Skip to content

Commit

Permalink
libcrypto: group definitions for libcrypto and fips
Browse files Browse the repository at this point in the history 
OpenSSL 3 supports a modular architecture, allowing different providers
to bring specific implementations of cryptographical algorithms. This
change makes sure the FIPS module matches build instructions used for
libcrypto.

Sponsored by:	The FreeBSD Foundation
  • Loading branch information
@khorben
khorben committed Jun 30, 2023
1 parent 719bfdc commit 4c94dd7
Show file tree
Hide file tree
Showing 3 changed files with 121 additions and 214 deletions.
102 changes: 102 additions & 0 deletions secure/lib/libcrypto/Makefile.common
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
# $FreeBSD$

.include <bsd.endian.mk>

.if ${TARGET_ENDIANNESS} == 1234
CFLAGS+= -DL_ENDIAN
.elif ${TARGET_ENDIANNESS} == 4321
CFLAGS+= -DB_ENDIAN
.endif

.if ${MACHINE_CPUARCH} == "aarch64" || ${MACHINE_CPUARCH} == "amd64" || \
${MACHINE_CPUARCH} == "arm" || ${MACHINE_CPUARCH} == "i386"
ASM_${MACHINE_CPUARCH}=
.elif ${MACHINE_ARCH} == "powerpc" || ${MACHINE_ARCH} == "powerpc64" || \
${MACHINE_ARCH} == "powerpc64le"
ASM_${MACHINE_ARCH}=
.endif

.if defined(ASM_${MACHINE_CPUARCH}) || defined(ASM_${MACHINE_ARCH})
CFLAGS+= -DOPENSSL_CPUID_OBJ
.if defined(ASM_aarch64)
CFLAGS+= -DOPENSSL_BN_ASM_MONT
CFLAGS+= -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
CFLAGS+= -DKECCAK1600_ASM
CFLAGS+= -DVPAES_ASM
CFLAGS+= -DECP_NISTZ256_ASM
CFLAGS+= -DPOLY1305_ASM
.elif defined(ASM_amd64)
CFLAGS+= -DOPENSSL_IA32_SSE2
CFLAGS+= -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
CFLAGS+= -DOPENSSL_BN_ASM_GF2m
CFLAGS+= -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
CFLAGS+= -DKECCAK1600_ASM
CFLAGS+= -DRC4_ASM
CFLAGS+= -DMD5_ASM
CFLAGS+= -DVPAES_ASM
CFLAGS+= -DGHASH_ASM
CFLAGS+= -DECP_NISTZ256_ASM -DX25519_ASM
CFLAGS+= -DPADLOCK_ASM
CFLAGS+= -DPOLY1305_ASM
.elif defined(ASM_arm)
CFLAGS+= -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m
CFLAGS+= -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
CFLAGS+= -DKECCAK1600_ASM
CFLAGS+= -DBSAES_ASM
CFLAGS+= -DGHASH_ASM
CFLAGS+= -DECP_NISTZ256_ASM
CFLAGS+= -DPOLY1305_ASM
.elif defined(ASM_i386)
CFLAGS+= -DOPENSSL_IA32_SSE2
CFLAGS+= -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT
CFLAGS+= -DOPENSSL_BN_ASM_GF2m
CFLAGS+= -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
CFLAGS+= -DRC4_ASM
CFLAGS+= -DMD5_ASM
CFLAGS+= -DRMD160_ASM
CFLAGS+= -DVPAES_ASM
CFLAGS+= -DWHIRLPOOL_ASM
CFLAGS+= -DGHASH_ASM
CFLAGS+= -DECP_NISTZ256_ASM
CFLAGS+= -DPADLOCK_ASM
CFLAGS+= -DPOLY1305_ASM
.elif defined(ASM_powerpc)
CFLAGS+= -DOPENSSL_BN_ASM_MONT
CFLAGS+= -DAES_ASM
CFLAGS+= -DVPAES_ASM
CFLAGS+= -DSHA1_ASM
CFLAGS+= -DSHA256_ASM
CFLAGS+= -DSHA512_ASM
CFLAGS+= -DPOLY1305_ASM
.elif defined(ASM_powerpc64)
CFLAGS+= -DOPENSSL_BN_ASM_MONT
CFLAGS+= -DAES_ASM
CFLAGS+= -DVPAES_ASM
CFLAGS+= -DSHA1_ASM
CFLAGS+= -DSHA256_ASM
CFLAGS+= -DSHA512_ASM
CFLAGS+= -DPOLY1305_ASM
CFLAGS+= -DECP_NISTZ256_ASM
CFLAGS+= -DX25519_ASM
CFLAGS+= -DKECCAK1600_ASM
.elif defined(ASM_powerpc64le)
CFLAGS+= -DOPENSSL_BN_ASM_MONT
CFLAGS+= -DAES_ASM
CFLAGS+= -DVPAES_ASM
CFLAGS+= -DSHA1_ASM
CFLAGS+= -DSHA256_ASM
CFLAGS+= -DSHA512_ASM
CFLAGS+= -DPOLY1305_ASM
CFLAGS+= -DECP_NISTZ256_ASM
CFLAGS+= -DX25519_ASM
CFLAGS+= -DKECCAK1600_ASM
.endif
.endif

