--- a/components/openssl/openssl-fips/Makefile Thu Feb 02 10:53:40 2012 -0800
+++ b/components/openssl/openssl-fips/Makefile Tue Feb 07 12:53:01 2012 -0800
@@ -38,12 +38,7 @@
include $(WS_TOP)/make-rules/prep.mk
include $(WS_TOP)/make-rules/configure.mk
-# To build x86 FIPS canister, gcc needs to be used so it must be
-# in the PATH. This is because according to the "OpenSSL FIPS 140-2
-# Security Policy" document, no file in the source distribution may
-# be changed in any way and as a result, gcc is chosen because
-# otherwise "-fast" is erroneously passed to the Studio cc compiler.
-PATH=$(SPRO_VROOT)/bin:/usr/bin:/usr/gnu/bin:/usr/perl5/bin:$(SFWBIN)
+PATH=$(SPRO_VROOT)/bin:/usr/bin:/usr/gnu/bin:/usr/perl5/bin
# In order to build a 32bit version on a 64bit system the isalist(1) command
# must be substituted for the 32bit build so that amd64|sparcv9 is not part of
@@ -54,7 +49,7 @@
# run as shown there. Nothing from the tarball can be modified. We use the U2
# command set, see below.
FAKE_ISALIST = 32/isalist
-FAKE_MAKE = gmake
+FAKE_MAKE = fips-gmake
FAKE_CC = cc
FAKE_APPS = $(FAKE_ISALIST) $(FAKE_MAKE) $(FAKE_CC)
@@ -83,7 +78,8 @@
COMPONENT_INSTALL_ARGS =
COMPONENT_INSTALL_TARGETS = install
CONFIGURE_ENV += FIPS_SITE_LD=$(LD) PATH=$(FIPS_PATH_$(BITS))
-COMPONENT_BUILD_ENV += FIPS_SITE_LD=$(LD) REALCC=$(CC) MYMAKE=$(MAKE)
+# Add COMPONENT_DIR to PATH so cc wrapper can be found.
+COMPONENT_BUILD_ENV += FIPS_SITE_LD=$(LD) REALCC=$(CC) MYMAKE=$(MAKE) PATH=$(COMPONENT_DIR):$(PATH)
$(BUILD_32_and_64): $(FAKE_APPS)
@@ -94,7 +90,7 @@
# We must make the "install" target a no-op (but must run it to be compliant).
# See above for more information.
-install: GMAKE = $(COMPONENT_DIR)/gmake
+install: GMAKE = $(COMPONENT_DIR)/fips-gmake
install: $(BUILD_DIR_32)/.verified $(BUILD_DIR_64)/.verified
# This is a recommended set of commands to verify that the FIPS-140 mode can be
--- a/components/openssl/openssl-fips/cc.sh Thu Feb 02 10:53:40 2012 -0800
+++ b/components/openssl/openssl-fips/cc.sh Tue Feb 07 12:53:01 2012 -0800
@@ -21,14 +21,30 @@
#
#
-# Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
#
-# Very simple cc wrapper whose only purpose is to ensure that cc behaves as
-# desired when linking the fipscanister.o object. Currently that means adding
-# "-W2,-Rfully_unroll to the compiler options. As the fips module is only built
-# with Sun Studio on sparc (gcc is used on x86) this workaround will only happen
-# on sparc, in fact the compiler bug this is working around is sparc specific
-# anyway.
+# The fips module is built with Sun Studio cc compile on sparc and x86.
+# On x86, this cc wrapper is used to remove "-fast" from the compiler
+# option. According to the "OpenSSL FIPS 140-2 Security Policy"
+# document, no file in the source distribution may be changed in any way
+# and as a result, this wrapper is used to remove the -fast that is
+# passed to the Studio cc compiler.
+# On sparc, this wrapper is just a pass through to cc.
+
+MACH=`uname -p`
-exec $REALCC -W2,-Rfully_unroll "$@"
+if [ "$MACH" = "sparc" ]; then
+ exec $REALCC "$@"
+else
+ CC_CMD=""
+ while [ $# -ne 0 ]; do
+ if [ "$1" != "-fast" ]; then
+ CC_CMD="$CC_CMD '$1'"
+ fi
+ shift;
+ done
+
+ eval $REALCC $CC_CMD
+fi
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-fips/fips-gmake.sh Tue Feb 07 12:53:01 2012 -0800
@@ -0,0 +1,31 @@
+#!/bin/ksh93
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
+#
+
+# Make "make install" a no-op. Everything else gets passed through make.
+
+if [[ $1 != install ]]; then
+ $MYMAKE "$@"
+fi
--- a/components/openssl/openssl-fips/gmake.sh Thu Feb 02 10:53:40 2012 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,31 +0,0 @@
-#!/bin/ksh93
-#
-# CDDL HEADER START
-#
-# The contents of this file are subject to the terms of the
-# Common Development and Distribution License (the "License").
-# You may not use this file except in compliance with the License.
-#
-# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
-# or http://www.opensolaris.org/os/licensing.
-# See the License for the specific language governing permissions
-# and limitations under the License.
-#
-# When distributing Covered Code, include this CDDL HEADER in each
-# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
-# If applicable, add the following below this CDDL HEADER, with the
-# fields enclosed by brackets "[]" replaced with your own identifying
-# information: Portions Copyright [yyyy] [name of copyright owner]
-#
-# CDDL HEADER END
-#
-
-#
-# Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
-#
-
-# Make "make install" a no-op. Everything else gets passed through make.
-
-if [[ $1 != install ]]; then
- $MYMAKE "$@"
-fi