]>
Commit | Line | Data |
---|---|---|
dec95d75 RL |
1 | # We place all implementations in static libraries, and then let the |
2 | # provider mains pilfer what they want through symbol resolution when | |
3 | # linking. | |
4 | # | |
5 | # The non-legacy implementations (libimplementations) must be made FIPS | |
6 | # agnostic as much as possible, as well as the common building blocks | |
7 | # (libcommon). The legacy implementations (liblegacy) will never be | |
8 | # part of the FIPS provider. | |
9 | # | |
10 | # If there is anything that isn't FIPS agnostic, it should be set aside | |
11 | # in its own source file, which is then included directly into other | |
12 | # static libraries geared for FIPS and non-FIPS providers, and built | |
13 | # separately. | |
14 | # | |
15 | # libcommon.a Contains common building blocks, potentially | |
16 | # needed both by non-legacy and legacy code. | |
17 | # | |
18 | # libimplementations.a Contains all non-legacy implementations. | |
79c44b4e | 19 | # liblegacy.a Contains all legacy implementations. |
dec95d75 RL |
20 | # |
21 | # libfips.a Contains all things needed to support | |
22 | # FIPS implementations, such as code from | |
23 | # crypto/ and object files that contain | |
f844f9eb | 24 | # FIPS-specific code. FIPS_MODULE is defined |
dec95d75 RL |
25 | # for this library. The FIPS module uses |
26 | # this. | |
27 | # libnonfips.a Corresponds to libfips.a, but built with | |
f844f9eb | 28 | # FIPS_MODULE undefined. The default and legacy |
dec95d75 | 29 | # providers use this. |
904f4250 RL |
30 | # |
31 | # This is how different provider modules should be linked: | |
32 | # | |
33 | # FIPS: | |
34 | # -o fips.so {object files...} libimplementations.a libcommon.a libfips.a | |
35 | # Non-FIPS: | |
36 | # -o module.so {object files...} libimplementations.a libcommon.a libnonfips.a | |
37 | # | |
38 | # It is crucial that code that checks for the FIPS_MODULE macro end up in | |
39 | # libfips.a and libnonfips.a, never in libcommon.a. | |
40 | # It is crucial that such code is written so libfips.a and libnonfips.a doesn't | |
41 | # end up depending on libimplementations.a or libcommon.a. | |
42 | # It is crucial that such code is written so libcommon.a doesn't end up | |
43 | # depending on libimplementations.a. | |
44 | # | |
45 | # Code in providers/implementations/ should be written in such a way that the | |
46 | # OSSL_DISPATCH arrays (and preferably the majority of the actual code) ends | |
47 | # up in either libimplementations.a or liblegacy.a. | |
48 | # If need be, write an abstraction layer in separate source files and make them | |
49 | # libfips.a / libnonfips.a sources. | |
dec95d75 | 50 | |
600703f4 | 51 | SUBDIRS=common implementations |
9efa0ae0 | 52 | |
16da72a8 MC |
53 | INCLUDE[../libcrypto]=common/include |
54 | ||
dec95d75 RL |
55 | # Libraries we're dealing with |
56 | $LIBCOMMON=libcommon.a | |
57 | $LIBIMPLEMENTATIONS=libimplementations.a | |
58 | $LIBLEGACY=liblegacy.a | |
59 | $LIBNONFIPS=libnonfips.a | |
60 | $LIBFIPS=libfips.a | |
61 | ||
62 | # Enough of our implementations include prov/ciphercommon.h (present in | |
