summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbschmidt <bschmidt@FreeBSD.org>2012-04-28 11:11:53 +0000
committerbschmidt <bschmidt@FreeBSD.org>2012-04-28 11:11:53 +0000
commitb94d2735144ab4ea2df945844d91a9ea33d6c08a (patch)
tree88e52903bfc13573078c12c9f4424a17030d5d0e
parentec5210f39ca4384005546dff2be339bf9b5e7af5 (diff)
downloadFreeBSD-src-b94d2735144ab4ea2df945844d91a9ea33d6c08a.zip
FreeBSD-src-b94d2735144ab4ea2df945844d91a9ea33d6c08a.tar.gz
Move crypto stuff into a common Makefile. While here fix the
WITHOUT_OPENSSL build by using the wpa's internal crypto support if openssl is not available, this allows us to unconditionally enable EAP support. MFC after: 2 weeks
-rw-r--r--usr.sbin/wpa/Makefile.crypto121
-rw-r--r--usr.sbin/wpa/hostapd/Makefile56
-rw-r--r--usr.sbin/wpa/wpa_supplicant/Makefile64
3 files changed, 148 insertions, 93 deletions
diff --git a/usr.sbin/wpa/Makefile.crypto b/usr.sbin/wpa/Makefile.crypto
new file mode 100644
index 0000000..e1ac445
--- /dev/null
+++ b/usr.sbin/wpa/Makefile.crypto
@@ -0,0 +1,121 @@
+# $FreeBSD$
+
+.if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH)
+SRCS+= crypto_openssl.c
+DPADD+= ${LIBSSL} ${LIBCRYPTO}
+LDADD+= -lssl -lcrypto
+.else
+CFLAGS+=-DCONFIG_CRYPTO_INTERNAL
+SRCS+= crypto_internal.c
+CONFIG_INTERNAL_AES=y
+CONFIG_INTERNAL_DES=y
+CONFIG_INTERNAL_MD4=y
+CONFIG_INTERNAL_MD5=y
+CONFIG_INTERNAL_RC4=y
+CONFIG_INTERNAL_SHA1=y
+CONFIG_INTERNAL_SHA256=y
+CONFIG_INTERNAL_TLS=y
+NEED_AES_ENC=true
+.endif
+
+.if defined(TLS_FUNCS)
+NEED_TLS_PRF=y
+.if defined(CONFIG_INTERNAL_TLS)
+CFLAGS+=-DCONFIG_INTERNAL_LIBTOMMATH \
+ -DCONFIG_TLS_INTERNAL_CLIENT
+SRCS+= asn1.c \
+ bignum.c \
+ crypto_internal-cipher.c \
+ crypto_internal-modexp.c \
+ crypto_internal-rsa.c \
+ pkcs1.c \
+ pkcs5.c \
+ pkcs8.c \
+ rsa.c \
+ tls_internal.c \
+ tlsv1_common.c \
+ tlsv1_record.c \
+ tlsv1_cred.c \
+ tlsv1_client.c \
+ tlsv1_client_write.c \
+ tlsv1_client_read.c \
+ x509v3.c
+NEED_DES=y
+NEED_MD4=y
+NEED_RC4=y
+.else
+CFLAGS+=-DEAP_TLS_OPENSSL
+SRCS+= tls_openssl.c
+.endif
+.endif
+
+.if defined(CONFIG_INTERNAL_AES)
+SRCS+= aes-internal.c \
+ aes-internal-dec.c \
+ aes-internal-enc.c
+.endif
+
+.if defined(NEED_AES_CBC)
+SRCS+= aes-cbc.c
+.endif
+
+.if defined(NEED_AES_EAX)
+SRCS+= aes-eax.c
+NEED_AES_CTR=y
+.endif
+
+.if defined(NEED_AES_CTR)
+SRCS+= aes-ctr.c
+.endif
+
+.if defined(NEED_AES_ENCBLOCK)
+SRCS+= aes-encblock.c
+.endif
+
+.if defined(NEED_AES_OMAC1)
+SRCS+= aes-omac1.c
+.endif
+
+.if defined(NEED_DES)
+.if defined(CONFIG_INTERNAL_DES)
+SRCS+= des-internal.c
+.endif
+.endif
+
+.if defined(NEED_MD4)
+.if defined(CONFIG_INTERNAL_MD4)
+SRCS+= md4-internal.c
+.endif
+.endif
+
+.if defined(CONFIG_INTERNAL_MD5)
+SRCS+= md5-internal.c
+.endif
+
+.if defined(NEED_FIPS186_2_PRF)
+.if defined(CONFIG_INTERNAL_SHA1)
+SRCS+= fips_prf_internal.c
+.else
+SRCS+= fips_prf_openssl.c
+.endif
+.endif
+
+.if defined(CONFIG_INTERNAL_RC4)
+SRCS+= rc4.c
+.endif
+
+.if defined(CONFIG_INTERNAL_SHA1)
+SRCS+= sha1-internal.c
+.endif
+
+.if defined(NEED_SHA256)
+CFLAGS+=-DCONFIG_SHA256
+SRCS+= sha256.c
+.if defined(CONFIG_INTERNAL_SHA256)
+SRCS+= sha256-internal.c
+.endif
+.endif
+
+.if defined(NEED_TLS_PRF)
+SRCS+= sha1-tlsprf.c
+.endif
diff --git a/usr.sbin/wpa/hostapd/Makefile b/usr.sbin/wpa/hostapd/Makefile
index 0963295..84835e5 100644
--- a/usr.sbin/wpa/hostapd/Makefile
+++ b/usr.sbin/wpa/hostapd/Makefile
@@ -11,10 +11,10 @@ SRCS= accounting.c \
ap_drv_ops.c \
ap_mlme.c \
authsrv.c \
+ base64.c \
chap.c \
common.c \
config_file.c \
- crypto_openssl.c \
ctrl_iface.c \
ctrl_iface_ap.c \
drivers.c \
@@ -42,7 +42,6 @@ SRCS= accounting.c \
radius.c \
radius_client.c \
sha1-pbkdf2.c \
- sha1-tlsprf.c \
sha1.c \
sta_info.c \
tkip_countermeasures.c \
@@ -73,8 +72,8 @@ CFLAGS+=-DCONFIG_DRIVER_BSD \
CFLAGS+= -DCONFIG_IPV6
.endif
#CFLAGS+= -g
-DPADD+= ${LIBPCAP} ${LIBSSL}
-LDADD+= -lpcap -lssl
+DPADD+= ${LIBPCAP}
+LDADD+= -lpcap
# User customizations for wpa_supplicant/hostapd build environment
CFLAGS+=${HOSTAPD_CFLAGS}
@@ -82,8 +81,6 @@ CFLAGS+=${HOSTAPD_CFLAGS}
LDADD+=${HOSTAPD_LDADD}
#LDFLAGS+=${HOSTAPD_LDFLAGS}
-.if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH)
-
CFLAGS+=-DDPKCS12_FUNCS \
-DEAP_SERVER \
-DEAP_SERVER_GTC \
@@ -103,33 +100,32 @@ SRCS+= dump_state.c \
eap_server_peap.c \
eap_server_tls.c \
eap_server_tls_common.c \
- eap_server_ttls.c \
- tls_openssl.c
+ eap_server_ttls.c
+TLS_FUNCS=y
+NEED_SHA256=y
.if !empty(CFLAGS:M*-DEAP_SERVER_AKA)
-NEED_SIM_COMMON= true
-NEED_SHA256= true
SRCS+= eap_server_aka.c
+NEED_SIM_COMMON=y
.endif
.if !empty(CFLAGS:M*-DEAP_SERVER_SIM)
-NEED_SIM_COMMON= true
SRCS+= eap_server_sim.c
+NEED_SIM_COMMON=y
.endif
.if defined(NEED_SIM_COMMON)
SRCS+= eap_sim_common.c \
eap_sim_db.c
-NEED_AES_CBC= true
-NEED_FIPS186_2_PRF= true
+NEED_AES_CBC=y
+NEED_FIPS186_2_PRF=y
.endif
.if !empty(CFLAGS:M*-DEAP_SERVER_GPSK)
CFLAGS+=-DEAP_GPSK_SHA256
SRCS+= eap_server_gpsk.c \
eap_gpsk_common.c
-NEED_SHA256= true
-NEED_AES_OMAC1= true
+NEED_AES_OMAC1=y
.endif
.if !empty(CFLAGS:M*-DEAP_SERVER_PAX)
@@ -142,34 +138,6 @@ SRCS+= eap_server_sake.c \
eap_sake_common.c
.endif
-DPADD+= ${LIBSSL} ${LIBCRYPTO}
-LDADD+= -lssl -lcrypto
-.else
-NEED_TLS_NONE= true
-.endif
-
-.if defined(NEED_AES_CBC)
-SRCS+= aes-cbc.c
-.endif
-
-.if defined(NEED_AES_OMAC1)
-SRCS+= aes-omac1.c
-.endif
-
-.if defined(NEED_FIPS186_2_PRF)
-SRCS+= fips_prf_openssl.c
-.endif
-
-.if defined(NEED_SHA256)
-SRCS+= sha256.c
-.endif
