]>
Commit | Line | Data |
---|---|---|
dec95d75 RL |
1 | # We place all implementations in static libraries, and then let the |
2 | # provider mains pilfer what they want through symbol resolution when | |
3 | # linking. | |
4 | # | |
5 | # The non-legacy implementations (libimplementations) must be made FIPS | |
6 | # agnostic as much as possible, as well as the common building blocks | |
7 | # (libcommon). The legacy implementations (liblegacy) will never be | |
8 | # part of the FIPS provider. | |
9 | # | |
10 | # If there is anything that isn't FIPS agnostic, it should be set aside | |
11 | # in its own source file, which is then included directly into other | |
12 | # static libraries geared for FIPS and non-FIPS providers, and built | |
13 | # separately. | |
14 | # | |
15 | # libcommon.a Contains common building blocks, potentially | |
16 | # needed both by non-legacy and legacy code. | |
17 | # | |
18 | # libimplementations.a Contains all non-legacy implementations. | |
79c44b4e | 19 | # liblegacy.a Contains all legacy implementations. |
dec95d75 RL |
20 | # |
21 | # libfips.a Contains all things needed to support | |
22 | # FIPS implementations, such as code from | |
23 | # crypto/ and object files that contain | |
f844f9eb | 24 | # FIPS-specific code. FIPS_MODULE is defined |
dec95d75 RL |
25 | # for this library. The FIPS module uses |
26 | # this. | |
27 | # libnonfips.a Corresponds to libfips.a, but built with | |
f844f9eb | 28 | # FIPS_MODULE undefined. The default and legacy |
dec95d75 | 29 | # providers use this. |
904f4250 RL |
30 | # |
31 | # This is how different provider modules should be linked: | |
32 | # | |
33 | # FIPS: | |
34 | # -o fips.so {object files...} libimplementations.a libcommon.a libfips.a | |
35 | # Non-FIPS: | |
36 | # -o module.so {object files...} libimplementations.a libcommon.a libnonfips.a | |
37 | # | |
38 | # It is crucial that code that checks for the FIPS_MODULE macro end up in | |
39 | # libfips.a and libnonfips.a, never in libcommon.a. | |
40 | # It is crucial that such code is written so libfips.a and libnonfips.a doesn't | |
41 | # end up depending on libimplementations.a or libcommon.a. | |
42 | # It is crucial that such code is written so libcommon.a doesn't end up | |
43 | # depending on libimplementations.a. | |
44 | # | |
45 | # Code in providers/implementations/ should be written in such a way that the | |
46 | # OSSL_DISPATCH arrays (and preferably the majority of the actual code) ends | |
47 | # up in either libimplementations.a or liblegacy.a. | |
48 | # If need be, write an abstraction layer in separate source files and make them | |
49 | # libfips.a / libnonfips.a sources. | |
dec95d75 | 50 | |
600703f4 | 51 | SUBDIRS=common implementations |
9efa0ae0 | 52 | |
16da72a8 MC |
53 | INCLUDE[../libcrypto]=common/include |
54 | ||
dec95d75 RL |
55 | # Libraries we're dealing with |
56 | $LIBCOMMON=libcommon.a | |
57 | $LIBIMPLEMENTATIONS=libimplementations.a | |
58 | $LIBLEGACY=liblegacy.a | |
59 | $LIBNONFIPS=libnonfips.a | |
60 | $LIBFIPS=libfips.a | |
61 | ||
62 | # Enough of our implementations include prov/ciphercommon.h (present in | |
cc731bc3 | 63 | # providers/implementations/include), which includes crypto/*_platform.h |
dec95d75 RL |
64 | # (present in include), which in turn may include very internal header |
65 | # files in crypto/, so let's have a common include list for them all. | |
68a51d59 | 66 | $COMMON_INCLUDES=../crypto ../include implementations/include common/include |
dec95d75 RL |
67 | |
68 | INCLUDE[$LIBCOMMON]=$COMMON_INCLUDES | |
68a51d59 | 69 | INCLUDE[$LIBIMPLEMENTATIONS]=.. $COMMON_INCLUDES |
f5056577 | 70 | INCLUDE[$LIBLEGACY]=.. $COMMON_INCLUDES |
0c9fcfeb | 71 | INCLUDE[$LIBNONFIPS]=.. $COMMON_INCLUDES |
dec95d75 | 72 | INCLUDE[$LIBFIPS]=.. $COMMON_INCLUDES |
f844f9eb | 73 | DEFINE[$LIBFIPS]=FIPS_MODULE |
dec95d75 RL |
74 | |
75 | # Weak dependencies to provide library order information. | |
76 | # We make it weak so they aren't both used always; what is | |
77 | # actually used is determined by non-weak dependencies. | |
78 | DEPEND[$LIBIMPLEMENTATIONS]{weak}=$LIBFIPS $LIBNONFIPS | |
79 | DEPEND[$LIBCOMMON]{weak}=$LIBFIPS | |
80 | ||
81 | # Strong dependencies. This ensures that any time libimplementations | |
82 | # is used, libcommon gets included as well. | |
83 | DEPEND[$LIBIMPLEMENTATIONS]=$LIBCOMMON | |
84 | DEPEND[$LIBNONFIPS]=../libcrypto | |
85 | # It's tempting to make libcommon depend on ../libcrypto. However, | |
