diff options
| author | Richard Levitte <levitte@openssl.org> | 2019-10-04 01:38:17 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2019-10-10 14:12:15 +0200 |
| commit | dec95d75897125133380c7ce3c6ce58c93c06f10 (patch) | |
| tree | c95ecfb434a58251f6f422d413eda49f1ac53857 /providers | |
| parent | e805c2d6d36d6be3db8141abc98f3ce5c6fa9776 (diff) | |
Rework how our providers are built
We put almost everything in these internal static libraries:
libcommon Block building code that can be used by all
our implementations, legacy and non-legacy
alike.
libimplementations All non-legacy algorithm implementations and
only them. All the code that ends up here is
agnostic to the definitions of FIPS_MODE.
liblegacy All legacy implementations.
libnonfips Support code for the algorithm implementations.
Built with FIPS_MODE undefined. Any code that
checks that FIPS_MODE isn't defined must end
up in this library.
libfips Support code for the algorithm implementations.
Built with FIPS_MODE defined. Any code that
checks that FIPS_MODE is defined must end up
in this library.
The FIPS provider module is built from providers/fips/*.c and linked
with libimplementations, libcommon and libfips.
The Legacy provider module is built from providers/legacy/*.c and
linked with liblegacy, libcommon and libcrypto.
If module building is disabled, the object files from liblegacy and
libcommon are added to libcrypto and the Legacy provider becomes a
built-in provider.
The Default provider module is built-in, so it ends up being linked
with libimplementations, libcommon and libnonfips. For libcrypto in
form of static library, the object files from those other libraries
are simply being added to libcrypto.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10088)
Diffstat (limited to 'providers')
22 files changed, 266 insertions, 125 deletions
diff --git a/providers/build.info b/providers/build.info index 80b2952494..e951c6229d 100644 --- a/providers/build.info +++ b/providers/build.info @@ -1,30 +1,150 @@ +# We place all implementations in static libraries, and then let the +# provider mains pilfer what they want through symbol resolution when +# linking. +# +# The non-legacy implementations (libimplementations) must be made FIPS +# agnostic as much as possible, as well as the common building blocks +# (libcommon). The legacy implementations (liblegacy) will never be +# part of the FIPS provider. +# +# If there is anything that isn't FIPS agnostic, it should be set aside +# in its own source file, which is then included directly into other +# static libraries geared for FIPS and non-FIPS providers, and built +# separately. +# +# libcommon.a Contains common building blocks, potentially +# needed both by non-legacy and legacy code. +# +# libimplementations.a Contains all non-legacy implementations. +# liblegacy.a Contains all legacy implementaions. +# +# libfips.a Contains all things needed to support +# FIPS implementations, such as code from +# crypto/ and object files that contain +# FIPS-specific code. FIPS_MODE is defined +# for this library. The FIPS module uses +# this. +# libnonfips.a Corresponds to libfips.a, but built with +# FIPS_MODE undefined. The default and legacy +# providers use this. + SUBDIRS=common default INCLUDE[../libcrypto]=common/include +# Libraries we're dealing with +$LIBCOMMON=libcommon.a +$LIBIMPLEMENTATIONS=libimplementations.a +$LIBLEGACY=liblegacy.a +$LIBNONFIPS=libnonfips.a +$LIBFIPS=libfips.a + +# Enough of our implementations include prov/ciphercommon.h (present in +# providers/common/include), which includes crypto/ciphermode_platform.h +# (present in include), which in turn may include very internal header +# files in crypto/, so let's have a common include list for them all. +$COMMON_INCLUDES=../crypto ../include common/include + +INCLUDE[$LIBCOMMON]=$COMMON_INCLUDES +INCLUDE[$LIBIMPLEMENTATIONS]=.. $COMMON_INCLUDES default/include +INCLUDE[$LIBLEGACY]=$COMMON_INCLUDES +INCLUDE[$LIBNONFIPS]=$COMMON_INCLUDES +INCLUDE[$LIBFIPS]=.. $COMMON_INCLUDES +DEFINE[$LIBFIPS]=FIPS_MODE + +# Weak dependencies to provide library order information. +# We make it weak so they aren't both used always; what is +# actually used is determined by non-weak dependencies. +DEPEND[$LIBIMPLEMENTATIONS]{weak}=$LIBFIPS $LIBNONFIPS +DEPEND[$LIBCOMMON]{weak}=$LIBFIPS + +# Strong dependencies. This ensures that any time libimplementations +# is used, libcommon gets included as well. +DEPEND[$LIBIMPLEMENTATIONS]=$LIBCOMMON +DEPEND[$LIBNONFIPS]=../libcrypto +# It's tempting to make libcommon depend on ../libcrypto. However, +# since the FIPS provider module must NOT depend on ../libcrypto, we +# need to set that dependency up specifically for the final products +# that use $LIBCOMMON or anything that depends on it. + +# Libraries common to all providers, must be built regardless +LIBS{noinst}=$LIBCOMMON +# Libraries that are common for all non-FIPS providers, must be built regardless +LIBS{noinst}=$LIBNONFIPS $LIBIMPLEMENTATIONS + +# +# Default provider stuff +# +# Because the default provider is built in, it means that libcrypto must +# include all the object files that are needed (we do that indirectly, +# by using the appropriate libraries as source). Note that for shared +# libraries, SOURCEd libraries are considered as if the where specified +# with DEPEND. +$DEFAULTGOAL=../libcrypto +SOURCE[$DEFAULTGOAL]=$LIBIMPLEMENTATIONS $LIBNONFIPS + +LIBS=$DEFAULTGOAL + +# +# FIPS provider stuff +# +# We define it this way to ensure that configdata.pm will have all the +# necessary information even if we don't build the module. This will allow +# us to make all kinds of checks on the source, based on what we specify in +# diverse build.info files. libfips.a, fips.so and their sources aren't +# built unless the proper LIBS or MODULES statement has been seen, so we +# have those and only those within a condition. +SUBDIRS=fips +$FIPSGOAL=fips +DEPEND[$FIPSGOAL]=$LIBIMPLEMENTATIONS $LIBFIPS +INCLUDE[$FIPSGOAL]=../include +IF[{- defined $target{shared_defflag} -}] + SOURCE[$FIPSGOAL]=fips.ld + GENERATE[fips.ld]=../util/providers.num +ENDIF + IF[{- !