diff options
| author | Richard Levitte <levitte@openssl.org> | 2021-05-06 08:48:15 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2021-05-07 10:17:23 +0200 |
| commit | 848af5e8feab2dd27becec8a4121947ab4a97df3 (patch) | |
| tree | e78a9d4ba286c58cc9a670d8f00ac839be64f738 /providers/implementations | |
| parent | 5a86dac8620b31b3259a8a2f609f3c9d06a1a21b (diff) | |
Drop libimplementations.a
libimplementations.a was a nice idea, but had a few flaws:
1. The idea to have common code in libimplementations.a and FIPS
sensitive helper functions in libfips.a / libnonfips.a didn't
catch on, and we saw full implementation ending up in them instead
and not appearing in libimplementations.a at all.
2. Because more or less ALL algorithm implementations were included
in libimplementations.a (the idea being that the appropriate
objects from it would be selected automatically by the linker when
building the shared libraries), it's very hard to find only the
implementation source that should go into the FIPS module, with
the result that the FIPS checksum mechanism include source files
that it shouldn't
To mitigate, we drop libimplementations.a, but retain the idea of
collecting implementations in static libraries. With that, we not
have:
libfips.a
Includes all implementations that should become part of the FIPS
provider.
liblegacy.a
Includes all implementations that should become part of the legacy
provider.
libdefault.a
Includes all implementations that should become part of the
default and base providers.
With this, libnonfips.a becomes irrelevant and is dropped.
libcommon.a is retained to include common provider code that can be
used uniformly by all providers.
Fixes #15157
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15171)
Diffstat (limited to 'providers/implementations')
| -rw-r--r-- | providers/implementations/asymciphers/build.info | 4 | ||||
| -rw-r--r-- | providers/implementations/ciphers/build.info | 23 | ||||
| -rw-r--r-- | providers/implementations/digests/build.info | 12 | ||||
| -rw-r--r-- | providers/implementations/encode_decode/build.info | 16 | ||||
| -rw-r--r-- | providers/implementations/exchange/build.info | 9 | ||||
| -rw-r--r-- | providers/implementations/kdfs/build.info | 23 | ||||
| -rw-r--r-- | providers/implementations/kem/build.info | 2 | ||||
| -rw-r--r-- | providers/implementations/keymgmt/build.info | 24 | ||||
| -rw-r--r-- | providers/implementations/macs/build.info | 16 | ||||
| -rw-r--r-- | providers/implementations/rands/build.info | 6 | ||||
| -rw-r--r-- | providers/implementations/rands/seeding/build.info | 2 | ||||
| -rw-r--r-- | providers/implementations/signature/build.info | 14 | ||||
| -rw-r--r-- | providers/implementations/storemgmt/build.info | 2 |
13 files changed, 74 insertions, 79 deletions
