author | Rich Burridge <rich.burridge@oracle.com> |
Thu, 23 Feb 2017 13:46:52 -0800 | |
changeset 7687 | 1093e2a9adbd |
parent 7362 | 8875826c2bcb |
permissions | -rw-r--r-- |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
1 |
# |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
2 |
# CDDL HEADER START |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
3 |
# |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
4 |
# The contents of this file are subject to the terms of the |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
5 |
# Common Development and Distribution License (the "License"). |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
6 |
# You may not use this file except in compliance with the License. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
7 |
# |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
8 |
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
9 |
# or http://www.opensolaris.org/os/licensing. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
10 |
# See the License for the specific language governing permissions |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
11 |
# and limitations under the License. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
12 |
# |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
13 |
# When distributing Covered Code, include this CDDL HEADER in each |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
14 |
# file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
15 |
# If applicable, add the following below this CDDL HEADER, with the |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
16 |
# fields enclosed by brackets "[]" replaced with your own identifying |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
17 |
# information: Portions Copyright [yyyy] [name of copyright owner] |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
18 |
# |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
19 |
# CDDL HEADER END |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
20 |
# |
5682
94c0ca64c022
15558602 TCL_LD_SEARCH_FLAGS is wrongly defined in tclConfig.sh
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
5602
diff
changeset
|
21 |
|
94c0ca64c022
15558602 TCL_LD_SEARCH_FLAGS is wrongly defined in tclConfig.sh
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
5602
diff
changeset
|
22 |
# |
7687
1093e2a9adbd
25590368 Userland components should include "upstream" release tracking information
Rich Burridge <rich.burridge@oracle.com>
parents:
7362
diff
changeset
|
23 |
# Copyright (c) 2011, 2017, Oracle and/or its affiliates. All rights reserved. |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
24 |
# |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
25 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
26 |
# |
1596
59869c4257d0
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1587
diff
changeset
|
27 |
# This component is not to be installed. It is used to build FIPS-140 |
59869c4257d0
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1587
diff
changeset
|
28 |
# certified OpenSSL libraries. |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
29 |
# |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
30 |
|
364
73fbb345104d
7039910 move OpenSSL from SFW to Userland gate (fix path/make args)
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
363
diff
changeset
|
31 |
include ../../../make-rules/shared-macros.mk |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
32 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
33 |
COMPONENT_NAME = openssl-fips |
7103
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
6718
diff
changeset
|
34 |
COMPONENT_VERSION = 2.0.13 |
6716
6e7ab6702602
PSARC/2016/417 OpenSSL Elliptic Curve Cryptography
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
5682
diff
changeset
|
35 |
COMPONENT_SRC = $(COMPONENT_NAME)-$(COMPONENT_VERSION) |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
36 |
COMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz |
800
2ad056ed89ec
7163771 sha1 should not be used in userland-fetch and userland component/*/Makefile
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
774
diff
changeset
|
37 |
COMPONENT_ARCHIVE_HASH= \ |
7103
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
6718
diff
changeset
|
38 |
