Makefile_{v1,src},OpenSSL_version.{mk,c},README.md: major update with…

… improved diagnostics

Makefile_src

@@ -64,20 +64,19 @@ endif
 
 ifeq ($(shell echo $(OPENSSL_DIR) | grep "^/"),)
 # $(OPENSSL_DIR) is relative path
-    OPENSSL=$(PREFIX)$(OPENSSL_DIR)
+    PREFIX_OPENSSL_DIR=$(PREFIX)$(OPENSSL_DIR)
     ifeq ($(OPENSSL_LIB),)
-      override OPENSSL_LIB = $(OPENSSL)
+        override OPENSSL_LIB = $(PREFIX_OPENSSL_DIR)
     endif
-    OPENSSL_RPATH=$(OPENSSL_DIR)
-    OPENSSL_RPATH_LIB=$(OPENSSL_DIR)
-else
-# $(OPENSSL_DIR) is absolute path
-    OPENSSL=$(OPENSSL_DIR)
+#   OPENSSL_RPATH=$(OPENSSL_DIR)
+#   OPENSSL_RPATH_LIB=$(OPENSSL_DIR)
+else # $(OPENSSL_DIR) is absolute path
+    PREFIX_OPENSSL_DIR=$(OPENSSL_DIR)
     ifeq ($(OPENSSL_LIB),)
-      override OPENSSL_LIB = $(OPENSSL)/$(LIB)
+        override OPENSSL_LIB = $(PREFIX_OPENSSL_DIR)/$(LIB)
     endif
-    OPENSSL_RPATH=$(OPENSSL)
-    OPENSSL_RPATH_LIB=$(OPENSSL_LIB)
+#   OPENSSL_RPATH=$(PREFIX_OPENSSL_DIR)
+#   OPENSSL_RPATH_LIB=$(OPENSSL_LIB)
 endif
 
 ARCHIVE=$(PREFIX)bin # for Jenkins
@@ -115,7 +114,7 @@ ifneq ($(LIBCMP_INC),)
 # use of -isystem is important for taking precedence over any (older) OpenSSL CMP headers
     override CFLAGS += -DUSE_LIBCMP
 endif
-override CFLAGS += -isystem $(OPENSSL)/include # use of -isystem is critical for selecting wanted OpenSSL version
+override CFLAGS += -isystem $(PREFIX_OPENSSL_DIR)/include # use of -isystem is critical for selecting wanted OpenSSL version
 override CFLAGS += -I$(PREFIX)include # for genericCMPClient.h
 override CFLAGS += $(OSSL_VERSION_QUIRKS)
 
@@ -168,12 +167,13 @@ ifeq ($(LPATH),)
             endif
         endif
     endif
-    override LDFLAGS += -L $(OPENSSL_LIB) -L $(OPENSSL)
+    override LDFLAGS += -L $(OPENSSL_LIB)# -L $(PREFIX_OPENSSL_DIR)
     ifeq ($(DEB_TARGET_ARCH),) # not during Debian packaging
-        override LDFLAGS += -Wl,-rpath,$(OPENSSL_RPATH_LIB)
-	ifneq ($(OPENSSL_RPATH_LIB),$(OPENSSL_RPATH))
-        override LDFLAGS += -Wl,-rpath,$(OPENSSL_RPATH)
-        endif
+#         override LDFLAGS += -Wl,-rpath,$(OPENSSL_RPATH_LIB)
+#         ifneq ($(OPENSSL_RPATH_LIB),$(OPENSSL_RPATH))
+#             override LDFLAGS += -Wl,-rpath,$(OPENSSL_RPATH)
+#         endif
+    override LDFLAGS += -Wl,-rpath,$(OPENSSL_LIB)
     endif
 else
     override LDFLAGS += -L $(LPATH)

Makefile_v1

@@ -2,8 +2,8 @@
 
 # Optional USE_LIBCMP requires the use of the intermediate libcmp
 # Optional LPATH defines where to find any pre-installed libsecutils and UTA libraries, e.g., /usr/lib
-# Optional OPENSSL_DIR defines where to find the OpenSSL installation, defaulting to LPATH/.. if set, else ROOTFS/usr
-# Optional OPENSSL_LIB defines where to find the OpenSSL library installation (default: ROOTFS/usr/lib or ".").
+# Optional OPENSSL_DIR defines where to find the OpenSSL installation with headers at include/openssl (default: will try, e.g., /usr).
+# Optional OPENSSL_LIB defines where to find the OpenSSL library installation (default: will try, e.g., OPENSSL_DIR/lib).
 # Optional CFLAGS and LDFLAGS are appended by local settings.
 # Optional DEBUG_FLAGS may set to prepend to local CFLAGS and LDFLAGS. Also CFLAGS is passed to build goals.
 # Builds are done in release mode if optional NDEBUG is defined.
@@ -40,10 +40,10 @@ else
     ifeq ($(shell uname -s),Darwin)
         OS=MacOS
         DLL=.dylib
-        SONAME=install_name
+#       SONAME=install_name,@rpath/
     else # assuming Linux
         DLL=.so
-        SONAME=soname
+#       SONAME=soname,
     endif
 #   LIB=lib
     PINGCOUNTOPT=-c
@@ -71,6 +71,27 @@ else # $(OUT_DIR) is absolute path
     OUT_DIR_REVERSE_DIR=$(OUT_DIR)
 endif
 
+ifeq ($(OPENSSL_DIR),)
+    OPENSSL_DIR=$(shell $(MAKE) -f OpenSSL_version.mk -s 2>/dev/null --no-print-directory dir)
+    ifeq ($(OPENSSL_DIR),)
+        $(error Error determining OPENSSL_DIR)
+    endif
+endif
+ifeq ($(OPENSSL_LIB),)
+    OPENSSL_LIB=$(shell $(MAKE) -f OpenSSL_version.mk -s 2>/dev/null --no-print-directory lib)
+    ifeq ($(OPENSSL_LIB),)
+        $(error Error determining OPENSSL_LIB)
+    endif
+endif
+HDR_NAME_PATTERN=include/openssl/cmp.h
+ifeq ($(wildcard $(OPENSSL_DIR)/$(HDR_NAME_PATTERN)),)
+    $(error Error: cannot find OpenSSL header file $(OPENSSL_DIR)/$(HDR_NAME_PATTERN))
+endif
+LIB_NAME_PATTERN=libcrypto*$(DLL)*
+ifeq ($(wildcard $(OPENSSL_LIB)/$(LIB_NAME_PATTERN)),)
+    $(error Error: cannot find OpenSSL library $(LIB_NAME_PATTERN) at $(OPENSSL_LIB)/)
+endif
+
 ifeq ($(LPATH),)
     ifeq ($(OUT_DIR),)
         override OUT_DIR = .
@@ -100,11 +121,9 @@ endif
 ifeq ($(shell echo $(OPENSSL_DIR) | grep "^/"),)
 # $(OPENSSL_DIR) is relative path, assumed relative to ./
     OPENSSL_REVERSE_DIR=../$(OPENSSL_DIR)
-    OPENSSL_LIB ?= $(OPENSSL_DIR)
 else
 # $(OPENSSL_DIR) is absolute path
     OPENSSL_REVERSE_DIR=$(OPENSSL_DIR)
-    OPENSSL_LIB ?= $(OPENSSL_DIR)
 endif
 
 ifeq ($(shell echo $(DESTDIR) | grep "^/"),)
@@ -137,23 +156,28 @@ endif
 # optional SET_PROXY variable can be set to override default proxy settings
 SET_PROXY ?= no_proxy=localhost,127.0.0.1
 
-# defaults for tests:
+# defaults for tests and demo:
 OPENSSL ?= openssl$(EXE)
 
 MAKECMDGOALS ?= default
 ifneq ($(filter-out doc start stop doc doc_this doc/cmpClient.md doc/cmpClient.1.gz \
     clean clean_config clean_all clean_this clean_test clean_submodules clean_openssl clean_uta clean_deb,$(MAKECMDGOALS)),)
-    ifeq (,$(wildcard $(OPENSSL_DIR)/include/openssl))
+    ifeq ($(wildcard $(OPENSSL_DIR)/include/openssl),)
         $(error cannot find directory '$(OPENSSL_DIR)/include/openssl', check OPENSSL_DIR variable)
     endif
-    OPENSSL_VERSION=$(shell $(MAKE) -s --no-print-directory -f OpenSSL_version.mk LIB=header OPENSSL_DIR="$(OPENSSL_DIR)")
+    OPENSSL_VERSION=$(shell $(MAKE) -s 2>/dev/null --no-print-directory -f OpenSSL_version.mk SOURCE=header OPENSSL_DIR="$(OPENSSL_DIR)")
+    $(info in $(PWD):)
+    $(info detected OpenSSL directory $(OPENSSL_DIR))
+    $(info detected OpenSSL version   $(OPENSSL_VERSION))
     ifeq ($(OPENSSL_VERSION),)
         $(warning WARNING: cannot determine version of OpenSSL in directory '$(OPENSSL_DIR)', assuming 3.0)
         OPENSSL_VERSION=3.0
     endif
-    $(info detected OpenSSL version $(OPENSSL_VERSION).x)
     ifeq ($(shell expr "$(OPENSSL_VERSION)" \< 1.1),1) # same as comparing == 1.0
-        $(info enabling compilation quirks for OpenSSL 1.0.2)
+        ifeq ($(shell expr "$(OPENSSL_VERSION)" \< 1.0),1)
+            $(error detected incompatible OpenSSL version $(OPENSSL_VERSION))
+        endif
+        $(warning enabling compilation quirks for old OpenSSL 1.0.x versions)
         OSSL_VERSION_QUIRKS+=-Wno-discarded-qualifiers -Wno-unused-parameter
     endif
     ifeq ($(shell expr "$(OPENSSL_VERSION)" \< 3),1)
@@ -163,7 +187,6 @@ ifneq ($(filter-out doc start stop doc doc_this doc/cmpClient.md doc/cmpClient.1
 else
     OPENSSL_VERSION=3.0 # dummy
 endif
-OPENSSL_MAJOR_VERSION=$(shell echo $(OPENSSL_VERSION) | sed 's/\..*//')
 
 ifeq ($(LPATH),)
     LIBCMP_DIR=cmpossl
@@ -185,6 +208,8 @@ else
     # GIT_PROGRESS=--progress # disabled as gives lengthy output in CI runs
 endif
 
+# build rules ##################################################################
+
 ################################################################
 # generic CMP Client library and CLI-based client
 ################################################################
@@ -253,7 +278,10 @@ $(SECUTILS_OUT_LIB):
 update_secutils:
 	git submodule update $(GIT_PROGRESS) --init --depth 1 $(SECUTILS_DIR)
 build_secutils: # not: update_secutils
-	$(MAKE) -C $(SECUTILS_DIR) -f Makefile_v1 -s build_all $(SET_NDEBUG) $(SET_DEBUG_FLAGS) CFLAGS="$(CFLAGS) $(OSSL_VERSION_QUIRKS)" SECUTILS_USE_ICV=$(SECUTILS_USE_ICV) SECUTILS_USE_UTA=$(SECUTILS_USE_UTA) SECUTILS_NO_TLS=$(SECUTILS_NO_TLS) OPENSSL_DIR="$(OPENSSL_DIR)" OUT_DIR="$(OUT_DIR_REVERSE_DIR)"
+	$(MAKE) -C $(SECUTILS_DIR) -f Makefile_v1 -s build_all \
+            $(SET_NDEBUG) $(SET_DEBUG_FLAGS) CFLAGS="$(CFLAGS) $(OSSL_VERSION_QUIRKS)" \
+            SECUTILS_USE_ICV=$(SECUTILS_USE_ICV) SECUTILS_USE_UTA=$(SECUTILS_USE_UTA) SECUTILS_NO_TLS=$(SECUTILS_NO_TLS) \
+            OPENSSL_DIR="$(OPENSSL_DIR)" OPENSSL_LIB="$(OPENSSL_LIB)" OUT_DIR="$(OUT_DIR_REVERSE_DIR)"
 
 ifdef USE_LIBCMP
 $(LIBCMP_DIR)/include:
@@ -277,7 +305,8 @@ update_cmpossl:
 build_cmpossl: # not: update_cmpossl
 	@ # the old way to build with CMP was: buildCMPforOpenSSL
 ifdef USE_LIBCMP
-	$(MAKE) -C $(LIBCMP_DIR) -f Makefile_v1 -s build $(SET_NDEBUG) $(SET_DEBUG_FLAGS) CFLAGS="$(CFLAGS)" OPENSSL_DIR="$(OPENSSL_REVERSE_DIR)" OUT_DIR="$(OUT_DIR_REVERSE_DIR)"
+	$(MAKE) -C $(LIBCMP_DIR) -f Makefile_v1 -s build $(SET_NDEBUG) $(SET_DEBUG_FLAGS) \
+            CFLAGS="$(CFLAGS)" OPENSSL_DIR="$(OPENSSL_REVERSE_DIR)" OUT_DIR="$(OUT_DIR_REVERSE_DIR)"
 endif
 
 clean_submodules:
@@ -291,15 +320,21 @@ endif # eq ($(SECUTILS_DIR),)
 .phony: build_prereq build_only build_no_tls
 build_prereq: submodules
 
+OPENSSL_MAJOR_VERSION=$(shell echo $(OPENSSL_VERSION) | sed 's/\..*//')
 build: build_prereq build_only
-ifdef USE_LIBCMP
-    ifeq ($(DEB_BUILD_ARCH),) # avoid weird syntax error on '\' with Debian packaging
-	@export LIBCMP_OPENSSL_VERSION=`$(MAKE) -s --no-print-directory -f OpenSSL_version.mk LIB="$(LIBCMP_OUT_LIB)"` && \
+ifeq ($(DEB_BUILD_ARCH),) # avoid weird syntax error on '\' with Debian packaging
+    ifdef USE_LIBCMP
+	@export LIBCMP_OPENSSL_VERSION=`$(MAKE) -s 2>/dev/null --no-print-directory -f OpenSSL_version.mk SOURCE="$(LIBCMP_OUT_LIB)"` && \
 	if [[ "$$LIBCMP_OPENSSL_VERSION" != "$(OPENSSL_VERSION)" && \
-	     "$$LIBCMP_OPENSSL_VERSION" != "$(OPENSSL_MAJOR_VERSION)" ]]; then \
-	    echo "WARNING: OpenSSL version '$$LIBCMP_OPENSSL_VERSION' used for building libcmp does not match '$(OPENSSL_VERSION)' to be used for building client"; \
+	      "$$LIBCMP_OPENSSL_VERSION" != "$(OPENSSL_MAJOR_VERSION)" ]]; then \
+	    echo "WARNING: OpenSSL version '$$LIBCMP_OPENSSL_VERSION' used for building libcmp does not match '$(OPENSSL_VERSION)' to be used for building cmpClient"; \
 	fi
     endif
+	@export SECUTILS_OPENSSL_VERSION=`$(MAKE) -s 2>/dev/null --no-print-directory -f OpenSSL_version.mk SOURCE="$(SECUTILS_OUT_LIB)"` && \
+	if [[ "$$SECUTILS_OPENSSL_VERSION" != "$(OPENSSL_VERSION)" && \
+	      "$$SECUTILS_OPENSSL_VERSION" != "$(OPENSSL_MAJOR_VERSION)" ]]; then \
+	    echo "WARNING: OpenSSL version '$$SECUTILS_OPENSSL_VERSION' used for building libsecutils does not match '$(OPENSSL_VERSION)' to be used for building cmpClient"; \
+	fi
 endif
 
 GENCMPCLIENT_CONFIG=include/genericCMPClient_config.h
@@ -587,7 +622,7 @@ endif
 
 test: clean build_no_tls
 	$(MAKE) -C libsecutils -f Makefile_v1 clean_config
-	@$(MAKE) -f Makefile_v1 clean $(OUT_DIR_BIN) demo_Insta $(SET_NDEBUG) DEBUG_FLAGS="$(DEBUG_FLAGS)" CFLAGS="$(CFLAGS)"
+	@$(MAKE) -f Makefile_v1 clean $(OUT_DIR_BIN) demo_Insta $(SET_NDEBUG) $(SET_DEBUG_FLAGS) CFLAGS="$(CFLAGS)"
 
 # doc and zip ##################################################################
 

OpenSSL_version.c

@@ -2,9 +2,9 @@
  * @file   OpenSSL_version.c
  * @brief  OpenSSL version checking utility
  *
- * @author David von Oheimb, CT RDA CST SEA, [email protected]
+ * @author David von Oheimb, [email protected]
  *
- *  Copyright (c) 2021 Siemens AG
+ *  Copyright (c) 2021-2024 Siemens AG
  *  Licensed under the Apache License, Version 2.0
  *  SPDX-License-Identifier: Apache-2.0
  ******************************************************************************/
@@ -38,10 +38,10 @@ int main(int argc, char *argv[])
     fprintf(stderr, DEBUG_MESSAGE);
 
     unsigned long static_version = (unsigned long)OPENSSL_VERSION_NUMBER;
-    fprintf(stderr, "[DEBUG] OPENSSL_VERSION_NUMBER: 0x%lx\n", static_version);
+    fprintf(stderr, "[TRACE] OPENSSL_VERSION_NUMBER:  0x%lx\n", static_version);
 
     unsigned long runtime_version = OpenSSL_version_num();
-    fprintf(stderr, "[DEBUG] runtime_version: 0x%lx\n", runtime_version);
+    fprintf(stderr, "[TRACE] OpenSSL runtime_version: 0x%lx\n", runtime_version);
 
     #define MAJOR_MINOR_MASK 0xfff00000L
     if ((MAJOR_MINOR_MASK & runtime_version ) != (MAJOR_MINOR_MASK & OPENSSL_VERSION_NUMBER)) {