EXE_EXT=
ARFLAGS=
AR=ar $(ARFLAGS) r
+ARD=ar $(ARFLAGS) d
RANLIB= ranlib
PERL= perl
TAR= tar
ZLIB_INCLUDE=
LIBZLIB=
-DIRS= crypto ssl engines apps test tools
-SHLIBDIRS= crypto ssl
+# This is the location of fipscanister.o and friends.
+# The FIPS module build will place it $(INSTALLTOP)/lib
+# but since $(INSTALLTOP) can only take the default value
+# when the module is built it will be in /usr/local/ssl/lib
+# $(INSTALLTOP) for this build make be different so hard
+# code the path.
+
+FIPSLIBDIR=/usr/local/ssl/lib/
+
+# This is set to "y" if fipscanister.o is compiled internally as
+# opposed to coming from an external validated location.
+
+FIPSCANISTERINTERNAL=n
+
+# The location of the library which contains fipscanister.o
+# normally it will be libcrypto unless fipsdso is set in which
+# case it will be libfips. If not compiling in FIPS mode at all
+# this is empty making it a useful test for a FIPS compile.
+
+FIPSCANLIB=
+
+# Shared library base address. Currently only used on Windows.
+#
+
+BASEADDR=
+
+DIRS= crypto fips ssl engines apps test tools
+SHLIBDIRS= crypto ssl fips
# dirs in crypto to build
SDIRS= \
objects \
md2 md4 md5 sha mdc2 hmac ripemd \
- des aes rc2 rc4 rc5 idea bf cast \
+ des aes rc2 rc4 rc5 idea bf cast camellia seed \
bn ec rsa dsa ecdsa dh ecdh dso engine \
buffer bio stack lhash rand err \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
LIBS= libcrypto.a libssl.a
SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
SHARED_SSL=libssl$(SHLIB_EXT)
+SHARED_FIPS=
SHARED_LIBS=
SHARED_LIBS_LINK_EXTS=
SHARED_LDFLAGS=
GENERAL= Makefile
BASENAME= openssl
-NAME= $(BASENAME)-$(VERSION)
+NAME= $(BASENAME)-fips-$(VERSION)
TARFILE= $(NAME).tar
WTARFILE= $(NAME)-win.tar
EXHEADER= e_os2.h
SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \
MD5_ASM_OBJ='${MD5_ASM_OBJ}' \
RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \
+ FIPSLIBDIR='${FIPSLIBDIR}' FIPSCANLIB='${FIPSCANLIB}' \
+ FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \
+ FIPS_EX_OBJ='${FIPS_EX_OBJ}' \
THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
# which in turn eliminates ambiguities in variable treatment with -e.
+# BUILD_CMD is a generic macro to build a given target in a given
+# subdirectory. The target must be given through the shell variable
+# `target' and the subdirectory to build in must be given through `dir'.
+# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
+# BUILD_ONE_CMD instead.
+#
+# BUILD_ONE_CMD is a macro to build a given target in a given
+# subdirectory if that subdirectory is part of $(DIRS). It requires
+# exactly the same shell variables as BUILD_CMD.
+#
+# RECURSIVE_BUILD_CMD is a macro to build a given target in all
+# subdirectories defined in $(DIRS). It requires that the target
+# is given through the shell variable `target'.
BUILD_CMD= if [ -d "$$dir" ]; then \
( cd $$dir && echo "making $$target in $$dir..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
) || exit 1; \
fi
RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
+BUILD_ONE_CMD=\
+ if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \
+ $(BUILD_CMD); \
+ fi
reflect:
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
+FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
+ ../crypto/aes/aes_ecb.o \
+ ../crypto/aes/aes_ofb.o \
+ ../crypto/bn/bn_add.o \
+ ../crypto/bn/bn_blind.o \
+ ../crypto/bn/bn_ctx.o \
+ ../crypto/bn/bn_div.o \
+ ../crypto/bn/bn_exp2.o \
+ ../crypto/bn/bn_exp.o \
+ ../crypto/bn/bn_gcd.o \
+ ../crypto/bn/bn_lib.o \
+ ../crypto/bn/bn_mod.o \
+ ../crypto/bn/bn_mont.o \
+ ../crypto/bn/bn_mul.o \
+ ../crypto/bn/bn_prime.o \
+ ../crypto/bn/bn_rand.o \
+ ../crypto/bn/bn_recp.o \
+ ../crypto/bn/bn_shift.o \
+ ../crypto/bn/bn_sqr.o \
+ ../crypto/bn/bn_word.o \
+ ../crypto/bn/bn_x931p.o \
+ ../crypto/buffer/buf_str.o \
+ ../crypto/cryptlib.o \
+ ../crypto/des/cfb64ede.o \
+ ../crypto/des/cfb64enc.o \
+ ../crypto/des/cfb_enc.o \
+ ../crypto/des/ecb3_enc.o \
+ ../crypto/des/ecb_enc.o \
+ ../crypto/des/ofb64ede.o \
+ ../crypto/des/ofb64enc.o \
+ ../crypto/des/fcrypt.o \
+ ../crypto/des/set_key.o \
+ ../crypto/dsa/dsa_utl.o \
+ ../crypto/dsa/dsa_sign.o \
