Cross Reference: /solaris-userland/components/openssl/openssl-fips-140/Makefile

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
2209N/A#
2209N/A# CDDL HEADER START
2209N/A#
2209N/A# The contents of this file are subject to the terms of the
2209N/A# Common Development and Distribution License (the "License").
2209N/A# You may not use this file except in compliance with the License.
2209N/A#
2209N/A# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
2209N/A# or http://www.opensolaris.org/os/licensing.
2209N/A# See the License for the specific language governing permissions
2209N/A# and limitations under the License.
2209N/A#
2209N/A# When distributing Covered Code, include this CDDL HEADER in each
2209N/A# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
2209N/A# If applicable, add the following below this CDDL HEADER, with the
2209N/A# fields enclosed by brackets "[]" replaced with your own identifying
2209N/A# information: Portions Copyright [yyyy] [name of copyright owner]
2209N/A#
2209N/A# CDDL HEADER END
2209N/A#
5680N/A
5680N/A#
5371N/A# Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
2209N/A#
2209N/A
2209N/Ainclude ../../../make-rules/shared-macros.mk
2209N/A
2209N/APATH=$(SPRO_VROOT)/bin:/usr/bin:/usr/gnu/bin:/usr/perl5/bin
3441N/Aifeq   ($(strip $(PARFAIT_BUILD)),yes)
3441N/APATH=$(PARFAIT_TOOLS):$(SPRO_VROOT)/bin:/usr/bin:/usr/gnu/bin:/usr/perl5/bin
3441N/Aendif
2209N/A
2209N/ACOMPONENT_NAME =    openssl-fips-140
5537N/A# Note: COMPONENT_VERSION is the core OpenSSL version, and IPS_COMPONENT_VERSION
5537N/A# is the FIPS module version. The COMPONENT_VERSION changes with the core
5537N/A# OpenSSL version, but the IPS_COMPONENT_VERSION is purposely only to change if
5537N/A# the FIPS module version changes.
6982N/ACOMPONENT_VERSION = 1.0.2j
7101N/AIPS_COMPONENT_VERSION = 2.0.13
2209N/ACOMPONENT_PROJECT_URL=  http://www.openssl.org/
2209N/ACOMPONENT_SRC_NAME =    openssl
2209N/ACOMPONENT_SRC =     $(COMPONENT_SRC_NAME)-$(COMPONENT_VERSION)
2209N/ACOMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz
2209N/ACOMPONENT_ARCHIVE_HASH= \
6982N/A    sha256:e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431
2209N/ACOMPONENT_ARCHIVE_URL = $(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
2931N/ACOMPONENT_BUGDB=    library/openssl
2209N/A
6982N/ATPNO=           31866
2899N/A
4368N/A# Clone the patch files to the patches-all dir.
4368N/A# COPY_COMMON_FILES is there so that rsync is called as soon as
4368N/A# the Makefile is parsed.
4368N/APATCH_DIR=patches-all
4368N/ACLEAN_PATHS += $(PATCH_DIR)
4368N/ACOPY_COMMON_FILES:= $(shell rsync -ac ../common/patches/ patches/ $(PATCH_DIR))
4368N/A
3062N/A# OpenSSL FIPS directory
2221N/AOPENSSL_FIPS_DIR = $(COMPONENT_DIR)/../openssl-fips
2221N/A
3817N/Ainclude $(WS_MAKE_RULES)/prep.mk
3817N/Ainclude $(WS_MAKE_RULES)/configure.mk
3817N/Ainclude $(WS_MAKE_RULES)/ips.mk
3817N/Ainclude $(WS_MAKE_RULES)/lint-libraries.mk
2209N/A
2209N/A# OpenSSL does not use autoconf but its own configure system.
2209N/ACONFIGURE_SCRIPT = $(SOURCE_DIR)/Configure
2209N/A
2209N/A# Used in the configure options below.
2209N/APKCS11_LIB32 = /usr/lib/libpkcs11.so.1
2209N/APKCS11_LIB64 = /usr/lib/64/libpkcs11.so.1
2209N/AENGINESDIR_32 = /lib/openssl/engines
2209N/AENGINESDIR_64 = /lib/openssl/engines/64
2209N/A
2209N/A# Built openssl/openssl-fips component is used when building FIPS-140 libraries.
2209N/A# What we do here follows the OpenSSL FIPS-140 User Guide instructions.
2209N/AFIPS_BUILD_DIR_32 = $(shell echo $(BUILD_DIR_32) | \
4820N/A    sed -e 's/openssl-fips-140/openssl-fips/g' )
2209N/AFIPS_BUILD_DIR_64 = $(shell echo $(BUILD_DIR_64) | \
4820N/A    sed -e 's/openssl-fips-140/openssl-fips/g' )
2209N/A
5123N/A# Ignore default CC_FOR_BUILD, CC, and CXX in CONFIGURE_ENV.
