From owner-svn-src-all@FreeBSD.ORG Sat Apr 28 11:11:54 2012 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5B5D3106566C; Sat, 28 Apr 2012 11:11:54 +0000 (UTC) (envelope-from bschmidt@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 44EC38FC08; Sat, 28 Apr 2012 11:11:54 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q3SBBse2057992; Sat, 28 Apr 2012 11:11:54 GMT (envelope-from bschmidt@svn.freebsd.org) Received: (from bschmidt@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q3SBBsHm057989; Sat, 28 Apr 2012 11:11:54 GMT (envelope-from bschmidt@svn.freebsd.org) Message-Id: <201204281111.q3SBBsHm057989@svn.freebsd.org> From: Bernhard Schmidt Date: Sat, 28 Apr 2012 11:11:54 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r234759 - in head/usr.sbin/wpa: . hostapd wpa_supplicant X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Apr 2012 11:11:54 -0000 Author: bschmidt Date: Sat Apr 28 11:11:53 2012 New Revision: 234759 URL: http://svn.freebsd.org/changeset/base/234759 Log: Move crypto stuff into a common Makefile. While here fix the WITHOUT_OPENSSL build by using the wpa's internal crypto support if openssl is not available, this allows us to unconditionally enable EAP support. MFC after: 2 weeks Added: head/usr.sbin/wpa/Makefile.crypto (contents, props changed) Modified: head/usr.sbin/wpa/hostapd/Makefile head/usr.sbin/wpa/wpa_supplicant/Makefile Added: head/usr.sbin/wpa/Makefile.crypto ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/usr.sbin/wpa/Makefile.crypto Sat Apr 28 11:11:53 2012 (r234759) @@ -0,0 +1,121 @@ +# $FreeBSD$ + +.if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH) +SRCS+= crypto_openssl.c +DPADD+= ${LIBSSL} ${LIBCRYPTO} +LDADD+= -lssl -lcrypto +.else +CFLAGS+=-DCONFIG_CRYPTO_INTERNAL +SRCS+= crypto_internal.c +CONFIG_INTERNAL_AES=y +CONFIG_INTERNAL_DES=y +CONFIG_INTERNAL_MD4=y +CONFIG_INTERNAL_MD5=y +CONFIG_INTERNAL_RC4=y +CONFIG_INTERNAL_SHA1=y +CONFIG_INTERNAL_SHA256=y +CONFIG_INTERNAL_TLS=y +NEED_AES_ENC=true +.endif + +.if defined(TLS_FUNCS) +NEED_TLS_PRF=y +.if defined(CONFIG_INTERNAL_TLS) +CFLAGS+=-DCONFIG_INTERNAL_LIBTOMMATH \ + -DCONFIG_TLS_INTERNAL_CLIENT +SRCS+= asn1.c \ + bignum.c \ + crypto_internal-cipher.c \ + crypto_internal-modexp.c \ + crypto_internal-rsa.c \ + pkcs1.c \ + pkcs5.c \ + pkcs8.c \ + rsa.c \ + tls_internal.c \ + tlsv1_common.c \ + tlsv1_record.c \ + tlsv1_cred.c \ + tlsv1_client.c \ + tlsv1_client_write.c \ + tlsv1_client_read.c \ + x509v3.c +NEED_DES=y +NEED_MD4=y +NEED_RC4=y +.else +CFLAGS+=-DEAP_TLS_OPENSSL +SRCS+= tls_openssl.c +.endif +.endif + +.if defined(CONFIG_INTERNAL_AES) +SRCS+= aes-internal.c \ + aes-internal-dec.c \ + aes-internal-enc.c +.endif + +.if defined(NEED_AES_CBC) +SRCS+= aes-cbc.c +.endif + +.if defined(NEED_AES_EAX) +SRCS+= aes-eax.c +NEED_AES_CTR=y +.endif + +.if defined(NEED_AES_CTR) +SRCS+= aes-ctr.c +.endif + +.if defined(NEED_AES_ENCBLOCK) +SRCS+= aes-encblock.c +.endif + +.if defined(NEED_AES_OMAC1) +SRCS+= aes-omac1.c +.endif + +.if defined(NEED_DES) +.if defined(CONFIG_INTERNAL_DES) +SRCS+= des-internal.c +.endif +.endif + +.if defined(NEED_MD4) +.if defined(CONFIG_INTERNAL_MD4) +SRCS+= md4-internal.c +.endif +.endif + +.if defined(CONFIG_INTERNAL_MD5) +SRCS+= md5-internal.c +.endif + +.if defined(NEED_FIPS186_2_PRF) +.if defined(CONFIG_INTERNAL_SHA1) +SRCS+= fips_prf_internal.c +.else +SRCS+= fips_prf_openssl.c +.endif +.endif + +.if defined(CONFIG_INTERNAL_RC4) +SRCS+= rc4.c +.endif + +.if defined(CONFIG_INTERNAL_SHA1) +SRCS+= sha1-internal.c +.endif + +.if defined(NEED_SHA256) +CFLAGS+=-DCONFIG_SHA256 +SRCS+= sha256.c +.if defined(CONFIG_INTERNAL_SHA256) +SRCS+= sha256-internal.c +.endif +.endif + +.if defined(NEED_TLS_PRF) +SRCS+= sha1-tlsprf.c +.endif Modified: head/usr.sbin/wpa/hostapd/Makefile ============================================================================== --- head/usr.sbin/wpa/hostapd/Makefile Sat Apr 28 11:02:32 2012 (r234758) +++ head/usr.sbin/wpa/hostapd/Makefile Sat Apr 28 11:11:53 2012 (r234759) @@ -11,10 +11,10 @@ SRCS= accounting.c \ ap_drv_ops.c \ ap_mlme.c \ authsrv.c \ + base64.c \ chap.c \ common.c \ config_file.c \ - crypto_openssl.c \ ctrl_iface.c \ ctrl_iface_ap.c \ drivers.c \ @@ -42,7 +42,6 @@ SRCS= accounting.c \ radius.c \ radius_client.c \ sha1-pbkdf2.c \ - sha1-tlsprf.c \ sha1.c \ sta_info.c \ tkip_countermeasures.c \ @@ -73,8 +72,8 @@ CFLAGS+=-DCONFIG_DRIVER_BSD \ CFLAGS+= -DCONFIG_IPV6 .endif #CFLAGS+= -g -DPADD+= ${LIBPCAP} ${LIBSSL} -LDADD+= -lpcap -lssl +DPADD+= ${LIBPCAP} +LDADD+= -lpcap # User customizations for wpa_supplicant/hostapd build environment CFLAGS+=${HOSTAPD_CFLAGS} @@ -82,8 +81,6 @@ CFLAGS+=${HOSTAPD_CFLAGS} LDADD+=${HOSTAPD_LDADD} #LDFLAGS+=${HOSTAPD_LDFLAGS} -.if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH) - CFLAGS+=-DDPKCS12_FUNCS \ -DEAP_SERVER \ -DEAP_SERVER_GTC \ @@ -103,33 +100,32 @@ SRCS+= dump_state.c \ eap_server_peap.c \ eap_server_tls.c \ eap_server_tls_common.c \ - eap_server_ttls.c \ - tls_openssl.c + eap_server_ttls.c +TLS_FUNCS=y +NEED_SHA256=y .if !empty(CFLAGS:M*-DEAP_SERVER_AKA) -NEED_SIM_COMMON= true -NEED_SHA256= true SRCS+= eap_server_aka.c +NEED_SIM_COMMON=y .endif .if !empty(CFLAGS:M*-DEAP_SERVER_SIM) -NEED_SIM_COMMON= true SRCS+= eap_server_sim.c +NEED_SIM_COMMON=y .endif .if defined(NEED_SIM_COMMON) SRCS+= eap_sim_common.c \ eap_sim_db.c -NEED_AES_CBC= true -NEED_FIPS186_2_PRF= true +NEED_AES_CBC=y +NEED_FIPS186_2_PRF=y .endif .if !empty(CFLAGS:M*-DEAP_SERVER_GPSK) CFLAGS+=-DEAP_GPSK_SHA256 SRCS+= eap_server_gpsk.c \ eap_gpsk_common.c -NEED_SHA256= true -NEED_AES_OMAC1= true +NEED_AES_OMAC1=y .endif .if !empty(CFLAGS:M*-DEAP_SERVER_PAX) @@ -142,34 +138,6 @@ SRCS+= eap_server_sake.c \ eap_sake_common.c .endif -DPADD+= ${LIBSSL} ${LIBCRYPTO} -LDADD+= -lssl -lcrypto -.else -NEED_TLS_NONE= true -.endif - -.if defined(NEED_AES_CBC) -SRCS+= aes-cbc.c -.endif - -.if defined(NEED_AES_OMAC1) -SRCS+= aes-omac1.c -.endif - -.if defined(NEED_FIPS186_2_PRF) -SRCS+= fips_prf_openssl.c -.endif - -.if defined(NEED_SHA256) -SRCS+= sha256.c -.endif - -.if defined(NEED_TLS_NONE) -CFLAGS+= -DEAP_TLS_NONE -CFLAGS+= -DINTERNAL_AES -CFLAGS+= -DINTERNAL_SHA1 -CFLAGS+= -DINTERNAL_MD5 -SRCS+= tls_none.c -.endif +.include "${.CURDIR}/../Makefile.crypto" .include Modified: head/usr.sbin/wpa/wpa_supplicant/Makefile ============================================================================== --- head/usr.sbin/wpa/wpa_supplicant/Makefile Sat Apr 28 11:02:32 2012 (r234758) +++ head/usr.sbin/wpa/wpa_supplicant/Makefile Sat Apr 28 11:11:53 2012 (r234759) @@ -5,14 +5,7 @@ .PATH.c:${WPA_DISTDIR}/src/drivers PROG= wpa_supplicant -SRCS= aes-cbc.c \ - aes-ctr.c \ - aes-eax.c \ - aes-encblock.c \ - aes-internal.c \ - aes-omac1.c \ - aes-unwrap.c \ - aes-wrap.c \ +SRCS= aes-unwrap.c \ base64.c \ blacklist.c \ bss.c \ @@ -36,8 +29,6 @@ SRCS= aes-cbc.c \ preauth.c \ scan.c \ sha1-pbkdf2.c \ - sha1-tlsprf.c \ - sha1-tprf.c \ sha1.c \ wpa.c \ wpa_common.c \ @@ -78,9 +69,6 @@ LDADD+=${WPA_SUPPLICANT_LDADD} #LDFLAGS+=${WPA_SUPPLICANT_LDFLAGS} .if ${MK_WPA_SUPPLICANT_EAPOL} != "no" - -.if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH) - CFLAGS+=-DEAP_GTC \ -DEAP_LEAP \ -DEAP_MD5 \ @@ -89,13 +77,9 @@ CFLAGS+=-DEAP_GTC \ -DEAP_PEAP \ -DEAP_PSK \ -DEAP_TLS \ - -DEAP_TLV \ - -DEAP_TLS_FUNCS \ - -DEAP_TLS_OPENSSL \ -DEAP_TTLS \ -DIEEE8021X_EAPOL SRCS+= chap.c \ - crypto_openssl.c \ eap.c \ eap_common.c \ eap_gtc.c \ @@ -113,21 +97,29 @@ SRCS+= chap.c \ eap_ttls.c \ eapol_supp_sm.c \ ms_funcs.c \ - mschapv2.c \ - tls_openssl.c + mschapv2.c +TLS_FUNCS=y +NEED_AES_EAX=y +NEED_AES_ENCBLOCK=y +NEED_AES_OMAC1=y +NEED_SHA256=y +.endif .if !empty(CFLAGS:M*-DEAP_AKA) -NEED_SIM_COMMON= true SRCS+= eap_aka.c +NEED_SIM_COMMON=y +NEED_AES_CBC=y .endif .if !empty(CFLAGS:M*-DEAP_SIM) -NEED_SIM_COMMON= true SRCS+= eap_sim.c +NEED_SIM_COMMON=y +NEED_AES_CBC=y .endif .if defined(NEED_SIM_COMMON) SRCS+= eap_sim_common.c +NEED_FIPS186_2_PRF=y .endif # PC/SC interface for smartcards (USIM, GSM SIM) @@ -147,7 +139,7 @@ LDADD+=-lpcsclite -lpthread CFLAGS+=-DEAP_GPSK_SHA256 SRCS+= eap_gpsk.c \ eap_gpsk_common.c -NEED_SHA256= true +NEED_AES_OMAC1=y .endif .if !empty(CFLAGS:M*-DEAP_PAX) @@ -160,32 +152,6 @@ SRCS+= eap_sake.c \ eap_sake_common.c .endif -NEED_LIBSSL= true -.else -CFLAGS+= -DEAP_TLS_NONE -SRCS+= tls_none.c -.endif - -.endif - -# -# Configure crypto/cipher support. -# -# EAPOL support requires openssl in which case we use their -# cipher code. Otherwise we use our internal versions. -# -.if !defined(NEED_LIBSSL) -CFLAGS+= -DINTERNAL_AES -CFLAGS+= -DINTERNAL_SHA1 -CFLAGS+= -DINTERNAL_MD5 -.else -DPADD+= ${LIBSSL} ${LIBCRYPTO} -LDADD+= -lssl -lcrypto -.endif - -.if defined(NEED_SHA256) -CFLAGS+=-DINTERNAL_SHA256 -SRCS+= sha256.c -.endif +.include "${.CURDIR}/../Makefile.crypto" .include