[openssl] master update

Richard Levitte levitte at openssl.org
Fri May 7 08:19:32 UTC 2021


The branch master has been updated
       via  6d1bb1fffdeb053c6448ebf025979f9ad4689aaf (commit)
       via  848af5e8feab2dd27becec8a4121947ab4a97df3 (commit)
       via  5a86dac8620b31b3259a8a2f609f3c9d06a1a21b (commit)
      from  28a8d07d7fb8046b9efcca33a4a7a26a1591c6c7 (commit)


- Log -----------------------------------------------------------------
commit 6d1bb1fffdeb053c6448ebf025979f9ad4689aaf
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu May 6 09:03:23 2021 +0200

    make update
    
    The impact on the FIPS checksum files is pretty significant
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15171)

commit 848af5e8feab2dd27becec8a4121947ab4a97df3
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu May 6 08:48:15 2021 +0200

    Drop libimplementations.a
    
    libimplementations.a was a nice idea, but had a few flaws:
    
    1.  The idea to have common code in libimplementations.a and FIPS
        sensitive helper functions in libfips.a / libnonfips.a didn't
        catch on, and we saw full implementation ending up in them instead
        and not appearing in libimplementations.a at all.
    
    2.  Because more or less ALL algorithm implementations were included
        in libimplementations.a (the idea being that the appropriate
        objects from it would be selected automatically by the linker when
        building the shared libraries), it's very hard to find only the
        implementation source that should go into the FIPS module, with
        the result that the FIPS checksum mechanism include source files
        that it shouldn't
    
    To mitigate, we drop libimplementations.a, but retain the idea of
    collecting implementations in static libraries.  With that, we not
    have:
    
    libfips.a
    
        Includes all implementations that should become part of the FIPS
        provider.
    
    liblegacy.a
    
        Includes all implementations that should become part of the legacy
        provider.
    
    libdefault.a
    
        Includes all implementations that should become part of the
        default and base providers.
    
    With this, libnonfips.a becomes irrelevant and is dropped.
    libcommon.a is retained to include common provider code that can be
    used uniformly by all providers.
    
    Fixes #15157
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15171)

commit 5a86dac8620b31b3259a8a2f609f3c9d06a1a21b
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu May 6 08:40:18 2021 +0200

    Rename files in providers/implementations/signatures
    
    It was discovered that eddsa.c exist in two places, here and in
    crypto/ec/curve448/, which would result in a file name clash if they
    ever end up in the same library.
    
    To mitigate, we rename the copy in providers/implementations/signatures
    to have '_sig' in the file name, and do the same with all other source
    files in this directory, for consistency.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15171)

-----------------------------------------------------------------------

Summary of changes:
 crypto/aes/build.info                              |   1 -
 crypto/bn/build.info                               |   1 -
 crypto/build.info                                  |   1 -
 crypto/ec/build.info                               |   1 -
 crypto/md5/build.info                              |   5 +-
 crypto/modes/build.info                            |   1 -
 crypto/poly1305/build.info                         |   1 -
 crypto/ripemd/build.info                           |   1 -
 crypto/sha/build.info                              |   1 -
 crypto/whrlpool/build.info                         |   4 -
 providers/build.info                               | 164 +++++++++------------
 providers/common/build.info                        |   2 +-
 providers/common/der/build.info                    |   4 +-
 providers/fips-sources.checksums                   |  64 +-------
 providers/fips.checksum                            |   2 +-
 providers/fips.module.sources                      |  64 +-------
 providers/implementations/asymciphers/build.info   |   4 +-
 providers/implementations/ciphers/build.info       |  23 ++-
 providers/implementations/digests/build.info       |  12 +-
 providers/implementations/encode_decode/build.info |  16 +-
 providers/implementations/exchange/build.info      |   9 +-
 providers/implementations/kdfs/build.info          |  23 ++-
 providers/implementations/kem/build.info           |   2 +-
 providers/implementations/keymgmt/build.info       |  24 +--
 providers/implementations/macs/build.info          |  16 +-
 providers/implementations/rands/build.info         |   6 +-
 providers/implementations/rands/seeding/build.info |   2 +-
 providers/implementations/signature/build.info     |  20 +--
 .../implementations/signature/{dsa.c => dsa_sig.c} |   0
 .../signature/{ecdsa.c => ecdsa_sig.c}             |   0
 .../signature/{eddsa.c => eddsa_sig.c}             |   0
 .../signature/{mac_legacy.c => mac_legacy_sig.c}   |   0
 .../implementations/signature/{rsa.c => rsa_sig.c} |   0
 .../signature/{sm2sig.c => sm2_sig.c}              |   0
 providers/implementations/storemgmt/build.info     |   2 +-
 ssl/build.info                                     |   2 +-
 36 files changed, 160 insertions(+), 318 deletions(-)
 rename providers/implementations/signature/{dsa.c => dsa_sig.c} (100%)
 rename providers/implementations/signature/{ecdsa.c => ecdsa_sig.c} (100%)
 rename providers/implementations/signature/{eddsa.c => eddsa_sig.c} (100%)
 rename providers/implementations/signature/{mac_legacy.c => mac_legacy_sig.c} (100%)
 rename providers/implementations/signature/{rsa.c => rsa_sig.c} (100%)
 rename providers/implementations/signature/{sm2sig.c => sm2_sig.c} (100%)

diff --git a/crypto/aes/build.info b/crypto/aes/build.info
index 2b2053031f..cc523c8f4f 100644
--- a/crypto/aes/build.info
+++ b/crypto/aes/build.info
@@ -70,7 +70,6 @@ SOURCE[../../providers/libfips.a]=$COMMON
 # need to be applied to all affected libraries and modules.
 DEFINE[../../libcrypto]=$AESDEF
 DEFINE[../../providers/libfips.a]=$AESDEF
-DEFINE[../../providers/libimplementations.a]=$AESDEF
 
 GENERATE[aes-ia64.s]=asm/aes-ia64.S
 
diff --git a/crypto/bn/build.info b/crypto/bn/build.info
index 89ff0044f2..5e948b8433 100644
--- a/crypto/bn/build.info
+++ b/crypto/bn/build.info
@@ -120,7 +120,6 @@ SOURCE[../../providers/liblegacy.a]=$BNASM
 DEFINE[../../providers/liblegacy.a]=$BNDEF
 # Implementations are now spread across several libraries, so the defines
 # need to be applied to all affected libraries and modules.
-DEFINE[../../providers/libimplementations.a]=$BNDEF
 DEFINE[../../providers/libcommon.a]=$BNDEF
 
 INCLUDE[bn_exp.o]=..
diff --git a/crypto/build.info b/crypto/build.info
index 3e1c295aea..ffcc2b0183 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -80,7 +80,6 @@ ENDIF
 
 # Implementations are now spread across several libraries, so the CPUID define
 # need to be applied to all affected libraries and modules.
-DEFINE[../providers/libimplementations.a]=$CPUIDDEF
 DEFINE[../providers/libcommon.a]=$CPUIDDEF
 
 # The Core
diff --git a/crypto/ec/build.info b/crypto/ec/build.info
index ed256981c7..4b6556acc0 100644
--- a/crypto/ec/build.info
+++ b/crypto/ec/build.info
@@ -65,7 +65,6 @@ SOURCE[../../providers/libfips.a]=$COMMON
 # need to be applied to all affected libraries and modules.
 DEFINE[../../libcrypto]=$ECDEF
 DEFINE[../../providers/libfips.a]=$ECDEF
-DEFINE[../../providers/libimplementations.a]=$ECDEF
 
 GENERATE[ecp_nistz256-x86.s]=asm/ecp_nistz256-x86.pl
 
diff --git a/crypto/md5/build.info b/crypto/md5/build.info
index bbb70fde3c..c35177bd50 100644
--- a/crypto/md5/build.info
+++ b/crypto/md5/build.info
@@ -15,8 +15,7 @@ IF[{- !$disabled{asm} -}]
 ENDIF
 
 $COMMON=md5_dgst.c md5_one.c md5_sha1.c $MD5ASM
-SOURCE[../../libcrypto]=$COMMON
-SOURCE[../../providers/libimplementations.a]=$COMMON
+SOURCE[../../libcrypto ../../providers/libfips.a]=$COMMON
 
 # A no-deprecated no-shared build ends up with double function definitions
 # without conditioning this on dso. The issue is MD5 which is needed in the
@@ -31,7 +30,7 @@ ENDIF
 # Implementations are now spread across several libraries, so the defines
 # need to be applied to all affected libraries and modules.
 DEFINE[../../libcrypto]=$MD5DEF
-DEFINE[../../providers/libimplementations.a]=$MD5DEF
+DEFINE[../../providers/libfips.a]=$MD5DEF
 DEFINE[../../providers/liblegacy.a]=$MD5DEF
 
 GENERATE[md5-586.s]=asm/md5-586.pl
diff --git a/crypto/modes/build.info b/crypto/modes/build.info
index fb54b46ea5..687e872a1e 100644
--- a/crypto/modes/build.info
+++ b/crypto/modes/build.info
@@ -58,7 +58,6 @@ SOURCE[../../providers/libfips.a]=$COMMON
 # need to be applied to all affected libraries and modules.
 DEFINE[../../libcrypto]=$MODESDEF
 DEFINE[../../providers/libfips.a]=$MODESDEF
-DEFINE[../../providers/libimplementations.a]=$MODESDEF
 
