forked from ANSSI-FR/libdrbg
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Makefile
179 lines (154 loc) · 6.51 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
LIBHASH_DIR = libhash
LIBHASH_SRC_DIR = $(LIBHASH_DIR)/
LIBHASH_BUILD_DIR = $(LIBHASH_DIR)/
LIBHASH_LIB = $(LIBHASH_BUILD_DIR)/libhash.a
AES_SRC_DIR = aes/
TDES_SRC_DIR = $(LIBHASH_SRC_DIR)
SELF_TESTS_SRC_DIR = drbg_tests/
CFLAGS ?= -O3 -fPIC -std=c99 -Wall -Wextra -I./ -I$(LIBHASH_SRC_DIR) -I$(AES_SRC_DIR) -I$(TDES_SRC_DIR) -I$(SELF_TESTS_SRC_DIR)
CFLAGS += $(EXTRA_CFLAGS)
# By default, activate all the backends
CFLAGS += -DWITH_HASH_DRBG -DWITH_HMAC_DRBG -DWITH_CTR_DRBG
# By default, activate all the BC (block ciphers)
CFLAGS += -DWITH_BC_TDEA -DWITH_BC_AES
# If we are asked to remove backend, remove it
ifeq ($(NO_HASH_DRBG),1)
CFLAGS := $(patsubst -DWITH_HASH_DRBG,,$(CFLAGS))
endif
ifeq ($(NO_HMAC_DRBG),1)
CFLAGS := $(patsubst -DWITH_HMAC_DRBG,,$(CFLAGS))
endif
ifeq ($(NO_CTR_DRBG),1)
CFLAGS := $(patsubst -DWITH_CTR_DRBG,,$(CFLAGS))
# NOTE: when removing the CTR DRBG, we can remove
# TDEA and AES
CFLAGS := $(patsubst -DWITH_BC_TDEA,,$(CFLAGS))
CFLAGS := $(patsubst -DWITH_BC_AES,,$(CFLAGS))
endif
# If we are asked to remove a BC, remove it
ifeq ($(NO_BC_TDEA),1)
CFLAGS := $(patsubst -DWITH_BC_TDEA,,$(CFLAGS))
endif
ifeq ($(NO_BC_AES),1)
CFLAGS := $(patsubst -DWITH_BC_AES,,$(CFLAGS))
endif
ifeq ($(GCC_ANALYZER),1)
ifeq ($(GCC),)
$(error "Sorry, you ask for GCC_ANALYZER with no GCC compiler!")
endif
CFLAGS += -fanalyzer
endif
ifeq ($(DEBUG),1)
CFLAGS += -g
endif
ifeq ($(WERROR),1)
CFLAGS += -Werror
endif
ifeq ($(STATIC),1)
CFLAGS += -static
endif
ifeq ($(WITH_TEST_ENTROPY_SOURCE),1)
CFLAGS += -DWITH_TEST_ENTROPY_SOURCE
endif
LDFLAGS += -fPIE $(LIBHASH_LIB)
# By default, we activate the NIST strict mode unless
# the user overrides it
STRICT_NIST_SP800_90A ?= 1
ifeq ($(USE_SANITIZERS),1)
CFLAGS += -fsanitize=undefined -fsanitize=address -fsanitize=leak
endif
ifeq ($(VERBOSE),1)
CFLAGS += -DHASH_DRBG_SELF_TESTS_VERBOSE -DHMAC_DRBG_SELF_TESTS_VERBOSE -DCTR_DRBG_SELF_TESTS_VERBOSE
endif
ifeq ($(STRICT_NIST_SP800_90A),1)
CFLAGS += -DSTRICT_NIST_SP800_90A
ifeq ($(WITH_HASH_CONF_OVERRIDE),)
# When we are asked to use strict mode, we only need the SHA-1 and SHA-2 hashes
WITH_HASH_CONF_OVERRIDE = -DWITH_HASH_CONF_OVERRIDE
WITH_HASH_CONF_OVERRIDE += -DWITH_HASH_SHA1 -DWITH_HASH_SHA224 -DWITH_HASH_SHA256 -DWITH_HASH_SHA384
WITH_HASH_CONF_OVERRIDE += -DWITH_HASH_SHA512 -DWITH_HASH_SHA512_224 -DWITH_HASH_SHA512_256
endif
endif
ifeq ($(SMALL_MEMORY_FOOTPRINT),1)
CFLAGS += -DSMALL_MEMORY_FOOTPRINT
endif
# Apply the hash configuration override
CFLAGS += $(WITH_HASH_CONF_OVERRIDE)
CLANG := $(shell $(CROSS_COMPILE)$(CC) -v 2>&1 | grep clang)
ifneq ($(CLANG),)
