$COMMON=aes_misc.c aes_ecb.c $AESASM
SOURCE[../../libcrypto]=$COMMON aes_cfb.c aes_ofb.c aes_ige.c aes_wrap.c
DEFINE[../../libcrypto]=$AESDEF
-SOURCE[../../providers/fips]=$COMMON
-DEFINE[../../providers/fips]=$AESDEF
+SOURCE[../../providers/libfips.a]=$COMMON
+DEFINE[../../providers/libfips.a]=$AESDEF
GENERATE[aes-ia64.s]=asm/aes-ia64.S
bn_rsa_fips186_4.c $BNASM
SOURCE[../../libcrypto]=$COMMON bn_print.c bn_err.c bn_depr.c bn_srp.c
DEFINE[../../libcrypto]=$BNDEF
-SOURCE[../../providers/fips]=$COMMON
-DEFINE[../../providers/fips]=$BNDEF
+SOURCE[../../providers/libfips.a]=$COMMON
+DEFINE[../../providers/libfips.a]=$BNDEF
INCLUDE[../../libcrypto]=../../crypto/include
LIBS=../../libcrypto
SOURCE[../../libcrypto]=buffer.c buf_err.c
-SOURCE[../../providers/fips]=buffer.c
+SOURCE[../../providers/libfips.a]=buffer.c
core_fetch.c core_algorithm.c core_namemap.c
SOURCE[../libcrypto]=$CORE_COMMON provider_conf.c
-SOURCE[../providers/fips]=$CORE_COMMON
+SOURCE[../providers/libfips.a]=$CORE_COMMON
# Central utilities
$UTIL_COMMON=\
o_fopen.c getenv.c o_init.c o_fips.c init.c trace.c provider.c \
$UPLINKSRC
DEFINE[../libcrypto]=$UTIL_DEFINE $UPLINKDEF
-SOURCE[../providers/fips]=$UTIL_COMMON
-DEFINE[../providers/fips]=$UTIL_DEFINE
+SOURCE[../providers/libfips.a]=$UTIL_COMMON
+DEFINE[../providers/libfips.a]=$UTIL_DEFINE
DEPEND[info.o]=buildinf.h
$COMMON=cmac.c
SOURCE[../../libcrypto]=$COMMON cm_ameth.c
-SOURCE[../../providers/fips]=$COMMON
+SOURCE[../../providers/libfips.a]=$COMMON
ofb64ede.c ofb64enc.c ofb_enc.c \
str2key.c pcbc_enc.c qud_cksm.c rand_key.c \
fcrypt.c xcbc_enc.c cbc_cksm.c
-SOURCE[../../providers/fips]=$COMMON
+SOURCE[../../providers/libfips.a]=$COMMON
GENERATE[des_enc-sparc.S]=asm/des_enc.m4
GENERATE[dest4-sparcv9.S]=asm/dest4-sparcv9.pl
SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c ecx_meth.c ec_err.c \
ecdh_kdf.c eck_prn.c
DEFINE[../../libcrypto]=$ECDEF
-SOURCE[../../providers/fips]=$COMMON
-DEFINE[../../providers/fips]=$ECDEF
+SOURCE[../../providers/libfips.a]=$COMMON
+DEFINE[../../providers/libfips.a]=$ECDEF
GENERATE[ecp_nistz256-x86.s]=asm/ecp_nistz256-x86.pl
e_chacha20_poly1305.c \
pkey_mac.c exchange.c \
legacy_sha.c legacy_md5_sha1.c
-SOURCE[../../providers/fips]=$COMMON
+SOURCE[../../providers/libfips.a]=$COMMON
INCLUDE[e_aes.o]=.. ../modes
INCLUDE[e_aes_cbc_hmac_sha1.o]=../modes
$COMMON=hmac.c
SOURCE[../../libcrypto]=$COMMON hm_ameth.c
-SOURCE[../../providers/fips]=$COMMON
+SOURCE[../../providers/libfips.a]=$COMMON
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
lhash.c lh_stats.c
-SOURCE[../../providers/fips]=\
+SOURCE[../../providers/libfips.a]=\
lhash.c
cts128.c ocb128.c siv128.c
DEFINE[../../libcrypto]=$MODESDEF
-SOURCE[../../providers/fips]=$COMMON
-DEFINE[../../providers/fips]=$MODESDEF
+SOURCE[../../providers/libfips.a]=$COMMON
+DEFINE[../../providers/libfips.a]=$MODESDEF
INCLUDE[gcm128.o]=..