-
-.if defined(NEED_TLS_NONE)
-CFLAGS+= -DEAP_TLS_NONE
-CFLAGS+= -DINTERNAL_AES
-CFLAGS+= -DINTERNAL_SHA1
-CFLAGS+= -DINTERNAL_MD5
-SRCS+= tls_none.c
-.endif
+.include "${.CURDIR}/../Makefile.crypto"
.include <bsd.prog.mk>
diff --git a/usr.sbin/wpa/wpa_supplicant/Makefile b/usr.sbin/wpa/wpa_supplicant/Makefile
index f35283f..8a2340b 100644
--- a/usr.sbin/wpa/wpa_supplicant/Makefile
+++ b/usr.sbin/wpa/wpa_supplicant/Makefile
@@ -5,14 +5,7 @@
.PATH.c:${WPA_DISTDIR}/src/drivers
PROG= wpa_supplicant
-SRCS= aes-cbc.c \
- aes-ctr.c \
- aes-eax.c \
- aes-encblock.c \
- aes-internal.c \
- aes-omac1.c \
- aes-unwrap.c \
- aes-wrap.c \
+SRCS= aes-unwrap.c \
base64.c \
blacklist.c \
bss.c \
@@ -36,8 +29,6 @@ SRCS= aes-cbc.c \
preauth.c \
scan.c \
sha1-pbkdf2.c \
- sha1-tlsprf.c \
- sha1-tprf.c \
sha1.c \
wpa.c \
wpa_common.c \
@@ -78,9 +69,6 @@ LDADD+=${WPA_SUPPLICANT_LDADD}
#LDFLAGS+=${WPA_SUPPLICANT_LDFLAGS}
.if ${MK_WPA_SUPPLICANT_EAPOL} != "no"
-
-.if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH)
-
CFLAGS+=-DEAP_GTC \
-DEAP_LEAP \
-DEAP_MD5 \
@@ -89,13 +77,9 @@ CFLAGS+=-DEAP_GTC \
-DEAP_PEAP \
-DEAP_PSK \
-DEAP_TLS \
- -DEAP_TLV \
- -DEAP_TLS_FUNCS \
- -DEAP_TLS_OPENSSL \
-DEAP_TTLS \
-DIEEE8021X_EAPOL
SRCS+= chap.c \
- crypto_openssl.c \
eap.c \
eap_common.c \
eap_gtc.c \
@@ -113,21 +97,29 @@ SRCS+= chap.c \
eap_ttls.c \
eapol_supp_sm.c \
ms_funcs.c \
- mschapv2.c \
- tls_openssl.c
+ mschapv2.c
+TLS_FUNCS=y
+NEED_AES_EAX=y
+NEED_AES_ENCBLOCK=y
+NEED_AES_OMAC1=y
+NEED_SHA256=y
+.endif
.if !empty(CFLAGS:M*-DEAP_AKA)
-NEED_SIM_COMMON= true
SRCS+= eap_aka.c
+NEED_SIM_COMMON=y
+NEED_AES_CBC=y
.endif
.if !empty(CFLAGS:M*-DEAP_SIM)
-NEED_SIM_COMMON= true
SRCS+= eap_sim.c
+NEED_SIM_COMMON=y
+NEED_AES_CBC=y
.endif
.if defined(NEED_SIM_COMMON)
SRCS+= eap_sim_common.c
+NEED_FIPS186_2_PRF=y
.endif
# PC/SC interface for smartcards (USIM, GSM SIM)
@@ -147,7 +139,7 @@ LDADD+=-lpcsclite -lpthread
CFLAGS+=-DEAP_GPSK_SHA256
SRCS+= eap_gpsk.c \
eap_gpsk_common.c
-NEED_SHA256= true
+NEED_AES_OMAC1=y
.endif
.if !empty(CFLAGS:M*-DEAP_PAX)
@@ -160,32 +152,6 @@ SRCS+= eap_sake.c \
eap_sake_common.c
.endif
-NEED_LIBSSL= true
-.else
-CFLAGS+= -DEAP_TLS_NONE
-SRCS+= tls_none.c
-.endif
-
-.endif
-
-#
-# Configure crypto/cipher support.
-#
-# EAPOL support requires openssl in which case we use their
-# cipher code. Otherwise we use our internal versions.
-#
-.if !defined(NEED_LIBSSL)
-CFLAGS+= -DINTERNAL_AES
-CFLAGS+= -DINTERNAL_SHA1
-CFLAGS+= -DINTERNAL_MD5
-.else
-DPADD+= ${LIBSSL} ${LIBCRYPTO}
-LDADD+= -lssl -lcrypto
-.endif
-
-.if defined(NEED_SHA256)
-CFLAGS+=-DINTERNAL_SHA256
-SRCS+= sha256.c
-.endif
+.include "${.CURDIR}/../Makefile.crypto"
.include <bsd.prog.mk>
OpenPOWER on IntegriCloud