Browse Source

Rework how our providers are built

We put almost everything in these internal static libraries:

libcommon               Block building code that can be used by all
                        our implementations, legacy and non-legacy
                        alike.
libimplementations      All non-legacy algorithm implementations and
                        only them.  All the code that ends up here is
                        agnostic to the definitions of FIPS_MODE.
liblegacy               All legacy implementations.

libnonfips              Support code for the algorithm implementations.
                        Built with FIPS_MODE undefined.  Any code that
                        checks that FIPS_MODE isn't defined must end
                        up in this library.
libfips                 Support code for the algorithm implementations.
                        Built with FIPS_MODE defined.  Any code that
                        checks that FIPS_MODE is defined must end up
                        in this library.

The FIPS provider module is built from providers/fips/*.c and linked
with libimplementations, libcommon and libfips.

The Legacy provider module is built from providers/legacy/*.c and
linked with liblegacy, libcommon and libcrypto.
If module building is disabled, the object files from liblegacy and
libcommon are added to libcrypto and the Legacy provider becomes a
built-in provider.

The Default provider module is built-in, so it ends up being linked
with libimplementations, libcommon and libnonfips.  For libcrypto in
form of static library, the object files from those other libraries
are simply being added to libcrypto.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10088)
master
Richard Levitte 3 years ago
parent
commit
dec95d7589
37 changed files with 288 additions and 147 deletions
  1. +2
    -2
      crypto/aes/build.info
  2. +2
    -2
      crypto/bn/build.info
  3. +1
    -1
      crypto/buffer/build.info
  4. +3
    -3
      crypto/build.info
  5. +1
    -1
      crypto/cmac/build.info
  6. +1
    -1
      crypto/des/build.info
  7. +2
    -2
      crypto/ec/build.info
  8. +1
    -1
      crypto/evp/build.info
  9. +1
    -1
      crypto/hmac/build.info
  10. +1
    -1
      crypto/lhash/build.info
  11. +2
    -2
      crypto/modes/build.info
  12. +1
    -1
      crypto/property/build.info
  13. +1
    -1
      crypto/rand/build.info
  14. +2
    -2
      crypto/sha/build.info
  15. +1
    -1
      crypto/stack/build.info
  16. +133
    -13
      providers/build.info
  17. +4
    -3
      providers/common/build.info
  18. +14
    -9
      providers/common/ciphers/build.info
  19. +0
    -6
      providers/common/ciphers/cipher_aes_xts.c
  20. +6
    -0
      providers/common/ciphers/cipher_aes_xts.h
  21. +16
    -0
      providers/common/ciphers/cipher_fips.c
  22. +6
    -4
      providers/common/digests/build.info
  23. +3
    -5
      providers/common/exchange/build.info
  24. +4
    -12
      providers/common/kdfs/build.info
  25. +2
    -10
      providers/common/kdfs/pbkdf2.c
  26. +14
    -0
      providers/common/kdfs/pbkdf2.h
  27. +20
    -0
      providers/common/kdfs/pbkdf2_fips.c
  28. +4
    -5
      providers/common/keymgmt/build.info
  29. +3
    -9
      providers/common/macs/build.info
  30. +3
    -3
      providers/common/signature/build.info
  31. +3
    -5
      providers/default/build.info
  32. +13
    -13
      providers/default/ciphers/build.info
  33. +4
    -3
      providers/default/digests/build.info
  34. +2
    -3
      providers/default/kdfs/build.info
  35. +4
    -6
      providers/default/macs/build.info
  36. +1
    -0
      providers/fips/build.info
  37. +7
    -16
      providers/legacy/digests/build.info

+ 2
- 2
crypto/aes/build.info View File

@ -62,8 +62,8 @@ ENDIF
$COMMON=aes_misc.c aes_ecb.c $AESASM
SOURCE[../../libcrypto]=$COMMON aes_cfb.c aes_ofb.c aes_ige.c aes_wrap.c
DEFINE[../../libcrypto]=$AESDEF
SOURCE[../../providers/fips]=$COMMON
DEFINE[../../providers/fips]=$AESDEF
SOURCE[../../providers/libfips.a]=$COMMON
DEFINE[../../providers/libfips.a]=$AESDEF
GENERATE[aes-ia64.s]=asm/aes-ia64.S