LIBS=../../libcrypto
$COMMON=property_string.c property_parse.c property.c defn_cache.c
SOURCE[../../libcrypto]=$COMMON property_err.c
-SOURCE[../../providers/fips]=$COMMON
+SOURCE[../../providers/libfips.a]=$COMMON
drbg_lib.c drbg_ctr.c rand_vxworks.c drbg_hash.c drbg_hmac.c
SOURCE[../../libcrypto]=$COMMON randfile.c rand_err.c rand_egd.c
-SOURCE[../../providers/fips]=$COMMON
+SOURCE[../../providers/libfips.a]=$COMMON
$COMMON=sha1dgst.c sha256.c sha512.c sha3.c $SHA1ASM $KECCAK1600ASM
SOURCE[../../libcrypto]=$COMMON sha1_one.c
DEFINE[../../libcrypto]=$SHA1DEF $KECCAK1600DEF
-SOURCE[../../providers/fips]= $COMMON
-DEFINE[../../providers/fips]= $SHA1DEF $KECCAK1600DEF
+SOURCE[../../providers/libfips.a]= $COMMON
+DEFINE[../../providers/libfips.a]= $SHA1DEF $KECCAK1600DEF
GENERATE[sha1-586.s]=asm/sha1-586.pl
DEPEND[sha1-586.s]=../perlasm/x86asm.pl
LIBS=../../libcrypto
SOURCE[../../libcrypto]=stack.c
-SOURCE[../../providers/fips]=stack.c
+SOURCE[../../providers/libfips.a]=stack.c
+# We place all implementations in static libraries, and then let the
+# provider mains pilfer what they want through symbol resolution when
+# linking.
+#
+# The non-legacy implementations (libimplementations) must be made FIPS
+# agnostic as much as possible, as well as the common building blocks
+# (libcommon). The legacy implementations (liblegacy) will never be
+# part of the FIPS provider.
+#
+# If there is anything that isn't FIPS agnostic, it should be set aside
+# in its own source file, which is then included directly into other
+# static libraries geared for FIPS and non-FIPS providers, and built
+# separately.
+#
+# libcommon.a Contains common building blocks, potentially
+# needed both by non-legacy and legacy code.
+#
+# libimplementations.a Contains all non-legacy implementations.
+# liblegacy.a Contains all legacy implementaions.
+#
+# libfips.a Contains all things needed to support
+# FIPS implementations, such as code from
+# crypto/ and object files that contain
+# FIPS-specific code. FIPS_MODE is defined
+# for this library. The FIPS module uses
+# this.
+# libnonfips.a Corresponds to libfips.a, but built with
+# FIPS_MODE undefined. The default and legacy
+# providers use this.
+
SUBDIRS=common default
INCLUDE[../libcrypto]=common/include
+# Libraries we're dealing with
+$LIBCOMMON=libcommon.a
+$LIBIMPLEMENTATIONS=libimplementations.a
+$LIBLEGACY=liblegacy.a
+$LIBNONFIPS=libnonfips.a
+$LIBFIPS=libfips.a
+
+# Enough of our implementations include prov/ciphercommon.h (present in
+# providers/common/include), which includes crypto/ciphermode_platform.h
+# (present in include), which in turn may include very internal header
+# files in crypto/, so let's have a common include list for them all.
