diff options
-rw-r--r-- | providers/build.info | 20 | ||||
-rw-r--r-- | providers/common/build.info | 4 |
2 files changed, 22 insertions, 2 deletions
diff --git a/providers/build.info b/providers/build.info index 873f12a853..b1bb966b70 100644 --- a/providers/build.info +++ b/providers/build.info @@ -27,6 +27,26 @@ # libnonfips.a Corresponds to libfips.a, but built with # FIPS_MODULE undefined. The default and legacy # providers use this. +# +# This is how different provider modules should be linked: +# +# FIPS: +# -o fips.so {object files...} libimplementations.a libcommon.a libfips.a +# Non-FIPS: +# -o module.so {object files...} libimplementations.a libcommon.a libnonfips.a +# +# It is crucial that code that checks for the FIPS_MODULE macro end up in +# libfips.a and libnonfips.a, never in libcommon.a. +# It is crucial that such code is written so libfips.a and libnonfips.a doesn't +# end up depending on libimplementations.a or libcommon.a. +# It is crucial that such code is written so libcommon.a doesn't end up +# depending on libimplementations.a. +# +# Code in providers/implementations/ should be written in such a way that the +# OSSL_DISPATCH arrays (and preferably the majority of the actual code) ends +# up in either libimplementations.a or liblegacy.a. +# If need be, write an abstraction layer in separate source files and make them +# libfips.a / libnonfips.a sources. SUBDIRS=common implementations diff --git a/providers/common/build.info b/providers/common/build.info index 14add72dd6..fb04883507 100644 --- a/providers/common/build.info +++ b/providers/common/build.info @@ -1,6 +1,6 @@ SUBDIRS=der -SOURCE[../libcommon.a]=provider_err.c bio_prov.c provider_ctx.c -$FIPSCOMMON=provider_util.c capabilities.c +SOURCE[../libcommon.a]=provider_err.c provider_ctx.c +$FIPSCOMMON=provider_util.c capabilities.c bio_prov.c SOURCE[../libnonfips.a]=$FIPSCOMMON nid_to_name.c SOURCE[../libfips.a]=$FIPSCOMMON |