+ ../crypto/dsa/dsa_vrf.o \
+ ../crypto/err/err.o \
+ ../crypto/evp/digest.o \
+ ../crypto/evp/enc_min.o \
+ ../crypto/evp/e_aes.o \
+ ../crypto/evp/e_des3.o \
+ ../crypto/evp/p_sign.o \
+ ../crypto/evp/p_verify.o \
+ ../crypto/mem_clr.o \
+ ../crypto/mem.o \
+ ../crypto/rand/md_rand.o \
+ ../crypto/rand/rand_egd.o \
+ ../crypto/rand/randfile.o \
+ ../crypto/rand/rand_lib.o \
+ ../crypto/rand/rand_os2.o \
+ ../crypto/rand/rand_unix.o \
+ ../crypto/rand/rand_win.o \
+ ../crypto/rsa/rsa_lib.o \
+ ../crypto/rsa/rsa_none.o \
+ ../crypto/rsa/rsa_oaep.o \
+ ../crypto/rsa/rsa_pk1.o \
+ ../crypto/rsa/rsa_pss.o \
+ ../crypto/rsa/rsa_ssl.o \
+ ../crypto/rsa/rsa_x931.o \
+ ../crypto/sha/sha1dgst.o \
+ ../crypto/sha/sha256.o \
+ ../crypto/sha/sha512.o \
+ ../crypto/uid.o
+
sub_all: build_all
build_all: build_libs build_apps build_tests build_tools
-build_libs: build_crypto build_ssl build_engines
+build_libs: build_crypto build_fips build_ssl build_shared build_engines
build_crypto:
- @dir=crypto; target=all; $(RECURSIVE_BUILD_CMD)
+ if [ -n "$(FIPSCANLIB)" ]; then \
+ EXCL_OBJ='$(AES_ASM_OBJ) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \
+ ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \
+ else \
+ ARX='${AR}' ; \
+ fi ; export ARX ; \
+ dir=crypto; target=all; $(BUILD_ONE_CMD)
+build_fips:
+ @dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD)
build_ssl:
- @dir=ssl; target=all; $(RECURSIVE_BUILD_CMD)
+ @dir=ssl; target=all; $(BUILD_ONE_CMD)
build_engines:
- @dir=engines; target=all; $(RECURSIVE_BUILD_CMD)
+ @dir=engines; target=all; $(BUILD_ONE_CMD)
build_apps:
- @dir=apps; target=all; $(RECURSIVE_BUILD_CMD)
+ @dir=apps; target=all; $(BUILD_ONE_CMD)
build_tests:
- @dir=test; target=all; $(RECURSIVE_BUILD_CMD)
+ @dir=test; target=all; $(BUILD_ONE_CMD)
build_tools:
- @dir=tools; target=all; $(RECURSIVE_BUILD_CMD)
+ @dir=tools; target=all; $(BUILD_ONE_CMD)
all_testapps: build_libs build_testapps
build_testapps:
- @dir=crypto; target=testapps; $(RECURSIVE_BUILD_CMD)
+ @dir=crypto; target=testapps; $(BUILD_ONE_CMD)
-libcrypto$(SHLIB_EXT): libcrypto.a
+build_shared: $(SHARED_LIBS)
+libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS)
@if [ "$(SHLIB_TARGET)" != "" ]; then \
- $(MAKE) SHLIBDIRS=crypto build-shared; \
+ if [ "$(FIPSCANLIB)" = "libfips" ]; then \
+ $(ARD) libcrypto.a fipscanister.o ; \
+ $(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \
+ $(AR) libcrypto.a fips/fipscanister.o ; \
+ else \
+ if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
+ FIPSLD_CC=$(CC); CC=fips/fipsld; \
+ export CC FIPSLD_CC; \
+ fi; \
+ $(MAKE) -e SHLIBDIRS='crypto' build-shared; \
+ fi \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
- $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
+ shlibdeps=-lcrypto; \
+ [ "$(FIPSCANLIB)" = "libfips" ] && shlibdeps="$$shlibdeps -lfips"; \
+ $(MAKE) SHLIBDIRS=ssl SHLIBDEPS="$$shlibdeps" build-shared; \
+ else \
+ echo "There's no support for shared libraries on this platform" >&2 ; \
+ exit 1; \
+ fi
+
+fips/fipscanister.o: build_fips
+libfips$(SHLIB_EXT): fips/fipscanister.o
+ @if [ "$(SHLIB_TARGET)" != "" ]; then \
+ FIPSLD_CC=$(CC); CC=fips/fipsld; export CC FIPSLD_CC; \
+ $(MAKE) -f Makefile.shared -e $(BUILDENV) \
+ CC=$${CC} LIBNAME=fips THIS=$@ \
+ LIBEXTRAS=fips/fipscanister.o \
+ LIBDEPS="$(EX_LIBS)" \
+ LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ link_o.$(SHLIB_TARGET) || { rm -f $@; exit 1; } \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
fi
+libfips.a:
+ dir=fips; target=all; $(BUILD_ONE_CMD)
+
clean-shared:
@set -e; for i in $(SHLIBDIRS); do \
if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
tardy --user_number=0 --user_name=openssl \
--group_number=0 --group_name=openssl \
- --prefix=openssl-$(VERSION) - |\
+ --prefix=openssl-fips-$(VERSION) - |\
gzip --best >../$(TARFILE).gz; \
rm -f ../$(TARFILE).list; \
ls -l ../$(TARFILE).gz
dist_pem_h:
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
-install: all install_docs install_sw
+install: all install_sw
install_sw:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
projects / oweals / openssl.git / blobdiff