diff --git a/providers/implementations/asymciphers/build.info b/providers/implementations/asymciphers/build.info index 4b629d04ee..dbca473684 100644 --- a/providers/implementations/asymciphers/build.info +++ b/providers/implementations/asymciphers/build.info @@ -1,8 +1,8 @@ # We make separate GOAL variables for each algorithm, to make it easy to # switch each to the Legacy provider when needed. -$RSA_GOAL=../../libimplementations.a -$SM2_GOAL=../../libimplementations.a +$RSA_GOAL=../../libdefault.a ../../libfips.a +$SM2_GOAL=../../libdefault.a SOURCE[$RSA_GOAL]=rsa_enc.c diff --git a/providers/implementations/ciphers/build.info b/providers/implementations/ciphers/build.info index a278c2182b..cb87ea62d9 100644 --- a/providers/implementations/ciphers/build.info +++ b/providers/implementations/ciphers/build.info @@ -7,12 +7,12 @@ $COMMON_GOAL=../../libcommon.a -$NULL_GOAL=../../libimplementations.a -$AES_GOAL=../../libimplementations.a -$TDES_1_GOAL=../../libimplementations.a -$TDES_2_GOAL=../../libimplementations.a -$ARIA_GOAL=../../libimplementations.a -$CAMELLIA_GOAL=../../libimplementations.a +$NULL_GOAL=../../libdefault.a +$AES_GOAL=../../libdefault.a ../../libfips.a +$TDES_1_GOAL=../../libdefault.a ../../libfips.a +$TDES_2_GOAL=../../libdefault.a +$ARIA_GOAL=../../libdefault.a +$CAMELLIA_GOAL=../../libdefault.a $DES_GOAL=../../liblegacy.a $BLOWFISH_GOAL=../../liblegacy.a $IDEA_GOAL=../../liblegacy.a @@ -21,10 +21,10 @@ $RC2_GOAL=../../liblegacy.a $RC4_GOAL=../../liblegacy.a $RC5_GOAL=../../liblegacy.a $SEED_GOAL=../../liblegacy.a -$SM4_GOAL=../../libimplementations.a -$CHACHA_GOAL=../../libimplementations.a -$CHACHAPOLY_GOAL=../../libimplementations.a -$SIV_GOAL=../../libimplementations.a +$SM4_GOAL=../../libdefault.a +$CHACHA_GOAL=../../libdefault.a +$CHACHAPOLY_GOAL=../../libdefault.a +$SIV_GOAL=../../libdefault.a # This source is common building blocks for all ciphers in all our providers. SOURCE[$COMMON_GOAL]=\ @@ -51,8 +51,7 @@ SOURCE[$AES_GOAL]=\ # Extra code to satisfy the FIPS and non-FIPS separation. # When the AES-xxx-XTS moves to legacy, cipher_aes_xts_fips.c can be removed. -SOURCE[../../libfips.a]=cipher_aes_xts_fips.c -SOURCE[../../libnonfips.a]=cipher_aes_xts_fips.c +SOURCE[$AES_GOAL]=cipher_aes_xts_fips.c IF[{- !$disabled{siv} -}] SOURCE[$SIV_GOAL]=\ diff --git a/providers/implementations/digests/build.info b/providers/implementations/digests/build.info index a90636cbb9..2c2b0c3db0 100644 --- a/providers/implementations/digests/build.info +++ b/providers/implementations/digests/build.info @@ -3,12 +3,12 @@ $COMMON_GOAL=../../libcommon.a -$SHA1_GOAL=../../libimplementations.a -$SHA2_GOAL=../../libimplementations.a -$SHA3_GOAL=../../libimplementations.a -$BLAKE2_GOAL=../../libimplementations.a -$SM3_GOAL=../../libimplementations.a -$MD5_GOAL=../../libimplementations.a +$SHA1_GOAL=../../libdefault.a ../../libfips.a +$SHA2_GOAL=../../libdefault.a ../../libfips.a +$SHA3_GOAL=../../libdefault.a ../../libfips.a +$BLAKE2_GOAL=../../libdefault.a +$SM3_GOAL=../../libdefault.a +$MD5_GOAL=../../libdefault.a $MD2_GOAL=../../liblegacy.a $MD4_GOAL=../../liblegacy.a diff --git a/providers/implementations/encode_decode/build.info b/providers/implementations/encode_decode/build.info index 694e3c94a5..06fe6aa462 100644 --- a/providers/implementations/encode_decode/build.info +++ b/providers/implementations/encode_decode/build.info @@ -1,14 +1,14 @@ # We