 
 INCLUDE[gcm128.o]=..
diff --git a/crypto/poly1305/build.info b/crypto/poly1305/build.info
index 9e4085f9fa..7e055ef338 100644
--- a/crypto/poly1305/build.info
+++ b/crypto/poly1305/build.info
@@ -34,7 +34,6 @@ SOURCE[../../libcrypto]=poly1305.c $POLY1305ASM
 # Implementations are now spread across several libraries, so the defines
 # need to be applied to all affected libraries and modules.
 DEFINE[../../libcrypto]=$POLY1305DEF
-DEFINE[../../providers/libimplementations.a]=$POLY1305DEF
 
 GENERATE[poly1305-sparcv9.S]=asm/poly1305-sparcv9.pl
 INCLUDE[poly1305-sparcv9.o]=..
diff --git a/crypto/ripemd/build.info b/crypto/ripemd/build.info
index 762067e635..f1845733a8 100644
--- a/crypto/ripemd/build.info
+++ b/crypto/ripemd/build.info
@@ -14,7 +14,6 @@ ENDIF
 
 # Implementations are now spread across several libraries, so the defines
 # need to be applied to all affected libraries and modules
-DEFINE[../../providers/libimplementations.a]=$RMD160DEF
 
 SOURCE[../../libcrypto]=rmd_dgst.c rmd_one.c $RMD160ASM
 DEFINE[../../libcrypto]=$RMD160DEF
diff --git a/crypto/sha/build.info b/crypto/sha/build.info
index dd10c5cd66..4f0ad6571e 100644
--- a/crypto/sha/build.info
+++ b/crypto/sha/build.info
@@ -81,7 +81,6 @@ SOURCE[../../providers/libfips.a]= $COMMON
 # need to be applied to all affected libraries and modules.
 DEFINE[../../libcrypto]=$SHA1DEF $KECCAK1600DEF
 DEFINE[../../providers/libfips.a]=$SHA1DEF $KECCAK1600DEF
-DEFINE[../../providers/libimplementations.a]=$SHA1DEF $KECCAK1600DEF
 
 GENERATE[sha1-586.s]=asm/sha1-586.pl
 DEPEND[sha1-586.s]=../perlasm/x86asm.pl
diff --git a/crypto/whrlpool/build.info b/crypto/whrlpool/build.info
index 471b8acf2c..88f0c7bd3a 100644
--- a/crypto/whrlpool/build.info
+++ b/crypto/whrlpool/build.info
@@ -17,10 +17,6 @@ IF[{- !$disabled{asm} -}]
   ENDIF
 ENDIF
 
-# Implementations are now spread across several libraries, so the defines
-# need to be applied to all affected libraries and modules.
-DEFINE[../../providers/libimplementations.a]=$WPDEF
-
 SOURCE[../../libcrypto]=wp_dgst.c $WPASM
 DEFINE[../../libcrypto]=$WPDEF
 
diff --git a/providers/build.info b/providers/build.info
index b772e5ec25..065b570253 100644
--- a/providers/build.info
+++ b/providers/build.info
@@ -1,52 +1,35 @@
-# We place all implementations in static libraries, and then let the
-# provider mains pilfer what they want through symbol resolution when
-# linking.
-#
-# The non-legacy implementations (libimplementations) must be made FIPS
-# agnostic as much as possible, as well as the common building blocks
-# (libcommon).  The legacy implementations (liblegacy) will never be
-# part of the FIPS provider.
-#
-# If there is anything that isn't FIPS agnostic, it should be set aside
-# in its own source file, which is then included directly into other
-# static libraries geared for FIPS and non-FIPS providers, and built
-# separately.
-#
-# libcommon.a           Contains common building blocks, potentially
-#                       needed both by non-legacy and legacy code.
-#
-# libimplementations.a  Contains all non-legacy implementations.
-# liblegacy.a           Contains all legacy implementations.
-#
-# libfips.a             Contains all things needed to support
-#                       FIPS implementations, such as code from
-#                       crypto/ and object files that contain
-#                       FIPS-specific code.  FIPS_MODULE is defined
-#                       for this library.  The FIPS module uses
-#                       this.
-# libnonfips.a          Corresponds to libfips.a, but built with
-#                       FIPS_MODULE undefined.  The default and legacy
-#                       providers use this.
-#
-# This is how different provider modules should be linked:
-#
-# FIPS:
-#     -o fips.so {object files...} libimplementations.a libcommon.a libfips.a
-# Non-FIPS:
-#     -o module.so {object files...} libimplementations.a libcommon.a libnonfips.a
-#
-# It is crucial that code that checks for the FIPS_MODULE macro end up in
-# libfips.a and libnonfips.a, never in libcommon.a.
-# It is crucial that such code is written so libfips.a and libnonfips.a doesn't
-# end up depending on libimplementations.a or libcommon.a.
-# It is crucial that such code is written so libcommon.a doesn't end up
-# depending on libimplementations.a.
-#
-# Code in providers/implementations/ should be written in such a way that the
-# OSSL_DISPATCH arrays (and preferably the majority of the actual code) ends
-# up in either libimplementations.a or liblegacy.a.
-# If need be, write an abstraction layer in separate source files and make them
-# libfips.a / libnonfips.a sources.
+# libcommon.a           Contains common building blocks and other routines,
+#                       potentially needed by any of our providers.
+#
+# libfips.a             Contains all algorithm implementations that should
+#                       go in the FIPS provider.  The compilations for this
+#                       library are all done with FIPS_MODULE defined.
+#
+# liblegacy.a           Contains all algorithm implementations that should
+#                       go into the legacy provider.  The compilations for
+#                       this library are all done with STATIC_LEGACY defined.
+#
+# libdefault.a          Contains all algorithm implementations that should
+#                       into the default or base provider.
+#
+# To be noted is that the FIPS provider shares source code with libcrypto,
+# which means that select source files from crypto/ are compiled for
+# libfips.a the sources from providers/implementations.
+#
+# This is how a provider module should be linked:
+#
+#     -o {modulename}.so {object files...} lib{modulename}.a libcommon.a
+#
+# It is crucial that code that checks the FIPS_MODULE macro ends up in
+# libfips.a.
+# It is crucial that code that checks the STATIC_LEGACY macro ends up in
+# liblegacy.a.
+# It is recommended that code that is written for libcommon.a doesn't end
+# up depending on libfips.a, liblegacy.a or libdefault.a
+#
+# Code in providers/implementations/ should be written in such a way that
+# the OSSL_DISPATCH arrays (and preferably the majority of the actual code)
+# end up in either libfips.a, liblegacy.a or libdefault.a.
 
 SUBDIRS=common implementations
 
@@ -54,10 +37,10 @@ INCLUDE[../libcrypto]=common/include
 
 # Libraries we're dealing with
 $LIBCOMMON=libcommon.a
-$LIBIMPLEMENTATIONS=libimplementations.a
-$LIBLEGACY=liblegacy.a
-$LIBNONFIPS=libnonfips.a
 $LIBFIPS=libfips.a
+$LIBLEGACY=liblegacy.a
+$LIBDEFAULT=libdefault.a
+LIBS{noinst}=$LIBDEFAULT $LIBCOMMON
 
 # Enough of our implementations include prov/ciphercommon.h (present in
 # providers/implementations/include), which includes crypto/*_platform.h
@@ -66,31 +49,22 @@ $LIBFIPS=libfips.a
 $COMMON_INCLUDES=../crypto ../include implementations/include common/include
 
 INCLUDE[$LIBCOMMON]=$COMMON_INCLUDES
-INCLUDE[$LIBIMPLEMENTATIONS]=.. $COMMON_INCLUDES
-INCLUDE[$LIBLEGACY]=.. $COMMON_INCLUDES
-INCLUDE[$LIBNONFIPS]=.. $COMMON_INCLUDES
 INCLUDE[$LIBFIPS]=.. $COMMON_INCLUDES
+INCLUDE[$LIBLEGACY]=.. $COMMON_INCLUDES
+INCLUDE[$LIBDEFAULT]=.. $COMMON_INCLUDES
 DEFINE[$LIBFIPS]=FIPS_MODULE
 
-# Weak dependencies to provide library order information.
-# We make it weak so they aren't both used always; what is
-# actually used is determined by non-weak dependencies.
-DEPEND[$LIBIMPLEMENTATIONS]{weak}=$LIBFIPS $LIBNONFIPS
-DEPEND[$LIBCOMMON]{weak}=$LIBFIPS
+# Weak dependencies to provide library order information.  What is actually
+# used is determined by non-weak dependencies.
+DEPEND[$LIBCOMMON]{weak}=../libcrypto
 
