From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Fri, 19 Apr 2024 02:47:55 +0200
Subject: Adding upstream version 124.0.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 security/nss/lib/freebl/Makefile | 806 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 806 insertions(+)
 create mode 100644 security/nss/lib/freebl/Makefile

(limited to 'security/nss/lib/freebl/Makefile')

diff --git a/security/nss/lib/freebl/Makefile b/security/nss/lib/freebl/Makefile
new file mode 100644
index 0000000000..eeee90a97f
--- /dev/null
+++ b/security/nss/lib/freebl/Makefile
@@ -0,0 +1,806 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+# default for all platforms
+# unset this on those that have multiple freebl libraries
+FREEBL_BUILD_SINGLE_SHLIB = 1
+
+ifdef USE_64
+	DEFINES += -DNSS_USE_64
+endif
+
+ifdef USE_ABI32_FPU
+	DEFINES += -DNSS_USE_ABI32_FPU
+endif
+
+ifeq ($(FREEBL_NO_DEPEND),1)
+	DEFINES += -DFREEBL_NO_DEPEND
+	STUBS_SRCS = stubs.c
+endif
+
+ifeq ($(FREEBL_LOWHASH),1)
+	DEFINES += -DFREEBL_LOWHASH
+	LOWHASH_SRCS = nsslowhash.c
+	LOWHASH_EXPORTS = nsslowhash.h
+	MAPFILE_SOURCE = freebl_hash_vector.def
+	NEED_STUB_BUILD = 1
+else
+	MAPFILE_SOURCE = freebl.def
+endif
+
+ifdef USE_STUB_BUILD
+	CSRCS           = lowhash_vector.c
+	SIMPLE_OBJS     = $(CSRCS:.c=$(OBJ_SUFFIX))
+	OBJS            = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(SIMPLE_OBJS))
+	ALL_TRASH :=    $(TARGETS) $(OBJS) $(OBJDIR) LOGS TAGS $(GARBAGE) \
+                $(NOSUCHFILE) so_locations
+	MAPFILE_SOURCE = freebl_hash.def
+endif
+
+# FREEBL_USE_PRELINK
+#
+# Most modern version of Linux support a speed optimization scheme where an
+# application called prelink modifies programs and shared libraries to quickly
+# load if they fit into an already designed address space. In short, prelink
+# scans the list of programs and libraries on your system, assigns them a
+# predefined space in the the address space, then provides the fixups to the
+# library.
+#
+# The modification of the shared library is correctly detected by the freebl
+# FIPS checksum scheme where we check a signed hash of the library against the
+# library itself.
+#
+# The prelink command itself can reverse the process of modification and output
+# the prestine shared library as it was before prelink made it's changes.
+# This option tells Freebl could use prelink to output the original copy of
+# the shared library before prelink modified it.
+#
+# FREEBL_PRELINK_COMMAND
+#
+# This is an optional environment variable which can override the default
+# prelink command. It could be used on systems that did something similiar to
+# prelink but used a different command and syntax. The only requirement is the
+# program must take the library as the last argument, the program must output
+# the original library to standard out, and the program does not need to take
+# any quoted or imbedded spaces in its arguments (except the path to the
+# library itself, which can have imbedded spaces or special characters).
+#
+ifdef FREEBL_USE_PRELINK
+	DEFINES += -DFREEBL_USE_PRELINK
+ifdef LINUX
+	DEFINES += -D__GNU_SOURCE=1
+endif
+endif
+ifdef NSS_NO_INIT_SUPPORT
+    DEFINES += -DNSS_NO_INIT_SUPPORT
+endif
+ifdef NSS_STRICT_INTEGRITY
+    DEFINES += -DNSS_STRICT_INTEGRITY_
+endif
+
+ifdef FREEBL_PRELINK_COMMAND
+	DEFINES +=-DFREEBL_PRELINK_COMMAND=\"$(FREEBL_PRELINK_COMMAND)\"
+endif
+# NSS_X86 means the target is a 32-bits x86 CPU architecture
+# NSS_X64 means the target is a 64-bits 64 CPU architecture
+# NSS_X86_OR_X64 means the target is either x86 or x64
+ifeq (,$(filter-out i386 x386 x86 x86_64,$(CPU_ARCH)))
+        DEFINES += -DNSS_X86_OR_X64
+        EXTRA_SRCS += gcm-x86.c aes-x86.c
+$(OBJDIR)/gcm-x86.o: CFLAGS += -mpclmul -maes
+$(OBJDIR)/aes-x86.o: CFLAGS += -mpclmul -maes
+ifneq (,$(USE_64)$(USE_X32))
+        DEFINES += -DNSS_X64
+else
+        DEFINES += -DNSS_X86
+endif
+    ifdef CC_IS_CLANG
+        EXTRA_SRCS += sha256-x86.c
+        DEFINES += -DUSE_HW_SHA2
+    else ifeq (1,$(CC_IS_GCC))
+        # Old compiler doesn't support Intel SHA extension
+        ifneq (,$(filter 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION))))
+            EXTRA_SRCS += sha256-x86.c
+            DEFINES += -DUSE_HW_SHA2
+        endif
+        ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION))))
+            EXTRA_SRCS += sha256-x86.c
+            DEFINES += -DUSE_HW_SHA2
+        endif
+    endif
+endif
+ifeq ($(CPU_ARCH),aarch64)
+    ifdef CC_IS_CLANG
+        DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
+        EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha1-armv8.c sha256-armv8.c
+    else ifeq (1,$(CC_IS_GCC))
+        # GCC versions older than 4.9 don't support ARM AES. The check
+        # is done in two parts, first allows "major.minor" == "4.9",
+        # and then rejects any major versions prior to 5. Note that
+        # there has been no GCC 4.10, as it was renamed to GCC 5.