make separate GOAL variables for each algorithm, to make it easy to # switch each to the Legacy provider when needed. -$ENCODER_GOAL=../../libimplementations.a -$DECODER_GOAL=../../libimplementations.a -$RSA_GOAL=../../libimplementations.a -$FFC_GOAL=../../libimplementations.a -$DH_GOAL=../../libimplementations.a -$DSA_GOAL=../../libimplementations.a -$ECX_GOAL=../../libimplementations.a -$EC_GOAL=../../libimplementations.a +$ENCODER_GOAL=../../libdefault.a +$DECODER_GOAL=../../libdefault.a +$RSA_GOAL=../../libdefault.a +$FFC_GOAL=../../libdefault.a +$DH_GOAL=../../libdefault.a +$DSA_GOAL=../../libdefault.a +$ECX_GOAL=../../libdefault.a +$EC_GOAL=../../libdefault.a SOURCE[$ENCODER_GOAL]=endecoder_common.c diff --git a/providers/implementations/exchange/build.info b/providers/implementations/exchange/build.info index 4659dc9b0e..3c1e5c58f1 100644 --- a/providers/implementations/exchange/build.info +++ b/providers/implementations/exchange/build.info @@ -1,11 +1,10 @@ # We make separate GOAL variables for each algorithm, to make it easy to # switch each to the Legacy provider when needed. -$DH_GOAL=../../libimplementations.a -$ECDH_GOAL=../../libimplementations.a -$ECX_GOAL=../../libimplementations.a -$ECDH_GOAL=../../libimplementations.a -$KDF_GOAL=../../libimplementations.a +$DH_GOAL=../../libdefault.a ../../libfips.a +$ECDH_GOAL=../../libdefault.a ../../libfips.a +$ECX_GOAL=../../libdefault.a ../../libfips.a +$KDF_GOAL=../../libdefault.a ../../libfips.a IF[{- !$disabled{dh} -}] SOURCE[$DH_GOAL]=dh_exch.c diff --git a/providers/implementations/kdfs/build.info b/providers/implementations/kdfs/build.info index 459005def5..1711466e3f 100644 --- a/providers/implementations/kdfs/build.info +++ b/providers/implementations/kdfs/build.info @@ -1,16 +1,16 @@ # We make separate GOAL variables for each algorithm, to make it easy to # switch each to the Legacy provider when needed. -$TLS1_PRF_GOAL=../../libimplementations.a -$HKDF_GOAL=../../libimplementations.a -$KBKDF_GOAL=../../libimplementations.a -$KRB5KDF_GOAL=../../libimplementations.a -$PBKDF2_GOAL=../../libimplementations.a -$PKCS12KDF_GOAL=../../libimplementations.a -$SSKDF_GOAL=../../libimplementations.a -$SCRYPT_GOAL=../../libimplementations.a -$SSHKDF_GOAL=../../libimplementations.a -$X942KDF_GOAL=../../libimplementations.a +$TLS1_PRF_GOAL=../../libdefault.a ../../libfips.a +$HKDF_GOAL=../../libdefault.a ../../libfips.a +$KBKDF_GOAL=../../libdefault.a ../../libfips.a +$KRB5KDF_GOAL=../../libdefault.a +$PBKDF2_GOAL=../../libdefault.a ../../libfips.a +$PKCS12KDF_GOAL=../../libdefault.a +$SSKDF_GOAL=../../libdefault.a ../../libfips.a +$SCRYPT_GOAL=../../libdefault.a +$SSHKDF_GOAL=../../libdefault.a ../../libfips.a +$X942KDF_GOAL=../../libdefault.a ../../libfips.a SOURCE[$TLS1_PRF_GOAL]=tls1_prf.c @@ -23,8 +23,7 @@ SOURCE[$KRB5KDF_GOAL]=krb5kdf.c SOURCE[$PBKDF2_GOAL]=pbkdf2.c # Extra code to satisfy the FIPS and non-FIPS separation. # When the PBKDF2 moves to legacy, this can be removed. -SOURCE[../../libfips.a]=pbkdf2_fips.c -SOURCE[../../libnonfips.a]=pbkdf2_fips.c +SOURCE[$PBKDF2_GOAL]=pbkdf2_fips.c SOURCE[$PKCS12KDF_GOAL]=pkcs12kdf.c diff --git a/providers/implementations/kem/build.info b/providers/implementations/kem/build.info index e9f91cba43..dbb1b7d750 100644 --- a/providers/implementations/kem/build.info +++ b/providers/implementations/kem/build.info @@ -1,6 +1,6 @@ # We make separate GOAL variables for each algorithm, to make it easy to # switch each to the Legacy provider when needed. -$RSA_KEM_GOAL=../../libimplementations.a +$RSA_KEM_GOAL=../../libdefault.a ../../libfips.a SOURCE[$RSA_KEM_GOAL]=rsa_kem.c diff --git a/providers/implementations/keymgmt/build.info b/providers/implementations/keymgmt/build.info index f434a720bc..0d86907aed 100644 --- a/providers/implementations/keymgmt/build.info +++ b/providers/implementations/keymgmt/build.info @@ -1,20 +1,22 @@ # We make separate GOAL variables for each algorithm, to make it easy to # switch each to the Legacy provider when needed. -$ECX_GOAL=../../libimplementations.a -$KDF_GOAL=../../libimplementations.a +$DH_GOAL=../../libdefault.a ../../libfips.a +$DSA_GOAL=../../libdefault.a ../../libfips.a +$EC_GOAL=../../libdefault.a ../../libfips.a +$ECX_GOAL=../../libdefault.a ../../libfips.a +$KDF_GOAL=../../libdefault.a ../../libfips.a +$MAC_GOAL=../../libdefault.a ../../libfips.a +$RSA_GOAL=../../libdefault.a ../../libfips.a IF[{- !$disabled{dh} -}] - SOURCE[../../libfips.a]=dh_kmgmt.c - SOURCE[../../libnonfips.a]=dh_kmgmt.c + SOURCE[$DH_GOAL]=dh_kmgmt.c ENDIF IF[{- !$disabled{dsa} -}] - SOURCE[../../libfips.a]=dsa_kmgmt.c - SOURCE[../../libnonfips.a]=dsa_kmgmt.c + SOURCE[$DSA_GOAL]=dsa_kmgmt.c ENDIF IF[{- !$disabled{ec} -}] - SOURCE[../../libfips.a]=ec_kmgmt.c - SOURCE[../../libnonfips.a]=ec_kmgmt.c + SOURCE[$EC_GOAL]=ec_kmgmt.c ENDIF IF[{- !$disabled{asm} -}] @@ -32,10 +34,8 @@ IF[{- !$disabled{ec} -}] DEFINE[$ECX_GOAL]=$ECDEF ENDIF -SOURCE[../../libfips.a]=rsa_kmgmt.c -SOURCE[../../libnonfips.a]=rsa_kmgmt.c +SOURCE[$RSA_GOAL]=rsa_kmgmt.c SOURCE[$KDF_GOAL]=kdf_legacy_kmgmt.c -SOURCE[../../libfips.a]=mac_legacy_kmgmt.c -SOURCE[../../libnonfips.a]=mac_legacy_kmgmt.c +SOURCE[$MAC_GOAL]=mac_legacy_kmgmt.c diff --git a/providers/implementations/macs/build.info b/providers/implementations/macs/build.info index 07c40d354b..35db66bf23 100644 --- a/providers/implementations/macs/build.info +++ b/providers/implementations/macs/build.info @@ -1,13 +1,13 @@ # We make separate GOAL variables for each algorithm, to make it easy to # switch each to the Legacy provider when needed. -$GMAC_GOAL=../../libimplementations.a -$HMAC_GOAL=../../libimplementations.a -$KMAC_GOAL=../../libimplementations.a -$CMAC_GOAL=../../libimplementations.a -$BLAKE2_GOAL=../../libimplementations.a -$SIPHASH_GOAL=../../libimplementations.a -$POLY1305_GOAL=../../libimplementations.a +$GMAC_GOAL=../../libdefault.a ../../libfips.a +$HMAC_GOAL=../../libdefault.a ../../libfips.a +$KMAC_GOAL=../../libdefault.a ../../libfips.a +$CMAC_GOAL=../../libdefault.a ../../libfips.a +$BLAKE2_GOAL=../../libdefault.a +$SIPHASH_GOAL=../../libdefault.a +$POLY1305_GOAL=../../libdefault.a SOURCE[$GMAC_GOAL]=gmac_prov.c SOURCE[$HMAC_GOAL]=hmac_prov.c @@ -17,8 +17,6 @@ IF[{- !