of /rpms/openssl/sme8/openssl-fips-0.9.8e-use-fipscheck.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Tue Feb 18 03:03:10 2014 UTC (10 years, 9 months ago) by wellsi
Branch: MAIN
CVS Tags: openssl-0_9_8e-28_el5_sme, openssl-0_9_8e-33_1_el5_sme, openssl-0_9_8e-32_1_el5_sme, openssl-0_9_8e-27_1_el5_sme, openssl-0_9_8e-27_el5_10_1, openssl-0_9_8e-31_1_el5_sme, HEAD
Branch point for: upstream
Initial import

1 wellsi 1.1 Do not create a fips canister but use a fipscheck equivalent method for
2     integrity verification of both libssl and libcrypto shared libraries.
3     diff -up openssl-fips-0.9.8e/apps/Makefile.use-fipscheck openssl-fips-0.9.8e/apps/Makefile
4     --- openssl-fips-0.9.8e/apps/Makefile.use-fipscheck 2007-08-15 15:35:29.000000000 +0200
5     +++ openssl-fips-0.9.8e/apps/Makefile 2009-03-26 15:16:09.000000000 +0100
6     @@ -152,8 +152,6 @@ $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(
7     $(RM) $(EXE)
8     shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
9     shlib_target="$(SHLIB_TARGET)"; \
10     - elif [ -n "$(FIPSCANLIB)" ]; then \
11     - FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
12     fi; \
13     LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
14     [ "x$(FIPSCANLIB)" = "xlibfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
15     diff -up openssl-fips-0.9.8e/fips/fips.c.use-fipscheck openssl-fips-0.9.8e/fips/fips.c
16     --- openssl-fips-0.9.8e/fips/fips.c.use-fipscheck 2007-08-26 16:57:10.000000000 +0200
17     +++ openssl-fips-0.9.8e/fips/fips.c 2009-04-15 11:43:59.000000000 +0200
18     @@ -47,6 +47,8 @@
19     *
20     */
21    
22     +#define _GNU_SOURCE
23     +
24     #include <openssl/fips.h>
25     #include <openssl/rand.h>
26     #include <openssl/fips_rand.h>
27     @@ -56,6 +58,9 @@
28     #include <openssl/rsa.h>
29     #include <string.h>
30     #include <limits.h>
31     +#include <dlfcn.h>
32     +#include <stdio.h>
33     +#include <stdlib.h>
34     #include "fips_locl.h"
35    
36     #ifdef OPENSSL_FIPS
37     @@ -163,6 +168,7 @@ int FIPS_selftest()
38     && FIPS_selftest_dsa();
39     }
40    
41     +#if 0
42     extern const void *FIPS_text_start(), *FIPS_text_end();
43     extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
44     unsigned char FIPS_signature [20] = { 0 };
45     @@ -241,6 +247,206 @@ int FIPS_check_incore_fingerprint(void)
46    
47     return 1;
48     }
49     +#else
50     +/* we implement what libfipscheck does ourselves */
51     +
52     +static int
53     +get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen)
54     +{
55     + Dl_info info;
56     + void *dl, *sym;
57     + int rv = -1;
58     +
59     + dl = dlopen(libname, RTLD_LAZY);
60     + if (dl == NULL) {
61     + return -1;
62     + }
63     +
64     + sym = dlsym(dl, symbolname);
65     +
66     + if (sym != NULL && dladdr(sym, &info)) {
67     + strncpy(path, info.dli_fname, pathlen-1);
68     + path[pathlen-1] = '\0';
69     + rv = 0;
70     + }
71     +
72     + dlclose(dl);
73     +
74     + return rv;
75     +}
76     +
77     +static const char conv[] = "0123456789abcdef";
78     +
79     +static char *
80     +bin2hex(void *buf, size_t len)
81     +{
82     + char *hex, *p;
83     + unsigned char *src = buf;
84     +
85     + hex = malloc(len * 2 + 1);
86     + if (hex == NULL)
87     + return NULL;
88     +
89     + p = hex;
90     +
91     + while (len > 0) {
92     + unsigned c;
93     +
94     + c = *src;
95     + src++;
96     +
97     + *p = conv[c >> 4];
98     + ++p;
99     + *p = conv[c & 0x0f];
100     + ++p;
101     + --len;
102     + }
103     + *p = '\0';
104     + return hex;
105     +}
106     +
107     +#define HMAC_PREFIX "."
