Changeset View
Changeset View
Standalone View
Standalone View
lib/libve/Makefile.inc
- This file was added.
Property | Old Value | New Value |
---|---|---|
svn:eol-style | null | native \ No newline at end of property |
svn:keywords | null | FreeBSD=%H \ No newline at end of property |
svn:mime-type | null | text/plain \ No newline at end of property |
# $FreeBSD$ | |||||
libve_src:= ${.PARSEDIR} | |||||
CFLAGS+= -I${libve_src}/h | |||||
.PATH: ${.PARSEDIR} | |||||
SRCS+= \ | |||||
readfile.c \ | |||||
brf.c \ | |||||
vesigned.c \ | |||||
vets.c | |||||
.if ${.CURDIR:M*libve*} != "" | |||||
SRCS+= veta.c | |||||
.if ${.CURDIR:T} == "tests" | |||||
SRCS+= vectx.c veopen.c | |||||
.endif | |||||
.endif | |||||
CFLAGS+= ${XCFLAGS.${.TARGET:T:R}:U} | |||||
# we use a couple of files from ${BEARSSL}/tools | |||||
# but need to make sure they are safe for use in libsa | |||||
BRSSL_SED:= ${.PARSEDIR}/brssl.sed | |||||
BRSSL_SRCS+= \ | |||||
xmem.c \ | |||||
vector.c \ | |||||
.for s in ${BEARSSL}/tools/brssl.h ${BRSSL_SRCS:S,^,${BEARSSL}/tools/,} | |||||
${s:T}: $s | |||||
sed -f ${BRSSL_SED} $s > ${.TARGET} | |||||
.endfor | |||||
BRSSL_CFLAGS+= -I. | |||||
SRCS+= ${BRSSL_SRCS} | |||||
# extract the last cert from a chain (should be rootCA) | |||||
_LAST_PEM_USE: .USE | |||||
sed "1,`grep -n .-END ${.ALLSRC:M*.pem} | tail -2 | head -1 | sed 's,:.*,,'`d" ${.ALLSRC:M*.pem} > ${.TARGET} | |||||
# extract 2nd last cert from chain - we use this for self-test | |||||
_2ndLAST_PEM_USE: .USE | |||||
sed -n "`grep -n .-BEGIN ${.ALLSRC:M*.pem} | tail -2 | \ | |||||
sed 's,:.*,,' | xargs | (read a b; echo $$a,$$(($$b - 1)))`p" ${.ALLSRC:M*.pem} > ${.TARGET} | |||||
# list of hashes we support | |||||
VE_HASH_LIST?= SHA256 | |||||
# list of signatures we support | |||||
# some people don't trust ECDSA | |||||
VE_SIGNATURE_LIST?= RSA | |||||
# this list controls our search for signatures so will not be sorted | |||||
# note: for X509 signatures we assume we can replace the trailing | |||||
# "sig" with "certs" to find the certificate chain | |||||
# eg. for manifest.esig we use manifest.ecerts | |||||
VE_SIGNATURE_EXT_LIST?= sig | |||||
# needs to be yes for FIPS 140-2 compliance | |||||
VE_SELF_TESTS?= no | |||||
# rules to populate the [tv]*.pem files we use to generate ta.h | |||||
# and can add/alter VE_*_LIST as desired. | |||||
.-include "local.trust.mk" | |||||
# this is what we use as our trust anchor | |||||
CFLAGS+= -I. -DTRUST_ANCHOR_STR=ta_PEM | |||||
.if ${VE_SELF_TESTS} != "no" | |||||
CFLAGS+= -DVERIFY_CERTS_STR=vc_PEM | |||||
.endif | |||||
# clean these up | |||||
VE_HASH_LIST:= ${VE_HASH_LIST:tu:O:u} | |||||
VE_SIGNATURE_LIST:= ${VE_SIGNATURE_LIST:tu:O:u} | |||||
# define what we are supporting | |||||
CFLAGS+= ${VE_HASH_LIST:@H@-DVE_$H_SUPPORT@} \ | |||||
${VE_SIGNATURE_LIST:@S@-DVE_$S_SUPPORT@} | |||||
.if ${VE_SIGNATURE_LIST:MOPENPGP} != "" | |||||
.include "openpgp/Makefile.inc" | |||||
.endif | |||||
# Generate ta.h containing ta_PEM as an array of strings | |||||
# each holding a PEM encoded trust anchor. | |||||
# | |||||
# If we are doing self-tests, we define another arrary vc_PEM | |||||
# containing certificates that we can verify for each trust anchor. | |||||
# this is typically a subordinate CA cert. | |||||
# Finally we generate a hash of vc_PEM using each supported hash method | |||||
# to use as a Known Answer Test (needed for FIPS 140-2) | |||||
# | |||||
vets.o: ta.h | |||||
ta.h: ${.ALLTARGETS:M[tv]*pem:O:u} | |||||
@( echo '/* Autogenerated - DO NOT EDIT!!! */'; echo; \ | |||||
echo "static char ta_PEM[] ="; \ | |||||
for f in ${.ALLSRC:N*crl*:Mt*.pem}; do \ | |||||
sed 's,^\(.*\),"\1\\n",' $$f; \ | |||||
done; echo ';'; echo; ) > ${.TARGET} | |||||
echo "${.newline}${VE_HASH_LIST:@H@static char vc_$H[] = \"`cat ${.ALLSRC:N*crl*:Mv*.pem} | ${$H:U${H:tl}}`\";${.newline}@}" >> ${.TARGET} | |||||
.if ${VE_SELF_TESTS} != "no" | |||||
( echo "static char vc_PEM[] ="; \ | |||||
for f in ${.ALLSRC:N*crl*:Mv*.pem}; do \ | |||||
sed 's,^\(.*\),"\1\\n",' $$f; \ | |||||
done; echo ';'; \ | |||||
) >> ${.TARGET} | |||||
.endif | |||||
.if !empty(BUILD_UTC_FILE) | |||||
echo '#define BUILD_UTC ${${STAT:Ustat} -f %m ${BUILD_UTC_FILE}:L:sh}' >> ${.TARGET} ${.OODATE:MNOMETA_CMP} | |||||
.endif | |||||
# This header records our preference for signature extensions. | |||||
vesigned.o: vse.h | |||||
vse.h: | |||||
@( echo '/* Autogenerated - DO NOT EDIT!!! */'; echo; \ | |||||
echo "static const char *signature_exts[] = {"; \ | |||||
echo '${VE_SIGNATURE_EXT_LIST:@e@"$e",${.newline}@}'; \ | |||||
echo 'NULL };' ) > ${.TARGET} | |||||
.for s in ${BRSSL_SRCS} brf.c vets.c veta.c | |||||
$s: brssl.h | |||||
XCFLAGS.${s:R}+= ${BRSSL_CFLAGS} | |||||
.endfor |