+        ifneq (,$(filter 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION))))
+            DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
+            EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha1-armv8.c sha256-armv8.c
+        endif
+        ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION))))
+            DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
+            EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha1-armv8.c sha256-armv8.c
+        endif
+    endif
+endif
+ifeq ($(CPU_ARCH),arm)
+ifndef NSS_DISABLE_ARM32_NEON
+    EXTRA_SRCS += gcm-arm32-neon.c
+endif
+    ifdef CC_IS_CLANG
+        DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
+        EXTRA_SRCS += aes-armv8.c sha1-armv8.c sha256-armv8.c
+    else ifeq (1,$(CC_IS_GCC))
+        # GCC versions older than 4.9 don't support ARM AES. The check
+        # is done in two parts, first allows "major.minor" == "4.9",
+        # and then rejects any major versions prior to 5. Note that
+        # there has been no GCC 4.10, as it was renamed to GCC 5.
+        ifneq (,$(filter 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION))))
+            DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
+            EXTRA_SRCS += aes-armv8.c sha1-armv8.c sha256-armv8.c
+        endif
+        ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION))))
+            DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
+            EXTRA_SRCS += aes-armv8.c sha1-armv8.c sha256-armv8.c
+        endif
+    endif
+endif
+
+ifeq (OS2,$(OS_TARGET))
+    ASFILES  = mpi_x86_os2.s
+    DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
+    DEFINES += -DMP_ASSEMBLY_DIV_2DX1D
+    DEFINES += -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD
+    DEFINES += -DMP_IS_LITTLE_ENDIAN
+endif
+
+ifeq (,$(filter-out WINNT WIN95,$(OS_TARGET)))
+ifndef USE_64
+# 32-bit Windows
+ifdef NS_USE_GCC
+# Ideally, we want to use assembler
+#     ASFILES  = mpi_x86.s
+#     DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE \
+#                -DMP_ASSEMBLY_DIV_2DX1D
+# but we haven't figured out how to make it work, so we are not
+# using assembler right now.
+    ASFILES  =
+    DEFINES += -DMP_NO_MP_WORD -DMP_USE_UINT_DIGIT
+else
+# MSVC
+    MPI_SRCS += mpi_x86_asm.c
+    DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
+    DEFINES += -DMP_ASSEMBLY_DIV_2DX1D -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD
+    ifdef BUILD_OPT
+	OPTIMIZER += -Ox  # maximum optimization for freebl
+    endif
+    # The Intel AES assembly code requires Visual C++ 2010.
+    # if $(_MSC_VER) >= 1600 (Visual C++ 2010)
+    ifeq ($(firstword $(sort $(_MSC_VER) 1600)),1600)
+	DEFINES += -DUSE_HW_AES -DINTEL_GCM
+	ASFILES += intel-aes-x86-masm.asm intel-gcm-x86-masm.asm
+	EXTRA_SRCS += intel-gcm-wrap.c
+	ifeq ($(CLANG_CL),1)
+	    INTEL_GCM_CLANG_CL = 1
+	endif
+    endif
+    # The Intel SHA extenstion requires Visual C++ 2015.
+    ifeq ($(_MSC_VER_GE_14),1)
+        DEFINES += -DUSE_HW_SHA2
+        EXTRA_SRCS += sha256-x86.c
+    endif
+endif
+else
+    # -DMP_NO_MP_WORD
+    DEFINES += -DMP_IS_LITTLE_ENDIAN
+ifdef NS_USE_GCC
+# Ideally, we should use amd64 assembly code, but it's not yet mingw-w64
+# compatible.
+else
+# MSVC
+    ifdef BUILD_OPT
+	OPTIMIZER += -Ox  # maximum optimization for freebl
+    endif
+ifeq ($(CPU_ARCH),x86_64)
+    ASFILES  = arcfour-amd64-masm.asm mpi_amd64_masm.asm mp_comba_amd64_masm.asm
+    DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY
+    DEFINES += -DNSS_USE_COMBA
+    # The Intel AES assembly code requires Visual C++ 2010 (10.0). The _xgetbv
+    # compiler intrinsic function requires Visual C++ 2010 (10.0) SP1.
