123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193 |
- # We place all implementations in static libraries, and then let the
- # provider mains pilfer what they want through symbol resolution when
- # linking.
- #
- # The non-legacy implementations (libimplementations) must be made FIPS
- # agnostic as much as possible, as well as the common building blocks
- # (libcommon). The legacy implementations (liblegacy) will never be
- # part of the FIPS provider.
- #
- # If there is anything that isn't FIPS agnostic, it should be set aside
- # in its own source file, which is then included directly into other
- # static libraries geared for FIPS and non-FIPS providers, and built
- # separately.
- #
- # libcommon.a Contains common building blocks, potentially
- # needed both by non-legacy and legacy code.
- #
- # libimplementations.a Contains all non-legacy implementations.
- # liblegacy.a Contains all legacy implementations.
- #
- # libfips.a Contains all things needed to support
- # FIPS implementations, such as code from
- # crypto/ and object files that contain
- # FIPS-specific code. FIPS_MODULE is defined
- # for this library. The FIPS module uses
- # this.
- # libnonfips.a Corresponds to libfips.a, but built with
- # FIPS_MODULE undefined. The default and legacy
- # providers use this.
- #
- # This is how different provider modules should be linked:
- #
- # FIPS:
- # -o fips.so {object files...} libimplementations.a libcommon.a libfips.a
- # Non-FIPS:
- # -o module.so {object files...} libimplementations.a libcommon.a libnonfips.a
- #
- # It is crucial that code that checks for the FIPS_MODULE macro end up in
- # libfips.a and libnonfips.a, never in libcommon.a.
- # It is crucial that such code is written so libfips.a and libnonfips.a doesn't
- # end up depending on libimplementations.a or libcommon.a.
- # It is crucial that such code is written so libcommon.a doesn't end up
- # depending on libimplementations.a.
- #
- # Code in providers/implementations/ should be written in such a way that the
- # OSSL_DISPATCH arrays (and preferably the majority of the actual code) ends
- # up in either libimplementations.a or liblegacy.a.
- # If need be, write an abstraction layer in separate source files and make them
- # libfips.a / libnonfips.a sources.
- SUBDIRS=common implementations
- INCLUDE[../libcrypto]=common/include
- # Libraries we're dealing with
- $LIBCOMMON=libcommon.a
- $LIBIMPLEMENTATIONS=libimplementations.a
- $LIBLEGACY=liblegacy.a
- $LIBNONFIPS=libnonfips.a
- $LIBFIPS=libfips.a
- # Enough of our implementations include prov/ciphercommon.h (present in
- # providers/implementations/include), which includes crypto/*_platform.h
- # (present in include), which in turn may include very internal header
- # files in crypto/, so let's have a common include list for them all.
- $COMMON_INCLUDES=../crypto ../include implementations/include common/include
- INCLUDE[$LIBCOMMON]=$COMMON_INCLUDES
- INCLUDE[$LIBIMPLEMENTATIONS]=.. $COMMON_INCLUDES
- INCLUDE[$LIBLEGACY]=.. $COMMON_INCLUDES
- INCLUDE[$LIBNONFIPS]=.. $COMMON_INCLUDES
- INCLUDE[$LIBFIPS]=.. $COMMON_INCLUDES
- DEFINE[$LIBFIPS]=FIPS_MODULE
- # Weak dependencies to provide library order information.
- # We make it weak so they aren't both used always; what is
- # actually used is determined by non-weak dependencies.
- DEPEND[$LIBIMPLEMENTATIONS]{weak}=$LIBFIPS $LIBNONFIPS
- DEPEND[$LIBCOMMON]{weak}=$LIBFIPS
- # Strong dependencies. This ensures that any time libimplementations
- # is used, libcommon gets included as well.
- DEPEND[$LIBIMPLEMENTATIONS]=$LIBCOMMON
- DEPEND[$LIBNONFIPS]=../libcrypto
- # It's tempting to make libcommon depend on ../libcrypto. However,
- # since the FIPS provider module must NOT depend on ../libcrypto, we
- # need to set that dependency up specifically for the final products
- # that use $LIBCOMMON or anything that depends on it.
