diff --git a/share/mk/src.opts.mk b/share/mk/src.opts.mk index 58c3ebb4cf0f..4fd16579f863 100644 --- a/share/mk/src.opts.mk +++ b/share/mk/src.opts.mk @@ -1,613 +1,612 @@ # $FreeBSD$ # # Option file for FreeBSD /usr/src builds. # # Users define WITH_FOO and WITHOUT_FOO on the command line or in /etc/src.conf # and /etc/make.conf files. These translate in the build system to MK_FOO={yes,no} # with sensible (usually) defaults. # # Makefiles must include bsd.opts.mk after defining specific MK_FOO options that # are applicable for that Makefile (typically there are none, but sometimes there # are exceptions). Recursive makes usually add MK_FOO=no for options that they wish # to omit from that make. # # Makefiles must include bsd.mkopt.mk before they test the value of any MK_FOO # variable. # # Makefiles may also assume that this file is included by src.opts.mk should it # need variables defined there prior to the end of the Makefile where # bsd.{subdir,lib.bin}.mk is traditionally included. # # The old-style YES_FOO and NO_FOO are being phased out. No new instances of them # should be added. Old instances should be removed since they were just to # bridge the gap between FreeBSD 4 and FreeBSD 5. # # Makefiles should never test WITH_FOO or WITHOUT_FOO directly (although an # exception is made for _WITHOUT_SRCONF which turns off this mechanism # completely inside bsd.*.mk files). # .if !target(____) ____: .include # # Define MK_* variables (which are either "yes" or "no") for users # to set via WITH_*/WITHOUT_* in /etc/src.conf and override in the # make(1) environment. # These should be tested with `== "no"' or `!= "no"' in makefiles. # The NO_* variables should only be set by makefiles for variables # that haven't been converted over. # # These options are used by the src builds. Those listed in # __DEFAULT_YES_OPTIONS default to 'yes' and will build unless turned # off. __DEFAULT_NO_OPTIONS will default to 'no' and won't build # unless turned on. Any options listed in 'BROKEN_OPTIONS' will be # hard-wired to 'no'. "Broken" here means not working or # not-appropriate and/or not supported. It doesn't imply something is # wrong with the code. There's not a single good word for this, so # BROKEN was selected as the least imperfect one considered at the # time. Options are added to BROKEN_OPTIONS list on a per-arch basis. # At this time, there's no provision for mutually incompatible options. __DEFAULT_YES_OPTIONS = \ ACCT \ ACPI \ AMD \ APM \ AT \ ATM \ AUDIT \ AUTHPF \ AUTOFS \ BHYVE \ BINUTILS \ BINUTILS_BOOTSTRAP \ BLACKLIST \ BLUETOOTH \ BOOT \ BOOTPARAMD \ BOOTPD \ BSD_CPIO \ BSDINSTALL \ BSNMP \ BZIP2 \ CALENDAR \ CAPSICUM \ CAROOT \ CASPER \ CCD \ CDDL \ CPP \ CROSS_COMPILER \ CRYPT \ CTM \ CUSE \ CXX \ DIALOG \ DICT \ DMAGENT \ DYNAMICROOT \ ED_CRYPTO \ EE \ EFI \ ELFTOOLCHAIN_BOOTSTRAP \ EXAMPLES \ FDT \ FILE \ FINGER \ FLOPPY \ FMTREE \ FORTH \ FP_LIBC \ FREEBSD_UPDATE \ FTP \ GAMES \ GCOV \ GDB \ GNU_DIFF \ GNU_GREP \ GNU_GREP_COMPAT \ GOOGLETEST \ GPIO \ HAST \ HTML \ ICONV \ INET \ INET6 \ INETD \ IPFILTER \ IPFW \ ISCSI \ JAIL \ KDUMP \ KVM \ LDNS \ LDNS_UTILS \ LEGACY_CONSOLE \ LIB32 \ LIBPTHREAD \ LIBTHR \ LLVM_COV \ LLVM_TARGET_ALL \ LOADER_GELI \ LOADER_LUA \ LOADER_OFW \ LOADER_UBOOT \ LOCALES \ LOCATE \ LPR \ LS_COLORS \ LZMA_SUPPORT \ MAIL \ MAILWRAPPER \ MAKE \ MALLOC_PRODUCTION \ NDIS \ NETCAT \ NETGRAPH \ NLS_CATALOGS \ NS_CACHING \ NTP \ OFED \ OPENSSL \ PAM \ PC_SYSINSTALL \ PF \ PKGBOOTSTRAP \ PMC \ PORTSNAP \ PPP \ QUOTAS \ RADIUS_SUPPORT \ RBOOTD \ REPRODUCIBLE_BUILD \ RESCUE \ ROUTED \ SENDMAIL \ SERVICESDB \ SETUID_LOGIN \ SHAREDOCS \ SOURCELESS \ SOURCELESS_HOST \ SOURCELESS_UCODE \ SVNLITE \ SYSCONS \ SYSTEM_COMPILER \ SYSTEM_LINKER \ TALK \ TCP_WRAPPERS \ TCSH \ TELNET \ TEXTPROC \ TFTP \ TIMED \ UNBOUND \ USB \ UTMPX \ VI \ VT \ WIRELESS \ WPA_SUPPLICANT_EAPOL \ ZFS \ LOADER_ZFS \ ZONEINFO __DEFAULT_NO_OPTIONS = \ BEARSSL \ BSD_CRTBEGIN \ BSD_GREP \ CLANG_EXTRAS \ CLANG_FORMAT \ DTRACE_TESTS \ GH_BC \ HESIOD \ LIBSOFT \ LLVM_ASSERTIONS \ LLVM_CXXFILT \ LOADER_FIREWIRE \ LOADER_FORCE_LE \ LOADER_VERIEXEC_PASS_MANIFEST \ NAND \ OFED_EXTRA \ OPENLDAP \ RPCBIND_WARMSTART_SUPPORT \ SHARED_TOOLCHAIN \ SORT_THREADS \ SVN \ ZONEINFO_LEAPSECONDS_SUPPORT \ # LEFT/RIGHT. Left options which default to "yes" unless their corresponding # RIGHT option is disabled. __DEFAULT_DEPENDENT_OPTIONS= \ CLANG_FULL/CLANG \ LOADER_VERIEXEC/BEARSSL \ LOADER_EFI_SECUREBOOT/LOADER_VERIEXEC \ LOADER_VERIEXEC_VECTX/LOADER_VERIEXEC \ VERIEXEC/BEARSSL \ # MK_*_SUPPORT options which default to "yes" unless their corresponding # MK_* variable is set to "no". # .for var in \ BLACKLIST \ BZIP2 \ INET \ INET6 \ KERBEROS \ KVM \ NETGRAPH \ PAM \ TESTS \ WIRELESS __DEFAULT_DEPENDENT_OPTIONS+= ${var}_SUPPORT/${var} .endfor # # Default behaviour of some options depends on the architecture. Unfortunately # this means that we have to test TARGET_ARCH (the buildworld case) as well # as MACHINE_ARCH (the non-buildworld case). Normally TARGET_ARCH is not # used at all in bsd.*.mk, but we have to make an exception here if we want # to allow defaults for some things like clang to vary by target architecture. # Additional, per-target behavior should be rarely added only after much # gnashing of teeth and grinding of gears. # .if defined(TARGET_ARCH) __T=${TARGET_ARCH} .else __T=${MACHINE_ARCH} .endif .if defined(TARGET) __TT=${TARGET} .else __TT=${MACHINE} .endif # All supported backends for LLVM_TARGET_XXX __LLVM_TARGETS= \ aarch64 \ arm \ mips \ powerpc \ riscv \ sparc \ x86 __LLVM_TARGET_FILT= C/(amd64|i386)/x86/:S/sparc64/sparc/:S/arm64/aarch64/ .for __llt in ${__LLVM_TARGETS} # Default enable the given TARGET's LLVM_TARGET support .if ${__TT:${__LLVM_TARGET_FILT}} == ${__llt} __DEFAULT_YES_OPTIONS+= LLVM_TARGET_${__llt:${__LLVM_TARGET_FILT}:tu} # Disable other targets for arm and armv6, to work around "relocation truncated # to fit" errors with BFD ld, since libllvm.a will get too large to link. .elif ${__T} == "arm" __DEFAULT_NO_OPTIONS+=LLVM_TARGET_${__llt:tu} # aarch64 needs arm for -m32 support. .elif ${__TT} == "arm64" && ${__llt} == "arm" __DEFAULT_DEPENDENT_OPTIONS+= LLVM_TARGET_ARM/LLVM_TARGET_AARCH64 # Default the rest of the LLVM_TARGETs to the value of MK_LLVM_TARGET_ALL. .else __DEFAULT_DEPENDENT_OPTIONS+= LLVM_TARGET_${__llt:${__LLVM_TARGET_FILT}:tu}/LLVM_TARGET_ALL .endif .endfor __DEFAULT_NO_OPTIONS+=LLVM_TARGET_BPF .include # If the compiler is not C++11 capable, disable Clang and use GCC instead. # This means that architectures that have GCC 4.2 as default can not # build Clang without using an external compiler. .if ${COMPILER_FEATURES:Mc++11} && (${__T} == "aarch64" || \ ${__T} == "amd64" || ${__TT} == "arm" || ${__T} == "i386" || \ ${__TT} == "riscv") # Clang is enabled, and will be installed as the default /usr/bin/cc. __DEFAULT_YES_OPTIONS+=CLANG CLANG_BOOTSTRAP CLANG_IS_CC LLD __DEFAULT_NO_OPTIONS+=GCC GCC_BOOTSTRAP GNUCXX GPL_DTC .elif ${COMPILER_FEATURES:Mc++11} && ${__T} != "sparc64" # If an external compiler that supports C++11 is used as ${CC} and Clang # supports the target, then Clang is enabled but GCC is installed as the # default /usr/bin/cc. __DEFAULT_YES_OPTIONS+=CLANG GCC GCC_BOOTSTRAP GNUCXX GPL_DTC LLD __DEFAULT_NO_OPTIONS+=CLANG_BOOTSTRAP CLANG_IS_CC .else # Everything else disables Clang, and uses GCC instead. __DEFAULT_YES_OPTIONS+=GCC GCC_BOOTSTRAP GNUCXX GPL_DTC __DEFAULT_NO_OPTIONS+=CLANG CLANG_BOOTSTRAP CLANG_IS_CC LLD .endif # In-tree binutils/gcc are older versions without modern architecture support. .if ${__T} == "aarch64" || ${__T:Mriscv*} != "" BROKEN_OPTIONS+=BINUTILS BINUTILS_BOOTSTRAP GCC GCC_BOOTSTRAP GDB .endif .if ${__T:Mriscv*} != "" BROKEN_OPTIONS+=OFED .endif .if ${__T} == "aarch64" || ${__T} == "amd64" || ${__T} == "i386" || \ ${__T:Mriscv*} != "" || ${__TT} == "mips" __DEFAULT_YES_OPTIONS+=LLVM_LIBUNWIND .else __DEFAULT_NO_OPTIONS+=LLVM_LIBUNWIND .endif .if ${__T} == "aarch64" || ${__T} == "amd64" || ${__T} == "armv6" || \ ${__T} == "armv7" || ${__T} == "i386" || ${__TT} == "riscv" __DEFAULT_YES_OPTIONS+=LLD_BOOTSTRAP LLD_IS_LD .else __DEFAULT_NO_OPTIONS+=LLD_BOOTSTRAP LLD_IS_LD .endif .if ${__T} == "aarch64" || ${__T} == "amd64" || ${__T} == "i386" __DEFAULT_YES_OPTIONS+=LLDB .else __DEFAULT_NO_OPTIONS+=LLDB .endif # LLVM lacks support for FreeBSD 64-bit atomic operations for ARMv4/ARMv5 .if ${__T} == "arm" BROKEN_OPTIONS+=LLDB .endif # GDB in base is generally less functional than GDB in ports. Ports GDB # sparc64 kernel support has not been tested. .if ${__T} == "sparc64" __DEFAULT_NO_OPTIONS+=GDB_LIBEXEC .else __DEFAULT_YES_OPTIONS+=GDB_LIBEXEC .endif # Only doing soft float API stuff on armv6 and armv7 .if ${__T} != "armv6" && ${__T} != "armv7" BROKEN_OPTIONS+=LIBSOFT .endif .if ${__T:Mmips*} BROKEN_OPTIONS+=SSP .endif # EFI doesn't exist on mips, powerpc, sparc or riscv. .if ${__T:Mmips*} || ${__T:Mpowerpc*} || ${__T:Msparc64} || ${__T:Mriscv*} BROKEN_OPTIONS+=EFI .endif # OFW is only for powerpc and sparc64, exclude others .if ${__T:Mpowerpc*} == "" && ${__T:Msparc64} == "" BROKEN_OPTIONS+=LOADER_OFW .endif # UBOOT is only for arm, mips and powerpc, exclude