Makefile   [plain text]

#
# OpenSSL/fips-1.0/Makefile
#

DIR=		fips-1.0
TOP=		..
CC=		cc
INCLUDE=	-I. -I$(TOP) -I../include
INCLUDES=	-I.. -I../.. -I../../include
CFLAG=		-g
INSTALL_PREFIX=
OPENSSLDIR=     /usr/local/ssl
INSTALLTOP=	/usr/local/ssl
MAKEFILE=       Makefile
MAKEDEPPROG=	makedepend
MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
PERL=		perl
RM=             rm -f
AR=		ar r

PEX_LIBS=
EX_LIBS=

CFLAGS= $(INCLUDE) $(CFLAG) -DHMAC_EXT=\"$${HMAC_EXT:-sha1}\"


LIBS=

FDIRS=sha rand des aes dsa rsa dh hmac

GENERAL=Makefile README fips-lib.com install.com

LIB= $(TOP)/libcrypto.a
SHARED_LIB= libcrypto$(SHLIB_EXT)
LIBSRC=fips.c fips_err_wrapper.c fipshashes.c
LIBOBJ=fips.o fips_err_wrapper.o fipshashes.o

FIPS_OBJ_LISTS=sha/lib hmac/lib rand/lib des/lib aes/lib dsa/lib rsa/lib dh/lib

SRC= $(LIBSRC)

EXHEADER=fips.h
HEADER=$(EXHEADER) fips_err.h
EXE=fipsld
TEST=fips_test_suite.c

ALL=    $(GENERAL) $(SRC) $(HEADER)

top:
	@(cd ..; $(MAKE) DIRS=$(DIR) all)

all:
	@if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
		$(MAKE) -e subdirs check lib shared; \
	fi

check:
#	$(PERL) ../util/checkhash.pl || (rm fipscanister.o* 2>/dev/null; exit 1)
	echo FIPS module not built: no check done

# Idea behind fipscanister.o is to "seize" the sequestered code between
# known symbols for fingerprinting purposes, which would be commonly
# done with ld -r start.o ... end.o. The latter however presents a minor
# challenge on multi-ABI platforms. As just implied, we'd rather use ld,
# but the trouble is that we don't generally know how ABI-selection
# compiler flag is translated to corresponding linker flag. All compiler
# drivers seem to recognize -r flag and pass it down to linker, but some
# of them, including gcc, erroneously add -lc, as well as run-time
# components, such as crt1.o and alike. Fortunately among those vendor
# compilers which were observed to misinterpret -r flag multi-ABI ones
# are equipped with smart linkers, which don't require any ABI-selection
# flag and simply assume that all objects are of the same type as first
# one in command line. So the idea is to identify gcc and deficient
# vendor compiler drivers...

fipscanister.o: fips_start.o $(LIBOBJ) $(FIPS_OBJ_LISTS) fips_end.o
	@objs="fips_start.o $(LIBOBJ)"; \
	for i in $(FIPS_OBJ_LISTS); do \
		dir=`dirname $$i`; script="s|^|$$dir/|;s| | $$dir/|g"; \
		objs="$$objs `sed "$$script" $$i`"; \
	done; \
	objs="$$objs fips_end.o" ; \
	if [ -n "${FIPS_SITE_LD}" ]; then \
		set -x; ${FIPS_SITE_LD} -r -o $@ $$objs; \
	elif $(CC) -dumpversion >/dev/null 2>&1; then \
		set -x; $(CC) $(CFLAGS) -r -nostdlib -o $@ $$objs ; \
	else case "`(uname -s) 2>/dev/null`" in \
		HP-UX|OSF1|SunOS) set -x; /usr/ccs/bin/ld -r -o $@ $$objs ;; \
		*) set -x; $(CC) $(CFLAGS) -r -o $@ $$objs ;; \
	esac fi
	sha/fips_standalone_sha1 fipscanister.o > fipscanister.o.sha1

# If another exception is immediately required, assign approprite
# site-specific ld command to FIPS_SITE_LD environment variable.

fips_start.o: fips_canister.c
	$(CC) $(CFLAGS) -DFIPS_START -c -o $@ fips_canister.c
fips_end.o: fips_canister.c
	$(CC) $(CFLAGS) -DFIPS_END -c -o $@ fips_canister.c
fips_premain_dso$(EXE_EXT): fips_premain.c
	$(CC) $(CFLAGS) -DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ fips_premain.c \
		../libcrypto.a $(EX_LIBS)

subdirs:
	@for i in $(FDIRS) ;\
	do \
	(cd $$i && echo "making all in fips/$$i..." && \
	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
	done;

sub_target:
	@for i in $(FDIRS) ;\
	do \
	(cd $$i && echo "making $(TARGET) in fips/$$i..." && \
	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' $(TARGET) ) || exit 1; \
	done;

files:
	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
	@for i in $(FDIRS) ;\
	do \
	(cd $$i && echo "making 'files' in fips/$$i..." && \
	$(MAKE) PERL='${PERL}' files ); \
	done;

links:
	@$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
	@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
	@for i in $(FDIRS); do \
	(cd $$i && echo "making links in fips/$$i..." && \
	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
	done;

lib:	$(FIPSLIBDIR)/fipscanister.o
	$(AR) $(LIB) $(FIPSLIBDIR)/fipscanister.o
	$(RANLIB) $(LIB) || echo Never mind.
	@touch lib

shared:	fips_premain_dso$(EXE_EXT)
	if [ -n "$(SHARED_LIBS)" ]; then \
		(cd ..; $(MAKE) FIPSLD_CC=$(CC) FIPSLD=fips-1.0/fipsld $(SHARED_LIB)); \
	fi

libs:
	@for i in $(FDIRS) ;\
	do \
	(cd $$i && echo "making libs in fips/$$i..." && \
	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
	done;

tests:
	(cd ..; make DIRS=test)

fips_test: top tests
	-cd testvectors && perl -p -i -e 's/COUNT=/COUNT = /' des[23]/req/*.req
	@for i in dsa sha aes des hmac rand rsa; \
	do \
		(cd $$i && echo "making fips_test in fips/$$i..." && $(MAKE) fips_test) \
	done;

install:
	@if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
	@headerlist="$(EXHEADER)"; for i in $$headerlist ;\
	do \
		(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
		chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
	done; \
	@for i in $(FDIRS) ;\
	do \
		(cd $$i && echo "making install in fips/$$i..." && \
		$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}'  INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
	done; \
	@for i in $(EXE) ; \
	do \
		echo "installing $$i"; \
		cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
		chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
		mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
	done \
	@cp -p -f fipscanister.o fipscanister.o.sha1 fips_premain.c \
		$(INSTALL_PREFIX)$(INSTALLTOP)/lib/; \
	strings fipscanister.o | grep "HMAC-SHA1(fips_premain\\.c)" > \
		$(INSTALL_PREFIX)$(INSTALLTOP)/lib/fips_premain.c.sha1; \
	chmod 0444 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/fips* \
	fi #if fips

lint:
	@for i in $(FDIRS) ;\
	do \
	(cd $$i && echo "making lint in fips/$$i..." && \
	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \
	done;

depend:
	if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(SRC)
	if [ ! -s buildinf.h ]; then rm buildinf.h; fi
	@for i in $(FDIRS) ;\
	do \
	(cd $$i && echo "making depend in fips/$$i..." && \
	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ); \
	done;

clean:
	rm -f buildinf.h *.o *.obj fips_premain_dso$(EXE_EXT) lib tags core .pure .nfs* *.old *.bak fluff
	@for i in $(FDIRS) ;\
	do \
	(cd $$i && echo "making clean in fips/$$i..." && \
	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \
	done;

dclean:
	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
	mv -f Makefile.new $(MAKEFILE)
	@for i in $(FDIRS) ;\
	do \
	(cd $$i && echo "making dclean in fips/$$i..." && \
	$(MAKE) PERL='${PERL}' CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
	done;

# DO NOT DELETE THIS LINE -- make depend depends on it.

fips.o: ../include/openssl/aes.h ../include/openssl/asn1.h
fips.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
fips.o: ../include/openssl/bn.h ../include/openssl/cast.h
fips.o: ../include/openssl/crypto.h ../include/openssl/des.h
fips.o: ../include/openssl/des_old.h ../include/openssl/dh.h
fips.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
fips.o: ../include/openssl/err.h ../include/openssl/evp.h
fips.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h
fips.o: ../include/openssl/hmac.h ../include/openssl/idea.h
fips.o: ../include/openssl/lhash.h ../include/openssl/md2.h
fips.o: ../include/openssl/md4.h ../include/openssl/md5.h
fips.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
fips.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
fips.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
fips.o: ../include/openssl/rand.h ../include/openssl/rc2.h
fips.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
fips.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
fips.o: ../include/openssl/safestack.h ../include/openssl/sha.h
fips.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
fips.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h fips.c
fips.o: fips_locl.h
fips_err_wrapper.o: ../include/openssl/opensslconf.h fips_err_wrapper.c