86 | # since the FIPS provider module must NOT depend on ../libcrypto, we | |
87 | # need to set that dependency up specifically for the final products | |
88 | # that use $LIBCOMMON or anything that depends on it. | |
89 | ||
90 | # Libraries common to all providers, must be built regardless | |
91 | LIBS{noinst}=$LIBCOMMON | |
92 | # Libraries that are common for all non-FIPS providers, must be built regardless | |
93 | LIBS{noinst}=$LIBNONFIPS $LIBIMPLEMENTATIONS | |
94 | ||
95 | # | |
96 | # Default provider stuff | |
97 | # | |
98 | # Because the default provider is built in, it means that libcrypto must | |
99 | # include all the object files that are needed (we do that indirectly, | |
100 | # by using the appropriate libraries as source). Note that for shared | |
101 | # libraries, SOURCEd libraries are considered as if the where specified | |
102 | # with DEPEND. | |
103 | $DEFAULTGOAL=../libcrypto | |
104 | SOURCE[$DEFAULTGOAL]=$LIBIMPLEMENTATIONS $LIBNONFIPS | |
600703f4 | 105 | SOURCE[$DEFAULTGOAL]=defltprov.c |
7c214f10 | 106 | # Some legacy implementations depend on provider header files |
68a51d59 | 107 | INCLUDE[$DEFAULTGOAL]=implementations/include |
dec95d75 RL |
108 | |
109 | LIBS=$DEFAULTGOAL | |
110 | ||
111 | # | |
112 | # FIPS provider stuff | |
113 | # | |
114 | # We define it this way to ensure that configdata.pm will have all the | |
115 | # necessary information even if we don't build the module. This will allow | |
116 | # us to make all kinds of checks on the source, based on what we specify in | |
117 | # diverse build.info files. libfips.a, fips.so and their sources aren't | |
118 | # built unless the proper LIBS or MODULES statement has been seen, so we | |
119 | # have those and only those within a condition. | |
120 | SUBDIRS=fips | |
121 | $FIPSGOAL=fips | |
122 | DEPEND[$FIPSGOAL]=$LIBIMPLEMENTATIONS $LIBFIPS | |
123 | INCLUDE[$FIPSGOAL]=../include | |
f844f9eb | 124 | DEFINE[$FIPSGOAL]=FIPS_MODULE |
dec95d75 RL |
125 | IF[{- defined $target{shared_defflag} -}] |
126 | SOURCE[$FIPSGOAL]=fips.ld | |
127 | GENERATE[fips.ld]=../util/providers.num | |
128 | ENDIF | |
129 | ||
9efa0ae0 | 130 | IF[{- !$disabled{fips} -}] |
dec95d75 RL |
131 | # This is the trigger to actually build the FIPS module. Without these |
132 | # statements, the final build file will not have a trace of it. | |
133 | MODULES=$FIPSGOAL | |
134 | LIBS{noinst}=$LIBFIPS | |
9efa0ae0 | 135 | ENDIF |
d0308923 | 136 | |
dec95d75 RL |
137 | # |
138 | # Legacy provider stuff | |
139 | # | |
d0308923 | 140 | IF[{- !$disabled{legacy} -}] |
dec95d75 | 141 | # The legacy implementation library |
dec95d75 RL |
142 | LIBS{noinst}=$LIBLEGACY |
143 | DEPEND[$LIBLEGACY]=$LIBCOMMON $LIBNONFIPS | |
144 | ||
145 | # The Legacy provider | |
318e074e | 146 | IF[{- $disabled{module} -}] |
dec95d75 RL |
147 | # Become built in |
148 | # In this case, we need to do the same thing a for the default provider, | |
149 | # and make the liblegacy object files end up in libcrypto. We could also | |
150 | # just say that for the built-in legacy, we put the source directly in | |
151 | # libcrypto instead of going via liblegacy, but that makes writing the | |
152 | # implementation specific build.info files harder to write, so we don't. | |
153 | $LEGACYGOAL=../libcrypto | |
154 | SOURCE[$LEGACYGOAL]=$LIBLEGACY | |
155 | DEFINE[$LIBLEGACY]=STATIC_LEGACY | |
156 | DEFINE[$LEGACYGOAL]=STATIC_LEGACY | |
318e074e | 157 | ELSE |
dec95d75 RL |
158 | # Become a module |
159 | # In this case, we can work with dependencies | |
160 | $LEGACYGOAL=legacy | |
161 | MODULES=$LEGACYGOAL | |
162 | DEPEND[$LEGACYGOAL]=$LIBLEGACY | |
318e074e RL |
163 | IF[{- defined $target{shared_defflag} -}] |
164 | SOURCE[legacy]=legacy.ld | |
165 | GENERATE[legacy.ld]=../util/providers.num | |
166 | ENDIF | |
d0308923 | 167 | ENDIF |
dec95d75 RL |
168 | |
169 | # Common things that are valid no matter what form the Legacy provider | |
170 | # takes. | |
600703f4 | 171 | SOURCE[$LEGACYGOAL]=legacyprov.c |
fdaad3f1 | 172 | INCLUDE[$LEGACYGOAL]=../include implementations/include common/include |
d0308923 | 173 | ENDIF |
7b4344ac P |
174 | |
175 | # | |
176 | # Null provider stuff | |
177 | # | |
178 | # Because the null provider is built in, it means that libcrypto must | |
179 | # include all the object files that are needed. | |
180 | $NULLGOAL=../libcrypto | |
181 | SOURCE[$NULLGOAL]=nullprov.c | |
182 | ||
183 |