view Makefile.in @ 1857:6022df862942

Use DSCP for IP QoS traffic classes The previous TOS values are deprecated and not used by modern traffic classifiers. This sets AF21 for "interactive" traffic (with a tty). Non-tty traffic sets AF11 - that indicates high throughput but is not lowest priority (which would be CS1 or LE). This differs from the CS1 used by OpenSSH, it lets interactive git over SSH have higher priority than background least effort traffic. Dropbear's settings here should be suitable with the diffservs used by CAKE qdisc.
author Matt Johnston <matt@ucc.asn.au>
date Tue, 25 Jan 2022 17:32:20 +0800
parents 35d504d59c05
children fc4c9ef61856
line wrap: on
line source

# This Makefile is for Dropbear SSH Server and Client
# @configure_input@

# invocation:
# make PROGRAMS="dropbear dbclient scp" MULTI=1 SCPPROGRESS=1
#
# to make a multiple-program binary "dropbearmulti".
# This example will include dropbear, scp, dropbearkey, dropbearconvert, and
# dbclient functionality, and includes the progress-bar functionality in scp.

ifndef PROGRAMS
	PROGRAMS=dropbear dbclient dropbearkey dropbearconvert
endif

STATIC_LTC=libtomcrypt/libtomcrypt.a
STATIC_LTM=libtommath/libtommath.a

LIBTOM_LIBS=@LIBTOM_LIBS@

ifeq (@BUNDLED_LIBTOM@, 1)
LIBTOM_DEPS=$(STATIC_LTC) $(STATIC_LTM) 
LIBTOM_CLEAN=ltc-clean ltm-clean
CFLAGS+=-I$(srcdir)/libtomcrypt/src/headers/
LIBTOM_LIBS=$(STATIC_LTC) $(STATIC_LTM)
endif

OPTION_HEADERS = default_options_guard.h sysoptions.h
ifneq ($(wildcard localoptions.h),)
CFLAGS+=-DLOCALOPTIONS_H_EXISTS
OPTION_HEADERS += localoptions.h
endif

COMMONOBJS=dbutil.o buffer.o dbhelpers.o \
		dss.o bignum.o \
		signkey.o rsa.o dbrandom.o \
		queue.o \
		atomicio.o compat.o fake-rfc2553.o \
		ltc_prng.o ecc.o ecdsa.o sk-ecdsa.o crypto_desc.o \
		curve25519.o ed25519.o sk-ed25519.o \
		dbmalloc.o \
		gensignkey.o gendss.o genrsa.o gened25519.o

SVROBJS=svr-kex.o svr-auth.o sshpty.o \
		svr-authpasswd.o svr-authpubkey.o svr-authpubkeyoptions.o svr-session.o svr-service.o \
		svr-chansession.o svr-runopts.o svr-agentfwd.o svr-main.o svr-x11fwd.o\
		svr-tcpfwd.o svr-authpam.o

CLIOBJS=cli-main.o cli-auth.o cli-authpasswd.o cli-kex.o \
		cli-session.o cli-runopts.o cli-chansession.o \
		cli-authpubkey.o cli-tcpfwd.o cli-channel.o cli-authinteract.o \
		cli-agentfwd.o 

CLISVROBJS=common-session.o packet.o common-algo.o common-kex.o \
			common-channel.o common-chansession.o termcodes.o loginrec.o \
			tcp-accept.o listener.o process-packet.o dh_groups.o \
			common-runopts.o circbuffer.o list.o netio.o chachapoly.o gcm.o

