]>
Commit | Line | Data |
---|---|---|
dec95d75 RL |
1 | # We place all implementations in static libraries, and then let the |
2 | # provider mains pilfer what they want through symbol resolution when | |
3 | # linking. | |
4 | # | |
5 | # The non-legacy implementations (libimplementations) must be made FIPS | |
6 | # agnostic as much as possible, as well as the common building blocks | |
7 | # (libcommon). The legacy implementations (liblegacy) will never be | |
8 | # part of the FIPS provider. | |
9 | # | |
10 | # If there is anything that isn't FIPS agnostic, it should be set aside | |
11 | # in its own source file, which is then included directly into other | |
12 | # static libraries geared for FIPS and non-FIPS providers, and built | |
13 | # separately. | |
14 | # | |
15 | # libcommon.a Contains common building blocks, potentially | |
16 | # needed both by non-legacy and legacy code. | |
17 | # | |
18 | # libimplementations.a Contains all non-legacy implementations. | |
79c44b4e | 19 | # liblegacy.a Contains all legacy implementations. |
dec95d75 RL |
20 | # |
21 | # libfips.a Contains all things needed to support | |
22 | # FIPS implementations, such as code from | |
23 | # crypto/ and object files that contain | |
f844f9eb | 24 | # FIPS-specific code. FIPS_MODULE is defined |
dec95d75 RL |
25 | # for this library. The FIPS module uses |
26 | # this. | |
27 | # libnonfips.a Corresponds to libfips.a, but built with | |
f844f9eb | 28 | # FIPS_MODULE undefined. The default and legacy |
dec95d75 | 29 | # providers use this. |
904f4250 RL |
30 | # |
31 | # This is how different provider modules should be linked: | |
32 | # | |
33 | # FIPS: | |
34 | # -o fips.so {object files...} libimplementations.a libcommon.a libfips.a | |
35 | # Non-FIPS: | |
36 | # -o module.so {object files...} libimplementations.a libcommon.a libnonfips.a | |
37 | # | |
38 | # It is crucial that code that checks for the FIPS_MODULE macro end up in | |
39 | # libfips.a and libnonfips.a, never in libcommon.a. | |
40 | # It is crucial that such code is written so libfips.a and libnonfips.a doesn't | |
41 | # end up depending on libimplementations.a or libcommon.a. | |
42 | # It is crucial that such code is written so libcommon.a doesn't end up | |
43 | # depending on libimplementations.a. | |
44 | # | |
45 | # Code in providers/implementations/ should be written in such a way that the | |
46 | # OSSL_DISPATCH arrays (and preferably the majority of the actual code) ends | |
47 | # up in either libimplementations.a or liblegacy.a. | |
48 | # If need be, write an abstraction layer in separate source files and make them | |
49 | # libfips.a / libnonfips.a sources. | |
dec95d75 | 50 | |
600703f4 | 51 | SUBDIRS=common implementations |
9efa0ae0 | 52 | |
16da72a8 MC |
53 | INCLUDE[../libcrypto]=common/include |
54 | ||
dec95d75 RL |
55 | # Libraries we're dealing with |
56 | $LIBCOMMON=libcommon.a | |
57 | $LIBIMPLEMENTATIONS=libimplementations.a | |
58 | $LIBLEGACY=liblegacy.a | |
59 | $LIBNONFIPS=libnonfips.a | |
60 | $LIBFIPS=libfips.a | |
61 | ||
62 | # Enough of our implementations include prov/ciphercommon.h (present in | |
cc731bc3 | 63 | # providers/implementations/include), which includes crypto/*_platform.h |
dec95d75 RL |
64 | # (present in include), which in turn may include very internal header |
