[openssl] master update

Richard Levitte levitte at openssl.org
Tue Jul 21 09:53:02 UTC 2020

The branch master has been updated
       via  904f42509f8d5e6210113e49a7e41ed2b1dd5a81 (commit)
      from  7e4f01d8ba9983b37758eb8842c64500ee0b29ca (commit)

- Log -----------------------------------------------------------------
commit 904f42509f8d5e6210113e49a7e41ed2b1dd5a81
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon Jul 20 09:11:15 2020 +0200

    PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a
    libcommon.a is FIPS agnostic, while libfips.a and libnonfips.a are
    FIPS / non-FIPS specific.  Since bio_prov.c checks FIPS_MODULE, it
    belongs to the latter.
    Along with this, a bit more instruction commentary is added to
    Reviewed-by: Paul Yang <kaishen.yy at antfin.com>
    (Merged from https://github.com/openssl/openssl/pull/12486)


Summary of changes:
 providers/build.info        | 20 ++++++++++++++++++++
 providers/common/build.info |  4 ++--
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/providers/build.info b/providers/build.info
index 873f12a853..b1bb966b70 100644
--- a/providers/build.info
+++ b/providers/build.info
@@ -27,6 +27,26 @@
 # libnonfips.a          Corresponds to libfips.a, but built with
 #                       FIPS_MODULE undefined.  The default and legacy
 #                       providers use this.
+# This is how different provider modules should be linked:
+# FIPS:
+#     -o fips.so {object files...} libimplementations.a libcommon.a libfips.a
+# Non-FIPS:
+#     -o module.so {object files...} libimplementations.a libcommon.a libnonfips.a
+# It is crucial that code that checks for the FIPS_MODULE macro end up in
+# libfips.a and libnonfips.a, never in libcommon.a.
+# It is crucial that such code is written so libfips.a and libnonfips.a doesn't
+# end up depending on libimplementations.a or libcommon.a.
+# It is crucial that such code is written so libcommon.a doesn't end up
+# depending on libimplementations.a.
+# Code in providers/implementations/ should be written in such a way that the
+# OSSL_DISPATCH arrays (and preferably the majority of the actual code) ends
+# up in either libimplementations.a or liblegacy.a.
+# If need be, write an abstraction layer in separate source files and make them
+# libfips.a / libnonfips.a sources.
 SUBDIRS=common implementations
diff --git a/providers/common/build.info b/providers/common/build.info
index 14add72dd6..fb04883507 100644
--- a/providers/common/build.info
+++ b/providers/common/build.info
@@ -1,6 +1,6 @@
-SOURCE[../libcommon.a]=provider_err.c bio_prov.c provider_ctx.c
-$FIPSCOMMON=provider_util.c capabilities.c
+SOURCE[../libcommon.a]=provider_err.c provider_ctx.c
+$FIPSCOMMON=provider_util.c capabilities.c bio_prov.c
 SOURCE[../libnonfips.a]=$FIPSCOMMON nid_to_name.c

More information about the openssl-commits mailing list