+$COMMON_INCLUDES=../crypto ../include common/include
+
+INCLUDE[$LIBCOMMON]=$COMMON_INCLUDES
+INCLUDE[$LIBIMPLEMENTATIONS]=.. $COMMON_INCLUDES default/include
+INCLUDE[$LIBLEGACY]=$COMMON_INCLUDES
+INCLUDE[$LIBNONFIPS]=$COMMON_INCLUDES
+INCLUDE[$LIBFIPS]=.. $COMMON_INCLUDES
+DEFINE[$LIBFIPS]=FIPS_MODE
+
+# Weak dependencies to provide library order information.
+# We make it weak so they aren't both used always; what is
+# actually used is determined by non-weak dependencies.
+DEPEND[$LIBIMPLEMENTATIONS]{weak}=$LIBFIPS $LIBNONFIPS
+DEPEND[$LIBCOMMON]{weak}=$LIBFIPS
+
+# Strong dependencies. This ensures that any time libimplementations
+# is used, libcommon gets included as well.
+DEPEND[$LIBIMPLEMENTATIONS]=$LIBCOMMON
+DEPEND[$LIBNONFIPS]=../libcrypto
+# It's tempting to make libcommon depend on ../libcrypto. However,
+# since the FIPS provider module must NOT depend on ../libcrypto, we
+# need to set that dependency up specifically for the final products
+# that use $LIBCOMMON or anything that depends on it.
+
+# Libraries common to all providers, must be built regardless
+LIBS{noinst}=$LIBCOMMON
+# Libraries that are common for all non-FIPS providers, must be built regardless
+LIBS{noinst}=$LIBNONFIPS $LIBIMPLEMENTATIONS
+
+#
+# Default provider stuff
+#
+# Because the default provider is built in, it means that libcrypto must
+# include all the object files that are needed (we do that indirectly,
+# by using the appropriate libraries as source). Note that for shared
+# libraries, SOURCEd libraries are considered as if the where specified
+# with DEPEND.
+$DEFAULTGOAL=../libcrypto
+SOURCE[$DEFAULTGOAL]=$LIBIMPLEMENTATIONS $LIBNONFIPS
+
+LIBS=$DEFAULTGOAL
+
+#
+# FIPS provider stuff
+#
+# We define it this way to ensure that configdata.pm will have all the
+# necessary information even if we don't build the module. This will allow
+# us to make all kinds of checks on the source, based on what we specify in
+# diverse build.info files. libfips.a, fips.so and their sources aren't
+# built unless the proper LIBS or MODULES statement has been seen, so we
+# have those and only those within a condition.
+SUBDIRS=fips
+$FIPSGOAL=fips
+DEPEND[$FIPSGOAL]=$LIBIMPLEMENTATIONS $LIBFIPS
+INCLUDE[$FIPSGOAL]=../include
+IF[{- defined $target{shared_defflag} -}]
+ SOURCE[$FIPSGOAL]=fips.ld
+ GENERATE[fips.ld]=../util/providers.num
+ENDIF
+
IF[{- !$disabled{fips} -}]
- SUBDIRS=fips
- MODULES=fips
- IF[{- defined $target{shared_defflag} -}]
- SOURCE[fips]=fips.ld
- GENERATE[fips.ld]=../util/providers.num
- ENDIF
- INCLUDE[fips]=.. ../include common/include
- DEFINE[fips]=FIPS_MODE
+ # This is the trigger to actually build the FIPS module. Without these
+ # statements, the final build file will not have a trace of it.
+ MODULES=$FIPSGOAL
+ LIBS{noinst}=$LIBFIPS
ENDIF
+#
+# Legacy provider stuff
+#
IF[{- !$disabled{legacy} -}]
+ # The legacy implementation library
SUBDIRS=legacy
+ LIBS{noinst}=$LIBLEGACY
+ DEPEND[$LIBLEGACY]=$LIBCOMMON $LIBNONFIPS
+
+ # The Legacy provider
IF[{- $disabled{module} -}]
- LIBS=../libcrypto
- DEFINE[../libcrypto]=STATIC_LEGACY
+ # Become built in
+ # In this case, we need to do the same thing a for the default provider,
+ # and make the liblegacy object files end up in libcrypto. We could also
+ # just say that for the built-in legacy, we put the source directly in
+ # libcrypto instead of going via liblegacy, but that makes writing the
+ # implementation specific build.info files harder to write, so we don't.