sha256:3ff723f93901f750779a2e67ff15985c357f1a15c892c9504446fbc85c6f77da |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
39 |
COMPONENT_ARCHIVE_URL = http://www.openssl.org/source/$(COMPONENT_ARCHIVE) |
1969
ac6c35e6af98
19005730 COMPONENT_BUGDB needs to be updated in components/openssl/*/Makefile
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
1940
diff
changeset
|
40 |
COMPONENT_BUGDB= library/openssl |
7687
1093e2a9adbd
25590368 Userland components should include "upstream" release tracking information
Rich Burridge <rich.burridge@oracle.com>
parents:
7362
diff
changeset
|
41 |
COMPONENT_ANITYA_ID= 13290 |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
42 |
|
3817
30b42c38bbc4
15786608 SUNBT7162754 create new meta package developer/opensolaris/userland
Norm Jacobs <Norm.Jacobs@Sun.COM>
parents:
2225
diff
changeset
|
43 |
include $(WS_MAKE_RULES)/prep.mk |
30b42c38bbc4
15786608 SUNBT7162754 create new meta package developer/opensolaris/userland
Norm Jacobs <Norm.Jacobs@Sun.COM>
parents:
2225
diff
changeset
|
44 |
include $(WS_MAKE_RULES)/configure.mk |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
45 |
|
678
ecd6b850f3d3
7129553 openssl-fips fails to build now
Hai-May Chao <haimay.chao@oracle.com>
parents:
648
diff
changeset
|
46 |
PATH=$(SPRO_VROOT)/bin:/usr/bin:/usr/gnu/bin:/usr/perl5/bin |
365
f10c11e3a4a5
7039910 move OpenSSL from SFW to Userland gate (fix fips path and make targets)
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
364
diff
changeset
|
47 |
|
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
48 |
# In order to build a 32bit version on a 64bit system the isalist(1) command |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
49 |
# must be substituted for the 32bit build so that amd64|sparcv9 is not part of |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
50 |
# its output. isalist is used internally when configuring the canister before |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
51 |
# building it. In order to allow make install to be run as a no-op we have to |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
52 |
# fake "make install" since we do not want to install the files anywhere. The |
1596
59869c4257d0
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1587
diff
changeset
|
53 |
# command sets U1 and U2 are defined in the FIPS 2.0.5 security policy and must be |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
54 |
# run as shown there. Nothing from the tarball can be modified. We use the U2 |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
55 |
# command set, see below. |
4664
f81cb9995e58
21452701 openssl fips doesn't build now that isalist is gone
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
4516
diff
changeset
|
56 |
FAKE_ISALIST = 32/isalist 64/isalist |
678
ecd6b850f3d3
7129553 openssl-fips fails to build now
Hai-May Chao <haimay.chao@oracle.com>
parents:
648
diff
changeset
|
57 |
FAKE_MAKE = fips-gmake |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
58 |
FAKE_CC = cc |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
59 |
FAKE_APPS = $(FAKE_ISALIST) $(FAKE_MAKE) $(FAKE_CC) |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
60 |
|
4252
891a844655c4
20992358 clean/clobber in many components no longer deletes the build directory
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
3817
diff
changeset
|
61 |
CLEAN_PATHS += $(FAKE_APPS) |
774
d0cbca26a17c
7035978 parfait support for userland bits
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
758
diff
changeset
|
62 |
|
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
63 |
# Do not use $(PWD), it would not work if run from a different directory with |
4822
1fb8a14c6702
PSARC/2015/353 OpenSSL 1.0.2
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
4664
diff
changeset
|
64 |
# "gmake -C" as we do from openssl-default |
758
8d61ac17827e
7156914 openssl-fips fails to build if gcc-45 is installed
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
678
diff
changeset
|
65 |
# we'll also pick up gcc if we find it in the path, so force it to |
8d61ac17827e
7156914 openssl-fips fails to build if gcc-45 is installed
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
678
diff
changeset
|
66 |
# find one that doesn't work like it wants |
8d61ac17827e
7156914 openssl-fips fails to build if gcc-45 is installed
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
678
diff
changeset
|
67 |
FIPS_PATH_32 = $(COMPONENT_DIR)/32:$(COMPONENT_DIR)/gcc:$(PATH) |
4664
f81cb9995e58
21452701 openssl fips doesn't build now that isalist is gone
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
4516
diff
changeset
|
68 |
FIPS_PATH_64 = $(COMPONENT_DIR)/64:$(COMPONENT_DIR)/gcc:$(PATH) |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
69 |
|
2037
3559e1505b2b
19314980 Update the OpenSSL FIPS-140 module version to 2.0.6
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1969
diff
changeset
|
70 |
# HMAC-SHA-1 digest of the OpenSSL FIPS tar file is used for the |
3559e1505b2b
19314980 Update the OpenSSL FIPS-140 module version to 2.0.6
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1969
diff
changeset
|
71 |
# integrity test requirement for the FIPS-140 validation. |
3559e1505b2b
19314980 Update the OpenSSL FIPS-140 module version to 2.0.6
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1969
diff
changeset
|
72 |
# Note: COMPONENT_ARCHIVE_HASH is a SHA256 digest used by the Userland |
3559e1505b2b
19314980 Update the OpenSSL FIPS-140 module version to 2.0.6
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1969
diff
changeset
|
73 |
# Consolidation to check the file integrity. |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
74 |
OPENSSL_FIPS_HMAC_KEY = etaonrishdlcupfm |
7103
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
6718
diff
changeset
|
75 |
OPENSSL_FIPS_HMAC = 26f923491458df77a1f4c6ce39fef2f5bea88cd5 |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
76 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
77 |
# There is a broken link in the tarball which causes cp(1) to fail which would |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
78 |
# fail the whole configure process. It's safer to get rid of the link than |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
79 |
# adding "true" at the end of COMPONENT_PRE_CONFIGURE_ACTION since that could |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
80 |
# hide real issues. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
81 |
COMPONENT_PRE_CONFIGURE_ACTION = ( cd $(@D); \ |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
82 |
$(RM) $(SOURCE_DIR)/test/fips_aes_data; $(CP) -r $(SOURCE_DIR)/* .; ) |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
83 |
|
7239
81dd404b35f2
24830961 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase II
Misaki Miyashita <misaki.miyashita@oracle.com>
parents:
7103
diff
changeset
|
84 |
COMPONENT_POST_UNPACK_ACTION = \ |
81dd404b35f2
24830961 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase II
Misaki Miyashita <misaki.miyashita@oracle.com>
parents:
7103
diff
changeset
|
85 |
( echo "Cloning engines..."; \ |
81dd404b35f2
24830961 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase II
Misaki Miyashita <misaki.miyashita@oracle.com>
parents:
7103
diff
changeset
|
86 |
$(LN) -fs $(COMPONENT_DIR)/inline-t4/sparc_arch.h $(@D)/crypto/; \ |
81dd404b35f2
24830961 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase II
Misaki Miyashita <misaki.miyashita@oracle.com>
parents:
7103
diff
changeset
|
87 |
$(LN) -fs $(COMPONENT_DIR)/inline-t4/aest4-sparcv9.pl $(@D)/crypto/aes/asm; \ |
81dd404b35f2
24830961 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase II
Misaki Miyashita <misaki.miyashita@oracle.com>
parents:
7103
diff
changeset
|
88 |
$(LN) -fs $(COMPONENT_DIR)/inline-t4/dest4-sparcv9.pl $(@D)/crypto/des/asm; \ |
7362
8875826c2bcb
25067396 The 'dhtest_rfc5114_2048_224_bad_y' in dhtest.c didn't fail in FIPS mode
Misaki Miyashita <misaki.miyashita@oracle.com>
parents:
7239
diff
changeset
|
89 |
$(LN) -fs $(COMPONENT_DIR)/inline-t4/dh_check.c $(@D)/crypto/dh; \ |
7239
81dd404b35f2
24830961 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase II
Misaki Miyashita <misaki.miyashita@oracle.com>
parents:
7103
diff
changeset
|
90 |
$(LN) -fs $(COMPONENT_DIR)/inline-t4/sparcv9_modes.pl $(@D)/crypto/perlasm; \ |
81dd404b35f2
24830961 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase II
Misaki Miyashita <misaki.miyashita@oracle.com>
parents:
7103
diff
changeset
|
91 |
$(LN) -fs $(COMPONENT_DIR)/inline-t4/vis3-mont.pl $(@D)/crypto/bn/asm; \ |
81dd404b35f2
24830961 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase II
Misaki Miyashita <misaki.miyashita@oracle.com>
parents:
7103
diff
changeset
|
92 |
$(LN) -fs $(COMPONENT_DIR)/inline-t4/sparcv9-gf2m.pl $(@D)/crypto/bn/asm; \ |
81dd404b35f2
24830961 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase II
Misaki Miyashita <misaki.miyashita@oracle.com>
parents:
7103
diff
changeset
|
93 |
$(LN) -fs $(COMPONENT_DIR)/inline-t4/sparct4-mont.pl $(@D)/crypto/bn/asm; \ |
81dd404b35f2
24830961 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase II
Misaki Miyashita <misaki.miyashita@oracle.com>
parents:
7103
diff
changeset
|
94 |
$(LN) -fs $(COMPONENT_DIR)/inline-t4/e_des3.c $(@D)/crypto/evp; \ |
81dd404b35f2
24830961 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase II
Misaki Miyashita <misaki.miyashita@oracle.com>
parents:
7103
diff
changeset
|
95 |
$(LN) -fs $(COMPONENT_DIR)/inline-t4/e_aes.c $(@D)/crypto/evp; \ |
81dd404b35f2
24830961 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase II
Misaki Miyashita <misaki.miyashita@oracle.com>
parents:
7103
diff
changeset
|
96 |
$(LN) -fs $(COMPONENT_DIR)/inline-t4/sha1-sparcv9.pl $(@D)/crypto/sha/asm; \ |
81dd404b35f2
24830961 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase II
Misaki Miyashita <misaki.miyashita@oracle.com>
parents:
7103
diff
changeset
|
97 |
$(LN) -fs $(COMPONENT_DIR)/inline-t4/sha512-sparcv9.pl $(@D)/crypto/sha/asm; ) |
81dd404b35f2
24830961 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase II
Misaki Miyashita <misaki.miyashita@oracle.com>
parents:
7103
diff
changeset
|
98 |
|
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
99 |
# There is a specific way that must be followed to build the FIPS-140 canister. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
100 |
# It is "./config fipscanisterbuild; make; make install" and is called a command |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
101 |
# set "U2" in the OpenSSL FIPS-140 User Guide. |
1596
59869c4257d0
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1587
diff
changeset
|
102 |
ifeq ($(MACH), sparc) |
59869c4257d0
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1587
diff
changeset
|
103 |
CONFIGURE_SCRIPT_32 = config |
59869c4257d0
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1587
diff
changeset
|
104 |
# For 64-bit, use './Configure fipscanisterbuild solaris64-sparcv9-cc'. |
59869c4257d0
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1587
diff
changeset
|
105 |
CONFIGURE_SCRIPT_64 = ./Configure |
59869c4257d0
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1587
diff
changeset
|
106 |
CONFIGURE_OPTIONS.64 = solaris64-sparcv9-cc |
59869c4257d0
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1587
diff
changeset
|
107 |
CONFIGURE_SCRIPT = $(CONFIGURE_SCRIPT_$(BITS)) |
59869c4257d0
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1587
diff
changeset
|
108 |
else |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
109 |
CONFIGURE_SCRIPT = config |
1596
59869c4257d0
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1587
diff
changeset
|
110 |
endif |
59869c4257d0
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1587
diff
changeset
|
111 |
|
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
112 |
CONFIGURE_OPTIONS = fipscanisterbuild |
1596
59869c4257d0
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1587
diff
changeset
|
113 |
CONFIGURE_OPTIONS += $(CONFIGURE_OPTIONS.$(BITS)) |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
114 |
COMPONENT_BUILD_ARGS = |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
115 |
COMPONENT_BUILD_TARGETS = |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
116 |
COMPONENT_INSTALL_ARGS = |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
117 |
COMPONENT_INSTALL_TARGETS = install |
5125
34cc580c62c2
21029732 PKG_CONFIG_PATH should be included in CONFIGURE_ENV and BUILD_ENV
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
4822
diff
changeset
|
118 |
# Ignore default CC_FOR_BUILD, CC, and CXX in CONFIGURE_ENV. |
34cc580c62c2
21029732 PKG_CONFIG_PATH should be included in CONFIGURE_ENV and BUILD_ENV
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
4822
diff
changeset
|
119 |
CONFIGURE_ENV += CC_FOR_BUILD= |
34cc580c62c2
21029732 PKG_CONFIG_PATH should be included in CONFIGURE_ENV and BUILD_ENV
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
4822
diff
changeset
|
120 |
CONFIGURE_ENV += CC= |
34cc580c62c2
21029732 PKG_CONFIG_PATH should be included in CONFIGURE_ENV and BUILD_ENV
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
4822
diff
changeset
|
121 |
CONFIGURE_ENV += CXX= |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
122 |
CONFIGURE_ENV += FIPS_SITE_LD=$(LD) PATH=$(FIPS_PATH_$(BITS)) |
678
ecd6b850f3d3
7129553 openssl-fips fails to build now
Hai-May Chao <haimay.chao@oracle.com>
parents:
648
diff
changeset
|
123 |
# Add COMPONENT_DIR to PATH so cc wrapper can be found. |
ecd6b850f3d3
7129553 openssl-fips fails to build now
Hai-May Chao <haimay.chao@oracle.com>
parents:
648
diff
changeset
|
124 |
COMPONENT_BUILD_ENV += FIPS_SITE_LD=$(LD) REALCC=$(CC) MYMAKE=$(MAKE) PATH=$(COMPONENT_DIR):$(PATH) |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
125 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
126 |
$(BUILD_32_and_64): $(FAKE_APPS) |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
127 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
128 |
# You should not use this target with this component unless testing or |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
129 |
# debugging. The OpenSSL FIPS-140 policy is strict and full U2 command set |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
130 |
# should be run. See above for more information. |
2225
f064d3d3190d
20078677 Userland Makefiles should support a configure: target
John Beck <John.Beck@Oracle.COM>
parents:
2037
diff
changeset
|
131 |
configure: $(CONFIGURE_32_and_64) |
f064d3d3190d
20078677 Userland Makefiles should support a configure: target
John Beck <John.Beck@Oracle.COM>
parents:
2037
diff
changeset
|
132 |
|
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
133 |
build: $(BUILD_32_and_64) |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
134 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
135 |
# We must make the "install" target a no-op (but must run it to be compliant). |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
136 |
# See above for more information. |
678
ecd6b850f3d3
7129553 openssl-fips fails to build now
Hai-May Chao <haimay.chao@oracle.com>
parents:
648
diff
changeset
|
137 |
install: GMAKE = $(COMPONENT_DIR)/fips-gmake |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
138 |
install: $(BUILD_DIR_32)/.verified $(BUILD_DIR_64)/.verified |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
139 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
140 |
# This is a recommended set of commands to verify that the FIPS-140 mode can be |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
141 |
# used and that we used the correct tarball. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
142 |
$(BUILD_DIR)/%/.verified: $(BUILD_DIR)/%/.installed |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
143 |
(printf x; \ |
4516
50b76d78389e
21274691 openssl fips doesn't build on s12-76
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
4339
diff
changeset
|
144 |
$(ENV) - OPENSSL_FIPS=1 LD_LIBRARY_PATH=/lib/openssl/fips-140/64 \ |
1940
9b35341f1085
18908406 Checksum of OpenSSL FIPS tar ball should be checked with FIPS validated openssl
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1596
diff
changeset
|
145 |
/lib/openssl/fips-140/openssl sha1 -hmac $(OPENSSL_FIPS_HMAC_KEY) \ |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
146 |
$(COMPONENT_ARCHIVE)) | \ |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
147 |
$(NAWK) '{ if ($$2 != "$(OPENSSL_FIPS_HMAC)") exit 1 }' |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
148 |
@echo Basic FIPS-140 mode verification passed. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
149 |
$(TOUCH) $@ |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
150 |
|
7103
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
6718
diff
changeset
|
151 |
test: $(NO_TESTS) |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
152 |
|
4339
6501cf9c29f9
21116842 add system-test targets to each component Makefile and to top-level Makefiles
Stacy Yeh <stacy.yeh@oracle.com>
parents:
4252
diff
changeset
|
153 |
system-test: $(NO_TESTS) |
6501cf9c29f9
21116842 add system-test targets to each component Makefile and to top-level Makefiles
Stacy Yeh <stacy.yeh@oracle.com>
parents:
4252
diff
changeset
|
154 |