Cradicle Explorer
HardenedBSD-pkg
/ external / libecc / common.mk
common.mk
  1  # Detect mingw, since some versions throw a warning with the -fPIC option
  2  # (which would be caught as an error in our case with -Werror)
  3  # The ELF PIE related hardening flags are also non sense for Windows
  4  MINGW := $(shell $(CROSS_COMPILE)$(CC) -dumpmachine 2>&1 | grep -v mingw)
  5  # Detect Mac OS compilers: these usually don't like ELF pie related flags ...
  6  APPLE := $(shell $(CROSS_COMPILE)$(CC) -dumpmachine 2>&1 | grep -v apple)
  7  SYS_ROOT :=
  8  ifneq ($(MINGW),)
  9    FPIC_CFLAG=-fPIC
 10    ifneq ($(APPLE),)
 11      FPIE_CFLAG=-fPIE
 12      FPIE_LDFLAGS=-pie -Wl,-z,relro,-z,now
 13    endif
 14  endif
 15  
 16  ifeq ($(APPLE),)
 17    SYS_ROOT_PATH := $(shell xcode-select --print-path)
 18    ifneq ($(SYS_ROOT_PATH),)
 19      SYS_ROOT_PATH := $(SYS_ROOT_PATH)/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk
 20      SYS_ROOT := --sysroot=$(SYS_ROOT_PATH)
 21      $(info Using MacOS SDK $(SYS_ROOT_PATH))
 22    endif
 23  endif
 24  
 25  # NOTE: with mingw, FORTIFY_SOURCE=2 must be used
 26  # in conjuction with stack-protector as check functions
 27  # are implemented in libssp
 28  STACK_PROT_FLAG=-fstack-protector-strong
 29  FORTIFY_FLAGS=-D_FORTIFY_SOURCE=2
 30  
 31  # The first goal here is to define a meaningful set of CFLAGS based on compiler,
 32  # debug mode, expected word size (16, 32, 64), etc. Those are then used to
 33  # define two differents kinds of CFLAGS we will use for building our library
 34  # (LIB_CFLAGS) and binaries (BIN_CFLAGS) objects.
 35  
 36  # Detect if we are using clang or gcc
 37  CLANG :=  $(shell $(CROSS_COMPILE)$(CC) -v 2>&1 | grep clang)
 38  
 39  ifneq ($(CLANG),)
 40    # get clang version e.g. 14.1.3
 41    CLANG_VERSION := $(shell $(CROSS_COMPILE)$(CC) -dumpversion)
 42    # convert to single number e.g. 14 * 100 + 1
 43    CLANG_VERSION := $(shell echo $(CLANG_VERSION) | cut -f1-2 -d. | sed -e 's/\./*100+/g')
 44    # Calculate value - e.g. 1401
 45    CLANG_VERSION := $(shell echo $$(($(CLANG_VERSION))))
 46    # Comparison results (true if true, empty if false)
 47    CLANG_VERSION_GTE_12 := $(shell [ $(CLANG_VERSION) -ge 1200 ]  && echo true)
 48    CLANG_VERSION_GTE_13 := $(shell [ $(CLANG_VERSION) -ge 1300 ]  && echo true)
 49    CLANG_VERSION_GTE_16 := $(shell [ $(CLANG_VERSION) -ge 1600 ]  && echo true)
 50    CLANG_VERSION_GTE_17 := $(shell [ $(CLANG_VERSION) -ge 1700 ]  && echo true)
 51  endif
 52  
 53  # Default warning flags
 54  # -Werror: treat warnings as errors
 55  #
 56  # Pedantic mode: enable more warnings
 57  # -Wshadow: warn the user if a variable declaration shadows one from a parent context
 58  # -Wdouble-promotion: warn about implicit conversion from float to double
 59  # -Wformat=2: warn about format string vulnerabilities
 60  # -fno-common: disallow global variables with same name and type
 61  # -Wconversion: warn about implicit conversion
 62  # -Wformat-security: warn about format string vulnerabilities
 63  WARNING_CFLAGS = -Werror
 64  ifeq ($(PEDANTIC),1)
 65    WARNING_CFLAGS += -Wshadow -Wdouble-promotion -Wformat=2 -fno-common -Wconversion -Wformat-security
 66  endif
 67  
 68  # Disable certain warnings:
 69  # -Wno-unused-parameter: commonly a false positive. Functions may be required to have a certain signature.
 70  # -Wno-declaration-after-statement: our C standard supports declaration after statements
 71  WARNING_CFLAGS += -Wno-unused-parameter -Wno-declaration-after-statement
 72  
 73  # When compiler is *explicitly* set to clang, use its -Weverything option by
 74  # default but disable the sepcific options we cannot support:
 75  #
 76  #   -Wno-reserved-id-macro: our header files use __XXX___ protection macros.
