Cross Reference: /solaris-userland-s11u3/components/openssl/openssl-fips-140/Makefile

363N/A#
363N/A# CDDL HEADER START
363N/A#
363N/A# The contents of this file are subject to the terms of the
363N/A# Common Development and Distribution License (the "License").
363N/A# You may not use this file except in compliance with the License.
363N/A#
363N/A# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
363N/A# or http://www.opensolaris.org/os/licensing.
363N/A# See the License for the specific language governing permissions
363N/A# and limitations under the License.
363N/A#
363N/A# When distributing Covered Code, include this CDDL HEADER in each
363N/A# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
363N/A# If applicable, add the following below this CDDL HEADER, with the
363N/A# fields enclosed by brackets "[]" replaced with your own identifying
363N/A# information: Portions Copyright [yyyy] [name of copyright owner]
363N/A#
363N/A# CDDL HEADER END
363N/A#
7161N/A
7161N/A#
5376N/A# Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
363N/A#
839N/A
364N/Ainclude ../../../make-rules/shared-macros.mk
364N/A
364N/APATH=$(SPRO_VROOT)/bin:/usr/bin:/usr/gnu/bin:/usr/perl5/bin
3442N/Aifeq   ($(strip $(PARFAIT_BUILD)),yes)
3442N/APATH=$(PARFAIT_TOOLS):$(SPRO_VROOT)/bin:/usr/bin:/usr/gnu/bin:/usr/perl5/bin
3442N/Aendif
363N/A
1273N/ACOMPONENT_NAME =    openssl-fips-140
7161N/A# Note: COMPONENT_VERSION is the core OpenSSL version, and IPS_COMPONENT_VERSION
7161N/A# is the FIPS module version. The COMPONENT_VERSION changes with the core
7161N/A# OpenSSL version, but the IPS_COMPONENT_VERSION is purposely only to change if
7161N/A# the FIPS module version changes.
7161N/ACOMPONENT_VERSION = 1.0.2j
7161N/AIPS_COMPONENT_VERSION = 2.0.12
618N/ACOMPONENT_PROJECT_URL=  http://www.openssl.org/
1273N/ACOMPONENT_SRC_NAME =    openssl
1273N/ACOMPONENT_SRC =     $(COMPONENT_SRC_NAME)-$(COMPONENT_VERSION)
363N/ACOMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz
844N/ACOMPONENT_ARCHIVE_HASH= \
7161N/A    sha256:e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431
618N/ACOMPONENT_ARCHIVE_URL = $(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
3182N/ACOMPONENT_BUGDB=    library/openssl
363N/A
7161N/ATPNO=           31866
7161N/A
7161N/A# Clone the patch files to the patches-all dir.
7161N/A# COPY_COMMON_FILES is there so that rsync is called as soon as
7161N/A# the Makefile is parsed.
7161N/APATCH_DIR=patches-all
7161N/ACLEAN_PATHS += $(PATCH_DIR)
7161N/ACOPY_COMMON_FILES:= $(shell rsync -ac ../common/patches/ patches/ $(PATCH_DIR))
3661N/A
3091N/A# OpenSSL FIPS directory
2369N/AOPENSSL_FIPS_DIR = $(COMPONENT_DIR)/../openssl-fips
2369N/A
3996N/Ainclude $(WS_MAKE_RULES)/prep.mk
3996N/Ainclude $(WS_MAKE_RULES)/configure.mk
3996N/Ainclude $(WS_MAKE_RULES)/ips.mk
3996N/Ainclude $(WS_MAKE_RULES)/lint-libraries.mk
363N/A
363N/A# OpenSSL does not use autoconf but its own configure system.
363N/ACONFIGURE_SCRIPT = $(SOURCE_DIR)/Configure
363N/A
363N/A# Used in the configure options below.
363N/APKCS11_LIB32 = /usr/lib/libpkcs11.so.1
363N/APKCS11_LIB64 = /usr/lib/64/libpkcs11.so.1
363N/AENGINESDIR_32 = /lib/openssl/engines
363N/AENGINESDIR_64 = /lib/openssl/engines/64
363N/A
363N/A# Built openssl/openssl-fips component is used when building FIPS-140 libraries.
363N/A# What we do here follows the OpenSSL FIPS-140 User Guide instructions.
363N/AFIPS_BUILD_DIR_32 = $(shell echo $(BUILD_DIR_32) | \
7161N/A    sed -e 's/openssl-fips-140/openssl-fips/g' )
363N/AFIPS_BUILD_DIR_64 = $(shell echo $(BUILD_DIR_64) | \
7161N/A    sed -e 's/openssl-fips-140/openssl-fips/g' )
7161N/A
7161N/A# Ignore default CC_FOR_BUILD, CC, and CXX in CONFIGURE_ENV.
