Use OPENSSL_FIPS instead of FIPS.

diff --git a/Configure b/Configure
index f6718535c0c247a986f75010af6837d23e90db65..ee4b0e726574fc5340f726179fffa94f26dbde41 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -1151,7 +1151,6 @@ $bn_obj = $bn_asm unless $bn_obj ne "";
 if ($fips)
        {
        $des_obj=$sha1_obj="";
-       $cflags.=" -DFIPS";
        }
 $des_obj=$des_enc      unless (!$fips && $des_obj =~ /\.o$/);
 $bf_obj=$bf_enc                unless ($bf_obj =~ /\.o$/);

diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c
index 0b925a85660e5fda9c28fdd11bcdc55a84053965..ed566a81233f7d87e651885ec817a53f0deb86dc 100644 (file)
--- a/crypto/aes/aes_core.c
+++ b/crypto/aes/aes_core.c
@@ -40,7 +40,7 @@
 #include <openssl/fips.h>
 #include "aes_locl.h"
 
-#ifndef FIPS
+#ifndef OPENSSL_FIPS
 
 /*
 Te0[x] = S [x].[02, 01, 01, 03];
@@ -1258,4 +1258,4 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
        PUTU32(out + 12, s3);
 }
 
-#endif /* ndef FIPS */
+#endif /* ndef OPENSSL_FIPS */

diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index 8fe063ff5e52344ec259388bb1701a19d353f29c..84c1e6853f3dd79ba8d3dde40910cdd863a4f51b 100644 (file)
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -66,10 +66,10 @@
 static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
 #endif
 
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
 int FIPS_mode;
 void *FIPS_rand_check;
-#endif /* def FIPS */
+#endif /* def OPENSSL_FIPS */
 
 DECLARE_STACK_OF(CRYPTO_dynlock)
 IMPLEMENT_STACK_OF(CRYPTO_dynlock)

diff --git a/crypto/des/des_enc.c b/crypto/des/des_enc.c
index 3ad3c9bc750b5abe8f1ad1e068344d7baf918d17..21854270c7dee2d28770b579f92c48152c4c2abe 100644 (file)
--- a/crypto/des/des_enc.c
+++ b/crypto/des/des_enc.c
@@ -58,7 +58,7 @@
 
 #include "des_locl.h"
 
-#ifndef FIPS
+#ifndef OPENSSL_FIPS
 
 void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
        {
@@ -289,7 +289,7 @@ void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
        data[1]=r;
        }
 
-#endif /* ndef FIPS */
+#endif /* ndef OPENSSL_FIPS */
 
 #ifndef DES_DEFAULT_OPTIONS
 

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 0cff5c066d7e1435ae59c70609608e5f1e82d83e..e307beb3da75a859d1d7a8d2d2c85cccc73e3ada 100644 (file)
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -80,7 +80,7 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>
 
-#ifndef FIPS
+#ifndef OPENSSL_FIPS
 DSA *DSA_generate_parameters(int bits,
                unsigned char *seed_in, int seed_len,
                int *counter_ret, unsigned long *h_ret,
@@ -294,6 +294,6 @@ err:
        if (mont != NULL) BN_MONT_CTX_free(mont);
        return(ok?ret:NULL);
        }
-#endif /* ndef FIPS */
+#endif /* ndef OPENSSL_FIPS */
 #endif /* ndef OPENSSL_NO_SHA */
 

diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index f95ffa9fe105c26b1eb96f1045b255968d1e36dd..f1a85afcde8656066338e3c4b7b45a3a091e9ef2 100644 (file)
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -65,7 +65,7 @@
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
 
-#ifndef FIPS
+#ifndef OPENSSL_FIPS
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
 static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,

diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c
index 03846e539b977cc9b7a0f5c51990b7d382fcabf4..1821adf3d6b219df7d678c10097bbe9994116eaf 100644 (file)
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -71,7 +71,7 @@
 
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        {
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
        if(FIPS_mode && !FIPS_dsa_check(dsa))
                return NULL;
 #endif
@@ -95,7 +95,7 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
 