MANDIR= ${SHAREDIR}/openssl/man/man

CFLAGS+= -DOPENSSLDIR="\"/etc/ssl\""
CFLAGS+= -DENGINESDIR="\"${LIBDIR}/engines-3\""
CFLAGS+= -DMODULESDIR="\"${LIBDIR}/ossl-modules\""

CFLAGS+= -DNDEBUG
103 changes: 1 addition & 102 deletions secure/lib/libcrypto/Makefile.inc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,108 +14,7 @@ CFLAGS+= -I${LCRYPTO_SRC}/include
CFLAGS+= -I${LCRYPTO_SRC}/providers/common/include
CFLAGS+= -I${LCRYPTO_SRC}/providers/implementations/include

.include <bsd.endian.mk>

.if ${TARGET_ENDIANNESS} == 1234
CFLAGS+= -DL_ENDIAN
.elif ${TARGET_ENDIANNESS} == 4321
CFLAGS+= -DB_ENDIAN
.endif

.if ${MACHINE_CPUARCH} == "aarch64" || ${MACHINE_CPUARCH} == "amd64" || \
${MACHINE_CPUARCH} == "arm" || ${MACHINE_CPUARCH} == "i386"
ASM_${MACHINE_CPUARCH}=
.elif ${MACHINE_ARCH} == "powerpc" || ${MACHINE_ARCH} == "powerpc64" || \
${MACHINE_ARCH} == "powerpc64le"
ASM_${MACHINE_ARCH}=
.endif

.if defined(ASM_${MACHINE_CPUARCH}) || defined(ASM_${MACHINE_ARCH})
CFLAGS+= -DOPENSSL_CPUID_OBJ
.if defined(ASM_aarch64)
CFLAGS+= -DOPENSSL_BN_ASM_MONT
CFLAGS+= -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
CFLAGS+= -DKECCAK1600_ASM
CFLAGS+= -DVPAES_ASM
CFLAGS+= -DECP_NISTZ256_ASM
CFLAGS+= -DPOLY1305_ASM
.elif defined(ASM_amd64)
CFLAGS+= -DOPENSSL_IA32_SSE2
CFLAGS+= -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
CFLAGS+= -DOPENSSL_BN_ASM_GF2m
CFLAGS+= -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
CFLAGS+= -DKECCAK1600_ASM
CFLAGS+= -DRC4_ASM
CFLAGS+= -DMD5_ASM
CFLAGS+= -DVPAES_ASM
CFLAGS+= -DGHASH_ASM
CFLAGS+= -DECP_NISTZ256_ASM -DX25519_ASM
CFLAGS+= -DPADLOCK_ASM
CFLAGS+= -DPOLY1305_ASM
.elif defined(ASM_arm)
CFLAGS+= -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m
CFLAGS+= -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
CFLAGS+= -DKECCAK1600_ASM
CFLAGS+= -DBSAES_ASM
CFLAGS+= -DGHASH_ASM
CFLAGS+= -DECP_NISTZ256_ASM
CFLAGS+= -DPOLY1305_ASM
.elif defined(ASM_i386)
CFLAGS+= -DOPENSSL_IA32_SSE2
CFLAGS+= -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT
CFLAGS+= -DOPENSSL_BN_ASM_GF2m
CFLAGS+= -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
CFLAGS+= -DRC4_ASM
CFLAGS+= -DMD5_ASM
CFLAGS+= -DRMD160_ASM
CFLAGS+= -DVPAES_ASM
CFLAGS+= -DWHIRLPOOL_ASM
CFLAGS+= -DGHASH_ASM
CFLAGS+= -DECP_NISTZ256_ASM
CFLAGS+= -DPADLOCK_ASM
CFLAGS+= -DPOLY1305_ASM
.elif defined(ASM_powerpc)
CFLAGS+= -DOPENSSL_BN_ASM_MONT
CFLAGS+= -DAES_ASM
CFLAGS+= -DVPAES_ASM
CFLAGS+= -DSHA1_ASM
CFLAGS+= -DSHA256_ASM
CFLAGS+= -DSHA512_ASM
CFLAGS+= -DPOLY1305_ASM
.elif defined(ASM_powerpc64)
CFLAGS+= -DOPENSSL_BN_ASM_MONT
CFLAGS+= -DAES_ASM
CFLAGS+= -DVPAES_ASM
CFLAGS+= -DSHA1_ASM
CFLAGS+= -DSHA256_ASM
CFLAGS+= -DSHA512_ASM
CFLAGS+= -DPOLY1305_ASM
CFLAGS+= -DECP_NISTZ256_ASM
CFLAGS+= -DX25519_ASM
CFLAGS+= -DKECCAK1600_ASM
.elif defined(ASM_powerpc64le)
CFLAGS+= -DOPENSSL_BN_ASM_MONT
CFLAGS+= -DAES_ASM
CFLAGS+= -DVPAES_ASM
CFLAGS+= -DSHA1_ASM
CFLAGS+= -DSHA256_ASM
CFLAGS+= -DSHA512_ASM
CFLAGS+= -DPOLY1305_ASM
CFLAGS+= -DECP_NISTZ256_ASM
CFLAGS+= -DX25519_ASM
CFLAGS+= -DKECCAK1600_ASM
.endif
.endif