+ $LEGACYGOAL=../libcrypto
+ SOURCE[$LEGACYGOAL]=$LIBLEGACY
+ DEFINE[$LIBLEGACY]=STATIC_LEGACY
+ DEFINE[$LEGACYGOAL]=STATIC_LEGACY
ELSE
- MODULES=legacy
+ # Become a module
+ # In this case, we can work with dependencies
+ $LEGACYGOAL=legacy
+ MODULES=$LEGACYGOAL
+ DEPEND[$LEGACYGOAL]=$LIBLEGACY
IF[{- defined $target{shared_defflag} -}]
SOURCE[legacy]=legacy.ld
GENERATE[legacy.ld]=../util/providers.num
ENDIF
- DEPEND[legacy]=../libcrypto
- INCLUDE[legacy]=.. ../include common/include
ENDIF
+
+ # Common things that are valid no matter what form the Legacy provider
+ # takes.
+ INCLUDE[$LEGACYGOAL]=../include common/include
ENDIF
+
SUBDIRS=digests ciphers macs kdfs exchange keymgmt signature
-$COMMON=provider_util.c
-SOURCE[../../libcrypto]=$COMMON provider_err.c provlib.c
-SOURCE[../fips]=$COMMON
+SOURCE[../libcommon.a]=provider_err.c provlib.c
+$FIPSCOMMON=provider_util.c
+SOURCE[../libnonfips.a]=$FIPSCOMMON
+SOURCE[../libfips.a]=$FIPSCOMMON
-LIBS=../../../libcrypto
+# This source is common building blockss for all ciphers in all our providers.
+SOURCE[../../libcommon.a]=\
+ cipher_common.c cipher_common_hw.c block.c \
+ cipher_gcm.c cipher_gcm_hw.c \
+ cipher_ccm.c cipher_ccm_hw.c
+
+# These are our implementations
+$GOAL=../../libimplementations.a
IF[{- !$disabled{des} -}]
$COMMON_DES=cipher_tdes.c cipher_tdes_hw.c
ENDIF
-$COMMON=cipher_common.c cipher_common_hw.c block.c \
+SOURCE[$GOAL]=\
cipher_aes.c cipher_aes_hw.c \
cipher_aes_xts.c cipher_aes_xts_hw.c \
- cipher_gcm.c cipher_gcm_hw.c \
cipher_aes_gcm.c cipher_aes_gcm_hw.c \
- cipher_ccm.c cipher_ccm_hw.c \
cipher_aes_ccm.c cipher_aes_ccm_hw.c \
cipher_aes_wrp.c \
$COMMON_DES
-
-SOURCE[../../../libcrypto]=$COMMON
-INCLUDE[../../../libcrypto]=. ../../../crypto
+# Because some default ciphers need it
+INCLUDE[$GOAL]=.
-SOURCE[../../fips]=$COMMON
-INCLUDE[../../fips]=. ../../../crypto
+# Finally, we have a few things that aren't FIPS agnostic
+SOURCE[../../libfips.a]=cipher_fips.c
+SOURCE[../../libnonfips.a]=cipher_fips.c
#define AES_XTS_IV_BITS 128
#define AES_XTS_BLOCK_BITS 8
-#ifdef FIPS_MODE
-static const int allow_insecure_decrypt = 0;
-#else
-static const int allow_insecure_decrypt = 1;
-#endif /* FIPS_MODE */
-
/* forward declarations */
static OSSL_OP_cipher_encrypt_init_fn aes_xts_einit;
static OSSL_OP_cipher_decrypt_init_fn aes_xts_dinit;
#include <openssl/aes.h>
#include "internal/ciphers/ciphercommon.h"
+/*
+ * Available in cipher_fips.c, and compiled with different values depending
+ * on we're in the FIPS module or not.