+    ifeq ($(_MSC_VER_GE_10SP1),1)
+	DEFINES += -DUSE_HW_AES -DINTEL_GCM
+	ASFILES += intel-aes-x64-masm.asm intel-gcm-x64-masm.asm
+	EXTRA_SRCS += intel-gcm-wrap.c
+	ifeq ($(CLANG_CL),1)
+	    INTEL_GCM_CLANG_CL = 1
+	endif
+    endif
+    # The Intel SHA extenstion requires Visual C++ 2015.
+    ifeq ($(_MSC_VER_GE_14),1)
+        DEFINES += -DUSE_HW_SHA2
+        EXTRA_SRCS += sha256-x86.c
+    endif
+    MPI_SRCS += mpi_amd64.c
+endif
+endif
+endif
+endif
+
+ifeq ($(OS_TARGET),Darwin)
+ifeq ($(CPU_ARCH),x86_64)
+    ASFILES  = mpi_amd64_common.s
+    DEFINES += -DMPI_AMD64 -DMP_IS_LITTLE_ENDIAN
+    DEFINES += -DMP_ASSEMBLY_MULTIPLY -DNSS_USE_COMBA
+    MPI_SRCS += mpi_amd64.c mp_comba.c
+else ifeq ($(CPU_ARCH),x86)
+    ASFILES  = mpi_sse2.s
+    DEFINES += -DMP_USE_UINT_DIGIT
+    DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
+    DEFINES += -DMP_ASSEMBLY_DIV_2DX1D
+endif
+endif # Darwin
+
+ifeq ($(OS_TARGET),Linux)
+ifeq ($(CPU_ARCH),x86_64)
+    # Lower case s on mpi_amd64_common due to make implicit rules.
+    ASFILES  = arcfour-amd64-gas.s mpi_amd64_common.s
+    ASFLAGS += -fPIC -Wa,--noexecstack
+    DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY
+    DEFINES += -DNSS_USE_COMBA
+    DEFINES += -DMP_IS_LITTLE_ENDIAN
+#   DEFINES += -DMPI_AMD64_ADD
+    # comment the next four lines to turn off Intel HW acceleration.
+    DEFINES += -DUSE_HW_AES -DINTEL_GCM
+    ASFILES += intel-aes.s intel-gcm.s
+    EXTRA_SRCS += intel-gcm-wrap.c
+    INTEL_GCM = 1
+    MPI_SRCS += mpi_amd64.c mp_comba.c
+endif
+ifeq ($(CPU_ARCH),x86)
+    ASFILES  = mpi_x86.s
+    DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
+    DEFINES += -DMP_ASSEMBLY_DIV_2DX1D -DMP_USE_UINT_DIGIT
+    DEFINES += -DMP_IS_LITTLE_ENDIAN
+endif
+ifeq ($(CPU_ARCH),arm)
+    DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
+    DEFINES += -DMP_USE_UINT_DIGIT
+    DEFINES += -DSHA_NO_LONG_LONG # avoid 64-bit arithmetic in SHA512
+    MPI_SRCS += mpi_arm.c
+endif
+ifeq ($(CPU_ARCH),ppc)
+    EXTRA_SRCS += gcm-ppc.c
+ifdef USE_64
+    DEFINES += -DNSS_NO_INIT_SUPPORT
+    PPC_ABI := $(shell $(CC) -dM -E - < /dev/null | awk '$$2 == "_CALL_ELF" {print $$3}')
+    ifeq ($(PPC_ABI),2)
+        ASFILES += sha512-p8.s
+    ifeq ($(OS_TEST),ppc64le)
+        DEFINES += -DPPC_GCM
+        EXTRA_SRCS += chacha20poly1305-ppc.c ppc-gcm-wrap.c
+        ASFILES += chacha20-ppc64le.s ppc-gcm.s
+    endif # ppc64le
+    endif
+endif # USE_64
+endif # ppc
+endif # Linux
+
+ifeq ($(OS_TARGET),AIX)
+    DEFINES += -DMP_USE_UINT_DIGIT
+    ifndef USE_64
+	DEFINES += -DMP_NO_DIV_WORD -DMP_NO_ADD_WORD -DMP_NO_SUB_WORD
+    endif
+endif # AIX
+
+ifeq ($(OS_TARGET), HP-UX)
+ifneq ($(OS_TEST), ia64)
+# PA-RISC
+ASFILES += ret_cr16.s
+ifndef USE_64
+    FREEBL_BUILD_SINGLE_SHLIB =
+    HAVE_ABI32_INT32 = 1
+    HAVE_ABI32_FPU = 1
+endif
+ifdef FREEBL_CHILD_BUILD
+ifdef USE_ABI32_INT32
+# build for DA1.1 (HP PA 1.1) 32-bit ABI build with 32-bit arithmetic
+    DEFINES  += -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD
+    DEFINES += -DSHA_NO_LONG_LONG # avoid 64-bit arithmetic in SHA512
+else
+ifdef USE_64
+# this builds for DA2.0W (HP PA 2.0 Wide), the LP64 ABI, using 64-bit digits
+    MPI_SRCS += mpi_hp.c
+    ASFILES  += hpma512.s hppa20.s
+    DEFINES  += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
+else
+# this builds for DA2.0 (HP PA 2.0 Narrow) ABI32_FPU model
+# (the 32-bit ABI with 64-bit registers) using 64-bit digits
+    MPI_SRCS += mpi_hp.c
+    ASFILES  += hpma512.s hppa20.s
+    DEFINES  += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
+ifndef NS_USE_GCC
+    ARCHFLAG = -Aa +e +DA2.0 +DS2.0
+endif
+endif
+endif
+endif
+endif
+endif
+
+# The blapi functions are defined not only in the freebl shared
+# libraries but also in the shared libraries linked with loader.c
+# (libsoftokn3.so and libssl3.so).  We need to use GNU ld's
+# -Bsymbolic option or the equivalent option for other linkers
+# to bind the blapi function references in FREEBLVector vector
+# (ldvector.c) to the blapi functions defined in the freebl
+# shared libraries.
