| 1 | # libcommon.a Contains common building blocks and other routines,
|
|---|
| 2 | # potentially needed by any of our providers.
|
|---|
| 3 | #
|
|---|
| 4 | # libfips.a Contains all algorithm implementations that should
|
|---|
| 5 | # go in the FIPS provider. The compilations for this
|
|---|
| 6 | # library are all done with FIPS_MODULE defined.
|
|---|
| 7 | #
|
|---|
| 8 | # liblegacy.a Contains all algorithm implementations that should
|
|---|
| 9 | # go into the legacy provider. The compilations for
|
|---|
| 10 | # this library are all done with STATIC_LEGACY defined.
|
|---|
| 11 | #
|
|---|
| 12 | # libdefault.a Contains all algorithm implementations that should
|
|---|
| 13 | # into the default or base provider.
|
|---|
| 14 | #
|
|---|
| 15 | # To be noted is that the FIPS provider shares source code with libcrypto,
|
|---|
| 16 | # which means that select source files from crypto/ are compiled for
|
|---|
| 17 | # libfips.a the sources from providers/implementations.
|
|---|
| 18 | #
|
|---|
| 19 | # This is how a provider module should be linked:
|
|---|
| 20 | #
|
|---|
| 21 | # -o {modulename}.so {object files...} lib{modulename}.a libcommon.a
|
|---|
| 22 | #
|
|---|
| 23 | # It is crucial that code that checks the FIPS_MODULE macro ends up in
|
|---|
| 24 | # libfips.a.
|
|---|
| 25 | # It is crucial that code that checks the STATIC_LEGACY macro ends up in
|
|---|
| 26 | # liblegacy.a.
|
|---|
| 27 | # It is recommended that code that is written for libcommon.a doesn't end
|
|---|
| 28 | # up depending on libfips.a, liblegacy.a or libdefault.a
|
|---|
| 29 | #
|
|---|
| 30 | # Code in providers/implementations/ should be written in such a way that
|
|---|
| 31 | # the OSSL_DISPATCH arrays (and preferably the majority of the actual code)
|
|---|
| 32 | # end up in either libfips.a, liblegacy.a or libdefault.a.
|
|---|
| 33 |
|
|---|
| 34 | SUBDIRS=common implementations
|
|---|
| 35 |
|
|---|
| 36 | INCLUDE[../libcrypto]=common/include
|
|---|
| 37 |
|
|---|
| 38 | # Libraries we're dealing with
|
|---|
| 39 | $LIBCOMMON=libcommon.a
|
|---|
| 40 | $LIBFIPS=libfips.a
|
|---|
| 41 | $LIBLEGACY=liblegacy.a
|
|---|
| 42 | $LIBDEFAULT=libdefault.a
|
|---|
| 43 | LIBS{noinst}=$LIBDEFAULT $LIBCOMMON
|
|---|
| 44 |
|
|---|
| 45 | # Enough of our implementations include prov/ciphercommon.h (present in
|
|---|
| 46 | # providers/implementations/include), which includes crypto/*_platform.h
|
|---|
| 47 | # (present in include), which in turn may include very internal header
|
|---|
| 48 | # files in crypto/, so let's have a common include list for them all.
|
|---|
| 49 | $COMMON_INCLUDES=../crypto ../include implementations/include common/include
|
|---|
| 50 |
|
|---|
| 51 | INCLUDE[$LIBCOMMON]=$COMMON_INCLUDES
|
|---|
| 52 | INCLUDE[$LIBFIPS]=.. $COMMON_INCLUDES
|
|---|
| 53 | INCLUDE[$LIBLEGACY]=.. $COMMON_INCLUDES
|
|---|
| 54 | INCLUDE[$LIBDEFAULT]=.. $COMMON_INCLUDES
|
|---|
| 55 | DEFINE[$LIBFIPS]=FIPS_MODULE
|
|---|
| 56 |
|
|---|
| 57 | # Weak dependencies to provide library order information. What is actually
|
|---|
| 58 | # used is determined by non-weak dependencies.
