diff options
author | Richard Levitte <levitte@openssl.org> | 2021-05-06 08:48:15 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2021-05-07 10:17:23 +0200 |
commit | 848af5e8feab2dd27becec8a4121947ab4a97df3 (patch) | |
tree | e78a9d4ba286c58cc9a670d8f00ac839be64f738 /crypto | |
parent | 5a86dac8620b31b3259a8a2f609f3c9d06a1a21b (diff) |
Drop libimplementations.a
libimplementations.a was a nice idea, but had a few flaws:
1. The idea to have common code in libimplementations.a and FIPS
sensitive helper functions in libfips.a / libnonfips.a didn't
catch on, and we saw full implementation ending up in them instead
and not appearing in libimplementations.a at all.
2. Because more or less ALL algorithm implementations were included
in libimplementations.a (the idea being that the appropriate
objects from it would be selected automatically by the linker when
building the shared libraries), it's very hard to find only the
implementation source that should go into the FIPS module, with
the result that the FIPS checksum mechanism include source files
that it shouldn't
To mitigate, we drop libimplementations.a, but retain the idea of
collecting implementations in static libraries. With that, we not
have:
libfips.a
Includes all implementations that should become part of the FIPS
provider.
liblegacy.a
Includes all implementations that should become part of the legacy
provider.
libdefault.a
Includes all implementations that should become part of the
default and base providers.
With this, libnonfips.a becomes irrelevant and is dropped.
libcommon.a is retained to include common provider code that can be
used uniformly by all providers.
Fixes #15157
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15171)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/aes/build.info | 1 | ||||
-rw-r--r-- | crypto/bn/build.info | 1 | ||||
-rw-r--r-- | crypto/build.info | 1 | ||||
-rw-r--r-- | crypto/ec/build.info | 1 | ||||
-rw-r--r-- | crypto/md5/build.info | 5 | ||||
-rw-r--r-- | crypto/modes/build.info | 1 | ||||
-rw-r--r-- | crypto/poly1305/build.info | 1 | ||||
-rw-r--r-- | crypto/ripemd/build.info | 1 | ||||
-rw-r--r-- | crypto/sha/build.info | 1 | ||||
-rw-r--r-- | crypto/whrlpool/build.info | 4 |
10 files changed, 2 insertions, 15 deletions
diff --git a/crypto/aes/build.info b/crypto/aes/build.info index 2b2053031f..cc523c8f4f 100644 --- a/crypto/aes/build.info +++ b/crypto/aes/build.info @@ -70,7 +70,6 @@ SOURCE[../../providers/libfips.a]=$COMMON # need to be applied to all affected libraries and modules. DEFINE[../../libcrypto]=$AESDEF DEFINE[../../providers/libfips.a]=$AESDEF -DEFINE[../../providers/libimplementations.a]=$AESDEF GENERATE[aes-ia64.s]=asm/aes-ia64.S diff --git a/crypto/bn/build.info b/crypto/bn/build.info index 89ff0044f2..5e948b8433 100644 --- a/crypto/bn/build.info +++ b/crypto/bn/build.info @@ -120,7 +120,6 @@ SOURCE[../../providers/liblegacy.a]=$BNASM DEFINE[../../providers/liblegacy.a]=$BNDEF # Implementations are now spread across several libraries, so the defines # need to be applied to all affected libraries and modules. -DEFINE[../../providers/libimplementations.a]=$BNDEF DEFINE[../../providers/libcommon.a]=$BNDEF INCLUDE[bn_exp.o]=.. diff --git a/crypto/build.info b/crypto/build.info index 3e1c295aea..ffcc2b0183 100644 --- a/crypto/build.info +++ b/crypto/build.info @@ -80,7 +80,6 @@ ENDIF # Implementations are now spread across several libraries, so the CPUID define # need to be applied to all affected libraries and modules. -DEFINE[../providers/libimplementations.a]=$CPUIDDEF DEFINE[../providers/libcommon.a]=$CPUIDDEF # The Core diff --git a/crypto/ec/build.info b/crypto/ec/build.info index ed256981c7..4b6556acc0 100644 --- a/crypto/ec/build.info +++ b/crypto/ec/build.info @@ -65,7 +65,6 @@ SOURCE[../../providers/libfips.a]=$COMMON # need to be applied to all affected libraries and modules. DEFINE[../../libcrypto]=$ECDEF DEFINE[../../providers/libfips.a]=$ECDEF -DEFINE[../../providers/libimplementations.a]=$ECDEF GENERATE[ecp_nistz256-x86.s]=asm/ecp_nistz256-x86.pl diff --git a/crypto/md5/build.info b/crypto/md5/build.info index bbb70fde3c..c35177bd50 100644 --- a/crypto/md5/build.info +++ b/crypto/md5/build.info @@ -15,8 +15,7 @@ IF[{- !