+ 2
- 2
crypto/bn/build.info View File

@ -109,8 +109,8 @@ $COMMON=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c \
bn_rsa_fips186_4.c $BNASM
SOURCE[../../libcrypto]=$COMMON bn_print.c bn_err.c bn_depr.c bn_srp.c
DEFINE[../../libcrypto]=$BNDEF
SOURCE[../../providers/fips]=$COMMON
DEFINE[../../providers/fips]=$BNDEF
SOURCE[../../providers/libfips.a]=$COMMON
DEFINE[../../providers/libfips.a]=$BNDEF
INCLUDE[../../libcrypto]=../../crypto/include


+ 1
- 1
crypto/buffer/build.info View File

@ -1,3 +1,3 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=buffer.c buf_err.c
SOURCE[../../providers/fips]=buffer.c
SOURCE[../../providers/libfips.a]=buffer.c

+ 3
- 3
crypto/build.info View File

@ -63,7 +63,7 @@ $CORE_COMMON=provider_core.c provider_predefined.c \
core_fetch.c core_algorithm.c core_namemap.c
SOURCE[../libcrypto]=$CORE_COMMON provider_conf.c
SOURCE[../providers/fips]=$CORE_COMMON
SOURCE[../providers/libfips.a]=$CORE_COMMON
# Central utilities
$UTIL_COMMON=\
@ -78,8 +78,8 @@ SOURCE[../libcrypto]=$UTIL_COMMON \
o_fopen.c getenv.c o_init.c o_fips.c init.c trace.c provider.c \
$UPLINKSRC
DEFINE[../libcrypto]=$UTIL_DEFINE $UPLINKDEF
SOURCE[../providers/fips]=$UTIL_COMMON
DEFINE[../providers/fips]=$UTIL_DEFINE
SOURCE[../providers/libfips.a]=$UTIL_COMMON
DEFINE[../providers/libfips.a]=$UTIL_DEFINE
DEPEND[info.o]=buildinf.h


+ 1
- 1
crypto/cmac/build.info View File

@ -3,4 +3,4 @@ LIBS=../../libcrypto
$COMMON=cmac.c
SOURCE[../../libcrypto]=$COMMON cm_ameth.c
SOURCE[../../providers/fips]=$COMMON
SOURCE[../../providers/libfips.a]=$COMMON

+ 1
- 1
crypto/des/build.info View File

@ -20,7 +20,7 @@ SOURCE[../../libcrypto]=$COMMON\
ofb64ede.c ofb64enc.c ofb_enc.c \
str2key.c pcbc_enc.c qud_cksm.c rand_key.c \
fcrypt.c xcbc_enc.c cbc_cksm.c
SOURCE[../../providers/fips]=$COMMON
SOURCE[../../providers/libfips.a]=$COMMON
GENERATE[des_enc-sparc.S]=asm/des_enc.m4
GENERATE[dest4-sparcv9.S]=asm/dest4-sparcv9.pl


+ 2
- 2
crypto/ec/build.info View File

@ -57,8 +57,8 @@ $COMMON=ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \
SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c ecx_meth.c ec_err.c \
ecdh_kdf.c eck_prn.c
DEFINE[../../libcrypto]=$ECDEF
SOURCE[../../providers/fips]=$COMMON
DEFINE[../../providers/fips]=$ECDEF
SOURCE[../../providers/libfips.a]=$COMMON
DEFINE[../../providers/libfips.a]=$ECDEF
GENERATE[ecp_nistz256-x86.s]=asm/ecp_nistz256-x86.pl


+ 1
- 1
crypto/evp/build.info View File

@ -18,7 +18,7 @@ SOURCE[../../libcrypto]=$COMMON\
e_chacha20_poly1305.c \
pkey_mac.c exchange.c \
legacy_sha.c legacy_md5_sha1.c
SOURCE[../../providers/fips]=$COMMON
SOURCE[../../providers/libfips.a]=$COMMON
INCLUDE[e_aes.o]=.. ../modes
INCLUDE[e_aes_cbc_hmac_sha1.o]=../modes


+ 1
- 1
crypto/hmac/build.info View File

@ -3,4 +3,4 @@ LIBS=../../libcrypto
$COMMON=hmac.c
SOURCE[../../libcrypto]=$COMMON hm_ameth.c
SOURCE[../../providers/fips]=$COMMON
SOURCE[../../providers/libfips.a]=$COMMON