others .if ${__T:Marm*} == "" && ${__T:Mmips*} == "" && ${__T:Mpowerpc*} == "" BROKEN_OPTIONS+=LOADER_UBOOT .endif # GELI and Lua in loader currently cause boot failures on sparc64 and powerpc. # Further debugging is required -- probably they are just broken on big # endian systems generically (they jump to null pointers or try to read # crazy high addresses, which is typical of endianness problems). .if ${__T} == "sparc64" || ${__T:Mpowerpc*} BROKEN_OPTIONS+=LOADER_GELI LOADER_LUA .endif .if ${__T:Mmips64*} # profiling won't work on MIPS64 because there is only assembly for o32 BROKEN_OPTIONS+=PROFILE .endif .if ${__T} == "aarch64" || ${__T} == "amd64" || ${__T} == "i386" || \ ${__T} == "powerpc64" || ${__T} == "sparc64" __DEFAULT_YES_OPTIONS+=CXGBETOOL __DEFAULT_YES_OPTIONS+=MLX5TOOL .else __DEFAULT_NO_OPTIONS+=CXGBETOOL __DEFAULT_NO_OPTIONS+=MLX5TOOL .endif # HyperV is currently x86-only .if ${__T} == "amd64" || ${__T} == "i386" __DEFAULT_YES_OPTIONS+=HYPERV .else __DEFAULT_NO_OPTIONS+=HYPERV .endif # NVME is only x86 and powerpc64 .if ${__T} == "amd64" || ${__T} == "i386" || ${__T} == "powerpc64" __DEFAULT_YES_OPTIONS+=NVME .else __DEFAULT_NO_OPTIONS+=NVME .endif # Sparc64 need extra crt*.o files .if ${__T:Msparc64} BROKEN_OPTIONS+=BSD_CRTBEGIN .endif .if ${COMPILER_FEATURES:Mc++11} && \ (${__T} == "aarch64" || ${__T} == "amd64" || ${__T} == "i386" || \ ${__T} == "powerpc64") __DEFAULT_YES_OPTIONS+=OPENMP .else __DEFAULT_NO_OPTIONS+=OPENMP .endif .include # # MK_* options that default to "yes" if the compiler is a C++11 compiler. # .for var in \ LIBCPLUSPLUS .if !defined(MK_${var}) .if ${COMPILER_FEATURES:Mc++11} .if defined(WITHOUT_${var}) MK_${var}:= no .else MK_${var}:= yes .endif .else .if defined(WITH_${var}) MK_${var}:= yes .else MK_${var}:= no .endif .endif .endif .endfor # # Force some options off if their dependencies are off. # Order is somewhat important. # .if !${COMPILER_FEATURES:Mc++11} MK_GOOGLETEST:= no MK_LLVM_LIBUNWIND:= no .endif .if ${MK_BINUTILS} == "no" MK_GDB:= no .endif .if ${MK_CAPSICUM} == "no" MK_CASPER:= no .endif .if ${MK_LIBPTHREAD} == "no" MK_LIBTHR:= no .endif .if ${MK_SOURCELESS} == "no" MK_SOURCELESS_HOST:= no MK_SOURCELESS_UCODE:= no .endif .if ${MK_CDDL} == "no" MK_ZFS:= no MK_LOADER_ZFS:= no MK_CTF:= no .endif .if ${MK_CRYPT} == "no" MK_OPENSSL:= no MK_OPENSSH:= no MK_KERBEROS:= no MK_KERBEROS_SUPPORT:= no .endif .if ${MK_CXX} == "no" MK_CLANG:= no MK_GNUCXX:= no MK_TESTS:= no .endif .if ${MK_DIALOG} == "no" MK_BSDINSTALL:= no .endif .if ${MK_FILE} == "no" MK_SVNLITE:= no .endif .if ${MK_MAIL} == "no" MK_MAILWRAPPER:= no MK_SENDMAIL:= no MK_DMAGENT:= no .endif .if ${MK_NETGRAPH} == "no" MK_ATM:= no MK_BLUETOOTH:= no .endif .if ${MK_NLS} == "no" MK_NLS_CATALOGS:= no .endif .if ${MK_OPENSSL} == "no" MK_DMAGENT:= no MK_OPENSSH:= no MK_KERBEROS:= no MK_KERBEROS_SUPPORT:= no MK_LDNS:= no MK_PKGBOOTSTRAP:= no MK_SVN:= no MK_SVNLITE:= no -MK_WIRELESS:= no .endif .if ${MK_LDNS} == "no" MK_LDNS_UTILS:= no MK_UNBOUND:= no .endif .if ${MK_PF} == "no" MK_AUTHPF:= no .endif .if ${MK_OFED} == "no" MK_OFED_EXTRA:= no .endif .if ${MK_TESTS} == "no" MK_DTRACE_TESTS:= no .endif .if ${MK_TESTS_SUPPORT} == "no" MK_GOOGLETEST:= no .endif .if ${MK_ZONEINFO} == "no" MK_ZONEINFO_LEAPSECONDS_SUPPORT:= no .endif .if ${MK_CROSS_COMPILER} == "no" MK_BINUTILS_BOOTSTRAP:= no MK_CLANG_BOOTSTRAP:= no MK_ELFTOOLCHAIN_BOOTSTRAP:= no MK_GCC_BOOTSTRAP:= no MK_LLD_BOOTSTRAP:= no .endif .if ${MK_TOOLCHAIN} == "no" MK_BINUTILS:= no MK_CLANG:= no MK_GCC:= no MK_GDB:= no MK_INCLUDES:= no MK_LLD:= no MK_LLDB:= no .endif .if ${MK_CLANG} == "no" MK_CLANG_EXTRAS:= no MK_CLANG_FORMAT:= no MK_CLANG_FULL:= no MK_LLVM_COV:= no .endif .if ${MK_LOADER_VERIEXEC} == "no" MK_LOADER_VERIEXEC_PASS_MANIFEST := no .endif # # MK_* options whose default value depends on another option. # .for vv in \ GSSAPI/KERBEROS \ MAN_UTILS/MAN .if defined(WITH_${vv:H}) MK_${vv:H}:= yes .elif defined(WITHOUT_${vv:H}) MK_${vv:H}:= no .else MK_${vv:H}:= ${MK_${vv:T}} .endif .endfor # # Set defaults for the MK_*_SUPPORT variables. # .if !${COMPILER_FEATURES:Mc++11} MK_LLDB:= no .endif # gcc 4.8 and newer supports libc++, so suppress gnuc++ in that case. # while in theory we could build it with that, we don't want to do # that since it creates too much confusion for too little gain. # XXX: This is incomplete and needs X_COMPILER_TYPE/VERSION checks too # to prevent Makefile.inc1 from bootstrapping unneeded dependencies # and to support 'make delete-old' when supplying an external toolchain. .if ${COMPILER_TYPE} == "gcc" && ${COMPILER_VERSION} >= 40800 MK_GNUCXX:=no MK_GCC:=no .endif .endif # !target(____) diff --git a/usr.sbin/wpa/Makefile.crypto b/usr.sbin/wpa/Makefile.crypto index 8f7965d1dece..71ae76dfb0cc 100644 --- a/usr.sbin/wpa/Makefile.crypto +++ b/usr.sbin/wpa/Makefile.crypto @@ -1,136 +1,163 @@ # $FreeBSD$ .if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH) SRCS+= crypto_openssl.c random.c sha1-prf.c sha256-prf.c sha256-tlsprf.c \ sha512.c LIBADD+= ssl crypto CFLAGS+= -DCONFIG_SHA256 .else CFLAGS+=-DCONFIG_CRYPTO_INTERNAL SRCS+= crypto_internal.c random.c CONFIG_INTERNAL_AES=y CONFIG_INTERNAL_DES=y CONFIG_INTERNAL_MD4=y CONFIG_INTERNAL_MD5=y CONFIG_INTERNAL_RC4=y CONFIG_INTERNAL_SHA1=y NEED_SHA256=y CONFIG_INTERNAL_SHA256=y +NEED_SHA384=y +CONFIG_INTERNAL_SHA384=y +NEED_SHA512=y +CONFIG_INTERNAL_SHA512=y CONFIG_INTERNAL_TLS=y +NEED_DH_GROUPS=y CONFIG_INTERNAL_DH5=y -CONFIG_INTERNAL_DH=y NEED_AES_ENC=true NEED_AES_CBC=true .endif NEED_AES_OMAC1=true .if defined(TLS_FUNCS) NEED_TLS_PRF=y .if defined(CONFIG_INTERNAL_TLS) CFLAGS+=-DCONFIG_INTERNAL_LIBTOMMATH \ -DCONFIG_TLS_INTERNAL_CLIENT SRCS+= asn1.c \ bignum.c \ crypto_internal-cipher.c \ crypto_internal-modexp.c \ crypto_internal-rsa.c \ pkcs1.c \ pkcs5.c \ pkcs8.c \ rsa.c \ tls_internal.c \ tlsv1_common.c \ tlsv1_record.c \ tlsv1_cred.c \ tlsv1_client.c \ tlsv1_client_write.c \ tlsv1_client_read.c \ + tlsv1_client_ocsp.c \ x509v3.c NEED_DES=y NEED_MD4=y NEED_RC4=y .else CFLAGS+=-DEAP_TLS_OPENSSL SRCS+= tls_openssl.c tls_openssl_ocsp.c .endif .endif .if defined(CONFIG_INTERNAL_AES) SRCS+= aes-unwrap.c