From: Richard Levitte Date: Wed, 19 May 2021 16:51:07 +0000 (+0200) Subject: PROV: Relegate most of the FIPS provider code to libfips.a X-Git-Tag: openssl-3.0.0-beta1~444 X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=b938544969577e3b74da6f8c689c87c90ceced22 PROV: Relegate most of the FIPS provider code to libfips.a provider/fips/fipsprov.c contains a number of symbols that get used by anything that's included in libfips.a, at least on Unix. Unfortunately, there are platforms that do not support resolving symbols to things that are already included in the end product (module in this case) being built; they only support resolving symbols with what comes next in the linking process. The offending symbols in this case are FIPS_security_check_enabled, c_thread_start and ossl_fips_intern_provider_init. We resolve this by placing provider/fips/fipsprov.c in libfips.a along with everything else there. That takes care of the offending symbols. What remains is to ensure that there is an entry point in an object file used directly when linking the module, providers/fips/fips_entry.c Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15370) --- diff --git a/providers/fips/build.info b/providers/fips/build.info index 8d3c5e2049..2bfc58501e 100644 --- a/providers/fips/build.info +++ b/providers/fips/build.info @@ -1,2 +1,6 @@ -SOURCE[../fips]=fipsprov.c self_test.c self_test_kats.c -INCLUDE[../fips]=../implementations/include ../common/include ../.. +# We include the provider implementation into ../libfips.a, so that all +# platforms can resolve symbols in other members of that library. +SOURCE[../libfips.a]=fipsprov.c self_test.c self_test_kats.c + +# It is necessary to have an explicit entry point +SOURCE[../fips]=fips_entry.c diff --git a/providers/fips/fips_entry.c b/providers/fips/fips_entry.c new file mode 100644 index 0000000000..c2c8d5de2c --- /dev/null +++ b/providers/fips/fips_entry.c @@ -0,0 +1,19 @@ +/* + * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +OSSL_provider_init_fn OSSL_provider_init_int; +int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, + void **provctx) +{ + return OSSL_provider_init_int(handle, in, out, provctx); +} diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index c28995fc44..580eea574f 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -518,10 +518,26 @@ static const OSSL_DISPATCH intern_dispatch_table[] = { { 0, NULL } }; -int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out, - void **provctx) +/* + * On VMS, the provider init function name is expected to be uppercase, + * see the pragmas in . Let's do the same with this + * internal name. This is how symbol names are treated by default + * by the compiler if nothing else is said, but since this is part + * of libfips, and we build our libraries with mixed case symbol names, + * we must switch back to this default explicitly here. + */ +#ifdef __VMS +# pragma names save +# pragma names uppercase,truncated +#endif +OSSL_provider_init_fn OSSL_provider_init_int; +#ifdef __VMS +# pragma names restore +#endif +int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle, + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, + void **provctx) { FIPS_GLOBAL *fgbl; OSSL_LIB_CTX *libctx = NULL;