From: Richard Levitte Date: Thu, 6 May 2021 06:48:15 +0000 (+0200) Subject: Drop libimplementations.a X-Git-Tag: openssl-3.0.0-alpha17~232 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=848af5e8feab2dd27becec8a4121947ab4a97df3;p=thirdparty%2Fopenssl.git Drop libimplementations.a libimplementations.a was a nice idea, but had a few flaws: 1. The idea to have common code in libimplementations.a and FIPS sensitive helper functions in libfips.a / libnonfips.a didn't catch on, and we saw full implementation ending up in them instead and not appearing in libimplementations.a at all. 2. Because more or less ALL algorithm implementations were included in libimplementations.a (the idea being that the appropriate objects from it would be selected automatically by the linker when building the shared libraries), it's very hard to find only the implementation source that should go into the FIPS module, with the result that the FIPS checksum mechanism include source files that it shouldn't To mitigate, we drop libimplementations.a, but retain the idea of collecting implementations in static libraries. With that, we not have: libfips.a Includes all implementations that should become part of the FIPS provider. liblegacy.a Includes all implementations that should become part of the legacy provider. libdefault.a Includes all implementations that should become part of the default and base providers. With this, libnonfips.a becomes irrelevant and is dropped. libcommon.a is retained to include common provider code that can be used uniformly by all providers. Fixes #15157 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15171) --- diff --git a/crypto/aes/build.info b/crypto/aes/build.info index 2b2053031fd..cc523c8f4f1 100644 --- a/crypto/aes/build.info +++ b/crypto/aes/build.info @@ -70,7 +70,6 @@ SOURCE[../../providers/libfips.a]=$COMMON # need to be applied to all affected libraries and modules. DEFINE[../../libcrypto]=$AESDEF DEFINE[../../providers/libfips.a]=$AESDEF -DEFINE[../../providers/libimplementations.a]=$AESDEF GENERATE[aes-ia64.s]=asm/aes-ia64.S diff --git a/crypto/bn/build.info b/crypto/bn/build.info index 89ff0044f25..5e948b84333 100644 --- a/crypto/bn/build.info +++ b/crypto/bn/build.info @@ -120,7 +120,6 @@ SOURCE[../../providers/liblegacy.a]=$BNASM DEFINE[../../providers/liblegacy.a]=$BNDEF # Implementations are now spread across several libraries, so the defines # need to be applied to all affected libraries and modules. -DEFINE[../../providers/libimplementations.a]=$BNDEF DEFINE[../../providers/libcommon.a]=$BNDEF INCLUDE[bn_exp.o]=.. diff --git a/crypto/build.info b/crypto/build.info index 3e1c295aead..ffcc2b01837 100644 --- a/crypto/build.info +++ b/crypto/build.info @@ -80,7 +80,6 @@ ENDIF # Implementations are now spread across several libraries, so the CPUID define # need to be applied to all affected libraries and modules. -DEFINE[../providers/libimplementations.a]=$CPUIDDEF DEFINE[../providers/libcommon.a]=$CPUIDDEF # The Core diff --git a/crypto/ec/build.info b/crypto/ec/build.info index ed256981c7b..4b6556acc00 100644 --- a/crypto/ec/build.info +++ b/crypto/ec/build.info @@ -65,7 +65,6 @@ SOURCE[../../providers/libfips.a]=$COMMON # need to be applied to all affected libraries and modules. DEFINE[../../libcrypto]=$ECDEF DEFINE[../../providers/libfips.a]=$ECDEF -DEFINE[../../providers/libimplementations.a]=$ECDEF GENERATE[ecp_nistz256-x86.s]=asm/ecp_nistz256-x86.pl diff --git a/crypto/md5/build.info b/crypto/md5/build.info index bbb70fde3c1..c35177bd502 100644 --- a/crypto/md5/build.info +++ b/crypto/md5/build.info @@ -15,8 +15,7 @@ IF[{- !