Makefile revision 695
5cd4555ad444fd391002ae32450572054369fd42Rob Austein# CDDL HEADER START
f202f2587b9ba4753afba49b796f599cc12b4d0fAndreas Gustafsson# The contents of this file are subject to the terms of the
7b8b5e34b6daf793373580dfb095f56af5e918ceAutomatic Updater# Common Development and Distribution License (the "License").
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews# You may not use this file except in compliance with the License.
ec5347e2c775f027573ce5648b910361aa926c01Automatic Updater# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
f202f2587b9ba4753afba49b796f599cc12b4d0fAndreas Gustafsson# or http://www.opensolaris.org/os/licensing.
f202f2587b9ba4753afba49b796f599cc12b4d0fAndreas Gustafsson# See the License for the specific language governing permissions
f202f2587b9ba4753afba49b796f599cc12b4d0fAndreas Gustafsson# and limitations under the License.
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews# When distributing Covered Code, include this CDDL HEADER in each
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews# If applicable, add the following below this CDDL HEADER, with the
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews# fields enclosed by brackets "[]" replaced with your own identifying
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews# information: Portions Copyright [yyyy] [name of copyright owner]
f202f2587b9ba4753afba49b796f599cc12b4d0fAndreas Gustafsson# CDDL HEADER END
d4f032db535ad5194d442fec535123f269422055Jeremy Reed# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# This component is not to be installed. It is used from openssl-0.9.8-fips-140
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# to build FIPS-140 certified OpenSSL libraries.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob AusteinCOMPONENT_SRC = $(COMPONENT_NAME)-$(COMPONENT_VERSION)
268a4475065fe6a8cd7cc707820982cf5e98f430Rob AusteinCOMPONENT_ARCHIVE_HASH= sha1:f09c3040da6cdd8bdd8c9cf01af8f14f89ee84d1
268a4475065fe6a8cd7cc707820982cf5e98f430Rob AusteinCOMPONENT_ARCHIVE_URL = http://www.openssl.org/source/$(COMPONENT_ARCHIVE)
268a4475065fe6a8cd7cc707820982cf5e98f430Rob AusteinPATH=$(SPRO_VROOT)/bin:/usr/bin:/usr/gnu/bin:/usr/perl5/bin
26e2a07a0b6a3b1eccef82ba31270d0c54ad4f06Mark Andrews# In order to build a 32bit version on a 64bit system the isalist(1) command
c1a883f2e04d94e99c433b1f6cfd0c0338f4ed85Mark Andrews# must be substituted for the 32bit build so that amd64|sparcv9 is not part of
7b8b5e34b6daf793373580dfb095f56af5e918ceAutomatic Updater# its output. isalist is used internally when configuring the canister before
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# building it. In order to allow make install to be run as a no-op we have to
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# fake "make install" since we do not want to install the files anywhere. The
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# command sets U1 and U2 are defined in the FIPS 1.2 security policy and must be
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# run as shown there. Nothing from the tarball can be modified. We use the U2
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# command set, see below.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob AusteinFAKE_APPS = $(FAKE_ISALIST) $(FAKE_MAKE) $(FAKE_CC)
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# Do not use $(PWD), it would not work if run from a different directory with
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# "gmake -C" as we do from openssl-0.9.8-fips-140.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob AusteinOPENSSL_FIPS_HMAC = 79193087e8115df76d3de1f346f7410df79cf6e0
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# There is a broken link in the tarball which causes cp(1) to fail which would
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# fail the whole configure process. It's safer to get rid of the link than
a268fec7f54a89a0772a91da0511c8eae09e6157Mark Andrews# adding "true" at the end of COMPONENT_PRE_CONFIGURE_ACTION since that could
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# hide real issues.
c6d4f781529d2f28693546b25b2967d44ec89e60Mark Andrews $(RM) $(SOURCE_DIR)/test/fips_aes_data; $(CP) -r $(SOURCE_DIR)/* .; )
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# There is a specific way that must be followed to build the FIPS-140 canister.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# It is "./config fipscanisterbuild; make; make install" and is called a command
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# set "U2" in the OpenSSL FIPS-140 User Guide.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob AusteinCONFIGURE_ENV += FIPS_SITE_LD=$(LD) PATH=$(FIPS_PATH_$(BITS))
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# Add COMPONENT_DIR to PATH so cc wrapper can be found.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob AusteinCOMPONENT_BUILD_ENV += FIPS_SITE_LD=$(LD) REALCC=$(CC) MYMAKE=$(MAKE) PATH=$(COMPONENT_DIR):$(PATH)
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# You should not use this target with this component unless testing or
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# debugging. The OpenSSL FIPS-140 policy is strict and full U2 command set
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# should be run. See above for more information.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# We must make the "install" target a no-op (but must run it to be compliant).
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# See above for more information.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austeininstall: $(BUILD_DIR_32)/.verified $(BUILD_DIR_64)/.verified
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# This is a recommended set of commands to verify that the FIPS-140 mode can be
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# used and that we used the correct tarball.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein$(BUILD_DIR)/%/.verified: $(BUILD_DIR)/%/.installed
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein $(@D)/apps/openssl sha1 -hmac $(OPENSSL_FIPS_HMAC_KEY) \
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein $(NAWK) '{ if ($$2 != "$(OPENSSL_FIPS_HMAC)") exit 1 }'