TAR= tar
TARFLAGS= --no-recursion
MAKEDEPPROG=makedepend
+LIBDIR=lib
# We let the C compiler driver to take care of .s files. This is done in
# order to be excused from maintaining a separate set of architecture
# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
# gcc, then the driver will automatically translate it to -xarch=v8plus
# and pass it down to assembler.
-AS=$(CC) -c
+#AS=$(CC) -c
ASFLAG=$(CFLAG)
# For x86 assembler: Set PROCESSOR to 386 if you want to support
RMD160_ASM_OBJ=
WP_ASM_OBJ=
CMLL_ENC=
+MODES_ASM_OBJ=
PERLASM_SCHEME=
# KRB5 stuff
ZLIB_INCLUDE=
LIBZLIB=
-DIRS= crypto ssl engines apps test tools
+# This is the location of fipscanister.o and friends.
+# The FIPS module build will place it $(INSTALLTOP)/lib
+# but since $(INSTALLTOP) can only take the default value
+# when the module is built it will be in /usr/local/ssl/lib
+# $(INSTALLTOP) for this build may be different so hard
+# code the path.
+
+FIPSLIBDIR=/usr/local/ssl/$(LIBDIR)/
+
+# This is set to "y" if fipscanister.o is compiled internally as
+# opposed to coming from an external validated location.
+
+FIPSCANISTERINTERNAL=n
+
+# The location of the library which contains fipscanister.o
+# normally it will be libcrypto unless fipsdso is set in which
+# case it will be libfips. If not compiling in FIPS mode at all
+# this is empty making it a useful test for a FIPS compile.
+
+FIPSCANLIB=
+
+# Shared library base address. Currently only used on Windows.
+#
+
+BASEADDR=
+
+DIRS= crypto fips ssl engines apps test tools
+ENGDIRS= ccgost
SHLIBDIRS= crypto ssl
# dirs in crypto to build
bn ec rsa dsa ecdsa dh ecdh dso engine \
buffer bio stack lhash rand err \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