+ 1
- 1
crypto/lhash/build.info View File

@ -1,5 +1,5 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
lhash.c lh_stats.c
SOURCE[../../providers/fips]=\
SOURCE[../../providers/libfips.a]=\
lhash.c

+ 2
- 2
crypto/modes/build.info View File

@ -54,8 +54,8 @@ SOURCE[../../libcrypto]=$COMMON \
cts128.c ocb128.c siv128.c
DEFINE[../../libcrypto]=$MODESDEF
SOURCE[../../providers/fips]=$COMMON
DEFINE[../../providers/fips]=$MODESDEF
SOURCE[../../providers/libfips.a]=$COMMON
DEFINE[../../providers/libfips.a]=$MODESDEF
INCLUDE[gcm128.o]=..


+ 1
- 1
crypto/property/build.info View File

@ -1,4 +1,4 @@
LIBS=../../libcrypto
$COMMON=property_string.c property_parse.c property.c defn_cache.c
SOURCE[../../libcrypto]=$COMMON property_err.c
SOURCE[../../providers/fips]=$COMMON
SOURCE[../../providers/libfips.a]=$COMMON

+ 1
- 1
crypto/rand/build.info View File

@ -4,4 +4,4 @@ $COMMON=rand_lib.c rand_crng_test.c rand_win.c rand_unix.c rand_vms.c \
drbg_lib.c drbg_ctr.c rand_vxworks.c drbg_hash.c drbg_hmac.c
SOURCE[../../libcrypto]=$COMMON randfile.c rand_err.c rand_egd.c
SOURCE[../../providers/fips]=$COMMON
SOURCE[../../providers/libfips.a]=$COMMON

+ 2
- 2
crypto/sha/build.info View File

@ -76,8 +76,8 @@ ENDIF
$COMMON=sha1dgst.c sha256.c sha512.c sha3.c $SHA1ASM $KECCAK1600ASM
SOURCE[../../libcrypto]=$COMMON sha1_one.c
DEFINE[../../libcrypto]=$SHA1DEF $KECCAK1600DEF
SOURCE[../../providers/fips]= $COMMON
DEFINE[../../providers/fips]= $SHA1DEF $KECCAK1600DEF
SOURCE[../../providers/libfips.a]= $COMMON
DEFINE[../../providers/libfips.a]= $SHA1DEF $KECCAK1600DEF
GENERATE[sha1-586.s]=asm/sha1-586.pl
DEPEND[sha1-586.s]=../perlasm/x86asm.pl


+ 1
- 1
crypto/stack/build.info View File

@ -1,3 +1,3 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=stack.c
SOURCE[../../providers/fips]=stack.c
SOURCE[../../providers/libfips.a]=stack.c