-# Strong dependencies.  This ensures that any time libimplementations
+# Strong dependencies.  This ensures that any time an implementation library
 # is used, libcommon gets included as well.
-DEPEND[$LIBIMPLEMENTATIONS]=$LIBCOMMON
-DEPEND[$LIBNONFIPS]=../libcrypto
-# It's tempting to make libcommon depend on ../libcrypto.  However,
-# since the FIPS provider module must NOT depend on ../libcrypto, we
-# need to set that dependency up specifically for the final products
-# that use $LIBCOMMON or anything that depends on it.
-
-# Libraries common to all providers, must be built regardless
-LIBS{noinst}=$LIBCOMMON
-# Libraries that are common for all non-FIPS providers, must be built regardless
-LIBS{noinst}=$LIBNONFIPS $LIBIMPLEMENTATIONS
+# The $LIBFIPS dependency on $LIBCOMMON is extra strong, to mitigate for
+# linking problems because they are interdependent
+SOURCE[$LIBFIPS]=$LIBCOMMON
+DEPEND[$LIBLEGACY]=$LIBCOMMON
+DEPEND[$LIBDEFAULT]=$LIBCOMMON
 
 #
 # Default provider stuff
@@ -98,24 +72,20 @@ LIBS{noinst}=$LIBNONFIPS $LIBIMPLEMENTATIONS
 # Because the default provider is built in, it means that libcrypto must
 # include all the object files that are needed (we do that indirectly,
 # by using the appropriate libraries as source).  Note that for shared
-# libraries, SOURCEd libraries are considered as if the where specified
+# libraries, SOURCEd libraries are considered as if they were specified
 # with DEPEND.
 $DEFAULTGOAL=../libcrypto
-SOURCE[$DEFAULTGOAL]=$LIBIMPLEMENTATIONS $LIBNONFIPS
-SOURCE[$DEFAULTGOAL]=defltprov.c
-# Some legacy implementations depend on provider header files
+SOURCE[$DEFAULTGOAL]=$LIBDEFAULT defltprov.c
 INCLUDE[$DEFAULTGOAL]=implementations/include
 
-LIBS=$DEFAULTGOAL
-
 #
 # Base provider stuff
 #
-# Because the base provider is built in, it means that libcrypto
-# must include all of the object files that are needed.
+# Because the base provider is built in, it means that libcrypto must
+# include all of the object files that are needed, just like the default
+# provider.
 $BASEGOAL=../libcrypto
-SOURCE[$BASEGOAL]=$LIBIMPLEMENTATIONS $LIBNONFIPS
-SOURCE[$BASEGOAL]=baseprov.c
+SOURCE[$BASEGOAL]=$LIBDEFAULT baseprov.c
 INCLUDE[$BASEGOAL]=implementations/include
 
 #
@@ -127,22 +97,23 @@ INCLUDE[$BASEGOAL]=implementations/include
 # diverse build.info files.  libfips.a, fips.so and their sources aren't
 # built unless the proper LIBS or MODULES statement has been seen, so we
 # have those and only those within a condition.
-SUBDIRS=fips
-$FIPSGOAL=fips
-DEPEND[$FIPSGOAL]=$LIBIMPLEMENTATIONS $LIBFIPS
-INCLUDE[$FIPSGOAL]=../include
-DEFINE[$FIPSGOAL]=FIPS_MODULE
-IF[{- defined $target{shared_defflag} -}]
-  SOURCE[$FIPSGOAL]=fips.ld
-  GENERATE[fips.ld]=../util/providers.num
-ENDIF
-
 IF[{- !$disabled{fips} -}]
+  SUBDIRS=fips
+  $FIPSGOAL=fips
+
   # This is the trigger to actually build the FIPS module.  Without these
   # statements, the final build file will not have a trace of it.
   MODULES{fips}=$FIPSGOAL
   LIBS{noinst}=$LIBFIPS
 
+  DEPEND[$FIPSGOAL]=$LIBFIPS
+  INCLUDE[$FIPSGOAL]=../include
+  DEFINE[$FIPSGOAL]=FIPS_MODULE
+  IF[{- defined $target{shared_defflag} -}]
+    SOURCE[$FIPSGOAL]=fips.ld
+    GENERATE[fips.ld]=../util/providers.num
+  ENDIF
+
   # For tests that try to use the FIPS module, we need to make a local fips
   # module installation.  We have the output go to standard output, because
   # the generated commands in build templates are expected to catch that,
@@ -160,11 +131,8 @@ ENDIF
 # Legacy provider stuff
 #
 IF[{- !$disabled{legacy} -}]
-  # The legacy implementation library
   LIBS{noinst}=$LIBLEGACY
-  DEPEND[$LIBLEGACY]=$LIBCOMMON $LIBNONFIPS
 
-  # The Legacy provider
   IF[{- $disabled{module} -}]
     # Become built in
     # In this case, we need to do the same thing a for the default provider,
@@ -174,18 +142,18 @@ IF[{- !$disabled{legacy} -}]
     # implementation specific build.info files harder to write, so we don't.
     $LEGACYGOAL=../libcrypto
     SOURCE[$LEGACYGOAL]=$LIBLEGACY
-    DEFINE[$LIBLEGACY]=STATIC_LEGACY
     DEFINE[$LEGACYGOAL]=STATIC_LEGACY
   ELSE
     # Become a module
     # In this case, we can work with dependencies
     $LEGACYGOAL=legacy
     MODULES=$LEGACYGOAL
-    DEPEND[$LEGACYGOAL]=$LIBLEGACY
+    DEPEND[$LEGACYGOAL]=$LIBLEGACY ../libcrypto
     IF[{- defined $target{shared_defflag} -}]
       SOURCE[legacy]=legacy.ld
       GENERATE[legacy.ld]=../util/providers.num
     ENDIF
+    SOURCE[$LIBLEGACY]=prov_running.c
   ENDIF
 
   # Common things that are valid no matter what form the Legacy provider
@@ -202,4 +170,4 @@ ENDIF
 $NULLGOAL=../libcrypto
 SOURCE[$NULLGOAL]=nullprov.c prov_running.c
 
-SOURCE[$LIBNONFIPS]=prov_running.c
+SOURCE[$LIBDEFAULT]=prov_running.c
diff --git a/providers/common/build.info b/providers/common/build.info
index 8de65f3fa8..e23ff58855 100644
--- a/providers/common/build.info
+++ b/providers/common/build.info
@@ -3,5 +3,5 @@ SUBDIRS=der
 SOURCE[../libcommon.a]=provider_err.c provider_ctx.c
 $FIPSCOMMON=provider_util.c capabilities.c bio_prov.c digest_to_nid.c\
             securitycheck.c provider_seeding.c
-SOURCE[../libnonfips.a]=$FIPSCOMMON securitycheck_default.c
+SOURCE[../libdefault.a]=$FIPSCOMMON securitycheck_default.c
 SOURCE[../libfips.a]=$FIPSCOMMON securitycheck_fips.c
diff --git a/providers/common/der/build.info b/providers/common/der/build.info
index 8ef1180d6c..b9fe4552d7 100644
--- a/providers/common/der/build.info
+++ b/providers/common/der/build.info
@@ -98,7 +98,7 @@ ENDIF
 #----- Conclusion
 
 # TODO(3.0) $COMMON should go to libcommon.a, but this currently leads
-# to linking conflicts, so we add it to libfips.a and libnonfips.a for
+# to linking conflicts, so we add it to libfips.a and libdefault.a for
 # the moment being
 $COMMON= $DER_RSA_COMMON $DER_DIGESTS_GEN $DER_WRAP_GEN
 
@@ -116,4 +116,4 @@ IF[{- !$disabled{sm2} -}]
 ENDIF
 
 SOURCE[../../libfips.a]=$COMMON $DER_RSA_FIPSABLE
-SOURCE[../../libnonfips.a]=$COMMON $DER_RSA_FIPSABLE
+SOURCE[../../libdefault.a]=$COMMON $DER_RSA_FIPSABLE
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index c3d4dd9292..239667e003 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -332,13 +332,11 @@ d447cd774869da68a2cc0bbb19c547ee6ed4858c7aee1f3d5bba7796f97823a9  providers/comm
 9eae3e2cac89c7b63d091fdca1b6d80c5c5d52aa79c8ba4ce0158c5437ad62f3  providers/common/provider_seeding.c
 eec462d685dd3b4764b076a3c18ecd9dd254350a0b78ddc2f8a60587829e1ce3  providers/common/provider_util.c
 494723d55bc6ecdb70f59499a2c42260cabc5fa30681ac3b48267dfa242158b3  providers/common/securitycheck.c
-eaa448a029b592c0bb947ba98b8888b059c487078be10b28d3c7cbe73cf5a8c7  providers/common/securitycheck_default.c
 50a0e01e877ae818cf874f4515a130db0e869d4e9e8ce882bff1255695aba789  providers/common/securitycheck_fips.c
 fd92f958755683dda449a45f82ecdff342574a9536f6e8727decf5be9a5b747a  providers/fips/fipsprov.c
 c69e60c29711d55cd5672dab9ff051f3c093d54e63a0ec575baa899e6bbf9c2b  providers/fips/self_test.c
 fb56f801613642f6b497803890b528a643024e3cdb5bd5dd619a2981afb2f3b0  providers/fips/self_test_kats.c
 08b287621158afb67e61e52fc34efbb9f9fe22ee6709c7ed6c937d5feb2b7fd8  providers/implementations/asymciphers/rsa_enc.c
-60f1d5a19025784698cd67ac54fd9625f4be2149e85cb31d58aea516df22ee12  providers/implementations/asymciphers/sm2_enc.c
 4db1826ecce8b60cb641bcd7a61430ec8cef73d2fe3cbc06aa33526afe1c954a  providers/implementations/ciphers/cipher_aes.c
 5b7d6a1d0df42c082c3731a3d2a0fe2d0034874e0fbb2f4916efb72da4fe6b66  providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
 10f5bee481daad40609b04743de5ea364f4a2d25bba6d901213294dd966ae786  providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
@@ -351,34 +349,13 @@ e540092e34896a0f75622365a8d97473dfc7c3036ef6ef6f8ce343922ac03f56  providers/impl
 33144c78ad050b2f9976946c67cbc593442d9a215c5f3d678ac56b504169fe18  providers/implementations/ciphers/cipher_aes_hw.c
 0264d1ea3ece6f730b342586fb1fe00e3f0ff01e47d53f552864df986bf35573  providers/implementations/ciphers/cipher_aes_ocb.c
 855869ab5a8d7a61a11674cfe5d503dfa67f59e7e393730835d1d8cf0ab85c70  providers/implementations/ciphers/cipher_aes_ocb_hw.c
-d088dd386950df04b5ad5a68d529fa36b2fa6b808d7cc7da6de96cdd91ecb92f  providers/implementations/ciphers/cipher_aes_siv.c
-47edbfb9bca49df0d1e36b1bf06367ff31762545e7087bea159ad60e0f684a48  providers/implementations/ciphers/cipher_aes_siv_hw.c
 d07e18786256f3a069fe83e6fdc79e53fdc1f99b3e6bbe5d2f3fc559bc737eb2  providers/implementations/ciphers/cipher_aes_wrp.c
 527ff9277b92606517ee7af13225a9d5fcffbbc36eb18bce39f59d594cbe4931  providers/implementations/ciphers/cipher_aes_xts.c
 281157d1da4d7285d878978e6d42d0d33b3a6bc16e3bc5b6879e39093a7d70da  providers/implementations/ciphers/cipher_aes_xts_fips.c
 f12bf83d8fffa833fed6d82d74709c7a0563ea0fe291988149d7c85bda8366e7  providers/implementations/ciphers/cipher_aes_xts_hw.c
-e292ec9b6e760b6bec12753a65f9a19bcc05afb6e56399c3561e63281bda4191  providers/implementations/ciphers/cipher_aria.c
-73a9c37bf73b32c98085deaec8a197cab8a6fcdc602593dbbb6b585dd2391bc3  providers/implementations/ciphers/cipher_aria_ccm.c
-1b9832f78203f3badf98f574cfee56c7b782709d68265237fe4c9479e6063172  providers/implementations/ciphers/cipher_aria_ccm_hw.c
-976c1ca4767e4442bb22ce055d756336e0693866e406ae62dd0dc1929ac43c14  providers/implementations/ciphers/cipher_aria_gcm.c
-d4ec3b09d49b7b5ac2941230a2c49b4ede55deeb284366ac26642a3ecbe64e5e  providers/implementations/ciphers/cipher_aria_gcm_hw.c
-cb6985bbec1a885e5fc51dd4df27bb2ef5c201abc88609fe26899fd5ed14e1fd  providers/implementations/ciphers/cipher_aria_hw.c
-8b4ddee713455a1cc8417d2dbe6c28f5a2c9c4d5497af44bc562814eb7fe7911  providers/implementations/ciphers/cipher_camellia.c
-755b686613b311e7d40403926284e0c91704f99b9fea91f5bae6c4c03fc20389  providers/implementations/ciphers/cipher_camellia_hw.c
-090f4035e6fa6566a3cd39301789d2cffa3853b1408326a7dd12f33c3fa12603  providers/implementations/ciphers/cipher_chacha20.c
-cb7839e081f1d86664f152f982062e81a0c365382a123edb08fb7b443398dfe6  providers/implementations/ciphers/cipher_chacha20_hw.c
-fd879ed73c85cb7900a6732eb06ee080c6a0d956cc514b2413dfcb850d831855  providers/implementations/ciphers/cipher_chacha20_poly1305.c
-23bd426356db5afa4df530ed1992777f1d8213c6740b0bdc39590dcd5c4de376  providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c
-d3098f6ded4c6b6f6d4e1bf9f641c2bb6499bb76b386a3658527a35b484ce381  providers/implementations/ciphers/cipher_null.c
-4ae134ee0c4113670a7d09c9a5f5a289b1a4a9350bca74d7c2ef6c71d5a5e051  providers/implementations/ciphers/cipher_sm4.c
-61d2796a4dbf1f82dadf86219de5b762016d2e606f636b98b70f888227957c2d  providers/implementations/ciphers/cipher_sm4_hw.c
 06d8f86ec724075e7f72dabfb675b5c85a93c01997e4142fbaa8482e617f4ae5  providers/implementations/ciphers/cipher_tdes.c
 7b7172e7e5d646e07c1ac07036716c67d9a821de7c0dfd41f8243610215a61c4  providers/implementations/ciphers/cipher_tdes_common.c
-39be7651ea83263815cd48c649a54af56279879361fe91573800d84fbaf40bd9  providers/implementations/ciphers/cipher_tdes_default.c
-c3a9a1fca4416e4ecdeecc3e83cbd24ff3f3185f5c1fea8c5fb8346f3b0e9a67  providers/implementations/ciphers/cipher_tdes_default_hw.c
 50645122f08ef4891cd96cace833bd550be7f5278ab785515fd61fe8993c8c25  providers/implementations/ciphers/cipher_tdes_hw.c
-9bf68e5921f780cb489e8e19a0fd02e5285cea67381b2f55367c65ad0e65ecc3  providers/implementations/ciphers/cipher_tdes_wrap.c
-b98c8a9eb256008fb335084531dd5422563651a5a2d4cbe97f62fba49254a954  providers/implementations/ciphers/cipher_tdes_wrap_hw.c
 db110866cede3d97d352fb94f13832bef7349f2c7c1d271bc87e640fc36beed0  providers/implementations/ciphers/ciphercommon.c
 697e9f2254574cc93f0737456d0f3a275946296466a179bb5d0fea607c7a92fa  providers/implementations/ciphers/ciphercommon_block.c
 4b4106f85e36eb2c07acc5a3ca5ccd77b736b3ac46cc4af786cf57405ecd54b2  providers/implementations/ciphers/ciphercommon_ccm.c
@@ -386,35 +363,17 @@ db110866cede3d97d352fb94f13832bef7349f2c7c1d271bc87e640fc36beed0  providers/impl
 1a6377698528eb24943c7616b55e43305a98569497279df8c6e6e411ed009424  providers/implementations/ciphers/ciphercommon_gcm.c
 bb67eaa7a98494ca938726f9218213870fc97dd87b56bda950626cc794baf20b  providers/implementations/ciphers/ciphercommon_gcm_hw.c
 23fd89e3239e596c325a8c5d23eb1fe157a8d23aa4d90ed2c574bf06dfabd693  providers/implementations/ciphers/ciphercommon_hw.c
-6b292cf7b2de5e7edb50ab4fedc4adcde2e17aeb30a7c5e4502a4c3994a446cf  providers/implementations/digests/blake2_prov.c
-0dd0cb9e70c5e339c8540aece6be4be1ee328fdc7d32d54e049ff708c981f2d4  providers/implementations/digests/blake2b_prov.c
-6e18c13f50a291de8a4241f8cb9b6b6b1200f3cc4eee0d8d7ffabf0f36daa652  providers/implementations/digests/blake2s_prov.c
 39b47b6ef9d71852964c26e07ef0e9b23f04c7493b1b16ba7c3dba7074b6b70d  providers/implementations/digests/digestcommon.c
-4e6dd0d5343117ee5b3b61326e14e2aad035ae4f2bb0a1cc4b4be708371a9fe3  providers/implementations/digests/md5_prov.c
-322887272619e335b3157128d772d4f7851eef7314ab65ce8b742c5ab8ac5d63  providers/implementations/digests/md5_sha1_prov.c
 80551b53302d95faea257df3edbdbd02d48427ce42da2c4335f998456400d057  providers/implementations/digests/sha2_prov.c
 de342d04be6af69037922d5c97bdc40c0c27f6740636e72786a765d0d8ad9173  providers/implementations/digests/sha3_prov.c
-320eb5deda82a3c052d0d0530fc27a66a402cbf3ddcf6640c5911d0e8d145e0c  providers/implementations/digests/sm3_prov.c
-e7660e887b3a98789b09645c7b8b3a0d94bef80837a30c750c1c3fd0c8de3d60  providers/implementations/encode_decode/decode_der2key.c
-130057ec5593166df25e0ece457e5623c218127d8b7714a7162604c22a420976  providers/implementations/encode_decode/decode_msblob2key.c
-4ab7936e2bda93aec2083fb3545d261bd3ffbee62657a0c7118bd5fc4f02b5e0  providers/implementations/encode_decode/decode_pem2der.c
-cebde4c1b7f333159daeec6ac014d3477bf4d3e25a3cccfb0bc7b55bdcf78498  providers/implementations/encode_decode/decode_pvk2key.c
-a4a2c4f7e1c86cb194040db19c801d749fac52ff3dd59e3759524226b772178e  providers/implementations/encode_decode/encode_key2any.c
-8fe61023c2d19a43b1aaacf617f2d6098a525216e91622549c1bfabb80256de0  providers/implementations/encode_decode/encode_key2blob.c
-1412482218e6aadd0cc1eaac3d4a2aaf57be43705e2b4d2ba926b5493e7e1b55  providers/implementations/encode_decode/encode_key2ms.c
-820e4501145f07e7f48d29e3124fdcdb834e7e6658fb2340a1f2d2ce373362a6  providers/implementations/encode_decode/encode_key2text.c
-ecc88a83dc108b869e8d8223d466d49b829364bea0dae602c05e2b999aa5a02c  providers/implementations/encode_decode/endecoder_common.c
 2d3adc404341e3a8a3c29adf732cb740dc4c4b0cde1c422cbeb352c4509320db  providers/implementations/exchange/dh_exch.c
 427b9abee979f94371aa4aa99b48f08f1772965c93f9bce6f4531cc4cec136b6  providers/implementations/exchange/ecdh_exch.c
 9bf87b8429398a6465c7e9f749a33b84974303a458736b56f3359b30726d3969  providers/implementations/exchange/ecx_exch.c
 06ba83a8a8235bcdbda56f82b017cb19361469fe47c23cc6218a7e9b88ae6513  providers/implementations/exchange/kdf_exch.c
 4f8049771ff0cb57944e1ffc9599a96023e36b424138e51b1466f9a133f03943  providers/implementations/kdfs/hkdf.c
 115e13e152cfb7d729659cb26056414f719c5e7cb2a9b3df8b6ad0f232ce109a  providers/implementations/kdfs/kbkdf.c
-9625cab3ea0a1830838412d0ce6210c9a77eeebddb3cb1bee5198d90c33539ae  providers/implementations/kdfs/krb5kdf.c
 f93d3b32e7e3bc6bd4100559b15d392613797e1048010fdc70058ae9297a1125  providers/implementations/kdfs/pbkdf2.c
 abe2b0f3711eaa34846e155cffc9242e4051c45de896f747afd5ac9d87f637dc  providers/implementations/kdfs/pbkdf2_fips.c
-43fae0685aa32e34545704fccd1f0ec3357ef28cc817c03960d649044420b368  providers/implementations/kdfs/pkcs12kdf.c
-0994de1013c5b1a3007ce71150a28efdc791be96c8b8f7b6d25c8b593735f8f2  providers/implementations/kdfs/scrypt.c
 6551c3354fb889cb429f850e0194a82d677528f65212d4ac345ab87352cec8a1  providers/implementations/kdfs/sshkdf.c
 eb18f3fe62bb2a46a294b738de81a233bd2db00cc79ddc58622fc7c7021c3528  providers/implementations/kdfs/sskdf.c
 3c46ec0e14be09a133d709c3a1c3d5ab05a4f1ed5385c3e7a1afb2f0ee47ef7a  providers/implementations/kdfs/tls1_prf.c
@@ -427,33 +386,20 @@ a5b4ddffa137a52f6a0a0c0c28c618d9bff00af2ec49e51885fc7af116e04869  providers/impl
 053a2be39a87f50b877ebdbbf799cf5faf8b2de33b04311d819d212ee1ea329b  providers/implementations/keymgmt/kdf_legacy_kmgmt.c
 21b259d6a9eb5e319106012179e04963fb9659ed85af37f5c9c8752ec2385dae  providers/implementations/keymgmt/mac_legacy_kmgmt.c
 c48eb00f0de1c28baaa3cf7c0e85d4d2a20592783aa545f8934da487c05a3e87  providers/implementations/keymgmt/rsa_kmgmt.c
-7d268a8d8179b35b6a9cb6b362976b3d861351c9ea076961f02a54ab37f3f5b0  providers/implementations/macs/blake2b_mac.c