+ */
+extern const int allow_insecure_decrypt;
+
PROV_CIPHER_FUNC(void, xts_stream,
(const unsigned char *in, unsigned char *out, size_t len,
const AES_KEY *key1, const AES_KEY *key2,
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "cipher_aes_xts.h"
+
+#ifdef FIPS_MODE
+const int allow_insecure_decrypt = 0;
+#else
+const int allow_insecure_decrypt = 1;
+#endif /* FIPS_MODE */
-$COMMON=sha2_prov.c sha3_prov.c digest_common.c
+# This source is common for all digests in all our providers.
+SOURCE[../../libcommon.a]=digest_common.c
-SOURCE[../../../libcrypto]=$COMMON
-SOURCE[../../fips]=$COMMON
-SOURCE[../../legacy]= digest_common.c
+# These are our implementations
+$GOAL=../../libimplementations.a
+
+SOURCE[$GOAL]=sha2_prov.c sha3_prov.c
-LIBS=../../../libcrypto
+$GOAL=../../libimplementations.a
+
IF[{- !$disabled{dh} -}]
- SOURCE[../../../libcrypto]=\
- dh_exch.c
+ SOURCE[$GOAL]=dh_exch.c
ENDIF
-
-
-$COMMON=tls1_prf.c hkdf.c kbkdf.c pbkdf2.c sskdf.c
+$GOAL=../../libimplementations.a
-LIBS=../../../libcrypto
-SOURCE[../../../libcrypto]=$COMMON
-INCLUDE[../../../libcrypto]=. ../../../crypto
-
-IF[{- !$disabled{fips} -}]
- MODULES=../../fips
- SOURCE[../../fips]=$COMMON
- INCLUDE[../../fips]=. ../../../crypto
-ENDIF
-
-
+SOURCE[$GOAL]=tls1_prf.c hkdf.c kbkdf.c pbkdf2.c sskdf.c
+SOURCE[../../libfips.a]=pbkdf2_fips.c
+SOURCE[../../libnonfips.a]=pbkdf2_fips.c
#include "internal/providercommonerr.h"
#include "internal/provider_algs.h"
#include "internal/provider_util.h"
+#include "pbkdf2.h"
/* Constants specified in SP800-132 */
#define KDF_PBKDF2_MIN_KEY_LEN_BITS 112
#define KDF_PBKDF2_MAX_KEY_LEN_DIGEST_RATIO 0xFFFFFFFF
#define KDF_PBKDF2_MIN_ITERATIONS 1000
#define KDF_PBKDF2_MIN_SALT_LEN (128 / 8)
-/*
- * For backwards compatibility reasons,
- * Extra checks are done by default in fips mode only.
- */
-#ifdef FIPS_MODE
-# define KDF_PBKDF2_DEFAULT_CHECKS 1
-#else
-# define KDF_PBKDF2_DEFAULT_CHECKS 0
-#endif /* FIPS_MODE */
static OSSL_OP_kdf_newctx_fn kdf_pbkdf2_new;
static OSSL_OP_kdf_freectx_fn kdf_pbkdf2_free;
/* This is an error, but there is no way to indicate such directly */
ossl_prov_digest_reset(&ctx->digest);
ctx->iter = PKCS5_DEFAULT_ITER;
- ctx->lower_bound_checks = KDF_PBKDF2_DEFAULT_CHECKS;
+ ctx->lower_bound_checks = kdf_pbkdf2_default_checks;
}
static int pbkdf2_set_membuf(unsigned char **buffer, size_t *buflen,
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Available in pbkdfe_fips.c, and compiled with different values depending
+ * on we're in the FIPS module or not.
+ */
+extern const int kdf_pbkdf2_default_checks;
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "pbkdf2.h"
+
+/*
+ * For backwards compatibility reasons,
+ * Extra checks are done by default in fips mode only.
