/[smeserver]/rpms/openssl/sme8/openssl-fips-0.9.8e-use-fipscheck.patch
ViewVC logotype

Contents of /rpms/openssl/sme8/openssl-fips-0.9.8e-use-fipscheck.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Tue Feb 18 03:03:10 2014 UTC (10 years, 8 months ago) by wellsi
Branch: MAIN
CVS Tags: openssl-0_9_8e-28_el5_sme, openssl-0_9_8e-33_1_el5_sme, openssl-0_9_8e-32_1_el5_sme, openssl-0_9_8e-27_1_el5_sme, openssl-0_9_8e-27_el5_10_1, openssl-0_9_8e-31_1_el5_sme, HEAD
Branch point for: upstream
Error occurred while calculating annotation data.
Initial import

1 Do not create a fips canister but use a fipscheck equivalent method for
2 integrity verification of both libssl and libcrypto shared libraries.
3 diff -up openssl-fips-0.9.8e/apps/Makefile.use-fipscheck openssl-fips-0.9.8e/apps/Makefile
4 --- openssl-fips-0.9.8e/apps/Makefile.use-fipscheck 2007-08-15 15:35:29.000000000 +0200
5 +++ openssl-fips-0.9.8e/apps/Makefile 2009-03-26 15:16:09.000000000 +0100
6 @@ -152,8 +152,6 @@ $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(
7 $(RM) $(EXE)
8 shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
9 shlib_target="$(SHLIB_TARGET)"; \
10 - elif [ -n "$(FIPSCANLIB)" ]; then \
11 - FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
12 fi; \
13 LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
14 [ "x$(FIPSCANLIB)" = "xlibfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
15 diff -up openssl-fips-0.9.8e/fips/fips.c.use-fipscheck openssl-fips-0.9.8e/fips/fips.c
16 --- openssl-fips-0.9.8e/fips/fips.c.use-fipscheck 2007-08-26 16:57:10.000000000 +0200
17 +++ openssl-fips-0.9.8e/fips/fips.c 2009-04-15 11:43:59.000000000 +0200
18 @@ -47,6 +47,8 @@
19 *
20 */
21
22 +#define _GNU_SOURCE
23 +
24 #include <openssl/fips.h>
25 #include <openssl/rand.h>
26 #include <openssl/fips_rand.h>
27 @@ -56,6 +58,9 @@
28 #include <openssl/rsa.h>
29 #include <string.h>
30 #include <limits.h>
31 +#include <dlfcn.h>
32 +#include <stdio.h>
33 +#include <stdlib.h>
34 #include "fips_locl.h"
35
36 #ifdef OPENSSL_FIPS
37 @@ -163,6 +168,7 @@ int FIPS_selftest()
38 && FIPS_selftest_dsa();
39 }
40
41 +#if 0
42 extern const void *FIPS_text_start(), *FIPS_text_end();
43 extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
44 unsigned char FIPS_signature [20] = { 0 };
45 @@ -241,6 +247,206 @@ int FIPS_check_incore_fingerprint(void)
46
47 return 1;
48 }
49 +#else
50 +/* we implement what libfipscheck does ourselves */
51 +
52 +static int
53 +get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen)
54 +{
55 + Dl_info info;
56 + void *dl, *sym;
57 + int rv = -1;
58 +
59 + dl = dlopen(libname, RTLD_LAZY);
60 + if (dl == NULL) {
61 + return -1;
62 + }
63 +
64 + sym = dlsym(dl, symbolname);
65 +
66 + if (sym != NULL && dladdr(sym, &info)) {
67 + strncpy(path, info.dli_fname, pathlen-1);
68 + path[pathlen-1] = '\0';
69 + rv = 0;
70 + }
71 +
72 + dlclose(dl);
73 +
74 + return rv;
75 +}
76 +
77 +static const char conv[] = "0123456789abcdef";
78 +
79 +static char *
80 +bin2hex(void *buf, size_t len)
81 +{
82 + char *hex, *p;
83 + unsigned char *src = buf;
84 +
85 + hex = malloc(len * 2 + 1);
86 + if (hex == NULL)
87 + return NULL;
88 +
89 + p = hex;
90 +
91 + while (len > 0) {
92 + unsigned c;
93 +
94 + c = *src;
95 + src++;
96 +
97 + *p = conv[c >> 4];
98 + ++p;
99 + *p = conv[c & 0x0f];
100 + ++p;
101 + --len;
102 + }
103 + *p = '\0';
104 + return hex;
105 +}
106 +
107 +#define HMAC_PREFIX "."