65 | # files in crypto/, so let's have a common include list for them all. | |
68a51d59 | 66 | $COMMON_INCLUDES=../crypto ../include implementations/include common/include |
dec95d75 RL |
67 | |
68 | INCLUDE[$LIBCOMMON]=$COMMON_INCLUDES | |
68a51d59 | 69 | INCLUDE[$LIBIMPLEMENTATIONS]=.. $COMMON_INCLUDES |
f5056577 | 70 | INCLUDE[$LIBLEGACY]=.. $COMMON_INCLUDES |
0c9fcfeb | 71 | INCLUDE[$LIBNONFIPS]=.. $COMMON_INCLUDES |
dec95d75 | 72 | INCLUDE[$LIBFIPS]=.. $COMMON_INCLUDES |
f844f9eb | 73 | DEFINE[$LIBFIPS]=FIPS_MODULE |
dec95d75 RL |
74 | |
75 | # Weak dependencies to provide library order information. | |
76 | # We make it weak so they aren't both used always; what is | |
77 | # actually used is determined by non-weak dependencies. | |
78 | DEPEND[$LIBIMPLEMENTATIONS]{weak}=$LIBFIPS $LIBNONFIPS | |
79 | DEPEND[$LIBCOMMON]{weak}=$LIBFIPS | |
80 | ||
81 | # Strong dependencies. This ensures that any time libimplementations | |
82 | # is used, libcommon gets included as well. | |
83 | DEPEND[$LIBIMPLEMENTATIONS]=$LIBCOMMON | |
84 | DEPEND[$LIBNONFIPS]=../libcrypto | |
85 | # It's tempting to make libcommon depend on ../libcrypto. However, | |
86 | # since the FIPS provider module must NOT depend on ../libcrypto, we | |
87 | # need to set that dependency up specifically for the final products | |
88 | # that use $LIBCOMMON or anything that depends on it. | |
89 | ||
90 | # Libraries common to all providers, must be built regardless | |
91 | LIBS{noinst}=$LIBCOMMON | |
92 | # Libraries that are common for all non-FIPS providers, must be built regardless | |
93 | LIBS{noinst}=$LIBNONFIPS $LIBIMPLEMENTATIONS | |
94 | ||
95 | # | |
96 | # Default provider stuff | |
97 | # | |
98 | # Because the default provider is built in, it means that libcrypto must | |
99 | # include all the object files that are needed (we do that indirectly, | |
100 | # by using the appropriate libraries as source). Note that for shared | |
101 | # libraries, SOURCEd libraries are considered as if the where specified | |
102 | # with DEPEND. | |
103 | $DEFAULTGOAL=../libcrypto | |
104 | SOURCE[$DEFAULTGOAL]=$LIBIMPLEMENTATIONS $LIBNONFIPS | |
600703f4 | 105 | SOURCE[$DEFAULTGOAL]=defltprov.c |
7c214f10 | 106 | # Some legacy implementations depend on provider header files |
68a51d59 | 107 | INCLUDE[$DEFAULTGOAL]=implementations/include |
dec95d75 RL |
108 | |
109 | LIBS=$DEFAULTGOAL | |
110 | ||
dfc0857d P |
111 | # |
112 | # Base provider stuff | |
113 | # | |
114 | # Because the base provider is built in, it means that libcrypto | |
115 | # must include all of the object files that are needed. | |
116 | $BASEGOAL=../libcrypto | |
117 | SOURCE[$BASEGOAL]=$LIBIMPLEMENTATIONS $LIBNONFIPS | |
118 | SOURCE[$BASEGOAL]=baseprov.c | |
119 | INCLUDE[$BASEGOAL]=implementations/include | |
120 | ||
dec95d75 RL |
121 | # |
122 | # FIPS provider stuff | |
123 | # | |
124 | # We define it this way to ensure that configdata.pm will have all the | |
125 | # necessary information even if we don't build the module. This will allow | |
126 | # us to make all kinds of checks on the source, based on what we specify in | |
127 | # diverse build.info files. libfips.a, fips.so and their sources aren't | |
128 | # built unless the proper LIBS or MODULES statement has been seen, so we | |
129 | # have those and only those within a condition. | |
130 | SUBDIRS=fips | |
