]>
Commit | Line | Data |
---|---|---|
5d3bfb90 DSH |
1 | # |
2 | # OpenSSL/crypto/Makefile | |
3 | # | |
4 | ||
5 | DIR= fips | |
6 | TOP= .. | |
7 | CC= cc | |
8 | INCLUDE= -I. -I$(TOP) -I../include | |
9 | # INCLUDES targets sudbirs! | |
10 | INCLUDES= -I.. -I../.. -I../../include | |
11 | CFLAG= -g | |
12 | MAKEDEPPROG= makedepend | |
13 | MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) | |
14 | MAKEFILE= Makefile | |
15 | RM= rm -f | |
16 | AR= ar r | |
17 | ARD= ar d | |
18 | TEST= fips_test_suite.c | |
19 | FIPS_TVDIR= testvectors | |
20 | FIPS_TVOK= $$HOME/fips/tv.ok | |
21 | ||
22 | FIPSCANLOC= $(FIPSLIBDIR)fipscanister.o | |
23 | ||
24 | RECURSIVE_MAKE= [ -n "$(FDIRS)" ] && for i in $(FDIRS) ; do \ | |
25 | (cd $$i && echo "making $$target in $(DIR)/$$i..." && \ | |
26 | $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='${INCLUDES}' $$target ) || exit 1; \ | |
27 | done; | |
28 | ||
29 | PEX_LIBS= | |
30 | EX_LIBS= | |
31 | ||
32 | CFLAGS= $(INCLUDE) $(CFLAG) -DHMAC_EXT=\"$${HMAC_EXT:-sha1}\" | |
33 | ASFLAGS= $(INCLUDE) $(ASFLAG) | |
34 | AFLAGS=$(ASFLAGS) | |
35 | ||
36 | LIBS= | |
37 | ||
fe26d066 | 38 | FDIRS=sha rand des aes dsa ecdsa rsa dh hmac utl |
5d3bfb90 DSH |
39 | |
40 | GENERAL=Makefile README fips-lib.com install.com | |
41 | ||
42 | LIB= $(TOP)/libcrypto.a | |
43 | SHARED_LIB= $(FIPSCANLIB)$(SHLIB_EXT) | |
44 | LIBSRC=fips.c | |
45 | LIBOBJ=fips.o | |
46 | ||
47 | FIPS_OBJ_LISTS=sha/lib hmac/lib rand/lib des/lib aes/lib dsa/lib rsa/lib \ | |
fe26d066 | 48 | dh/lib utl/lib ecdsa/lib |
5d3bfb90 DSH |
49 | |
50 | SRC= $(LIBSRC) | |
51 | ||
fe26d066 | 52 | EXHEADER=fips.h fipshacks.h |
5d3bfb90 DSH |
53 | HEADER=$(EXHEADER) fips_utl.h fips_locl.h |
54 | EXE=fipsld | |
55 | ||
56 | ALL= $(GENERAL) $(SRC) $(HEADER) | |
57 | ||
58 | top: | |
59 | @(cd ..; $(MAKE) DIRS=$(DIR) all) | |
60 | ||
61 | testapps: | |
62 | @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi | |
63 | ||
64 | all: | |
30b56225 DSH |
65 | @if [ -n "$(FIPSCANISTERONLY)" ]; then \ |
66 | $(MAKE) -e subdirs lib ; \ | |
67 | elif [ -z "$(FIPSLIBDIR)" ]; then \ | |
5d3bfb90 DSH |
68 | $(MAKE) -e subdirs lib fips_premain_dso$(EXE_EXT); \ |
69 | else \ | |
70 | $(MAKE) -e lib fips_premain_dso$(EXE_EXT) fips_standalone_sha1$(EXE_EXT); \ | |
71 | fi | |
72 | ||
73 | # Idea behind fipscanister.o is to "seize" the sequestered code between | |
74 | # known symbols for fingerprinting purposes, which would be commonly | |
75 | # done with ld -r start.o ... end.o. The latter however presents a minor | |
76 | # challenge on multi-ABI platforms. As just implied, we'd rather use ld, | |
77 | # but the trouble is that we don't generally know how ABI-selection | |
78 | # compiler flag is translated to corresponding linker flag. All compiler | |
79 | # drivers seem to recognize -r flag and pass it down to linker, but some | |
80 | # of them, including gcc, erroneously add -lc, as well as run-time | |
81 | # components, such as crt1.o and alike. Fortunately among those vendor | |
82 | # compilers which were observed to misinterpret -r flag multi-ABI ones | |
83 | # are equipped with smart linkers, which don't require any ABI-selection | |
84 | # flag and simply assume that all objects are of the same type as first | |
85 | # one in command line. So the idea is to identify gcc and deficient | |
86 | # vendor compiler drivers... | |
87 | ||
88 | fipscanister.o: fips_start.o $(LIBOBJ) $(FIPS_OBJ_LISTS) fips_end.o | |
