openssl/providers/common/build.info

SUBDIRS=der

SOURCE[../libcommon.a]=provider_err.c provider_ctx.c
$FIPSCOMMON=provider_util.c capabilities.c bio_prov.c digest_to_nid.c\
            securitycheck.c provider_seeding.c
SOURCE[../libdefault.a]=$FIPSCOMMON securitycheck_default.c
IF[{- !$disabled{module} && !$disabled{shared} -}]
  SOURCE[../liblegacy.a]=provider_util.c
ENDIF
SOURCE[../libfips.a]=$FIPSCOMMON securitycheck_fips.c
PROV: Add the beginning of a DER writing library This library is meant to be small and quick. It's based on WPACKET, which was extended to support DER writing. The way it's used is a bit unusual, as it's used to write the structures backward into a given buffer. A typical quick call looks like this: /* * Fill in this structure: * * something ::= SEQUENCE { * id OBJECT IDENTIFIER, * x [0] INTEGER OPTIONAL, * y [1] BOOLEAN OPTIONAL, * n INTEGER * } / unsigned char buf[nnnn], p = NULL; size_t encoded_len = 0; WPACKET pkt; int ok; ok = WPACKET_init_der(&pkt, buf, sizeof(buf) && DER_w_start_sequence(&pkt, -1) && DER_w_bn(&pkt, -1, bn) && DER_w_boolean(&pkt, 1, bool) && DER_w_precompiled(&pkt, -1, OID, sizeof(OID)) && DER_w_end_sequence(&pkt, -1) && WPACKET_finish(&pkt) && WPACKET_get_total_written(&pkt, &encoded_len) && (p = WPACKET_get_curr(&pkt)) != NULL; Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11450) 2020-03-31 22:54:43 +08:00			`SUBDIRS=der`

PROV: Move bio_prov.c from libcommon.a to libfips.a / libnonfips.a libcommon.a is FIPS agnostic, while libfips.a and libnonfips.a are FIPS / non-FIPS specific. Since bio_prov.c checks FIPS_MODULE, it belongs to the latter. Along with this, a bit more instruction commentary is added to providers/build.info. Reviewed-by: Paul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/12486) 2020-07-20 15:11:15 +08:00			`SOURCE[../libcommon.a]=provider_err.c provider_ctx.c`
Add 'fips-securitychecks' option and plumb this into the actual fips checks Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12745) 2020-09-04 15:55:28 +08:00			`$FIPSCOMMON=provider_util.c capabilities.c bio_prov.c digest_to_nid.c\`
prov: move the entropy source out of the FIPS provider Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13226) 2020-10-30 13:54:03 +08:00			`securitycheck.c provider_seeding.c`
Drop libimplementations.a libimplementations.a was a nice idea, but had a few flaws: 1. The idea to have common code in libimplementations.a and FIPS sensitive helper functions in libfips.a / libnonfips.a didn't catch on, and we saw full implementation ending up in them instead and not appearing in libimplementations.a at all. 2. Because more or less ALL algorithm implementations were included in libimplementations.a (the idea being that the appropriate objects from it would be selected automatically by the linker when building the shared libraries), it's very hard to find only the implementation source that should go into the FIPS module, with the result that the FIPS checksum mechanism include source files that it shouldn't To mitigate, we drop libimplementations.a, but retain the idea of collecting implementations in static libraries. With that, we not have: libfips.a Includes all implementations that should become part of the FIPS provider. liblegacy.a Includes all implementations that should become part of the legacy provider. libdefault.a Includes all implementations that should become part of the default and base providers. With this, libnonfips.a becomes irrelevant and is dropped. libcommon.a is retained to include common provider code that can be used uniformly by all providers. Fixes #15157 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15171) 2021-05-06 14:48:15 +08:00			`SOURCE[../libdefault.a]=$FIPSCOMMON securitycheck_default.c`
Add PBKDF1 to the legacy provider Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14326) 2021-02-26 13:21:47 +08:00			`IF[{- !$disabled{module} && !$disabled{shared} -}]`
			`SOURCE[../liblegacy.a]=provider_util.c`
			`ENDIF`
Add 'fips-securitychecks' option and plumb this into the actual fips checks Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12745) 2020-09-04 15:55:28 +08:00			`SOURCE[../libfips.a]=$FIPSCOMMON securitycheck_fips.c`