forked from openssh/openssh-portable
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathMakefile.soaap
115 lines (93 loc) · 6.24 KB
/
Makefile.soaap
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
#TODO: check 7a2073c50b92c053594d48a651ebafae052a71ed (initial privsep)
SOAAP_ROOT?=$(CURDIR)/..
LLVM_BUILD_DIR?=$(SOAAP_ROOT)/llvm/build
SOAAP_BUILD_DIR?=$(SOAAP_ROOT)/soaap/build
DEFINES=-DHAVE_CONFIG_H -D_GNU_SOURCE
# for some reason we need to add /usr/include and the dir with stddef.h here
INCLUDES=-isystem $(SOAAP_ROOT)/llvm/build/lib/clang/3.7.0/include/ -isystem /usr/include -I $(SOAAP_ROOT)/soaap/include/ -I .
WARNINGS=-Wundef -Wno-conversion -Werror=implicit-function-declaration -Wno-incompatible-library-redeclaration -Wno-pointer-sign
CFLAGS=-cc1 -emit-llvm -g -fcolor-diagnostics
CLANG?=$(LLVM_BUILD_DIR)/bin/clang
LLVM_LINK?=$(LLVM_BUILD_DIR)/bin/llvm-link
SOAAP?=$(SOAAP_BUILD_DIR)/bin/soaap
SOAAP_OPTIONS?=
.PHONY: all clean soaap soaap-linux soaap-all
LIBSSH_IR_FILES=\
ssherr.ll \
sshbuf.ll \
sshkey.ll \
sshbuf-getput-basic.ll \
sshbuf-misc.ll \
sshbuf-getput-crypto.ll \
authfd.ll authfile.ll bufaux.ll bufbn.ll buffer.ll \
canohost.ll channels.ll cipher.ll cipher-aes.ll \
cipher-bf1.ll cipher-ctr.ll cipher-3des1.ll \
compat.ll compress.ll crc32.ll deattack.ll fatal.ll hostfile.ll \
log.ll match.ll md-sha256.ll moduli.ll nchan.ll packet.ll \
readpass.ll rsa.ll ttymodes.ll xmalloc.ll addrmatch.ll \
atomicio.ll key.ll dispatch.ll kex.ll mac.ll uidswap.ll uuencode.ll misc.ll \
monitor_fdpass.ll rijndael.ll ssh-dss.ll ssh-ecdsa.ll ssh-rsa.ll dh.ll \
kexdh.ll kexgex.ll kexdhc.ll kexgexc.ll bufec.ll kexecdh.ll kexecdhc.ll \
msg.ll progressmeter.ll dns.ll entropy.ll gss-genr.ll umac.ll umac128.ll \
ssh-pkcs11.ll krl.ll smult_curve25519_ref.ll \
kexc25519.ll kexc25519c.ll poly1305.ll chacha.ll cipher-chachapoly.ll \
ssh-ed25519.ll digest-openssl.ll hmac.ll \
sc25519.ll ge25519.ll fe25519.ll ed25519.ll verify.ll hash.ll blocks.ll
# we exclude cleanup.ll from LIBSSH since cleanup_exit is defined in sshd.c
SSHD_IR_FILES=sshd.ll auth-rhosts.ll auth-passwd.ll auth-rsa.ll auth-rh-rsa.ll \
audit.ll audit-bsm.ll audit-linux.ll platform.ll \
sshpty.ll sshlogin.ll servconf.ll serverloop.ll \
auth.ll auth1.ll auth2.ll auth-options.ll session.ll \
auth-chall.ll auth2-chall.ll groupaccess.ll \
auth-skey.ll auth-bsdauth.ll auth2-hostbased.ll auth2-kbdint.ll \
auth2-none.ll auth2-passwd.ll auth2-pubkey.ll \
monitor_mm.ll monitor.ll monitor_wrap.ll kexdhs.ll kexgexs.ll kexecdhs.ll \
kexc25519s.ll auth-krb5.ll \
auth2-gss.ll gss-serv.ll gss-serv-krb5.ll \
loginrec.ll auth-pam.ll auth-shadow.ll auth-sia.ll md5crypt.ll \
sftp-server.ll sftp-common.ll \
roaming_common.ll roaming_serv.ll \
sandbox-null.ll sandbox-rlimit.ll sandbox-systrace.ll sandbox-darwin.ll \
sandbox-seccomp-filter.ll sandbox-capsicum.ll
OPENBSD_COMPAT_IR_FILES=openbsd-compat/base64.ll openbsd-compat/basename.ll openbsd-compat/bindresvport.ll \
openbsd-compat/blowfish.ll openbsd-compat/daemon.ll openbsd-compat/dirname.ll openbsd-compat/fmt_scaled.ll openbsd-compat/getcwd.ll \
openbsd-compat/getgrouplist.ll openbsd-compat/getopt_long.ll openbsd-compat/getrrsetbyname.ll openbsd-compat/glob.ll \
openbsd-compat/inet_aton.ll openbsd-compat/inet_ntoa.ll openbsd-compat/inet_ntop.ll openbsd-compat/mktemp.ll openbsd-compat/pwcache.ll \
openbsd-compat/readpassphrase.ll openbsd-compat/realpath.ll openbsd-compat/rresvport.ll openbsd-compat/setenv.ll openbsd-compat/setproctitle.ll \
openbsd-compat/sha2.ll openbsd-compat/sigact.ll openbsd-compat/strlcat.ll openbsd-compat/strlcpy.ll openbsd-compat/strmode.ll \
openbsd-compat/strnlen.ll openbsd-compat/strptime.ll openbsd-compat/strsep.ll openbsd-compat/strtonum.ll openbsd-compat/strtoll.ll \
openbsd-compat/strtoul.ll openbsd-compat/strtoull.ll openbsd-compat/timingsafe_bcmp.ll openbsd-compat/vis.ll \
openbsd-compat/bcrypt_pbkdf.ll openbsd-compat/explicit_bzero.ll openbsd-compat/arc4random.ll openbsd-compat/bsd-asprintf.ll \
openbsd-compat/bsd-closefrom.ll openbsd-compat/bsd-cray.ll openbsd-compat/bsd-cygwin_util.ll openbsd-compat/bsd-getpeereid.ll \
openbsd-compat/getrrsetbyname-ldns.ll openbsd-compat/bsd-misc.ll openbsd-compat/bsd-nextstep.ll openbsd-compat/bsd-openpty.ll \
openbsd-compat/bsd-poll.ll openbsd-compat/bsd-setres_id.ll openbsd-compat/bsd-snprintf.ll openbsd-compat/bsd-statvfs.ll \
openbsd-compat/bsd-waitpid.ll openbsd-compat/fake-rfc2553.ll openbsd-compat/openssl-compat.ll openbsd-compat/xmmap.ll openbsd-compat/xcrypt.ll \
openbsd-compat/kludge-fd_set.ll openbsd-compat/port-aix.ll openbsd-compat/port-irix.ll openbsd-compat/port-linux.ll openbsd-compat/port-solaris.ll \
openbsd-compat/port-tun.ll openbsd-compat/port-uw.ll
#TODO: openbsd-compat/bsd-getpeereid.ll won't compile due to forward declaration of struct ucred
all: sshd_executable.bc
@echo
soaap: sshd_executable.bc
$(SOAAP) -o sshd.soaap $^ -soaap-infer-fp-targets -soaap-sandbox-platform=capsicum $(SOAAP_OPTIONS)
soaap-linux: sshd_executable.bc
$(SOAAP) -o sshd.soaap $^ -soaap-sandbox-platform=seccomp -soaap-syscall-traces
soaap-all: sshd_executable.bc
$(SOAAP) -o sshd.soaap $^ -soaap-infer-fp-targets -soaap-list-fp-calls -soaap-list-fp-targets -soaap-list-sandboxed-funcs -soaap-sandbox-platform=capsicum -soaap-dump-rpc-graph -soaap-syscall-traces -soaap-skip-global-variable-analysis
soaap-json: sshd_executable.bc
$(SOAAP) -o sshd.soaap $^ -soaap-infer-fp-targets -soaap-list-fp-calls -soaap-list-fp-targets -soaap-list-sandboxed-funcs -soaap-sandbox-platform=capsicum -soaap-dump-rpc-graph -soaap-report-output-formats=json -soaap-syscall-traces -soaap-skip-global-variable-analysis
clean:
rm -f *.ll *.bc openbsd-compat/*.ll sshd.soaap
sshd_executable.bc: $(SSHD_IR_FILES) $(LIBSSH_IR_FILES) $(OPENBSD_COMPAT_IR_FILES)
$(LLVM_LINK) -o $@ $^
%.ll: %.c
$(CLANG) $(CFLAGS) $(INCLUDES) $(DEFINES) $(WARNINGS) -o $@ $<
$(OPENBSD_COMPAT_IR_FILES): %.ll: %.c
$(CLANG) $(CFLAGS) -I openbsd-compat $(INCLUDES) $(DEFINES) $(WARNINGS) -o $@ $<
# special case target for umac128
umac128.ll: umac.c
$(CLANG) $(CFLAGS) $(DEFINES) $(INCLUDES) $(WARNINGS) -o $@ $< -DUMAC_OUTPUT_LEN=16 -Dumac_new=umac128_new -Dumac_update=umac128_update -Dumac_final=umac128_final -Dumac_delete=umac128_delete
#silence the const return value in cipher.c and mac.c
cipher.ll: cipher.c
$(CLANG) $(CFLAGS) $(DEFINES) $(INCLUDES) $(WARNINGS) -o $@ $< -Wno-incompatible-pointer-types
mac.ll: mac.c
$(CLANG) $(CFLAGS) $(DEFINES) $(INCLUDES) $(WARNINGS) -o $@ $< -Wno-incompatible-pointer-types