5123N/ACONFIGURE_ENV += CC_FOR_BUILD=
5123N/ACONFIGURE_ENV += CC=
5123N/ACONFIGURE_ENV += CXX=
5123N/A
2209N/ACONFIGURE_OPTIONS =  -DSOLARIS_OPENSSL -DNO_WINDOWS_BRAINDEATH
2209N/ACONFIGURE_OPTIONS += --openssldir=/etc/openssl
2209N/ACONFIGURE_OPTIONS += --prefix=/usr
2209N/A# We use OpenSSL install code for installing only manual pages and we do that
2209N/A# for 32-bit version only.
2209N/ACONFIGURE_OPTIONS += --install_prefix=$(PROTO_DIR)
2209N/ACONFIGURE_OPTIONS += no-rc3
2209N/ACONFIGURE_OPTIONS += no-rc5
6017N/ACONFIGURE_OPTIONS += no-md2
2209N/ACONFIGURE_OPTIONS += no-mdc2
2209N/ACONFIGURE_OPTIONS += no-idea
2209N/ACONFIGURE_OPTIONS += no-hw_4758_cca
2209N/ACONFIGURE_OPTIONS += no-hw_aep
2209N/ACONFIGURE_OPTIONS += no-hw_atalla
2209N/ACONFIGURE_OPTIONS += no-hw_chil
2209N/ACONFIGURE_OPTIONS += no-hw_gmp
2209N/ACONFIGURE_OPTIONS += no-hw_ncipher
2209N/ACONFIGURE_OPTIONS += no-hw_nuron
2209N/ACONFIGURE_OPTIONS += no-hw_padlock
2209N/ACONFIGURE_OPTIONS += no-hw_sureware
2209N/ACONFIGURE_OPTIONS += no-hw_ubsec
2209N/ACONFIGURE_OPTIONS += no-hw_cswift
2209N/ACONFIGURE_OPTIONS += threads
2209N/ACONFIGURE_OPTIONS += shared
2221N/ACONFIGURE_OPTIONS += fips --with-fipslibdir="$(FIPS_BUILD_DIR_$(BITS))/fips/"
2221N/ACONFIGURE_OPTIONS += --with-fipsdir="$(BUILD_DIR_$(BITS))"
2221N/ACONFIGURE_OPTIONS += no-seed
2209N/A
4371N/A# Disable SSLv2 and SSLv3 protocols
6962N/ACONFIGURE_OPTIONS += no-ssl2
4907N/ACONFIGURE_OPTIONS += no-ssl3 no-ssl3-method
4371N/A
2209N/A# We define our own compiler and linker option sets for Solaris. See Configure
2209N/A# for more information.
2209N/ACONFIGURE_OPTIONS32_i386 =  solaris-x86-cc-sunw
4368N/ACONFIGURE_OPTIONS32_sparc = solaris-fips-sparcv9-cc-sunw
2209N/ACONFIGURE_OPTIONS64_i386 =  solaris64-x86_64-cc-sunw
4368N/ACONFIGURE_OPTIONS64_sparc = solaris64-fips-sparcv9-cc-sunw
2209N/A
2209N/A# Some additional options needed for our engines.
2209N/ACONFIGURE_OPTIONS += --pk11-libname=$(PKCS11_LIB$(BITS))
2209N/ACONFIGURE_OPTIONS += --enginesdir=$(ENGINESDIR_$(BITS))
2209N/ACONFIGURE_OPTIONS += $(CONFIGURE_OPTIONS$(BITS)_$(MACH))
2209N/A
2209N/A# OpenSSL has its own configure system which must be run from the fully
2209N/A# populated source code directory. However, the Userland configuration phase is
2209N/A# run from the build directory. The easiest way to workaround it is to copy all
2209N/A# the source files there.
2209N/ACOMPONENT_PRE_CONFIGURE_ACTION = \
2209N/A    ( $(CLONEY) $(SOURCE_DIR) $(BUILD_DIR)/$(MACH$(BITS)); )
2209N/A
2209N/A# We deliver only one opensslconf.h file which must be suitable for both 32 and
2209N/A# 64 bits. Depending on the configuration option, OpenSSL's Configure script
2209N/A# creates opensslconf.h for either 32 or 64 bits. A patch makes the resulting
2209N/A# header file usable on both architectures. The patch was generated against the
2209N/A# opensslconf.h version from the 32 bit build.
2209N/ACOMPONENT_POST_CONFIGURE_ACTION = \
2221N/A   ( [ $(BITS) -eq 32 ] && $(GPATCH) -p1 $(@D)/crypto/opensslconf.h \
2209N/A      patches-post-config/opensslconf.patch; cd $(@D); $(MAKE) depend; )
2209N/A
4820N/A# We must make sure that openssl-fips component is built before this openssl-fips-140
2209N/A# component since in order to build FIPS-140 certified libraries, the canister
2209N/A# is needed. Note that we must unset BITS that would override the same variable
2209N/A# used in openssl-fips' Makefile, and we would end up up with both canisters
2209N/A# built in 64 (or 32) bits.