|
|---|
| 59 | DEPEND[$LIBCOMMON]{weak}=../libcrypto
|
|---|
| 60 |
|
|---|
| 61 | # Strong dependencies. This ensures that any time an implementation library
|
|---|
| 62 | # is used, libcommon gets included as well.
|
|---|
| 63 | # The $LIBFIPS dependency on $LIBCOMMON is extra strong, to mitigate for
|
|---|
| 64 | # linking problems because they are interdependent
|
|---|
| 65 | SOURCE[$LIBFIPS]=$LIBCOMMON
|
|---|
| 66 | DEPEND[$LIBLEGACY]=$LIBCOMMON
|
|---|
| 67 | DEPEND[$LIBDEFAULT]=$LIBCOMMON
|
|---|
| 68 |
|
|---|
| 69 | #
|
|---|
| 70 | # Default provider stuff
|
|---|
| 71 | #
|
|---|
| 72 | # Because the default provider is built in, it means that libcrypto must
|
|---|
| 73 | # include all the object files that are needed (we do that indirectly,
|
|---|
| 74 | # by using the appropriate libraries as source). Note that for shared
|
|---|
| 75 | # libraries, SOURCEd libraries are considered as if they were specified
|
|---|
| 76 | # with DEPEND.
|
|---|
| 77 | $DEFAULTGOAL=../libcrypto
|
|---|
| 78 | SOURCE[$DEFAULTGOAL]=$LIBDEFAULT defltprov.c
|
|---|
| 79 | INCLUDE[$DEFAULTGOAL]=implementations/include
|
|---|
| 80 |
|
|---|
| 81 | #
|
|---|
| 82 | # Base provider stuff
|
|---|
| 83 | #
|
|---|
| 84 | # Because the base provider is built in, it means that libcrypto must
|
|---|
| 85 | # include all of the object files that are needed, just like the default
|
|---|
| 86 | # provider.
|
|---|
| 87 | $BASEGOAL=../libcrypto
|
|---|
| 88 | SOURCE[$BASEGOAL]=$LIBDEFAULT baseprov.c
|
|---|
| 89 | INCLUDE[$BASEGOAL]=implementations/include
|
|---|
| 90 |
|
|---|
| 91 | #
|
|---|
| 92 | # FIPS provider stuff
|
|---|
| 93 | #
|
|---|
| 94 | # We define it this way to ensure that configdata.pm will have all the
|
|---|
| 95 | # necessary information even if we don't build the module. This will allow
|
|---|
| 96 | # us to make all kinds of checks on the source, based on what we specify in
|
|---|
| 97 | # diverse build.info files. libfips.a, fips.so and their sources aren't
|
|---|
| 98 | # built unless the proper LIBS or MODULES statement has been seen, so we
|
|---|
| 99 | # have those and only those within a condition.
|
|---|
| 100 | IF[{- !$disabled{fips} -}]
|
|---|
| 101 | SUBDIRS=fips
|
|---|
| 102 | $FIPSGOAL=fips
|
|---|
| 103 |
|
|---|
| 104 | # This is the trigger to actually build the FIPS module. Without these
|
|---|
| 105 | # statements, the final build file will not have a trace of it.
