Cross Reference: /solaris-userland/components/openssl/openssl-fips-140/Makefile

	Makefile revision 6714
d3ed5b56cb6b58f87ffd125bed48f7668f13de1edirkx#
893328ef6ff86d0ca27774778d84410353789fb0fielding# CDDL HEADER START
893328ef6ff86d0ca27774778d84410353789fb0fielding#
893328ef6ff86d0ca27774778d84410353789fb0fielding# The contents of this file are subject to the terms of the
bc8fd1b0b1afdf89b8d28eefa8cd74e26ba97986fielding# Common Development and Distribution License (the "License").
893328ef6ff86d0ca27774778d84410353789fb0fielding# You may not use this file except in compliance with the License.
893328ef6ff86d0ca27774778d84410353789fb0fielding#
893328ef6ff86d0ca27774778d84410353789fb0fielding# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
893328ef6ff86d0ca27774778d84410353789fb0fielding# or http://www.opensolaris.org/os/licensing.
893328ef6ff86d0ca27774778d84410353789fb0fielding# See the License for the specific language governing permissions
893328ef6ff86d0ca27774778d84410353789fb0fielding# and limitations under the License.
893328ef6ff86d0ca27774778d84410353789fb0fielding#
893328ef6ff86d0ca27774778d84410353789fb0fielding# When distributing Covered Code, include this CDDL HEADER in each
893328ef6ff86d0ca27774778d84410353789fb0fielding# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
893328ef6ff86d0ca27774778d84410353789fb0fielding# If applicable, add the following below this CDDL HEADER, with the
893328ef6ff86d0ca27774778d84410353789fb0fielding# fields enclosed by brackets "[]" replaced with your own identifying
893328ef6ff86d0ca27774778d84410353789fb0fielding# information: Portions Copyright [yyyy] [name of copyright owner]
893328ef6ff86d0ca27774778d84410353789fb0fielding#
893328ef6ff86d0ca27774778d84410353789fb0fielding# CDDL HEADER END
893328ef6ff86d0ca27774778d84410353789fb0fielding#
893328ef6ff86d0ca27774778d84410353789fb0fielding
893328ef6ff86d0ca27774778d84410353789fb0fielding#
893328ef6ff86d0ca27774778d84410353789fb0fielding# Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
893328ef6ff86d0ca27774778d84410353789fb0fielding#
893328ef6ff86d0ca27774778d84410353789fb0fielding
893328ef6ff86d0ca27774778d84410353789fb0fieldinginclude ../../../make-rules/shared-macros.mk
893328ef6ff86d0ca27774778d84410353789fb0fielding
893328ef6ff86d0ca27774778d84410353789fb0fieldingPATH=$(SPRO_VROOT)/bin:/usr/bin:/usr/gnu/bin:/usr/perl5/bin
893328ef6ff86d0ca27774778d84410353789fb0fieldingifeq   ($(strip $(PARFAIT_BUILD)),yes)
893328ef6ff86d0ca27774778d84410353789fb0fieldingPATH=$(PARFAIT_TOOLS):$(SPRO_VROOT)/bin:/usr/bin:/usr/gnu/bin:/usr/perl5/bin
893328ef6ff86d0ca27774778d84410353789fb0fieldingendif
893328ef6ff86d0ca27774778d84410353789fb0fielding
893328ef6ff86d0ca27774778d84410353789fb0fieldingCOMPONENT_NAME =    openssl-fips-140
893328ef6ff86d0ca27774778d84410353789fb0fielding# Note: COMPONENT_VERSION is the core OpenSSL version, and IPS_COMPONENT_VERSION