+ifeq (,$(filter-out BSD_OS FreeBSD Linux NetBSD OpenBSD, $(OS_TARGET)))
+    MKSHLIB += -Wl,-Bsymbolic
+endif
+
+ifeq ($(OS_TARGET),SunOS)
+
+ifdef NS_USE_GCC
+    ifdef GCC_USE_GNU_LD
+	MKSHLIB += -Wl,-Bsymbolic,-z,now,-z,text
+    else
+	MKSHLIB += -Wl,-B,symbolic,-z,now,-z,text
+    endif # GCC_USE_GNU_LD
+else
+    MKSHLIB += -B symbolic -z now -z text
+endif # NS_USE_GCC
+
+# Sun's WorkShop defines v8, v8plus and v9 architectures.
+# gcc on Solaris defines v8 and v9 "cpus".
+# gcc's v9 is equivalent to Workshop's v8plus.
+# gcc's -m64 is equivalent to Workshop's v9
+# We always use Sun's assembler, which uses Sun's naming convention.
+ifeq ($(CPU_ARCH),sparc)
+    FREEBL_BUILD_SINGLE_SHLIB=
+    ifdef USE_64
+        HAVE_ABI64_INT = 1
+        HAVE_ABI64_FPU = 1
+    else
+        HAVE_ABI32_FPU = 1
+        HAVE_ABI32_INT64 = 1
+    endif
+    SYSV_SPARC = 1
+    SOLARIS_AS = /usr/ccs/bin/as
+    #### set arch, asm, c flags
+    ifdef NS_USE_GCC
+	ifdef USE_ABI32_INT64
+	    ARCHFLAG=-mcpu=v9 -Wa,-xarch=v8plus
+	    SOLARIS_AS_FLAGS = -xarch=v8plus -K PIC
+	endif
+	ifdef USE_ABI32_FPU
+	    ARCHFLAG=-mcpu=v9 -Wa,-xarch=v8plusa
+	    SOLARIS_AS_FLAGS = -xarch=v8plusa -K PIC
+	endif # USE_ABI32_FPU
+	ifdef USE_ABI64_INT
+	    # this builds for Sparc v9a pure 64-bit architecture
+	    ARCHFLAG += -mcpu=v9 -Wa,-xarch=v9
+	    SOLARIS_AS_FLAGS = -xarch=v9 -K PIC
+	endif
+	ifdef USE_ABI64_FPU
+	    # this builds for Sparc v9a pure 64-bit architecture
+	    # It uses floating point, and 32-bit word size
+	    ARCHFLAG += -mcpu=v9 -Wa,-xarch=v9a
+	    SOLARIS_AS_FLAGS = -xarch=v9a -K PIC
+	endif
+    else # NS_USE_GCC
+	# FPU_TARGET_OPTIMIZER specifies the target processor and cache
+	# properties of the ABI32_FPU and ABI64_FPU architectures for use
+	# by the optimizer.
+	ifeq (,$(findstring Sun WorkShop 6,$(shell $(CC) -V 2>&1)))
+	    # if the compiler is not Forte 6
+	    FPU_TARGET_OPTIMIZER = -xcache=64/32/4:1024/64/4 -xchip=ultra3
+	else
+	    # Forte 6 C compiler generates incorrect code for rijndael.c
+	    # if -xchip=ultra3 is used (Bugzilla bug 333925).  So we revert
+	    # to what we used in NSS 3.10.
+	    FPU_TARGET_OPTIMIZER = -xchip=ultra2
+	endif
+	ifdef USE_ABI32_INT64
+	    # this builds for Sparc v8+a ABI32_FPU architecture, 64-bit registers,
+	    # 32-bit ABI, it uses 64-bit words, integer arithmetic,
+	    # no FPU (non-VIS cpus).
+	    # These flags were suggested by the compiler group for building
+	    # with SunStudio 10.
+	    ifdef BUILD_OPT
+                SOL_CFLAGS += -xO4
+	    endif
+ 	    SOL_CFLAGS += -xtarget=generic
+	    ARCHFLAG = -xarch=v8plus
+	    SOLARIS_AS_FLAGS = -xarch=v8plus -K PIC
+	endif
+	ifdef USE_ABI32_FPU
+	    # this builds for Sparc v8+a ABI32_FPU architecture, 64-bit registers,
+	    # 32-bit ABI, it uses FPU code, and 32-bit word size.