$disabled{fips} -}] - SUBDIRS=fips - MODULES=fips - IF[{- defined $target{shared_defflag} -}] - SOURCE[fips]=fips.ld - GENERATE[fips.ld]=../util/providers.num - ENDIF - INCLUDE[fips]=.. ../include common/include - DEFINE[fips]=FIPS_MODE + # This is the trigger to actually build the FIPS module. Without these + # statements, the final build file will not have a trace of it. + MODULES=$FIPSGOAL + LIBS{noinst}=$LIBFIPS ENDIF +# +# Legacy provider stuff +# IF[{- !$disabled{legacy} -}] + # The legacy implementation library SUBDIRS=legacy + LIBS{noinst}=$LIBLEGACY + DEPEND[$LIBLEGACY]=$LIBCOMMON $LIBNONFIPS + + # The Legacy provider IF[{- $disabled{module} -}] - LIBS=../libcrypto - DEFINE[../libcrypto]=STATIC_LEGACY + # Become built in + # In this case, we need to do the same thing a for the default provider, + # and make the liblegacy object files end up in libcrypto. We could also + # just say that for the built-in legacy, we put the source directly in + # libcrypto instead of going via liblegacy, but that makes writing the + # implementation specific build.info files harder to write, so we don't. + $LEGACYGOAL=../libcrypto + SOURCE[$LEGACYGOAL]=$LIBLEGACY + DEFINE[$LIBLEGACY]=STATIC_LEGACY + DEFINE[$LEGACYGOAL]=STATIC_LEGACY ELSE - MODULES=legacy + # Become a module + # In this case, we can work with dependencies + $LEGACYGOAL=legacy + MODULES=$LEGACYGOAL + DEPEND[$LEGACYGOAL]=$LIBLEGACY IF[{- defined $target{shared_defflag} -}] SOURCE[legacy]=legacy.ld GENERATE[legacy.ld]=../util/providers.num ENDIF - DEPEND[legacy]=../libcrypto - INCLUDE[legacy]=.. ../include common/include ENDIF + + # Common things that are valid no matter what form the Legacy provider + # takes. + INCLUDE[$LEGACYGOAL]=../include common/include ENDIF + diff --git a/providers/common/build.info b/providers/common/build.info index 916cc3e4ea..95c2fd107e 100644 --- a/providers/common/build.info +++ b/providers/common/build.info @@ -1,5 +1,6 @@ SUBDIRS=digests ciphers macs kdfs exchange keymgmt signature -$COMMON=provider_util.c -SOURCE[../../libcrypto]=$COMMON provider_err.c provlib.c -SOURCE[../fips]=$COMMON +SOURCE[../libcommon.a]=provider_err.c provlib.c +$FIPSCOMMON=provider_util.c +SOURCE[../libnonfips.a]=$FIPSCOMMON +SOURCE[../libfips.a]=$FIPSCOMMON diff --git a/providers/common/ciphers/build.info b/providers/common/ciphers/build.info index 0969e6d378..77376cce1e 100644 --- a/providers/common/ciphers/build.info +++ b/providers/common/ciphers/build.info @@ -1,21 +1,26 @@ -LIBS=../../../libcrypto +# This source is common building blockss for all ciphers in all our providers. +SOURCE[../../libcommon.a]=\ + cipher_common.c cipher_common_hw.c block.c \ + cipher_gcm.c cipher_gcm_hw.c \ + cipher_ccm.c cipher_ccm_hw.c + +# These are our implementations +$GOAL=../../libimplementations.a IF[{- !