108 +#define HMAC_SUFFIX ".hmac"
109 +#define READ_BUFFER_LENGTH 16384
110 +
111 +static char *
112 +make_hmac_path(const char *origpath)
113 +{
114 + char *path, *p;
115 + const char *fn;
116 +
117 + path = malloc(sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath));
118 + if(path == NULL) {
119 + return NULL;
120 + }
121 +
122 + fn = strrchr(origpath, '/');
123 + if (fn == NULL) {
124 + fn = origpath;
125 + } else {
126 + ++fn;
127 + }
128 +
129 + strncpy(path, origpath, fn-origpath);
130 + p = path + (fn - origpath);
131 + p = stpcpy(p, HMAC_PREFIX);
132 + p = stpcpy(p, fn);
133 + p = stpcpy(p, HMAC_SUFFIX);
134 +
135 + return path;
136 +}
137 +
138 +static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP";
139 +
140 +static int
141 +compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
142 +{
143 + FILE *f = NULL;
144 + int rv = -1;
145 + unsigned char rbuf[READ_BUFFER_LENGTH];
146 + size_t len;
147 + unsigned int hlen;
148 + HMAC_CTX c;
149 +
150 + HMAC_CTX_init(&c);
151 +
152 + f = fopen(path, "r");
153 +
154 + if (f == NULL) {
155 + goto end;
156 + }
157 +
158 + HMAC_Init(&c, hmackey, sizeof(hmackey)-1, EVP_sha256());
159 +
160 + while ((len=fread(rbuf, 1, sizeof(rbuf), f)) != 0) {
161 + HMAC_Update(&c, rbuf, len);
162 + }
163 +
164 + len = sizeof(rbuf);
165 + /* reuse rbuf for hmac */
166 + HMAC_Final(&c, rbuf, &hlen);
167 +
168 + *buf = malloc(hlen);
169 + if (*buf == NULL) {
170 + goto end;
171 + }
172 +
173 + *hmaclen = hlen;
174 +
175 + memcpy(*buf, rbuf, hlen);
176 +
177 + rv = 0;
178 +end:
179 + HMAC_CTX_cleanup(&c);
180 +
181 + if (f)
182 + fclose(f);
183 +
184 + return rv;
185 +}
186 +
187 +static int
188 +FIPSCHECK_verify(const char *libname, const char *symbolname)
189 +{
190 + char path[PATH_MAX+1];
191 + int rv;
192 + FILE *hf;
193 + char *hmacpath, *p;
194 + char *hmac = NULL;
195 + size_t n;
196 +
197 + rv = get_library_path(libname, symbolname, path, sizeof(path));
198 +
199 + if (rv < 0)
200 + return 0;
201 +
202 + hmacpath = make_hmac_path(path);
203 +
204 + hf = fopen(hmacpath, "r");
205 + if (hf == NULL) {
206 + free(hmacpath);
207 + return 0;
208 + }
209 +
210 + if (getline(&hmac, &n, hf) > 0) {
211 + void *buf;
212 + size_t hmaclen;
213 + char *hex;
214 +
215 + if ((p=strchr(hmac, '\n')) != NULL)
216 + *p = '\0';
217 +
218 + if (compute_file_hmac(path, &buf, &hmaclen) < 0) {
219 + rv = -4;
220 + goto end;
221 + }
222 +
223 + if ((hex=bin2hex(buf, hmaclen)) == NULL) {
224 + free(buf);
225 + rv = -5;
226 + goto end;
227 + }
228 +
229 + if (strcmp(hex, hmac) != 0) {
230 + rv = -1;
231 + }
232 + free(buf);
233 + free(hex);
234 + }
235 +
236 +end:
237 + free(hmac);
238 + free(hmacpath);
239 + fclose(hf);
240 +
241 + if (rv < 0)
242 + return 0;
243 +