aes-wrap.c \ aes-internal.c \ aes-internal-dec.c \ aes-internal-enc.c .endif .if defined(NEED_AES_CBC) SRCS+= aes-cbc.c .endif .if defined(NEED_AES_EAX) SRCS+= aes-eax.c NEED_AES_CTR=y .endif .if defined(NEED_AES_CTR) SRCS+= aes-ctr.c .endif .if defined(NEED_AES_ENCBLOCK) SRCS+= aes-encblock.c .endif .if defined(NEED_AES_OMAC1) SRCS+= aes-omac1.c .endif .if defined(NEED_DES) .if defined(CONFIG_INTERNAL_DES) SRCS+= des-internal.c .endif .endif .if defined(NEED_MD4) .if defined(CONFIG_INTERNAL_MD4) SRCS+= md4-internal.c .endif .endif .if defined(CONFIG_INTERNAL_MD5) SRCS+= md5.c md5-internal.c .endif .if defined(NEED_FIPS186_2_PRF) .if defined(CONFIG_INTERNAL_SHA1) SRCS+= fips_prf_internal.c .else SRCS+= fips_prf_openssl.c .endif .endif .if defined(CONFIG_INTERNAL_RC4) SRCS+= rc4.c .endif .if defined(CONFIG_INTERNAL_SHA1) SRCS+= sha1-internal.c sha1-pbkdf2.c sha1.c sha1-prf.c .endif .if defined(NEED_SHA256) CFLAGS+=-DCONFIG_SHA256 SRCS+= sha256.c .if defined(CONFIG_INTERNAL_SHA256) SRCS+= sha256-internal.c sha256-prf.c .endif .endif +.if defined(NEED_SHA384) +CFLAGS+=-DCONFIG_SHA384 +SRCS+= sha384.c +.if defined(CONFIG_INTERNAL_SHA384) +SRCS+= sha384-internal.c sha384-prf.c +.endif +.endif + +.if defined(NEED_SHA512) +CFLAGS+=-DCONFIG_SHA512 +SRCS+= sha512.c +.if defined(CONFIG_INTERNAL_SHA512) +SRCS+= sha512-internal.c sha512-prf.c +.endif +.endif + .if defined(NEED_TLS_PRF) SRCS+= sha1-tlsprf.c .endif .if defined(CONFIG_INTERNAL_DH5) +.if defined(NEED_DH_GROUPS) SRCS+= dh_group5.c .endif +.endif -.if defined(CONFIG_INTERNAL_DH) +.if defined(NEED_DH_GROUPS) SRCS+= dh_groups.c .endif + +.if defined(NEED_DH_GROUPS_ALL) +CFLAGS+=-DALL_DH_GROUPS +.endif diff --git a/usr.sbin/wpa/hostapd/Makefile b/usr.sbin/wpa/hostapd/Makefile index f5d48a32046f..101ab80a4587 100644 --- a/usr.sbin/wpa/hostapd/Makefile +++ b/usr.sbin/wpa/hostapd/Makefile @@ -1,204 +1,208 @@ # $FreeBSD$ .include .include "../Makefile.inc" .PATH.c:${HOSTAPD_DISTDIR} \ ${WPA_DISTDIR}/src/ap \ ${WPA_DISTDIR}/src/eap_server \ ${WPA_DISTDIR}/src/eap_peer \ ${WPA_DISTDIR}/src/drivers \ ${WPA_DISTDIR}/wpa_supplicant PROG= hostapd SRCS= accounting.c \ ap_config.c \ ap_drv_ops.c \ ap_list.c \ ap_mlme.c \ authsrv.c \ base64.c \ beacon.c \ bss_load.c \ chap.c \ common.c \ config_file.c \ ctrl_iface.c \ ctrl_iface_ap.c \ ctrl_iface_common.c \ dfs.c \ driver_bsd.c \ driver_common.c \ drivers.c \ drv_callbacks.c \ eloop.c \ gas.c \ gas_serv.c \ http_client.c \ http_server.c \ httpread.c \ hostapd.c \ hs20.c \ hw_features.c \ hw_features_common.c \ ieee802_11.c \ ieee802_11_auth.c \ ieee802_11_common.c \ ieee802_11_he.c \ ieee802_11_ht.c \ ieee802_11_shared.c \ ieee802_11_vht.c \ ieee802_1x.c \ ip_addr.c \ l2_packet_freebsd.c \ main.c \ mbo_ap.c \ ms_funcs.c \ neighbor_db.c \ os_unix.c \ pmksa_cache_auth.c \ preauth_auth.c \ radius.c \ radius_client.c \ radius_das.c \ rrm.c \ sta_info.c \ tkip_countermeasures.c \ upnp_xml.c \ utils.c \ uuid.c \ vlan.c \ vlan_ifconfig.c \ vlan_init.c \ wmm.c \ wpa_auth.c \ wpa_auth_glue.c \ wpa_auth_ie.c \ wpa_common.c \ wpa_ctrl.c \ wpa_debug.c \ wpabuf.c \ wps.c \ wps_attr_build.c \ wps_attr_process.c \ wps_attr_parse.c \ wps_common.c \ wps_dev_attr.c \ wps_enrollee.c \ wps_hostapd.c \ wps_registrar.c \ wps_upnp.c \ wps_upnp_ap.c \ wps_upnp_event.c \ wps_upnp_ssdp.c \ wps_upnp_web.c MAN= hostapd.8 hostapd.conf.5 .if ${MK_EXAMPLES} != "no" FILESDIR= ${SHAREDIR}/examples/hostapd .PATH: ${HOSTAPD_DISTDIR} FILES= hostapd.conf hostapd.eap_user hostapd.wpa_psk .endif CFLAGS+=-I${.CURDIR:H}/wpa_supplicant \ -I${WPA_DISTDIR}/src/eap_peer \ -DCONFIG_DRIVER_BSD \ -DCONFIG_DRIVER_RADIUS_ACL \ -DCONFIG_HS20 \ -DCONFIG_MBO \ -DCONFIG_IEEE80211N \ -DCONFIG_IEEE80211W \ -DCONFIG_IEEE80211AC \ -DCONFIG_IEEE80211AX \ -DCONFIG_INTERWORKING \ -DCONFIG_PEERKEY \ -DCONFIG_RSN_PREAUTH \ -DCONFIG_WPS \ -DCONFIG_WPS2 \ -DCONFIG_WPS_UPNP \ -DHOSTAPD .if ${MK_INET6} != "no" CFLAGS+= -DCONFIG_IPV6 .endif #CFLAGS+= -g LIBADD+= pcap util # User customizations for wpa_supplicant/hostapd build environment CFLAGS+=${HOSTAPD_CFLAGS} #DPADD+=${HOSTAPD_DPADD} LDADD+=${HOSTAPD_LDADD} #LDFLAGS+=${HOSTAPD_LDFLAGS} CFLAGS+=-DDPKCS12_FUNCS \ -DEAP_SERVER \ -DEAP_SERVER_GTC \ -DEAP_SERVER_IDENTITY \ -DEAP_SERVER_MD5 \ -DEAP_SERVER_MSCHAPV2 \ -DEAP_SERVER_PEAP \ -DEAP_SERVER_TLS \ -DEAP_SERVER_TTLS \ -DEAP_SERVER_WSC \ -DEAP_TLS_FUNCS SRCS+= eap_server_gtc.c \ eap_common.c \ eap_peap_common.c \ eap_register.c \ eap_server.c \ eap_server_identity.c \ eap_server_md5.c \ eap_server_methods.c \ eap_server_mschapv2.c \ eap_server_peap.c \ eap_server_tls.c \ eap_server_tls_common.c \ eap_server_ttls.c \ eap_server_wsc.c \ eap_user_db.c \ eap_wsc_common.c \ eapol_auth_dump.c \ eapol_auth_sm.c TLS_FUNCS=y +# For WPS, EAP modes, etc +NEED_DH_GROUPS=y +NEED_DH_GROUPS_ALL=y + .if !empty(CFLAGS:M*-DCONFIG_WPS) NEED_SIM_COMMON=y .endif .if !empty(CFLAGS:M*-DEAP_SERVER_AKA) SRCS+= eap_server_aka.c NEED_SIM_COMMON=y .endif .if !empty(CFLAGS:M*-DEAP_SERVER_SIM) SRCS+= eap_server_sim.c NEED_SIM_COMMON=y .endif .if defined(NEED_SIM_COMMON) SRCS+= eap_sim_common.c \ eap_sim_db.c NEED_FIPS186_2_PRF=y .endif .if !empty(CFLAGS:M*-DEAP_SERVER_GPSK) CFLAGS+=-DEAP_GPSK_SHA256 SRCS+= eap_server_gpsk.c \ eap_gpsk_common.c NEED_AES_OMAC1=y .endif .if !empty(CFLAGS:M*-DEAP_SERVER_PAX) SRCS+= eap_server_pax.c \ eap_pax_common.c .endif .if !empty(CFLAGS:M*-DEAP_SERVER_SAKE) SRCS+= eap_server_sake.c \ eap_sake_common.c .endif .include "../Makefile.crypto" .include diff --git a/usr.sbin/wpa/wpa_supplicant/Makefile b/usr.sbin/wpa/wpa_supplicant/Makefile index 9cc49ac7fcfd..55b594d8b3e8 100644 --- a/usr.sbin/wpa/wpa_supplicant/Makefile +++ b/usr.sbin/wpa/wpa_supplicant/Makefile @@ -1,163 +1,163 @@ # $FreeBSD$ .include .include "../Makefile.inc" .PATH.c:${WPA_SUPPLICANT_DISTDIR} \ ${WPA_DISTDIR}/src/eap_peer \ ${WPA_DISTDIR}/src/drivers PROG= wpa_supplicant SRCS= base64.c bitfield.c blacklist.c bss.c cli.c common.c \ config.c config_file.c \ ctrl_iface.c ctrl_iface_common.c ctrl_iface_unix.c \ - dh_groups.c driver_bsd.c driver_common.c \ + driver_bsd.c driver_common.c \ driver_ndis.c