108     +#define HMAC_SUFFIX ".hmac"
109     +#define READ_BUFFER_LENGTH 16384
110     +
111     +static char *
112     +make_hmac_path(const char *origpath)
113     +{
114     + char *path, *p;
115     + const char *fn;
116     +
117     + path = malloc(sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath));
118     + if(path == NULL) {
119     + return NULL;
120     + }
121     +
122     + fn = strrchr(origpath, '/');
123     + if (fn == NULL) {
124     + fn = origpath;
125     + } else {
126     + ++fn;
127     + }
128     +
129     + strncpy(path, origpath, fn-origpath);
130     + p = path + (fn - origpath);
131     + p = stpcpy(p, HMAC_PREFIX);
132     + p = stpcpy(p, fn);
133     + p = stpcpy(p, HMAC_SUFFIX);
134     +
135     + return path;
136     +}
137     +
138     +static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP";
139     +
140     +static int
141     +compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
142     +{
143     + FILE *f = NULL;
144     + int rv = -1;
145     + unsigned char rbuf[READ_BUFFER_LENGTH];
146     + size_t len;
147     + unsigned int hlen;
148     + HMAC_CTX c;
149     +
150     + HMAC_CTX_init(&c);
151     +
152     + f = fopen(path, "r");
153     +
154     + if (f == NULL) {
155     + goto end;
156     + }
157     +
158     + HMAC_Init(&c, hmackey, sizeof(hmackey)-1, EVP_sha256());
159     +
160     + while ((len=fread(rbuf, 1, sizeof(rbuf), f)) != 0) {
161     + HMAC_Update(&c, rbuf, len);
162     + }
163     +
164     + len = sizeof(rbuf);
165     + /* reuse rbuf for hmac */
166     + HMAC_Final(&c, rbuf, &hlen);
167     +
168     + *buf = malloc(hlen);
169     + if (*buf == NULL) {
170     + goto end;
171     + }
172     +
173     + *hmaclen = hlen;
174     +
175     + memcpy(*buf, rbuf, hlen);
176     +
177     + rv = 0;
178     +end:
179     + HMAC_CTX_cleanup(&c);
180     +
181     + if (f)
182     + fclose(f);
183     +
184     + return rv;
185     +}
186     +
187     +static int
188     +FIPSCHECK_verify(const char *libname, const char *symbolname)
189     +{
190     + char path[PATH_MAX+1];
191     + int rv;
192     + FILE *hf;
193     + char *hmacpath, *p;
194     + char *hmac = NULL;
195     + size_t n;
196     +
197     + rv = get_library_path(libname, symbolname, path, sizeof(path));
198     +
199     + if (rv < 0)
200     + return 0;
201     +
202     + hmacpath = make_hmac_path(path);
203     +
204     + hf = fopen(hmacpath, "r");
205     + if (hf == NULL) {
206     + free(hmacpath);
207     + return 0;
208     + }
209     +
210     + if (getline(&hmac, &n, hf) > 0) {
211     + void *buf;
212     + size_t hmaclen;
213     + char *hex;
214     +
215     + if ((p=strchr(hmac, '\n')) != NULL)
216     + *p = '\0';
217     +
218     + if (compute_file_hmac(path, &buf, &hmaclen) < 0) {
219     + rv = -4;
220     + goto end;
221     + }
222     +
223     + if ((hex=bin2hex(buf, hmaclen)) == NULL) {
224     + free(buf);
225     + rv = -5;
226     + goto end;
227     + }
228     +
229     + if (strcmp(hex, hmac) != 0) {
230     + rv = -1;
231     + }
232     + free(buf);
233     + free(hex);
234     + }
235     +
236     +end:
237     + free(hmac);
