]>
Commit | Line | Data |
---|---|---|
dec95d75 RL |
1 | # We place all implementations in static libraries, and then let the |
2 | # provider mains pilfer what they want through symbol resolution when | |
3 | # linking. | |
4 | # | |
5 | # The non-legacy implementations (libimplementations) must be made FIPS | |
6 | # agnostic as much as possible, as well as the common building blocks | |
7 | # (libcommon). The legacy implementations (liblegacy) will never be | |
8 | # part of the FIPS provider. | |
9 | # | |
10 | # If there is anything that isn't FIPS agnostic, it should be set aside | |
11 | # in its own source file, which is then included directly into other | |
12 | # static libraries geared for FIPS and non-FIPS providers, and built | |
13 | # separately. | |
14 | # | |
15 | # libcommon.a Contains common building blocks, potentially | |
16 | # needed both by non-legacy and legacy code. | |
17 | # | |
18 | # libimplementations.a Contains all non-legacy implementations. | |
79c44b4e | 19 | # liblegacy.a Contains all legacy implementations. |
dec95d75 RL |
20 | # |
21 | # libfips.a Contains all things needed to support | |
22 | # FIPS implementations, such as code from | |
23 | # crypto/ and object files that contain | |
24 | # FIPS-specific code. FIPS_MODE is defined | |
25 | # for this library. The FIPS module uses | |
26 | # this. | |
27 | # libnonfips.a Corresponds to libfips.a, but built with | |
28 | # FIPS_MODE undefined. The default and legacy | |
29 | # providers use this. | |
30 | ||
600703f4 | 31 | SUBDIRS=common implementations |
9efa0ae0 | 32 | |
16da72a8 MC |
33 | INCLUDE[../libcrypto]=common/include |
34 | ||
dec95d75 RL |
35 | # Libraries we're dealing with |
36 | $LIBCOMMON=libcommon.a | |
37 | $LIBIMPLEMENTATIONS=libimplementations.a | |
38 | $LIBLEGACY=liblegacy.a | |
39 | $LIBNONFIPS=libnonfips.a | |
40 | $LIBFIPS=libfips.a | |
41 | ||
42 | # Enough of our implementations include prov/ciphercommon.h (present in | |
cc731bc3 | 43 | # providers/implementations/include), which includes crypto/*_platform.h |
dec95d75 RL |
44 | # (present in include), which in turn may include very internal header |
45 | # files in crypto/, so let's have a common include list for them all. | |
68a51d59 | 46 | $COMMON_INCLUDES=../crypto ../include implementations/include common/include |
dec95d75 RL |
47 | |
48 | INCLUDE[$LIBCOMMON]=$COMMON_INCLUDES | |
68a51d59 RL |
49 | INCLUDE[$LIBIMPLEMENTATIONS]=.. $COMMON_INCLUDES |
50 | INCLUDE[$LIBLEGACY]=$COMMON_INCLUDES | |
dec95d75 RL |
51 | INCLUDE[$LIBNONFIPS]=$COMMON_INCLUDES |
52 | INCLUDE[$LIBFIPS]=.. $COMMON_INCLUDES | |
53 | DEFINE[$LIBFIPS]=FIPS_MODE | |
54 | ||
55 | # Weak dependencies to provide library order information. | |
56 | # We make it weak so they aren't both used always; what is | |
57 | # actually used is determined by non-weak dependencies. | |
58 | DEPEND[$LIBIMPLEMENTATIONS]{weak}=$LIBFIPS $LIBNONFIPS | |
59 | DEPEND[$LIBCOMMON]{weak}=$LIBFIPS | |
60 | ||
61 | # Strong dependencies. This ensures that any time libimplementations | |
62 | # is used, libcommon gets included as well. | |
63 | DEPEND[$LIBIMPLEMENTATIONS]=$LIBCOMMON | |
64 | DEPEND[$LIBNONFIPS]=../libcrypto | |
65 | # It's tempting to make libcommon depend on ../libcrypto. However, | |
66 | # since the FIPS provider module must NOT depend on ../libcrypto, we | |
67 | # need to set that dependency up specifically for the final products | |
68 | # that use $LIBCOMMON or anything that depends on it. | |
69 | ||
70 | # Libraries common to all providers, must be built regardless | |
71 | LIBS{noinst}=$LIBCOMMON | |
72 | # Libraries that are common for all non-FIPS providers, must be built regardless | |
73 | LIBS{noinst}=$LIBNONFIPS $LIBIMPLEMENTATIONS | |
74 | ||
75 | # | |
76 | # Default provider stuff | |
77 | # | |
78 | # Because the default provider is built in, it means that libcrypto must | |
79 | # include all the object files that are needed (we do that indirectly, | |
80 | # by using the appropriate libraries as source). Note that for shared | |
81 | # libraries, SOURCEd libraries are considered as if the where specified | |
82 | # with DEPEND. | |
83 | $DEFAULTGOAL=../libcrypto | |
84 | SOURCE[$DEFAULTGOAL]=$LIBIMPLEMENTATIONS $LIBNONFIPS | |
600703f4 | 85 | SOURCE[$DEFAULTGOAL]=defltprov.c |
7c214f10 | 86 | # Some legacy implementations depend on provider header files |
68a51d59 | 87 | INCLUDE[$DEFAULTGOAL]=implementations/include |
dec95d75 RL |
88 | |
89 | LIBS=$DEFAULTGOAL | |
90 | ||
91 | # | |
92 | # FIPS provider stuff | |
93 | # | |
94 | # We define it this way to ensure that configdata.pm will have all the | |
95 | # necessary information even if we don't build the module. This will allow | |
96 | # us to make all kinds of checks on the source, based on what we specify in | |
97 | # diverse build.info files. libfips.a, fips.so and their sources aren't | |
98 | # built unless the proper LIBS or MODULES statement has been seen, so we | |
99 | # have those and only those within a condition. | |
100 | SUBDIRS=fips | |
101 | $FIPSGOAL=fips | |
102 | DEPEND[$FIPSGOAL]=$LIBIMPLEMENTATIONS $LIBFIPS | |
103 | INCLUDE[$FIPSGOAL]=../include | |
f93a17f1 | 104 | DEFINE[$FIPSGOAL]=FIPS_MODE |
dec95d75 RL |
105 | IF[{- defined $target{shared_defflag} -}] |
106 | SOURCE[$FIPSGOAL]=fips.ld | |
107 | GENERATE[fips.ld]=../util/providers.num | |
108 | ENDIF | |
109 | ||
9efa0ae0 | 110 | IF[{- !$disabled{fips} -}] |
dec95d75 RL |
111 | # This is the trigger to actually build the FIPS module. Without these |
112 | # statements, the final build file will not have a trace of it. | |
113 | MODULES=$FIPSGOAL | |
114 | LIBS{noinst}=$LIBFIPS | |
9efa0ae0 | 115 | ENDIF |
d0308923 | 116 | |
dec95d75 RL |
117 | # |
118 | # Legacy provider stuff | |
119 | # | |
d0308923 | 120 | IF[{- !$disabled{legacy} -}] |
dec95d75 | 121 | # The legacy implementation library |
dec95d75 RL |
122 | LIBS{noinst}=$LIBLEGACY |
123 | DEPEND[$LIBLEGACY]=$LIBCOMMON $LIBNONFIPS | |
124 | ||
125 | # The Legacy provider | |
318e074e | 126 | IF[{- $disabled{module} -}] |
dec95d75 RL |
127 | # Become built in |
128 | # In this case, we need to do the same thing a for the default provider, | |
129 | # and make the liblegacy object files end up in libcrypto. We could also | |
130 | # just say that for the built-in legacy, we put the source directly in | |
131 | # libcrypto instead of going via liblegacy, but that makes writing the | |
132 | # implementation specific build.info files harder to write, so we don't. | |
133 | $LEGACYGOAL=../libcrypto | |
134 | SOURCE[$LEGACYGOAL]=$LIBLEGACY | |
135 | DEFINE[$LIBLEGACY]=STATIC_LEGACY | |
136 | DEFINE[$LEGACYGOAL]=STATIC_LEGACY | |
318e074e | 137 | ELSE |
dec95d75 RL |
138 | # Become a module |
139 | # In this case, we can work with dependencies | |
140 | $LEGACYGOAL=legacy | |
141 | MODULES=$LEGACYGOAL | |
142 | DEPEND[$LEGACYGOAL]=$LIBLEGACY | |
318e074e RL |
143 | IF[{- defined $target{shared_defflag} -}] |
144 | SOURCE[legacy]=legacy.ld | |
145 | GENERATE[legacy.ld]=../util/providers.num | |
146 | ENDIF | |
d0308923 | 147 | ENDIF |
dec95d75 RL |
148 | |
149 | # Common things that are valid no matter what form the Legacy provider | |
150 | # takes. | |
600703f4 RL |
151 | SOURCE[$LEGACYGOAL]=legacyprov.c |
152 | INCLUDE[$LEGACYGOAL]=../include implementations/include | |
d0308923 | 153 | ENDIF |