2209N/A$(COMPONENT_DIR)/../openssl-fips/build/$(MACH32)/.installed \
2209N/A$(COMPONENT_DIR)/../openssl-fips/build/$(MACH64)/.installed:
2209N/A    ( unset BITS; \
2209N/A    $(MAKE) -C $(COMPONENT_DIR)/../openssl-fips install; )
2209N/A
2209N/A# download, clean, and clobber should all propogate to the fips bits
2209N/Adownload clobber clean::
2209N/A    (cd ../openssl-fips ; $(GMAKE) $@)
2209N/A
2209N/A# We do not ship our engines as patches since it would be more difficult to
2209N/A# update the files which have been under continuous development. We rather copy
2209N/A# the files to the right directories and let OpenSSL makefiles build it.
2221N/A# We also copy some FIPS specific header files needed to build FIPS version
3062N/A# of OpenSSL from FIPS module.
2209N/ACOMPONENT_PRE_BUILD_ACTION = \
6082N/A    ( $(LN) -fs $(COMPONENT_DIR)/../common/engines/pkcs11/*     $(@D)/engines; \
2221N/A      $(MKDIR) $(@D)/bin; \
6714N/A      $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-$(IPS_COMPONENT_VERSION)/fips/fips.h $(@D)/include/openssl; \
6714N/A      $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-$(IPS_COMPONENT_VERSION)/fips/fipssyms.h $(@D)/include/openssl; \
6714N/A      $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-$(IPS_COMPONENT_VERSION)/fips/rand/fips_rand.h $(@D)/include/openssl; \
6714N/A      $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-$(IPS_COMPONENT_VERSION)/fips/fipsld $(@D)/bin/; \
2221N/A      $(LN) -fs $(OPENSSL_FIPS_DIR)/build/$(MACH$(BITS))/fips/fips_standalone_sha1 $(@D)/bin/; \
2221N/A      $(LN) -fs $(COMPONENT_DIR)/build/$(MACH$(BITS))/fips_premain_dso $(@D)/bin/;)
2209N/A
2209N/A# OpenSSL does not install into <dir>/$(MACH64) for 64-bit install so no such
2209N/A# directory is created and Userland install code would fail when installing lint
2209N/A# libraries.
2209N/ACOMPONENT_PRE_INSTALL_ACTION = ( $(MKDIR) $(PROTO_DIR)/usr/lib/$(MACH64); )
2209N/A
2209N/A$(SOURCE_DIR)/.prep: $(COMPONENT_DIR)/../openssl-fips/build/$(MACH32)/.installed \
2209N/A             $(COMPONENT_DIR)/../openssl-fips/build/$(MACH64)/.installed
2209N/A
3477N/Aconfigure:  $(CONFIGURE_32_and_64)
3477N/A
2209N/Abuild:          $(BUILD_32_and_64)
2209N/A
2209N/A# We follow what we do for install in openssl/openssl-1.0.0 component. Please
2209N/A# see the comment in Makefile in there for more information.
2209N/Ainstall:    $(INSTALL_32_and_64)
2209N/A
2209N/A# Set modified lint flags for our lint library targets.
6714N/A$(BUILD_DIR_32)/llib-lcrypto.ln: LINT_FLAGS=$(LFLAGS_32) -I$(PROTOUSRINCDIR)
6714N/A$(BUILD_DIR_32)/llib-lssl.ln: LINT_FLAGS=$(LFLAGS_32) -I$(PROTOUSRINCDIR)
6714N/A$(BUILD_DIR_64)/llib-lcrypto.ln: LINT_FLAGS=$(LFLAGS_64) -I$(PROTOUSRINCDIR)
6714N/A$(BUILD_DIR_64)/llib-lssl.ln: LINT_FLAGS=$(LFLAGS_64) -I$(PROTOUSRINCDIR)
2209N/A
4073N/A# There are also separate STC test suites 'openssl' and 'openssl-engine'
4073N/A# for regression testing. These internal tests are unit tests only.
4073N/ACOMPONENT_TEST_TARGETS = test
4073N/Atest:       $(TEST_32_and_64)
2209N/A
4337N/Asystem-test:    $(SYSTEM_TESTS_NOT_IMPLEMENTED)
4337N/A
2209N/A
3817N/AREQUIRED_PACKAGES += developer/build/makedepend
5395N/AREQUIRED_PACKAGES += network/rsync
3817N/AREQUIRED_PACKAGES += system/library
6351N/AREQUIRED_PACKAGES += system/library/security/crypto