238     + free(hmacpath);
239     + fclose(hf);
240     +
241     + if (rv < 0)
242     + return 0;
243     +
244     + /* check successful */
245     + return 1;
246     +}
247     +
248     +#endif
249    
250     int FIPS_mode_set(int onoff)
251     {
252     @@ -278,16 +484,17 @@ int FIPS_mode_set(int onoff)
253     }
254     #endif
255    
256     - if(fips_signature_witness() != FIPS_signature)
257     + if(!FIPSCHECK_verify("libcrypto.so.0.9.8e","FIPS_mode_set"))
258     {
259     - FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_CONTRADICTING_EVIDENCE);
260     + FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
261     fips_selftest_fail = 1;
262     ret = 0;
263     goto end;
264     }
265    
266     - if(!FIPS_check_incore_fingerprint())
267     + if(!FIPSCHECK_verify("libssl.so.0.9.8e","SSL_CTX_new"))
268     {
269     + FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
270     fips_selftest_fail = 1;
271     ret = 0;
272     goto end;
273     @@ -403,11 +610,13 @@ int fips_clear_owning_thread(void)
274     return ret;
275     }
276    
277     +#if 0
278     unsigned char *fips_signature_witness(void)
279     {
280     extern unsigned char FIPS_signature[];
281     return FIPS_signature;
282     }
283     +#endif
284    
285     /* Generalized public key test routine. Signs and verifies the data
286     * supplied in tbs using mesage digest md and setting option digest
287     diff -up openssl-fips-0.9.8e/fips/fips_locl.h.use-fipscheck openssl-fips-0.9.8e/fips/fips_locl.h
288     --- openssl-fips-0.9.8e/fips/fips_locl.h.use-fipscheck 2007-08-15 15:35:31.000000000 +0200
289     +++ openssl-fips-0.9.8e/fips/fips_locl.h 2009-03-26 15:15:39.000000000 +0100
290     @@ -63,7 +63,9 @@ int fips_is_owning_thread(void);
291     int fips_set_owning_thread(void);
292     void fips_set_selftest_fail(void);
293     int fips_clear_owning_thread(void);
294     +#if 0
295     unsigned char *fips_signature_witness(void);
296     +#endif
297    
298     #define FIPS_MAX_CIPHER_TEST_SIZE 16
299    
300     diff -up openssl-fips-0.9.8e/fips/Makefile.use-fipscheck openssl-fips-0.9.8e/fips/Makefile
301     --- openssl-fips-0.9.8e/fips/Makefile.use-fipscheck 2007-08-15 15:35:30.000000000 +0200
302     +++ openssl-fips-0.9.8e/fips/Makefile 2009-04-15 11:41:25.000000000 +0200
303     @@ -62,9 +62,9 @@ testapps:
304    
305     all:
306     @if [ -z "$(FIPSLIBDIR)" ]; then \
307     - $(MAKE) -e subdirs lib fips_premain_dso$(EXE_EXT); \
308     + $(MAKE) -e subdirs lib; \
309     else \
310     - $(MAKE) -e lib fips_premain_dso$(EXE_EXT) fips_standalone_sha1$(EXE_EXT); \
311     + $(MAKE) -e lib; \
312     fi
313    
314     # Idea behind fipscanister.o is to "seize" the sequestered code between
315     @@ -109,7 +109,6 @@ fipscanister.o: fips_start.o $(LIBOBJ) $
316     HP-UX|OSF1|SunOS) set -x; /usr/ccs/bin/ld -r -o $@ $$objs ;; \
317     *) set -x; $(CC) $$cflags -r -o $@ $$objs ;; \
318     esac fi
319     - ./fips_standalone_sha1 fipscanister.o > fipscanister.o.sha1
320    
321     # If another exception is immediately required, assign approprite
322     # site-specific ld command to FIPS_SITE_LD environment variable.