-3d50f84587431277bfb7af241485b150e02f7b30750f9faa40dd6e98927e5592  providers/implementations/macs/blake2s_mac.c
 25d20ceb61cadb495ec890ae2c49c5c1c840b39ac77f20058ee87249cab341ef  providers/implementations/macs/cmac_prov.c
 f51b074d55028d3e24656da348d21ca79f6680fdb30383d936251f1b3467caab  providers/implementations/macs/gmac_prov.c
 35505704fda658c0911f95974913c1f2dd75c8f91c5d2ec597c70c52624bdfdf  providers/implementations/macs/hmac_prov.c
 e42823cce1d08d9cb6cb32cc6b913241573c2cbbd856ff77a331b0956ee5aa02  providers/implementations/macs/kmac_prov.c
-94d80682125b40ba694242fdfa978b802c6e70f2b0167215c9d689c0ccf5820f  providers/implementations/macs/poly1305_prov.c
-d594704aa3173afdb2b1e95253285cdb245a42078f9ca06b68aaeecb858b10fd  providers/implementations/macs/siphash_prov.c
 dcc1afbe2965de7c5ac0a17ab1b19b8ed512049376833cb410db30f8dc4e2064  providers/implementations/rands/crngt.c
 c7a811a8b2911ec76faf985145a445b81d19c57f5457dad203b39f1da48e6c1b  providers/implementations/rands/drbg.c
 3dc5f082235664ee02b827760bdf1c1dcd90d058b9664994751f7606009556ed  providers/implementations/rands/drbg_ctr.c
 c36937930bcaecd6d5131d0317b9162a96cc956df164848dc53f423af838d04a  providers/implementations/rands/drbg_hash.c
 531c0ce4212570474b59a1b039e61a97ee5504e56e2f10de1f36578f1bca79d3  providers/implementations/rands/drbg_hmac.c
-8075edbf4957b625301c85331bb4737cbefd334ee51e146fa15c3dc40bdd4973  providers/implementations/rands/seed_src.c
-c440957b586c6dac6c0b695080f0f4147c81f3a269b2fb07a742e73b54b2fa64  providers/implementations/rands/seeding/rand_cpu_x86.c
-c1a6007e76d21279e0b4eafef970c94cefad48a1a0d609aa9c359b5418486b95  providers/implementations/rands/seeding/rand_tsc.c
-7cd4b532adf4eff8209c5eb7d7c1020840fc1728cb3179beb163639fc7aff285  providers/implementations/rands/seeding/rand_unix.c
-38a0be4c03ea3c0e4761173a44ed421e3ec4f5c5eafafd8861b84a28c48d75f2  providers/implementations/rands/seeding/rand_win.c
 888a671934abef4225956f9931cff842f245f90660e11f23a55228edca962e16  providers/implementations/rands/test_rng.c
-a7f16a6480f5051d1197b992e042a73535d0922bdd3c962d2a96af780994e858  providers/implementations/signature/dsa.c
-1edce687e950bec7c289cdac7c4c455e195942ccddfc38af0344277421afcc0f  providers/implementations/signature/ecdsa.c
-8074854e90be6a8266cc81ad722ef12213e9fc1360891822f109bfb03791f18e  providers/implementations/signature/eddsa.c
-1cb6ec2efb7b2bb131622aa95e245273f5967065eb0018392ed4ced50d0813b7  providers/implementations/signature/mac_legacy.c
-25fe1a61578d54c3e67b60646f3fd3d0a47ff1d4cd620ef1f1fca3341f2662a2  providers/implementations/signature/rsa.c
-c0a862433e5da909cf0c614d3f982765b67821c7a4cc6257ceb8c490b4dcf732  providers/implementations/signature/sm2sig.c
-e2750b310565e74617310566c1ccfbd75559521117fd8936540fff54dd304902  providers/implementations/storemgmt/file_store.c
-291288936fe321e3e85048366f790f6b7983561cd8f80eec4c0e01d7c43614ab  providers/implementations/storemgmt/file_store_der2obj.c
-04ea01e48b8fee822acb376ab8679b4c627b32ab75c137bf23ebb4fe2a1c0703  providers/prov_running.c
+a7f16a6480f5051d1197b992e042a73535d0922bdd3c962d2a96af780994e858  providers/implementations/signature/dsa_sig.c
+1edce687e950bec7c289cdac7c4c455e195942ccddfc38af0344277421afcc0f  providers/implementations/signature/ecdsa_sig.c
+8074854e90be6a8266cc81ad722ef12213e9fc1360891822f109bfb03791f18e  providers/implementations/signature/eddsa_sig.c
+1cb6ec2efb7b2bb131622aa95e245273f5967065eb0018392ed4ced50d0813b7  providers/implementations/signature/mac_legacy_sig.c
+25fe1a61578d54c3e67b60646f3fd3d0a47ff1d4cd620ef1f1fca3341f2662a2  providers/implementations/signature/rsa_sig.c
 53a1e913fcc4a4e8e84009229cba60b9e29c7dc6536182fd290478331fad44b4  ssl/record/tls_pad.c
 0143753184c1bddf47af3bd5b5e0d788fc757dac4b77f291627fc25d46eba05c  ssl/s3_cbc.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index 913f8b0992..3f183b8c1a 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-f51d5228b36f7d4ef300ceddfb426e672b136c0b64706af027707830828fa442  providers/fips-sources.checksums
+31b3d6511f42b33ac269d527ab6ff7c18f0afda32f913d825eee5efc7e772da2  providers/fips-sources.checksums
diff --git a/providers/fips.module.sources b/providers/fips.module.sources
index 79b532fe89..7e17658602 100644
--- a/providers/fips.module.sources
+++ b/providers/fips.module.sources
@@ -339,13 +339,11 @@ providers/common/provider_err.c
 providers/common/provider_seeding.c
 providers/common/provider_util.c
 providers/common/securitycheck.c
-providers/common/securitycheck_default.c
 providers/common/securitycheck_fips.c
 providers/fips/fipsprov.c
 providers/fips/self_test.c
 providers/fips/self_test_kats.c
 providers/implementations/asymciphers/rsa_enc.c
-providers/implementations/asymciphers/sm2_enc.c
 providers/implementations/ciphers/cipher_aes.c
 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
@@ -358,34 +356,13 @@ providers/implementations/ciphers/cipher_aes_gcm_hw.c
 providers/implementations/ciphers/cipher_aes_hw.c
 providers/implementations/ciphers/cipher_aes_ocb.c
 providers/implementations/ciphers/cipher_aes_ocb_hw.c
-providers/implementations/ciphers/cipher_aes_siv.c
-providers/implementations/ciphers/cipher_aes_siv_hw.c
 providers/implementations/ciphers/cipher_aes_wrp.c
 providers/implementations/ciphers/cipher_aes_xts.c
 providers/implementations/ciphers/cipher_aes_xts_fips.c
 providers/implementations/ciphers/cipher_aes_xts_hw.c
-providers/implementations/ciphers/cipher_aria.c
-providers/implementations/ciphers/cipher_aria_ccm.c
-providers/implementations/ciphers/cipher_aria_ccm_hw.c
-providers/implementations/ciphers/cipher_aria_gcm.c
-providers/implementations/ciphers/cipher_aria_gcm_hw.c
-providers/implementations/ciphers/cipher_aria_hw.c
-providers/implementations/ciphers/cipher_camellia.c
-providers/implementations/ciphers/cipher_camellia_hw.c
-providers/implementations/ciphers/cipher_chacha20.c
-providers/implementations/ciphers/cipher_chacha20_hw.c
-providers/implementations/ciphers/cipher_chacha20_poly1305.c
-providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c
-providers/implementations/ciphers/cipher_null.c
-providers/implementations/ciphers/cipher_sm4.c
-providers/implementations/ciphers/cipher_sm4_hw.c
 providers/implementations/ciphers/cipher_tdes.c
 providers/implementations/ciphers/cipher_tdes_common.c
-providers/implementations/ciphers/cipher_tdes_default.c
-providers/implementations/ciphers/cipher_tdes_default_hw.c
 providers/implementations/ciphers/cipher_tdes_hw.c
-providers/implementations/ciphers/cipher_tdes_wrap.c
-providers/implementations/ciphers/cipher_tdes_wrap_hw.c
 providers/implementations/ciphers/ciphercommon.c
 providers/implementations/ciphers/ciphercommon_block.c
 providers/implementations/ciphers/ciphercommon_ccm.c
@@ -393,35 +370,17 @@ providers/implementations/ciphers/ciphercommon_ccm_hw.c
 providers/implementations/ciphers/ciphercommon_gcm.c
 providers/implementations/ciphers/ciphercommon_gcm_hw.c
 providers/implementations/ciphers/ciphercommon_hw.c
-providers/implementations/digests/blake2_prov.c
-providers/implementations/digests/blake2b_prov.c
-providers/implementations/digests/blake2s_prov.c
 providers/implementations/digests/digestcommon.c
-providers/implementations/digests/md5_prov.c
-providers/implementations/digests/md5_sha1_prov.c
 providers/implementations/digests/sha2_prov.c
 providers/implementations/digests/sha3_prov.c
-providers/implementations/digests/sm3_prov.c
-providers/implementations/encode_decode/decode_der2key.c
-providers/implementations/encode_decode/decode_msblob2key.c
-providers/implementations/encode_decode/decode_pem2der.c
-providers/implementations/encode_decode/decode_pvk2key.c
-providers/implementations/encode_decode/encode_key2any.c
-providers/implementations/encode_decode/encode_key2blob.c
-providers/implementations/encode_decode/encode_key2ms.c
-providers/implementations/encode_decode/encode_key2text.c
-providers/implementations/encode_decode/endecoder_common.c
 providers/implementations/exchange/dh_exch.c
 providers/implementations/exchange/ecdh_exch.c
 providers/implementations/exchange/ecx_exch.c
 providers/implementations/exchange/kdf_exch.c
 providers/implementations/kdfs/hkdf.c
 providers/implementations/kdfs/kbkdf.c
-providers/implementations/kdfs/krb5kdf.c
 providers/implementations/kdfs/pbkdf2.c
 providers/implementations/kdfs/pbkdf2_fips.c
-providers/implementations/kdfs/pkcs12kdf.c
-providers/implementations/kdfs/scrypt.c
 providers/implementations/kdfs/sshkdf.c
 providers/implementations/kdfs/sskdf.c
 providers/implementations/kdfs/tls1_prf.c
@@ -434,34 +393,21 @@ providers/implementations/keymgmt/ecx_kmgmt.c
 providers/implementations/keymgmt/kdf_legacy_kmgmt.c
 providers/implementations/keymgmt/mac_legacy_kmgmt.c
 providers/implementations/keymgmt/rsa_kmgmt.c
-providers/implementations/macs/blake2b_mac.c
-providers/implementations/macs/blake2s_mac.c
 providers/implementations/macs/cmac_prov.c
 providers/implementations/macs/gmac_prov.c
 providers/implementations/macs/hmac_prov.c
 providers/implementations/macs/kmac_prov.c
-providers/implementations/macs/poly1305_prov.c
-providers/implementations/macs/siphash_prov.c
 providers/implementations/rands/crngt.c
 providers/implementations/rands/drbg.c
 providers/implementations/rands/drbg_ctr.c
 providers/implementations/rands/drbg_hash.c
 providers/implementations/rands/drbg_hmac.c
-providers/implementations/rands/seed_src.c
-providers/implementations/rands/seeding/rand_cpu_x86.c
-providers/implementations/rands/seeding/rand_tsc.c
-providers/implementations/rands/seeding/rand_unix.c
-providers/implementations/rands/seeding/rand_win.c
 providers/implementations/rands/test_rng.c
-providers/implementations/signature/dsa.c
-providers/implementations/signature/ecdsa.c
-providers/implementations/signature/eddsa.c
-providers/implementations/signature/mac_legacy.c
-providers/implementations/signature/rsa.c
-providers/implementations/signature/sm2sig.c
-providers/implementations/storemgmt/file_store.c
-providers/implementations/storemgmt/file_store_der2obj.c
-providers/prov_running.c
+providers/implementations/signature/dsa_sig.c
+providers/implementations/signature/ecdsa_sig.c
+providers/implementations/signature/eddsa_sig.c
+providers/implementations/signature/mac_legacy_sig.c
+providers/implementations/signature/rsa_sig.c
 ssl/record/tls_pad.c
 ssl/s3_cbc.c
 util/providers.num
diff --git a/providers/implementations/asymciphers/build.info b/providers/implementations/asymciphers/build.info
index 4b629d04ee..dbca473684 100644
--- a/providers/implementations/asymciphers/build.info
+++ b/providers/implementations/asymciphers/build.info
@@ -1,8 +1,8 @@
 # We make separate GOAL variables for each algorithm, to make it easy to
 # switch each to the Legacy provider when needed.
 