+ */
+#ifdef FIPS_MODE
+const int kdf_pbkdf2_default_checks = 1;
+#else
+const int kdf_pbkdf2_default_checks = 0;
+#endif /* FIPS_MODE */
-LIBS=../../../libcrypto
+$GOAL=../../libimplementations.a
+
IF[{- !$disabled{dh} -}]
- SOURCE[../../../libcrypto]=\
- dh_kmgmt.c
+ SOURCE[$GOAL]=dh_kmgmt.c
ENDIF
IF[{- !$disabled{dsa} -}]
- SOURCE[../../../libcrypto]=\
- dsa_kmgmt.c
+ SOURCE[$GOAL]=dsa_kmgmt.c
ENDIF
+$GOAL=../../libimplementations.a
+
$COMMON=gmac_prov.c hmac_prov.c kmac_prov.c
IF[{- !$disabled{cmac} -}]
$COMMON=$COMMON cmac_prov.c
ENDIF
-LIBS=../../../libcrypto
-SOURCE[../../../libcrypto]=$COMMON
-INCLUDE[../../../libcrypto]=. ../../../crypto
-
-IF[{- !$disabled{fips} -}]
- MODULES=../../fips
- SOURCE[../../fips]=$COMMON
- INCLUDE[../../fips]=. ../../../crypto
-ENDIF
+SOURCE[$GOAL]=$COMMON
-LIBS=../../../libcrypto
+$GOAL=../../libimplementations.a
+
IF[{- !$disabled{dsa} -}]
- SOURCE[../../../libcrypto]=\
- dsa.c
+ SOURCE[$GOAL]=dsa.c
ENDIF
-SUBDIRS=digests macs ciphers
SUBDIRS=digests kdfs macs ciphers
-LIBS=../../libcrypto
-SOURCE[../../libcrypto]=\
- defltprov.c
-INCLUDE[../../libcrypto]=include
+$GOAL=../../libcrypto
+SOURCE[$GOAL]=defltprov.c
+INCLUDE[$GOAL]=include
-LIBS=../../../libcrypto
+$GOAL=../../libimplementations.a
IF[{- !$disabled{des} -}]
- SOURCE[../../../libcrypto]=\
+ SOURCE[$GOAL]=\
cipher_tdes_default.c cipher_tdes_default_hw.c \
cipher_tdes_wrap.c cipher_tdes_wrap_hw.c \
cipher_desx.c cipher_desx_hw.c \
ENDIF
IF[{- !$disabled{aria} -}]
- SOURCE[../../../libcrypto]=\
+ SOURCE[$GOAL]=\
cipher_aria.c cipher_aria_hw.c \
cipher_aria_gcm.c cipher_aria_gcm_hw.c \
cipher_aria_ccm.c cipher_aria_ccm_hw.c
ENDIF
IF[{- !$disabled{camellia} -}]
- SOURCE[../../../libcrypto]=\
+ SOURCE[$GOAL]=\
cipher_camellia.c cipher_camellia_hw.c
ENDIF
IF[{- !$disabled{bf} -}]
- SOURCE[../../../libcrypto]=\
+ SOURCE[$GOAL]=\
cipher_blowfish.c cipher_blowfish_hw.c
ENDIF
IF[{- !$disabled{idea} -}]
- SOURCE[../../../libcrypto]=\
+ SOURCE[$GOAL]=\
cipher_idea.c cipher_idea_hw.c
ENDIF
IF[{- !$disabled{cast} -}]
- SOURCE[../../../libcrypto]=\
+ SOURCE[$GOAL]=\
cipher_cast5.c cipher_cast5_hw.c
ENDIF
IF[{- !$disabled{seed} -}]
- SOURCE[../../../libcrypto]=\
+ SOURCE[$GOAL]=\
cipher_seed.c cipher_seed_hw.c
ENDIF
IF[{- !$disabled{sm4} -}]