$disabled{asm} -}] ENDIF $COMMON=md5_dgst.c md5_one.c md5_sha1.c $MD5ASM -SOURCE[../../libcrypto]=$COMMON -SOURCE[../../providers/libimplementations.a]=$COMMON +SOURCE[../../libcrypto ../../providers/libfips.a]=$COMMON # A no-deprecated no-shared build ends up with double function definitions # without conditioning this on dso. The issue is MD5 which is needed in the @@ -31,7 +30,7 @@ ENDIF # Implementations are now spread across several libraries, so the defines # need to be applied to all affected libraries and modules. DEFINE[../../libcrypto]=$MD5DEF -DEFINE[../../providers/libimplementations.a]=$MD5DEF +DEFINE[../../providers/libfips.a]=$MD5DEF DEFINE[../../providers/liblegacy.a]=$MD5DEF GENERATE[md5-586.s]=asm/md5-586.pl diff --git a/crypto/modes/build.info b/crypto/modes/build.info index fb54b46ea58..687e872a1eb 100644 --- a/crypto/modes/build.info +++ b/crypto/modes/build.info @@ -58,7 +58,6 @@ SOURCE[../../providers/libfips.a]=$COMMON # need to be applied to all affected libraries and modules. DEFINE[../../libcrypto]=$MODESDEF DEFINE[../../providers/libfips.a]=$MODESDEF -DEFINE[../../providers/libimplementations.a]=$MODESDEF INCLUDE[gcm128.o]=.. diff --git a/crypto/poly1305/build.info b/crypto/poly1305/build.info index 9e4085f9faf..7e055ef3382 100644 --- a/crypto/poly1305/build.info +++ b/crypto/poly1305/build.info @@ -34,7 +34,6 @@ SOURCE[../../libcrypto]=poly1305.c $POLY1305ASM # Implementations are now spread across several libraries, so the defines # need to be applied to all affected libraries and modules. DEFINE[../../libcrypto]=$POLY1305DEF -DEFINE[../../providers/libimplementations.a]=$POLY1305DEF GENERATE[poly1305-sparcv9.S]=asm/poly1305-sparcv9.pl INCLUDE[poly1305-sparcv9.o]=.. diff --git a/crypto/ripemd/build.info b/crypto/ripemd/build.info index 762067e6355..f1845733a86 100644 --- a/crypto/ripemd/build.info +++ b/crypto/ripemd/build.info @@ -14,7 +14,6 @@ ENDIF # Implementations are now spread across several libraries, so the defines # need to be applied to all affected libraries and modules -DEFINE[../../providers/libimplementations.a]=$RMD160DEF SOURCE[../../libcrypto]=rmd_dgst.c rmd_one.c $RMD160ASM DEFINE[../../libcrypto]=$RMD160DEF diff --git a/crypto/sha/build.info b/crypto/sha/build.info index dd10c5cd667..4f0ad6571ea 100644 --- a/crypto/sha/build.info +++ b/crypto/sha/build.info @@ -81,7 +81,6 @@ SOURCE[../../providers/libfips.a]= $COMMON # need to be applied to all affected libraries and modules. DEFINE[../../libcrypto]=$SHA1DEF $KECCAK1600DEF DEFINE[../../providers/libfips.a]=$SHA1DEF $KECCAK1600DEF -DEFINE[../../providers/libimplementations.a]=$SHA1DEF $KECCAK1600DEF GENERATE[sha1-586.s]=asm/sha1-586.pl DEPEND[sha1-586.s]=../perlasm/x86asm.pl diff --git a/crypto/whrlpool/build.info b/crypto/whrlpool/build.info index 471b8acf2c1..88f0c7bd3a8 100644 --- a/crypto/whrlpool/build.info +++ b/crypto/whrlpool/build.info @@ -17,10 +17,6 @@ IF[{- !$disabled{asm} -}] ENDIF ENDIF -# Implementations are now spread across several libraries, so the defines -# need to be applied to all affected libraries and modules. -DEFINE[../../providers/libimplementations.a]=$WPDEF - SOURCE[../../libcrypto]=wp_dgst.c $WPASM DEFINE[../../libcrypto]=$WPDEF diff --git a/providers/build.info b/providers/build.info index b772e5ec250..065b570253c 100644 --- a/providers/build.info +++ b/providers/build.info @@ -1,52 +1,35 @@ -# We place all implementations in static libraries, and then let the -# provider mains pilfer what they want through symbol resolution when -# linking. -# -# The non-legacy implementations (libimplementations) must be made FIPS -# agnostic as much as possible, as well as the common building blocks -# (libcommon). The legacy implementations (liblegacy) will never be -# part of the FIPS provider. -# -# If there is anything that isn't FIPS agnostic, it should be set aside -# in its own source file, which is then included directly into other -# static libraries geared for FIPS and non-FIPS providers, and built -# separately. -# -# libcommon.a Contains common building blocks, potentially -# needed both by non-legacy