cc731bc3 | 63 | # providers/implementations/include), which includes crypto/*_platform.h |
dec95d75 RL |
64 | # (present in include), which in turn may include very internal header |
65 | # files in crypto/, so let's have a common include list for them all. | |
68a51d59 | 66 | $COMMON_INCLUDES=../crypto ../include implementations/include common/include |
dec95d75 RL |
67 | |
68 | INCLUDE[$LIBCOMMON]=$COMMON_INCLUDES | |
68a51d59 | 69 | INCLUDE[$LIBIMPLEMENTATIONS]=.. $COMMON_INCLUDES |
f5056577 | 70 | INCLUDE[$LIBLEGACY]=.. $COMMON_INCLUDES |
0c9fcfeb | 71 | INCLUDE[$LIBNONFIPS]=.. $COMMON_INCLUDES |
dec95d75 | 72 | INCLUDE[$LIBFIPS]=.. $COMMON_INCLUDES |
f844f9eb | 73 | DEFINE[$LIBFIPS]=FIPS_MODULE |
dec95d75 RL |
74 | |
75 | # Weak dependencies to provide library order information. | |
76 | # We make it weak so they aren't both used always; what is | |
77 | # actually used is determined by non-weak dependencies. | |
78 | DEPEND[$LIBIMPLEMENTATIONS]{weak}=$LIBFIPS $LIBNONFIPS | |
79 | DEPEND[$LIBCOMMON]{weak}=$LIBFIPS | |
80 | ||
81 | # Strong dependencies. This ensures that any time libimplementations | |
82 | # is used, libcommon gets included as well. | |
83 | DEPEND[$LIBIMPLEMENTATIONS]=$LIBCOMMON | |
84 | DEPEND[$LIBNONFIPS]=../libcrypto | |
85 | # It's tempting to make libcommon depend on ../libcrypto. However, | |
86 | # since the FIPS provider module must NOT depend on ../libcrypto, we | |
87 | # need to set that dependency up specifically for the final products | |
88 | # that use $LIBCOMMON or anything that depends on it. | |
89 | ||
90 | # Libraries common to all providers, must be built regardless | |
91 | LIBS{noinst}=$LIBCOMMON | |
92 | # Libraries that are common for all non-FIPS providers, must be built regardless | |
93 | LIBS{noinst}=$LIBNONFIPS $LIBIMPLEMENTATIONS | |
94 | ||
95 | # | |
96 | # Default provider stuff | |
97 | # | |
98 | # Because the default provider is built in, it means that libcrypto must | |
99 | # include all the object files that are needed (we do that indirectly, | |
100 | # by using the appropriate libraries as source). Note that for shared | |
101 | # libraries, SOURCEd libraries are considered as if the where specified | |
102 | # with DEPEND. | |
103 | $DEFAULTGOAL=../libcrypto | |
104 | SOURCE[$DEFAULTGOAL]=$LIBIMPLEMENTATIONS $LIBNONFIPS | |
600703f4 | 105 | SOURCE[$DEFAULTGOAL]=defltprov.c |
7c214f10 | 106 | # Some legacy implementations depend on provider header files |
68a51d59 | 107 | INCLUDE[$DEFAULTGOAL]=implementations/include |
dec95d75 RL |
108 | |
109 | LIBS=$DEFAULTGOAL | |
110 | ||
dfc0857d P |
111 | # |
112 | # Base provider stuff | |
113 | # | |
114 | # Because the base provider is built in, it means that libcrypto | |
115 | # must include all of the object files that are needed. | |
116 | $BASEGOAL=../libcrypto | |
117 | SOURCE[$BASEGOAL]=$LIBIMPLEMENTATIONS $LIBNONFIPS | |
118 | SOURCE[$BASEGOAL]=baseprov.c | |
119 | INCLUDE[$BASEGOAL]=implementations/include | |
120 | ||
dec95d75 RL |
121 | # |
122 | # FIPS provider stuff | |
123 | # | |
124 | # We define it this way to ensure that configdata.pm will have all the | |