89 | FIPS_ASM=""; \ | |
90 | list="$(BN_ASM)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/bn/$$i" ; done; \ | |
91 | list="$(AES_ENC)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/aes/$$i" ; done; \ | |
92 | list="$(DES_ENC)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/des/$$i" ; done; \ | |
93 | list="$(SHA1_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/sha/$$i" ; done; \ | |
f4001a0d | 94 | list="$(MODES_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/modes/$$i" ; done; \ |
5d3bfb90 DSH |
95 | if [ -n "$(CPUID_OBJ)" ]; then \ |
96 | CPUID=../crypto/$(CPUID_OBJ) ; \ | |
97 | else \ | |
98 | CPUID="" ; \ | |
99 | fi ; \ | |
100 | objs="fips_start.o $(LIBOBJ) $(FIPS_EX_OBJ) $$CPUID $$FIPS_ASM"; \ | |
101 | for i in $(FIPS_OBJ_LISTS); do \ | |
102 | dir=`dirname $$i`; script="s|^|$$dir/|;s| | $$dir/|g"; \ | |
103 | objs="$$objs `sed "$$script" $$i`"; \ | |
104 | done; \ | |
105 | objs="$$objs fips_end.o" ; \ | |
106 | os="`(uname -s) 2>/dev/null`"; cflags="$(CFLAGS)"; \ | |
107 | [ "$$os" = "AIX" ] && cflags="$$cflags -Wl,-bnoobjreorder"; \ | |
108 | if [ -n "${FIPS_SITE_LD}" ]; then \ | |
109 | set -x; ${FIPS_SITE_LD} -r -o $@ $$objs; \ | |
110 | elif $(CC) -dumpversion >/dev/null 2>&1; then \ | |
111 | set -x; $(CC) $$cflags -r -nostdlib -o $@ $$objs ; \ | |
112 | echo OBJS $$objs >/tmp/objs.txt ; \ | |
113 | else case "$$os" in \ | |
114 | HP-UX|OSF1|SunOS) set -x; /usr/ccs/bin/ld -r -o $@ $$objs ;; \ | |
115 | *) set -x; $(CC) $$cflags -r -o $@ $$objs ;; \ | |
116 | esac fi | |
117 | ./fips_standalone_sha1$(EXE_EXT) fipscanister.o > fipscanister.o.sha1 | |
118 | ||
119 | # If another exception is immediately required, assign approprite | |
120 | # site-specific ld command to FIPS_SITE_LD environment variable. | |
121 | ||
122 | fips_start.o: fips_canister.c | |
123 | $(CC) $(CFLAGS) -DFIPS_START -c -o $@ fips_canister.c | |
124 | fips_end.o: fips_canister.c | |
125 | $(CC) $(CFLAGS) -DFIPS_END -c -o $@ fips_canister.c | |
126 | fips_premain_dso$(EXE_EXT): fips_premain.c | |
127 | $(CC) $(CFLAGS) -DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ fips_premain.c \ | |
128 | $(FIPSLIBDIR)fipscanister.o ../libcrypto.a $(EX_LIBS) | |
129 | # this is executed only when linking with external fipscanister.o | |
130 | fips_standalone_sha1$(EXE_EXT): sha/fips_standalone_sha1.c | |
131 | if [ -z "$(HOSTCC)" ] ; then \ | |
132 | $(CC) $(CFLAGS) -DFIPSCANISTER_O -o $@ sha/fips_standalone_sha1.c $(FIPSLIBDIR)fipscanister.o $(EX_LIBS) ; \ | |
133 | else \ | |
134 | $(HOSTCC) $(HOSTCFLAGS) -o $ $@ -I../include -I../crypto sha/fips_standalone_sha1.c ../crypto/sha/sha1dgst.c ; \ | |
135 | fi | |
136 | ||
137 | subdirs: | |
138 | @target=all; $(RECURSIVE_MAKE) | |
139 | ||
140 | files: | |
141 | $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO | |
142 | @target=files; $(RECURSIVE_MAKE) | |
143 | ||
144 | links: | |
145 | @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) | |
146 | @$(PERL) $(TOP)/util/mklink.pl ../test $(TEST) | |
147 | @target=links; $(RECURSIVE_MAKE) | |
148 | ||
149 | # lib: and $(LIB): are splitted to avoid end-less loop | |
150 | lib: $(LIB) | |
151 | if [ "$(FIPSCANISTERINTERNAL)" = "n" -a -n "$(FIPSCANLOC)" ]; then $(AR) ../$(FIPSCANLIB).a $(FIPSCANLOC); fi | |
152 | @touch lib | |
153 | ||
154 | $(LIB): $(FIPSLIBDIR)fipscanister.o | |
155 | $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o | |
156 | $(RANLIB) $(LIB) || echo Never mind. | |