and legacy code. -# -# libimplementations.a Contains all non-legacy implementations. -# liblegacy.a Contains all legacy implementations. -# -# libfips.a Contains all things needed to support -# FIPS implementations, such as code from -# crypto/ and object files that contain -# FIPS-specific code. FIPS_MODULE is defined -# for this library. The FIPS module uses -# this. -# libnonfips.a Corresponds to libfips.a, but built with -# FIPS_MODULE undefined. The default and legacy -# providers use this. -# -# This is how different provider modules should be linked: -# -# FIPS: -# -o fips.so {object files...} libimplementations.a libcommon.a libfips.a -# Non-FIPS: -# -o module.so {object files...} libimplementations.a libcommon.a libnonfips.a -# -# It is crucial that code that checks for the FIPS_MODULE macro end up in -# libfips.a and libnonfips.a, never in libcommon.a. -# It is crucial that such code is written so libfips.a and libnonfips.a doesn't -# end up depending on libimplementations.a or libcommon.a. -# It is crucial that such code is written so libcommon.a doesn't end up -# depending on libimplementations.a. -# -# Code in providers/implementations/ should be written in such a way that the -# OSSL_DISPATCH arrays (and preferably the majority of the actual code) ends -# up in either libimplementations.a or liblegacy.a. -# If need be, write an abstraction layer in separate source files and make them -# libfips.a / libnonfips.a sources. +# libcommon.a Contains common building blocks and other routines, +# potentially needed by any of our providers. +# +# libfips.a Contains all algorithm implementations that should +# go in the FIPS provider. The compilations for this +# library are all done with FIPS_MODULE defined. +# +# liblegacy.a Contains all algorithm implementations that should +# go into the legacy provider. The compilations for +# this library are all done with STATIC_LEGACY defined. +# +# libdefault.a Contains all algorithm implementations that should +# into the default or base provider. +# +# To be noted is that the FIPS provider shares source code with libcrypto, +# which means that select source files from crypto/ are compiled for +# libfips.a the sources from providers/implementations. +# +# This is how a provider module should be linked: +# +# -o {modulename}.so {object files...} lib{modulename}.a libcommon.a +# +# It is crucial that code that checks the FIPS_MODULE macro ends up in +# libfips.a. +# It is crucial that code that checks the STATIC_LEGACY macro ends up in +# liblegacy.a. +# It is recommended that code that is written for libcommon.a doesn't end +# up depending on libfips.a, liblegacy.a or libdefault.a +# +# Code in providers/implementations/ should be written in such a way that +# the OSSL_DISPATCH arrays (and preferably the majority of the actual code) +# end up in either libfips.a, liblegacy.a or libdefault.a. SUBDIRS=common implementations @@ -54,10 +37,10 @@ INCLUDE[../libcrypto]=common/include # Libraries we're dealing with $LIBCOMMON=libcommon.a -$LIBIMPLEMENTATIONS=libimplementations.a -$LIBLEGACY=liblegacy.a -$LIBNONFIPS=libnonfips.a $LIBFIPS=libfips.a +$LIBLEGACY=liblegacy.a +$LIBDEFAULT=libdefault.a +LIBS{noinst}=$LIBDEFAULT $LIBCOMMON # Enough of our implementations include prov/ciphercommon.h (present in # providers/implementations/include), which includes crypto/*_platform.h @@ -66,31 +49,22 @@ $LIBFIPS=libfips.a $COMMON_INCLUDES=../crypto ../include implementations/include common/include INCLUDE[$LIBCOMMON]=$COMMON_INCLUDES -INCLUDE[$LIBIMPLEMENTATIONS]=.. $COMMON_INCLUDES -INCLUDE[$LIBLEGACY]=.. $COMMON_INCLUDES -INCLUDE[$LIBNONFIPS]=.. $COMMON_INCLUDES INCLUDE[$LIBFIPS]=.. $COMMON_INCLUDES +INCLUDE[$LIBLEGACY]=.. $COMMON_INCLUDES +INCLUDE[$LIBDEFAULT]=.. $COMMON_INCLUDES DEFINE[$LIBFIPS]=FIPS_MODULE -# Weak dependencies to provide library order