893328ef6ff86d0ca27774778d84410353789fb0fielding# is the FIPS module version. The COMPONENT_VERSION changes with the core
893328ef6ff86d0ca27774778d84410353789fb0fielding# OpenSSL version, but the IPS_COMPONENT_VERSION is purposely only to change if
893328ef6ff86d0ca27774778d84410353789fb0fielding# the FIPS module version changes.
893328ef6ff86d0ca27774778d84410353789fb0fieldingCOMPONENT_VERSION = 1.0.2h
893328ef6ff86d0ca27774778d84410353789fb0fieldingIPS_COMPONENT_VERSION = 2.0.12
893328ef6ff86d0ca27774778d84410353789fb0fieldingCOMPONENT_PROJECT_URL=  http://www.openssl.org/
893328ef6ff86d0ca27774778d84410353789fb0fieldingCOMPONENT_SRC_NAME =    openssl
893328ef6ff86d0ca27774778d84410353789fb0fieldingCOMPONENT_SRC =     $(COMPONENT_SRC_NAME)-$(COMPONENT_VERSION)
893328ef6ff86d0ca27774778d84410353789fb0fieldingCOMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz
893328ef6ff86d0ca27774778d84410353789fb0fieldingCOMPONENT_ARCHIVE_HASH= \
893328ef6ff86d0ca27774778d84410353789fb0fielding    sha256:1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919
893328ef6ff86d0ca27774778d84410353789fb0fieldingCOMPONENT_ARCHIVE_URL = $(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
893328ef6ff86d0ca27774778d84410353789fb0fieldingCOMPONENT_BUGDB=    library/openssl
893328ef6ff86d0ca27774778d84410353789fb0fielding
893328ef6ff86d0ca27774778d84410353789fb0fieldingTPNO=           28137
893328ef6ff86d0ca27774778d84410353789fb0fielding
893328ef6ff86d0ca27774778d84410353789fb0fielding# Clone the patch files to the patches-all dir.
893328ef6ff86d0ca27774778d84410353789fb0fielding# COPY_COMMON_FILES is there so that rsync is called as soon as
893328ef6ff86d0ca27774778d84410353789fb0fielding# the Makefile is parsed.
893328ef6ff86d0ca27774778d84410353789fb0fieldingPATCH_DIR=patches-all
6c7c4bf3d26c01cce4d26526db94f17eb5a44396benCLEAN_PATHS += $(PATCH_DIR)
893328ef6ff86d0ca27774778d84410353789fb0fieldingCOPY_COMMON_FILES:= $(shell rsync -ac ../common/patches/ patches/ $(PATCH_DIR))
893328ef6ff86d0ca27774778d84410353789fb0fielding
0d50a692ff2ac7bdb42e417737ed86ebf0a41671ben# OpenSSL FIPS directory
893328ef6ff86d0ca27774778d84410353789fb0fieldingOPENSSL_FIPS_DIR = $(COMPONENT_DIR)/../openssl-fips
893328ef6ff86d0ca27774778d84410353789fb0fielding
893328ef6ff86d0ca27774778d84410353789fb0fieldinginclude $(WS_MAKE_RULES)/prep.mk
893328ef6ff86d0ca27774778d84410353789fb0fieldinginclude $(WS_MAKE_RULES)/configure.mk
893328ef6ff86d0ca27774778d84410353789fb0fieldinginclude $(WS_MAKE_RULES)/ips.mk
893328ef6ff86d0ca27774778d84410353789fb0fieldinginclude $(WS_MAKE_RULES)/lint-libraries.mk
893328ef6ff86d0ca27774778d84410353789fb0fielding
893328ef6ff86d0ca27774778d84410353789fb0fielding# OpenSSL does not use autoconf but its own configure system.
42f9227f80ce22e944d427e3d7490fa1dd07f9f2rbbCONFIGURE_SCRIPT = $(SOURCE_DIR)/Configure
893328ef6ff86d0ca27774778d84410353789fb0fielding