+ 133
- 13
providers/build.info View File

@ -1,30 +1,150 @@
# We place all implementations in static libraries, and then let the
# provider mains pilfer what they want through symbol resolution when
# linking.
#
# The non-legacy implementations (libimplementations) must be made FIPS
# agnostic as much as possible, as well as the common building blocks
# (libcommon). The legacy implementations (liblegacy) will never be
# part of the FIPS provider.
#
# If there is anything that isn't FIPS agnostic, it should be set aside
# in its own source file, which is then included directly into other
# static libraries geared for FIPS and non-FIPS providers, and built
# separately.
#
# libcommon.a Contains common building blocks, potentially
# needed both by non-legacy and legacy code.
#
# libimplementations.a Contains all non-legacy implementations.
# liblegacy.a Contains all legacy implementaions.
#
# libfips.a Contains all things needed to support
# FIPS implementations, such as code from
# crypto/ and object files that contain
# FIPS-specific code. FIPS_MODE is defined
# for this library. The FIPS module uses
# this.
# libnonfips.a Corresponds to libfips.a, but built with
# FIPS_MODE undefined. The default and legacy
# providers use this.
SUBDIRS=common default
INCLUDE[../libcrypto]=common/include
# Libraries we're dealing with
$LIBCOMMON=libcommon.a
$LIBIMPLEMENTATIONS=libimplementations.a
$LIBLEGACY=liblegacy.a
$LIBNONFIPS=libnonfips.a
$LIBFIPS=libfips.a
# Enough of our implementations include prov/ciphercommon.h (present in
# providers/common/include), which includes crypto/ciphermode_platform.h
# (present in include), which in turn may include very internal header
# files in crypto/, so let's have a common include list for them all.
$COMMON_INCLUDES=../crypto ../include common/include
INCLUDE[$LIBCOMMON]=$COMMON_INCLUDES
INCLUDE[$LIBIMPLEMENTATIONS]=.. $COMMON_INCLUDES default/include
INCLUDE[$LIBLEGACY]=$COMMON_INCLUDES
INCLUDE[$LIBNONFIPS]=$COMMON_INCLUDES
INCLUDE[$LIBFIPS]=.. $COMMON_INCLUDES
DEFINE[$LIBFIPS]=FIPS_MODE
# Weak dependencies to provide library order information.
# We make it weak so they aren't both used always; what is
# actually used is determined by non-weak dependencies.
DEPEND[$LIBIMPLEMENTATIONS]{weak}=$LIBFIPS $LIBNONFIPS
DEPEND[$LIBCOMMON]{weak}=$LIBFIPS
# Strong dependencies. This ensures that any time libimplementations
# is used, libcommon gets included as well.
DEPEND[$LIBIMPLEMENTATIONS]=$LIBCOMMON
DEPEND[$LIBNONFIPS]=../libcrypto
# It's tempting to make libcommon depend on ../libcrypto. However,
# since the FIPS provider module must NOT depend on ../libcrypto, we
# need to set that dependency up specifically for the final products
# that use $LIBCOMMON or anything that depends on it.
# Libraries common to all providers, must be built regardless
LIBS{noinst}=$LIBCOMMON
# Libraries that are common for all non-FIPS providers, must be built regardless
LIBS{noinst}=$LIBNONFIPS $LIBIMPLEMENTATIONS
#
# Default provider stuff
#
# Because the default provider is built in, it means that libcrypto must
# include all the object files that are needed (we do that indirectly,
# by using the appropriate libraries as source). Note that for shared
# libraries, SOURCEd libraries are considered as if the where specified
# with DEPEND.
$DEFAULTGOAL=../libcrypto
SOURCE[$DEFAULTGOAL]=$LIBIMPLEMENTATIONS $LIBNONFIPS
LIBS=$DEFAULTGOAL
#
# FIPS provider stuff
#
# We define it this way to ensure that configdata.pm will have all the
# necessary information even if we don't build the module. This will allow
# us to make all kinds of checks on the source, based on what we specify in
# diverse build.info files. libfips.a, fips.so and their sources aren't
# built unless the proper LIBS or MODULES statement has been seen, so we
# have those and only those within a condition.
SUBDIRS=fips
$FIPSGOAL=fips
DEPEND[$FIPSGOAL]=$LIBIMPLEMENTATIONS $LIBFIPS
INCLUDE[$FIPSGOAL]=../include
IF[{- defined $target{shared_defflag} -}]
SOURCE[$FIPSGOAL]=fips.ld
GENERATE[fips.ld]=../util/providers.num
ENDIF
IF[{- !$disabled{fips} -}]
SUBDIRS=fips
MODULES=fips
IF[{- defined $target{shared_defflag} -}]
SOURCE[fips]=fips.ld
GENERATE[fips.ld]=../util/providers.num
ENDIF
INCLUDE[fips]=.. ../include common/include
DEFINE[fips]=FIPS_MODE
# This is the trigger to actually build the FIPS module. Without these
# statements, the final build file will not have a trace of it.
MODULES=$FIPSGOAL
LIBS{noinst}=$LIBFIPS
ENDIF
#
# Legacy provider stuff
#
IF[{- !$disabled{legacy} -}]
# The legacy implementation library
SUBDIRS=legacy
LIBS{noinst}=$LIBLEGACY
DEPEND[$LIBLEGACY]=$LIBCOMMON $LIBNONFIPS
# The Legacy provider
IF[{- $disabled{module} -}]
LIBS=../libcrypto
DEFINE[../libcrypto]=STATIC_LEGACY
# Become built in
# In this case, we need to do the same thing a for the default provider,
# and make the liblegacy object files end up in libcrypto. We could also
# just say that for the built-in legacy, we put the source directly in
# libcrypto instead of going via liblegacy, but that makes writing the
# implementation specific build.info files harder to write, so we don't.
$LEGACYGOAL=../libcrypto
SOURCE[$LEGACYGOAL]=$LIBLEGACY
DEFINE[$LIBLEGACY]=STATIC_LEGACY
DEFINE[$LEGACYGOAL]=STATIC_LEGACY
ELSE
MODULES=legacy
# Become a module
# In this case, we can work with dependencies
$LEGACYGOAL=legacy
MODULES=$LEGACYGOAL
DEPEND[$LEGACYGOAL]=$LIBLEGACY
IF[{- defined $target{shared_defflag} -}]
SOURCE[legacy]=legacy.ld
GENERATE[legacy.ld]=../util/providers.num
ENDIF
DEPEND[legacy]=../libcrypto
INCLUDE[legacy]=.. ../include common/include
ENDIF
# Common things that are valid no matter what form the Legacy provider
# takes.
INCLUDE[$LEGACYGOAL]=../include common/include
ENDIF