information. -# We make it weak so they aren't both used always; what is -# actually used is determined by non-weak dependencies. -DEPEND[$LIBIMPLEMENTATIONS]{weak}=$LIBFIPS $LIBNONFIPS -DEPEND[$LIBCOMMON]{weak}=$LIBFIPS +# Weak dependencies to provide library order information. What is actually +# used is determined by non-weak dependencies. +DEPEND[$LIBCOMMON]{weak}=../libcrypto -# Strong dependencies. This ensures that any time libimplementations +# Strong dependencies. This ensures that any time an implementation library # is used, libcommon gets included as well. -DEPEND[$LIBIMPLEMENTATIONS]=$LIBCOMMON -DEPEND[$LIBNONFIPS]=../libcrypto -# It's tempting to make libcommon depend on ../libcrypto. However, -# since the FIPS provider module must NOT depend on ../libcrypto, we -# need to set that dependency up specifically for the final products -# that use $LIBCOMMON or anything that depends on it. - -# Libraries common to all providers, must be built regardless -LIBS{noinst}=$LIBCOMMON -# Libraries that are common for all non-FIPS providers, must be built regardless -LIBS{noinst}=$LIBNONFIPS $LIBIMPLEMENTATIONS +# The $LIBFIPS dependency on $LIBCOMMON is extra strong, to mitigate for +# linking problems because they are interdependent +SOURCE[$LIBFIPS]=$LIBCOMMON +DEPEND[$LIBLEGACY]=$LIBCOMMON +DEPEND[$LIBDEFAULT]=$LIBCOMMON # # Default provider stuff @@ -98,24 +72,20 @@ LIBS{noinst}=$LIBNONFIPS $LIBIMPLEMENTATIONS # Because the default provider is built in, it means that libcrypto must # include all the object files that are needed (we do that indirectly, # by using the appropriate libraries as source). Note that for shared -# libraries, SOURCEd libraries are considered as if the where specified +# libraries, SOURCEd libraries are considered as if they were specified # with DEPEND. $DEFAULTGOAL=../libcrypto -SOURCE[$DEFAULTGOAL]=$LIBIMPLEMENTATIONS $LIBNONFIPS -SOURCE[$DEFAULTGOAL]=defltprov.c -# Some legacy implementations depend on provider header files +SOURCE[$DEFAULTGOAL]=$LIBDEFAULT defltprov.c INCLUDE[$DEFAULTGOAL]=implementations/include -LIBS=$DEFAULTGOAL - # # Base provider stuff # -# Because the base provider is built in, it means that libcrypto -# must include all of the object files that are needed. +# Because the base provider is built in, it means that libcrypto must +# include all of the object files that are needed, just like the default +# provider. $BASEGOAL=../libcrypto -SOURCE[$BASEGOAL]=$LIBIMPLEMENTATIONS $LIBNONFIPS -SOURCE[$BASEGOAL]=baseprov.c +SOURCE[$BASEGOAL]=$LIBDEFAULT baseprov.c INCLUDE[$BASEGOAL]=implementations/include # @@ -127,22 +97,23 @@ INCLUDE[$BASEGOAL]=implementations/include # diverse build.info files. libfips.a, fips.so and their sources aren't # built unless the proper LIBS or MODULES statement has been seen, so we # have those and only those within a condition. -SUBDIRS=fips -$FIPSGOAL=fips -DEPEND[$FIPSGOAL]=$LIBIMPLEMENTATIONS $LIBFIPS -INCLUDE[$FIPSGOAL]=../include -DEFINE[$FIPSGOAL]=FIPS_MODULE -IF[{- defined $target{shared_defflag} -}] - SOURCE[$FIPSGOAL]=fips.ld - GENERATE[fips.ld]=../util/providers.num -ENDIF - IF[{- !$disabled{fips} -}] + SUBDIRS=fips + $FIPSGOAL=fips + # This is the trigger to actually build the FIPS module. Without these # statements, the final build file will not have a trace of it. MODULES{fips}=$FIPSGOAL LIBS{noinst}=$LIBFIPS + DEPEND[$FIPSGOAL]=$LIBFIPS + INCLUDE[$FIPSGOAL]=../include + DEFINE[$FIPSGOAL]=FIPS_MODULE + IF[{- defined $target{shared_defflag} -}] + SOURCE[$FIPSGOAL]=fips.ld + GENERATE[fips.ld]=../util/providers.num + ENDIF + # For tests that try to use the FIPS module, we need to make a local fips # module installation. We have the output go to standard output, because # the generated commands in build templates are expected to catch that, @@ -160,11 +131,8 @@ ENDIF # Legacy provider stuff # IF[{- !