commit fd49993c3b94aef54669e095f1e6c417efb202aa
author Adam Langley <agl@google.com> Tue Apr 04 14:21:43 2017 -0700
committer Adam Langley <agl@google.com> Fri Apr 07 00:05:34 2017 +0000
tree e1654103a8cb187ad9a2bb05bc5dbfc5fc54d846
parent 0ef8c7bd8fe1bf50ee18c672998625b7e54f6456

First part of the FIPS module.

Change-Id: Ic3a91ccd2c8cdc364740f256fdb8a7ff66177947
Reviewed-on: https://boringssl-review.googlesource.com/14506
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>

util/generate_build_files.py

diff --git a/util/generate_build_files.py b/util/generate_build_files.py
index 5af3d4f..122a2b8 100644
--- a/util/generate_build_files.py
+++ b/util/generate_build_files.py
@@ -208,6 +208,7 @@
       out.write(self.header)
 
       self.PrintVariableSection(out, 'ssl_headers', files['ssl_headers'])
+      self.PrintVariableSection(out, 'fips_fragments', files['fips_fragments'])
       self.PrintVariableSection(
           out, 'ssl_internal_headers', files['ssl_internal_headers'])
       self.PrintVariableSection(out, 'ssl_sources', files['ssl'])
@@ -436,8 +437,13 @@
 
   return cmakefiles
 
+def OnlyFIPSFragments(path, dent, is_dir):
+  return is_dir or path.startswith(os.path.join('src', 'crypto', 'fipsmodule', ''))
 
-def NoTests(dent, is_dir):
+def NoTestsNorFIPSFragments(path, dent, is_dir):
+  return NoTests(path, dent, is_dir) and (is_dir or not OnlyFIPSFragments(path, dent, is_dir))
+
+def NoTests(path, dent, is_dir):
   """Filter function that can be passed to FindCFiles in order to remove test
   sources."""
   if is_dir:
@@ -445,7 +451,7 @@
   return 'test.' not in dent and not dent.startswith('example_')
 
 
-def OnlyTests(dent, is_dir):
+def OnlyTests(path, dent, is_dir):
   """Filter function that can be passed to FindCFiles in order to remove
   non-test sources."""
   if is_dir:
@@ -453,13 +459,13 @@
   return '_test.' in dent or dent.startswith('example_')
 
 
-def AllFiles(dent, is_dir):
+def AllFiles(path, dent, is_dir):
   """Filter function that can be passed to FindCFiles in order to include all
   sources."""
   return True
 
 
-def NoTestRunnerFiles(dent, is_dir):
+def NoTestRunnerFiles(path, dent, is_dir):
   """Filter function that can be passed to FindCFiles or FindHeaderFiles in
   order to exclude test runner files."""
   # NOTE(martinkr): This prevents .h/.cc files in src/ssl/test/runner, which
@@ -467,11 +473,11 @@
   return not is_dir or dent != 'runner'
 
 
-def NotGTestMain(dent, is_dir):
+def NotGTestMain(path, dent, is_dir):
   return dent != 'gtest_main.cc'
 
 
-def SSLHeaderFiles(dent, is_dir):
+def SSLHeaderFiles(path, dent, is_dir):
   return dent in ['ssl.h', 'tls1.h', 'ssl23.h', 'ssl3.h', 'dtls1.h']
 
 
@@ -484,12 +490,12 @@
     for filename in filenames:
       if not filename.endswith('.c') and not filename.endswith('.cc'):
         continue
-      if not filter_func(filename, False):
+      if not filter_func(path, filename, False):
         continue
       cfiles.append(os.path.join(path, filename))
 
     for (i, dirname) in enumerate(dirnames):
-      if not filter_func(dirname, True):
+      if not filter_func(path, dirname, True):
         del dirnames[i]
 
   return cfiles
@@ -503,12 +509,12 @@
     for filename in filenames:
       if not filename.endswith('.h'):
         continue
-      if not filter_func(filename, False):
+      if not filter_func(path, filename, False):
         continue
       hfiles.append(os.path.join(path, filename))
 
       for (i, dirname) in enumerate(dirnames):
-        if not filter_func(dirname, True):
+        if not filter_func(path, dirname, True):
           del dirnames[i]
 
   return hfiles
@@ -617,7 +623,8 @@
 
 
 def main(platforms):
-  crypto_c_files = FindCFiles(os.path.join('src', 'crypto'), NoTests)
+  crypto_c_files = FindCFiles(os.path.join('src', 'crypto'), NoTestsNorFIPSFragments)
+  fips_fragments = FindCFiles(os.path.join('src', 'crypto', 'fipsmodule'), OnlyFIPSFragments)
   ssl_source_files = FindCFiles(os.path.join('src', 'ssl'), NoTests)
   tool_c_files = FindCFiles(os.path.join('src', 'tool'), NoTests)
   tool_h_files = FindHeaderFiles(os.path.join('src', 'tool'), AllFiles)
@@ -641,7 +648,9 @@
   for path in FindCFiles(os.path.join('src', 'crypto'), OnlyTests):
     if IsGTest(path):
       crypto_test_files.append(path)
-    else:
+      # bcm_hashunset_test.c is only used in the FIPS build process.
+    elif path != os.path.join('src', 'crypto', 'fipsmodule',
+                              'bcm_hashunset_test.c'):
       test_c_files.append(path)
 
   ssl_test_files = FindCFiles(os.path.join('src', 'ssl'), OnlyTests)
@@ -654,8 +663,8 @@
           os.path.join('src', 'include', 'openssl'),
           SSLHeaderFiles))
 
-  def NotSSLHeaderFiles(filename, is_dir):
-    return not SSLHeaderFiles(filename, is_dir)
+  def NotSSLHeaderFiles(path, filename, is_dir):
+    return not SSLHeaderFiles(path, filename, is_dir)
   crypto_h_files = (
       FindHeaderFiles(
           os.path.join('src', 'include', 'openssl'),
@@ -677,6 +686,7 @@
           'src/',
           '')
       for test in test_c_files])
+
   if test_binaries != test_sources:
     print 'Test sources and configured tests do not match'
     a = test_binaries.difference(test_sources)
@@ -691,6 +701,7 @@
       'crypto_headers': crypto_h_files,
       'crypto_internal_headers': crypto_internal_h_files,
       'crypto_test': sorted(crypto_test_files),
+      'fips_fragments': fips_fragments,
       'fuzz': fuzz_c_files,
       'ssl': ssl_source_files,
       'ssl_c': [s for s in ssl_source_files if s.endswith('.c')],