42f9227f80ce22e944d427e3d7490fa1dd07f9f2rbb# Used in the configure options below.
893328ef6ff86d0ca27774778d84410353789fb0fieldingPKCS11_LIB32 = /usr/lib/libpkcs11.so.1
893328ef6ff86d0ca27774778d84410353789fb0fieldingPKCS11_LIB64 = /usr/lib/64/libpkcs11.so.1
893328ef6ff86d0ca27774778d84410353789fb0fieldingENGINESDIR_32 = /lib/openssl/engines
893328ef6ff86d0ca27774778d84410353789fb0fieldingENGINESDIR_64 = /lib/openssl/engines/64
893328ef6ff86d0ca27774778d84410353789fb0fielding
893328ef6ff86d0ca27774778d84410353789fb0fielding# Built openssl/openssl-fips component is used when building FIPS-140 libraries.
893328ef6ff86d0ca27774778d84410353789fb0fielding# What we do here follows the OpenSSL FIPS-140 User Guide instructions.
893328ef6ff86d0ca27774778d84410353789fb0fieldingFIPS_BUILD_DIR_32 = $(shell echo $(BUILD_DIR_32) | \
42f9227f80ce22e944d427e3d7490fa1dd07f9f2rbb    sed -e 's/openssl-fips-140/openssl-fips/g' )
893328ef6ff86d0ca27774778d84410353789fb0fieldingFIPS_BUILD_DIR_64 = $(shell echo $(BUILD_DIR_64) | \
42f9227f80ce22e944d427e3d7490fa1dd07f9f2rbb    sed -e 's/openssl-fips-140/openssl-fips/g' )
893328ef6ff86d0ca27774778d84410353789fb0fielding
893328ef6ff86d0ca27774778d84410353789fb0fielding# Ignore default CC_FOR_BUILD, CC, and CXX in CONFIGURE_ENV.
893328ef6ff86d0ca27774778d84410353789fb0fieldingCONFIGURE_ENV += CC_FOR_BUILD=
893328ef6ff86d0ca27774778d84410353789fb0fieldingCONFIGURE_ENV += CC=
893328ef6ff86d0ca27774778d84410353789fb0fieldingCONFIGURE_ENV += CXX=
893328ef6ff86d0ca27774778d84410353789fb0fielding
893328ef6ff86d0ca27774778d84410353789fb0fieldingCONFIGURE_OPTIONS =  -DSOLARIS_OPENSSL -DNO_WINDOWS_BRAINDEATH
893328ef6ff86d0ca27774778d84410353789fb0fieldingCONFIGURE_OPTIONS += --openssldir=/etc/openssl
623882f55701a4c5a6bded180f60d86a524ac341saschaCONFIGURE_OPTIONS += --prefix=/usr
623882f55701a4c5a6bded180f60d86a524ac341sascha# We use OpenSSL install code for installing only manual pages and we do that
c066cdcb75ca262e424345b347b86e7ce2285869jerenkrantz# for 32-bit version only.
c066cdcb75ca262e424345b347b86e7ce2285869jerenkrantzCONFIGURE_OPTIONS += --install_prefix=$(PROTO_DIR)
c066cdcb75ca262e424345b347b86e7ce2285869jerenkrantzCONFIGURE_OPTIONS += no-rc3
c15906bab97b9b71b6dc08c1aa2f5c0b72b5ca4edreidCONFIGURE_OPTIONS += no-rc5
c15906bab97b9b71b6dc08c1aa2f5c0b72b5ca4edreidCONFIGURE_OPTIONS += no-md2
96e6cafca226a8a2a64a7bbdc634b5b2679c9e0csaschaCONFIGURE_OPTIONS += no-mdc2
96e6cafca226a8a2a64a7bbdc634b5b2679c9e0csaschaCONFIGURE_OPTIONS += no-idea
893328ef6ff86d0ca27774778d84410353789fb0fieldingCONFIGURE_OPTIONS += no-hw_4758_cca
893328ef6ff86d0ca27774778d84410353789fb0fieldingCONFIGURE_OPTIONS += no-hw_aep
893328ef6ff86d0ca27774778d84410353789fb0fieldingCONFIGURE_OPTIONS += no-hw_atalla
893328ef6ff86d0ca27774778d84410353789fb0fieldingCONFIGURE_OPTIONS += no-hw_chil
893328ef6ff86d0ca27774778d84410353789fb0fieldingCONFIGURE_OPTIONS += no-hw_gmp