- # Libraries common to all providers, must be built regardless
- LIBS{noinst}=$LIBCOMMON
- # Libraries that are common for all non-FIPS providers, must be built regardless
- LIBS{noinst}=$LIBNONFIPS $LIBIMPLEMENTATIONS
- #
- # Default provider stuff
- #
- # Because the default provider is built in, it means that libcrypto must
- # include all the object files that are needed (we do that indirectly,
- # by using the appropriate libraries as source). Note that for shared
- # libraries, SOURCEd libraries are considered as if the where specified
- # with DEPEND.
- $DEFAULTGOAL=../libcrypto
- SOURCE[$DEFAULTGOAL]=$LIBIMPLEMENTATIONS $LIBNONFIPS
- SOURCE[$DEFAULTGOAL]=defltprov.c
- # Some legacy implementations depend on provider header files
- INCLUDE[$DEFAULTGOAL]=implementations/include
- LIBS=$DEFAULTGOAL
- #
- # Base provider stuff
- #
- # Because the base provider is built in, it means that libcrypto
- # must include all of the object files that are needed.
- $BASEGOAL=../libcrypto
- SOURCE[$BASEGOAL]=$LIBIMPLEMENTATIONS $LIBNONFIPS
- SOURCE[$BASEGOAL]=baseprov.c
- INCLUDE[$BASEGOAL]=implementations/include
- #
- # FIPS provider stuff
- #
- # We define it this way to ensure that configdata.pm will have all the
- # necessary information even if we don't build the module. This will allow
- # us to make all kinds of checks on the source, based on what we specify in
- # diverse build.info files. libfips.a, fips.so and their sources aren't
- # built unless the proper LIBS or MODULES statement has been seen, so we
- # have those and only those within a condition.
- SUBDIRS=fips
- $FIPSGOAL=fips
- DEPEND[$FIPSGOAL]=$LIBIMPLEMENTATIONS $LIBFIPS
- INCLUDE[$FIPSGOAL]=../include
- DEFINE[$FIPSGOAL]=FIPS_MODULE
- IF[{- defined $target{shared_defflag} -}]
- SOURCE[$FIPSGOAL]=fips.ld
- GENERATE[fips.ld]=../util/providers.num
- ENDIF
- IF[{- !$disabled{fips} -}]
- # This is the trigger to actually build the FIPS module. Without these
- # statements, the final build file will not have a trace of it.
- MODULES{fips}=$FIPSGOAL
- LIBS{noinst}=$LIBFIPS
- ENDIF
- #
- # Legacy provider stuff
- #
- IF[{- !$disabled{legacy} -}]
- # The legacy implementation library
- LIBS{noinst}=$LIBLEGACY
- DEPEND[$LIBLEGACY]=$LIBCOMMON $LIBNONFIPS
- # The Legacy provider
- IF[{- $disabled{module} -}]
- # Become built in
- # In this case, we need to do the same thing a for the default provider,
- # and make the liblegacy object files end up in libcrypto. We could also
- # just say that for the built-in legacy, we put the source directly in
- # libcrypto instead of going via liblegacy, but that makes writing the
- # implementation specific build.info files harder to write, so we don't.
- $LEGACYGOAL=../libcrypto
- SOURCE[$LEGACYGOAL]=$LIBLEGACY
- DEFINE[$LIBLEGACY]=STATIC_LEGACY
- DEFINE[$LEGACYGOAL]=STATIC_LEGACY
- ELSE
- # Become a module
- # In this case, we can work with dependencies
- $LEGACYGOAL=legacy
- MODULES=$LEGACYGOAL
- DEPEND[$LEGACYGOAL]=$LIBLEGACY
- IF[{- defined $target{shared_defflag} -}]
- SOURCE[legacy]=legacy.ld
- GENERATE[legacy.ld]=../util/providers.num
- ENDIF
- ENDIF
- # Common things that are valid no matter what form the Legacy provider
- # takes.
- SOURCE[$LEGACYGOAL]=legacyprov.c
- INCLUDE[$LEGACYGOAL]=../include implementations/include common/include
- ENDIF
- #
- # Null provider stuff
- #
- # Because the null provider is built in, it means that libcrypto must
- # include all the object files that are needed.
- $NULLGOAL=../libcrypto
- SOURCE[$NULLGOAL]=nullprov.c prov_running.c
- SOURCE[$LIBNONFIPS]=prov_running.c
|