$disabled{des} -}] $COMMON_DES=cipher_tdes.c cipher_tdes_hw.c ENDIF -$COMMON=cipher_common.c cipher_common_hw.c block.c \ +SOURCE[$GOAL]=\ cipher_aes.c cipher_aes_hw.c \ cipher_aes_xts.c cipher_aes_xts_hw.c \ - cipher_gcm.c cipher_gcm_hw.c \ cipher_aes_gcm.c cipher_aes_gcm_hw.c \ - cipher_ccm.c cipher_ccm_hw.c \ cipher_aes_ccm.c cipher_aes_ccm_hw.c \ cipher_aes_wrp.c \ $COMMON_DES - -SOURCE[../../../libcrypto]=$COMMON -INCLUDE[../../../libcrypto]=. ../../../crypto +# Because some default ciphers need it +INCLUDE[$GOAL]=. -SOURCE[../../fips]=$COMMON -INCLUDE[../../fips]=. ../../../crypto +# Finally, we have a few things that aren't FIPS agnostic +SOURCE[../../libfips.a]=cipher_fips.c +SOURCE[../../libnonfips.a]=cipher_fips.c diff --git a/providers/common/ciphers/cipher_aes_xts.c b/providers/common/ciphers/cipher_aes_xts.c index fdda733d24..d0b999081e 100644 --- a/providers/common/ciphers/cipher_aes_xts.c +++ b/providers/common/ciphers/cipher_aes_xts.c @@ -20,12 +20,6 @@ #define AES_XTS_IV_BITS 128 #define AES_XTS_BLOCK_BITS 8 -#ifdef FIPS_MODE -static const int allow_insecure_decrypt = 0; -#else -static const int allow_insecure_decrypt = 1; -#endif /* FIPS_MODE */ - /* forward declarations */ static OSSL_OP_cipher_encrypt_init_fn aes_xts_einit; static OSSL_OP_cipher_decrypt_init_fn aes_xts_dinit; diff --git a/providers/common/ciphers/cipher_aes_xts.h b/providers/common/ciphers/cipher_aes_xts.h index 4f8a8f874f..16fb8c34cd 100644 --- a/providers/common/ciphers/cipher_aes_xts.h +++ b/providers/common/ciphers/cipher_aes_xts.h @@ -10,6 +10,12 @@ #include <openssl/aes.h> #include "internal/ciphers/ciphercommon.h" +/* + * Available in cipher_fips.c, and compiled with different values depending + * on we're in the FIPS module or not. + */ +extern const int allow_insecure_decrypt; + PROV_CIPHER_FUNC(void, xts_stream, (const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key1, const AES_KEY *key2, diff --git a/providers/common/ciphers/cipher_fips.c b/providers/common/ciphers/cipher_fips.c new file mode 100644 index 0000000000..c99d6ed2f4 --- /dev/null +++ b/providers/common/ciphers/cipher_fips.c @@ -0,0 +1,16 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "cipher_aes_xts.h" + +#ifdef FIPS_MODE +const int allow_insecure_decrypt = 0; +#else +const int allow_insecure_decrypt = 1; +#endif /* FIPS_MODE */ diff --git a/providers/common/digests/build.info b/providers/common/digests/build.info index fbbce36e87..2a8e8aa397 100644 --- a/providers/common/digests/build.info +++ b/providers/common/digests/build.info @@ -1,5 +1,7 @@ -$COMMON=sha2_prov.c sha3_prov.c digest_common.c +# This source is common for all digests in all our providers. +SOURCE[../../libcommon.a]=digest_common.c -SOURCE[../../../libcrypto]=$COMMON -SOURCE[../../fips]=$COMMON -SOURCE[../../legacy]= digest_common.c +# These are our implementations +$GOAL=../../libimplementations.a + +SOURCE[$GOAL]=sha2_prov.c sha3_prov.c diff --git a/providers/common/exchange/build.info b/providers/common/exchange/build.info index c99c9d81b5..90ea0c9a02 100644 --- a/providers/common/exchange/build.info +++ b/providers/common/exchange/build.info @@ -1,7 +1,5 @@ -LIBS=../../../libcrypto +$GOAL=../../libimplementations.a + IF[{- !$disabled{dh} -}] - SOURCE[../../../libcrypto]=\ - dh_exch.c + SOURCE[$GOAL]=dh_exch.c ENDIF - - diff --git a/providers/common/kdfs/build.info b/providers/common/kdfs/build.info index 8a723d488d..b2b354dc34 100644 --- a/providers/common/kdfs/build.info +++ b/providers/common/kdfs/build.info @@ -1,13 +1,5 @@ -$COMMON=tls1_prf.c hkdf.c kbkdf.c pbkdf2.c sskdf.c +$GOAL=../../libimplementations.a -LIBS=../../../libcrypto -SOURCE[../../../libcrypto]=$COMMON -INCLUDE[../../../libcrypto]=. ../../../crypto - -IF[{- !