893328ef6ff86d0ca27774778d84410353789fb0fieldingCONFIGURE_OPTIONS += no-hw_ncipher
893328ef6ff86d0ca27774778d84410353789fb0fieldingCONFIGURE_OPTIONS += no-hw_nuron
893328ef6ff86d0ca27774778d84410353789fb0fieldingCONFIGURE_OPTIONS += no-hw_padlock
893328ef6ff86d0ca27774778d84410353789fb0fieldingCONFIGURE_OPTIONS += no-hw_sureware
893328ef6ff86d0ca27774778d84410353789fb0fieldingCONFIGURE_OPTIONS += no-hw_ubsec
893328ef6ff86d0ca27774778d84410353789fb0fieldingCONFIGURE_OPTIONS += no-hw_cswift
db51f4ec6447357f968009805e42ec203db09c3dgregamesCONFIGURE_OPTIONS += threads
db51f4ec6447357f968009805e42ec203db09c3dgregamesCONFIGURE_OPTIONS += shared
db51f4ec6447357f968009805e42ec203db09c3dgregamesCONFIGURE_OPTIONS += fips --with-fipslibdir="$(FIPS_BUILD_DIR_$(BITS))/fips/"
db51f4ec6447357f968009805e42ec203db09c3dgregamesCONFIGURE_OPTIONS += --with-fipsdir="$(BUILD_DIR_$(BITS))"
893328ef6ff86d0ca27774778d84410353789fb0fieldingCONFIGURE_OPTIONS += no-seed
893328ef6ff86d0ca27774778d84410353789fb0fielding
e5d41afeed46e2c0046134f063f6e2776dd6a84ajerenkrantz# Disable SSLv2 and SSLv3 protocols
e5d41afeed46e2c0046134f063f6e2776dd6a84ajerenkrantzCONFIGURE_OPTIONS += no-ssl2 no-ssl2-method
db51f4ec6447357f968009805e42ec203db09c3dgregamesCONFIGURE_OPTIONS += no-ssl3 no-ssl3-method
db51f4ec6447357f968009805e42ec203db09c3dgregames
893328ef6ff86d0ca27774778d84410353789fb0fielding# We define our own compiler and linker option sets for Solaris. See Configure
893328ef6ff86d0ca27774778d84410353789fb0fielding# for more information.
544c23d79a3a7596a3612224ed3ac9fa8372929djerenkrantzCONFIGURE_OPTIONS32_i386 =  solaris-x86-cc-sunw
893328ef6ff86d0ca27774778d84410353789fb0fieldingCONFIGURE_OPTIONS32_sparc = solaris-fips-sparcv9-cc-sunw
893328ef6ff86d0ca27774778d84410353789fb0fieldingCONFIGURE_OPTIONS64_i386 =  solaris64-x86_64-cc-sunw
893328ef6ff86d0ca27774778d84410353789fb0fieldingCONFIGURE_OPTIONS64_sparc = solaris64-fips-sparcv9-cc-sunw
544c23d79a3a7596a3612224ed3ac9fa8372929djerenkrantz
893328ef6ff86d0ca27774778d84410353789fb0fielding# Some additional options needed for our engines.
893328ef6ff86d0ca27774778d84410353789fb0fieldingCONFIGURE_OPTIONS += --pk11-libname=$(PKCS11_LIB$(BITS))
893328ef6ff86d0ca27774778d84410353789fb0fieldingCONFIGURE_OPTIONS += --enginesdir=$(ENGINESDIR_$(BITS))
544c23d79a3a7596a3612224ed3ac9fa8372929djerenkrantzCONFIGURE_OPTIONS += $(CONFIGURE_OPTIONS$(BITS)_$(MACH))
96e6cafca226a8a2a64a7bbdc634b5b2679c9e0csascha
893328ef6ff86d0ca27774778d84410353789fb0fielding# OpenSSL has its own configure system which must be run from the fully
# populated source code directory. However, the Userland configuration phase is
# run from the build directory. The easiest way to workaround it is to copy all
# the source files there.
COMPONENT_PRE_CONFIGURE_ACTION = \
    ( $(CLONEY) $(SOURCE_DIR) $(BUILD_DIR)/$(MACH$(BITS)); )