$disabled{cmac} -}] SOURCE[$CMAC_GOAL]=cmac_prov.c ENDIF -$GOAL=../../libimplementations.a - IF[{- !$disabled{blake2} -}] SOURCE[$BLAKE2_GOAL]=blake2b_mac.c blake2s_mac.c ENDIF diff --git a/providers/implementations/rands/build.info b/providers/implementations/rands/build.info index b44c1caa8a..8bcac43be7 100644 --- a/providers/implementations/rands/build.info +++ b/providers/implementations/rands/build.info @@ -1,6 +1,6 @@ SUBDIRS=seeding -$COMMON=drbg.c test_rng.c drbg_ctr.c drbg_hash.c drbg_hmac.c crngt.c +$RANDS_GOAL=../../libdefault.a ../../libfips.a -SOURCE[../../libfips.a]=$COMMON -SOURCE[../../libnonfips.a]=$COMMON seed_src.c +SOURCE[$RANDS_GOAL]=drbg.c test_rng.c drbg_ctr.c drbg_hash.c drbg_hmac.c crngt.c +SOURCE[../../libdefault.a]=seed_src.c diff --git a/providers/implementations/rands/seeding/build.info b/providers/implementations/rands/seeding/build.info index 58c5be3daf..2788146ad4 100644 --- a/providers/implementations/rands/seeding/build.info +++ b/providers/implementations/rands/seeding/build.info @@ -6,5 +6,5 @@ IF[{- $config{target} =~ /vms/i -}] $COMMON=$COMMON rand_vms.c ENDIF -SOURCE[../../../libnonfips.a]=$COMMON +SOURCE[../../../libdefault.a]=$COMMON diff --git a/providers/implementations/signature/build.info b/providers/implementations/signature/build.info index 3df55b5ecc..539a57e24b 100644 --- a/providers/implementations/signature/build.info +++ b/providers/implementations/signature/build.info @@ -1,9 +1,11 @@ # We make separate GOAL variables for each algorithm, to make it easy to # switch each to the Legacy provider when needed. -$DSA_GOAL=../../libimplementations.a -$EC_GOAL=../../libimplementations.a -$SM2SIG_GOAL=../../libimplementations.a +$DSA_GOAL=../../libdefault.a ../../libfips.a +$EC_GOAL=../../libdefault.a ../../libfips.a +$MAC_GOAL=../../libdefault.a ../../libfips.a +$RSA_GOAL=../../libdefault.a ../../libfips.a +$SM2_GOAL=../../libdefault.a IF[{- !$disabled{dsa} -}] SOURCE[$DSA_GOAL]=dsa_sig.c @@ -17,8 +19,7 @@ IF[{- !$disabled{sm2} -}] SOURCE[$SM2_GOAL]=sm2_sig.c ENDIF -SOURCE[../../libfips.a]=rsa_sig.c -SOURCE[../../libnonfips.a]=rsa_sig.c +SOURCE[$RSA_GOAL]=rsa_sig.c DEPEND[rsa.o]=../../common/include/prov/der_rsa.h DEPEND[dsa.o]=../../common/include/prov/der_dsa.h @@ -26,5 +27,4 @@ DEPEND[ecdsa.o]=../../common/include/prov/der_ec.h DEPEND[eddsa.o]=../../common/include/prov/der_ecx.h DEPEND[sm2sig.o]=../../common/include/prov/der_sm2.h -SOURCE[../../libfips.a]=mac_legacy_sig.c -SOURCE[../../libnonfips.a]=mac_legacy_sig.c +SOURCE[$MAC_GOAL]=mac_legacy_sig.c diff --git a/providers/implementations/storemgmt/build.info b/providers/implementations/storemgmt/build.info index 89939cce54..ad47fb1fe8 100644 --- a/providers/implementations/storemgmt/build.info +++ b/providers/implementations/storemgmt/build.info @@ -1,6 +1,6 @@ # We make separate GOAL variables for each algorithm, to make it easy to # switch each to the Legacy provider when needed. -$STORE_GOAL=../../libimplementations.a +$STORE_GOAL=../../libdefault.a SOURCE[$STORE_GOAL]=file_store.c file_store_der2obj.c |