KEYOBJS=dropbearkey.o

CONVERTOBJS=dropbearconvert.o keyimport.o

SCPOBJS=scp.o progressmeter.o atomicio.o scpmisc.o compat.o

ifeq (@DROPBEAR_FUZZ@, 1)
	allobjs = $(COMMONOBJS) fuzz/fuzz-common.o  fuzz/fuzz-wrapfd.o $(CLISVROBJS) $(CLIOBJS) $(SVROBJS) @CRYPTLIB@
	allobjs:=$(subst svr-main.o, ,$(allobjs))
	allobjs:=$(subst cli-main.o, ,$(allobjs))

	dropbearobjs=$(allobjs) svr-main.o
	dbclientobjs=$(allobjs) cli-main.o
	dropbearkeyobjs=$(allobjs) $(KEYOBJS)
	dropbearconvertobjs=$(allobjs) $(CONVERTOBJS)
	# CXX only set when fuzzing
	CXX=@CXX@
	FUZZ_CLEAN=fuzz-clean
else
	dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS)
	dbclientobjs=$(COMMONOBJS) $(CLISVROBJS) $(CLIOBJS)
	dropbearkeyobjs=$(COMMONOBJS) $(KEYOBJS)
	dropbearconvertobjs=$(COMMONOBJS) $(CONVERTOBJS)
	scpobjs=$(SCPOBJS)
endif

ifeq (@DROPBEAR_PLUGIN@, 1)
    # rdynamic makes all the global symbols of dropbear available to all the loaded shared libraries
    # this allow a plugin to reuse existing crypto/utilities like base64_decode/base64_encode without
    # the need to rewrite them.
    PLUGIN_LIBS=-ldl -rdynamic
else
    PLUGIN_LIBS=
endif

VPATH=@srcdir@
srcdir=@srcdir@

prefix=@prefix@
exec_prefix=@exec_prefix@
datarootdir = @datarootdir@
bindir=@bindir@
sbindir=@sbindir@
mandir=@mandir@

.DELETE_ON_ERROR:

CC=@CC@
AR=@AR@
RANLIB=@RANLIB@
STRIP=@STRIP@
INSTALL=@INSTALL@
CPPFLAGS=@CPPFLAGS@
CFLAGS+=-I. -I$(srcdir) $(CPPFLAGS) @CFLAGS@
LIBS+=@LIBS@
LDFLAGS=@LDFLAGS@

EXEEXT=@EXEEXT@

STATIC=@STATIC@

# whether we're building client, server, or both for the common objects.
# evilness so we detect 'dropbear' by itself as a word
ifneq (,$(strip $(foreach prog, $(PROGRAMS), $(findstring ZdropbearZ, Z$(prog)Z))))
	CFLAGS+= -DDROPBEAR_SERVER
endif
ifneq (,$(strip $(foreach prog, $(PROGRAMS), $(findstring ZdbclientZ, Z$(prog)Z))))
	CFLAGS+= -DDROPBEAR_CLIENT
endif

# these are exported so that libtomcrypt's makefile will use them
export CC
export CFLAGS
export RANLIB AR STRIP

ifeq ($(STATIC), 1)
	LDFLAGS+=-static
endif

ifeq ($(MULTI), 1)
	TARGETS=dropbearmulti$(EXEEXT)
else
	TARGETS=$(PROGRAMS)
endif

# for the scp progress meter. The -D doesn't affect anything else.
ifeq ($(SCPPROGRESS), 1)
	CFLAGS+=-DPROGRESS_METER
endif

all: $(TARGETS)

# for simplicity assume all source depends on all headers
HEADERS=$(wildcard $(srcdir)/*.h *.h) $(OPTION_HEADERS)
%.o : %.c $(HEADERS)
	$(CC) -c $(CFLAGS) $(CPPFLAGS) $< -o $@

default_options_guard.h: default_options.h
	@echo Creating $@
	@printf "/*\n > > > Do not edit this file (default_options_guard.h) < < <\nGenerated from "$^"\nLocal customisation goes in localoptions.h\n*/\n\n" > $@.tmp
	@$(srcdir)/ifndef_wrapper.sh < $^ >> $@.tmp
	@mv $@.tmp $@

strip: $(TARGETS)
	$(STRIP) $(addsuffix $(EXEEXT), $(TARGETS))

install: $(addprefix inst_, $(TARGETS))