 77  #   -Wno-padded: padding warnings
 78  #   -Wno-packed: warning about packed structure we want to keep that way
 79  #   -Wno-covered-switch-default
 80  #   -Wno-used-but-marked-unused
 81  #
 82  ifneq ($(CLANG),)
 83    WARNING_CFLAGS += -Weverything \
 84  		 -Wno-reserved-id-macro -Wno-padded \
 85  		 -Wno-packed -Wno-covered-switch-default \
 86  		 -Wno-used-but-marked-unused -Wno-switch-enum
 87    # Add warnings if we are in pedantic mode
 88    ifeq ($(PEDANTIC),1)
 89      WARNING_CFLAGS += -Walloca -Wcast-qual -Wnull-dereference -Wstack-protector -Wvla -Warray-bounds -Warray-bounds-pointer-arithmetic -Wassign-enum -Wbad-function-cast -Wconditional-uninitialized -Wfloat-equal -Wformat-type-confusion -Widiomatic-parentheses -Wimplicit-fallthrough -Wloop-analysis -Wpointer-arith -Wshift-sign-overflow -Wshorten-64-to-32 -Wtautological-constant-in-range-compare -Wunreachable-code-aggressive -Wthread-safety -Wthread-safety-beta -Wcomma
 90    endif
 91    ifeq ($(CLANG_VERSION_GTE_13), true)
 92      # We have to do this because the '_' prefix seems now reserved to builtins
 93      WARNING_CFLAGS += -Wno-reserved-identifier
 94    endif
 95    ifeq ($(CLANG_VERSION_GTE_16), true)
 96      # NOTE: XXX: this is really a shame to remove this, but
 97      # we have to wait until this is less sensitive and false positive
 98      # prone to use it!
 99      WARNING_CFLAGS += -Wno-unsafe-buffer-usage
100    endif
101  else
102    WARNING_CFLAGS += -W -Wextra -Wall -Wunreachable-code
103    # Add warnings if we are in pedantic mode
104    ifeq ($(PEDANTIC),1)
105      WARNING_CFLAGS += -Wpedantic -Wformat-overflow=2 -Wformat-truncation=2 -Wnull-dereference -Wstack-protector -Wtrampolines -Walloca -Wvla -Warray-bounds=2 -Wimplicit-fallthrough=3 -Wshift-overflow=2 -Wcast-qual -Wstringop-overflow=4 -Warith-conversion -Wlogical-op -Wduplicated-cond -Wduplicated-branches -Wformat-signedness -Wstrict-overflow=2 -Wundef -Wstrict-prototypes -Wswitch-default -Wcast-align=strict -Wjump-misses-init
106    endif
107  endif
108  
109  ifeq ($(WNOERROR), 1)
110    # Sometimes "-Werror" might be too much, this can be overriden
111    WARNING_CFLAGS := $(subst -Werror,,$(WARNING_CFLAGS))
112  endif
113  
114  # If the user has overridden the CFLAGS or LDFLAGS, let's detect it
115  # and adapt our compilation process
116  ifdef CFLAGS
117  USER_DEFINED_CFLAGS = $(CFLAGS)
118  endif
119  ifdef LDFLAGS
120  USER_DEFINED_LDFLAGS = $(LDFLAGS)
121  endif
122  
123  CFLAGS ?= $(WARNING_CFLAGS) $(SYS_ROOT) -pedantic -fno-builtin -std=c99 \
124  	  $(FORTIFY_FLAGS) $(STACK_PROT_FLAG) -O3
125  LDFLAGS ?=
126  
127  # Default AR and RANLIB if not overriden by user
128  AR ?= ar
129  RANLIB ?= ranlib
130  # Default AR flags and RANLIB flags if not overriden by user
131  AR_FLAGS ?= rcs
132  RANLIB_FLAGS ?=
133  
134  # Our debug flags
135  DEBUG_CFLAGS = -DDEBUG -O -g
136  
137  ifeq ($(VERBOSE_INNER_VALUES),1)
138  CFLAGS += -DVERBOSE_INNER_VALUES
139  endif
140  
141  # Default all and clean target that will be expanded
142  # later in the Makefile
143  all:
144  clean:
145  
146  debug: CFLAGS += $(DEBUG_CFLAGS)
147  debug: clean all
148  
149  # Force 64-bit word size
150  64: CFLAGS += -DWORDSIZE=64
151  64: clean all
152  debug64: CFLAGS += -DWORDSIZE=64 $(DEBUG_CFLAGS)
153  debug64: clean all
154  
155  # Force 32-bit word size
156  32: CFLAGS += -DWORDSIZE=32
157  32: clean all
158  debug32: CFLAGS += -DWORDSIZE=32 $(DEBUG_CFLAGS)
159  debug32: clean all
160  
161  # Force 16-bit word size
162  16: CFLAGS += -DWORDSIZE=16
163  16: clean all
164  debug16: CFLAGS += -DWORDSIZE=16 $(DEBUG_CFLAGS)
165  debug16: clean all
166  
167  # Force to compile with 64-bit arch
168  force_arch64: CFLAGS += -m64
169  force_arch64: clean all
170  
171  # Force to compile with 32-bit arch
172  force_arch32: CFLAGS += -m32
173  force_arch32: clean all
174  
175  # By default, we use an stdlib
176  ifneq ($(LIBECC_NOSTDLIB),1)
177  CFLAGS += -DWITH_STDLIB
178  endif
179  
180  # Let's now define the two kinds of CFLAGS we will use for building our
181  # library (LIB_CFLAGS) and binaries (BIN_CFLAGS) objects.