323     @@ -141,8 +140,24 @@ links:
324     lib: $(LIB)
325     @touch lib
326    
327     -$(LIB): $(FIPSLIBDIR)fipscanister.o
328     - $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
329     +$(LIB): $(LIBOBJ) $(FIPS_OBJ_LISTS)
330     + FIPS_ASM=""; \
331     + list="$(BN_ASM)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/bn/$$i" ; done; \
332     + list="$(AES_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/aes/$$i" ; done; \
333     + list="$(DES_ENC)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/des/$$i" ; done; \
334     + list="$(SHA1_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/sha/$$i" ; done; \
335     + if [ -n "$(CPUID_OBJ)" ]; then \
336     + CPUID=../crypto/$(CPUID_OBJ) ; \
337     + else \
338     + CPUID="" ; \
339     + fi ; \
340     + objs="$(LIBOBJ) $(FIPS_EX_OBJ) $$CPUID $$FIPS_ASM"; \
341     + for i in $(FIPS_OBJ_LISTS); do \
342     + dir=`dirname $$i`; script="s|^|$$dir/|;s| | $$dir/|g"; \
343     + objs="$$objs `sed "$$script" $$i`"; \
344     + done; \
345     + objs="$$objs" ; \
346     + $(AR) $(LIB) $$objs
347     $(RANLIB) $(LIB) || echo Never mind.
348    
349     $(FIPSCANLIB): $(FIPSCANLOC)
350     @@ -154,7 +169,7 @@ $(FIPSCANLIB): $(FIPSCANLOC)
351     $(RANLIB) ../$(FIPSCANLIB).a || echo Never mind.
352     @touch lib
353    
354     -shared: lib subdirs fips_premain_dso$(EXE_EXT)
355     +shared: lib subdirs
356    
357     libs:
358     @target=lib; $(RECURSIVE_MAKE)
359     @@ -178,10 +193,6 @@ install:
360     chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
361     done;
362     @target=install; $(RECURSIVE_MAKE)
363     - @cp -p -f fipscanister.o fipscanister.o.sha1 fips_premain.c \
364     - fips_premain.c.sha1 \
365     - $(INSTALL_PREFIX)$(INSTALLTOP)/lib/; \
366     - chmod 0444 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/fips*
367    
368     lint:
369     @target=lint; $(RECURSIVE_MAKE)
370     diff -up openssl-fips-0.9.8e/fips/sha/fips_standalone_sha1.c.use-fipscheck openssl-fips-0.9.8e/fips/sha/fips_standalone_sha1.c
371     --- openssl-fips-0.9.8e/fips/sha/fips_standalone_sha1.c.use-fipscheck 2007-08-15 15:35:46.000000000 +0200
372     +++ openssl-fips-0.9.8e/fips/sha/fips_standalone_sha1.c 2009-04-15 11:58:37.000000000 +0200
373     @@ -62,20 +62,20 @@ void OPENSSL_cleanse(void *p,size_t len)
374    
375     #ifdef OPENSSL_FIPS
376    
377     -static void hmac_init(SHA_CTX *md_ctx,SHA_CTX *o_ctx,
378     +static void hmac_init(SHA256_CTX *md_ctx,SHA256_CTX *o_ctx,
379     const char *key)
380     {
381     - int len=strlen(key);
382     + size_t len=strlen(key);
383     int i;
384     unsigned char keymd[HMAC_MAX_MD_CBLOCK];
385     unsigned char pad[HMAC_MAX_MD_CBLOCK];
386    
387     if (len > SHA_CBLOCK)
388     {
389     - SHA1_Init(md_ctx);
390     - SHA1_Update(md_ctx,key,len);
391     - SHA1_Final(keymd,md_ctx);
392     - len=20;
393     + SHA256_Init(md_ctx);
394     + SHA256_Update(md_ctx,key,len);
395     + SHA256_Final(keymd,md_ctx);
396     + len=SHA256_DIGEST_LENGTH;
397     }
398     else
399     memcpy(keymd,key,len);
400     @@ -83,22 +83,22 @@ static void hmac_init(SHA_CTX *md_ctx,SH
401    