+ 4
- 3
providers/common/build.info View File

@ -1,5 +1,6 @@
SUBDIRS=digests ciphers macs kdfs exchange keymgmt signature
$COMMON=provider_util.c
SOURCE[../../libcrypto]=$COMMON provider_err.c provlib.c
SOURCE[../fips]=$COMMON
SOURCE[../libcommon.a]=provider_err.c provlib.c
$FIPSCOMMON=provider_util.c
SOURCE[../libnonfips.a]=$FIPSCOMMON
SOURCE[../libfips.a]=$FIPSCOMMON

+ 14
- 9
providers/common/ciphers/build.info View File

@ -1,21 +1,26 @@
LIBS=../../../libcrypto
# This source is common building blockss for all ciphers in all our providers.
SOURCE[../../libcommon.a]=\
cipher_common.c cipher_common_hw.c block.c \
cipher_gcm.c cipher_gcm_hw.c \
cipher_ccm.c cipher_ccm_hw.c
# These are our implementations
$GOAL=../../libimplementations.a
IF[{- !$disabled{des} -}]
$COMMON_DES=cipher_tdes.c cipher_tdes_hw.c
ENDIF
$COMMON=cipher_common.c cipher_common_hw.c block.c \
SOURCE[$GOAL]=\
cipher_aes.c cipher_aes_hw.c \
cipher_aes_xts.c cipher_aes_xts_hw.c \
cipher_gcm.c cipher_gcm_hw.c \
cipher_aes_gcm.c cipher_aes_gcm_hw.c \
cipher_ccm.c cipher_ccm_hw.c \
cipher_aes_ccm.c cipher_aes_ccm_hw.c \
cipher_aes_wrp.c \
$COMMON_DES
SOURCE[../../../libcrypto]=$COMMON
INCLUDE[../../../libcrypto]=. ../../../crypto
# Because some default ciphers need it
INCLUDE[$GOAL]=.
SOURCE[../../fips]=$COMMON
INCLUDE[../../fips]=. ../../../crypto
# Finally, we have a few things that aren't FIPS agnostic
SOURCE[../../libfips.a]=cipher_fips.c
SOURCE[../../libnonfips.a]=cipher_fips.c

+ 0
- 6
providers/common/ciphers/cipher_aes_xts.c View File

@ -20,12 +20,6 @@
#define AES_XTS_IV_BITS 128
#define AES_XTS_BLOCK_BITS 8
#ifdef FIPS_MODE
static const int allow_insecure_decrypt = 0;
#else
static const int allow_insecure_decrypt = 1;
#endif /* FIPS_MODE */
/* forward declarations */
static OSSL_OP_cipher_encrypt_init_fn aes_xts_einit;
static OSSL_OP_cipher_decrypt_init_fn aes_xts_dinit;


+ 6
- 0
providers/common/ciphers/cipher_aes_xts.h View File

@ -10,6 +10,12 @@
#include <openssl/aes.h>
#include "internal/ciphers/ciphercommon.h"
/*
* Available in cipher_fips.c, and compiled with different values depending
* on we're in the FIPS module or not.
*/
extern const int allow_insecure_decrypt;
PROV_CIPHER_FUNC(void, xts_stream,
(const unsigned char *in, unsigned char *out, size_t len,
const AES_KEY *key1, const AES_KEY *key2,


