diff options
Diffstat (limited to 'security/nss/lib/freebl/Makefile')
| -rw-r--r-- | security/nss/lib/freebl/Makefile | 806 |
1 files changed, 806 insertions, 0 deletions
diff --git a/security/nss/lib/freebl/Makefile b/security/nss/lib/freebl/Makefile new file mode 100644 index 0000000000..eeee90a97f --- /dev/null +++ b/security/nss/lib/freebl/Makefile @@ -0,0 +1,806 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include config.mk + +# default for all platforms +# unset this on those that have multiple freebl libraries +FREEBL_BUILD_SINGLE_SHLIB = 1 + +ifdef USE_64 + DEFINES += -DNSS_USE_64 +endif + +ifdef USE_ABI32_FPU + DEFINES += -DNSS_USE_ABI32_FPU +endif + +ifeq ($(FREEBL_NO_DEPEND),1) + DEFINES += -DFREEBL_NO_DEPEND + STUBS_SRCS = stubs.c +endif + +ifeq ($(FREEBL_LOWHASH),1) + DEFINES += -DFREEBL_LOWHASH + LOWHASH_SRCS = nsslowhash.c + LOWHASH_EXPORTS = nsslowhash.h + MAPFILE_SOURCE = freebl_hash_vector.def + NEED_STUB_BUILD = 1 +else + MAPFILE_SOURCE = freebl.def +endif + +ifdef USE_STUB_BUILD + CSRCS = lowhash_vector.c + SIMPLE_OBJS = $(CSRCS:.c=$(OBJ_SUFFIX)) + OBJS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(SIMPLE_OBJS)) + ALL_TRASH := $(TARGETS) $(OBJS) $(OBJDIR) LOGS TAGS $(GARBAGE) \ + $(NOSUCHFILE) so_locations + MAPFILE_SOURCE = freebl_hash.def +endif + +# FREEBL_USE_PRELINK +# +# Most modern version of Linux support a speed optimization scheme where an +# application called prelink modifies programs and shared libraries to quickly +# load if they fit into an already designed address space. In short, prelink +# scans the list of programs and libraries on your system, assigns them a +# predefined space in the the address space, then provides the fixups to the +# library. +# +# The modification of the shared library is correctly detected by the freebl +# FIPS checksum scheme where we check a signed hash of the library against the +# library itself. +# +# The prelink command itself can reverse the process of modification and output +# the prestine shared library as it was before prelink made it's changes. +# This option tells Freebl could use prelink to output the original copy of +# the shared library before prelink modified it. +# +# FREEBL_PRELINK_COMMAND +# +# This is an optional environment variable which can override the default +# prelink command. It could be used on systems that did something similiar to +# prelink but used a different command and syntax. The only requirement is the +# program must take the library as the last argument, the program must output +# the original library to standard out, and the program does not need to take +# any quoted or imbedded spaces in its arguments (except the path to the +# library itself, which can have imbedded spaces or special characters). +# +ifdef FREEBL_USE_PRELINK + DEFINES += -DFREEBL_USE_PRELINK +ifdef LINUX + DEFINES += -D__GNU_SOURCE=1 +endif +endif +ifdef NSS_NO_INIT_SUPPORT + DEFINES += -DNSS_NO_INIT_SUPPORT +endif +ifdef NSS_STRICT_INTEGRITY + DEFINES += -DNSS_STRICT_INTEGRITY_ +endif + +ifdef FREEBL_PRELINK_COMMAND + DEFINES +=-DFREEBL_PRELINK_COMMAND=\"$(FREEBL_PRELINK_COMMAND)\" +endif +# NSS_X86 means the target is a 32-bits x86 CPU architecture +# NSS_X64 means the target is a 64-bits 64 CPU architecture +# NSS_X86_OR_X64 means the target is either x86 or x64 +ifeq (,$(filter-out i386 x386 x86 x86_64,$(CPU_ARCH))) + DEFINES += -DNSS_X86_OR_X64 + EXTRA_SRCS += gcm-x86.c aes-x86.c +$(OBJDIR)/gcm-x86.o: CFLAGS += -mpclmul -maes +$(OBJDIR)/aes-x86.o: CFLAGS += -mpclmul -maes +ifneq (,$(USE_64)$(USE_X32)) + DEFINES += -DNSS_X64 +else + DEFINES += -DNSS_X86 +endif + ifdef CC_IS_CLANG + EXTRA_SRCS += sha256-x86.c + DEFINES += -DUSE_HW_SHA2 + else ifeq (1,$(CC_IS_GCC)) + # Old compiler doesn't support Intel SHA extension + ifneq (,$(filter 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION)))) + EXTRA_SRCS += sha256-x86.c + DEFINES += -DUSE_HW_SHA2 + endif + ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION)))) + EXTRA_SRCS += sha256-x86.c + DEFINES += -DUSE_HW_SHA2 + endif + endif +endif +ifeq ($(CPU_ARCH),aarch64) + ifdef CC_IS_CLANG + DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2 + EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha1-armv8.c sha256-armv8.c + else ifeq (1,$(CC_IS_GCC)) + # GCC versions older than 4.9 don't support ARM AES. The check + # is done in two parts, first allows "major.minor" == "4.9", + # and then rejects any major versions prior to 5. Note that + # there has been no GCC 4.10, as it was renamed to GCC 5. + ifneq (,$(filter 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION)))) + DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2 + EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha1-armv8.c sha256-armv8.c + endif + ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION)))) + DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2 + EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha1-armv8.c sha256-armv8.c + endif + endif +endif +ifeq ($(CPU_ARCH),arm) +ifndef NSS_DISABLE_ARM32_NEON + EXTRA_SRCS += gcm-arm32-neon.c +endif + ifdef CC_IS_CLANG + DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2 + EXTRA_SRCS += aes-armv8.c sha1-armv8.c sha256-armv8.c + else ifeq (1,$(CC_IS_GCC)) + # GCC versions older than 4.9 don't support ARM AES. The check + # is done in two parts, first allows "major.minor" == "4.9", + # and then rejects any major versions prior to 5. Note that + # there has been no GCC 4.10, as it was renamed to GCC 5. + ifneq (,$(filter 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION)))) + DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2 + EXTRA_SRCS += aes-armv8.c sha1-armv8.c sha256-armv8.c + endif + ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION)))) + DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2 + EXTRA_SRCS += aes-armv8.c sha1-armv8.c sha256-armv8.c + endif + endif +endif + +ifeq (OS2,$(OS_TARGET)) + ASFILES = mpi_x86_os2.s + DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE + DEFINES += -DMP_ASSEMBLY_DIV_2DX1D + DEFINES += -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD + DEFINES += -DMP_IS_LITTLE_ENDIAN +endif + +ifeq (,$(filter-out WINNT WIN95,$(OS_TARGET))) +ifndef USE_64 +# 32-bit Windows +ifdef NS_USE_GCC +# Ideally, we want to use assembler +# ASFILES = mpi_x86.s +# DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE \ +# -DMP_ASSEMBLY_DIV_2DX1D +# but we haven't figured out how to make it work, so we are not +# using assembler right now. + ASFILES = + DEFINES += -DMP_NO_MP_WORD -DMP_USE_UINT_DIGIT +else +# MSVC + MPI_SRCS += mpi_x86_asm.c + DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE + DEFINES += -DMP_ASSEMBLY_DIV_2DX1D -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD + ifdef BUILD_OPT + OPTIMIZER += -Ox # maximum optimization for freebl + endif + # The Intel AES assembly code requires Visual C++ 2010. + # if $(_MSC_VER) >= 1600 (Visual C++ 2010) + ifeq ($(firstword $(sort $(_MSC_VER) 1600)),1600) + DEFINES += -DUSE_HW_AES -DINTEL_GCM + ASFILES += intel-aes-x86-masm.asm intel-gcm-x86-masm.asm + EXTRA_SRCS += intel-gcm-wrap.c + ifeq ($(CLANG_CL),1) + INTEL_GCM_CLANG_CL = 1 + endif + endif + # The Intel SHA extenstion requires Visual C++ 2015. + ifeq ($(_MSC_VER_GE_14),1) + DEFINES += -DUSE_HW_SHA2 + EXTRA_SRCS += sha256-x86.c + endif +endif +else + # -DMP_NO_MP_WORD + DEFINES += -DMP_IS_LITTLE_ENDIAN +ifdef NS_USE_GCC +# Ideally, we should use amd64 assembly code, but it's not yet mingw-w64 +# compatible. +else +# MSVC + ifdef BUILD_OPT + OPTIMIZER += -Ox # maximum optimization for freebl + endif +ifeq ($(CPU_ARCH),x86_64) + ASFILES = arcfour-amd64-masm.asm mpi_amd64_masm.asm mp_comba_amd64_masm.asm + DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY + DEFINES += -DNSS_USE_COMBA + # The Intel AES assembly code requires Visual C++ 2010 (10.0). The _xgetbv + # compiler intrinsic function requires Visual C++ 2010 (10.0) SP1. + ifeq ($(_MSC_VER_GE_10SP1),1) + DEFINES += -DUSE_HW_AES -DINTEL_GCM + ASFILES += intel-aes-x64-masm.asm intel-gcm-x64-masm.asm + EXTRA_SRCS += intel-gcm-wrap.c + ifeq ($(CLANG_CL),1) + INTEL_GCM_CLANG_CL = 1 + endif + endif + # The Intel SHA extenstion requires Visual C++ 2015. + ifeq ($(_MSC_VER_GE_14),1) + DEFINES += -DUSE_HW_SHA2 + EXTRA_SRCS += sha256-x86.c + endif + MPI_SRCS += mpi_amd64.c +endif +endif +endif +endif + +ifeq ($(OS_TARGET),Darwin) +ifeq ($(CPU_ARCH),x86_64) + ASFILES = mpi_amd64_common.s + DEFINES += -DMPI_AMD64 -DMP_IS_LITTLE_ENDIAN + DEFINES += -DMP_ASSEMBLY_MULTIPLY -DNSS_USE_COMBA + MPI_SRCS += mpi_amd64.c mp_comba.c +else ifeq ($(CPU_ARCH),x86) + ASFILES = mpi_sse2.s + DEFINES += -DMP_USE_UINT_DIGIT + DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE + DEFINES += -DMP_ASSEMBLY_DIV_2DX1D +endif +endif # Darwin + +ifeq ($(OS_TARGET),Linux) +ifeq ($(CPU_ARCH),x86_64) + # Lower case s on mpi_amd64_common due to make implicit rules. + ASFILES = arcfour-amd64-gas.s mpi_amd64_common.s + ASFLAGS += -fPIC -Wa,--noexecstack + DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY + DEFINES += -DNSS_USE_COMBA + DEFINES += -DMP_IS_LITTLE_ENDIAN +# DEFINES += -DMPI_AMD64_ADD + # comment the next four lines to turn off Intel HW acceleration. + DEFINES += -DUSE_HW_AES -DINTEL_GCM + ASFILES += intel-aes.s intel-gcm.s + EXTRA_SRCS += intel-gcm-wrap.c + INTEL_GCM = 1 + MPI_SRCS += mpi_amd64.c mp_comba.c +endif +ifeq ($(CPU_ARCH),x86) + ASFILES = mpi_x86.s + DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE + DEFINES += -DMP_ASSEMBLY_DIV_2DX1D -DMP_USE_UINT_DIGIT + DEFINES += -DMP_IS_LITTLE_ENDIAN +endif +ifeq ($(CPU_ARCH),arm) + DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE + DEFINES += -DMP_USE_UINT_DIGIT + DEFINES += -DSHA_NO_LONG_LONG # avoid 64-bit arithmetic in SHA512 + MPI_SRCS += mpi_arm.c +endif +ifeq ($(CPU_ARCH),ppc) + EXTRA_SRCS += gcm-ppc.c +ifdef USE_64 + DEFINES += -DNSS_NO_INIT_SUPPORT + PPC_ABI := $(shell $(CC) -dM -E - < /dev/null | awk '$$2 == "_CALL_ELF" {print $$3}') + ifeq ($(PPC_ABI),2) + ASFILES += sha512-p8.s + ifeq ($(OS_TEST),ppc64le) + DEFINES += -DPPC_GCM + EXTRA_SRCS += chacha20poly1305-ppc.c ppc-gcm-wrap.c + ASFILES += chacha20-ppc64le.s ppc-gcm.s + endif # ppc64le + endif +endif # USE_64 +endif # ppc +endif # Linux + +ifeq ($(OS_TARGET),AIX) + DEFINES += -DMP_USE_UINT_DIGIT + ifndef USE_64 + DEFINES += -DMP_NO_DIV_WORD -DMP_NO_ADD_WORD -DMP_NO_SUB_WORD + endif +endif # AIX + +ifeq ($(OS_TARGET), HP-UX) +ifneq ($(OS_TEST), ia64) +# PA-RISC +ASFILES += ret_cr16.s +ifndef USE_64 + FREEBL_BUILD_SINGLE_SHLIB = + HAVE_ABI32_INT32 = 1 + HAVE_ABI32_FPU = 1 +endif +ifdef FREEBL_CHILD_BUILD +ifdef USE_ABI32_INT32 +# build for DA1.1 (HP PA 1.1) 32-bit ABI build with 32-bit arithmetic + DEFINES += -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD + DEFINES += -DSHA_NO_LONG_LONG # avoid 64-bit arithmetic in SHA512 +else +ifdef USE_64 +# this builds for DA2.0W (HP PA 2.0 Wide), the LP64 ABI, using 64-bit digits + MPI_SRCS += mpi_hp.c + ASFILES += hpma512.s hppa20.s + DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE +else +# this builds for DA2.0 (HP PA 2.0 Narrow) ABI32_FPU model +# (the 32-bit ABI with 64-bit registers) using 64-bit digits + MPI_SRCS += mpi_hp.c + ASFILES += hpma512.s hppa20.s + DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE +ifndef NS_USE_GCC + ARCHFLAG = -Aa +e +DA2.0 +DS2.0 +endif +endif +endif +endif +endif +endif + +# The blapi functions are defined not only in the freebl shared +# libraries but also in the shared libraries linked with loader.c +# (libsoftokn3.so and libssl3.so). We need to use GNU ld's +# -Bsymbolic option or the equivalent option for other linkers +# to bind the blapi function references in FREEBLVector vector +# (ldvector.c) to the blapi functions defined in the freebl +# shared libraries. +ifeq (,$(filter-out BSD_OS FreeBSD Linux NetBSD OpenBSD, $(OS_TARGET))) + MKSHLIB += -Wl,-Bsymbolic +endif + +ifeq ($(OS_TARGET),SunOS) + +ifdef NS_USE_GCC + ifdef GCC_USE_GNU_LD + MKSHLIB += -Wl,-Bsymbolic,-z,now,-z,text + else + MKSHLIB += -Wl,-B,symbolic,-z,now,-z,text + endif # GCC_USE_GNU_LD +else + MKSHLIB += -B symbolic -z now -z text +endif # NS_USE_GCC + +# Sun's WorkShop defines v8, v8plus and v9 architectures. +# gcc on Solaris defines v8 and v9 "cpus". +# gcc's v9 is equivalent to Workshop's v8plus. +# gcc's -m64 is equivalent to Workshop's v9 +# We always use Sun's assembler, which uses Sun's naming convention. +ifeq ($(CPU_ARCH),sparc) + FREEBL_BUILD_SINGLE_SHLIB= + ifdef USE_64 + HAVE_ABI64_INT = 1 + HAVE_ABI64_FPU = 1 + else + HAVE_ABI32_FPU = 1 + HAVE_ABI32_INT64 = 1 + endif + SYSV_SPARC = 1 + SOLARIS_AS = /usr/ccs/bin/as + #### set arch, asm, c flags + ifdef NS_USE_GCC + ifdef USE_ABI32_INT64 + ARCHFLAG=-mcpu=v9 -Wa,-xarch=v8plus + SOLARIS_AS_FLAGS = -xarch=v8plus -K PIC + endif + ifdef USE_ABI32_FPU + ARCHFLAG=-mcpu=v9 -Wa,-xarch=v8plusa + SOLARIS_AS_FLAGS = -xarch=v8plusa -K PIC + endif # USE_ABI32_FPU + ifdef USE_ABI64_INT + # this builds for Sparc v9a pure 64-bit architecture + ARCHFLAG += -mcpu=v9 -Wa,-xarch=v9 + SOLARIS_AS_FLAGS = -xarch=v9 -K PIC + endif + ifdef USE_ABI64_FPU + # this builds for Sparc v9a pure 64-bit architecture + # It uses floating point, and 32-bit word size + ARCHFLAG += -mcpu=v9 -Wa,-xarch=v9a + SOLARIS_AS_FLAGS = -xarch=v9a -K PIC + endif + else # NS_USE_GCC + # FPU_TARGET_OPTIMIZER specifies