|
|---|
| 106 | MODULES{fips}=$FIPSGOAL
|
|---|
| 107 | LIBS{noinst}=$LIBFIPS
|
|---|
| 108 |
|
|---|
| 109 | DEPEND[$FIPSGOAL]=$LIBFIPS
|
|---|
| 110 | INCLUDE[$FIPSGOAL]=../include
|
|---|
| 111 | DEFINE[$FIPSGOAL]=FIPS_MODULE
|
|---|
| 112 | IF[{- defined $target{shared_defflag} -}]
|
|---|
| 113 | SOURCE[$FIPSGOAL]=fips.ld
|
|---|
| 114 | GENERATE[fips.ld]=../util/providers.num
|
|---|
| 115 | ENDIF
|
|---|
| 116 |
|
|---|
| 117 | DEPEND[|build_modules_nodep|]=fipsmodule.cnf
|
|---|
| 118 | GENERATE[fipsmodule.cnf]=../util/mk-fipsmodule-cnf.pl \
|
|---|
| 119 | -module $(FIPSMODULE) -section_name fips_sect -key $(FIPSKEY)
|
|---|
| 120 | DEPEND[fipsmodule.cnf]=$FIPSGOAL
|
|---|
| 121 |
|
|---|
| 122 | # Add VERSIONINFO resource for windows
|
|---|
| 123 | IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-|BC-)/ -}]
|
|---|
| 124 | GENERATE[fips.rc]=../util/mkrc.pl fips
|
|---|
| 125 | SOURCE[$FIPSGOAL]=fips.rc
|
|---|
| 126 | ENDIF
|
|---|
| 127 | ENDIF
|
|---|
| 128 |
|
|---|
| 129 | #
|
|---|
| 130 | # Legacy provider stuff
|
|---|
| 131 | #
|
|---|
| 132 | IF[{- !$disabled{legacy} -}]
|
|---|
| 133 | LIBS{noinst}=$LIBLEGACY
|
|---|
| 134 |
|
|---|
| 135 | IF[{- $disabled{module} -}]
|
|---|
| 136 | # Become built in
|
|---|
| 137 | # In this case, we need to do the same thing a for the default provider,
|
|---|
| 138 | # and make the liblegacy object files end up in libcrypto. We could also
|
|---|
| 139 | # just say that for the built-in legacy, we put the source directly in
|
|---|
| 140 | # libcrypto instead of going via liblegacy, but that makes writing the
|
|---|
| 141 | # implementation specific build.info files harder to write, so we don't.
|
|---|
| 142 | $LEGACYGOAL=../libcrypto
|
|---|
| 143 | SOURCE[$LEGACYGOAL]=$LIBLEGACY
|
|---|
| 144 | DEFINE[$LEGACYGOAL]=STATIC_LEGACY
|
|---|
| 145 | ELSE
|
|---|
| 146 | # Become a module
|
|---|
| 147 | # In this case, we can work with dependencies
|
|---|
| 148 | $LEGACYGOAL=legacy
|
|---|
| 149 | MODULES=$LEGACYGOAL
|
|---|
| 150 | DEPEND[$LEGACYGOAL]=$LIBLEGACY ../libcrypto
|
|---|
| 151 | IF[{- defined $target{shared_defflag} -}]
|
|---|
| 152 | SOURCE[legacy]=legacy.ld
|
|---|
| 153 | GENERATE[legacy.ld]=../util/providers.num
|
|---|
| 154 | ENDIF
|
|---|
| 155 |
|
|---|
| 156 | # Add VERSIONINFO resource for windows
|
|---|
| 157 | IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-|BC-)/ -}]
|
|---|
| 158 | GENERATE[legacy.rc]=../util/mkrc.pl legacy
|
|---|
| 159 | SOURCE[$LEGACYGOAL]=legacy.rc
|
|---|
| 160 | ENDIF
|
|---|
| 161 |
|
|---|
| 162 | SOURCE[$LIBLEGACY]=prov_running.c
|
|---|
| 163 | ENDIF
|
|---|
| 164 |
|
|---|
| 165 | # Common things that are valid no matter what form the Legacy provider
|
|---|
| 166 | # takes.
|
|---|
| 167 | SOURCE[$LEGACYGOAL]=legacyprov.c
|
|---|
| 168 | INCLUDE[$LEGACYGOAL]=../include implementations/include common/include
|
|---|
| 169 | ENDIF
|
|---|
| 170 |
|
|---|
| 171 | #
|
|---|
| 172 | # Null provider stuff
|
|---|
| 173 | #
|
|---|
| 174 | # Because the null provider is built in, it means that libcrypto must
|
|---|
| 175 | # include all the object files that are needed.
|
|---|
| 176 | $NULLGOAL=../libcrypto
|
|---|
| 177 | SOURCE[$NULLGOAL]=nullprov.c prov_running.c
|
|---|