.if defined(LIB)
CFLAGS+= -DOPENSSLDIR="\"/etc/ssl\""
CFLAGS+= -DENGINESDIR="\"${LIBDIR}/engines-3\""
CFLAGS+= -DMODULESDIR="\"${LIBDIR}/ossl-modules\""
.endif

CFLAGS+= -DNDEBUG

MANDIR= ${SHAREDIR}/openssl/man/man
.include "Makefile.common"

.for pcfile in ${PCFILES}
${pcfile}: ${pcfile}.in
Expand Down
130 changes: 18 additions & 112 deletions secure/lib/libcrypto/modules/fips/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,123 +4,14 @@ SHLIB_NAME?= fips.so

CFLAGS+= -DFIPS_MODULE

SRCS= fips_entry.c fipsprov.c self_test.c self_test_kats.c

# XXX from secure/lib/libcrypto/Makefile.inc
.include <bsd.own.mk>

#.include <bsd.endian.mk>
#
#.if ${TARGET_ENDIANNESS} == 1234
#CFLAGS+= -DL_ENDIAN
#.elif ${TARGET_ENDIANNESS} == 4321
#CFLAGS+= -DB_ENDIAN
#.endif

.if ${MACHINE_CPUARCH} == "aarch64" || ${MACHINE_CPUARCH} == "amd64" || \
${MACHINE_CPUARCH} == "arm" || ${MACHINE_CPUARCH} == "i386"
ASM_${MACHINE_CPUARCH}=
.elif ${MACHINE_ARCH} == "powerpc" || ${MACHINE_ARCH} == "powerpc64" || \
${MACHINE_ARCH} == "powerpc64le"
ASM_${MACHINE_ARCH}=
.endif
SRCS+= fips_entry.c fipsprov.c self_test.c self_test_kats.c