182  # If the user has not overriden the CFLAGS, we add the usual gcc/clang
183  # flags to produce binaries compatible with hardening technologies.
184  ifndef USER_DEFINED_CFLAGS
185  BIN_CFLAGS  ?= $(CFLAGS) $(FPIE_CFLAG) -MMD -MP
186  LIB_CFLAGS  ?= $(CFLAGS) $(FPIC_CFLAG) -MMD -MP -ffreestanding
187  else
188  BIN_CFLAGS  ?= $(USER_DEFINED_CFLAGS)
189  LIB_CFLAGS  ?= $(USER_DEFINED_CFLAGS)
190  endif
191  ifndef USER_DEFINED_LDFLAGS
192  BIN_LDFLAGS ?= $(LDFLAGS) $(FPIE_LDFLAGS)
193  else
194  BIN_LDFLAGS ?= $(USER_DEFINED_LDFLAGS)
195  endif
196  
197  # If the user wants to add extra flags to the existing flags,
198  # check it and add them
199  ifdef EXTRA_LIB_CFLAGS
200  LIB_CFLAGS += $(EXTRA_LIB_CFLAGS)
201  endif
202  ifdef EXTRA_LIB_DYN_LDFLAGS
203  LIB_DYN_LDFLAGS += $(EXTRA_LIB_DYN_LDFLAGS)
204  endif
205  ifdef EXTRA_BIN_CFLAGS
206  BIN_CFLAGS += $(EXTRA_BIN_CFLAGS)
207  endif
208  ifdef EXTRA_BIN_LDFLAGS
209  BIN_LDFLAGS += $(EXTRA_BIN_LDFLAGS)
210  endif
211  ifdef EXTRA_CFLAGS
212  CFLAGS += $(EXTRA_CFLAGS)
213  endif
214  ifdef EXTRA_LDFLAGS
215  LDFLAGS += $(EXTRA_LDFLAGS)
216  endif
217  
218  # Add the include folder
219  LIBECC_INCLUDE_FOLDER = include/
220  LIB_CFLAGS += -I$(LIBECC_INCLUDE_FOLDER)
221  BIN_CFLAGS += -I$(LIBECC_INCLUDE_FOLDER)
222  
223  # Static libraries to produce or link to
224  LIBARITH = $(BUILD_DIR)/libarith.a
225  LIBEC = $(BUILD_DIR)/libec.a
226  LIBSIGN = $(BUILD_DIR)/libsign.a
227  
228  # Compile dynamic libraries if the user asked to
229  ifeq ($(WITH_DYNAMIC_LIBS),1)
230  # Dynamic libraries to produce or link to
231  LIBARITH_DYN = $(BUILD_DIR)/libarith.so
232  LIBEC_DYN = $(BUILD_DIR)/libec.so
233  LIBSIGN_DYN = $(BUILD_DIR)/libsign.so
234  # The ld flags to generate shared librarie
235  ifeq ($(APPLE),)
236  LIB_DYN_LDFLAGS ?= -shared -Wl,-undefined,dynamic_lookup
237  else
238  LIB_DYN_LDFLAGS ?= -shared -Wl,-z,relro,-z,now
239  endif
240  endif
241  
242  # Do we want to use blinding to secure signature against some side channels?