157 | ||
158 | $(FIPSCANLIB): $(FIPSCANLOC) | |
159 | $(AR) ../$(FIPSCANLIB).a $(FIPSCANLOC) | |
160 | if [ "$(FIPSCANLIB)" = "libfips" ]; then \ | |
161 | $(AR) $(LIB) $(FIPSCANLOC) ; \ | |
162 | $(RANLIB) $(LIB) || echo Never Mind. ; \ | |
163 | fi | |
164 | $(RANLIB) ../$(FIPSCANLIB).a || echo Never mind. | |
165 | @touch lib | |
166 | ||
167 | shared: lib subdirs fips_premain_dso$(EXE_EXT) | |
168 | ||
169 | libs: | |
170 | @target=lib; $(RECURSIVE_MAKE) | |
171 | ||
172 | fips_test: top | |
173 | @target=fips_test; $(RECURSIVE_MAKE) | |
174 | ||
175 | fips_test_diff: | |
176 | @if diff -b -B -I '^\#' -cr -X fips-nodiff.txt $(FIPS_TVDIR) $(FIPS_TVOK) ; then \ | |
177 | echo "FIPS diff OK" ; \ | |
178 | else \ | |
179 | echo "***FIPS DIFF ERROR***" ; exit 1 ; \ | |
180 | fi | |
181 | ||
182 | ||
183 | install: | |
184 | @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... | |
185 | @headerlist="$(EXHEADER)"; for i in $$headerlist ;\ | |
186 | do \ | |
187 | (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ | |
188 | chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ | |
189 | done; | |
190 | @target=install; $(RECURSIVE_MAKE) | |
191 | for i in $(EXE) ; \ | |
192 | do \ | |
193 | echo "installing $$i"; \ | |
194 | cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ | |
195 | chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ | |
196 | mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \ | |
197 | done | |
198 | cp -p -f $(FIPSLIBDIR)fipscanister.o $(FIPSLIBDIR)fipscanister.o.sha1 \ | |
199 | $(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fips_premain.c.sha1 \ | |
200 | $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/; \ | |
201 | chmod 0444 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/fips* | |
202 | ||
203 | lint: | |
204 | @target=lint; $(RECURSIVE_MAKE) | |
205 | ||
206 | depend: | |
207 | @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC) | |
208 | @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) ) | |
209 | @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi | |
210 | ||
211 | clean: | |
212 | rm -f fipscanister.o.sha1 fips_premain_dso$(EXE_EXT) fips_standalone_sha1$(EXE_EXT) \ | |
213 | *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff | |
214 | @target=clean; $(RECURSIVE_MAKE) | |
215 | ||
216 | dclean: | |
217 | $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new | |
218 | mv -f Makefile.new $(MAKEFILE) | |
219 | @target=dclean; $(RECURSIVE_MAKE) | |
220 | ||
221 | # DO NOT DELETE THIS LINE -- make depend depends on it. | |
222 | ||
223 | fips.o: ../include/openssl/asn1.h ../include/openssl/bio.h | |
224 | fips.o: ../include/openssl/crypto.h ../include/openssl/des.h | |
225 | fips.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h | |
226 | fips.o: ../include/openssl/err.h ../include/openssl/evp.h | |
227 | fips.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h | |
228 | fips.o: ../include/openssl/hmac.h ../include/openssl/lhash.h | |
229 | fips.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h | |
230 | fips.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h | |
231 | fips.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h | |
232 | fips.o: ../include/openssl/rsa.h ../include/openssl/safestack.h | |
233 | fips.o: ../include/openssl/stack.h ../include/openssl/symhacks.h | |
234 | fips.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h fips.c | |
235 | fips.o: fips_locl.h |