- cms pqueue ts jpake
+ cms pqueue ts jpake srp store cmac
# keep in mind that the above list is adjusted by ./Configure
# according to no-xxx arguments...
BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
CC='$(CC)' CFLAG='$(CFLAG)' \
- AS='$(CC)' ASFLAG='$(CFLAG) -c' \
+ ASFLAG='$(CFLAG) -c' \
AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \
- CROSS_COMPILE_PREFIX='$(CROSS_COMPILE_PREFIX)' \
- PERL='$(PERL)' \
- SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/lib' \
+ CROSS_COMPILE='$(CROSS_COMPILE)' \
+ PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \
+ SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \
INSTALL_PREFIX='$(INSTALL_PREFIX)' \
INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)' \
+ LIBDIR='$(LIBDIR)' \
MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \
MAKEDEPPROG='$(MAKEDEPPROG)' \
SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \
KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \
+ ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \
EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \
SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \
PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)' \
MD5_ASM_OBJ='$(MD5_ASM_OBJ)' \
RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)' \
WP_ASM_OBJ='$(WP_ASM_OBJ)' \
+ MODES_ASM_OBJ='$(MODES_ASM_OBJ)' \
PERLASM_SCHEME='$(PERLASM_SCHEME)' \
+ FIPSLIBDIR='${FIPSLIBDIR}' \
+ FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
+ FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \
+ FIPS_EX_OBJ='${FIPS_EX_OBJ}' \
THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
# which in turn eliminates ambiguities in variable treatment with -e.
reflect:
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
+FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
+ ../crypto/aes/aes_ecb.o \
+ ../crypto/aes/aes_ofb.o \
+ ../crypto/bn/bn_add.o \
+ ../crypto/bn/bn_blind.o \
+ ../crypto/bn/bn_ctx.o \
+ ../crypto/bn/bn_div.o \
+ ../crypto/bn/bn_exp2.o \
+ ../crypto/bn/bn_exp.o \
+ ../crypto/bn/bn_gcd.o \
+ ../crypto/bn/bn_gf2m.o \
+ ../crypto/bn/bn_lib.o \
+ ../crypto/bn/bn_mod.o \
+ ../crypto/bn/bn_mont.o \
+ ../crypto/bn/bn_mul.o \
+ ../crypto/bn/bn_nist.o \
+ ../crypto/bn/bn_prime.o \
+ ../crypto/bn/bn_rand.o \
+ ../crypto/bn/bn_recp.o \
+ ../crypto/bn/bn_shift.o \
+ ../crypto/bn/bn_sqr.o \
+ ../crypto/bn/bn_word.o \
+ ../crypto/bn/bn_x931p.o \
+ ../crypto/buffer/buf_str.o \
+ ../crypto/cmac/cmac.o \
+ ../crypto/cryptlib.o \
+ ../crypto/des/cfb64ede.o \
+ ../crypto/des/cfb64enc.o \
+ ../crypto/des/cfb_enc.o \
+ ../crypto/des/ecb3_enc.o \
+ ../crypto/des/ofb64ede.o \
+ ../crypto/des/fcrypt.o \
+ ../crypto/des/set_key.o \
+ ../crypto/dh/dh_check.o \
+ ../crypto/dh/dh_gen.o \
+ ../crypto/dh/dh_key.o \
+ ../crypto/dsa/dsa_gen.o \
+ ../crypto/dsa/dsa_key.o \
+ ../crypto/dsa/dsa_ossl.o \
+ ../crypto/ec/ec_curve.o \
+ ../crypto/ec/ec_cvt.o \
+ ../crypto/ec/ec_key.o \
+ ../crypto/ec/ec_lib.o \
+ ../crypto/ec/ecp_mont.o \
+ ../crypto/ec/ec_mult.o \
+ ../crypto/ec/ecp_nist.o \
+ ../crypto/ec/ecp_smpl.o \
+ ../crypto/ec/ec2_mult.o \
+ ../crypto/ec/ec2_smpl.o \
+ ../crypto/ecdh/ech_key.o \
+ ../crypto/ecdh/ech_ossl.o \
+ ../crypto/ecdsa/ecs_ossl.o \
+ ../crypto/evp/e_aes.o \
+ ../crypto/evp/e_des3.o \
+ ../crypto/evp/m_sha1.o \
+ ../crypto/hmac/hmac.o \
+ ../crypto/modes/cbc128.o \
+ ../crypto/modes/ccm128.o \
+ ../crypto/modes/cfb128.o \
+ ../crypto/modes/ctr128.o \
+ ../crypto/modes/gcm128.o \
+ ../crypto/modes/ofb128.o \
+ ../crypto/modes/xts128.o \
+ ../crypto/rsa/rsa_eay.o \
+ ../crypto/rsa/rsa_gen.o \
+ ../crypto/rsa/rsa_crpt.o \
+ ../crypto/rsa/rsa_none.o \
+ ../crypto/rsa/rsa_oaep.o \
+ ../crypto/rsa/rsa_pk1.o \
+ ../crypto/rsa/rsa_pss.o \
+ ../crypto/rsa/rsa_ssl.o \
+ ../crypto/rsa/rsa_x931.o \
+ ../crypto/rsa/rsa_x931g.o \
+ ../crypto/sha/sha1dgst.o \
+ ../crypto/sha/sha256.o \
+ ../crypto/sha/sha512.o \
+ ../crypto/thr_id.o \
+ ../crypto/uid.o
+
sub_all: build_all
build_all: build_libs build_apps build_tests build_tools
-build_libs: build_crypto build_ssl build_engines
+build_libs: build_crypto build_fips build_ssl build_engines
+
+build_fips:
+ @dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD)
build_crypto:
- @dir=crypto; target=all; $(BUILD_ONE_CMD)
+ if [ -n "$(FIPSCANLIB)" ]; then \
+ EXCL_OBJ='$(AES_ENC) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(MODES_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \
+ ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \
+ else \
+ ARX='${AR}' ; \
+ fi ; export ARX ; \
+ if [ $(FIPSCANISTERINTERNAL) = "y" ]; then \
+ AS='$(PERL) $${TOP}/util/fipsas.pl $${TOP} $${<} $(CC) -c' ; \
+ else \
+ AS='$(CC) -c' ; \
+ fi ; export AS ; \
+ dir=crypto; target=all; $(BUILD_ONE_CMD)
build_ssl:
