The recent code changes with fips created incompatibility with the
DJGPP port of 0.9.7. The attached patch fixes those problems caused
by different path separators (";" vs ":") and by the differentiation
in handling of binary and text mode files. In addition, "386" was
associated with elf assembly routines, but DJGPP uses coff rather than
elf.
The DJGPP version of make was unable to handle the shell comparators
in the Makefiles in the subdirectories of fips where $(EXHEADER) is
null, despite the fact that the shell itself handles this well. I put
alternative conditionals in the makefiles. I think these are probably
GNU extensions, but I didn't see another way of having this work in
DJGPP. I hope this isn't breaking the makefiles for other platforms.
The fips/aes makefile was also trying to use mklink to create a
subdirectory in the test directory. This doesn't work in DJGPP and
seems unnecessary for any platform, since the directory is created by
the "mkdir -p" in the fips_test_aes part of test/Makefile.
I also looked at the problem of DJGPP not having had a good way of
getting entropy to seed the PNRG. I made a change to let DJGPP use the
rand_egd mechanism. I don't see any reason why it can't work in DJGPP
and now seems to be polling the socket when tested. I also put in a
new RAND_poll function for DJGPP. The DJGPP system does not have a
good random number generator, but does have two pseudo random number
generators, rand and random, which use different algorithms to obtain
pseudorandom numbers from a seed. I used the rawclock function to
obtain the number of clock ticks since midnight (granularity 55ms),
used that to seed one pseudorandom function, then used the result of
that to seed the alternate function. Please look carefully at this,
since I am neither a programmer nor a cryptographer.
I also configured for fips mode with 386 under DJGPP. There is a
problem with one of the tests which used sed, since the official
DJGPP port of gnu sed also changes all EOLs to \r\n in addition to
any other editing changes it is supposed to do. I compiled a binary
version of sed to use with the "make test" part of compilation, which
treats files and streams as binary. The test will fail, however, if
using stock sed for DJGPP. The fips "make test" generates a number
of warnings about PRNG IN TEST MODE. I think they are supposed to
be there, but did want to make sure. In addition, I got a number of
warnings about small memory leaks. I am attaching an extract from the
log of "make test" run with fips. I don't see where these problems are
specific to DJGPP.
The attached patch is against the 20040725 snapshot of 0.9.7, after
applying the mingw patch I previously submitted (rt#924). Since I am
in the US, I am also submitting the patch to the US Bureau of Industry
and Security.
Thanks for looking at this. I suspect that not many people are
compiling OpenSSL under DJGPP besides me and Gisle Vanem.
Doug
--
Doug Kaufman
Internet: [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