 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
        {
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
        if(FIPS_mode && !FIPS_dsa_check(dsa))
                return 0;
 #endif

diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c
index d8728a0ebc5b4f617f81a26ee0335bb46969c40c..493bdd07cd9dc5dedd1d8fb712469e5a9de9f1d7 100644 (file)
--- a/crypto/dsa/dsa_vrf.c
+++ b/crypto/dsa/dsa_vrf.c
@@ -73,7 +73,7 @@
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                  DSA *dsa)
        {
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
        if(FIPS_mode && !FIPS_dsa_check(dsa))
                return -1;
 #endif

diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c
index c8e2dafd93262bb8602909cd663ac490c7ca7454..4dc93008929e9150f33e7a46ad31bad3823edd0b 100644 (file)
--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@@ -131,7 +131,7 @@ void ERR_load_crypto_strings(void)
        ERR_load_OCSP_strings();
        ERR_load_UI_strings();
 #endif
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
        ERR_load_FIPS_strings();
 #endif
        }

diff --git a/crypto/md32_common.h b/crypto/md32_common.h
index 46603a019d699b4e7b25a55e11f7fcbeca749c84..6fc4467a676db5494841cf771b14e663eaeab9e9 100644 (file)
--- a/crypto/md32_common.h
+++ b/crypto/md32_common.h
@@ -559,7 +559,7 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c)
        static const unsigned char end[4]={0x80,0x00,0x00,0x00};
        const unsigned char *cp=end;
 
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
        if(FIPS_mode && !FIPS_md5_allowed)
            {
            FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD);

diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index 4fdb7005d3359ec2d3ab751322eb0d00183e51db..24e590ab64dde34998cb8b502b18a0e62483e458 100644 (file)
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -333,7 +333,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 #endif
        int do_stir_pool = 0;
 
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
        if(FIPS_mode)
            {
            FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD);

diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 9b6943e07e371d0190ed313f7ddb407d99f36cc5..869d11cab6c1ee37e82a46acbce7c7c980516791 100644 (file)
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -87,7 +87,7 @@ int RAND_set_rand_method(const RAND_METHOD *meth)
 
 const RAND_METHOD *RAND_get_rand_method(void)
        {
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
        if(FIPS_mode && default_RAND_meth != FIPS_rand_check)
            {
            RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);

diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c
index 3e5d1e9e7bf1eb4b81bee9313f189cf1f80e55c2..de645fc1070a1dce51a0f71da8afbf2c69b4ddce 100644 (file)
--- a/crypto/sha/sha1dgst.c
+++ b/crypto/sha/sha1dgst.c
@@ -63,18 +63,18 @@
 
 #include <openssl/opensslv.h>
 
-#ifndef FIPS
+#ifndef OPENSSL_FIPS
 const char *SHA1_version="SHA1" OPENSSL_VERSION_PTEXT;
 
 /* The implementation is in ../md32_common.h */
 
 #include "sha_locl.h"
 
-#else /* ndef FIPS */
+#else /* ndef OPENSSL_FIPS */
 
 static void *dummy=&dummy;
 
-#endif /* ndef FIPS */
+#endif /* ndef OPENSSL_FIPS */
 
 #endif
 

diff --git a/fips/aes/fips_aes_core.c b/fips/aes/fips_aes_core.c
index 1d3481efd4978cf2798ad482a7714991577d1b7c..94db7508fc4da6d1f9be55d73b3120e683d1a7c3 100644 (file)
--- a/fips/aes/fips_aes_core.c
+++ b/fips/aes/fips_aes_core.c
@@ -39,7 +39,7 @@
 #include <openssl/aes.h>
 #include "fips_aes_locl.h"
 
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
 
 /*
 Te0[x] = S [x].[02, 01, 01, 03];
@@ -1257,4 +1257,4 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
        PUTU32(out + 12, s3);
 }
 
-#endif /* def FIPS */
+#endif /* def OPENSSL_FIPS */

diff --git a/fips/aes/fips_aes_selftest.c b/fips/aes/fips_aes_selftest.c
index 0bb9f3e48e0ebc824c0f75fb76085ed8dbb9e902..8d3e9c212ff27f57276a2bdd6a95b756f8516a16 100644 (file)
--- a/fips/aes/fips_aes_selftest.c
+++ b/fips/aes/fips_aes_selftest.c
@@ -52,7 +52,7 @@
 #include <openssl/fips.h>
 #include <openssl/aes.h>
 
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
 static struct
     {
     unsigned char key[16];

diff --git a/fips/aes/fips_aesavs.c b/fips/aes/fips_aesavs.c
index 5ffbb086c141fc9331f4a61f3b9209725e194b00..ca676576523116eebcbbf18229887abaca0d0633 100644 (file)
--- a/fips/aes/fips_aesavs.c
+++ b/fips/aes/fips_aesavs.c
@@ -723,7 +723,7 @@ int proc_file(char *rqfile)
                break;
            if(!strncasecmp(ibuf,"COUNT = ",8))
                break;
-         
+
            if (strncasecmp(ibuf, "KEY = ", 6) != 0)
                {
                printf("Missing KEY\n");
@@ -833,7 +833,7 @@ int proc_file(char *rqfile)
                    err =1;
                    break;
                    }
-               
+
                PrintValue("CIPHERTEXT", ciphertext, len);
                if (strcmp(atest, "MCT") == 0)  /* Monte Carlo Test */
                    {
@@ -889,7 +889,7 @@ int main(int argc, char **argv)
     char fn[250] = "", rfn[256] = "";
     int f_opt = 0, d_opt = 1;
 