@dir=ssl; target=all; $(BUILD_ONE_CMD)
build_engines:
build_testapps:
@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
-libcrypto$(SHLIB_EXT): libcrypto.a
+libcrypto$(SHLIB_EXT): libcrypto.a build_fips
@if [ "$(SHLIB_TARGET)" != "" ]; then \
- $(MAKE) SHLIBDIRS=crypto build-shared; \
+ if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
+ FIPSLD_CC="$(CC)"; CC=fips/fipsld; \
+ export CC FIPSLD_CC; \
+ fi; \
+ $(MAKE) -e SHLIBDIRS=crypto build-shared; \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
do_$(SHLIB_TARGET):
@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
- if [ "$(SHLIBDIRS)" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
libcrypto.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/lib'; \
+ echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL-libcrypto'; \
libssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/lib'; \
+ echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL'; \
openssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/lib'; \
+ echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL'; \
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
@set -e; target=links; $(RECURSIVE_BUILD_CMD)
+ @if [ -z "$(FIPSCANLIB)" ]; then \
+ set -e; target=links; dir=fips ; $(BUILD_CMD) ; \
+ fi
gentests:
@(cd test && echo "generating dummy tests (if needed)..." && \
rehash: rehash.time
rehash.time: certs apps
- @if [ -z "$(CROSS_COMPILE_PREFIX)" ]; then \
+ @if [ -z "$(CROSS_COMPILE)" ]; then \
(OPENSSL="`pwd`/util/opensslwrap.sh"; \
[ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
OPENSSL_DEBUG_MEMORY=on; \
tests: rehash
@(cd test && echo "testing..." && \
- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on tests );
- util/opensslwrap.sh version -a
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
+ OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
report:
@$(PERL) util/selftest.pl
errors:
$(PERL) util/mkerr.pl -recurse -write
(cd engines; $(MAKE) PERL=$(PERL) errors)
- $(PERL) util/ck_errf.pl */*.c */*/*.c
+ $(PERL) util/ck_errf.pl -strict */*.c */*/*.c
stacks:
$(PERL) util/mkstack.pl -write
crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num
- $(PERL) crypto/objects/objxref.pl > crypto/objects/obj_xref.h
+ $(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h
apps/openssl-vms.cnf: apps/openssl.cnf
$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
install_sw:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
- $(INSTALL_PREFIX)$(INSTALLTOP)/lib \
- $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \
- $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
do \
if [ -f "$$i" ]; then \
( echo installing $$i; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
fi; \
done;
@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
if [ -f "$$i" -o -f "$$i.a" ]; then \
( echo installing $$i; \
if [ "$(PLATFORM)" != "Cygwin" ]; then \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
else \
c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
fi ); \
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
( case $$i in \
fi; \
done; \
( here="`pwd`"; \
- cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+ cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
$(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
if [ "$(INSTALLTOP)" != "/usr" ]; then \
echo 'OpenSSL shared libraries have been installed in:'; \
sed -e '1,/^$$/d' doc/openssl-shared.txt; \
fi; \
fi
- cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libcrypto.pc
- cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libssl.pc
- cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
+ cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
+ cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
+ cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
install_html_docs:
here="`pwd`"; \
grep -v $$filecase "^$$fn\$$" | \
(cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
while read n; do \
- $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \
+ PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \
done); \
done; \
done
$(INSTALL_PREFIX)$(MANDIR)/man3 \
$(INSTALL_PREFIX)$(MANDIR)/man5 \
$(INSTALL_PREFIX)$(MANDIR)/man7
- @pod2man="`cd util; ./pod2mantest $(PERL)`"; \
+ @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
here="`pwd`"; \
filecase=; \
if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
(grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
- $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+ PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done; \
set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
(grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
- $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+ PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done