+ 16
- 0
providers/common/ciphers/cipher_fips.c View File

@ -0,0 +1,16 @@
/*
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "cipher_aes_xts.h"
#ifdef FIPS_MODE
const int allow_insecure_decrypt = 0;
#else
const int allow_insecure_decrypt = 1;
#endif /* FIPS_MODE */

+ 6
- 4
providers/common/digests/build.info View File

@ -1,5 +1,7 @@
$COMMON=sha2_prov.c sha3_prov.c digest_common.c
# This source is common for all digests in all our providers.
SOURCE[../../libcommon.a]=digest_common.c
SOURCE[../../../libcrypto]=$COMMON
SOURCE[../../fips]=$COMMON
SOURCE[../../legacy]= digest_common.c
# These are our implementations
$GOAL=../../libimplementations.a
SOURCE[$GOAL]=sha2_prov.c sha3_prov.c

+ 3
- 5
providers/common/exchange/build.info View File

@ -1,7 +1,5 @@
LIBS=../../../libcrypto
$GOAL=../../libimplementations.a
IF[{- !$disabled{dh} -}]
SOURCE[../../../libcrypto]=\
dh_exch.c
SOURCE[$GOAL]=dh_exch.c
ENDIF

+ 4
- 12
providers/common/kdfs/build.info View File

@ -1,13 +1,5 @@
$COMMON=tls1_prf.c hkdf.c kbkdf.c pbkdf2.c sskdf.c
$GOAL=../../libimplementations.a
LIBS=../../../libcrypto
SOURCE[../../../libcrypto]=$COMMON
INCLUDE[../../../libcrypto]=. ../../../crypto
IF[{- !$disabled{fips} -}]
MODULES=../../fips
SOURCE[../../fips]=$COMMON
INCLUDE[../../fips]=. ../../../crypto
ENDIF
SOURCE[$GOAL]=tls1_prf.c hkdf.c kbkdf.c pbkdf2.c sskdf.c
SOURCE[../../libfips.a]=pbkdf2_fips.c
SOURCE[../../libnonfips.a]=pbkdf2_fips.c

+ 2
- 10
providers/common/kdfs/pbkdf2.c View File

@ -21,21 +21,13 @@
#include "internal/providercommonerr.h"
#include "internal/provider_algs.h"
#include "internal/provider_util.h"
#include "pbkdf2.h"
/* Constants specified in SP800-132 */
#define KDF_PBKDF2_MIN_KEY_LEN_BITS 112
#define KDF_PBKDF2_MAX_KEY_LEN_DIGEST_RATIO 0xFFFFFFFF
#define KDF_PBKDF2_MIN_ITERATIONS 1000
#define KDF_PBKDF2_MIN_SALT_LEN (128 / 8)
/*
* For backwards compatibility reasons,
* Extra checks are done by default in fips mode only.
*/
#ifdef FIPS_MODE
# define KDF_PBKDF2_DEFAULT_CHECKS 1
#else
# define KDF_PBKDF2_DEFAULT_CHECKS 0
#endif /* FIPS_MODE */
static OSSL_OP_kdf_newctx_fn kdf_pbkdf2_new;
static OSSL_OP_kdf_freectx_fn kdf_pbkdf2_free;
@ -111,7 +103,7 @@ static void kdf_pbkdf2_init(KDF_PBKDF2 *ctx)
/* This is an error, but there is no way to indicate such directly */
ossl_prov_digest_reset(&ctx->digest);
ctx->iter = PKCS5_DEFAULT_ITER;
ctx->lower_bound_checks = KDF_PBKDF2_DEFAULT_CHECKS;
ctx->lower_bound_checks = kdf_pbkdf2_default_checks;
}
static int pbkdf2_set_membuf(unsigned char **buffer, size_t *buflen,


+ 14
- 0
providers/common/kdfs/pbkdf2.h View File

@ -0,0 +1,14 @@
/*
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* Available in pbkdfe_fips.c, and compiled with different values depending
* on we're in the FIPS module or not.
*/
extern const int kdf_pbkdf2_default_checks;