.if defined(ASM_${MACHINE_CPUARCH}) || defined(ASM_${MACHINE_ARCH})
CFLAGS+= -DOPENSSL_CPUID_OBJ
.if defined(ASM_aarch64)
CFLAGS+= -DOPENSSL_BN_ASM_MONT
CFLAGS+= -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
CFLAGS+= -DKECCAK1600_ASM
CFLAGS+= -DVPAES_ASM
CFLAGS+= -DECP_NISTZ256_ASM
CFLAGS+= -DPOLY1305_ASM
.elif defined(ASM_amd64)
CFLAGS+= -DOPENSSL_IA32_SSE2
CFLAGS+= -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
CFLAGS+= -DOPENSSL_BN_ASM_GF2m
CFLAGS+= -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
CFLAGS+= -DKECCAK1600_ASM
CFLAGS+= -DRC4_ASM
CFLAGS+= -DMD5_ASM
CFLAGS+= -DVPAES_ASM
CFLAGS+= -DGHASH_ASM
CFLAGS+= -DECP_NISTZ256_ASM -DX25519_ASM
CFLAGS+= -DPADLOCK_ASM
CFLAGS+= -DPOLY1305_ASM
.elif defined(ASM_arm)
CFLAGS+= -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m
CFLAGS+= -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
CFLAGS+= -DKECCAK1600_ASM
CFLAGS+= -DBSAES_ASM
CFLAGS+= -DGHASH_ASM
CFLAGS+= -DECP_NISTZ256_ASM
CFLAGS+= -DPOLY1305_ASM
.elif defined(ASM_i386)
CFLAGS+= -DOPENSSL_IA32_SSE2
CFLAGS+= -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT
CFLAGS+= -DOPENSSL_BN_ASM_GF2m
CFLAGS+= -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
CFLAGS+= -DRC4_ASM
CFLAGS+= -DMD5_ASM
CFLAGS+= -DRMD160_ASM
CFLAGS+= -DVPAES_ASM
CFLAGS+= -DWHIRLPOOL_ASM
CFLAGS+= -DGHASH_ASM
CFLAGS+= -DECP_NISTZ256_ASM
CFLAGS+= -DPADLOCK_ASM
CFLAGS+= -DPOLY1305_ASM
.elif defined(ASM_powerpc)
CFLAGS+= -DOPENSSL_BN_ASM_MONT
CFLAGS+= -DAES_ASM
CFLAGS+= -DVPAES_ASM
CFLAGS+= -DSHA1_ASM
CFLAGS+= -DSHA256_ASM
CFLAGS+= -DSHA512_ASM
CFLAGS+= -DPOLY1305_ASM
.elif defined(ASM_powerpc64)
CFLAGS+= -DOPENSSL_BN_ASM_MONT
CFLAGS+= -DAES_ASM
CFLAGS+= -DVPAES_ASM
CFLAGS+= -DSHA1_ASM
CFLAGS+= -DSHA256_ASM
CFLAGS+= -DSHA512_ASM
CFLAGS+= -DPOLY1305_ASM
CFLAGS+= -DECP_NISTZ256_ASM
CFLAGS+= -DX25519_ASM
CFLAGS+= -DKECCAK1600_ASM
.elif defined(ASM_powerpc64le)
CFLAGS+= -DOPENSSL_BN_ASM_MONT
CFLAGS+= -DAES_ASM
CFLAGS+= -DVPAES_ASM
CFLAGS+= -DSHA1_ASM
CFLAGS+= -DSHA256_ASM
CFLAGS+= -DSHA512_ASM
CFLAGS+= -DPOLY1305_ASM
CFLAGS+= -DECP_NISTZ256_ASM
CFLAGS+= -DX25519_ASM
CFLAGS+= -DKECCAK1600_ASM
.endif
.endif
.include "../../Makefile.common"

# crypto
SRCS+= provider_core.c provider_predefined.c \
core_fetch.c core_algorithm.c core_namemap.c self_test_core.c

# crypto/ec
SRCS+= ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \
ec_curve.c ec_check.c ec_key.c ec_kmeth.c ecx_key.c ec_asn1.c \
ec2_smpl.c \
ecp_oct.c ec2_oct.c ec_oct.c ecdh_ossl.c \
ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c \
curve448/f_generic.c curve448/scalar.c \
curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \
ec_backend.c ecx_backend.c ecdh_kdf.c curve448/arch_64/f_impl64.c \
curve448/arch_32/f_impl32.c
SRCS+= cryptlib.c params.c params_from_text.c bsearch.c ex_data.c o_str.c \
threads_pthread.c threads_none.c initthread.c \
context.c sparse_array.c asn1_dsa.c packet.c param_build.c \
param_build_set.c der_writer.c threads_lib.c params_dup.c

SRCS+= cpuid.c ctype.c
.if defined(ASM_aarch64)
SRCS+= arm64cpuid.S armcap.c
Expand Down Expand Up @@ -172,9 +63,24 @@ SRCS+= dh_lib.c dh_key.c dh_group_params.c dh_check.c dh_backend.c dh_gen.c \

# crypto/dsa
SRCS+= dsa_sign.c dsa_vrf.c dsa_lib.c dsa_ossl.c dsa_check.c \
dsa_key.c dsa_backend.c dsa_gen.c
dsa_key.c dsa_backend.c dsa_gen.c

# crypto/ec
SRCS+= ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \
ec_curve.c ec_check.c ec_key.c ec_kmeth.c ecx_key.c ec_asn1.c \
ec2_smpl.c \
ecp_oct.c ec2_oct.c ec_oct.c ecdh_ossl.c \
ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c \
curve448/f_generic.c curve448/scalar.c \
curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \
ec_backend.c ecx_backend.c ecdh_kdf.c curve448/arch_64/f_impl64.c \
curve448/arch_32/f_impl32.c
SRCS+= cryptlib.c params.c params_from_text.c bsearch.c ex_data.c o_str.c \
threads_pthread.c threads_none.c initthread.c \
context.c sparse_array.c asn1_dsa.c packet.c param_build.c \
param_build_set.c der_writer.c threads_lib.c params_dup.c

.include <bsd.opts.mk>
.if ${MACHINE_ABI:Mlittle-endian} && ${MACHINE_ABI:Mlong64}
SRCS+= ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c
.endif
Expand Down

0 comments on commit 4c94dd7

Please sign in to comment.