244 + /* check successful */
245 + return 1;
246 +}
247 +
248 +#endif
249
250 int FIPS_mode_set(int onoff)
251 {
252 @@ -278,16 +484,17 @@ int FIPS_mode_set(int onoff)
253 }
254 #endif
255
256 - if(fips_signature_witness() != FIPS_signature)
257 + if(!FIPSCHECK_verify("libcrypto.so.0.9.8e","FIPS_mode_set"))
258 {
259 - FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_CONTRADICTING_EVIDENCE);
260 + FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
261 fips_selftest_fail = 1;
262 ret = 0;
263 goto end;
264 }
265
266 - if(!FIPS_check_incore_fingerprint())
267 + if(!FIPSCHECK_verify("libssl.so.0.9.8e","SSL_CTX_new"))
268 {
269 + FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
270 fips_selftest_fail = 1;
271 ret = 0;
272 goto end;
273 @@ -403,11 +610,13 @@ int fips_clear_owning_thread(void)
274 return ret;
275 }
276
277 +#if 0
278 unsigned char *fips_signature_witness(void)
279 {
280 extern unsigned char FIPS_signature[];
281 return FIPS_signature;
282 }
283 +#endif
284
285 /* Generalized public key test routine. Signs and verifies the data
286 * supplied in tbs using mesage digest md and setting option digest
287 diff -up openssl-fips-0.9.8e/fips/fips_locl.h.use-fipscheck openssl-fips-0.9.8e/fips/fips_locl.h
288 --- openssl-fips-0.9.8e/fips/fips_locl.h.use-fipscheck 2007-08-15 15:35:31.000000000 +0200
289 +++ openssl-fips-0.9.8e/fips/fips_locl.h 2009-03-26 15:15:39.000000000 +0100
290 @@ -63,7 +63,9 @@ int fips_is_owning_thread(void);
291 int fips_set_owning_thread(void);
292 void fips_set_selftest_fail(void);
293 int fips_clear_owning_thread(void);
294 +#if 0
295 unsigned char *fips_signature_witness(void);
296 +#endif
297
298 #define FIPS_MAX_CIPHER_TEST_SIZE 16
299
300 diff -up openssl-fips-0.9.8e/fips/Makefile.use-fipscheck openssl-fips-0.9.8e/fips/Makefile
301 --- openssl-fips-0.9.8e/fips/Makefile.use-fipscheck 2007-08-15 15:35:30.000000000 +0200
302 +++ openssl-fips-0.9.8e/fips/Makefile 2009-04-15 11:41:25.000000000 +0200
303 @@ -62,9 +62,9 @@ testapps:
304
305 all:
306 @if [ -z "$(FIPSLIBDIR)" ]; then \
307 - $(MAKE) -e subdirs lib fips_premain_dso$(EXE_EXT); \
308 + $(MAKE) -e subdirs lib; \
309 else \
310 - $(MAKE) -e lib fips_premain_dso$(EXE_EXT) fips_standalone_sha1$(EXE_EXT); \
311 + $(MAKE) -e lib; \
312 fi
313
314 # Idea behind fipscanister.o is to "seize" the sequestered code between
315 @@ -109,7 +109,6 @@ fipscanister.o: fips_start.o $(LIBOBJ) $
316 HP-UX|OSF1|SunOS) set -x; /usr/ccs/bin/ld -r -o $@ $$objs ;; \
317 *) set -x; $(CC) $$cflags -r -o $@ $$objs ;; \
318 esac fi
319 - ./fips_standalone_sha1 fipscanister.o > fipscanister.o.sha1
320
321 # If another exception is immediately required, assign approprite
322 # site-specific ld command to FIPS_SITE_LD environment variable.