402     for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
403     pad[i]=0x36^keymd[i];
404     - SHA1_Init(md_ctx);
405     - SHA1_Update(md_ctx,pad,SHA_CBLOCK);
406     + SHA256_Init(md_ctx);
407     + SHA256_Update(md_ctx,pad,SHA256_CBLOCK);
408    
409     for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
410     pad[i]=0x5c^keymd[i];
411     - SHA1_Init(o_ctx);
412     - SHA1_Update(o_ctx,pad,SHA_CBLOCK);
413     + SHA256_Init(o_ctx);
414     + SHA256_Update(o_ctx,pad,SHA256_CBLOCK);
415     }
416    
417     -static void hmac_final(unsigned char *md,SHA_CTX *md_ctx,SHA_CTX *o_ctx)
418     +static void hmac_final(unsigned char *md,SHA256_CTX *md_ctx,SHA256_CTX *o_ctx)
419     {
420     - unsigned char buf[20];
421     + unsigned char buf[SHA256_DIGEST_LENGTH];
422    
423     - SHA1_Final(buf,md_ctx);
424     - SHA1_Update(o_ctx,buf,sizeof buf);
425     - SHA1_Final(md,o_ctx);
426     + SHA256_Final(buf,md_ctx);
427     + SHA256_Update(o_ctx,buf,sizeof buf);
428     + SHA256_Final(md,o_ctx);
429     }
430    
431     #endif
432     @@ -106,7 +106,7 @@ static void hmac_final(unsigned char *md
433     int main(int argc,char **argv)
434     {
435     #ifdef OPENSSL_FIPS
436     - static char key[]="etaonrishdlcupfm";
437     + static char key[]="orboDeJITITejsirpADONivirpUkvarP";
438     int n,binary=0;
439    
440     if(argc < 2)
441     @@ -125,8 +125,8 @@ int main(int argc,char **argv)
442     for(; n < argc ; ++n)
443     {
444     FILE *f=fopen(argv[n],"rb");
445     - SHA_CTX md_ctx,o_ctx;
446     - unsigned char md[20];
447     + SHA256_CTX md_ctx,o_ctx;
448     + unsigned char md[SHA256_DIGEST_LENGTH];
449     int i;
450    
451     if(!f)
452     @@ -139,7 +139,7 @@ int main(int argc,char **argv)
453     for( ; ; )
454     {
455     char buf[1024];
456     - int l=fread(buf,1,sizeof buf,f);
457     + size_t l=fread(buf,1,sizeof buf,f);
458    
459     if(l == 0)
460     {
461     @@ -151,18 +151,18 @@ int main(int argc,char **argv)
462     else
463     break;
464     }
465     - SHA1_Update(&md_ctx,buf,l);
466     + SHA256_Update(&md_ctx,buf,l);
467     }
468     hmac_final(md,&md_ctx,&o_ctx);
469    
470     if (binary)
471     {
472     - fwrite(md,20,1,stdout);
473     + fwrite(md,SHA256_DIGEST_LENGTH,1,stdout);
474     break; /* ... for single(!) file */
475     }
476    
477     - printf("HMAC-SHA1(%s)= ",argv[n]);
478     - for(i=0 ; i < 20 ; ++i)
479     +/* printf("HMAC-SHA1(%s)= ",argv[n]); */
480     + for(i=0 ; i < SHA256_DIGEST_LENGTH ; ++i)
481     printf("%02x",md[i]);
482     printf("\n");
483     }
484     diff -up openssl-fips-0.9.8e/fips/sha/Makefile.use-fipscheck openssl-fips-0.9.8e/fips/sha/Makefile
485     --- openssl-fips-0.9.8e/fips/sha/Makefile.use-fipscheck 2009-03-26 15:16:04.000000000 +0100
486     +++ openssl-fips-0.9.8e/fips/sha/Makefile 2009-04-15 11:57:17.000000000 +0200
487     @@ -47,7 +47,7 @@ lib: $(LIBOBJ)
488     @echo $(LIBOBJ) > lib
489    
490     ../fips_standalone_sha1$(EXE_EXT): fips_standalone_sha1.o
491     - FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha1dgst.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../../crypto/sha/$$i" ; done; \
