From b94d2735144ab4ea2df945844d91a9ea33d6c08a Mon Sep 17 00:00:00 2001 From: bschmidt Date: Sat, 28 Apr 2012 11:11:53 +0000 Subject: Move crypto stuff into a common Makefile. While here fix the WITHOUT_OPENSSL build by using the wpa's internal crypto support if openssl is not available, this allows us to unconditionally enable EAP support. MFC after: 2 weeks --- usr.sbin/wpa/Makefile.crypto | 121 +++++++++++++++++++++++++++++++++++ usr.sbin/wpa/hostapd/Makefile | 56 ++++------------ usr.sbin/wpa/wpa_supplicant/Makefile | 64 +++++------------- 3 files changed, 148 insertions(+), 93 deletions(-) create mode 100644 usr.sbin/wpa/Makefile.crypto (limited to 'usr.sbin/wpa') diff --git a/usr.sbin/wpa/Makefile.crypto b/usr.sbin/wpa/Makefile.crypto new file mode 100644 index 0000000..e1ac445 --- /dev/null +++ b/usr.sbin/wpa/Makefile.crypto @@ -0,0 +1,121 @@ +# $FreeBSD$ + +.if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH) +SRCS+= crypto_openssl.c +DPADD+= ${LIBSSL} ${LIBCRYPTO} +LDADD+= -lssl -lcrypto +.else +CFLAGS+=-DCONFIG_CRYPTO_INTERNAL +SRCS+= crypto_internal.c +CONFIG_INTERNAL_AES=y +CONFIG_INTERNAL_DES=y +CONFIG_INTERNAL_MD4=y +CONFIG_INTERNAL_MD5=y +CONFIG_INTERNAL_RC4=y +CONFIG_INTERNAL_SHA1=y +CONFIG_INTERNAL_SHA256=y +CONFIG_INTERNAL_TLS=y +NEED_AES_ENC=true +.endif + +.if defined(TLS_FUNCS) +NEED_TLS_PRF=y +.if defined(CONFIG_INTERNAL_TLS) +CFLAGS+=-DCONFIG_INTERNAL_LIBTOMMATH \ + -DCONFIG_TLS_INTERNAL_CLIENT +SRCS+= asn1.c \ + bignum.c \ + crypto_internal-cipher.c \ + crypto_internal-modexp.c \ + crypto_internal-rsa.c \ + pkcs1.c \ + pkcs5.c \ + pkcs8.c \ + rsa.c \ + tls_internal.c \ + tlsv1_common.c \ + tlsv1_record.c \ + tlsv1_cred.c \ + tlsv1_client.c \ + tlsv1_client_write.c \ + tlsv1_client_read.c \ + x509v3.c +NEED_DES=y +NEED_MD4=y +NEED_RC4=y +.else +CFLAGS+=-DEAP_TLS_OPENSSL +SRCS+= tls_openssl.c +.endif +.endif + +.if defined(CONFIG_INTERNAL_AES) +SRCS+= aes-internal.c \ + aes-internal-dec.c \ + aes-internal-enc.c +.endif + +.if defined(NEED_AES_CBC) +SRCS+= aes-cbc.c +.endif + +.if defined(NEED_AES_EAX) +SRCS+= aes-eax.c +NEED_AES_CTR=y +.endif + +.if defined(NEED_AES_CTR) +SRCS+= aes-ctr.c +.endif + +.if defined(NEED_AES_ENCBLOCK) +SRCS+= aes-encblock.c +.endif + +.if defined(NEED_AES_OMAC1) +SRCS+= aes-omac1.c +.endif + +.if defined(NEED_DES) +.if defined(CONFIG_INTERNAL_DES) +SRCS+= des-internal.c +.endif +.endif + +.if defined(NEED_MD4) +.if defined(CONFIG_INTERNAL_MD4) +SRCS+= md4-internal.c +.endif +.endif + +.if defined(CONFIG_INTERNAL_MD5) +SRCS+= md5-internal.c +.endif + +.if defined(NEED_FIPS186_2_PRF) +.if defined(CONFIG_INTERNAL_SHA1) +SRCS+= fips_prf_internal.c +.else +SRCS+= fips_prf_openssl.c +.endif +.endif + +.if defined(CONFIG_INTERNAL_RC4) +SRCS+= rc4.c +.endif + +.if defined(CONFIG_INTERNAL_SHA1) +SRCS+= sha1-internal.c +.endif + +.if defined(NEED_SHA256) +CFLAGS+=-DCONFIG_SHA256 +SRCS+= sha256.c +.if defined(CONFIG_INTERNAL_SHA256) +SRCS+= sha256-internal.c +.endif +.endif + +.if defined(NEED_TLS_PRF) +SRCS+= sha1-tlsprf.c +.endif diff --git a/usr.sbin/wpa/hostapd/Makefile b/usr.sbin/wpa/hostapd/Makefile index 0963295..84835e5 100644 --- a/usr.sbin/wpa/hostapd/Makefile +++ b/usr.sbin/wpa/hostapd/Makefile @@ -11,10 +11,10 @@ SRCS= accounting.c \ ap_drv_ops.c \ ap_mlme.c \ authsrv.c \ + base64.c \ chap.c \ common.c \ config_file.c \ - crypto_openssl.c \ ctrl_iface.c \ ctrl_iface_ap.c \ drivers.c \ @@ -42,7 +42,6 @@ SRCS= accounting.c \ radius.c \ radius_client.c \ sha1-pbkdf2.c \ - sha1-tlsprf.c \ sha1.c \ sta_info.c \ tkip_countermeasures.c \ @@ -73,8 +72,8 @@ CFLAGS+=-DCONFIG_DRIVER_BSD \ CFLAGS+= -DCONFIG_IPV6 .endif #CFLAGS+= -g -DPADD+= ${LIBPCAP} ${LIBSSL} -LDADD+= -lpcap -lssl +DPADD+= ${LIBPCAP} +LDADD+= -lpcap # User customizations for wpa_supplicant/hostapd build environment CFLAGS+=${HOSTAPD_CFLAGS} @@ -82,8 +81,6 @@ CFLAGS+=${HOSTAPD_CFLAGS} LDADD+=${HOSTAPD_LDADD} #LDFLAGS+=${HOSTAPD_LDFLAGS} -.if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH) - CFLAGS+=-DDPKCS12_FUNCS \ -DEAP_SERVER \ -DEAP_SERVER_GTC \ @@ -103,33 +100,32 @@ SRCS+= dump_state.c \ eap_server_peap.c \ eap_server_tls.c \ eap_server_tls_common.c \ - eap_server_ttls.c \ - tls_openssl.c + eap_server_ttls.c +TLS_FUNCS=y +NEED_SHA256=y .if !empty(CFLAGS:M*-DEAP_SERVER_AKA) -NEED_SIM_COMMON= true -NEED_SHA256= true SRCS+= eap_server_aka.c +NEED_SIM_COMMON=y .endif .if !empty(CFLAGS:M*-DEAP_SERVER_SIM) -NEED_SIM_COMMON= true SRCS+= eap_server_sim.c +NEED_SIM_COMMON=y .endif .if defined(NEED_SIM_COMMON) SRCS+= eap_sim_common.c \ eap_sim_db.c -NEED_AES_CBC= true -NEED_FIPS186_2_PRF= true +NEED_AES_CBC=y +NEED_FIPS186_2_PRF=y .endif .if !empty(CFLAGS:M*-DEAP_SERVER_GPSK) CFLAGS+=-DEAP_GPSK_SHA256 SRCS+= eap_server_gpsk.c \ eap_gpsk_common.c -NEED_SHA256= true -NEED_AES_OMAC1= true +NEED_AES_OMAC1=y .endif .if !empty(CFLAGS:M*-DEAP_SERVER_PAX) @@ -142,34 +138,6 @@ SRCS+= eap_server_sake.c \ eap_sake_common.c .endif -DPADD+= ${LIBSSL} ${LIBCRYPTO} -LDADD+= -lssl -lcrypto -.else -NEED_TLS_NONE= true -.endif - -.if defined(NEED_AES_CBC) -SRCS+= aes-cbc.c -.endif - -.if defined(NEED_AES_OMAC1) -SRCS+= aes-omac1.c -.endif - -.if defined(NEED_FIPS186_2_PRF) -SRCS+= fips_prf_openssl.c -.endif - -.if defined(NEED_SHA256) -SRCS+= sha256.c -.endif - -.if defined(NEED_TLS_NONE) -CFLAGS+= -DEAP_TLS_NONE -CFLAGS+= -DINTERNAL_AES -CFLAGS+= -DINTERNAL_SHA1 -CFLAGS+= -DINTERNAL_MD5 -SRCS+= tls_none.c -.endif +.include "${.CURDIR}/../Makefile.crypto" .include diff --git a/usr.sbin/wpa/wpa_supplicant/Makefile b/usr.sbin/wpa/wpa_supplicant/Makefile index f35283f..8a2340b 100644 --- a/usr.sbin/wpa/wpa_supplicant/Makefile +++ b/usr.sbin/wpa/wpa_supplicant/Makefile @@ -5,14 +5,7 @@ .PATH.c:${WPA_DISTDIR}/src/drivers PROG= wpa_supplicant -SRCS= aes-cbc.c \ - aes-ctr.c \ - aes-eax.c \ - aes-encblock.c \ - aes-internal.c \ - aes-omac1.c \ - aes-unwrap.c \ - aes-wrap.c \ +SRCS= aes-unwrap.c \ base64.c \ blacklist.c \ bss.c \ @@ -36,8 +29,6 @@ SRCS= aes-cbc.c \ preauth.c \ scan.c \ sha1-pbkdf2.c \ - sha1-tlsprf.c \ - sha1-tprf.c \ sha1.c \ wpa.c \ wpa_common.c \ @@ -78,9 +69,6 @@ LDADD+=${WPA_SUPPLICANT_LDADD} #LDFLAGS+=${WPA_SUPPLICANT_LDFLAGS} .if ${MK_WPA_SUPPLICANT_EAPOL} != "no" - -.if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH) - CFLAGS+=-DEAP_GTC \ -DEAP_LEAP \ -DEAP_MD5 \ @@ -89,13 +77,9 @@ CFLAGS+=-DEAP_GTC \ -DEAP_PEAP \ -DEAP_PSK \ -DEAP_TLS \ - -DEAP_TLV \ - -DEAP_TLS_FUNCS \ - -DEAP_TLS_OPENSSL \ -DEAP_TTLS \ -DIEEE8021X_EAPOL SRCS+= chap.c \ - crypto_openssl.c \ eap.c \ eap_common.c \ eap_gtc.c \ @@ -113,21 +97,29 @@ SRCS+= chap.c \ eap_ttls.c \ eapol_supp_sm.c \ ms_funcs.c \ - mschapv2.c \ - tls_openssl.c + mschapv2.c +TLS_FUNCS=y +NEED_AES_EAX=y +NEED_AES_ENCBLOCK=y +NEED_AES_OMAC1=y +NEED_SHA256=y +.endif .if !empty(CFLAGS:M*-DEAP_AKA) -NEED_SIM_COMMON= true SRCS+= eap_aka.c +NEED_SIM_COMMON=y +NEED_AES_CBC=y .endif .if !empty(CFLAGS:M*-DEAP_SIM) -NEED_SIM_COMMON= true SRCS+= eap_sim.c +NEED_SIM_COMMON=y +NEED_AES_CBC=y .endif .if defined(NEED_SIM_COMMON) SRCS+= eap_sim_common.c +NEED_FIPS186_2_PRF=y .endif # PC/SC interface for smartcards (USIM, GSM SIM) @@ -147,7 +139,7 @@ LDADD+=-lpcsclite -lpthread CFLAGS+=-DEAP_GPSK_SHA256 SRCS+= eap_gpsk.c \ eap_gpsk_common.c -NEED_SHA256= true +NEED_AES_OMAC1=y .endif .if !empty(CFLAGS:M*-DEAP_PAX) @@ -160,32 +152,6 @@ SRCS+= eap_sake.c \ eap_sake_common.c .endif -NEED_LIBSSL= true -.else -CFLAGS+= -DEAP_TLS_NONE -SRCS+= tls_none.c -.endif - -.endif - -# -# Configure crypto/cipher support. -# -# EAPOL support requires openssl in which case we use their -# cipher code. Otherwise we use our internal versions. -# -.if !defined(NEED_LIBSSL) -CFLAGS+= -DINTERNAL_AES -CFLAGS+= -DINTERNAL_SHA1 -CFLAGS+= -DINTERNAL_MD5 -.else -DPADD+= ${LIBSSL} ${LIBCRYPTO} -LDADD+= -lssl -lcrypto -.endif - -.if defined(NEED_SHA256) -CFLAGS+=-DINTERNAL_SHA256 -SRCS+= sha256.c -.endif +.include "${.CURDIR}/../Makefile.crypto" .include -- cgit v1.1