323 @@ -141,8 +140,24 @@ links:
324 lib: $(LIB)
325 @touch lib
326
327 -$(LIB): $(FIPSLIBDIR)fipscanister.o
328 - $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
329 +$(LIB): $(LIBOBJ) $(FIPS_OBJ_LISTS)
330 + FIPS_ASM=""; \
331 + list="$(BN_ASM)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/bn/$$i" ; done; \
332 + list="$(AES_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/aes/$$i" ; done; \
333 + list="$(DES_ENC)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/des/$$i" ; done; \
334 + list="$(SHA1_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/sha/$$i" ; done; \
335 + if [ -n "$(CPUID_OBJ)" ]; then \
336 + CPUID=../crypto/$(CPUID_OBJ) ; \
337 + else \
338 + CPUID="" ; \
339 + fi ; \
340 + objs="$(LIBOBJ) $(FIPS_EX_OBJ) $$CPUID $$FIPS_ASM"; \
341 + for i in $(FIPS_OBJ_LISTS); do \
342 + dir=`dirname $$i`; script="s|^|$$dir/|;s| | $$dir/|g"; \
343 + objs="$$objs `sed "$$script" $$i`"; \
344 + done; \
345 + objs="$$objs" ; \
346 + $(AR) $(LIB) $$objs
347 $(RANLIB) $(LIB) || echo Never mind.
348
349 $(FIPSCANLIB): $(FIPSCANLOC)
350 @@ -154,7 +169,7 @@ $(FIPSCANLIB): $(FIPSCANLOC)
351 $(RANLIB) ../$(FIPSCANLIB).a || echo Never mind.
352 @touch lib
353
354 -shared: lib subdirs fips_premain_dso$(EXE_EXT)
355 +shared: lib subdirs
356
357 libs:
358 @target=lib; $(RECURSIVE_MAKE)
359 @@ -178,10 +193,6 @@ install:
360 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
361 done;
362 @target=install; $(RECURSIVE_MAKE)
363 - @cp -p -f fipscanister.o fipscanister.o.sha1 fips_premain.c \
364 - fips_premain.c.sha1 \
365 - $(INSTALL_PREFIX)$(INSTALLTOP)/lib/; \
366 - chmod 0444 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/fips*
367
368 lint:
369 @target=lint; $(RECURSIVE_MAKE)
370 diff -up openssl-fips-0.9.8e/fips/sha/fips_standalone_sha1.c.use-fipscheck openssl-fips-0.9.8e/fips/sha/fips_standalone_sha1.c
371 --- openssl-fips-0.9.8e/fips/sha/fips_standalone_sha1.c.use-fipscheck 2007-08-15 15:35:46.000000000 +0200
372 +++ openssl-fips-0.9.8e/fips/sha/fips_standalone_sha1.c 2009-04-15 11:58:37.000000000 +0200
373 @@ -62,20 +62,20 @@ void OPENSSL_cleanse(void *p,size_t len)
374
375 #ifdef OPENSSL_FIPS
376
377 -static void hmac_init(SHA_CTX *md_ctx,SHA_CTX *o_ctx,
378 +static void hmac_init(SHA256_CTX *md_ctx,SHA256_CTX *o_ctx,
379 const char *key)
380 {
381 - int len=strlen(key);
382 + size_t len=strlen(key);
383 int i;
384 unsigned char keymd[HMAC_MAX_MD_CBLOCK];
385 unsigned char pad[HMAC_MAX_MD_CBLOCK];
386
387 if (len > SHA_CBLOCK)
388 {
389 - SHA1_Init(md_ctx);
390 - SHA1_Update(md_ctx,key,len);
391 - SHA1_Final(keymd,md_ctx);
392 - len=20;
393 + SHA256_Init(md_ctx);
394 + SHA256_Update(md_ctx,key,len);
395 + SHA256_Final(keymd,md_ctx);
396 + len=SHA256_DIGEST_LENGTH;
397 }
398 else
399 memcpy(keymd,key,len);
400 @@ -83,22 +83,22 @@ static void hmac_init(SHA_CTX *md_ctx,SH
401