+	    # these flags were determined by running cc -### -fast and copying
+	    # the generated flag settings
+	    SOL_CFLAGS += -fsingle -xmemalign=8s
+	    ifdef BUILD_OPT
+                SOL_CFLAGS += -D__MATHERR_ERRNO_DONTCARE -fsimple=1
+                SOL_CFLAGS += -xalias_level=basic -xbuiltin=%all
+                SOL_CFLAGS += $(FPU_TARGET_OPTIMIZER) -xdepend
+                SOL_CFLAGS += -xlibmil -xO5
+	    endif
+	    ARCHFLAG = -xarch=v8plusa
+	    SOLARIS_AS_FLAGS = -xarch=v8plusa -K PIC
+	endif
+	ifdef USE_ABI64_INT
+	    # this builds for Sparc v9a pure 64-bit architecture,
+	    # no FPU (non-VIS cpus). For building with SunStudio 10.
+	    ifdef BUILD_OPT
+                SOL_CFLAGS += -xO4
+	    endif
+ 	    SOL_CFLAGS += -xtarget=generic
+	    ARCHFLAG = -xarch=v9
+	    SOLARIS_AS_FLAGS = -xarch=v9 -K PIC
+	endif
+	ifdef USE_ABI64_FPU
+	    # this builds for Sparc v9a pure 64-bit architecture
+	    # It uses floating point, and 32-bit word size.
+	    # See comment for USE_ABI32_FPU.
+	    SOL_CFLAGS += -fsingle -xmemalign=8s
+	    ifdef BUILD_OPT
+                SOL_CFLAGS += -D__MATHERR_ERRNO_DONTCARE -fsimple=1
+                SOL_CFLAGS += -xalias_level=basic -xbuiltin=%all
+                SOL_CFLAGS += $(FPU_TARGET_OPTIMIZER) -xdepend
+                SOL_CFLAGS += -xlibmil -xO5
+	    endif
+	    ARCHFLAG = -xarch=v9a
+	    SOLARIS_AS_FLAGS = -xarch=v9a -K PIC
+	endif
+    endif # NS_USE_GCC
+
+    ### set flags for both GCC and Sun cc
+    ifdef USE_ABI32_INT64
+	# this builds for Sparc v8+a ABI32_FPU architecture, 64-bit registers,
+	# 32-bit ABI, it uses 64-bit words, integer arithmetic, no FPU
+	# best times are with no MP_ flags specified
+    endif
+    ifdef USE_ABI32_FPU
+	# this builds for Sparc v8+a ABI32_FPU architecture, 64-bit registers,
+	# 32-bit ABI, it uses FPU code, and 32-bit word size
+	MPI_SRCS += mpi_sparc.c
+	ASFILES  = mpv_sparcv8.s montmulfv8.s
+	DEFINES  += -DMP_NO_MP_WORD -DMP_USE_UINT_DIGIT -DMP_ASSEMBLY_MULTIPLY
+	DEFINES  += -DMP_USING_MONT_MULF -DMP_MONT_USE_MP_MUL
+    endif
+    ifdef USE_ABI64_INT
+	# this builds for Sparc v9a pure 64-bit architecture
+	# best times are with no MP_ flags specified
+    endif
+    ifdef USE_ABI64_FPU
+	# this builds for Sparc v9a pure 64-bit architecture
+	# It uses floating point, and 32-bit word size
+	MPI_SRCS += mpi_sparc.c
+	ASFILES   = mpv_sparcv9.s montmulfv9.s
+	DEFINES  += -DMP_NO_MP_WORD -DMP_USE_UINT_DIGIT -DMP_ASSEMBLY_MULTIPLY
+	DEFINES  += -DMP_USING_MONT_MULF -DMP_MONT_USE_MP_MUL
+    endif
+
+else
+    # Solaris for non-sparc family CPUs
+    ifdef NS_USE_GCC
+	LD = gcc
+	AS = gcc
+	ASFLAGS = -x assembler-with-cpp
+    endif
+    ifeq ($(USE_64),1)
+	# Solaris for AMD64
+	ifdef NS_USE_GCC
+	    ASFILES  = arcfour-amd64-gas.s mpi_amd64_common.s
+	    ASFLAGS += -march=opteron -m64 -fPIC
+	    MPI_SRCS += mp_comba.c
+	    # comment the next four lines to turn off Intel HW acceleration
+	    ASFILES += intel-gcm.s
+	    EXTRA_SRCS += intel-gcm-wrap.c
+	    INTEL_GCM = 1
+	    DEFINES += -DINTEL_GCM
+	else
+	    ASFILES  = arcfour-amd64-sun.s mpi_amd64_sun.s sha-fast-amd64-sun.s
+ 	    ASFILES += mp_comba_amd64_sun.s mpcpucache_amd64.s
+	    ASFLAGS += -xarch=generic64 -K PIC
+            SOL_CFLAGS += -xprefetch=no
+	    SHA_SRCS =
+ 	    MPCPU_SRCS =
+	    # Intel acceleration for GCM does not build currently with Studio