-$RSA_GOAL=../../libimplementations.a
-$SM2_GOAL=../../libimplementations.a
+$RSA_GOAL=../../libdefault.a ../../libfips.a
+$SM2_GOAL=../../libdefault.a
 
 SOURCE[$RSA_GOAL]=rsa_enc.c
 
diff --git a/providers/implementations/ciphers/build.info b/providers/implementations/ciphers/build.info
index a278c2182b..cb87ea62d9 100644
--- a/providers/implementations/ciphers/build.info
+++ b/providers/implementations/ciphers/build.info
@@ -7,12 +7,12 @@
 
 $COMMON_GOAL=../../libcommon.a
 
-$NULL_GOAL=../../libimplementations.a
-$AES_GOAL=../../libimplementations.a
-$TDES_1_GOAL=../../libimplementations.a
-$TDES_2_GOAL=../../libimplementations.a
-$ARIA_GOAL=../../libimplementations.a
-$CAMELLIA_GOAL=../../libimplementations.a
+$NULL_GOAL=../../libdefault.a
+$AES_GOAL=../../libdefault.a ../../libfips.a
+$TDES_1_GOAL=../../libdefault.a ../../libfips.a
+$TDES_2_GOAL=../../libdefault.a
+$ARIA_GOAL=../../libdefault.a
+$CAMELLIA_GOAL=../../libdefault.a
 $DES_GOAL=../../liblegacy.a
 $BLOWFISH_GOAL=../../liblegacy.a
 $IDEA_GOAL=../../liblegacy.a
@@ -21,10 +21,10 @@ $RC2_GOAL=../../liblegacy.a
 $RC4_GOAL=../../liblegacy.a
 $RC5_GOAL=../../liblegacy.a
 $SEED_GOAL=../../liblegacy.a
-$SM4_GOAL=../../libimplementations.a
-$CHACHA_GOAL=../../libimplementations.a
-$CHACHAPOLY_GOAL=../../libimplementations.a
-$SIV_GOAL=../../libimplementations.a
+$SM4_GOAL=../../libdefault.a
+$CHACHA_GOAL=../../libdefault.a
+$CHACHAPOLY_GOAL=../../libdefault.a
+$SIV_GOAL=../../libdefault.a
 