402 for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
403 pad[i]=0x36^keymd[i];
404 - SHA1_Init(md_ctx);
405 - SHA1_Update(md_ctx,pad,SHA_CBLOCK);
406 + SHA256_Init(md_ctx);
407 + SHA256_Update(md_ctx,pad,SHA256_CBLOCK);
408
409 for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
410 pad[i]=0x5c^keymd[i];
411 - SHA1_Init(o_ctx);
412 - SHA1_Update(o_ctx,pad,SHA_CBLOCK);
413 + SHA256_Init(o_ctx);
414 + SHA256_Update(o_ctx,pad,SHA256_CBLOCK);
415 }
416
417 -static void hmac_final(unsigned char *md,SHA_CTX *md_ctx,SHA_CTX *o_ctx)
418 +static void hmac_final(unsigned char *md,SHA256_CTX *md_ctx,SHA256_CTX *o_ctx)
419 {
420 - unsigned char buf[20];
421 + unsigned char buf[SHA256_DIGEST_LENGTH];
422
423 - SHA1_Final(buf,md_ctx);
424 - SHA1_Update(o_ctx,buf,sizeof buf);
425 - SHA1_Final(md,o_ctx);
426 + SHA256_Final(buf,md_ctx);
427 + SHA256_Update(o_ctx,buf,sizeof buf);
428 + SHA256_Final(md,o_ctx);
429 }
430
431 #endif
432 @@ -106,7 +106,7 @@ static void hmac_final(unsigned char *md
433 int main(int argc,char **argv)
434 {
435 #ifdef OPENSSL_FIPS
436 - static char key[]="etaonrishdlcupfm";
437 + static char key[]="orboDeJITITejsirpADONivirpUkvarP";
438 int n,binary=0;
439
440 if(argc < 2)
441 @@ -125,8 +125,8 @@ int main(int argc,char **argv)
442 for(; n < argc ; ++n)
443 {
444 FILE *f=fopen(argv[n],"rb");
445 - SHA_CTX md_ctx,o_ctx;
446 - unsigned char md[20];
447 + SHA256_CTX md_ctx,o_ctx;
448 + unsigned char md[SHA256_DIGEST_LENGTH];
449 int i;
450
451 if(!f)
452 @@ -139,7 +139,7 @@ int main(int argc,char **argv)
453 for( ; ; )
454 {
455 char buf[1024];
456 - int l=fread(buf,1,sizeof buf,f);
457 + size_t l=fread(buf,1,sizeof buf,f);
458
459 if(l == 0)
460 {
461 @@ -151,18 +151,18 @@ int main(int argc,char **argv)
462 else
463 break;
464 }
465 - SHA1_Update(&md_ctx,buf,l);
466 + SHA256_Update(&md_ctx,buf,l);
467 }
468 hmac_final(md,&md_ctx,&o_ctx);
469
470 if (binary)
471 {
472 - fwrite(md,20,1,stdout);
473 + fwrite(md,SHA256_DIGEST_LENGTH,1,stdout);
474 break; /* ... for single(!) file */
475 }
476
477 - printf("HMAC-SHA1(%s)= ",argv[n]);
478 - for(i=0 ; i < 20 ; ++i)
479 +/* printf("HMAC-SHA1(%s)= ",argv[n]); */
480 + for(i=0 ; i < SHA256_DIGEST_LENGTH ; ++i)
481 printf("%02x",md[i]);
482 printf("\n");
483 }
484 diff -up openssl-fips-0.9.8e/fips/sha/Makefile.use-fipscheck openssl-fips-0.9.8e/fips/sha/Makefile
485 --- openssl-fips-0.9.8e/fips/sha/Makefile.use-fipscheck 2009-03-26 15:16:04.000000000 +0100
486 +++ openssl-fips-0.9.8e/fips/sha/Makefile 2009-04-15 11:57:17.000000000 +0200
487 @@ -47,7 +47,7 @@ lib: $(LIBOBJ)
488 @echo $(LIBOBJ) > lib
489
490 ../fips_standalone_sha1$(EXE_EXT): fips_standalone_sha1.o
491 - FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha1dgst.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../../crypto/sha/$$i" ; done; \