131 | $FIPSGOAL=fips | |
132 | DEPEND[$FIPSGOAL]=$LIBIMPLEMENTATIONS $LIBFIPS | |
133 | INCLUDE[$FIPSGOAL]=../include | |
f844f9eb | 134 | DEFINE[$FIPSGOAL]=FIPS_MODULE |
dec95d75 RL |
135 | IF[{- defined $target{shared_defflag} -}] |
136 | SOURCE[$FIPSGOAL]=fips.ld | |
137 | GENERATE[fips.ld]=../util/providers.num | |
138 | ENDIF | |
139 | ||
9efa0ae0 | 140 | IF[{- !$disabled{fips} -}] |
dec95d75 RL |
141 | # This is the trigger to actually build the FIPS module. Without these |
142 | # statements, the final build file will not have a trace of it. | |
d3ed8080 | 143 | MODULES{fips}=$FIPSGOAL |
dec95d75 | 144 | LIBS{noinst}=$LIBFIPS |
05869bba RL |
145 | |
146 | # For tests that try to use the FIPS module, we need to make a local fips | |
147 | # module installation. We have the output go to standard output, because | |
148 | # the generated commands in build templates are expected to catch that, | |
149 | # and thereby keep control over the exact output file location. | |
150 | DEPEND[|tests|]=fipsmodule.cnf | |
151 | GENERATE[fipsmodule.cnf]=../apps/openssl fipsinstall \ | |
152 | -module providers/$(FIPSMODULENAME) -provider_name fips \ | |
eb78f955 | 153 | -mac_name HMAC -section_name fips_sect |
05869bba | 154 | DEPEND[fipsmodule.cnf]=$FIPSGOAL |
9efa0ae0 | 155 | ENDIF |
d0308923 | 156 | |
dec95d75 RL |
157 | # |
158 | # Legacy provider stuff | |
159 | # | |
d0308923 | 160 | IF[{- !$disabled{legacy} -}] |
dec95d75 | 161 | # The legacy implementation library |
dec95d75 RL |
162 | LIBS{noinst}=$LIBLEGACY |
163 | DEPEND[$LIBLEGACY]=$LIBCOMMON $LIBNONFIPS | |
164 | ||
165 | # The Legacy provider | |
318e074e | 166 | IF[{- $disabled{module} -}] |
dec95d75 RL |
167 | # Become built in |
168 | # In this case, we need to do the same thing a for the default provider, | |
169 | # and make the liblegacy object files end up in libcrypto. We could also | |
170 | # just say that for the built-in legacy, we put the source directly in | |
171 | # libcrypto instead of going via liblegacy, but that makes writing the | |
172 | # implementation specific build.info files harder to write, so we don't. | |
173 | $LEGACYGOAL=../libcrypto | |
174 | SOURCE[$LEGACYGOAL]=$LIBLEGACY | |
175 | DEFINE[$LIBLEGACY]=STATIC_LEGACY | |
176 | DEFINE[$LEGACYGOAL]=STATIC_LEGACY | |
318e074e | 177 | ELSE |
dec95d75 RL |
178 | # Become a module |
179 | # In this case, we can work with dependencies | |
180 | $LEGACYGOAL=legacy | |
181 | MODULES=$LEGACYGOAL | |
182 | DEPEND[$LEGACYGOAL]=$LIBLEGACY | |
318e074e RL |
183 | IF[{- defined $target{shared_defflag} -}] |
184 | SOURCE[legacy]=legacy.ld | |
185 | GENERATE[legacy.ld]=../util/providers.num | |
186 | ENDIF | |
d0308923 | 187 | ENDIF |
dec95d75 RL |
188 | |
189 | # Common things that are valid no matter what form the Legacy provider | |
190 | # takes. | |
600703f4 | 191 | SOURCE[$LEGACYGOAL]=legacyprov.c |
fdaad3f1 | 192 | INCLUDE[$LEGACYGOAL]=../include implementations/include common/include |
d0308923 | 193 | ENDIF |
7b4344ac P |
194 | |
195 | # | |
196 | # Null provider stuff | |
197 | # | |
198 | # Because the null provider is built in, it means that libcrypto must | |
199 | # include all the object files that are needed. | |
200 | $NULLGOAL=../libcrypto | |
eab7b424 | 201 | SOURCE[$NULLGOAL]=nullprov.c prov_running.c |
7b4344ac | 202 | |
eab7b424 | 203 | SOURCE[$LIBNONFIPS]=prov_running.c |