 # This source is common building blocks for all ciphers in all our providers.
 SOURCE[$COMMON_GOAL]=\
@@ -51,8 +51,7 @@ SOURCE[$AES_GOAL]=\
 
 # Extra code to satisfy the FIPS and non-FIPS separation.
 # When the AES-xxx-XTS moves to legacy, cipher_aes_xts_fips.c can be removed.
-SOURCE[../../libfips.a]=cipher_aes_xts_fips.c
-SOURCE[../../libnonfips.a]=cipher_aes_xts_fips.c
+SOURCE[$AES_GOAL]=cipher_aes_xts_fips.c
 
 IF[{- !$disabled{siv} -}]
   SOURCE[$SIV_GOAL]=\
diff --git a/providers/implementations/digests/build.info b/providers/implementations/digests/build.info
index a90636cbb9..2c2b0c3db0 100644
--- a/providers/implementations/digests/build.info
+++ b/providers/implementations/digests/build.info
@@ -3,12 +3,12 @@
 
 $COMMON_GOAL=../../libcommon.a
 
-$SHA1_GOAL=../../libimplementations.a
-$SHA2_GOAL=../../libimplementations.a
-$SHA3_GOAL=../../libimplementations.a
-$BLAKE2_GOAL=../../libimplementations.a
-$SM3_GOAL=../../libimplementations.a
-$MD5_GOAL=../../libimplementations.a
+$SHA1_GOAL=../../libdefault.a ../../libfips.a
+$SHA2_GOAL=../../libdefault.a ../../libfips.a
+$SHA3_GOAL=../../libdefault.a ../../libfips.a
+$BLAKE2_GOAL=../../libdefault.a
+$SM3_GOAL=../../libdefault.a
+$MD5_GOAL=../../libdefault.a
 
 $MD2_GOAL=../../liblegacy.a
 $MD4_GOAL=../../liblegacy.a
diff --git a/providers/implementations/encode_decode/build.info b/providers/implementations/encode_decode/build.info
index 694e3c94a5..06fe6aa462 100644
--- a/providers/implementations/encode_decode/build.info
+++ b/providers/implementations/encode_decode/build.info
@@ -1,14 +1,14 @@
 # We make separate GOAL variables for each algorithm, to make it easy to
 # switch each to the Legacy provider when needed.
 
-$ENCODER_GOAL=../../libimplementations.a
-$DECODER_GOAL=../../libimplementations.a
-$RSA_GOAL=../../libimplementations.a
-$FFC_GOAL=../../libimplementations.a
-$DH_GOAL=../../libimplementations.a
-$DSA_GOAL=../../libimplementations.a
-$ECX_GOAL=../../libimplementations.a
-$EC_GOAL=../../libimplementations.a
+$ENCODER_GOAL=../../libdefault.a
+$DECODER_GOAL=../../libdefault.a
+$RSA_GOAL=../../libdefault.a
+$FFC_GOAL=../../libdefault.a
+$DH_GOAL=../../libdefault.a
+$DSA_GOAL=../../libdefault.a
+$ECX_GOAL=../../libdefault.a
+$EC_GOAL=../../libdefault.a
 
 SOURCE[$ENCODER_GOAL]=endecoder_common.c
 
diff --git a/providers/implementations/exchange/build.info b/providers/implementations/exchange/build.info
index 4659dc9b0e..3c1e5c58f1 100644
--- a/providers/implementations/exchange/build.info
+++ b/providers/implementations/exchange/build.info
@@ -1,11 +1,10 @@
 # We make separate GOAL variables for each algorithm, to make it easy to
 # switch each to the Legacy provider when needed.
 
-$DH_GOAL=../../libimplementations.a
-$ECDH_GOAL=../../libimplementations.a
-$ECX_GOAL=../../libimplementations.a
-$ECDH_GOAL=../../libimplementations.a
-$KDF_GOAL=../../libimplementations.a
+$DH_GOAL=../../libdefault.a ../../libfips.a
+$ECDH_GOAL=../../libdefault.a ../../libfips.a
+$ECX_GOAL=../../libdefault.a ../../libfips.a
+$KDF_GOAL=../../libdefault.a ../../libfips.a
 
 IF[{- !$disabled{dh} -}]
   SOURCE[$DH_GOAL]=dh_exch.c
diff --git a/providers/implementations/kdfs/build.info b/providers/implementations/kdfs/build.info
index 459005def5..1711466e3f 100644
--- a/providers/implementations/kdfs/build.info
+++ b/providers/implementations/kdfs/build.info
@@ -1,16 +1,16 @@
 # We make separate GOAL variables for each algorithm, to make it easy to
 # switch each to the Legacy provider when needed.
 
-$TLS1_PRF_GOAL=../../libimplementations.a
-$HKDF_GOAL=../../libimplementations.a
-$KBKDF_GOAL=../../libimplementations.a
-$KRB5KDF_GOAL=../../libimplementations.a
-$PBKDF2_GOAL=../../libimplementations.a
-$PKCS12KDF_GOAL=../../libimplementations.a
-$SSKDF_GOAL=../../libimplementations.a
-$SCRYPT_GOAL=../../libimplementations.a
-$SSHKDF_GOAL=../../libimplementations.a
-$X942KDF_GOAL=../../libimplementations.a
+$TLS1_PRF_GOAL=../../libdefault.a ../../libfips.a
+$HKDF_GOAL=../../libdefault.a ../../libfips.a
+$KBKDF_GOAL=../../libdefault.a ../../libfips.a
+$KRB5KDF_GOAL=../../libdefault.a
+$PBKDF2_GOAL=../../libdefault.a ../../libfips.a
+$PKCS12KDF_GOAL=../../libdefault.a
+$SSKDF_GOAL=../../libdefault.a ../../libfips.a
+$SCRYPT_GOAL=../../libdefault.a
+$SSHKDF_GOAL=../../libdefault.a ../../libfips.a
+$X942KDF_GOAL=../../libdefault.a ../../libfips.a
 
 SOURCE[$TLS1_PRF_GOAL]=tls1_prf.c
 
@@ -23,8 +23,7 @@ SOURCE[$KRB5KDF_GOAL]=krb5kdf.c
 SOURCE[$PBKDF2_GOAL]=pbkdf2.c
 # Extra code to satisfy the FIPS and non-FIPS separation.
 # When the PBKDF2 moves to legacy, this can be removed.
-SOURCE[../../libfips.a]=pbkdf2_fips.c
-SOURCE[../../libnonfips.a]=pbkdf2_fips.c
+SOURCE[$PBKDF2_GOAL]=pbkdf2_fips.c
 
 SOURCE[$PKCS12KDF_GOAL]=pkcs12kdf.c
 
diff --git a/providers/implementations/kem/build.info b/providers/implementations/kem/build.info
index e9f91cba43..dbb1b7d750 100644
--- a/providers/implementations/kem/build.info
+++ b/providers/implementations/kem/build.info
@@ -1,6 +1,6 @@
 # We make separate GOAL variables for each algorithm, to make it easy to
 # switch each to the Legacy provider when needed.
 
-$RSA_KEM_GOAL=../../libimplementations.a
+$RSA_KEM_GOAL=../../libdefault.a ../../libfips.a
 
 SOURCE[$RSA_KEM_GOAL]=rsa_kem.c
diff --git a/providers/implementations/keymgmt/build.info b/providers/implementations/keymgmt/build.info
index f434a720bc..0d86907aed 100644
--- a/providers/implementations/keymgmt/build.info
+++ b/providers/implementations/keymgmt/build.info
@@ -1,20 +1,22 @@
 # We make separate GOAL variables for each algorithm, to make it easy to
 # switch each to the Legacy provider when needed.
 