the target processor and cache + # properties of the ABI32_FPU and ABI64_FPU architectures for use + # by the optimizer. + ifeq (,$(findstring Sun WorkShop 6,$(shell $(CC) -V 2>&1))) + # if the compiler is not Forte 6 + FPU_TARGET_OPTIMIZER = -xcache=64/32/4:1024/64/4 -xchip=ultra3 + else + # Forte 6 C compiler generates incorrect code for rijndael.c + # if -xchip=ultra3 is used (Bugzilla bug 333925). So we revert + # to what we used in NSS 3.10. + FPU_TARGET_OPTIMIZER = -xchip=ultra2 + endif + ifdef USE_ABI32_INT64 + # this builds for Sparc v8+a ABI32_FPU architecture, 64-bit registers, + # 32-bit ABI, it uses 64-bit words, integer arithmetic, + # no FPU (non-VIS cpus). + # These flags were suggested by the compiler group for building + # with SunStudio 10. + ifdef BUILD_OPT + SOL_CFLAGS += -xO4 + endif + SOL_CFLAGS += -xtarget=generic + ARCHFLAG = -xarch=v8plus + SOLARIS_AS_FLAGS = -xarch=v8plus -K PIC + endif + ifdef USE_ABI32_FPU + # this builds for Sparc v8+a ABI32_FPU architecture, 64-bit registers, + # 32-bit ABI, it uses FPU code, and 32-bit word size. + # these flags were determined by running cc -### -fast and copying + # the generated flag settings + SOL_CFLAGS += -fsingle -xmemalign=8s + ifdef BUILD_OPT + SOL_CFLAGS += -D__MATHERR_ERRNO_DONTCARE -fsimple=1 + SOL_CFLAGS += -xalias_level=basic -xbuiltin=%all + SOL_CFLAGS += $(FPU_TARGET_OPTIMIZER) -xdepend + SOL_CFLAGS += -xlibmil -xO5 + endif + ARCHFLAG = -xarch=v8plusa + SOLARIS_AS_FLAGS = -xarch=v8plusa -K PIC + endif + ifdef USE_ABI64_INT + # this builds for Sparc v9a pure 64-bit architecture, + # no FPU (non-VIS cpus). For building with SunStudio 10. + ifdef BUILD_OPT + SOL_CFLAGS += -xO4 + endif + SOL_CFLAGS += -xtarget=generic + ARCHFLAG = -xarch=v9 + SOLARIS_AS_FLAGS = -xarch=v9 -K PIC + endif + ifdef USE_ABI64_FPU + # this builds for Sparc v9a pure 64-bit architecture + # It uses floating point, and 32-bit word size. + # See comment for USE_ABI32_FPU. + SOL_CFLAGS += -fsingle -xmemalign=8s + ifdef BUILD_OPT + SOL_CFLAGS += -D__MATHERR_ERRNO_DONTCARE -fsimple=1 + SOL_CFLAGS += -xalias_level=basic -xbuiltin=%all + SOL_CFLAGS += $(FPU_TARGET_OPTIMIZER) -xdepend + SOL_CFLAGS += -xlibmil -xO5 + endif + ARCHFLAG = -xarch=v9a + SOLARIS_AS_FLAGS = -xarch=v9a -K PIC + endif + endif # NS_USE_GCC + + ### set flags for both GCC and Sun cc + ifdef USE_ABI32_INT64 + # this builds for Sparc v8+a ABI32_FPU architecture, 64-bit registers, + # 32-bit ABI, it uses 64-bit words, integer arithmetic, no FPU + # best times are with no MP_ flags specified + endif + ifdef USE_ABI32_FPU + # this builds for Sparc v8+a ABI32_FPU architecture, 64-bit registers, + # 32-bit ABI, it uses FPU code, and 32-bit word size + MPI_SRCS += mpi_sparc.c + ASFILES = mpv_sparcv8.s montmulfv8.s + DEFINES += -DMP_NO_MP_WORD -DMP_USE_UINT_DIGIT -DMP_ASSEMBLY_MULTIPLY + DEFINES += -DMP_USING_MONT_MULF -DMP_MONT_USE_MP_MUL + endif + ifdef USE_ABI64_INT + # this builds for Sparc v9a pure 64-bit architecture + # best times are with no MP_ flags specified + endif + ifdef USE_ABI64_FPU + # this builds for Sparc v9a pure 64-bit architecture + # It uses floating point, and 32-bit word size + MPI_SRCS += mpi_sparc.c + ASFILES = mpv_sparcv9.s montmulfv9.s + DEFINES += -DMP_NO_MP_WORD -DMP_USE_UINT_DIGIT -DMP_ASSEMBLY_MULTIPLY + DEFINES += -DMP_USING_MONT_MULF -DMP_MONT_USE_MP_MUL + endif + +else + # Solaris for non-sparc family CPUs + ifdef NS_USE_GCC + LD = gcc + AS = gcc + ASFLAGS = -x assembler-with-cpp + endif + ifeq ($(USE_64),1) + # Solaris for AMD64 + ifdef NS_USE_GCC + ASFILES = arcfour-amd64-gas.s mpi_amd64_common.s + ASFLAGS += -march=opteron -m64 -fPIC + MPI_SRCS += mp_comba.c + # comment the next four lines to turn off Intel HW acceleration + ASFILES += intel-gcm.s + EXTRA_SRCS += intel-gcm-wrap.c + INTEL_GCM = 1 + DEFINES += -DINTEL_GCM + else + ASFILES = arcfour-amd64-sun.s mpi_amd64_sun.s sha-fast-amd64-sun.s + ASFILES += mp_comba_amd64_sun.s mpcpucache_amd64.s + ASFLAGS += -xarch=generic64 -K PIC + SOL_CFLAGS += -xprefetch=no + SHA_SRCS = + MPCPU_SRCS = + # Intel acceleration for GCM does not build currently with Studio + endif + DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY + DEFINES += -DNSS_USE_COMBA -DMP_IS_LITTLE_ENDIAN + # comment the next two lines to turn off Intel HW acceleration + DEFINES += -DUSE_HW_AES + ASFILES += intel-aes.s + MPI_SRCS += mpi_amd64.c + else + # Solaris x86 + DEFINES += -DMP_USE_UINT_DIGIT + DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE + DEFINES += -DMP_ASSEMBLY_DIV_2DX1D + ASFILES = mpi_i86pc.s + ifndef NS_USE_GCC + MPCPU_SRCS = + ASFILES += mpcpucache_x86.s + endif + endif +endif # Solaris for non-sparc family CPUs +endif # target == SunO + +ifdef USE_64 +# no __int128 at least up to lcc 1.23 (pretending to be gcc5) +# NB: CC_NAME is not defined here +ifneq ($(shell $(CC) -? 2>&1 >/dev/null </dev/null | sed -e 's/:.*//;1q'),lcc) + ifdef CC_IS_CLANG + HAVE_INT128_SUPPORT = 1 + DEFINES += -DHAVE_INT128_SUPPORT + else ifeq (1,$(CC_IS_GCC)) + ifneq (,$(filter 4.6 4.7 4.8 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION)))) + HAVE_INT128_SUPPORT = 1 + DEFINES += -DHAVE_INT128_SUPPORT + endif + ifneq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION)))) + NSS_DISABLE_AVX2 = 1 + endif + ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION)))) + HAVE_INT128_SUPPORT = 1 + DEFINES += -DHAVE_INT128_SUPPORT + endif + ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION)))) + NSS_DISABLE_SSE3 = 1 + NSS_DISABLE_SSE4_1 = 1 + NSS_DISABLE_SSE4_2 = 1 + endif + endif +endif # lcc +endif # USE_64 + +ifndef HAVE_INT128_SUPPORT + DEFINES += -DKRML_VERIFIED_UINT128 +endif + +ifndef NSS_DISABLE_CHACHAPOLY + ifeq ($(CPU_ARCH),x86_64) + ifndef NSS_DISABLE_AVX2 + EXTRA_SRCS += Hacl_Poly1305_256.c Hacl_Chacha20_Vec256.c Hacl_Chacha20Poly1305_256.c + DEFINES += -DHACL_CAN_COMPILE_VEC256 + endif # NSS_DISABLE_AVX2 + ifndef NSS_DISABLE_SSE3 + EXTRA_SRCS += Hacl_Poly1305_128.c Hacl_Chacha20_Vec128.c Hacl_Chacha20Poly1305_128.c + DEFINES += -DHACL_CAN_COMPILE_VEC128 + endif + endif # x86_64 + + VERIFIED_SRCS += Hacl_Poly1305_32.c Hacl_Chacha20.c Hacl_Chacha20Poly1305_32.c +endif # NSS_DISABLE_CHACHAPOLY + +VERIFIED_SRCS += Hacl_Hash_SHA3.c Hacl_P256.c Hacl_P384.c Hacl_P521.c + +ifeq (,$(filter-out x86_64 aarch64,$(CPU_ARCH))) + # All 64-bit architectures get the 64 bit version. + ECL_SRCS += curve25519_64.c + VERIFIED_SRCS += Hacl_Curve25519_51.c +else + # All other architectures get the generic 32 bit implementation + ECL_SRCS += curve25519_32.c +endif + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + + +rijndael_tables: + $(CC) -o $(OBJDIR)/make_rijndael_tab rijndael_tables.c \ + $(DEFINES) $(INCLUDES) $(OBJDIR)/libfreebl.a + $(OBJDIR)/make_rijndael_tab + +vpath %.h mpi ecl verified deprecated +vpath %.c mpi ecl verified deprecated +vpath %.S mpi ecl +vpath %.s mpi ecl +vpath %.asm mpi ecl +INCLUDES += -Impi -Iecl -Iverified -Iverified/internal -Iverified/karamel/include -Iverified/karamel/krmllib/dist/minimal -Ideprecated + + +DEFINES += -DMP_API_COMPATIBLE + +MPI_USERS = secmpi.c dh.c pqg.c dsa.c rsa.c ec.c + +MPI_OBJS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(MPI_SRCS:.c=$(OBJ_SUFFIX))) +MPI_OBJS += $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(MPI_USERS:.c=$(OBJ_SUFFIX))) + +$(MPI_OBJS): $(MPI_HDRS) + +ECL_USERS = ec.c + +ECL_OBJS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(ECL_SRCS:.c=$(OBJ_SUFFIX)) $(ECL_ASM_SRCS:$(ASM_SUFFIX)=$(OBJ_SUFFIX))) +ECL_OBJS += $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(ECL_USERS:.c=$(OBJ_SUFFIX))) + +$(ECL_OBJS): $(ECL_HDRS) + +$(OBJDIR)/sysrand$(OBJ_SUFFIX): sysrand.c unix_rand.c win_rand.c + +$(OBJDIR)/$(PROG_PREFIX)mpprime$(OBJ_SUFFIX): primes.c + +$(OBJDIR)/ldvector$(OBJ_SUFFIX) $(OBJDIR)/loader$(OBJ_SUFFIX) : loader.h + +ifeq ($(SYSV_SPARC),1) + +$(OBJDIR)/mpv_sparcv8.o $(OBJDIR)/mpv_sparcv8x.o $(OBJDIR)/montmulfv8.o : $(OBJDIR)/%.o : %.s | $$(@D)/d + $(SOLARIS_AS) -o $@ $(SOLARIS_AS_FLAGS) $< + +$(OBJDIR)/mpv_sparcv9.o $(OBJDIR)/montmulfv9.o : $(OBJDIR)/%.o : %.s | $$(@D)/d + $(SOLARIS_AS) -o $@ $(SOLARIS_AS_FLAGS) $< + +$(OBJDIR)/mpmontg.o: mpmontg.c montmulf.h + +endif + +ifndef FREEBL_CHILD_BUILD + +# Parent build. This is where we decide which shared libraries to build + +# too suppress the SINGLE_SHLIB override warning +FREEBL_OBJDIRS := + +define target_freebl_SHLIB +ifdef $(2) +$(1)_DIR = $$(OBJDIR)/$$(OS_TARGET)_$(1) +ALL_TRASH += $$($(1)_DIR) + +ifeq (,$$(filter $$($(1)_DIR)/d,$$(FREEBL_OBJDIRS))) +FREEBL_OBJDIRS += $$($(1)_DIR)/d +endif + +release_md:: freebl_$(2) +libs: freebl_$(2) +freebl_$(2): | $$($(1)_DIR)/d + $$(MAKE) FREEBL_CHILD_BUILD=1 $(3)=1 OBJDIR=$$($(1)_DIR) libs +endif +endef # target_freebl_SHLIB + +target_freebl_ABI = $(call target_freebl_SHLIB,$(1),HAVE_$(1),USE_$(1)) + +$(eval $(call target_freebl_SHLIB,SINGLE_SHLIB,FREEBL_BUILD_SINGLE_SHLIB,NEEDED_DUMMY)) +$(eval $(call target_freebl_SHLIB,SINGLE_SHLIB,NEED_STUB_BUILD,USE_STUB_BUILD)) + +$(eval $(call target_freebl_ABI,ABI32_FPU)) +$(eval $(call target_freebl_ABI,ABI32_INT32)) +$(eval $(call target_freebl_ABI,ABI32_INT64)) +$(eval $(call target_freebl_ABI,ABI64_FPU)) +$(eval $(call target_freebl_ABI,ABI64_INT)) + +endif # FREEBL_CHILD_BUILD + + +# Bugzilla Bug 333917: the non-x86 code in desblapi.c seems to violate +# ANSI C's strict aliasing rules. +ifeq ($(OS_TARGET),Linux) +ifneq ($(CPU_ARCH),x86) +$(OBJDIR)/$(PROG_PREFIX)desblapi$(OBJ_SUFFIX): desblapi.c | $$(@D)/d +ifdef NEED_ABSOLUTE_PATH + $(CC) -o $@ -c $(CFLAGS) -fno-strict-aliasing $(call core_abspath,$<) +else + $(CC) -o $@ -c $(CFLAGS) -fno-strict-aliasing $< +endif +endif +endif + +ifdef INTEL_GCM +# +# GCM binary needs -mssse3 +# +$(OBJDIR)/$(PROG_PREFIX)intel-gcm-wrap$(OBJ_SUFFIX): CFLAGS += -mssse3 + +# The integrated assembler in Clang 3.2 does not support % in the +# expression of a .set directive. intel-gcm.s uses .set to give +# symbolic names to registers, for example, +# .set Htbl, %rdi +# So we can't use Clang's integrated