+	endif
+	DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY
+	DEFINES += -DNSS_USE_COMBA -DMP_IS_LITTLE_ENDIAN
+	# comment the next two lines to turn off Intel HW acceleration
+	DEFINES += -DUSE_HW_AES
+	ASFILES += intel-aes.s
+	MPI_SRCS += mpi_amd64.c
+    else
+	# Solaris x86
+	DEFINES += -DMP_USE_UINT_DIGIT
+	DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
+	DEFINES += -DMP_ASSEMBLY_DIV_2DX1D
+	ASFILES  = mpi_i86pc.s
+ 	ifndef NS_USE_GCC
+ 	   MPCPU_SRCS =
+ 	   ASFILES += mpcpucache_x86.s
+ 	endif
+    endif
+endif # Solaris for non-sparc family CPUs
+endif # target == SunO
+
+ifdef USE_64
+# no __int128 at least up to lcc 1.23 (pretending to be gcc5)
+# NB: CC_NAME is not defined here
+ifneq ($(shell $(CC) -? 2>&1 >/dev/null </dev/null | sed -e 's/:.*//;1q'),lcc)
+    ifdef CC_IS_CLANG
+            HAVE_INT128_SUPPORT = 1
+            DEFINES += -DHAVE_INT128_SUPPORT
+    else ifeq (1,$(CC_IS_GCC))
+        ifneq (,$(filter 4.6 4.7 4.8 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION))))
+            HAVE_INT128_SUPPORT = 1
+            DEFINES += -DHAVE_INT128_SUPPORT
+        endif
+        ifneq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION))))
+            NSS_DISABLE_AVX2 = 1
+        endif
+        ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION))))
+            HAVE_INT128_SUPPORT = 1
+            DEFINES += -DHAVE_INT128_SUPPORT
+        endif
+        ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION))))
+            NSS_DISABLE_SSE3 = 1
+            NSS_DISABLE_SSE4_1 = 1
+            NSS_DISABLE_SSE4_2 = 1
+        endif
+    endif
+endif # lcc
+endif # USE_64
+
+ifndef HAVE_INT128_SUPPORT
+    DEFINES += -DKRML_VERIFIED_UINT128
+endif
+
+ifndef NSS_DISABLE_CHACHAPOLY
+    ifeq ($(CPU_ARCH),x86_64)
+        ifndef NSS_DISABLE_AVX2
+            EXTRA_SRCS += Hacl_Poly1305_256.c Hacl_Chacha20_Vec256.c Hacl_Chacha20Poly1305_256.c
+            DEFINES += -DHACL_CAN_COMPILE_VEC256
+        endif # NSS_DISABLE_AVX2
+        ifndef NSS_DISABLE_SSE3
+            EXTRA_SRCS += Hacl_Poly1305_128.c Hacl_Chacha20_Vec128.c Hacl_Chacha20Poly1305_128.c
+            DEFINES += -DHACL_CAN_COMPILE_VEC128 
+        endif
+    endif # x86_64
+
+    VERIFIED_SRCS += Hacl_Poly1305_32.c Hacl_Chacha20.c Hacl_Chacha20Poly1305_32.c
+endif # NSS_DISABLE_CHACHAPOLY
+
+VERIFIED_SRCS += Hacl_Hash_SHA3.c Hacl_P256.c Hacl_P384.c Hacl_P521.c
+
+ifeq (,$(filter-out x86_64 aarch64,$(CPU_ARCH)))
+    # All 64-bit architectures get the 64 bit version.
+    ECL_SRCS += curve25519_64.c
+    VERIFIED_SRCS += Hacl_Curve25519_51.c
+else
+    # All other architectures get the generic 32 bit implementation
+    ECL_SRCS += curve25519_32.c
+endif
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+rijndael_tables:
+	$(CC) -o $(OBJDIR)/make_rijndael_tab rijndael_tables.c \
+	         $(DEFINES) $(INCLUDES) $(OBJDIR)/libfreebl.a
+	$(OBJDIR)/make_rijndael_tab
+
+vpath %.h mpi ecl verified deprecated
+vpath %.c mpi ecl verified deprecated
+vpath %.S mpi ecl
+vpath %.s mpi ecl
+vpath %.asm mpi ecl
+INCLUDES += -Impi -Iecl -Iverified -Iverified/internal -Iverified/karamel/include -Iverified/karamel/krmllib/dist/minimal -Ideprecated
+
+
+DEFINES += -DMP_API_COMPATIBLE
+
+MPI_USERS = secmpi.c dh.c pqg.c dsa.c rsa.c ec.c
+
+MPI_OBJS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(MPI_SRCS:.c=$(OBJ_SUFFIX)))