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
     if(!FIPS_mode_set(1,argv[0]))
        {
        ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));

diff --git a/fips/des/fips_des_enc.c b/fips/des/fips_des_enc.c
index e1c06e3060af8c3233456fb3605753fd48cdb6e5..3e7af5c686bc3197dd7df291bbed2c456105b76b 100644 (file)
--- a/fips/des/fips_des_enc.c
+++ b/fips/des/fips_des_enc.c
@@ -58,7 +58,7 @@
 
 #include "fips_des_locl.h"
 
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
 
 void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
        {
@@ -289,9 +289,9 @@ void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
        data[1]=r;
        }
 
-#else /* ndef FIPS */
+#else /* ndef OPENSSL_FIPS */
 
 static void *dummy=&dummy;
 
-#endif /* ndef FIPS */
+#endif /* ndef OPENSSL_FIPS */
 

diff --git a/fips/des/fips_desmovs.c b/fips/des/fips_desmovs.c
index 177cff26e0db173eb1b72b7ba81dfd1435171a84..d38e2601db5b381acf08bf2e32347670dc641649 100644 (file)
--- a/fips/des/fips_desmovs.c
+++ b/fips/des/fips_desmovs.c
@@ -667,7 +667,7 @@ int main(int argc, char **argv)
     char fn[250] = "", rfn[256] = "";
     int f_opt = 0, d_opt = 1;
 
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
     if(!FIPS_mode_set(1,argv[0]))
        {
        ERR_load_crypto_strings();

diff --git a/fips/dsa/fips_dsa_gen.c b/fips/dsa/fips_dsa_gen.c
index 34f389790fe3654ff5b09b1fb8b2995ab7699009..cf74020b5c9c75535c69c66940fb3b362e404fe7 100644 (file)
--- a/fips/dsa/fips_dsa_gen.c
+++ b/fips/dsa/fips_dsa_gen.c
@@ -84,7 +84,7 @@
 #ifndef OPENSSL_NO_SHA
 #include <openssl/sha.h>
 
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
 
 DSA *DSA_generate_parameters(int bits,
                unsigned char *seed_in, int seed_len,

diff --git a/fips/dsa/fips_dsa_ossl.c b/fips/dsa/fips_dsa_ossl.c
index 7fc0648c10e8303a5fe23f53c84e17dde9b9bec9..f7c775f2c484a743a968cc983a1d90a0da71123d 100644 (file)
--- a/fips/dsa/fips_dsa_ossl.c
+++ b/fips/dsa/fips_dsa_ossl.c
@@ -68,7 +68,7 @@
 #endif
 #include <openssl/fips.h>
 
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
 
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
@@ -367,8 +367,8 @@ static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
        return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
 }
 
-#else /* ndef FIPS */
+#else /* ndef OPENSSL_FIPS */
 
 static void *dummy=&dummy;
 
-#endif /* ndef FIPS */
+#endif /* ndef OPENSSL_FIPS */

diff --git a/fips/dsa/fips_dsatest.c b/fips/dsa/fips_dsatest.c
index 8fc4d01fc0746908826d991f51b0bb2211efc8c6..ffc9ccd828f6678a1203fc957b9625132065f056 100644 (file)
--- a/fips/dsa/fips_dsatest.c
+++ b/fips/dsa/fips_dsatest.c
@@ -74,7 +74,7 @@
 #include <openssl/fips.h>
 #include <openssl/fips_rand.h>
 
-#if defined(OPENSSL_NO_DSA) || !defined(FIPS)
+#if defined(OPENSSL_NO_DSA) || !defined(OPENSSL_FIPS)
 int main(int argc, char *argv[])
 {
     printf("No FIPS DSA support\n");
@@ -146,7 +146,7 @@ int main(int argc, char **argv)
        if (bio_err == NULL)
                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
        if(!FIPS_mode_set(1,argv[0]))
            {
            ERR_print_errors(bio_err);

diff --git a/fips/fips.c b/fips/fips.c
index e5861efdf34d88e34bab361af174f50fb5c46fb6..0db04e098a80d15d62b8c037167557c479594089 100644 (file)
--- a/fips/fips.c
+++ b/fips/fips.c
@@ -57,7 +57,7 @@
 #include <limits.h>
 #include "fips_locl.h"
 