CFLAGS += -Weverything -Werror \
-Wno-reserved-id-macro -Wno-padded \
-Wno-packed -Wno-covered-switch-default \
-Wno-used-but-marked-unused -Wno-switch-enum
# NOTE: we use variadic macro aguments here ...
CFLAGS += -Wno-gnu-zero-variadic-macro-arguments
# Add warnings if we are in pedantic mode
ifeq ($(PEDANTIC),1)
CFLAGS += -Werror -Walloca -Wcast-qual -Wconversion -Wformat=2 -Wformat-security -Wnull-dereference -Wstack-protector -Wvla -Warray-bounds -Warray-bounds-pointer-arithmetic -Wassign-enum -Wbad-function-cast -Wconditional-uninitialized -Wconversion -Wfloat-equal -Wformat-type-confusion -Widiomatic-parentheses -Wimplicit-fallthrough -Wloop-analysis -Wpointer-arith -Wshift-sign-overflow -Wshorten-64-to-32 -Wtautological-constant-in-range-compare -Wunreachable-code-aggressive -Wthread-safety -Wthread-safety-beta -Wcomma
endif
# Clang version >= 13? Adapt
CLANG_VERSION_GTE_13 := $(shell echo `$(CROSS_COMPILE)$(CC) -dumpversion | cut -f1-2 -d.` \>= 13.0 | sed -e 's/\./*100+/g' | bc)
ifeq ($(CLANG_VERSION_GTE_13), 1)
# We have to do this because the '_' prefix seems now reserved to builtins
CFLAGS += -Wno-reserved-identifier
endif
# Clang version >= 16? Adapt
CLANG_VERSION_GTE_16 := $(shell echo `$(CROSS_COMPILE)$(CC) -dumpversion | cut -f1-2 -d.` \>= 16.0 | sed -e 's/\./*100+/g' | bc)
ifeq ($(CLANG_VERSION_GTE_16), 1)
# NOTE: XXX: this is really a shame to remove this, but
# we have to wait until this is less sensitive and false positive
# prone to use it!
CFLAGS += -Wno-unsafe-buffer-usage
endif
# Clang version >= 19? Adapt
CLANG_VERSION_GTE_19 := $(shell echo `$(CROSS_COMPILE)$(CC) -dumpversion | cut -f1-2 -d.` \>= 19.0 | sed -e 's/\./*100+/g' | bc)
ifeq ($(CLANG_VERSION_GTE_19), 1)
# Missing include directoies become an issue in clang >= 19
CFLAGS += -Wno-missing-include-dirs
endif
else
CFLAGS += -W -Werror -Wextra -Wall -Wunreachable-code
# Add warnings if we are in pedantic mode
ifeq ($(PEDANTIC),1)
CFLAGS += -Wpedantic -Wformat=2 -Wformat-overflow=2 -Wformat-truncation=2 -Wformat-security -Wnull-dereference -Wstack-protector -Wtrampolines -Walloca -Wvla -Warray-bounds=2 -Wimplicit-fallthrough=3 -Wshift-overflow=2 -Wcast-qual -Wstringop-overflow=4 -Wconversion -Warith-conversion -Wlogical-op -Wduplicated-cond -Wduplicated-branches -Wformat-signedness -Wshadow -Wstrict-overflow=2 -Wundef -Wstrict-prototypes -Wswitch-default -Wcast-align=strict -Wjump-misses-init
endif
endif
### C++ compilers quirks
# Do we have a C++ compiler instead of a C compiler?
GPP := $(shell $(CROSS_COMPILE)$(CC) -v 2>&1 | grep g++)
CLANGPP := $(shell echo $(CROSS_COMPILE)$(CC) | grep clang++)
# g++ case
ifneq ($(GPP),)
CFLAGS := $(patsubst -std=c99, -std=c++2a, $(CFLAGS))
CFLAGS += -Wno-deprecated
# Remove C++ unused pedantic flags
CFLAGS := $(patsubst -Wstrict-prototypes,,$(CFLAGS))
CFLAGS := $(patsubst -Wjump-misses-init,,$(CFLAGS))
CFLAGS := $(patsubst -Wduplicated-branches,,$(CFLAGS))
endif
# clang++ case
ifneq ($(CLANGPP),)
CFLAGS := $(patsubst -std=c99, -std=c++2a, $(CFLAGS))
CFLAGS += -Wno-deprecated -Wno-c++98-c++11-c++14-c++17-compat-pedantic -Wno-old-style-cast -Wno-zero-as-null-pointer-constant -Wno-c++98-compat-pedantic
# NOTE: we use variadic macro aguments here ...
CFLAGS += -Wno-gnu-zero-variadic-macro-arguments
endif
ifeq ($(WNOERROR), 1)
# Sometimes "-Werror" might be too much, this can be overriden
CFLAGS := $(subst -Werror,,$(CFLAGS))
endif
PROG = drbg
SRCS = $(wildcard *.c)
SRCS += $(wildcard $(AES_SRC_DIR)/*.c)
SRCS += $(wildcard $(SELF_TESTS_SRC_DIR)/*.c)
OBJS = $(patsubst %.c,%.o,$(SRCS))
%.o: %.c
$(CROSS_COMPILE)$(CC) $(CFLAGS) -c -o $@ $<
drbg: $(OBJS) _libhash
$(CROSS_COMPILE)$(CC) -o $@ $(CFLAGS) $(OBJS) $(LDFLAGS)
_libhash:
cd $(LIBHASH_DIR) && CROSS_COMPILE=$(CROSS_COMPILE) USE_SANITIZERS=$(USE_SANITIZERS) WERROR=$(WERROR) WITH_HASH_CONF_OVERRIDE="$(WITH_HASH_CONF_OVERRIDE)" LIB_CFLAGS="$(CFLAGS)" EXTRA_CFLAGS="$(EXTRA_CFLAGS)" make
all: _libhash $(OBJS) drbg
clean:
@cd $(LIBHASH_DIR) && make clean
@rm -f $(OBJS) drbg