insmultidropbear: dropbearmulti$(EXEEXT)
	$(INSTALL) -d $(DESTDIR)$(sbindir)
	-rm -f $(DESTDIR)$(sbindir)/dropbear$(EXEEXT)
	-ln -s $(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(sbindir)/dropbear$(EXEEXT) 
	$(INSTALL) -d $(DESTDIR)$(mandir)/man8
	$(INSTALL) -m 644 $(srcdir)/dropbear.8  $(DESTDIR)$(mandir)/man8/dropbear.8

insmulti%: dropbearmulti$(EXEEXT)
	$(INSTALL) -d $(DESTDIR)$(bindir)
	-rm -f $(DESTDIR)$(bindir)/$*$(EXEEXT) 
	-ln -s $(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(bindir)/$*$(EXEEXT) 
	$(INSTALL) -d $(DESTDIR)$(mandir)/man1
	if test -e $(srcdir)/$*.1; then $(INSTALL) -m 644 $(srcdir)/$*.1 $(DESTDIR)$(mandir)/man1/$*.1; fi

# dropbear should go in sbin, so it needs a separate rule
inst_dropbear: dropbear
	$(INSTALL) -d $(DESTDIR)$(sbindir)
	$(INSTALL) dropbear$(EXEEXT) $(DESTDIR)$(sbindir)
	$(INSTALL) -d $(DESTDIR)$(mandir)/man8
	$(INSTALL) -m 644 $(srcdir)/dropbear.8 $(DESTDIR)$(mandir)/man8/dropbear.8

inst_%: %
	$(INSTALL) -d $(DESTDIR)$(bindir)
	$(INSTALL) $*$(EXEEXT) $(DESTDIR)$(bindir)
	$(INSTALL) -d $(DESTDIR)$(mandir)/man1
	if test -e $(srcdir)/$*.1; then $(INSTALL) -m 644 $(srcdir)/$*.1 $(DESTDIR)$(mandir)/man1/$*.1; fi

inst_dropbearmulti: $(addprefix insmulti, $(PROGRAMS)) 

# for some reason the rule further down doesn't like $($@objs) as a prereq.
dropbear: $(dropbearobjs)
dbclient: $(dbclientobjs)
dropbearkey: $(dropbearkeyobjs)
dropbearconvert: $(dropbearconvertobjs)

dropbear: $(HEADERS) $(LIBTOM_DEPS) Makefile
	$(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS) @CRYPTLIB@ $(PLUGIN_LIBS)

dbclient: $(HEADERS) $(LIBTOM_DEPS) Makefile
	$(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS)

dropbearkey dropbearconvert: $(HEADERS) $(LIBTOM_DEPS) Makefile
	$(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS)

# scp doesn't use the libs so is special.
scp: $(SCPOBJS)  $(HEADERS) Makefile
	$(CC) $(LDFLAGS) -o $@$(EXEEXT) $(SCPOBJS)


# multi-binary compilation.
MULTIOBJS=
ifeq ($(MULTI),1)
	MULTIOBJS=dbmulti.o $(sort $(foreach prog, $(PROGRAMS), $($(prog)objs)))
	CFLAGS+=$(addprefix -DDBMULTI_, $(PROGRAMS)) -DDROPBEAR_MULTI
endif

dropbearmulti$(EXEEXT): $(HEADERS) $(MULTIOBJS) $(LIBTOM_DEPS) Makefile
	$(CC) $(LDFLAGS) -o $@ $(MULTIOBJS) $(LIBTOM_LIBS) $(LIBS) @CRYPTLIB@

multibinary: dropbearmulti$(EXEEXT)

multilink: multibinary $(addprefix link, $(PROGRAMS))

link%:
	-rm -f $*$(EXEEXT)
	-ln -s dropbearmulti$(EXEEXT) $*$(EXEEXT)