492 + FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha256.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../../crypto/sha/$$i" ; done; \
493 $(CC) -o $@ $(CFLAGS) fips_standalone_sha1.o $$FIPS_SHA_ASM
494
495 files:
496 diff -up openssl-fips-0.9.8e/Makefile.org.use-fipscheck openssl-fips-0.9.8e/Makefile.org
497 --- openssl-fips-0.9.8e/Makefile.org.use-fipscheck 2009-03-26 15:15:39.000000000 +0100
498 +++ openssl-fips-0.9.8e/Makefile.org 2009-03-26 15:15:39.000000000 +0100
499 @@ -355,10 +355,6 @@ libcrypto$(SHLIB_EXT): libcrypto.a $(SHA
500 $(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \
501 $(AR) libcrypto.a fips/fipscanister.o ; \
502 else \
503 - if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
504 - FIPSLD_CC=$(CC); CC=fips/fipsld; \
505 - export CC FIPSLD_CC; \
506 - fi; \
507 $(MAKE) -e SHLIBDIRS='crypto' build-shared; \
508 fi \
509 else \
510 @@ -379,9 +375,8 @@ libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT
511 fips/fipscanister.o: build_fips
512 libfips$(SHLIB_EXT): fips/fipscanister.o
513 @if [ "$(SHLIB_TARGET)" != "" ]; then \
514 - FIPSLD_CC=$(CC); CC=fips/fipsld; export CC FIPSLD_CC; \
515 $(MAKE) -f Makefile.shared -e $(BUILDENV) \
516 - CC=$${CC} LIBNAME=fips THIS=$@ \
517 + CC=$(CC) LIBNAME=fips THIS=$@ \
518 LIBEXTRAS=fips/fipscanister.o \
519 LIBDEPS="$(EX_LIBS)" \
520 LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
521 @@ -467,7 +462,7 @@ openssl.pc: Makefile
522 echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
523 echo 'Version: '$(VERSION); \
524 echo 'Requires: '; \
525 - echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
526 + echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)';\
527 echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
528
529 Makefile: Makefile.org Configure config
530 diff -up openssl-fips-0.9.8e/test/Makefile.use-fipscheck openssl-fips-0.9.8e/test/Makefile
531 --- openssl-fips-0.9.8e/test/Makefile.use-fipscheck 2007-08-26 16:57:41.000000000 +0200
532 +++ openssl-fips-0.9.8e/test/Makefile 2009-04-15 11:37:30.000000000 +0200
533 @@ -395,8 +395,7 @@ FIPS_BUILD_CMD=shlib_target=; if [ -n "$
534 if [ "$(FIPSCANLIB)" = "libfips" ]; then \
535 LIBRARIES="-L$(TOP) -lfips"; \
536 else \
537 - FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
538 - LIBRARIES="$${FIPSLIBDIR:-$(TOP)/fips/}fipscanister.o"; \
539 + LIBRARIES="$(LIBCRYPTO)"; \
540 fi; \
541 $(MAKE) -f $(TOP)/Makefile.shared -e \
542 CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
543 @@ -407,9 +406,6 @@ FIPS_CRYPTO_BUILD_CMD=shlib_target=; if
544 shlib_target="$(SHLIB_TARGET)"; \
545 fi; \
546 LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \
547 - if [ -z "$(SHARED_LIBS)" ] ; then \
548 - FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
549 - fi; \
550 [ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
551 $(MAKE) -f $(TOP)/Makefile.shared -e \
552 CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed