Workaround for some CMS signature formats.
[openssl.git] / fips / Makefile
1 #
2 # OpenSSL/crypto/Makefile
3 #
4
5 DIR=            fips
6 TOP=            ..
7 CC=             cc
8 INCLUDE=        -I. -I$(TOP) -I../include
9 # INCLUDES targets sudbirs!
10 INCLUDES=       -I.. -I../.. -I../../include
11 CFLAG=          -g
12 MAKEDEPPROG=    makedepend
13 MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
14 MAKEFILE=       Makefile
15 RM=             rm -f
16 AR=             ar r
17 ARD=            ar d
18 TEST=           fips_test_suite.c
19 FIPS_TVDIR=     testvectors
20 FIPS_TVOK=      $$HOME/fips/tv.ok
21
22 FIPSCANLOC=     $(FIPSLIBDIR)fipscanister.o
23
24 RECURSIVE_MAKE= [ -n "$(FDIRS)" ] && for i in $(FDIRS) ; do \
25                     (cd $$i && echo "making $$target in $(DIR)/$$i..." && \
26                     $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='${INCLUDES}' $$target ) || exit 1; \
27                 done;
28
29 PEX_LIBS=
30 EX_LIBS=
31  
32 CFLAGS= $(INCLUDE) $(CFLAG) -DHMAC_EXT=\"$${HMAC_EXT:-sha1}\"
33 ASFLAGS= $(INCLUDE) $(ASFLAG)
34 AFLAGS=$(ASFLAGS)
35
36 LIBS=
37
38 FDIRS=sha rand des aes dsa ecdh ecdsa rsa dh cmac hmac utl
39
40 GENERAL=Makefile README fips-lib.com install.com
41
42 LIB= $(TOP)/libcrypto.a
43 SHARED_LIB= $(FIPSCANLIB)$(SHLIB_EXT)
44 LIBSRC=fips.c fips_post.c
45 LIBOBJ=fips.o fips_post.o
46
47 FIPS_OBJ_LISTS=sha/lib hmac/lib rand/lib des/lib aes/lib dsa/lib rsa/lib \
48                 dh/lib utl/lib ecdsa/lib ecdh/lib cmac/lib
49
50 SRC= $(LIBSRC)
51
52 EXHEADER=fips.h fipssyms.h
53 HEADER=$(EXHEADER) fips_utl.h fips_locl.h fips_auth.h
54 EXE=fipsld fips_standalone_sha1
55
56 ALL=    $(GENERAL) $(SRC) $(HEADER)
57
58 top:
59         @(cd ..; $(MAKE) DIRS=$(DIR) all)
60
61 testapps:
62         @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
63
64 all:
65         @if [ -n "$(FIPSCANISTERONLY)" ]; then \
66                 $(MAKE) -e subdirs lib ; \
67         elif [ -z "$(FIPSLIBDIR)" ]; then \
68                 $(MAKE) -e subdirs lib fips_premain_dso$(EXE_EXT); \
69         else  \
70                 $(MAKE) -e lib fips_premain_dso$(EXE_EXT) fips_standalone_sha1$(EXE_EXT); \
71         fi
72
73 # Idea behind fipscanister.o is to "seize" the sequestered code between
74 # known symbols for fingerprinting purposes, which would be commonly
75 # done with ld -r start.o ... end.o. The latter however presents a minor
76 # challenge on multi-ABI platforms. As just implied, we'd rather use ld,
77 # but the trouble is that we don't generally know how ABI-selection
78 # compiler flag is translated to corresponding linker flag. All compiler
79 # drivers seem to recognize -r flag and pass it down to linker, but some
80 # of them, including gcc, erroneously add -lc, as well as run-time
81 # components, such as crt1.o and alike. Fortunately among those vendor
82 # compilers which were observed to misinterpret -r flag multi-ABI ones
83 # are equipped with smart linkers, which don't require any ABI-selection
84 # flag and simply assume that all objects are of the same type as first
85 # one in command line. So the idea is to identify gcc and deficient
86 # vendor compiler drivers...
87
88 fipscanister.o: fips_start.o $(LIBOBJ) $(FIPS_OBJ_LISTS) fips_end.o
89         FIPS_ASM=""; \
90         list="$(BN_ASM)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/bn/$$i" ; done; \
91         list="$(AES_ENC)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/aes/$$i" ; done; \
92         list="$(DES_ENC)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/des/$$i" ; done; \
93         list="$(SHA1_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/sha/$$i" ; done; \
94         list="$(MODES_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/modes/$$i" ; done; \
95         CPUID=""; \
96         list="$(CPUID_OBJ)"; for i in $$list; do CPUID="$$CPUID ../crypto/$$i" ; done; \
97         objs="fips_start.o $(LIBOBJ) $(FIPS_EX_OBJ) $$CPUID $$FIPS_ASM"; \
98         for i in $(FIPS_OBJ_LISTS); do \
99                 dir=`dirname $$i`; script="s|^|$$dir/|;s| | $$dir/|g"; \
100                 objs="$$objs `sed "$$script" $$i`"; \
101         done; \
102         objs="$$objs fips_end.o" ; \
103         os="`(uname -s) 2>/dev/null`"; cflags="$(CFLAGS)"; \
104         case "$$os" in \
105                 AIX)    cflags="$$cflags -Wl,-bnoobjreorder" ;; \
106                 HP-UX)  cflags="$$cflags -Wl,+sectionmerge"  ;; \
107         esac; \
108         if [ -n "${FIPS_SITE_LD}" ]; then \
109                 set -x; ${FIPS_SITE_LD} -r -o $@ $$objs; \
110         elif $(CC) -dumpversion >/dev/null 2>&1; then \
111                 set -x; $(CC) $$cflags -r -nostdlib -o $@ $$objs ; \
112         else case "$$os" in \
113                 OSF1|SunOS) set -x; /usr/ccs/bin/ld -r -o $@ $$objs ;; \
114                 *) set -x; $(CC) $$cflags -r -o $@ $$objs ;; \
115         esac fi
116         ./fips_standalone_sha1$(EXE_EXT) fipscanister.o > fipscanister.o.sha1
117
118 # If another exception is immediately required, assign approprite
119 # site-specific ld command to FIPS_SITE_LD environment variable.
120
121 fips_start.o: fips_canister.c
122         $(CC) $(CFLAGS) -DFIPS_START -c -o $@ fips_canister.c
123 fips_end.o: fips_canister.c
124         $(CC) $(CFLAGS) -DFIPS_END -c -o $@ fips_canister.c
125 fips_premain_dso$(EXE_EXT): fips_premain.c
126         $(CC) $(CFLAGS) -DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ fips_premain.c \
127                 $(FIPSLIBDIR)fipscanister.o ../libcrypto.a $(EX_LIBS)
128 # this is executed only when linking with external fipscanister.o
129 fips_standalone_sha1$(EXE_EXT): sha/fips_standalone_sha1.c
130         if [ -z "$(HOSTCC)" ] ; then \
131                 $(CC) $(CFLAGS) -DFIPSCANISTER_O -o $@ sha/fips_standalone_sha1.c $(FIPSLIBDIR)fipscanister.o $(EX_LIBS) ; \
132         else \
133                 $(HOSTCC) $(HOSTCFLAGS) -o $ $@ -I../include -I../crypto sha/fips_standalone_sha1.c ../crypto/sha/sha1dgst.c ; \
134         fi
135
136 subdirs:
137         @target=all; $(RECURSIVE_MAKE)
138
139 files:
140         $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
141         @target=files; $(RECURSIVE_MAKE)
142
143 links:
144         @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
145         @$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
146         @target=links; $(RECURSIVE_MAKE)
147
148 # lib: and $(LIB): are splitted to avoid end-less loop
149 lib:    $(LIB)
150         if [ "$(FIPSCANISTERINTERNAL)" = "n" -a -n "$(FIPSCANLOC)" ]; then $(AR) ../$(FIPSCANLIB).a $(FIPSCANLOC); fi
151         @touch lib
152
153 $(LIB): $(FIPSLIBDIR)fipscanister.o
154         $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
155         $(RANLIB) $(LIB) || echo Never mind.
156
157 $(FIPSCANLIB):  $(FIPSCANLOC)
158         $(AR) ../$(FIPSCANLIB).a $(FIPSCANLOC)
159         if [ "$(FIPSCANLIB)" = "libfips" ]; then \
160                 $(AR) $(LIB) $(FIPSCANLOC) ; \
161                 $(RANLIB) $(LIB) || echo Never Mind. ; \
162         fi
163         $(RANLIB) ../$(FIPSCANLIB).a || echo Never mind.
164         @touch lib
165
166 shared: lib subdirs fips_premain_dso$(EXE_EXT)
167
168 libs:
169         @target=lib; $(RECURSIVE_MAKE)
170
171 fips_test: top
172         @target=fips_test; $(RECURSIVE_MAKE)
173
174 fips_test_diff:
175         @if diff -b -B -I '^\#' -cr -X fips-nodiff.txt $(FIPS_TVDIR) $(FIPS_TVOK) ; then \
176                 echo "FIPS diff OK" ; \
177         else \
178                 echo "***FIPS DIFF ERROR***" ; exit 1 ; \
179         fi
180
181
182 install:
183         @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
184         @headerlist="$(EXHEADER)"; for i in $$headerlist ;\
185         do \
186         (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
187         chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
188         done;
189         @target=install; $(RECURSIVE_MAKE)
190         for i in $(EXE) ; \
191         do \
192                 echo "installing $$i"; \
193                 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
194                 chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
195                 mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
196         done
197         cp -p -f $(FIPSLIBDIR)fipscanister.o $(FIPSLIBDIR)fipscanister.o.sha1 \
198                 $(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fips_premain.c.sha1 \
199                 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/; \
200         chmod 0444 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/fips*
201
202 lint:
203         @target=lint; $(RECURSIVE_MAKE)
204
205 depend:
206         @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
207         @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
208         @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
209
210 clean:
211         rm -f fipscanister.o.sha1 fips_premain_dso$(EXE_EXT) fips_standalone_sha1$(EXE_EXT) \
212                 *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
213         @target=clean; $(RECURSIVE_MAKE)
214
215 dclean:
216         $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
217         mv -f Makefile.new $(MAKEFILE)
218         @target=dclean; $(RECURSIVE_MAKE)
219
220 # DO NOT DELETE THIS LINE -- make depend depends on it.
221
222 fips.o: ../include/openssl/aes.h ../include/openssl/asn1.h
223 fips.o: ../include/openssl/bio.h ../include/openssl/crypto.h
224 fips.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
225 fips.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
226 fips.o: ../include/openssl/err.h ../include/openssl/evp.h
227 fips.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h
228 fips.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
229 fips.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
230 fips.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
231 fips.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
232 fips.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
233 fips.o: ../include/openssl/stack.h ../include/openssl/symhacks.h fips.c
234 fips.o: fips_locl.h
235 fips_post.o: ../include/openssl/aes.h ../include/openssl/asn1.h
236 fips_post.o: ../include/openssl/bio.h ../include/openssl/crypto.h
237 fips_post.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
238 fips_post.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
239 fips_post.o: ../include/openssl/err.h ../include/openssl/evp.h
240 fips_post.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h
241 fips_post.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
242 fips_post.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
243 fips_post.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
244 fips_post.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
245 fips_post.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
246 fips_post.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
247 fips_post.o: fips_locl.h fips_post.c