- SOURCE[../../../libcrypto]=\
+ SOURCE[$GOAL]=\
cipher_sm4.c cipher_sm4_hw.c
ENDIF
IF[{- !$disabled{ocb} -}]
- SOURCE[../../../libcrypto]=\
+ SOURCE[$GOAL]=\
cipher_aes_ocb.c cipher_aes_ocb_hw.c
ENDIF
IF[{- !$disabled{rc4} -}]
- SOURCE[../../../libcrypto]=\
+ SOURCE[$GOAL]=\
cipher_rc4.c cipher_rc4_hw.c
ENDIF
IF[{- !$disabled{rc5} -}]
- SOURCE[../../../libcrypto]=\
+ SOURCE[$GOAL]=\
cipher_rc5.c cipher_rc5_hw.c
ENDIF
IF[{- !$disabled{rc2} -}]
- SOURCE[../../../libcrypto]=\
+ SOURCE[$GOAL]=\
cipher_rc2.c cipher_rc2_hw.c
ENDIF
+$GOAL=../../libimplementations.a
IF[{- !$disabled{blake2} -}]
- SOURCE[../../../libcrypto]=\
+ SOURCE[$GOAL]=\
blake2_prov.c blake2b_prov.c blake2s_prov.c
ENDIF
IF[{- !$disabled{sm3} -}]
- SOURCE[../../../libcrypto]=\
+ SOURCE[$GOAL]=\
sm3_prov.c
ENDIF
IF[{- !$disabled{md5} -}]
- SOURCE[../../../libcrypto]=\
+ SOURCE[$GOAL]=\
md5_prov.c md5_sha1_prov.c
ENDIF
-LIBS=../../../libcrypto
-SOURCE[../../../libcrypto]=scrypt.c sshkdf.c x942kdf.c
-INCLUDE[../../../libcrypto]=. ../../../crypto
+$GOAL=../../libimplementations.a
+SOURCE[$GOAL]=scrypt.c sshkdf.c x942kdf.c
-LIBS=../../../libcrypto
+$GOAL=../../libimplementations.a
IF[{- !$disabled{blake2} -}]
- SOURCE[../../../libcrypto]=blake2b_mac.c blake2s_mac.c
+ SOURCE[$GOAL]=blake2b_mac.c blake2s_mac.c
ENDIF
IF[{- !$disabled{siphash} -}]
- SOURCE[../../../libcrypto]=siphash_prov.c
+ SOURCE[$GOAL]=siphash_prov.c
ENDIF
IF[{- !$disabled{poly1305} -}]
- SOURCE[../../../libcrypto]=poly1305_prov.c
+ SOURCE[$GOAL]=poly1305_prov.c
ENDIF
-
-INCLUDE[../../../libcrypto]=. ../../../crypto
SOURCE[../fips]=fipsprov.c selftest.c
+INCLUDE[../fips]=../common/include
\ No newline at end of file
-IF[{- $disabled{module} -}]
- $GOAL=../../../libcrypto
-ELSE
- $GOAL=../../legacy
-ENDIF
+$GOAL=../../liblegacy.a
IF[{- !$disabled{md2} -}]
- SOURCE[$GOAL]=\
- md2_prov.c
+ SOURCE[$GOAL]=md2_prov.c
ENDIF
IF[{- !$disabled{md4} -}]
- SOURCE[$GOAL]=\
- md4_prov.c
+ SOURCE[$GOAL]=md4_prov.c
ENDIF
IF[{- !$disabled{mdc2} -}]
- SOURCE[$GOAL]=\
- mdc2_prov.c
+ SOURCE[$GOAL]=mdc2_prov.c
ENDIF
IF[{- !$disabled{whirlpool} -}]
- SOURCE[$GOAL]=\
- wp_prov.c
+ SOURCE[$GOAL]=wp_prov.c
ENDIF
IF[{- !$disabled{rmd160} -}]
- SOURCE[$GOAL]=\
- ripemd_prov.c
-ENDIF
\ No newline at end of file
+ SOURCE[$GOAL]=ripemd_prov.c
+ENDIF