243  ifeq ($(BLINDING),1)
244  CFLAGS += -DUSE_SIG_BLINDING
245  endif
246  
247  # Use complete formulas for point addition and doubling
248  # NOTE: complete formulas are used as default since they are
249  # more resilient against side channel attacks and they do not
250  # have a major performance impact
251  ifeq ($(COMPLETE),0)
252  CFLAGS += -DNO_USE_COMPLETE_FORMULAS
253  endif
254  
255  # Force Double and Add always usage
256  ifeq ($(ADALWAYS), 1)
257  CFLAGS += -DUSE_DOUBLE_ADD_ALWAYS
258  endif
259  ifeq ($(ADALWAYS), 0)
260  CFLAGS += -DUSE_MONTY_LADDER
261  endif
262  
263  # Force Montgomery Ladder always usage
264  ifeq ($(LADDER), 1)
265  CFLAGS += -DUSE_MONTY_LADDER
266  endif
267  ifeq ($(LADDER), 0)
268  CFLAGS += -DUSE_DOUBLE_ADD_ALWAYS
269  endif
270  
271  # Force small stack usage
272  ifeq ($(SMALLSTACK), 1)
273  CFLAGS += -DUSE_SMALL_STACK
274  endif
275  
276  # Are we sure we will not execute known
277  # vectors self tests?
278  ifeq ($(NOKNOWNTESTS), 1)
279  CFLAGS += -DNO_KNOWN_VECTORS
280  endif
281  
282  # Specific version for fuzzing with Cryptofuzz
283  # Allow raw signature and verification APIs
284  # which is DANGEROUS. Do not activate in production
285  # mode!
286  ifeq ($(CRYPTOFUZZ), 1)
287  CFLAGS += -DUSE_CRYPTOFUZZ
288  endif
289  
290  ifeq ($(ASSERT_PRINT), 1)
291  CFLAGS += -DUSE_ASSERT_PRINT
292  endif
293  
294  # By default, we want to catch all unused functions return values by
295  # triggering a warning. We deactivate this is we are asked to by the user.
296  ifneq ($(NO_WARN_UNUSED_RET), 1)
297  CFLAGS += -DUSE_WARN_UNUSED_RET
298  endif
299  
300  # Do we want to use clang or gcc sanitizers?
301  ifeq ($(USE_SANITIZERS),1)
302  CFLAGS += -fsanitize=undefined -fsanitize=address -fsanitize=leak
303    ifneq ($(CLANG),)
304      # Clang version < 12 do not support unsigned-shift-base
305      ifeq ($(CLANG_VERSION_GTE_12), true)
306        CFLAGS += -fsanitize=integer -fno-sanitize=unsigned-integer-overflow -fno-sanitize=unsigned-shift-base
307      endif
308    endif
309  endif
310  
311  # Do we want to use the ISO14888-3 version of the
312  # ECRDSA algorithm with discrepancies from the Russian
313  # RFC references?
314  ifeq ($(USE_ISO14888_3_ECRDSA),1)
315  CFLAGS += -DUSE_ISO14888_3_ECRDSA
316  endif
317  
318  # Do we have a C++ compiler instead of a C compiler?
319  GPP := $(shell $(CROSS_COMPILE)$(CC) -v 2>&1 | grep g++)
320  CLANGPP := $(shell echo $(CROSS_COMPILE)$(CC) | grep clang++)
321  
322  # g++ case
323  ifneq ($(GPP),)
324  CFLAGS := $(patsubst -std=c99, -std=c++2a, $(CFLAGS))
325  CFLAGS += -Wno-deprecated
326  # Remove C++ unused pedantic flags
327  CFLAGS := $(patsubst -Wstrict-prototypes,,$(CFLAGS))
328  CFLAGS := $(patsubst -Wjump-misses-init,,$(CFLAGS))
329  CFLAGS := $(patsubst -Wduplicated-branches,,$(CFLAGS))
330  CFLAGS := $(patsubst -Wno-declaration-after-statement,,$(CFLAGS))
331  endif
332  # clang++ case
333  ifneq ($(CLANGPP),)
334  CFLAGS := $(patsubst -std=c99, -std=c++2a, $(CFLAGS))
335  CFLAGS += -Wno-deprecated -Wno-c++98-c++11-c++14-c++17-compat-pedantic -Wno-old-style-cast -Wno-zero-as-null-pointer-constant -Wno-c++98-compat-pedantic
336  endif
337  
338  # Makefile verbosity
339  ifeq ($(VERBOSE),1)
340  VERBOSE_MAKE=
341  else
342  VERBOSE_MAKE=@
343  endif
344  
345  # Self tests parallelization
346  ifeq ($(OPENMP_SELF_TESTS),1)
347  CFLAGS  += -DWITH_OPENMP_SELF_TESTS -fopenmp
348  LDFLAGS += -fopenmp
349  endif