492     + FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha256.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../../crypto/sha/$$i" ; done; \
493     $(CC) -o $@ $(CFLAGS) fips_standalone_sha1.o $$FIPS_SHA_ASM
494    
495     files:
496     diff -up openssl-fips-0.9.8e/Makefile.org.use-fipscheck openssl-fips-0.9.8e/Makefile.org
497     --- openssl-fips-0.9.8e/Makefile.org.use-fipscheck 2009-03-26 15:15:39.000000000 +0100
498     +++ openssl-fips-0.9.8e/Makefile.org 2009-03-26 15:15:39.000000000 +0100
499     @@ -355,10 +355,6 @@ libcrypto$(SHLIB_EXT): libcrypto.a $(SHA
500     $(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \
501     $(AR) libcrypto.a fips/fipscanister.o ; \
502     else \
503     - if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
504     - FIPSLD_CC=$(CC); CC=fips/fipsld; \
505     - export CC FIPSLD_CC; \
506     - fi; \
507     $(MAKE) -e SHLIBDIRS='crypto' build-shared; \
508     fi \
509     else \
510     @@ -379,9 +375,8 @@ libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT
511     fips/fipscanister.o: build_fips
512     libfips$(SHLIB_EXT): fips/fipscanister.o
513     @if [ "$(SHLIB_TARGET)" != "" ]; then \
514     - FIPSLD_CC=$(CC); CC=fips/fipsld; export CC FIPSLD_CC; \
515     $(MAKE) -f Makefile.shared -e $(BUILDENV) \
516     - CC=$${CC} LIBNAME=fips THIS=$@ \
517     + CC=$(CC) LIBNAME=fips THIS=$@ \
518     LIBEXTRAS=fips/fipscanister.o \
519     LIBDEPS="$(EX_LIBS)" \
520     LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
521     @@ -467,7 +462,7 @@ openssl.pc: Makefile
522     echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
523     echo 'Version: '$(VERSION); \
524     echo 'Requires: '; \
525     - echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
526     + echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)';\
527     echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
528    
529     Makefile: Makefile.org Configure config
530     diff -up openssl-fips-0.9.8e/test/Makefile.use-fipscheck openssl-fips-0.9.8e/test/Makefile
531     --- openssl-fips-0.9.8e/test/Makefile.use-fipscheck 2007-08-26 16:57:41.000000000 +0200
532     +++ openssl-fips-0.9.8e/test/Makefile 2009-04-15 11:37:30.000000000 +0200
533     @@ -395,8 +395,7 @@ FIPS_BUILD_CMD=shlib_target=; if [ -n "$
534     if [ "$(FIPSCANLIB)" = "libfips" ]; then \
535     LIBRARIES="-L$(TOP) -lfips"; \
536     else \
537     - FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
538     - LIBRARIES="$${FIPSLIBDIR:-$(TOP)/fips/}fipscanister.o"; \
539     + LIBRARIES="$(LIBCRYPTO)"; \
540     fi; \
541     $(MAKE) -f $(TOP)/Makefile.shared -e \
542     CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
543     @@ -407,9 +406,6 @@ FIPS_CRYPTO_BUILD_CMD=shlib_target=; if
544     shlib_target="$(SHLIB_TARGET)"; \
545     fi; \
546     LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \
547     - if [ -z "$(SHARED_LIBS)" ] ; then \
548     - FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
549     - fi; \
550     [ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
551     $(MAKE) -f $(TOP)/Makefile.shared -e \
552     CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed