git: 544deacc90f4 - main - libcrypto: group definitions for libcrypto and fips
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 05 Jul 2023 20:01:15 UTC
The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=544deacc90f4f6dc93017a6e18b2fdbf3bc4e059 commit 544deacc90f4f6dc93017a6e18b2fdbf3bc4e059 Author: Pierre Pronchery <pierre@freebsdfoundation.org> AuthorDate: 2023-06-30 17:23:57 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2023-07-05 20:00:54 +0000 libcrypto: group definitions for libcrypto and fips OpenSSL 3 supports a modular architecture, allowing different providers to bring specific implementations of cryptographical algorithms. This change makes sure the FIPS module matches build instructions used for libcrypto. Sponsored by: The FreeBSD Foundation Pull Request: https://github.com/freebsd/freebsd-src/pull/787 --- secure/lib/libcrypto/Makefile | 10 --- secure/lib/libcrypto/Makefile.common | 112 +++++++++++++++++++++++++ secure/lib/libcrypto/Makefile.inc | 103 +---------------------- secure/lib/libcrypto/modules/fips/Makefile | 130 ++++------------------------- 4 files changed, 131 insertions(+), 224 deletions(-) diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile index 28258e796984..4421ea0b0855 100644 --- a/secure/lib/libcrypto/Makefile +++ b/secure/lib/libcrypto/Makefile @@ -581,16 +581,6 @@ INCSDIR= ${INCLUDEDIR}/openssl LIBADD= pthread -CFLAGS+= -I${LCRYPTO_SRC}/crypto -CFLAGS+= -I${LCRYPTO_SRC}/crypto/ec/curve448 -CFLAGS+= -I${LCRYPTO_SRC}/crypto/ec/curve448/arch_32 -CFLAGS+= -I${LCRYPTO_SRC}/crypto/modes -CFLAGS+= -I${.OBJDIR} - -.if !empty(SRCS:M*.S) -ACFLAGS+= -Wa,--noexecstack -.endif - SRCS+= buildinf.h CLEANDIRS= openssl diff --git a/secure/lib/libcrypto/Makefile.common b/secure/lib/libcrypto/Makefile.common new file mode 100644 index 000000000000..7abb73e226fd --- /dev/null +++ b/secure/lib/libcrypto/Makefile.common @@ -0,0 +1,112 @@ +# $FreeBSD$ + +.include <bsd.endian.mk> + +.if ${TARGET_ENDIANNESS} == 1234 +CFLAGS+= -DL_ENDIAN +.elif ${TARGET_ENDIANNESS} == 4321 +CFLAGS+= -DB_ENDIAN +.endif + +.if ${MACHINE_CPUARCH} == "aarch64" || ${MACHINE_CPUARCH} == "amd64" || \ + ${MACHINE_CPUARCH} == "arm" || ${MACHINE_CPUARCH} == "i386" +ASM_${MACHINE_CPUARCH}= +.elif ${MACHINE_ARCH} == "powerpc" || ${MACHINE_ARCH} == "powerpc64" || \ + ${MACHINE_ARCH} == "powerpc64le" +ASM_${MACHINE_ARCH}= +.endif + +.if defined(ASM_${MACHINE_CPUARCH}) || defined(ASM_${MACHINE_ARCH}) +CFLAGS+= -DOPENSSL_CPUID_OBJ +.if defined(ASM_aarch64) +CFLAGS+= -DOPENSSL_BN_ASM_MONT +CFLAGS+= -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM +CFLAGS+= -DKECCAK1600_ASM +CFLAGS+= -DVPAES_ASM +CFLAGS+= -DECP_NISTZ256_ASM +CFLAGS+= -DPOLY1305_ASM +.elif defined(ASM_amd64) +CFLAGS+= -DOPENSSL_IA32_SSE2 +CFLAGS+= -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 +CFLAGS+= -DOPENSSL_BN_ASM_GF2m +CFLAGS+= -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM +CFLAGS+= -DKECCAK1600_ASM +CFLAGS+= -DRC4_ASM +CFLAGS+= -DMD5_ASM +CFLAGS+= -DVPAES_ASM +CFLAGS+= -DGHASH_ASM +CFLAGS+= -DECP_NISTZ256_ASM -DX25519_ASM +CFLAGS+= -DPADLOCK_ASM +CFLAGS+= -DPOLY1305_ASM +.elif defined(ASM_arm) +CFLAGS+= -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m +CFLAGS+= -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM +CFLAGS+= -DKECCAK1600_ASM +CFLAGS+= -DBSAES_ASM +CFLAGS+= -DGHASH_ASM +CFLAGS+= -DECP_NISTZ256_ASM +CFLAGS+= -DPOLY1305_ASM +.elif defined(ASM_i386) +CFLAGS+= -DOPENSSL_IA32_SSE2 +CFLAGS+= -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT +CFLAGS+= -DOPENSSL_BN_ASM_GF2m +CFLAGS+= -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM +CFLAGS+= -DRC4_ASM +CFLAGS+= -DMD5_ASM +CFLAGS+= -DRMD160_ASM +CFLAGS+= -DVPAES_ASM +CFLAGS+= -DWHIRLPOOL_ASM +CFLAGS+= -DGHASH_ASM +CFLAGS+= -DECP_NISTZ256_ASM +CFLAGS+= -DPADLOCK_ASM +CFLAGS+= -DPOLY1305_ASM +.elif defined(ASM_powerpc) +CFLAGS+= -DOPENSSL_BN_ASM_MONT +CFLAGS+= -DAES_ASM +CFLAGS+= -DVPAES_ASM +CFLAGS+= -DSHA1_ASM +CFLAGS+= -DSHA256_ASM +CFLAGS+= -DSHA512_ASM +CFLAGS+= -DPOLY1305_ASM +.elif defined(ASM_powerpc64) +CFLAGS+= -DOPENSSL_BN_ASM_MONT +CFLAGS+= -DAES_ASM +CFLAGS+= -DVPAES_ASM +CFLAGS+= -DSHA1_ASM +CFLAGS+= -DSHA256_ASM +CFLAGS+= -DSHA512_ASM +CFLAGS+= -DPOLY1305_ASM +CFLAGS+= -DECP_NISTZ256_ASM +CFLAGS+= -DX25519_ASM +CFLAGS+= -DKECCAK1600_ASM +.elif defined(ASM_powerpc64le) +CFLAGS+= -DOPENSSL_BN_ASM_MONT +CFLAGS+= -DAES_ASM +CFLAGS+= -DVPAES_ASM +CFLAGS+= -DSHA1_ASM +CFLAGS+= -DSHA256_ASM +CFLAGS+= -DSHA512_ASM +CFLAGS+= -DPOLY1305_ASM +CFLAGS+= -DECP_NISTZ256_ASM +CFLAGS+= -DX25519_ASM +CFLAGS+= -DKECCAK1600_ASM +.endif +.endif + +MANDIR= ${SHAREDIR}/openssl/man/man + +CFLAGS+= -DOPENSSLDIR="\"/etc/ssl\"" +CFLAGS+= -DENGINESDIR="\"${LIBDIR}/engines-3\"" +CFLAGS+= -DMODULESDIR="\"${LIBDIR}/ossl-modules\"" + +CFLAGS+= -DNDEBUG + +CFLAGS+= -I${LCRYPTO_SRC}/crypto +CFLAGS+= -I${LCRYPTO_SRC}/crypto/ec/curve448 +CFLAGS+= -I${LCRYPTO_SRC}/crypto/ec/curve448/arch_32 +CFLAGS+= -I${LCRYPTO_SRC}/crypto/modes +CFLAGS+= -I${.OBJDIR} + +.if !empty(SRCS:M*.S) +ACFLAGS+= -Wa,--noexecstack +.endif diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc index d995fb2a0cb2..d462d9f82857 100644 --- a/secure/lib/libcrypto/Makefile.inc +++ b/secure/lib/libcrypto/Makefile.inc @@ -14,108 +14,7 @@ CFLAGS+= -I${LCRYPTO_SRC}/include CFLAGS+= -I${LCRYPTO_SRC}/providers/common/include CFLAGS+= -I${LCRYPTO_SRC}/providers/implementations/include -.include <bsd.endian.mk> - -.if ${TARGET_ENDIANNESS} == 1234 -CFLAGS+= -DL_ENDIAN -.elif ${TARGET_ENDIANNESS} == 4321 -CFLAGS+= -DB_ENDIAN -.endif - -.if ${MACHINE_CPUARCH} == "aarch64" || ${MACHINE_CPUARCH} == "amd64" || \ - ${MACHINE_CPUARCH} == "arm" || ${MACHINE_CPUARCH} == "i386" -ASM_${MACHINE_CPUARCH}= -.elif ${MACHINE_ARCH} == "powerpc" || ${MACHINE_ARCH} == "powerpc64" || \ - ${MACHINE_ARCH} == "powerpc64le" -ASM_${MACHINE_ARCH}= -.endif - -.if defined(ASM_${MACHINE_CPUARCH}) || defined(ASM_${MACHINE_ARCH}) -CFLAGS+= -DOPENSSL_CPUID_OBJ -.if defined(ASM_aarch64) -CFLAGS+= -DOPENSSL_BN_ASM_MONT -CFLAGS+= -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -CFLAGS+= -DKECCAK1600_ASM -CFLAGS+= -DVPAES_ASM -CFLAGS+= -DECP_NISTZ256_ASM -CFLAGS+= -DPOLY1305_ASM -.elif defined(ASM_amd64) -CFLAGS+= -DOPENSSL_IA32_SSE2 -CFLAGS+= -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -CFLAGS+= -DOPENSSL_BN_ASM_GF2m -CFLAGS+= -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -CFLAGS+= -DKECCAK1600_ASM -CFLAGS+= -DRC4_ASM -CFLAGS+= -DMD5_ASM -CFLAGS+= -DVPAES_ASM -CFLAGS+= -DGHASH_ASM -CFLAGS+= -DECP_NISTZ256_ASM -DX25519_ASM -CFLAGS+= -DPADLOCK_ASM -CFLAGS+= -DPOLY1305_ASM -.elif defined(ASM_arm) -CFLAGS+= -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -CFLAGS+= -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -CFLAGS+= -DKECCAK1600_ASM -CFLAGS+= -DBSAES_ASM -CFLAGS+= -DGHASH_ASM -CFLAGS+= -DECP_NISTZ256_ASM -CFLAGS+= -DPOLY1305_ASM -.elif defined(ASM_i386) -CFLAGS+= -DOPENSSL_IA32_SSE2 -CFLAGS+= -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -CFLAGS+= -DOPENSSL_BN_ASM_GF2m -CFLAGS+= -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -CFLAGS+= -DRC4_ASM -CFLAGS+= -DMD5_ASM -CFLAGS+= -DRMD160_ASM -CFLAGS+= -DVPAES_ASM -CFLAGS+= -DWHIRLPOOL_ASM -CFLAGS+= -DGHASH_ASM -CFLAGS+= -DECP_NISTZ256_ASM -CFLAGS+= -DPADLOCK_ASM -CFLAGS+= -DPOLY1305_ASM -.elif defined(ASM_powerpc) -CFLAGS+= -DOPENSSL_BN_ASM_MONT -CFLAGS+= -DAES_ASM -CFLAGS+= -DVPAES_ASM -CFLAGS+= -DSHA1_ASM -CFLAGS+= -DSHA256_ASM -CFLAGS+= -DSHA512_ASM -CFLAGS+= -DPOLY1305_ASM -.elif defined(ASM_powerpc64) -CFLAGS+= -DOPENSSL_BN_ASM_MONT -CFLAGS+= -DAES_ASM -CFLAGS+= -DVPAES_ASM -CFLAGS+= -DSHA1_ASM -CFLAGS+= -DSHA256_ASM -CFLAGS+= -DSHA512_ASM -CFLAGS+= -DPOLY1305_ASM -CFLAGS+= -DECP_NISTZ256_ASM -CFLAGS+= -DX25519_ASM -CFLAGS+= -DKECCAK1600_ASM -.elif defined(ASM_powerpc64le) -CFLAGS+= -DOPENSSL_BN_ASM_MONT -CFLAGS+= -DAES_ASM -CFLAGS+= -DVPAES_ASM -CFLAGS+= -DSHA1_ASM -CFLAGS+= -DSHA256_ASM -CFLAGS+= -DSHA512_ASM -CFLAGS+= -DPOLY1305_ASM -CFLAGS+= -DECP_NISTZ256_ASM -CFLAGS+= -DX25519_ASM -CFLAGS+= -DKECCAK1600_ASM -.endif -.endif - -.if defined(LIB) -CFLAGS+= -DOPENSSLDIR="\"/etc/ssl\"" -CFLAGS+= -DENGINESDIR="\"${LIBDIR}/engines-3\"" -CFLAGS+= -DMODULESDIR="\"${LIBDIR}/ossl-modules\"" -.endif - -CFLAGS+= -DNDEBUG - -MANDIR= ${SHAREDIR}/openssl/man/man +.include "Makefile.common" .for pcfile in ${PCFILES} ${pcfile}: ${pcfile}.in diff --git a/secure/lib/libcrypto/modules/fips/Makefile b/secure/lib/libcrypto/modules/fips/Makefile index 510d017d27ab..c8b79e3badfd 100644 --- a/secure/lib/libcrypto/modules/fips/Makefile +++ b/secure/lib/libcrypto/modules/fips/Makefile @@ -4,123 +4,14 @@ SHLIB_NAME?= fips.so CFLAGS+= -DFIPS_MODULE -SRCS= fips_entry.c fipsprov.c self_test.c self_test_kats.c - -# XXX from secure/lib/libcrypto/Makefile.inc -.include <bsd.own.mk> - -#.include <bsd.endian.mk> -# -#.if ${TARGET_ENDIANNESS} == 1234 -#CFLAGS+= -DL_ENDIAN -#.elif ${TARGET_ENDIANNESS} == 4321 -#CFLAGS+= -DB_ENDIAN -#.endif - -.if ${MACHINE_CPUARCH} == "aarch64" || ${MACHINE_CPUARCH} == "amd64" || \ - ${MACHINE_CPUARCH} == "arm" || ${MACHINE_CPUARCH} == "i386" -ASM_${MACHINE_CPUARCH}= -.elif ${MACHINE_ARCH} == "powerpc" || ${MACHINE_ARCH} == "powerpc64" || \ - ${MACHINE_ARCH} == "powerpc64le" -ASM_${MACHINE_ARCH}= -.endif +SRCS+= fips_entry.c fipsprov.c self_test.c self_test_kats.c -.if defined(ASM_${MACHINE_CPUARCH}) || defined(ASM_${MACHINE_ARCH}) -CFLAGS+= -DOPENSSL_CPUID_OBJ -.if defined(ASM_aarch64) -CFLAGS+= -DOPENSSL_BN_ASM_MONT -CFLAGS+= -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -CFLAGS+= -DKECCAK1600_ASM -CFLAGS+= -DVPAES_ASM -CFLAGS+= -DECP_NISTZ256_ASM -CFLAGS+= -DPOLY1305_ASM -.elif defined(ASM_amd64) -CFLAGS+= -DOPENSSL_IA32_SSE2 -CFLAGS+= -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -CFLAGS+= -DOPENSSL_BN_ASM_GF2m -CFLAGS+= -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -CFLAGS+= -DKECCAK1600_ASM -CFLAGS+= -DRC4_ASM -CFLAGS+= -DMD5_ASM -CFLAGS+= -DVPAES_ASM -CFLAGS+= -DGHASH_ASM -CFLAGS+= -DECP_NISTZ256_ASM -DX25519_ASM -CFLAGS+= -DPADLOCK_ASM -CFLAGS+= -DPOLY1305_ASM -.elif defined(ASM_arm) -CFLAGS+= -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -CFLAGS+= -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -CFLAGS+= -DKECCAK1600_ASM -CFLAGS+= -DBSAES_ASM -CFLAGS+= -DGHASH_ASM -CFLAGS+= -DECP_NISTZ256_ASM -CFLAGS+= -DPOLY1305_ASM -.elif defined(ASM_i386) -CFLAGS+= -DOPENSSL_IA32_SSE2 -CFLAGS+= -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -CFLAGS+= -DOPENSSL_BN_ASM_GF2m -CFLAGS+= -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -CFLAGS+= -DRC4_ASM -CFLAGS+= -DMD5_ASM -CFLAGS+= -DRMD160_ASM -CFLAGS+= -DVPAES_ASM -CFLAGS+= -DWHIRLPOOL_ASM -CFLAGS+= -DGHASH_ASM -CFLAGS+= -DECP_NISTZ256_ASM -CFLAGS+= -DPADLOCK_ASM -CFLAGS+= -DPOLY1305_ASM -.elif defined(ASM_powerpc) -CFLAGS+= -DOPENSSL_BN_ASM_MONT -CFLAGS+= -DAES_ASM -CFLAGS+= -DVPAES_ASM -CFLAGS+= -DSHA1_ASM -CFLAGS+= -DSHA256_ASM -CFLAGS+= -DSHA512_ASM -CFLAGS+= -DPOLY1305_ASM -.elif defined(ASM_powerpc64) -CFLAGS+= -DOPENSSL_BN_ASM_MONT -CFLAGS+= -DAES_ASM -CFLAGS+= -DVPAES_ASM -CFLAGS+= -DSHA1_ASM -CFLAGS+= -DSHA256_ASM -CFLAGS+= -DSHA512_ASM -CFLAGS+= -DPOLY1305_ASM -CFLAGS+= -DECP_NISTZ256_ASM -CFLAGS+= -DX25519_ASM -CFLAGS+= -DKECCAK1600_ASM -.elif defined(ASM_powerpc64le) -CFLAGS+= -DOPENSSL_BN_ASM_MONT -CFLAGS+= -DAES_ASM -CFLAGS+= -DVPAES_ASM -CFLAGS+= -DSHA1_ASM -CFLAGS+= -DSHA256_ASM -CFLAGS+= -DSHA512_ASM -CFLAGS+= -DPOLY1305_ASM -CFLAGS+= -DECP_NISTZ256_ASM -CFLAGS+= -DX25519_ASM -CFLAGS+= -DKECCAK1600_ASM -.endif -.endif +.include "../../Makefile.common" # crypto SRCS+= provider_core.c provider_predefined.c \ core_fetch.c core_algorithm.c core_namemap.c self_test_core.c -# crypto/ec -SRCS+= ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \ - ec_curve.c ec_check.c ec_key.c ec_kmeth.c ecx_key.c ec_asn1.c \ - ec2_smpl.c \ - ecp_oct.c ec2_oct.c ec_oct.c ecdh_ossl.c \ - ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c \ - curve448/f_generic.c curve448/scalar.c \ - curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \ - ec_backend.c ecx_backend.c ecdh_kdf.c curve448/arch_64/f_impl64.c \ - curve448/arch_32/f_impl32.c -SRCS+= cryptlib.c params.c params_from_text.c bsearch.c ex_data.c o_str.c \ - threads_pthread.c threads_none.c initthread.c \ - context.c sparse_array.c asn1_dsa.c packet.c param_build.c \ - param_build_set.c der_writer.c threads_lib.c params_dup.c - SRCS+= cpuid.c ctype.c .if defined(ASM_aarch64) SRCS+= arm64cpuid.S armcap.c @@ -172,9 +63,24 @@ SRCS+= dh_lib.c dh_key.c dh_group_params.c dh_check.c dh_backend.c dh_gen.c \ # crypto/dsa SRCS+= dsa_sign.c dsa_vrf.c dsa_lib.c dsa_ossl.c dsa_check.c \ - dsa_key.c dsa_backend.c dsa_gen.c + dsa_key.c dsa_backend.c dsa_gen.c # crypto/ec +SRCS+= ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \ + ec_curve.c ec_check.c ec_key.c ec_kmeth.c ecx_key.c ec_asn1.c \ + ec2_smpl.c \ + ecp_oct.c ec2_oct.c ec_oct.c ecdh_ossl.c \ + ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c \ + curve448/f_generic.c curve448/scalar.c \ + curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \ + ec_backend.c ecx_backend.c ecdh_kdf.c curve448/arch_64/f_impl64.c \ + curve448/arch_32/f_impl32.c +SRCS+= cryptlib.c params.c params_from_text.c bsearch.c ex_data.c o_str.c \ + threads_pthread.c threads_none.c initthread.c \ + context.c sparse_array.c asn1_dsa.c packet.c param_build.c \ + param_build_set.c der_writer.c threads_lib.c params_dup.c + +.include <bsd.opts.mk> .if ${MACHINE_ABI:Mlittle-endian} && ${MACHINE_ABI:Mlong64} SRCS+= ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c .endif