# We place all implementations in static libraries, and then let the # provider mains pilfer what they want through symbol resolution when # linking. # # The non-legacy implementations (libimplementations) must be made FIPS # agnostic as much as possible, as well as the common building blocks # (libcommon). The legacy implementations (liblegacy) will never be # part of the FIPS provider. # # If there is anything that isn't FIPS agnostic, it should be set aside # in its own source file, which is then included directly into other # static libraries geared for FIPS and non-FIPS providers, and built # separately. # # libcommon.a Contains common building blocks, potentially # needed both by non-legacy and legacy code. # # libimplementations.a Contains all non-legacy implementations. # liblegacy.a Contains all legacy implementations. # # libfips.a Contains all things needed to support # FIPS implementations, such as code from # crypto/ and object files that contain # FIPS-specific code. FIPS_MODULE is defined # for this library. The FIPS module uses # this. # libnonfips.a Corresponds to libfips.a, but built with # FIPS_MODULE undefined. The default and legacy # providers use this. # # This is how different provider modules should be linked: # # FIPS: # -o fips.so {object files...} libimplementations.a libcommon.a libfips.a # Non-FIPS: # -o module.so {object files...} libimplementations.a libcommon.a libnonfips.a # # It is crucial that code that checks for the FIPS_MODULE macro end up in # libfips.a and libnonfips.a, never in libcommon.a. # It is crucial that such code is written so libfips.a and libnonfips.a doesn't # end up depending on libimplementations.a or libcommon.a. # It is crucial that such code is written so libcommon.a doesn't end up # depending on libimplementations.a. # # Code in providers/implementations/ should be written in such a way that the # OSSL_DISPATCH arrays (and preferably the majority of the actual code) ends # up in either libimplementations.a or liblegacy.a. # If need be, write an abstraction layer in separate source files and make them # libfips.a / libnonfips.a sources. SUBDIRS=common implementations INCLUDE[../libcrypto]=common/include # Libraries we're dealing with $LIBCOMMON=libcommon.a $LIBIMPLEMENTATIONS=libimplementations.a $LIBLEGACY=liblegacy.a $LIBNONFIPS=libnonfips.a $LIBFIPS=libfips.a # Enough of our implementations include prov/ciphercommon.h (present in # providers/implementations/include), which includes crypto/*_platform.h # (present in include), which in turn may include very internal header # files in crypto/, so let's have a common include list for them all. $COMMON_INCLUDES=../crypto ../include implementations/include common/include INCLUDE[$LIBCOMMON]=$COMMON_INCLUDES INCLUDE[$LIBIMPLEMENTATIONS]=.. $COMMON_INCLUDES INCLUDE[$LIBLEGACY]=.. $COMMON_INCLUDES INCLUDE[$LIBNONFIPS]=.. $COMMON_INCLUDES INCLUDE[$LIBFIPS]=.. $COMMON_INCLUDES DEFINE[$LIBFIPS]=FIPS_MODULE # Weak dependencies to provide library order information. # We make it weak so they aren't both used always; what is # actually used is determined by non-weak dependencies. DEPEND[$LIBIMPLEMENTATIONS]{weak}=$LIBFIPS $LIBNONFIPS DEPEND[$LIBCOMMON]{weak}=$LIBFIPS # Strong dependencies. This ensures that any time libimplementations # is used, libcommon gets included as well. DEPEND[$LIBIMPLEMENTATIONS]=$LIBCOMMON DEPEND[$LIBNONFIPS]=../libcrypto # It's tempting to make libcommon depend on ../libcrypto. However, # since the FIPS provider module must NOT depend on ../libcrypto, we # need to set that dependency up specifically for the final products # that use $LIBCOMMON or anything that depends on it. # Libraries common to all providers, must be built regardless LIBS{noinst}=$LIBCOMMON # Libraries that are common for all non-FIPS providers, must be built regardless LIBS{noinst}=$LIBNONFIPS $LIBIMPLEMENTATIONS # # Default provider stuff # # Because the default provider is built in, it means that libcrypto must # include all the object files that are needed (we do that indirectly, # by using the appropriate libraries as source). Note that for shared # libraries, SOURCEd libraries are considered as if the where specified # with DEPEND. $DEFAULTGOAL=../libcrypto SOURCE[$DEFAULTGOAL]=$LIBIMPLEMENTATIONS $LIBNONFIPS SOURCE[$DEFAULTGOAL]=defltprov.c # Some legacy implementations depend on provider header files INCLUDE[$DEFAULTGOAL]=implementations/include LIBS=$DEFAULTGOAL # # Base provider stuff # # Because the base provider is built in, it means that libcrypto # must include all of the object files that are needed. $BASEGOAL=../libcrypto SOURCE[$BASEGOAL]=$LIBIMPLEMENTATIONS $LIBNONFIPS SOURCE[$BASEGOAL]=baseprov.c INCLUDE[$BASEGOAL]=implementations/include # # FIPS provider stuff # # We define it this way to ensure that configdata.pm will have all the # necessary information even if we don't build the module. This will allow # us to make all kinds of checks on the source, based on what we specify in # diverse build.info files. libfips.a, fips.so and their sources aren't # built unless the proper LIBS or MODULES statement has been seen, so we # have those and only those within a condition. SUBDIRS=fips $FIPSGOAL=fips DEPEND[$FIPSGOAL]=$LIBIMPLEMENTATIONS $LIBFIPS INCLUDE[$FIPSGOAL]=../include DEFINE[$FIPSGOAL]=FIPS_MODULE IF[{- defined $target{shared_defflag} -}] SOURCE[$FIPSGOAL]=fips.ld GENERATE[fips.ld]=../util/providers.num ENDIF IF[{- !$disabled{fips} -}] # This is the trigger to actually build the FIPS module. Without these # statements, the final build file will not have a trace of it. MODULES=$FIPSGOAL LIBS{noinst}=$LIBFIPS ENDIF # # Legacy provider stuff # IF[{- !$disabled{legacy} -}] # The legacy implementation library LIBS{noinst}=$LIBLEGACY DEPEND[$LIBLEGACY]=$LIBCOMMON $LIBNONFIPS # The Legacy provider IF[{- $disabled{module} -}] # Become built in # In this case, we need to do the same thing a for the default provider, # and make the liblegacy object files end up in libcrypto. We could also # just say that for the built-in legacy, we put the source directly in # libcrypto instead of going via liblegacy, but that makes writing the # implementation specific build.info files harder to write, so we don't. $LEGACYGOAL=../libcrypto SOURCE[$LEGACYGOAL]=$LIBLEGACY DEFINE[$LIBLEGACY]=STATIC_LEGACY DEFINE[$LEGACYGOAL]=STATIC_LEGACY ELSE # Become a module # In this case, we can work with dependencies $LEGACYGOAL=legacy MODULES=$LEGACYGOAL DEPEND[$LEGACYGOAL]=$LIBLEGACY IF[{- defined $target{shared_defflag} -}] SOURCE[legacy]=legacy.ld GENERATE[legacy.ld]=../util/providers.num ENDIF ENDIF # Common things that are valid no matter what form the Legacy provider # takes. SOURCE[$LEGACYGOAL]=legacyprov.c INCLUDE[$LEGACYGOAL]=../include implementations/include common/include ENDIF # # Null provider stuff # # Because the null provider is built in, it means that libcrypto must # include all the object files that are needed. $NULLGOAL=../libcrypto SOURCE[$NULLGOAL]=nullprov.c