+ 20
- 0
providers/common/kdfs/pbkdf2_fips.c View File

@ -0,0 +1,20 @@
/*
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "pbkdf2.h"
/*
* For backwards compatibility reasons,
* Extra checks are done by default in fips mode only.
*/
#ifdef FIPS_MODE
const int kdf_pbkdf2_default_checks = 1;
#else
const int kdf_pbkdf2_default_checks = 0;
#endif /* FIPS_MODE */

+ 4
- 5
providers/common/keymgmt/build.info View File

@ -1,9 +1,8 @@
LIBS=../../../libcrypto
$GOAL=../../libimplementations.a
IF[{- !$disabled{dh} -}]
SOURCE[../../../libcrypto]=\
dh_kmgmt.c
SOURCE[$GOAL]=dh_kmgmt.c
ENDIF
IF[{- !$disabled{dsa} -}]
SOURCE[../../../libcrypto]=\
dsa_kmgmt.c
SOURCE[$GOAL]=dsa_kmgmt.c
ENDIF

+ 3
- 9
providers/common/macs/build.info View File

@ -1,15 +1,9 @@
$GOAL=../../libimplementations.a
$COMMON=gmac_prov.c hmac_prov.c kmac_prov.c
IF[{- !$disabled{cmac} -}]
$COMMON=$COMMON cmac_prov.c
ENDIF
LIBS=../../../libcrypto
SOURCE[../../../libcrypto]=$COMMON
INCLUDE[../../../libcrypto]=. ../../../crypto
IF[{- !$disabled{fips} -}]
MODULES=../../fips
SOURCE[../../fips]=$COMMON
INCLUDE[../../fips]=. ../../../crypto
ENDIF
SOURCE[$GOAL]=$COMMON

+ 3
- 3
providers/common/signature/build.info View File

@ -1,7 +1,7 @@
LIBS=../../../libcrypto
$GOAL=../../libimplementations.a
IF[{- !$disabled{dsa} -}]
SOURCE[../../../libcrypto]=\
dsa.c
SOURCE[$GOAL]=dsa.c
ENDIF

+ 3
- 5
providers/default/build.info View File

@ -1,6 +1,4 @@
SUBDIRS=digests macs ciphers
SUBDIRS=digests kdfs macs ciphers
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
defltprov.c
INCLUDE[../../libcrypto]=include
$GOAL=../../libcrypto
SOURCE[$GOAL]=defltprov.c
INCLUDE[$GOAL]=include

+ 13
- 13
providers/default/ciphers/build.info View File

@ -1,7 +1,7 @@
LIBS=../../../libcrypto
$GOAL=../../libimplementations.a
IF[{- !$disabled{des} -}]
SOURCE[../../../libcrypto]=\
SOURCE[$GOAL]=\
cipher_tdes_default.c cipher_tdes_default_hw.c \
cipher_tdes_wrap.c cipher_tdes_wrap_hw.c \
cipher_desx.c cipher_desx_hw.c \
@ -9,59 +9,59 @@ IF[{- !$disabled{des} -}]
ENDIF
IF[{- !$disabled{aria} -}]
SOURCE[../../../libcrypto]=\
SOURCE[$GOAL]=\
cipher_aria.c cipher_aria_hw.c \
cipher_aria_gcm.c cipher_aria_gcm_hw.c \
cipher_aria_ccm.c cipher_aria_ccm_hw.c
ENDIF
IF[{- !$disabled{camellia} -}]
SOURCE[../../../libcrypto]=\
SOURCE[$GOAL]=\
cipher_camellia.c cipher_camellia_hw.c
ENDIF
IF[{- !$disabled{bf} -}]
SOURCE[../../../libcrypto]=\
SOURCE[$GOAL]=\
cipher_blowfish.c cipher_blowfish_hw.c
ENDIF
IF[{- !$disabled{idea} -}]
SOURCE[../../../libcrypto]=\
SOURCE[$GOAL]=\
cipher_idea.c cipher_idea_hw.c
ENDIF
IF[{- !$disabled{cast} -}]
SOURCE[../../../libcrypto]=\
SOURCE[$GOAL]=\
cipher_cast5.c cipher_cast5_hw.c
ENDIF
IF[{- !$disabled{seed} -}]
SOURCE[../../../libcrypto]=\
SOURCE[$GOAL]=\
cipher_seed.c cipher_seed_hw.c
ENDIF
IF[{- !$disabled{sm4} -}]
SOURCE[../../../libcrypto]=\
SOURCE[$GOAL]=\
cipher_sm4.c cipher_sm4_hw.c
ENDIF
IF[{- !$disabled{ocb} -}]
SOURCE[../../../libcrypto]=\
SOURCE[$GOAL]=\
cipher_aes_ocb.c cipher_aes_ocb_hw.c
ENDIF
IF[{- !$disabled{rc4} -}]
SOURCE[../../../libcrypto]=\
SOURCE[$GOAL]=\
cipher_rc4.c cipher_rc4_hw.c
ENDIF
IF[{- !$disabled{rc5} -}]
SOURCE[../../../libcrypto]=\
SOURCE[$GOAL]=\
cipher_rc5.c cipher_rc5_hw.c
ENDIF
IF[{- !$disabled{rc2} -}]
SOURCE[../../../libcrypto]=\
SOURCE[$GOAL]=\
cipher_rc2.c cipher_rc2_hw.c
ENDIF