7161N/ACONFIGURE_ENV += CC_FOR_BUILD=
7161N/ACONFIGURE_ENV += CC=
7161N/ACONFIGURE_ENV += CXX=
363N/A
363N/ACONFIGURE_OPTIONS =  -DSOLARIS_OPENSSL -DNO_WINDOWS_BRAINDEATH
363N/ACONFIGURE_OPTIONS += --openssldir=/etc/openssl
363N/ACONFIGURE_OPTIONS += --prefix=/usr
363N/A# We use OpenSSL install code for installing only manual pages and we do that
363N/A# for 32-bit version only.
363N/ACONFIGURE_OPTIONS += --install_prefix=$(PROTO_DIR)
2369N/ACONFIGURE_OPTIONS += no-ec2m
363N/ACONFIGURE_OPTIONS += no-rc3
363N/ACONFIGURE_OPTIONS += no-rc5
363N/ACONFIGURE_OPTIONS += no-mdc2
363N/ACONFIGURE_OPTIONS += no-idea
363N/ACONFIGURE_OPTIONS += no-hw_4758_cca
363N/ACONFIGURE_OPTIONS += no-hw_aep
363N/ACONFIGURE_OPTIONS += no-hw_atalla
363N/ACONFIGURE_OPTIONS += no-hw_chil
363N/ACONFIGURE_OPTIONS += no-hw_gmp
363N/ACONFIGURE_OPTIONS += no-hw_ncipher
363N/ACONFIGURE_OPTIONS += no-hw_nuron
363N/ACONFIGURE_OPTIONS += no-hw_padlock
363N/ACONFIGURE_OPTIONS += no-hw_sureware
363N/ACONFIGURE_OPTIONS += no-hw_ubsec
363N/ACONFIGURE_OPTIONS += no-hw_cswift
363N/ACONFIGURE_OPTIONS += threads
363N/ACONFIGURE_OPTIONS += shared
2369N/ACONFIGURE_OPTIONS += fips --with-fipslibdir="$(FIPS_BUILD_DIR_$(BITS))/fips/"
2369N/ACONFIGURE_OPTIONS += --with-fipsdir="$(BUILD_DIR_$(BITS))"
2369N/A
2369N/A# MD2 is not enabled by default in OpensSSL but some software we have in
2369N/A# Userland needs it. One example is nmap.
2369N/ACONFIGURE_OPTIONS += enable-md2
2369N/ACONFIGURE_OPTIONS += no-seed
363N/A
4412N/A# Disable SSLv2 protocol
6979N/ACONFIGURE_OPTIONS += no-ssl2
4412N/A
363N/A# We define our own compiler and linker option sets for Solaris. See Configure
363N/A# for more information.
363N/ACONFIGURE_OPTIONS32_i386 =  solaris-x86-cc-sunw
7161N/ACONFIGURE_OPTIONS32_sparc = solaris-fips-sparcv9-cc-sunw
363N/ACONFIGURE_OPTIONS64_i386 =  solaris64-x86_64-cc-sunw
7161N/ACONFIGURE_OPTIONS64_sparc = solaris64-fips-sparcv9-cc-sunw
363N/A
363N/A# Some additional options needed for our engines.
363N/ACONFIGURE_OPTIONS += --pk11-libname=$(PKCS11_LIB$(BITS))
363N/ACONFIGURE_OPTIONS += --enginesdir=$(ENGINESDIR_$(BITS))
363N/ACONFIGURE_OPTIONS += $(CONFIGURE_OPTIONS$(BITS)_$(MACH))
363N/A
363N/A# OpenSSL has its own configure system which must be run from the fully
363N/A# populated source code directory. However, the Userland configuration phase is
363N/A# run from the build directory. The easiest way to workaround it is to copy all
363N/A# the source files there.
363N/ACOMPONENT_PRE_CONFIGURE_ACTION = \
363N/A    ( $(CLONEY) $(SOURCE_DIR) $(BUILD_DIR)/$(MACH$(BITS)); )
363N/A
363N/A# We deliver only one opensslconf.h file which must be suitable for both 32 and
363N/A# 64 bits. Depending on the configuration option, OpenSSL's Configure script
363N/A# creates opensslconf.h for either 32 or 64 bits. A patch makes the resulting
363N/A# header file usable on both architectures. The patch was generated against the
363N/A# opensslconf.h version from the 32 bit build.
363N/ACOMPONENT_POST_CONFIGURE_ACTION = \
2369N/A   ( [ $(BITS) -eq 32 ] && $(GPATCH) -p1 $(@D)/crypto/opensslconf.h \
363N/A      patches-post-config/opensslconf.patch; cd $(@D); $(MAKE) depend; )
363N/A
7161N/A# We must make sure that openssl-fips component is built before this openssl-fips-140
363N/A# component since in order to build FIPS-140 certified libraries, the canister
363N/A# is needed. Note that we must unset BITS that would override the same variable
363N/A# used in openssl-fips' Makefile, and we would end up up with both canisters
363N/A# built in 64 (or 32) bits.