-$ECX_GOAL=../../libimplementations.a
-$KDF_GOAL=../../libimplementations.a
+$DH_GOAL=../../libdefault.a ../../libfips.a
+$DSA_GOAL=../../libdefault.a ../../libfips.a
+$EC_GOAL=../../libdefault.a ../../libfips.a
+$ECX_GOAL=../../libdefault.a ../../libfips.a
+$KDF_GOAL=../../libdefault.a ../../libfips.a
+$MAC_GOAL=../../libdefault.a ../../libfips.a
+$RSA_GOAL=../../libdefault.a ../../libfips.a
 
 IF[{- !$disabled{dh} -}]
-  SOURCE[../../libfips.a]=dh_kmgmt.c
-  SOURCE[../../libnonfips.a]=dh_kmgmt.c
+  SOURCE[$DH_GOAL]=dh_kmgmt.c
 ENDIF
 IF[{- !$disabled{dsa} -}]
-  SOURCE[../../libfips.a]=dsa_kmgmt.c
-  SOURCE[../../libnonfips.a]=dsa_kmgmt.c
+  SOURCE[$DSA_GOAL]=dsa_kmgmt.c
 ENDIF
 IF[{- !$disabled{ec} -}]
-  SOURCE[../../libfips.a]=ec_kmgmt.c
-  SOURCE[../../libnonfips.a]=ec_kmgmt.c
+  SOURCE[$EC_GOAL]=ec_kmgmt.c
 ENDIF
 
 IF[{- !$disabled{asm} -}]
@@ -32,10 +34,8 @@ IF[{- !$disabled{ec} -}]
   DEFINE[$ECX_GOAL]=$ECDEF
 ENDIF
 
-SOURCE[../../libfips.a]=rsa_kmgmt.c
-SOURCE[../../libnonfips.a]=rsa_kmgmt.c
+SOURCE[$RSA_GOAL]=rsa_kmgmt.c
 
 SOURCE[$KDF_GOAL]=kdf_legacy_kmgmt.c
 
-SOURCE[../../libfips.a]=mac_legacy_kmgmt.c
-SOURCE[../../libnonfips.a]=mac_legacy_kmgmt.c
+SOURCE[$MAC_GOAL]=mac_legacy_kmgmt.c
diff --git a/providers/implementations/macs/build.info b/providers/implementations/macs/build.info
index 07c40d354b..35db66bf23 100644
--- a/providers/implementations/macs/build.info
+++ b/providers/implementations/macs/build.info
@@ -1,13 +1,13 @@
 # We make separate GOAL variables for each algorithm, to make it easy to
 # switch each to the Legacy provider when needed.
 
-$GMAC_GOAL=../../libimplementations.a
-$HMAC_GOAL=../../libimplementations.a
-$KMAC_GOAL=../../libimplementations.a
-$CMAC_GOAL=../../libimplementations.a
-$BLAKE2_GOAL=../../libimplementations.a
-$SIPHASH_GOAL=../../libimplementations.a
-$POLY1305_GOAL=../../libimplementations.a
+$GMAC_GOAL=../../libdefault.a ../../libfips.a
+$HMAC_GOAL=../../libdefault.a ../../libfips.a
+$KMAC_GOAL=../../libdefault.a ../../libfips.a
+$CMAC_GOAL=../../libdefault.a ../../libfips.a
+$BLAKE2_GOAL=../../libdefault.a
+$SIPHASH_GOAL=../../libdefault.a
+$POLY1305_GOAL=../../libdefault.a
 
 SOURCE[$GMAC_GOAL]=gmac_prov.c
 SOURCE[$HMAC_GOAL]=hmac_prov.c
@@ -17,8 +17,6 @@ IF[{- !$disabled{cmac} -}]
   SOURCE[$CMAC_GOAL]=cmac_prov.c
 ENDIF
 
-$GOAL=../../libimplementations.a
-
 IF[{- !$disabled{blake2} -}]
   SOURCE[$BLAKE2_GOAL]=blake2b_mac.c blake2s_mac.c
 ENDIF
diff --git a/providers/implementations/rands/build.info b/providers/implementations/rands/build.info
index b44c1caa8a..8bcac43be7 100644
--- a/providers/implementations/rands/build.info
+++ b/providers/implementations/rands/build.info
@@ -1,6 +1,6 @@
 SUBDIRS=seeding
 
-$COMMON=drbg.c test_rng.c drbg_ctr.c drbg_hash.c drbg_hmac.c crngt.c
+$RANDS_GOAL=../../libdefault.a ../../libfips.a
 
-SOURCE[../../libfips.a]=$COMMON
-SOURCE[../../libnonfips.a]=$COMMON seed_src.c
+SOURCE[$RANDS_GOAL]=drbg.c test_rng.c drbg_ctr.c drbg_hash.c drbg_hmac.c crngt.c
+SOURCE[../../libdefault.a]=seed_src.c
diff --git a/providers/implementations/rands/seeding/build.info b/providers/implementations/rands/seeding/build.info
index 58c5be3daf..2788146ad4 100644
--- a/providers/implementations/rands/seeding/build.info
+++ b/providers/implementations/rands/seeding/build.info
@@ -6,5 +6,5 @@ IF[{- $config{target} =~ /vms/i -}]
   $COMMON=$COMMON rand_vms.c
 ENDIF
 
-SOURCE[../../../libnonfips.a]=$COMMON
+SOURCE[../../../libdefault.a]=$COMMON
 
diff --git a/providers/implementations/signature/build.info b/providers/implementations/signature/build.info
index 84c5d905b2..539a57e24b 100644
--- a/providers/implementations/signature/build.info
+++ b/providers/implementations/signature/build.info
@@ -1,24 +1,25 @@
 # We make separate GOAL variables for each algorithm, to make it easy to
 # switch each to the Legacy provider when needed.
 
-$DSA_GOAL=../../libimplementations.a
-$EC_GOAL=../../libimplementations.a
-$SM2SIG_GOAL=../../libimplementations.a
+$DSA_GOAL=../../libdefault.a ../../libfips.a
+$EC_GOAL=../../libdefault.a ../../libfips.a
+$MAC_GOAL=../../libdefault.a ../../libfips.a
+$RSA_GOAL=../../libdefault.a ../../libfips.a
+$SM2_GOAL=../../libdefault.a
 
 IF[{- !$disabled{dsa} -}]
-  SOURCE[$DSA_GOAL]=dsa.c
+  SOURCE[$DSA_GOAL]=dsa_sig.c
 ENDIF
 
 IF[{- !$disabled{ec} -}]
-  SOURCE[$EC_GOAL]=eddsa.c ecdsa.c
+  SOURCE[$EC_GOAL]=eddsa_sig.c ecdsa_sig.c
 ENDIF
 
 IF[{- !$disabled{sm2} -}]
-  SOURCE[$SM2SIG_GOAL]=sm2sig.c
+  SOURCE[$SM2_GOAL]=sm2_sig.c
 ENDIF
 
-SOURCE[../../libfips.a]=rsa.c
-SOURCE[../../libnonfips.a]=rsa.c
+SOURCE[$RSA_GOAL]=rsa_sig.c
 
 DEPEND[rsa.o]=../../common/include/prov/der_rsa.h
 DEPEND[dsa.o]=../../common/include/prov/der_dsa.h
@@ -26,5 +27,4 @@ DEPEND[ecdsa.o]=../../common/include/prov/der_ec.h
 DEPEND[eddsa.o]=../../common/include/prov/der_ecx.h
 DEPEND[sm2sig.o]=../../common/include/prov/der_sm2.h
 
-SOURCE[../../libfips.a]=mac_legacy.c
-SOURCE[../../libnonfips.a]=mac_legacy.c
+SOURCE[$MAC_GOAL]=mac_legacy_sig.c
diff --git a/providers/implementations/signature/dsa.c b/providers/implementations/signature/dsa_sig.c
similarity index 100%
rename from providers/implementations/signature/dsa.c
rename to providers/implementations/signature/dsa_sig.c
diff --git a/providers/implementations/signature/ecdsa.c b/providers/implementations/signature/ecdsa_sig.c
similarity index 100%
rename from providers/implementations/signature/ecdsa.c
rename to providers/implementations/signature/ecdsa_sig.c
diff --git a/providers/implementations/signature/eddsa.c b/providers/implementations/signature/eddsa_sig.c
similarity index 100%
rename from providers/implementations/signature/eddsa.c
rename to providers/implementations/signature/eddsa_sig.c
diff --git a/providers/implementations/signature/mac_legacy.c b/providers/implementations/signature/mac_legacy_sig.c
similarity index 100%
rename from providers/implementations/signature/mac_legacy.c
rename to providers/implementations/signature/mac_legacy_sig.c
diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa_sig.c
similarity index 100%
rename from providers/implementations/signature/rsa.c
rename to providers/implementations/signature/rsa_sig.c
diff --git a/providers/implementations/signature/sm2sig.c b/providers/implementations/signature/sm2_sig.c
similarity index 100%
rename from providers/implementations/signature/sm2sig.c
rename to providers/implementations/signature/sm2_sig.c
diff --git a/providers/implementations/storemgmt/build.info b/providers/implementations/storemgmt/build.info
index 89939cce54..ad47fb1fe8 100644
--- a/providers/implementations/storemgmt/build.info
+++ b/providers/implementations/storemgmt/build.info
@@ -1,6 +1,6 @@
 # We make separate GOAL variables for each algorithm, to make it easy to
 # switch each to the Legacy provider when needed.
 
-$STORE_GOAL=../../libimplementations.a
+$STORE_GOAL=../../libdefault.a
 
 SOURCE[$STORE_GOAL]=file_store.c file_store_der2obj.c
diff --git a/ssl/build.info b/ssl/build.info
index 703cbaff50..c17084b9ad 100644
--- a/ssl/build.info
+++ b/ssl/build.info
@@ -40,4 +40,4 @@ ENDIF
 DEFINE[../libssl]=$AESDEF
 
 SOURCE[../providers/libcommon.a]=record/tls_pad.c
-SOURCE[../providers/libimplementations.a]=s3_cbc.c
+SOURCE[../providers/libdefault.a ../providers/libfips.a]=s3_cbc.c


More information about the openssl-commits mailing list