$disabled{legacy} -}] - # The legacy implementation library LIBS{noinst}=$LIBLEGACY - DEPEND[$LIBLEGACY]=$LIBCOMMON $LIBNONFIPS - # The Legacy provider IF[{- $disabled{module} -}] # Become built in # In this case, we need to do the same thing a for the default provider, @@ -174,18 +142,18 @@ IF[{- !$disabled{legacy} -}] # implementation specific build.info files harder to write, so we don't. $LEGACYGOAL=../libcrypto SOURCE[$LEGACYGOAL]=$LIBLEGACY - DEFINE[$LIBLEGACY]=STATIC_LEGACY DEFINE[$LEGACYGOAL]=STATIC_LEGACY ELSE # Become a module # In this case, we can work with dependencies $LEGACYGOAL=legacy MODULES=$LEGACYGOAL - DEPEND[$LEGACYGOAL]=$LIBLEGACY + DEPEND[$LEGACYGOAL]=$LIBLEGACY ../libcrypto IF[{- defined $target{shared_defflag} -}] SOURCE[legacy]=legacy.ld GENERATE[legacy.ld]=../util/providers.num ENDIF + SOURCE[$LIBLEGACY]=prov_running.c ENDIF # Common things that are valid no matter what form the Legacy provider @@ -202,4 +170,4 @@ ENDIF $NULLGOAL=../libcrypto SOURCE[$NULLGOAL]=nullprov.c prov_running.c -SOURCE[$LIBNONFIPS]=prov_running.c +SOURCE[$LIBDEFAULT]=prov_running.c diff --git a/providers/common/build.info b/providers/common/build.info index 8de65f3fa80..e23ff588550 100644 --- a/providers/common/build.info +++ b/providers/common/build.info @@ -3,5 +3,5 @@ SUBDIRS=der SOURCE[../libcommon.a]=provider_err.c provider_ctx.c $FIPSCOMMON=provider_util.c capabilities.c bio_prov.c digest_to_nid.c\ securitycheck.c provider_seeding.c -SOURCE[../libnonfips.a]=$FIPSCOMMON securitycheck_default.c +SOURCE[../libdefault.a]=$FIPSCOMMON securitycheck_default.c SOURCE[../libfips.a]=$FIPSCOMMON securitycheck_fips.c diff --git a/providers/common/der/build.info b/providers/common/der/build.info index 8ef1180d6cc..b9fe4552d71 100644 --- a/providers/common/der/build.info +++ b/providers/common/der/build.info @@ -98,7 +98,7 @@ ENDIF #----- Conclusion # TODO(3.0) $COMMON should go to libcommon.a, but this currently leads -# to linking conflicts, so we add it to libfips.a and libnonfips.a for +# to linking conflicts, so we add it to libfips.a and libdefault.a for # the moment being $COMMON= $DER_RSA_COMMON $DER_DIGESTS_GEN $DER_WRAP_GEN @@ -116,4 +116,4 @@ IF[{- !$disabled{sm2} -}] ENDIF SOURCE[../../libfips.a]=$COMMON $DER_RSA_FIPSABLE -SOURCE[../../libnonfips.a]=$COMMON $DER_RSA_FIPSABLE +SOURCE[../../libdefault.a]=$COMMON $DER_RSA_FIPSABLE diff --git a/providers/implementations/asymciphers/build.info b/providers/implementations/asymciphers/build.info index 4b629d04ee1..dbca4736848 100644 --- a/providers/implementations/asymciphers/build.info +++ b/providers/implementations/asymciphers/build.info @@ -1,8 +1,8 @@ # We make separate GOAL variables for each algorithm, to make it easy to # switch each to the Legacy provider when needed. -$RSA_GOAL=../../libimplementations.a -$SM2_GOAL=../../libimplementations.a +$RSA_GOAL=../../libdefault.a ../../libfips.a +$SM2_GOAL=../../libdefault.a SOURCE[$RSA_GOAL]=rsa_enc.c diff --git a/providers/implementations/ciphers/build.info b/providers/implementations/ciphers/build.info index a278c2182b2..cb87ea62d97 100644 --- a/providers/implementations/ciphers/build.info +++ b/providers/implementations/ciphers/build.info @@ -7,12 +7,12 @@ $COMMON_GOAL=../../libcommon.a -$NULL_GOAL=../../libimplementations.a -$AES_GOAL=../../libimplementations.a -$TDES_1_GOAL=../../libimplementations.a -$TDES_2_GOAL=../../libimplementations.a -$ARIA_GOAL=../../libimplementations.a -$CAMELLIA_GOAL=../../libimplementations.a +$NULL_GOAL=../../libdefault.a +$AES_GOAL=../../libdefault.a ../../libfips.a +$TDES_1_GOAL=../../libdefault.a ../../libfips.a +$TDES_2_GOAL=../../libdefault.a +$ARIA_GOAL=../../libdefault.a +$CAMELLIA_GOAL=../../libdefault.a $DES_GOAL=../../liblegacy.a $BLOWFISH_GOAL=../../liblegacy.a $IDEA_GOAL=../../liblegacy.a @@ -21,10 +21,10 @@ $RC2_GOAL=../../liblegacy.a $RC4_GOAL=../../liblegacy.a $RC5_GOAL=../../liblegacy.a $SEED_GOAL=../../liblegacy.a -$SM4_GOAL=../../libimplementations.a -$CHACHA_GOAL=../../libimplementations.a -$CHACHAPOLY_GOAL=../../libimplementations.a -$SIV_GOAL=../../libimplementations.a +$SM4_GOAL=../../libdefault.a +$CHACHA_GOAL=../../libdefault.a +$CHACHAPOLY_GOAL=../../libdefault.a +$SIV_GOAL=../../libdefault.a # This source is common building blocks for all ciphers in all our providers. SOURCE[$COMMON_GOAL]=\ @@ -51,8 +51,7 @@ SOURCE[$AES_GOAL]=\ # Extra code to satisfy the FIPS and non-FIPS separation. # When the AES-xxx-XTS moves to legacy, cipher_aes_xts_fips.c can be removed. -SOURCE[../../libfips.a]=cipher_aes_xts_fips.c -SOURCE[../../libnonfips.a]=cipher_aes_xts_fips.c +SOURCE[$AES_GOAL]=cipher_aes_xts_fips.c IF[{- !$disabled{siv} -}] SOURCE[$SIV_GOAL]=\ diff --git a/providers/implementations/digests/build.info b/providers/implementations/digests/build.info index a90636cbb9d..2c2b0c3db04 100644 --- a/providers/implementations/digests/build.info +++ b/providers/implementations/digests/build.info @@ -3,12 +3,12 @@ $COMMON_GOAL=../../libcommon.a -$SHA1_GOAL=../../libimplementations.a -$SHA2_GOAL=../../libimplementations.a -$SHA3_GOAL=../../libimplementations.a -$BLAKE2_GOAL=../../libimplementations.a -$SM3_GOAL=../../libimplementations.a -$MD5_GOAL=../../libimplementations.a +$SHA1_GOAL=../../libdefault.a ../../libfips.a +$SHA2_GOAL=../../libdefault.a ../../libfips.a +$SHA3_GOAL=../../libdefault.a ../../libfips.a +$BLAKE2_GOAL=../../libdefault.a +$SM3_GOAL=../../libdefault.a +$MD5_GOAL=../../libdefault.a $MD2_GOAL=../../liblegacy.a $MD4_GOAL=../../liblegacy.a diff --git a/providers/implementations/encode_decode/build.info b/providers/implementations/encode_decode/build.info index 694e3c94a5c..06fe6aa4622 100644 --- a/providers/implementations/encode_decode/build.info +++ b/providers/implementations/encode_decode/build.info @@ -1,14 +1,14 @@ # We make separate GOAL variables for each algorithm, to make it easy to # switch each to the Legacy provider when needed. -$ENCODER_GOAL=../../libimplementations.a -$DECODER_GOAL=../../libimplementations.a -$RSA_GOAL=../../libimplementations.a -$FFC_GOAL=../../libimplementations.a -$DH_GOAL=../../libimplementations.a -$DSA_GOAL=../../libimplementations.a -$ECX_GOAL=../../libimplementations.a -$EC_GOAL=../../libimplementations.a +$ENCODER_GOAL=../../libdefault.a +$DECODER_GOAL=../../libdefault.a +$RSA_GOAL=../../libdefault.a +$FFC_GOAL=../../libdefault.a +$DH_GOAL=../../libdefault.a +$DSA_GOAL=../../libdefault.a +$ECX_GOAL=../../libdefault.a +$EC_GOAL=../../libdefault.a SOURCE[$ENCODER_GOAL]=endecoder_common.c diff --git a/providers/implementations/exchange/build.info b/providers/implementations/exchange/build.info index 4659dc9b0ea..3c1e5c58f1e 100644 --- a/providers/implementations/exchange/build.info +++ b/providers/implementations/exchange/build.info @@ -1,11 +1,10 @@ # We make separate GOAL variables for each algorithm, to make it easy to # switch each to the Legacy provider when needed. -$DH_GOAL=../../libimplementations.a -$ECDH_GOAL=../../libimplementations.a -$ECX_GOAL=../../libimplementations.a -$ECDH_GOAL=../../libimplementations.a -$KDF_GOAL=../../libimplementations.a +$DH_GOAL=../../libdefault.a ../../libfips.a +$ECDH_GOAL=../../libdefault.a ../../libfips.a +$ECX_GOAL=../../libdefault.a ../../libfips.a +$KDF_GOAL=../../libdefault.a ../../libfips.a IF[{- !$disabled{dh} -}] SOURCE[$DH_GOAL]=dh_exch.c diff --git a/providers/implementations/kdfs/build.info b/providers/implementations/kdfs/build.info index 459005def5e..1711466e3f3 100644 --- a/providers/implementations/kdfs/build.info +++ b/providers/implementations/kdfs/build.info @@ -1,16 +1,16 @@ # We make separate GOAL variables for each algorithm, to make it easy to # switch each to the Legacy provider when needed. -$TLS1_PRF_GOAL=../../libimplementations.a -$HKDF_GOAL=../../libimplementations.a -$KBKDF_GOAL=../../libimplementations.a -$KRB5KDF_GOAL=../../libimplementations.a -$PBKDF2_GOAL=../../libimplementations.a -$PKCS12KDF_GOAL=../../libimplementations.a -$SSKDF_GOAL=../../libimplementations.a -$SCRYPT_GOAL=../../libimplementations.a -$SSHKDF_GOAL=../../libimplementations.a -$X942KDF_GOAL=../../libimplementations.a +$TLS1_PRF_GOAL=../../libdefault.a ../../libfips.a +$HKDF_GOAL=../../libdefault.a ../../libfips.a +$KBKDF_GOAL=../../libdefault.a ../../libfips.a +$KRB5KDF_GOAL=../../libdefault.a +$PBKDF2_GOAL=../../libdefault.a ../../libfips.a +$PKCS12KDF_GOAL=../../libdefault.a +$SSKDF_GOAL=../../libdefault.a ../../libfips.a +$SCRYPT_GOAL=../../libdefault.a +$SSHKDF_GOAL=../../libdefault.a ../../libfips.a +$X942KDF_GOAL=../../libdefault.a ../../libfips.a SOURCE[$TLS1_PRF_GOAL]=tls1_prf.c @@ -23,8 +23,7 @@ SOURCE[$KRB5KDF_GOAL]=krb5kdf.c SOURCE[$PBKDF2_GOAL]=pbkdf2.c # Extra code to satisfy the FIPS and non-FIPS separation. # When the PBKDF2 moves to legacy, this can be removed. -SOURCE[../../libfips.a]=pbkdf2_fips.c -SOURCE[../../libnonfips.a]=pbkdf2_fips.c +SOURCE[$PBKDF2_GOAL]=pbkdf2_fips.c SOURCE[$PKCS12KDF_GOAL]=pkcs12kdf.c diff --git a/providers/implementations/kem/build.info b/providers/implementations/kem/build.info index e9f91cba43b..dbb1b7d750d 100644 --- a/providers/implementations/kem/build.info +++ b/providers/implementations/kem/build.info @@ -1,6 +1,6 @@ # We make separate GOAL variables for each algorithm, to make it easy to # switch each to the Legacy provider when needed. -$RSA_KEM_GOAL=../../libimplementations.a +$RSA_KEM_GOAL=../../libdefault.a ../../libfips.a SOURCE[$RSA_KEM_GOAL]=rsa_kem.c diff --git a/providers/implementations/keymgmt/build.info b/providers/implementations/keymgmt/build.info index f434a720bc0..0d86907aed6 100644 --- a/providers/implementations/keymgmt/build.info +++ b/providers/implementations/keymgmt/build.info @@ -1,20 +1,22 @@ # We make separate GOAL variables for each algorithm, to make it easy to # switch each to the Legacy provider when needed. -$ECX_GOAL=../../libimplementations.a -$KDF_GOAL=../../libimplementations.a +$DH_GOAL=../../libdefault.a ../../libfips.a +$DSA_GOAL=../../libdefault.a ../../libfips.a +$EC_GOAL=../../libdefault.a ../../libfips.a +$ECX_GOAL=../../libdefault.a ../../libfips.a +$KDF_GOAL=../../libdefault.a ../../libfips.a +$MAC_GOAL=../../libdefault.a ../../libfips.a +$RSA_GOAL=../../libdefault.a ../../libfips.a IF[{- !$disabled{dh} -}] - SOURCE[../../libfips.a]=dh_kmgmt.c - SOURCE[../../libnonfips.a]=dh_kmgmt.c + SOURCE[$DH_GOAL]=dh_kmgmt.c ENDIF IF[{- !$disabled{dsa} -}] - SOURCE[../../libfips.a]=dsa_kmgmt.c - SOURCE[../../libnonfips.a]=dsa_kmgmt.c + SOURCE[$DSA_GOAL]=dsa_kmgmt.c ENDIF IF[{- !$disabled{ec} -}] - SOURCE[../../libfips.a]=ec_kmgmt.c - SOURCE[../../libnonfips.a]=ec_kmgmt.c + SOURCE[$EC_GOAL]=ec_kmgmt.c ENDIF IF[{- !$disabled{asm} -}] @@ -32,10 +34,8 @@ IF[{- !$disabled{ec} -}] DEFINE[$ECX_GOAL]=$ECDEF ENDIF -SOURCE[../../libfips.a]=rsa_kmgmt.c -SOURCE[../../libnonfips.a]=rsa_kmgmt.c +SOURCE[$RSA_GOAL]=rsa_kmgmt.c SOURCE[$KDF_GOAL]=kdf_legacy_kmgmt.c -SOURCE[../../libfips.a]=mac_legacy_kmgmt.c -SOURCE[../../libnonfips.a]=mac_legacy_kmgmt.c +SOURCE[$MAC_GOAL]=mac_legacy_kmgmt.c diff --git a/providers/implementations/macs/build.info b/providers/implementations/macs/build.info index 07c40d354bd..35db66bf23b 100644 --- a/providers/implementations/macs/build.info +++ b/providers/implementations/macs/build.info @@ -1,13 +1,13 @@ # We make separate GOAL variables for each algorithm, to make it easy to # switch each to the Legacy provider when needed. -$GMAC_GOAL=../../libimplementations.a -$HMAC_GOAL=../../libimplementations.a -$KMAC_GOAL=../../libimplementations.a -$CMAC_GOAL=../../libimplementations.a -$BLAKE2_GOAL=../../libimplementations.a -$SIPHASH_GOAL=../../libimplementations.a -$POLY1305_GOAL=../../libimplementations.a +$GMAC_GOAL=../../libdefault.a ../../libfips.a +$HMAC_GOAL=../../libdefault.a ../../libfips.a +$KMAC_GOAL=../../libdefault.a ../../libfips.a +$CMAC_GOAL=../../libdefault.a ../../libfips.a +$BLAKE2_GOAL=../../libdefault.a +$SIPHASH_GOAL=../../libdefault.a +$POLY1305_GOAL=../../libdefault.a SOURCE[$GMAC_GOAL]=gmac_prov.c SOURCE[$HMAC_GOAL]=hmac_prov.c @@ -17,8 +17,6 @@ IF[{- !