$disabled{fips} -}] - MODULES=../../fips - SOURCE[../../fips]=$COMMON - INCLUDE[../../fips]=. ../../../crypto -ENDIF - - +SOURCE[$GOAL]=tls1_prf.c hkdf.c kbkdf.c pbkdf2.c sskdf.c +SOURCE[../../libfips.a]=pbkdf2_fips.c +SOURCE[../../libnonfips.a]=pbkdf2_fips.c diff --git a/providers/common/kdfs/pbkdf2.c b/providers/common/kdfs/pbkdf2.c index b98123b872..68aa0aa7c4 100644 --- a/providers/common/kdfs/pbkdf2.c +++ b/providers/common/kdfs/pbkdf2.c @@ -21,21 +21,13 @@ #include "internal/providercommonerr.h" #include "internal/provider_algs.h" #include "internal/provider_util.h" +#include "pbkdf2.h" /* Constants specified in SP800-132 */ #define KDF_PBKDF2_MIN_KEY_LEN_BITS 112 #define KDF_PBKDF2_MAX_KEY_LEN_DIGEST_RATIO 0xFFFFFFFF #define KDF_PBKDF2_MIN_ITERATIONS 1000 #define KDF_PBKDF2_MIN_SALT_LEN (128 / 8) -/* - * For backwards compatibility reasons, - * Extra checks are done by default in fips mode only. - */ -#ifdef FIPS_MODE -# define KDF_PBKDF2_DEFAULT_CHECKS 1 -#else -# define KDF_PBKDF2_DEFAULT_CHECKS 0 -#endif /* FIPS_MODE */ static OSSL_OP_kdf_newctx_fn kdf_pbkdf2_new; static OSSL_OP_kdf_freectx_fn kdf_pbkdf2_free; @@ -111,7 +103,7 @@ static void kdf_pbkdf2_init(KDF_PBKDF2 *ctx) /* This is an error, but there is no way to indicate such directly */ ossl_prov_digest_reset(&ctx->digest); ctx->iter = PKCS5_DEFAULT_ITER; - ctx->lower_bound_checks = KDF_PBKDF2_DEFAULT_CHECKS; + ctx->lower_bound_checks = kdf_pbkdf2_default_checks; } static int pbkdf2_set_membuf(unsigned char **buffer, size_t *buflen, diff --git a/providers/common/kdfs/pbkdf2.h b/providers/common/kdfs/pbkdf2.h new file mode 100644 index 0000000000..c8c2e5b8a7 --- /dev/null +++ b/providers/common/kdfs/pbkdf2.h @@ -0,0 +1,14 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Available in pbkdfe_fips.c, and compiled with different values depending + * on we're in the FIPS module or not. + */ +extern const int kdf_pbkdf2_default_checks; diff --git a/providers/common/kdfs/pbkdf2_fips.c b/providers/common/kdfs/pbkdf2_fips.c new file mode 100644 index 0000000000..d33782b24c --- /dev/null +++ b/providers/common/kdfs/pbkdf2_fips.c @@ -0,0 +1,20 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "pbkdf2.h" + +/* + * For backwards compatibility reasons, + * Extra checks are done by default in fips mode only. + */ +#ifdef FIPS_MODE +const int kdf_pbkdf2_default_checks = 1; +#else +const int kdf_pbkdf2_default_checks = 0; +#endif /* FIPS_MODE */ diff --git a/providers/common/keymgmt/build.info b/providers/common/keymgmt/build.info index e66190c401..533c489077 100644 --- a/providers/common/keymgmt/build.info +++ b/providers/common/keymgmt/build.info @@ -1,9 +1,8 @@ -LIBS=../../../libcrypto +$GOAL=../../libimplementations.a + IF[{- !$disabled{dh} -}] - SOURCE[../../../libcrypto]=\ - dh_kmgmt.c + SOURCE[$GOAL]=dh_kmgmt.c ENDIF IF[{- !$disabled{dsa} -}] - SOURCE[../../../libcrypto]=\ - dsa_kmgmt.c + SOURCE[$GOAL]=dsa_kmgmt.c ENDIF diff --git a/providers/common/macs/build.info b/providers/common/macs/build.info index 832a1e76ec..1eafe70604 100644 --- a/providers/common/macs/build.info +++ b/providers/common/macs/build.info @@ -1,15 +1,9 @@ +$GOAL=../../libimplementations.a + $COMMON=gmac_prov.c hmac_prov.c kmac_prov.c IF[{- !$disabled{cmac} -}] $COMMON=$COMMON cmac_prov.c ENDIF -LIBS=../../../libcrypto -SOURCE[../../../libcrypto]=$COMMON -INCLUDE[../../../libcrypto]=. ../../../crypto - -IF[{- !$disabled{fips} -}] - MODULES=../../fips - SOURCE[../../fips]=$COMMON - INCLUDE[../../fips]=. ../../../crypto -ENDIF +SOURCE[$GOAL]=$COMMON diff --git a/providers/common/signature/build.info b/providers/common/signature/build.info index 5b64229dfc..496fb7d7d8 100644 --- a/providers/common/signature/build.info +++ b/providers/common/signature/build.info @@ -1,7 +1,7 @@ -LIBS=../../../libcrypto +$GOAL=../../libimplementations.a + IF[{- !$disabled{dsa} -}] - SOURCE[../../../libcrypto]=\ - dsa.c + SOURCE[$GOAL]=dsa.c ENDIF diff --git a/providers/default/build.info b/providers/default/build.info index ca78cce0a8..31ae507965 100644 --- a/providers/default/build.info +++ b/providers/default/build.info @@ -1,6 +1,4 @@ -SUBDIRS=digests macs ciphers SUBDIRS=digests kdfs macs ciphers -LIBS=../../libcrypto -SOURCE[../../libcrypto]=\ - defltprov.c -INCLUDE[../../libcrypto]=include +$GOAL=../../libcrypto +SOURCE[$GOAL]=defltprov.c +INCLUDE[$GOAL]=include diff --git a/providers/default/ciphers/build.info b/providers/default/ciphers/build.info index 5142357c7e..0440789573 100644 --- a/providers/default/ciphers/build.info +++ b/providers/default/ciphers/build.info @@ -1,7 +1,7 @@ -LIBS=../../../libcrypto +$GOAL=../../libimplementations.a IF[{- !$disabled{des} -}] - SOURCE[../../../libcrypto]=\ + SOURCE[$GOAL]=\ cipher_tdes_default.c cipher_tdes_default_hw.c \ cipher_tdes_wrap.c cipher_tdes_wrap_hw.c \ cipher_desx.c cipher_desx_hw.c \ @@ -9,59 +9,59 @@ IF[{- !$disabled{des} -}] ENDIF IF[{- !$disabled{aria} -}] - SOURCE[../../../libcrypto]=\ + SOURCE[$GOAL]=\ cipher_aria.c cipher_aria_hw.c \ cipher_aria_gcm.c cipher_aria_gcm_hw.c \ cipher_aria_ccm.c cipher_aria_ccm_hw.c ENDIF IF[{- !$disabled{camellia} -}] - SOURCE[../../../libcrypto]=\ + SOURCE[$GOAL]=\ cipher_camellia.c cipher_camellia_hw.c ENDIF IF[{- !$disabled{bf} -}] - SOURCE[../../../libcrypto]=\ + SOURCE[$GOAL]=\ cipher_blowfish.c cipher_blowfish_hw.c ENDIF IF[{- !$disabled{idea} -}] - SOURCE[../../../libcrypto]=\ + SOURCE[$GOAL]=\ cipher_idea.c cipher_idea_hw.c ENDIF IF[{- !$disabled{cast} -}] - SOURCE[../../../libcrypto]=\ + SOURCE[$GOAL]=\ cipher_cast5.c cipher_cast5_hw.c ENDIF IF[{- !$disabled{seed} -}] - SOURCE[../../../libcrypto]=\ + SOURCE[$GOAL]=\ cipher_seed.c cipher_seed_hw.c ENDIF IF[{- !$disabled{sm4} -}] - SOURCE[../../../libcrypto]=\ + SOURCE[$GOAL]=\ cipher_sm4.c cipher_sm4_hw.c ENDIF IF[{- !$disabled{ocb} -}] - SOURCE[../../../libcrypto]=\ + SOURCE[$GOAL]=\ cipher_aes_ocb.c cipher_aes_ocb_hw.c ENDIF IF[{- !$disabled{rc4} -}] - SOURCE[../../../libcrypto]=\ + SOURCE[$GOAL]=\ cipher_rc4.c cipher_rc4_hw.c ENDIF IF[{- !$disabled{rc5} -}] - SOURCE[../../../libcrypto]=\ + SOURCE[$GOAL]=\ cipher_rc5.c cipher_rc5_hw.c ENDIF IF[{- !$disabled{rc2} -}] - SOURCE[../../../libcrypto]=\ + SOURCE[$GOAL]=\ cipher_rc2.c cipher_rc2_hw.c ENDIF diff --git a/providers/default/digests/build.info b/providers/default/digests/build.info index 9d61229ae7..6869657ec9 100644 --- a/providers/default/digests/build.info +++ b/providers/default/digests/build.info @@ -1,15 +1,16 @@ +$GOAL=../../libimplementations.a IF[{- !$disabled{blake2} -}] - SOURCE[../../../libcrypto]=\ + SOURCE[$GOAL]=\ blake2_prov.c blake2b_prov.c blake2s_prov.c ENDIF IF[{- !$disabled{sm3} -}] - SOURCE[../../../libcrypto]=\ + SOURCE[$GOAL]=\ sm3_prov.c ENDIF IF[{- !$disabled{md5} -}] - SOURCE[../../../libcrypto]=\ + SOURCE[$GOAL]=\ md5_prov.c md5_sha1_prov.c ENDIF diff --git a/providers/default/kdfs/build.info b/providers/default/kdfs/build.info index 27047c5286..90b127d731 100644 --- a/providers/default/kdfs/build.info +++ b/providers/default/kdfs/build.info @@ -1,3 +1,2 @@ -LIBS=../../../libcrypto -SOURCE[../../../libcrypto]=scrypt.c sshkdf.c x942kdf.c -INCLUDE[../../../libcrypto]=. ../../../crypto +$GOAL=../../libimplementations.a +SOURCE[$GOAL]=scrypt.c sshkdf.c x942kdf.c diff --git a/providers/default/macs/build.info b/providers/default/macs/build.info index fa7f5e479a..821a3d467b 100644 --- a/providers/default/macs/build.info +++ b/providers/default/macs/build.info @@ -1,15 +1,13 @@ -LIBS=../../../libcrypto +$GOAL=../../libimplementations.a IF[{- !$disabled{blake2} -}] - SOURCE[../../../libcrypto]=blake2b_mac.c blake2s_mac.c + SOURCE[$GOAL]=blake2b_mac.c blake2s_mac.c ENDIF IF[{- !$disabled{siphash} -}] - SOURCE[../../../libcrypto]=siphash_prov.c + SOURCE[$GOAL]=siphash_prov.c ENDIF IF[{- !$disabled{poly1305} -}] - SOURCE[../../../libcrypto]=poly1305_prov.c + SOURCE[$GOAL]=poly1305_prov.c ENDIF - -INCLUDE[../../../libcrypto]=. ../../../crypto diff --git a/providers/fips/build.info b/providers/fips/build.info index 9b8effa85c..829d8ef3ea 100644 --- a/providers/fips/build.info +++ b/providers/fips/build.info @@ -1,2 +1,3 @@ SOURCE[../fips]=fipsprov.c selftest.c +INCLUDE[../fips]=../common/include
\ No newline at end of file diff --git a/providers/legacy/digests/build.info b/providers/legacy/digests/build.info index 2c85970dde..4e1aeb6ddd 100644 --- a/providers/legacy/digests/build.info +++ b/providers/legacy/digests/build.info @@ -1,30 +1,21 @@ -IF[{- $disabled{module} -}] - $GOAL=../../../libcrypto -ELSE - $GOAL=../../legacy -ENDIF +$GOAL=../../liblegacy.a IF[{- !$disabled{md2} -}] - SOURCE[$GOAL]=\ - md2_prov.c + SOURCE[$GOAL]=md2_prov.c ENDIF IF[{- !$disabled{md4} -}] - SOURCE[$GOAL]=\ - md4_prov.c + SOURCE[$GOAL]=md4_prov.c ENDIF IF[{- !$disabled{mdc2} -}] - SOURCE[$GOAL]=\ - mdc2_prov.c + SOURCE[$GOAL]=mdc2_prov.c ENDIF IF[{- !$disabled{whirlpool} -}] - SOURCE[$GOAL]=\ - wp_prov.c + SOURCE[$GOAL]=wp_prov.c ENDIF IF[{- !$disabled{rmd160} -}] - SOURCE[$GOAL]=\ - ripemd_prov.c -ENDIF
\ No newline at end of file + SOURCE[$GOAL]=ripemd_prov.c +ENDIF |