+MPI_OBJS += $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(MPI_USERS:.c=$(OBJ_SUFFIX)))
+
+$(MPI_OBJS): $(MPI_HDRS)
+
+ECL_USERS = ec.c
+
+ECL_OBJS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(ECL_SRCS:.c=$(OBJ_SUFFIX)) $(ECL_ASM_SRCS:$(ASM_SUFFIX)=$(OBJ_SUFFIX)))
+ECL_OBJS += $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(ECL_USERS:.c=$(OBJ_SUFFIX)))
+
+$(ECL_OBJS): $(ECL_HDRS)
+
+$(OBJDIR)/sysrand$(OBJ_SUFFIX): sysrand.c unix_rand.c win_rand.c
+
+$(OBJDIR)/$(PROG_PREFIX)mpprime$(OBJ_SUFFIX): primes.c
+
+$(OBJDIR)/ldvector$(OBJ_SUFFIX) $(OBJDIR)/loader$(OBJ_SUFFIX) : loader.h
+
+ifeq ($(SYSV_SPARC),1)
+
+$(OBJDIR)/mpv_sparcv8.o $(OBJDIR)/mpv_sparcv8x.o $(OBJDIR)/montmulfv8.o : $(OBJDIR)/%.o : %.s | $$(@D)/d
+	$(SOLARIS_AS) -o $@ $(SOLARIS_AS_FLAGS) $<
+
+$(OBJDIR)/mpv_sparcv9.o $(OBJDIR)/montmulfv9.o : $(OBJDIR)/%.o : %.s | $$(@D)/d
+	$(SOLARIS_AS) -o $@ $(SOLARIS_AS_FLAGS) $<
+
+$(OBJDIR)/mpmontg.o: mpmontg.c montmulf.h
+
+endif
+
+ifndef FREEBL_CHILD_BUILD
+
+# Parent build. This is where we decide which shared libraries to build
+
+# too suppress the SINGLE_SHLIB override warning
+FREEBL_OBJDIRS :=
+
+define target_freebl_SHLIB
+ifdef $(2)
+$(1)_DIR = $$(OBJDIR)/$$(OS_TARGET)_$(1)
+ALL_TRASH += $$($(1)_DIR)
+
+ifeq (,$$(filter $$($(1)_DIR)/d,$$(FREEBL_OBJDIRS)))
+FREEBL_OBJDIRS += $$($(1)_DIR)/d
+endif
+
+release_md:: freebl_$(2)
+libs: freebl_$(2)
+freebl_$(2): | $$($(1)_DIR)/d
+	$$(MAKE) FREEBL_CHILD_BUILD=1 $(3)=1 OBJDIR=$$($(1)_DIR) libs
+endif
+endef # target_freebl_SHLIB
+
+target_freebl_ABI = $(call target_freebl_SHLIB,$(1),HAVE_$(1),USE_$(1))
+
+$(eval $(call target_freebl_SHLIB,SINGLE_SHLIB,FREEBL_BUILD_SINGLE_SHLIB,NEEDED_DUMMY))
+$(eval $(call target_freebl_SHLIB,SINGLE_SHLIB,NEED_STUB_BUILD,USE_STUB_BUILD))
+
+$(eval $(call target_freebl_ABI,ABI32_FPU))
+$(eval $(call target_freebl_ABI,ABI32_INT32))
+$(eval $(call target_freebl_ABI,ABI32_INT64))
+$(eval $(call target_freebl_ABI,ABI64_FPU))
+$(eval $(call target_freebl_ABI,ABI64_INT))
+
+endif  # FREEBL_CHILD_BUILD
+
+
+# Bugzilla Bug 333917: the non-x86 code in desblapi.c seems to violate
+# ANSI C's strict aliasing rules.
+ifeq ($(OS_TARGET),Linux)
+ifneq ($(CPU_ARCH),x86)
+$(OBJDIR)/$(PROG_PREFIX)desblapi$(OBJ_SUFFIX): desblapi.c | $$(@D)/d
+ifdef NEED_ABSOLUTE_PATH
+	$(CC) -o $@ -c $(CFLAGS) -fno-strict-aliasing $(call core_abspath,$<)
+else
+	$(CC) -o $@ -c $(CFLAGS) -fno-strict-aliasing $<
+endif
+endif
+endif
+
+ifdef INTEL_GCM
+#
+# GCM binary needs -mssse3
+#
+$(OBJDIR)/$(PROG_PREFIX)intel-gcm-wrap$(OBJ_SUFFIX): CFLAGS += -mssse3
+
+# The integrated assembler in Clang 3.2 does not support % in the
+# expression of a .set directive. intel-gcm.s uses .set to give
+# symbolic names to registers, for example,
+#     .set  Htbl, %rdi
+# So we can't use Clang's integrated assembler with intel-gcm.s.
+ifdef CC_IS_CLANG
+$(OBJDIR)/$(PROG_PREFIX)intel-gcm$(OBJ_SUFFIX): CFLAGS += -no-integrated-as
+endif
+endif
+
+ifdef INTEL_GCM_CLANG_CL
+#
+# clang-cl needs -mssse3
+#
+$(OBJDIR)/$(PROG_PREFIX)intel-gcm-wrap$(OBJ_SUFFIX): CFLAGS += -mssse3
+endif
+
+$(OBJDIR)/$(PROG_PREFIX)sha256-x86$(OBJ_SUFFIX): CFLAGS += -msha -mssse3 -msse4.1
+
+ifeq ($(CPU_ARCH),arm)
+# When the compiler uses the softfloat ABI, we want to use the compatible softfp ABI when
+# enabling NEON for these objects.