125 | # necessary information even if we don't build the module. This will allow | |
126 | # us to make all kinds of checks on the source, based on what we specify in | |
127 | # diverse build.info files. libfips.a, fips.so and their sources aren't | |
128 | # built unless the proper LIBS or MODULES statement has been seen, so we | |
129 | # have those and only those within a condition. | |
130 | SUBDIRS=fips | |
131 | $FIPSGOAL=fips | |
132 | DEPEND[$FIPSGOAL]=$LIBIMPLEMENTATIONS $LIBFIPS | |
133 | INCLUDE[$FIPSGOAL]=../include | |
f844f9eb | 134 | DEFINE[$FIPSGOAL]=FIPS_MODULE |
dec95d75 RL |
135 | IF[{- defined $target{shared_defflag} -}] |
136 | SOURCE[$FIPSGOAL]=fips.ld | |
137 | GENERATE[fips.ld]=../util/providers.num | |
138 | ENDIF | |
139 | ||
9efa0ae0 | 140 | IF[{- !$disabled{fips} -}] |
dec95d75 RL |
141 | # This is the trigger to actually build the FIPS module. Without these |
142 | # statements, the final build file will not have a trace of it. | |
d3ed8080 | 143 | MODULES{fips}=$FIPSGOAL |
dec95d75 | 144 | LIBS{noinst}=$LIBFIPS |
9efa0ae0 | 145 | ENDIF |
d0308923 | 146 | |
dec95d75 RL |
147 | # |
148 | # Legacy provider stuff | |
149 | # | |
d0308923 | 150 | IF[{- !$disabled{legacy} -}] |
dec95d75 | 151 | # The legacy implementation library |
dec95d75 RL |
152 | LIBS{noinst}=$LIBLEGACY |
153 | DEPEND[$LIBLEGACY]=$LIBCOMMON $LIBNONFIPS | |
154 | ||
155 | # The Legacy provider | |
318e074e | 156 | IF[{- $disabled{module} -}] |
dec95d75 RL |
157 | # Become built in |
158 | # In this case, we need to do the same thing a for the default provider, | |
159 | # and make the liblegacy object files end up in libcrypto. We could also | |
160 | # just say that for the built-in legacy, we put the source directly in | |
161 | # libcrypto instead of going via liblegacy, but that makes writing the | |
162 | # implementation specific build.info files harder to write, so we don't. | |
163 | $LEGACYGOAL=../libcrypto | |
164 | SOURCE[$LEGACYGOAL]=$LIBLEGACY | |
165 | DEFINE[$LIBLEGACY]=STATIC_LEGACY | |
166 | DEFINE[$LEGACYGOAL]=STATIC_LEGACY | |
318e074e | 167 | ELSE |
dec95d75 RL |
168 | # Become a module |
169 | # In this case, we can work with dependencies | |
170 | $LEGACYGOAL=legacy | |
171 | MODULES=$LEGACYGOAL | |
172 | DEPEND[$LEGACYGOAL]=$LIBLEGACY | |
318e074e RL |
173 | IF[{- defined $target{shared_defflag} -}] |
174 | SOURCE[legacy]=legacy.ld | |
175 | GENERATE[legacy.ld]=../util/providers.num | |
176 | ENDIF | |
d0308923 | 177 | ENDIF |
dec95d75 RL |
178 | |
179 | # Common things that are valid no matter what form the Legacy provider | |
180 | # takes. | |
600703f4 | 181 | SOURCE[$LEGACYGOAL]=legacyprov.c |
fdaad3f1 | 182 | INCLUDE[$LEGACYGOAL]=../include implementations/include common/include |
d0308923 | 183 | ENDIF |
7b4344ac P |
184 | |
185 | # | |
186 | # Null provider stuff | |
187 | # | |
188 | # Because the null provider is built in, it means that libcrypto must | |
189 | # include all the object files that are needed. | |
190 | $NULLGOAL=../libcrypto | |
eab7b424 | 191 | SOURCE[$NULLGOAL]=nullprov.c prov_running.c |
7b4344ac | 192 | |
eab7b424 | 193 | SOURCE[$LIBNONFIPS]=prov_running.c |