$disabled{asm} -}] ENDIF $COMMON=md5_dgst.c md5_one.c md5_sha1.c $MD5ASM -SOURCE[../../libcrypto]=$COMMON -SOURCE[../../providers/libimplementations.a]=$COMMON +SOURCE[../../libcrypto ../../providers/libfips.a]=$COMMON # A no-deprecated no-shared build ends up with double function definitions # without conditioning this on dso. The issue is MD5 which is needed in the @@ -31,7 +30,7 @@ ENDIF # Implementations are now spread across several libraries, so the defines # need to be applied to all affected libraries and modules. DEFINE[../../libcrypto]=$MD5DEF -DEFINE[../../providers/libimplementations.a]=$MD5DEF +DEFINE[../../providers/libfips.a]=$MD5DEF DEFINE[../../providers/liblegacy.a]=$MD5DEF GENERATE[md5-586.s]=asm/md5-586.pl diff --git a/crypto/modes/build.info b/crypto/modes/build.info index fb54b46ea5..687e872a1e 100644 --- a/crypto/modes/build.info +++ b/crypto/modes/build.info @@ -58,7 +58,6 @@ SOURCE[../../providers/libfips.a]=$COMMON # need to be applied to all affected libraries and modules. DEFINE[../../libcrypto]=$MODESDEF DEFINE[../../providers/libfips.a]=$MODESDEF -DEFINE[../../providers/libimplementations.a]=$MODESDEF INCLUDE[gcm128.o]=.. diff --git a/crypto/poly1305/build.info b/crypto/poly1305/build.info index 9e4085f9fa..7e055ef338 100644 --- a/crypto/poly1305/build.info +++ b/crypto/poly1305/build.info @@ -34,7 +34,6 @@ SOURCE[../../libcrypto]=poly1305.c $POLY1305ASM # Implementations are now spread across several libraries, so the defines # need to be applied to all affected libraries and modules. DEFINE[../../libcrypto]=$POLY1305DEF -DEFINE[../../providers/libimplementations.a]=$POLY1305DEF GENERATE[poly1305-sparcv9.S]=asm/poly1305-sparcv9.pl INCLUDE[poly1305-sparcv9.o]=.. diff --git a/crypto/ripemd/build.info b/crypto/ripemd/build.info index 762067e635..f1845733a8 100644 --- a/crypto/ripemd/build.info +++ b/crypto/ripemd/build.info @@ -14,7 +14,6 @@ ENDIF # Implementations are now spread across several libraries, so the defines # need to be applied to all affected libraries and modules -DEFINE[../../providers/libimplementations.a]=$RMD160DEF SOURCE[../../libcrypto]=rmd_dgst.c rmd_one.c $RMD160ASM DEFINE[../../libcrypto]=$RMD160DEF diff --git a/crypto/sha/build.info b/crypto/sha/build.info index dd10c5cd66..4f0ad6571e 100644 --- a/crypto/sha/build.info +++ b/crypto/sha/build.info @@ -81,7 +81,6 @@ SOURCE[../../providers/libfips.a]= $COMMON # need to be applied to all affected libraries and modules. DEFINE[../../libcrypto]=$SHA1DEF $KECCAK1600DEF DEFINE[../../providers/libfips.a]=$SHA1DEF $KECCAK1600DEF -DEFINE[../../providers/libimplementations.a]=$SHA1DEF $KECCAK1600DEF GENERATE[sha1-586.s]=asm/sha1-586.pl DEPEND[sha1-586.s]=../perlasm/x86asm.pl diff --git a/crypto/whrlpool/build.info b/crypto/whrlpool/build.info index 471b8acf2c..88f0c7bd3a 100644 --- a/crypto/whrlpool/build.info +++ b/crypto/whrlpool/build.info @@ -17,10 +17,6 @@ IF[{- !$disabled{asm} -}] ENDIF ENDIF -# Implementations are now spread across several libraries, so the defines -# need to be applied to all affected libraries and modules. -DEFINE[../../providers/libimplementations.a]=$WPDEF - SOURCE[../../libcrypto]=wp_dgst.c $WPASM DEFINE[../../libcrypto]=$WPDEF |