+ 4
- 3
providers/default/digests/build.info View File

@ -1,15 +1,16 @@
$GOAL=../../libimplementations.a
IF[{- !$disabled{blake2} -}]
SOURCE[../../../libcrypto]=\
SOURCE[$GOAL]=\
blake2_prov.c blake2b_prov.c blake2s_prov.c
ENDIF
IF[{- !$disabled{sm3} -}]
SOURCE[../../../libcrypto]=\
SOURCE[$GOAL]=\
sm3_prov.c
ENDIF
IF[{- !$disabled{md5} -}]
SOURCE[../../../libcrypto]=\
SOURCE[$GOAL]=\
md5_prov.c md5_sha1_prov.c
ENDIF

+ 2
- 3
providers/default/kdfs/build.info View File

@ -1,3 +1,2 @@
LIBS=../../../libcrypto
SOURCE[../../../libcrypto]=scrypt.c sshkdf.c x942kdf.c
INCLUDE[../../../libcrypto]=. ../../../crypto
$GOAL=../../libimplementations.a
SOURCE[$GOAL]=scrypt.c sshkdf.c x942kdf.c

+ 4
- 6
providers/default/macs/build.info View File

@ -1,15 +1,13 @@
LIBS=../../../libcrypto
$GOAL=../../libimplementations.a
IF[{- !$disabled{blake2} -}]
SOURCE[../../../libcrypto]=blake2b_mac.c blake2s_mac.c
SOURCE[$GOAL]=blake2b_mac.c blake2s_mac.c
ENDIF
IF[{- !$disabled{siphash} -}]
SOURCE[../../../libcrypto]=siphash_prov.c
SOURCE[$GOAL]=siphash_prov.c
ENDIF
IF[{- !$disabled{poly1305} -}]
SOURCE[../../../libcrypto]=poly1305_prov.c
SOURCE[$GOAL]=poly1305_prov.c
ENDIF
INCLUDE[../../../libcrypto]=. ../../../crypto

+ 1
- 0
providers/fips/build.info View File

@ -1,2 +1,3 @@
SOURCE[../fips]=fipsprov.c selftest.c
INCLUDE[../fips]=../common/include

+ 7
- 16
providers/legacy/digests/build.info View File

@ -1,30 +1,21 @@
IF[{- $disabled{module} -}]
$GOAL=../../../libcrypto
ELSE
$GOAL=../../legacy
ENDIF
$GOAL=../../liblegacy.a
IF[{- !$disabled{md2} -}]
SOURCE[$GOAL]=\
md2_prov.c
SOURCE[$GOAL]=md2_prov.c
ENDIF
IF[{- !$disabled{md4} -}]
SOURCE[$GOAL]=\
md4_prov.c
SOURCE[$GOAL]=md4_prov.c
ENDIF
IF[{- !$disabled{mdc2} -}]
SOURCE[$GOAL]=\
mdc2_prov.c
SOURCE[$GOAL]=mdc2_prov.c
ENDIF
IF[{- !$disabled{whirlpool} -}]
SOURCE[$GOAL]=\
wp_prov.c
SOURCE[$GOAL]=wp_prov.c
ENDIF
IF[{- !$disabled{rmd160} -}]
SOURCE[$GOAL]=\
ripemd_prov.c
ENDIF
SOURCE[$GOAL]=ripemd_prov.c
ENDIF

Loading…
Cancel
Save