363N/A$(COMPONENT_DIR)/../openssl-fips/build/$(MACH32)/.installed \
363N/A$(COMPONENT_DIR)/../openssl-fips/build/$(MACH64)/.installed:
363N/A    ( unset BITS; \
363N/A    $(MAKE) -C $(COMPONENT_DIR)/../openssl-fips install; )
363N/A
365N/A# download, clean, and clobber should all propogate to the fips bits
365N/Adownload clobber clean::
365N/A    (cd ../openssl-fips ; $(GMAKE) $@)
365N/A
363N/A# We do not ship our engines as patches since it would be more difficult to
363N/A# update the files which have been under continuous development. We rather copy
363N/A# the files to the right directories and let OpenSSL makefiles build it.
2369N/A# We also copy some FIPS specific header files needed to build FIPS version
3091N/A# of OpenSSL from FIPS module.
363N/ACOMPONENT_PRE_BUILD_ACTION = \
7161N/A    ( $(LN) -fs $(COMPONENT_DIR)/../common/engines/pkcs11/*     $(@D)/engines; \
2369N/A      $(MKDIR) $(@D)/bin; \
3091N/A      $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-ecp-$(IPS_COMPONENT_VERSION)/fips/fips.h $(@D)/include/openssl; \
3091N/A      $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-ecp-$(IPS_COMPONENT_VERSION)/fips/fipssyms.h $(@D)/include/openssl; \
3091N/A      $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-ecp-$(IPS_COMPONENT_VERSION)/fips/rand/fips_rand.h $(@D)/include/openssl; \
3091N/A      $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-ecp-$(IPS_COMPONENT_VERSION)/fips/fipsld $(@D)/bin/; \
2369N/A      $(LN) -fs $(OPENSSL_FIPS_DIR)/build/$(MACH$(BITS))/fips/fips_standalone_sha1 $(@D)/bin/; \
2369N/A      $(LN) -fs $(COMPONENT_DIR)/build/$(MACH$(BITS))/fips_premain_dso $(@D)/bin/;)
363N/A
363N/A# OpenSSL does not install into <dir>/$(MACH64) for 64-bit install so no such
363N/A# directory is created and Userland install code would fail when installing lint
363N/A# libraries.
363N/ACOMPONENT_PRE_INSTALL_ACTION = ( $(MKDIR) $(PROTO_DIR)/usr/lib/$(MACH64); )
363N/A
363N/A$(SOURCE_DIR)/.prep: $(COMPONENT_DIR)/../openssl-fips/build/$(MACH32)/.installed \
363N/A             $(COMPONENT_DIR)/../openssl-fips/build/$(MACH64)/.installed
363N/A
7161N/Aconfigure:  $(CONFIGURE_32_and_64)
7161N/A
363N/Abuild:          $(BUILD_32_and_64)
363N/A
363N/A# We follow what we do for install in openssl/openssl-1.0.0 component. Please
363N/A# see the comment in Makefile in there for more information.
363N/Ainstall:    $(INSTALL_32_and_64)
363N/A
363N/A# We need to modify the default lint flags to include patched opensslconf.h from
363N/A# the build directory. If we do not do that, lint will complain about md2.h
363N/A# which is not enabled by default but it is in our opensslconf.h.
363N/ALFLAGS_32 := -I$(BUILD_DIR_32)/include $(LINT_FLAGS)
363N/ALFLAGS_64 := -I$(BUILD_DIR_64)/include $(LINT_FLAGS)
363N/A
363N/A# Set modified lint flags for our lint library targets.
7161N/A$(BUILD_DIR_32)/llib-lcrypto.ln: LINT_FLAGS=$(LFLAGS_32) -I$(PROTOUSRINCDIR)
7161N/A$(BUILD_DIR_32)/llib-lssl.ln: LINT_FLAGS=$(LFLAGS_32) -I$(PROTOUSRINCDIR)
7161N/A$(BUILD_DIR_64)/llib-lcrypto.ln: LINT_FLAGS=$(LFLAGS_64) -I$(PROTOUSRINCDIR)
7161N/A$(BUILD_DIR_64)/llib-lssl.ln: LINT_FLAGS=$(LFLAGS_64) -I$(PROTOUSRINCDIR)
363N/A
4282N/A# There are also separate STC test suites 'openssl' and 'openssl-engine'
4282N/A# for regression testing. These internal tests are unit tests only.
4282N/ACOMPONENT_TEST_TARGETS = test
4282N/Atest:       $(TEST_32_and_64)
363N/A
7161N/Asystem-test:    $(SYSTEM_TESTS_NOT_IMPLEMENTED)
363N/A
7161N/A
7161N/AREQUIRED_PACKAGES += developer/build/makedepend
7161N/AREQUIRED_PACKAGES += network/rsync
3996N/AREQUIRED_PACKAGES += system/library