# We deliver only one opensslconf.h file which must be suitable for both 32 and
# 64 bits. Depending on the configuration option, OpenSSL's Configure script
# creates opensslconf.h for either 32 or 64 bits. A patch makes the resulting
# header file usable on both architectures. The patch was generated against the
# opensslconf.h version from the 32 bit build.
COMPONENT_POST_CONFIGURE_ACTION = \
   ( [ $(BITS) -eq 32 ] && $(GPATCH) -p1 $(@D)/crypto/opensslconf.h \
      patches-post-config/opensslconf.patch; cd $(@D); $(MAKE) depend; )

# We must make sure that openssl-fips component is built before this openssl-fips-140
# component since in order to build FIPS-140 certified libraries, the canister
# is needed. Note that we must unset BITS that would override the same variable
# used in openssl-fips' Makefile, and we would end up up with both canisters
# built in 64 (or 32) bits.
$(COMPONENT_DIR)/../openssl-fips/build/$(MACH32)/.installed \
$(COMPONENT_DIR)/../openssl-fips/build/$(MACH64)/.installed:
    ( unset BITS; \
    $(MAKE) -C $(COMPONENT_DIR)/../openssl-fips install; )

# download, clean, and clobber should all propogate to the fips bits
download clobber clean::
    (cd ../openssl-fips ; $(GMAKE) $@)

# We do not ship our engines as patches since it would be more difficult to
# update the files which have been under continuous development. We rather copy
# the files to the right directories and let OpenSSL makefiles build it.
# We also copy some FIPS specific header files needed to build FIPS version
# of OpenSSL from FIPS module.
COMPONENT_PRE_BUILD_ACTION = \
    ( $(LN) -fs $(COMPONENT_DIR)/../common/engines/pkcs11/*     $(@D)/engines; \
      $(MKDIR) $(@D)/bin; \
      $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-$(IPS_COMPONENT_VERSION)/fips/fips.h $(@D)/include/openssl; \
      $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-$(IPS_COMPONENT_VERSION)/fips/fipssyms.h $(@D)/include/openssl; \
      $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-$(IPS_COMPONENT_VERSION)/fips/rand/fips_rand.h $(@D)/include/openssl; \
      $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-$(IPS_COMPONENT_VERSION)/fips/fipsld $(@D)/bin/; \
      $(LN) -fs $(OPENSSL_FIPS_DIR)/build/$(MACH$(BITS))/fips/fips_standalone_sha1 $(@D)/bin/; \
      $(LN) -fs $(COMPONENT_DIR)/build/$(MACH$(BITS))/fips_premain_dso $(@D)/bin/;)

# OpenSSL does not install into <dir>/$(MACH64) for 64-bit install so no such
# directory is created and Userland install code would fail when installing lint
# libraries.
COMPONENT_PRE_INSTALL_ACTION = ( $(MKDIR) $(PROTO_DIR)/usr/lib/$(MACH64); )

$(SOURCE_DIR)/.prep: $(COMPONENT_DIR)/../openssl-fips/build/$(MACH32)/.installed \
             $(COMPONENT_DIR)/../openssl-fips/build/$(MACH64)/.installed

configure:  $(CONFIGURE_32_and_64)

build:          $(BUILD_32_and_64)

# We follow what we do for install in openssl/openssl-1.0.0 component. Please
# see the comment in Makefile in there for more information.
install:    $(INSTALL_32_and_64)

# Set modified lint flags for our lint library targets.
$(BUILD_DIR_32)/llib-lcrypto.ln: LINT_FLAGS=$(LFLAGS_32) -I$(PROTOUSRINCDIR)
$(BUILD_DIR_32)/llib-lssl.ln: LINT_FLAGS=$(LFLAGS_32) -I$(PROTOUSRINCDIR)
$(BUILD_DIR_64)/llib-lcrypto.ln: LINT_FLAGS=$(LFLAGS_64) -I$(PROTOUSRINCDIR)
$(BUILD_DIR_64)/llib-lssl.ln: LINT_FLAGS=$(LFLAGS_64) -I$(PROTOUSRINCDIR)

# There are also separate STC test suites 'openssl' and 'openssl-engine'
# for regression testing. These internal tests are unit tests only.
COMPONENT_TEST_TARGETS = test
test:       $(TEST_32_and_64)

system-test:    $(SYSTEM_TESTS_NOT_IMPLEMENTED)


REQUIRED_PACKAGES += developer/build/makedepend
REQUIRED_PACKAGES += network/rsync
REQUIRED_PACKAGES += system/library
REQUIRED_PACKAGES += system/library/security/crypto