+# Confusingly, __SOFTFP__ is the name of the define for the softfloat ABI, not for the softfp ABI.
+USES_SOFTFLOAT_ABI := $(shell $(CC) -o - -E -dM - $(CFLAGS) < /dev/null | grep __SOFTFP__ > /dev/null && echo 1)
+$(OBJDIR)/$(PROG_PREFIX)aes-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a -mfpu=crypto-neon-fp-armv8$(if $(USES_SOFTFLOAT_ABI), -mfloat-abi=softfp)
+$(OBJDIR)/$(PROG_PREFIX)sha1-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a -mfpu=crypto-neon-fp-armv8$(if $(USES_SOFTFLOAT_ABI), -mfloat-abi=softfp)
+$(OBJDIR)/$(PROG_PREFIX)sha256-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a -mfpu=crypto-neon-fp-armv8$(if $(USES_SOFTFLOAT_ABI), -mfloat-abi=softfp)
+ifndef NSS_DISABLE_ARM32_NEON
+$(OBJDIR)/$(PROG_PREFIX)gcm-arm32-neon$(OBJ_SUFFIX): CFLAGS += -mfpu=neon$(if $(USES_SOFTFLOAT_ABI), -mfloat-abi=softfp)
+endif
+endif
+
+ifeq ($(CPU_ARCH),aarch64)
+$(OBJDIR)/$(PROG_PREFIX)aes-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto
+$(OBJDIR)/$(PROG_PREFIX)gcm-aarch64$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto
+$(OBJDIR)/$(PROG_PREFIX)sha1-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto
+$(OBJDIR)/$(PROG_PREFIX)sha256-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto
+endif
+
+ifeq ($(CPU_ARCH),ppc)
+$(OBJDIR)/$(PROG_PREFIX)sha512$(OBJ_SUFFIX): CFLAGS += -funroll-loops -fpeel-loops
+ifneq ($(NSS_DISABLE_ALTIVEC),1)
+$(OBJDIR)/$(PROG_PREFIX)gcm-ppc$(OBJ_SUFFIX): CFLAGS += -maltivec
+$(OBJDIR)/$(PROG_PREFIX)gcm$(OBJ_SUFFIX): CFLAGS += -maltivec
+$(OBJDIR)/$(PROG_PREFIX)rijndael$(OBJ_SUFFIX): CFLAGS += -maltivec
+$(OBJDIR)/$(PROG_PREFIX)sha512$(OBJ_SUFFIX): CFLAGS += -maltivec
+$(OBJDIR)/$(PROG_PREFIX)chacha20poly1305-ppc$(OBJ_SUFFIX): CFLAGS += -maltivec
+endif
+ifneq ($(NSS_DISABLE_CRYPTO_VSX),1)
+$(OBJDIR)/$(PROG_PREFIX)gcm-ppc$(OBJ_SUFFIX): CFLAGS += -mcrypto -mvsx
+$(OBJDIR)/$(PROG_PREFIX)gcm$(OBJ_SUFFIX): CFLAGS += -mcrypto -mvsx
+$(OBJDIR)/$(PROG_PREFIX)rijndael$(OBJ_SUFFIX): CFLAGS += -mcrypto -mvsx
+$(OBJDIR)/$(PROG_PREFIX)sha512$(OBJ_SUFFIX): CFLAGS += -mcrypto -mvsx
+$(OBJDIR)/$(PROG_PREFIX)chacha20poly1305-ppc$(OBJ_SUFFIX): CFLAGS += -mcrypto -mvsx
+endif
+endif
+
+$(OBJDIR)/$(PROG_PREFIX)Hacl_Chacha20_Vec128$(OBJ_SUFFIX): CFLAGS += -mssse3 -msse4.1 -msse4.2 -mavx
+$(OBJDIR)/$(PROG_PREFIX)Hacl_Chacha20Poly1305_128$(OBJ_SUFFIX): CFLAGS += -mssse3 -msse4.1 -msse4.2 -mavx
+$(OBJDIR)/$(PROG_PREFIX)Hacl_Poly1305_128$(OBJ_SUFFIX): CFLAGS += -mssse3 -msse4.1 -msse4.2 -mavx
+
+ifndef NSS_DISABLE_AVX2
+$(OBJDIR)/$(PROG_PREFIX)Hacl_Chacha20Poly1305_256$(OBJ_SUFFIX): CFLAGS += -mssse3 -msse4.1 -msse4.2 -mavx2
+$(OBJDIR)/$(PROG_PREFIX)Hacl_Chacha20_Vec256$(OBJ_SUFFIX): CFLAGS += -mssse3 -msse4.1 -msse4.2 -mavx -mavx2
+$(OBJDIR)/$(PROG_PREFIX)Hacl_Poly1305_256$(OBJ_SUFFIX): CFLAGS += -mssse3 -msse4.1 -msse4.2 -mavx -mavx2
+endif
-- 
cgit v1.2.3