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
 
 int FIPS_md5_allowed;
 

diff --git a/fips/fips.h b/fips/fips.h
index a93edd49767411bc7e9aa846301a64b1b7d7e1a8..2e7dc3c1a4a739fd26a2c4f5a5bbc03a10d3661b 100644 (file)
--- a/fips/fips.h
+++ b/fips/fips.h
@@ -47,7 +47,9 @@
  *
  */
 
-#if defined(FIPS) || defined(OPENSSL_FIPS)
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_FIPS
 /* Note that these are defined in crypto/cryptlib.c so they're
  * available even without -lfips.
  */

diff --git a/fips/fips_err_wrapper.c b/fips/fips_err_wrapper.c
index f849ca7c943f9958163d4fdc9a3fe87dc1b740f2..08975516719c286443beffe8246f784d2c5f531d 100644 (file)
--- a/fips/fips_err_wrapper.c
+++ b/fips/fips_err_wrapper.c
@@ -1,4 +1,4 @@
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
 # include "fips_err.h"
 #else
 static void *dummy=&dummy;

diff --git a/fips/rand/fips_randtest.c b/fips/rand/fips_randtest.c
index 011678a5a5af605153c22e88f9e74451b9b8f5a0..fa9185010d44062e9cc1d06dbee2ac368ed3b2bf 100644 (file)
--- a/fips/rand/fips_randtest.c
+++ b/fips/rand/fips_randtest.c
@@ -110,7 +110,7 @@
 
 #include "e_os.h"
 
-#ifndef FIPS
+#ifndef OPENSSL_FIPS
 int main(int argc, char *argv[])
 {
     printf("No FIPS RAND support\n");

diff --git a/fips/sha1/fips_sha1_selftest.c b/fips/sha1/fips_sha1_selftest.c
index 4dd880e5372f3e0b898238b24c06421672dc0d43..505e6f893de384197ba2bd062cbaba0c455f3b07 100644 (file)
--- a/fips/sha1/fips_sha1_selftest.c
+++ b/fips/sha1/fips_sha1_selftest.c
@@ -52,7 +52,7 @@
 #include <openssl/fips.h>
 #include <openssl/sha.h>
 
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
 static char *test[]=
     {
     "",

diff --git a/fips/sha1/fips_sha1dgst.c b/fips/sha1/fips_sha1dgst.c
index e76609529176d97e98b0f84876f3b7c38cca512e..89462fcc64f9bc58d3bee97bd924468bfe42674a 100644 (file)
--- a/fips/sha1/fips_sha1dgst.c
+++ b/fips/sha1/fips_sha1dgst.c
@@ -63,18 +63,18 @@
 
 #include <openssl/opensslv.h>
 
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
 const char *SHA1_version="SHA1" OPENSSL_VERSION_PTEXT;
 
 /* The implementation is in fips_md32_common.h */
 
 #include "fips_sha_locl.h"
 
-#else /* ndef FIPS */
+#else /* ndef OPENSSL_FIPS */
 
 static void *dummy=&dummy;
 
-#endif /* ndef FIPS */
+#endif /* ndef OPENSSL_FIPS */
 
 #endif
 

diff --git a/fips/sha1/fips_sha1test.c b/fips/sha1/fips_sha1test.c
index f4fa43d2496b6a9d0d4aa235273f4cf9b3cf1f95..5a5ed2b69b258805fd5d2267811138314d11e436 100644 (file)
--- a/fips/sha1/fips_sha1test.c
+++ b/fips/sha1/fips_sha1test.c
@@ -7,7 +7,7 @@
 #include <openssl/err.h>
 #include <openssl/fips.h>
 
-#ifndef FIPS
+#ifndef OPENSSL_FIPS
 int main(int argc, char *argv[])
 {
     printf("No FIPS SHA1 support\n");

diff --git a/fips/sha1/fips_standalone_sha1.c b/fips/sha1/fips_standalone_sha1.c
index 55a12cd3a0f2962bf5bcb7170f9ed963b14ac74e..9631470ccd951628d25207ef73d846527770e3de 100644 (file)
--- a/fips/sha1/fips_standalone_sha1.c
+++ b/fips/sha1/fips_standalone_sha1.c
@@ -53,7 +53,7 @@
 
 int main(int argc,char **argv)
     {
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
     int n;
 
     if(argc < 2)