$disabled{cmac} -}] SOURCE[$CMAC_GOAL]=cmac_prov.c ENDIF -$GOAL=../../libimplementations.a - IF[{- !$disabled{blake2} -}] SOURCE[$BLAKE2_GOAL]=blake2b_mac.c blake2s_mac.c ENDIF diff --git a/providers/implementations/rands/build.info b/providers/implementations/rands/build.info index b44c1caa8a7..8bcac43be7c 100644 --- a/providers/implementations/rands/build.info +++ b/providers/implementations/rands/build.info @@ -1,6 +1,6 @@ SUBDIRS=seeding -$COMMON=drbg.c test_rng.c drbg_ctr.c drbg_hash.c drbg_hmac.c crngt.c +$RANDS_GOAL=../../libdefault.a ../../libfips.a -SOURCE[../../libfips.a]=$COMMON -SOURCE[../../libnonfips.a]=$COMMON seed_src.c +SOURCE[$RANDS_GOAL]=drbg.c test_rng.c drbg_ctr.c drbg_hash.c drbg_hmac.c crngt.c +SOURCE[../../libdefault.a]=seed_src.c diff --git a/providers/implementations/rands/seeding/build.info b/providers/implementations/rands/seeding/build.info index 58c5be3daf8..2788146ad42 100644 --- a/providers/implementations/rands/seeding/build.info +++ b/providers/implementations/rands/seeding/build.info @@ -6,5 +6,5 @@ IF[{- $config{target} =~ /vms/i -}] $COMMON=$COMMON rand_vms.c ENDIF -SOURCE[../../../libnonfips.a]=$COMMON +SOURCE[../../../libdefault.a]=$COMMON diff --git a/providers/implementations/signature/build.info b/providers/implementations/signature/build.info index 3df55b5eccb..539a57e24b1 100644 --- a/providers/implementations/signature/build.info +++ b/providers/implementations/signature/build.info @@ -1,9 +1,11 @@ # We make separate GOAL variables for each algorithm, to make it easy to # switch each to the Legacy provider when needed. -$DSA_GOAL=../../libimplementations.a -$EC_GOAL=../../libimplementations.a -$SM2SIG_GOAL=../../libimplementations.a +$DSA_GOAL=../../libdefault.a ../../libfips.a +$EC_GOAL=../../libdefault.a ../../libfips.a +$MAC_GOAL=../../libdefault.a ../../libfips.a +$RSA_GOAL=../../libdefault.a ../../libfips.a +$SM2_GOAL=../../libdefault.a IF[{- !$disabled{dsa} -}] SOURCE[$DSA_GOAL]=dsa_sig.c @@ -17,8 +19,7 @@ IF[{- !$disabled{sm2} -}] SOURCE[$SM2_GOAL]=sm2_sig.c ENDIF -SOURCE[../../libfips.a]=rsa_sig.c -SOURCE[../../libnonfips.a]=rsa_sig.c +SOURCE[$RSA_GOAL]=rsa_sig.c DEPEND[rsa.o]=../../common/include/prov/der_rsa.h DEPEND[dsa.o]=../../common/include/prov/der_dsa.h @@ -26,5 +27,4 @@ DEPEND[ecdsa.o]=../../common/include/prov/der_ec.h DEPEND[eddsa.o]=../../common/include/prov/der_ecx.h DEPEND[sm2sig.o]=../../common/include/prov/der_sm2.h -SOURCE[../../libfips.a]=mac_legacy_sig.c -SOURCE[../../libnonfips.a]=mac_legacy_sig.c +SOURCE[$MAC_GOAL]=mac_legacy_sig.c diff --git a/providers/implementations/storemgmt/build.info b/providers/implementations/storemgmt/build.info index 89939cce549..ad47fb1fe86 100644 --- a/providers/implementations/storemgmt/build.info +++ b/providers/implementations/storemgmt/build.info @@ -1,6 +1,6 @@ # We make separate GOAL variables for each algorithm, to make it easy to # switch each to the Legacy provider when needed. -$STORE_GOAL=../../libimplementations.a +$STORE_GOAL=../../libdefault.a SOURCE[$STORE_GOAL]=file_store.c file_store_der2obj.c diff --git a/ssl/build.info b/ssl/build.info index 703cbaff50c..c17084b9adc 100644 --- a/ssl/build.info +++ b/ssl/build.info @@ -40,4 +40,4 @@ ENDIF DEFINE[../libssl]=$AESDEF SOURCE[../providers/libcommon.a]=record/tls_pad.c -SOURCE[../providers/libimplementations.a]=s3_cbc.c +SOURCE[../providers/libdefault.a ../providers/libfips.a]=s3_cbc.c