[openssl.org #2915] [PATCH] Add an option to Configure to set the include directory for FIPS enabled builds

Mathias Tausig via RT Tue, 20 Nov 2012 00:34:08 -0800

Hello!

I have created a patch which adds a --with-fipsincludedir switch to the 
Configure script. 
If you want to create a FIPS-enabled build, the include files are currently 
looked for in FIPSDIR/include. The value of this option makes that directory 
changeable by the user.


Reason why I did this: I use a seperate install of a FIPS-enabled openssl in 
/usr/local to not interfere with the distribution provided version. Since I use 
openSuse, I have created to RPM files (openssl-fipscanister and openssl-fips) 
which both share the base path /usr/local/ssl/fips-2.0. The problem is, that 
the fips enabled openssl overwrites the includes already installed by the 
fipscanister which create a RPM error. My solution is, that I install the 
includes from the fispcanister to a different directory (install_canister) and 
set this directory for the normal build, using this patch.

The patch has been tested against openssl-1.0.1c on 32bit Linux (openSuse 12.2).

regards
Mathias Tausig

Common subdirectories: openssl-1.0.1c-orig/apps and openssl-1.0.1c-patch/apps
Common subdirectories: openssl-1.0.1c-orig/bugs and openssl-1.0.1c-patch/bugs
Common subdirectories: openssl-1.0.1c-orig/certs and openssl-1.0.1c-patch/certs
diff -u openssl-1.0.1c-orig/Configure openssl-1.0.1c-patch/Configure
--- openssl-1.0.1c-orig/Configure	2012-11-19 12:16:46.198763641 +0100
+++ openssl-1.0.1c-patch/Configure	2012-11-19 12:43:24.849110224 +0100
@@ -663,6 +663,7 @@
 my $cross_compile_prefix="";
 my $fipsdir="/usr/local/ssl/fips-2.0";
 my $fipslibdir="";
+my $fipsincludedir="";
 my $baseaddr="0xFB00000";
 my $no_threads=0;
 my $threads=0;
@@ -910,6 +911,10 @@
 				{
 				$fipslibdir="$1";
 				}
+			elsif (/^--with-fipsincludedir=(.*)$/)
+				{
+				$fipsincludedir="$1";
+				}
 			elsif (/^--with-baseaddr=(.*)$/)
 				{
 				$baseaddr="$1";
@@ -992,7 +997,10 @@
 	{
 	$fipslibdir = $fipsdir . "/lib/";
 	}
-
+if ($fips && $fipsincludedir eq "")
+	{
+	$fipsincludedir = $fipsdir . "/include";
+	}
 # RSAX ENGINE sets default non-FIPS RSA method.
 if ($fips)
 	{
@@ -1467,7 +1475,7 @@
 if ($fips)
 	{
 	$openssl_other_defines.="#define OPENSSL_FIPS\n";
-	$cflags .= " -I\$(FIPSDIR)/include";
+	$cflags .= " -I\$(FIPSINCLUDEDIR) ";
 	}
 
 $cpuid_obj="mem_clr.o"	unless ($cpuid_obj =~ /\.o$/);
@@ -1654,6 +1662,7 @@
 
 	s/^FIPSDIR=.*/FIPSDIR=$fipsdir/;
 	s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
+	s/^FIPSINCLUDEDIR=.*/FIPSINCLUDEDIR=$fipsincludedir/;
 	s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips;
 	s/^BASEADDR=.*/BASEADDR=$baseaddr/;
 
Common subdirectories: openssl-1.0.1c-orig/crypto and openssl-1.0.1c-patch/crypto
Common subdirectories: openssl-1.0.1c-orig/demos and openssl-1.0.1c-patch/demos
Common subdirectories: openssl-1.0.1c-orig/doc and openssl-1.0.1c-patch/doc
Common subdirectories: openssl-1.0.1c-orig/engines and openssl-1.0.1c-patch/engines
Common subdirectories: openssl-1.0.1c-orig/include and openssl-1.0.1c-patch/include
Common subdirectories: openssl-1.0.1c-orig/MacOS and openssl-1.0.1c-patch/MacOS
diff -u openssl-1.0.1c-orig/Makefile.org openssl-1.0.1c-patch/Makefile.org
--- openssl-1.0.1c-orig/Makefile.org	2012-11-19 12:16:46.166765177 +0100
+++ openssl-1.0.1c-patch/Makefile.org	2012-11-19 12:33:41.509537381 +0100
@@ -123,6 +123,15 @@
 
 FIPSLIBDIR=
 
+# This is the location of the include files for fipscanister.o and friends.
+# The FIPS module build will place it $(INSTALLTOP)/include
+# but since $(INSTALLTOP) can only take the default value
+# when the module is built it will be in /usr/local/ssl/include
+# $(INSTALLTOP) for this build may be different so hard
+# code the path.
+
+FIPSINCLUDEDIR=
+
 # The location of the library which contains fipscanister.o
 # normally it will be libcrypto unless fipsdso is set in which
 # case it will be libfips. If not compiling in FIPS mode at all
@@ -234,6 +243,7 @@
 		ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)'		\
 		PERLASM_SCHEME='$(PERLASM_SCHEME)'		\
 		FIPSLIBDIR='${FIPSLIBDIR}'			\
+		FIPSINCLUDEDIR='${FIPSINCLUDEDIR}'			\
 		FIPSDIR='${FIPSDIR}'				\
 		FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}"	\
 		THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
Common subdirectories: openssl-1.0.1c-orig/ms and openssl-1.0.1c-patch/ms
Common subdirectories: openssl-1.0.1c-orig/Netware and openssl-1.0.1c-patch/Netware
Common subdirectories: openssl-1.0.1c-orig/os2 and openssl-1.0.1c-patch/os2
Common subdirectories: openssl-1.0.1c-orig/perl and openssl-1.0.1c-patch/perl
Common subdirectories: openssl-1.0.1c-orig/shlib and openssl-1.0.1c-patch/shlib
Common subdirectories: openssl-1.0.1c-orig/ssl and openssl-1.0.1c-patch/ssl
Common subdirectories: openssl-1.0.1c-orig/test and openssl-1.0.1c-patch/test
Common subdirectories: openssl-1.0.1c-orig/times and openssl-1.0.1c-patch/times
Common subdirectories: openssl-1.0.1c-orig/tools and openssl-1.0.1c-patch/tools
Common subdirectories: openssl-1.0.1c-orig/util and openssl-1.0.1c-patch/util
Common subdirectories: openssl-1.0.1c-orig/VMS and openssl-1.0.1c-patch/VMS

[openssl.org #2915] [PATCH] Add an option to Configure to set the include directory for FIPS enabled builds

Reply via email to