Make -DOPENSSL_FIPSSYMS work for assembly language builds.

diff --git a/CHANGES b/CHANGES
index 99172adc52142888db8b1f179070aaa03d5c04bf..e1cbe370c1b7e8bb7900f51eacff134a7474e566 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -6,8 +6,9 @@
 
   *) Add experimental option FIPSSYMS to give all symbols in
      fipscanister.o and FIPS or fips prefix. This will avoid
-     conflicts with future versions of OpenSSL. Only works for
-     no-asm at present.
+     conflicts with future versions of OpenSSL. Add perl script
+     util/fipsas.pl to preprocess assembly language source files
+     and rename any affected symbols.
      [Steve Henson]
 
   *) Add selftest checks and algorithm block of non-fips algorithms in

diff --git a/Makefile.fips b/Makefile.fips
index 2344a5823abc1e5f340115deff6ca80a297d8183..f8307cbf692010fb55eb6f20bddf3b2c4d7ad440 100644 (file)
--- a/Makefile.fips
+++ b/Makefile.fips
@@ -78,7 +78,7 @@ LIBDIR=lib
 # dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
 # gcc, then the driver will automatically translate it to -xarch=v8plus
 # and pass it down to assembler.
-AS=$(CC) -c
+#AS=$(CC) -c
 ASFLAG=$(CFLAG)
 
 # For x86 assembler: Set PROCESSOR to 386 if you want to support
@@ -205,7 +205,7 @@ CLEARENV=   TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS}     \
 
 BUILDENV=      PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
                CC='$(CC)' CFLAG='$(CFLAG)'                     \
-               AS='$(CC)' ASFLAG='$(CFLAG) -c'                 \
+               ASFLAG='$(CFLAG) -c'                    \
                AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)'        \
                CROSS_COMPILE='$(CROSS_COMPILE)'        \
                PERL='$(PERL)' ENGDIRS='$(ENGDIRS)'             \
@@ -367,6 +367,11 @@ build_crypto:
        else \
                ARX='${AR}' ; \
        fi ; export ARX ; \
+       if [ $(FIPSCANISTERINTERNAL) = "y" ]; then \
+               AS='$(PERL) $${TOP}/util/fipsas.pl $${TOP} $${<} $(CC)' ; \
+       else \
+               AS='$(CC) -c' ; \
+       fi ; export AS ; \
                dir=crypto; target=all; $(BUILD_ONE_CMD)
 build_ssl:
        @dir=ssl; target=all; $(BUILD_ONE_CMD)

diff --git a/Makefile.org b/Makefile.org
index 09cb9a07a2d5c05730f6a575ae2fbc18c2708f81..deaf792546371afb5fde0e7b3d9aa5271924382d 100644 (file)
--- a/Makefile.org
+++ b/Makefile.org
@@ -78,7 +78,7 @@ LIBDIR=lib
 # dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
 # gcc, then the driver will automatically translate it to -xarch=v8plus
 # and pass it down to assembler.
-AS=$(CC) -c
+#AS=$(CC) -c
 ASFLAG=$(CFLAG)
 
 # For x86 assembler: Set PROCESSOR to 386 if you want to support
@@ -205,7 +205,7 @@ CLEARENV=   TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS}     \
 
 BUILDENV=      PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
                CC='$(CC)' CFLAG='$(CFLAG)'                     \
-               AS='$(CC)' ASFLAG='$(CFLAG) -c'                 \
+               ASFLAG='$(CFLAG) -c'                    \
                AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)'        \
                CROSS_COMPILE='$(CROSS_COMPILE)'        \
                PERL='$(PERL)' ENGDIRS='$(ENGDIRS)'             \
@@ -367,6 +367,11 @@ build_crypto:
        else \
                ARX='${AR}' ; \
        fi ; export ARX ; \
+       if [ $(FIPSCANISTERINTERNAL) = "y" ]; then \
+               AS='$(PERL) $${TOP}/util/fipsas.pl $${TOP} $${<} $(CC) -c' ; \
+       else \
+               AS='$(CC) -c' ; \
+       fi ; export AS ; \
                dir=crypto; target=all; $(BUILD_ONE_CMD)
 build_ssl:
        @dir=ssl; target=all; $(BUILD_ONE_CMD)

diff --git a/util/fipsas.pl b/util/fipsas.pl
index cd8b8c02f4f4dd4624383d4d97cc8113f53e1824..c6964e19cfadd68ea9306b678565771427fc6241 100644 (file)
--- a/util/fipsas.pl
+++ b/util/fipsas.pl
@@ -9,6 +9,19 @@ my @ARGS = @ARGV;
 my $top = shift @ARGS;
 my $target = shift @ARGS;
 
+# HACK to disable operation if no OPENSSL_FIPSSYMS option.
+# will go away when tested more fully.
+
+my $enabled = 0;
+
+foreach (@ARGS) { $enabled = 1 if /-DOPENSSL_FIPSSYMS/ ; }
+
+if ($enabled == 0)
+       {
+       system @ARGS;
+       exit $?
+       }
+
 # Open symbol rename file.
 open(IN, "$top/fips/fipssyms.h") || die "Can't open fipssyms.h";