driver_wired.c driver_wired_common.c drivers.c \ eap_register.c eloop.c \ events.c gas.c gas_query.c \ http_client.c http_server.c \ httpread.c hw_features_common.c \ ieee802_11_common.c l2_packet_freebsd.c main.c \ notify.c offchannel.c op_classes.c os_unix.c pmksa_cache.c preauth.c \ rrm.c scan.c upnp_xml.c \ wmm_ac.c wpa.c wpa_common.c wpa_ctrl.c \ wpa_debug.c wpa_ft.c wpa_ie.c wpa_supplicant.c wpabuf.c wpas_glue.c \ Packet32.c MAN= wpa_supplicant.8 wpa_supplicant.conf.5 .if ${MK_EXAMPLES} != "no" FILESDIR= ${SHAREDIR}/examples/etc .PATH: ${WPA_SUPPLICANT_DISTDIR} FILES= wpa_supplicant.conf .endif CFLAGS+=-DCONFIG_BACKEND_FILE \ -DCONFIG_DEBUG_SYSLOG \ -DCONFIG_DRIVER_BSD \ -DCONFIG_DRIVER_NDIS \ -DCONFIG_DRIVER_WIRED \ -DCONFIG_GAS \ -DCONFIG_IEEE80211R \ -DCONFIG_IEEE80211N \ -DCONFIG_IEEE80211W \ -DCONFIG_IEEE80211AC \ -DCONFIG_IEEE80211AX \ -DCONFIG_PEERKEY \ -DCONFIG_PRIVSEP \ -DCONFIG_SMARTCARD \ -DCONFIG_TERMINATE_ONLASTIF \ -DCONFIG_TLS=openssl \ -DCONFIG_WPS2 \ -DCONFIG_WPS_UPNP \ -DPKCS12_FUNCS \ -DCONFIG_MATCH_IFACE #CFLAGS+= -g LIBADD= pcap util # User customizations to the wpa_supplicant build environment CFLAGS+=${WPA_SUPPLICANT_CFLAGS} #DPADD+=${WPA_SUPPLICANT_DPADD} LDADD+=${WPA_SUPPLICANT_LDADD} #LDFLAGS+=${WPA_SUPPLICANT_LDFLAGS} .if ${MK_WPA_SUPPLICANT_EAPOL} != "no" CFLAGS+=-DCONFIG_WPS \ -DCONFIG_HS20 \ -DCONFIG_INTERWORKING \ -DEAP_GTC \ -DEAP_LEAP \ -DEAP_MD5 \ -DEAP_MSCHAPv2 \ -DEAP_OTP \ -DEAP_PEAP \ -DEAP_PSK \ -DEAP_TLS \ -DEAP_TTLS \ -DEAP_WSC \ -DIEEE8021X_EAPOL SRCS+= chap.c \ eap.c \ eap_common.c \ eap_gtc.c \ eap_leap.c \ eap_md5.c \ eap_methods.c \ eap_mschapv2.c \ eap_otp.c \ eap_peap.c \ eap_peap_common.c \ eap_psk.c \ eap_psk_common.c \ eap_tls.c \ eap_tls_common.c \ eap_ttls.c \ eap_wsc.c \ eapol_supp_sm.c \ eap_wsc_common.c \ hs20_supplicant.c \ interworking.c \ ms_funcs.c \ mschapv2.c \ uuid.c \ wps.c wps_attr_build.c wps_attr_parse.c wps_attr_process.c \ wps_common.c wps_dev_attr.c wps_enrollee.c wps_registrar.c \ wps_supplicant.c wps_upnp.c wps_upnp_ap.c wps_upnp_event.c \ wps_upnp_ssdp.c wps_upnp_web.c NEED_AES_EAX=y NEED_AES_ENCBLOCK=y NEED_AES_OMAC1=y .endif TLS_FUNCS=y .if !empty(CFLAGS:M*-DEAP_AKA) SRCS+= eap_aka.c NEED_SIM_COMMON=y NEED_AES_CBC=y .endif .if !empty(CFLAGS:M*-DEAP_SIM) SRCS+= eap_sim.c NEED_SIM_COMMON=y NEED_AES_CBC=y .endif .if defined(NEED_SIM_COMMON) SRCS+= eap_sim_common.c NEED_FIPS186_2_PRF=y .endif # PC/SC interface for smartcards (USIM, GSM SIM) # GSM/UMTS authentication algorithm (for EAP-SIM/EAP-AKA) # NB: requires devel/pcsc-lite # # WPA_SUPPLICANT_CFLAGS=-DEAP_AKA -DPCSC_FUNCS -I/usr/local/include/PCSC # WPA_SUPPLICANT_LDADD=-L/usr/local/lib # .if !empty(CFLAGS:M*-DPCSC_FUNCS) SRCS+= pcsc_funcs.c LIBADD+= pcslite pthread .endif .if !empty(CFLAGS:M*-DEAP_GPSK) CFLAGS+=-DEAP_GPSK_SHA256 SRCS+= eap_gpsk.c \ eap_gpsk_common.c NEED_AES_OMAC1=y .endif .if !empty(CFLAGS:M*-DEAP_PAX) SRCS+= eap_pax.c \ eap_pax_common.c .endif .if !empty(CFLAGS:M*-DEAP_SAKE) SRCS+= eap_sake.c \ eap_sake_common.c .endif .include "../Makefile.crypto" .include