$(STATIC_LTC): $(OPTION_HEADERS)
	$(MAKE) -C libtomcrypt

$(STATIC_LTM): $(OPTION_HEADERS)
	$(MAKE) -C libtommath

.PHONY : clean sizes thisclean distclean tidy ltc-clean ltm-clean lint check

ltc-clean:
	$(MAKE) -C libtomcrypt clean

ltm-clean:
	$(MAKE) -C libtommath clean

sizes: dropbear
	objdump -t dropbear|grep ".text"|cut -d "." -f 2|sort -rn

clean: $(LIBTOM_CLEAN) $(FUZZ_CLEAN) thisclean

thisclean:
	-rm -f dropbear$(EXEEXT) dbclient$(EXEEXT) dropbearkey$(EXEEXT) \
			dropbearconvert$(EXEEXT) scp$(EXEEXT) scp-progress$(EXEEXT) \
			dropbearmulti$(EXEEXT) *.o *.da *.bb *.bbg *.prof

distclean: clean tidy
	-rm -f config.h
	-rm -f Makefile
	-rm -f default_options_guard.h

tidy:
	-rm -f *~ *.gcov */*~

lint:
	cd $(srcdir); ./dropbear_lint.sh

check: lint
	make -C test

## Fuzzing targets

# list of fuzz targets
FUZZ_TARGETS=fuzzer-preauth fuzzer-pubkey fuzzer-verify fuzzer-preauth_nomaths \
	fuzzer-kexdh fuzzer-kexecdh fuzzer-kexcurve25519 fuzzer-client fuzzer-client_nomaths \
	fuzzer-postauth_nomaths

FUZZER_OPTIONS = $(addsuffix .options, $(FUZZ_TARGETS))
FUZZ_OBJS = $(addprefix fuzz/,$(addsuffix .o,$(FUZZ_TARGETS))) \
	fuzz/fuzz-sshpacketmutator.o

list-fuzz-targets:
	@echo $(FUZZ_TARGETS)

# fuzzers that don't use libfuzzer, just a standalone harness that feeds inputs
fuzzstandalone: FUZZLIB=fuzz/fuzz-harness.o
fuzzstandalone: fuzz/fuzz-harness.o fuzz-targets

# Build all the fuzzers. Usually like
#   make fuzz-targets FUZZLIB=-lFuzzer.a 
# the library provides main(). Otherwise
#   make fuzzstandalone
# provides a main in fuzz-harness.c
fuzz-targets: $(FUZZ_TARGETS) $(FUZZER_OPTIONS)

$(FUZZ_TARGETS): $(FUZZ_OBJS) $(allobjs) $(LIBTOM_DEPS) 
	$(CXX) $(CXXFLAGS) fuzz/$@.o $(LDFLAGS) $(allobjs) -o $@$(EXEEXT) $(LIBTOM_LIBS) $(LIBS) $(FUZZLIB) @CRYPTLIB@

# fuzzers that use the custom mutator - these expect a SSH network stream
MUTATOR_FUZZERS=fuzzer-client fuzzer-client_nomaths \
	fuzzer-preauth fuzzer-preauth_nomaths fuzzer-postauth_nomaths

# Skip custom mutators for -fsanitize-memory since libfuzzer doesn't initialise memory
# Pending fix for it https://github.com/google/oss-fuzz/issues/4605
ifeq (,$(findstring fsanitize=memory, $(CFLAGS)))
$(MUTATOR_FUZZERS): allobjs += fuzz/fuzz-sshpacketmutator.o
endif

fuzzer-%.options: Makefile
	echo "[libfuzzer]"               > $@
	echo "max_len = 50000"          >> $@

# run this to update hardcoded hostkeys for for fuzzing. 
# hostkeys.c is checked in to hg.
fuzz-hostkeys:
	dropbearkey -t rsa -f keyr
	dropbearkey -t dss -f keyd
	dropbearkey -t ecdsa -size 256 -f keye
	dropbearkey -t ed25519 -f keyed25519
	echo > hostkeys.c
	/usr/bin/xxd -i -a keyr >> hostkeys.c
	/usr/bin/xxd -i -a keye >> hostkeys.c
	/usr/bin/xxd -i -a keyd >> hostkeys.c
	/usr/bin/xxd -i -a keyed25519 >> hostkeys.c

fuzz-clean:
	-rm -f fuzz/*.o $(FUZZ_TARGETS) $(FUZZER_OPTIONS)