assembler with intel-gcm.s. +ifdef CC_IS_CLANG +$(OBJDIR)/$(PROG_PREFIX)intel-gcm$(OBJ_SUFFIX): CFLAGS += -no-integrated-as +endif +endif + +ifdef INTEL_GCM_CLANG_CL +# +# clang-cl needs -mssse3 +# +$(OBJDIR)/$(PROG_PREFIX)intel-gcm-wrap$(OBJ_SUFFIX): CFLAGS += -mssse3 +endif + +$(OBJDIR)/$(PROG_PREFIX)sha256-x86$(OBJ_SUFFIX): CFLAGS += -msha -mssse3 -msse4.1 + +ifeq ($(CPU_ARCH),arm) +# When the compiler uses the softfloat ABI, we want to use the compatible softfp ABI when +# enabling NEON for these objects. +# Confusingly, __SOFTFP__ is the name of the define for the softfloat ABI, not for the softfp ABI. +USES_SOFTFLOAT_ABI := $(shell $(CC) -o - -E -dM - $(CFLAGS) < /dev/null | grep __SOFTFP__ > /dev/null && echo 1) +$(OBJDIR)/$(PROG_PREFIX)aes-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a -mfpu=crypto-neon-fp-armv8$(if $(USES_SOFTFLOAT_ABI), -mfloat-abi=softfp) +$(OBJDIR)/$(PROG_PREFIX)sha1-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a -mfpu=crypto-neon-fp-armv8$(if $(USES_SOFTFLOAT_ABI), -mfloat-abi=softfp) +$(OBJDIR)/$(PROG_PREFIX)sha256-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a -mfpu=crypto-neon-fp-armv8$(if $(USES_SOFTFLOAT_ABI), -mfloat-abi=softfp) +ifndef NSS_DISABLE_ARM32_NEON +$(OBJDIR)/$(PROG_PREFIX)gcm-arm32-neon$(OBJ_SUFFIX): CFLAGS += -mfpu=neon$(if $(USES_SOFTFLOAT_ABI), -mfloat-abi=softfp) +endif +endif + +ifeq ($(CPU_ARCH),aarch64) +$(OBJDIR)/$(PROG_PREFIX)aes-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto +$(OBJDIR)/$(PROG_PREFIX)gcm-aarch64$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto +$(OBJDIR)/$(PROG_PREFIX)sha1-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto +$(OBJDIR)/$(PROG_PREFIX)sha256-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto +endif + +ifeq ($(CPU_ARCH),ppc) +$(OBJDIR)/$(PROG_PREFIX)sha512$(OBJ_SUFFIX): CFLAGS += -funroll-loops -fpeel-loops +ifneq ($(NSS_DISABLE_ALTIVEC),1) +$(OBJDIR)/$(PROG_PREFIX)gcm-ppc$(OBJ_SUFFIX): CFLAGS += -maltivec +$(OBJDIR)/$(PROG_PREFIX)gcm$(OBJ_SUFFIX): CFLAGS += -maltivec +$(OBJDIR)/$(PROG_PREFIX)rijndael$(OBJ_SUFFIX): CFLAGS += -maltivec +$(OBJDIR)/$(PROG_PREFIX)sha512$(OBJ_SUFFIX): CFLAGS += -maltivec +$(OBJDIR)/$(PROG_PREFIX)chacha20poly1305-ppc$(OBJ_SUFFIX): CFLAGS += -maltivec +endif +ifneq ($(NSS_DISABLE_CRYPTO_VSX),1) +$(OBJDIR)/$(PROG_PREFIX)gcm-ppc$(OBJ_SUFFIX): CFLAGS += -mcrypto -mvsx +$(OBJDIR)/$(PROG_PREFIX)gcm$(OBJ_SUFFIX): CFLAGS += -mcrypto -mvsx +$(OBJDIR)/$(PROG_PREFIX)rijndael$(OBJ_SUFFIX): CFLAGS += -mcrypto -mvsx +$(OBJDIR)/$(PROG_PREFIX)sha512$(OBJ_SUFFIX): CFLAGS += -mcrypto -mvsx +$(OBJDIR)/$(PROG_PREFIX)chacha20poly1305-ppc$(OBJ_SUFFIX): CFLAGS += -mcrypto -mvsx +endif +endif + +$(OBJDIR)/$(PROG_PREFIX)Hacl_Chacha20_Vec128$(OBJ_SUFFIX): CFLAGS += -mssse3 -msse4.1 -msse4.2 -mavx +$(OBJDIR)/$(PROG_PREFIX)Hacl_Chacha20Poly1305_128$(OBJ_SUFFIX): CFLAGS += -mssse3 -msse4.1 -msse4.2 -mavx +$(OBJDIR)/$(PROG_PREFIX)Hacl_Poly1305_128$(OBJ_SUFFIX): CFLAGS += -mssse3 -msse4.1 -msse4.2 -mavx + +ifndef NSS_DISABLE_AVX2 +$(OBJDIR)/$(PROG_PREFIX)Hacl_Chacha20Poly1305_256$(OBJ_SUFFIX): CFLAGS += -mssse3 -msse4.1 -msse4.2 -mavx2 +$(OBJDIR)/$(PROG_PREFIX)Hacl_Chacha20_Vec256$(OBJ_SUFFIX): CFLAGS += -mssse3 -msse4.1 -msse4.2 -mavx -mavx2 +$(OBJDIR)/$(PROG_PREFIX)Hacl_Poly1305_256$(OBJ_SUFFIX): CFLAGS += -mssse3 -msse4.1 -msse4.2 -mavx -mavx2 +endif |