Move all FIPSAPI renames into fips.h header file, include early in

crypto.h if needed.

Modify source tree to handle change.

diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c
index d2bba48b0d14c423a177640a04d90f741f1584fc..2dc677c739bda71f1f3c88f348c31c8ec4319fe2 100644 (file)
--- a/crypto/bn/bn_blind.c
+++ b/crypto/bn/bn_blind.c
@@ -109,16 +109,12 @@
  * [including the GNU Public Licence.]
  */
 
+#define OPENSSL_FIPSAPI
+
 #include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-#define OPENSSL_FIPSAPI
-
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 #define BN_BLINDING_COUNTER    32
 
 struct bn_blinding_st

diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c
index f16fb35f5a306cba39c38f8130b4034fd4b10aec..0272dbb62b0dd0e78d3b1902cc200625dc39a360 100644 (file)
--- a/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
@@ -68,10 +68,6 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 /* TODO list
  *
  * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and

diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 22673677931a1aa2e37a19d25b2b3bf73ec62b44..ce31ad0a58a61f74f33fbe12118fedb188ecea3c 100644 (file)
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -109,15 +109,11 @@
  *
  */
 
+#define OPENSSL_FIPSAPI
 
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-#define OPENSSL_FIPSAPI
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 /* maximum precomputation table size for *variable* sliding windows */
 #define TABLE_SIZE     32
 

diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 503762b31eb77e0b31d8ff9cead8f46d80eeaf9f..e7dea71911c45f0cccd60e847baef6a8804f0c70 100644 (file)
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -61,17 +61,14 @@
 # define NDEBUG
 #endif
 
+#define OPENSSL_FIPSAPI
+
 #include <assert.h>
 #include <limits.h>
 #include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-#define OPENSSL_FIPSAPI
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT;
 
 /* This stuff appears to be completely unused, so is deprecated */

diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index ba659cfd1d51719bcb7d53c0dbdbb182828f9c0e..2f7fb843a95d204d5e688d7b2252b93770da2f09 100644 (file)
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -122,10 +122,6 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 #define MONT_WORD /* use the faster word-based algorithm */
 
 #ifdef MONT_WORD

diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index 070b1e4ed2868a9d11ea84222e84a64a470134cf..215285b90ff405d7218ec3f4c96df1c5a1e99968 100644 (file)
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -109,17 +109,14 @@
  *
  */
 
+#define OPENSSL_FIPSAPI
+
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
 #include <openssl/rand.h>
 
-#define OPENSSL_FIPSAPI
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
        {
        unsigned char *buf=NULL;

diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c
index dde27ae71a5add527e139aa614e5a9190ec7c1bd..c086af6d0b58b570447b1be36384e4704c612c89 100644 (file)
--- a/crypto/bn/bn_recp.c
+++ b/crypto/bn/bn_recp.c
@@ -56,14 +56,12 @@
  * [including the GNU Public Licence.]
  */
 
+#define OPENSSL_FIPSAPI
+
 #include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-#define OPENSSL_FIPSAPI
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 void BN_RECP_CTX_init(BN_RECP_CTX *recp)
        {

diff --git a/crypto/buffer/buf_str.c b/crypto/buffer/buf_str.c
index 6d94942df807b41a8e61b46fe634f2d27464361f..11241f87273a532dc0ac6d1ac6337a95d5346905 100644 (file)
--- a/crypto/buffer/buf_str.c
+++ b/crypto/buffer/buf_str.c
@@ -56,15 +56,12 @@
  * [including the GNU Public Licence.]
  */
 
+#define OPENSSL_FIPSAPI
+
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 
-#define OPENSSL_FIPSAPI
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 char *BUF_strdup(const char *str)
        {
        if (str == NULL) return(NULL);

diff --git a/crypto/crypto.h b/crypto/crypto.h
index 5089c658826409687040c8d77fcae0b2711c6d28..938c2bc1442ad2e68f74f0783ed0ed5887b5392a 100644 (file)
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -125,6 +125,11 @@
 #include <stdio.h>
 #endif
 
+/* Get FIPS renames if needed */
+#if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSAPI)
+#include <openssl/fips.h>
+#endif
+
 #include <openssl/stack.h>
 #include <openssl/safestack.h>
 #include <openssl/opensslv.h>

diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c
index 3684960203de42c3443a0b31752b2be894025362..d983471e3bc6ffed0510042e40dec32aed2aa43e 100644 (file)
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -58,16 +58,13 @@
 
 /* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
 
+#define OPENSSL_FIPSAPI
+
 #include "cryptlib.h"
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/bn.h>
 
-#define OPENSSL_FIPSAPI
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        {
        return dsa->meth->dsa_do_sign(dgst, dlen, dsa);

diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index 086da7c794139256c783900bc0838e7c8ec41fd7..01f43993aa1b3f608277feef36f740980bd44a53 100644 (file)
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -526,70 +526,20 @@ __owur int EVP_Cipher(EVP_CIPHER_CTX *c,
 #define EVP_delete_digest_alias(alias) \
        OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);
 
-#ifdef OPENSSL_FIPS
-void FIPS_md_ctx_init(EVP_MD_CTX *ctx);
-EVP_MD_CTX *FIPS_md_ctx_create(void);
-void FIPS_md_ctx_destroy(EVP_MD_CTX *ctx);
-int FIPS_digestinit(EVP_MD_CTX *ctx, const EVP_MD *type);
-int FIPS_digestupdate(EVP_MD_CTX *ctx, const void *data, size_t count);
-int FIPS_digestfinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size);
-int FIPS_digest(const void *data, size_t count,
-               unsigned char *md, unsigned int *size, const EVP_MD *type);
-int FIPS_md_ctx_cleanup(EVP_MD_CTX *ctx);
-int     FIPS_md_ctx_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
-
-
-void FIPS_cipher_ctx_init(EVP_CIPHER_CTX *ctx);
-int FIPS_cipher_ctx_cleanup(EVP_CIPHER_CTX *c);
-EVP_CIPHER_CTX *FIPS_cipher_ctx_new(void);
-void FIPS_cipher_ctx_free(EVP_CIPHER_CTX *ctx);
-int FIPS_cipherinit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-            const unsigned char *key, const unsigned char *iv, int enc);
-int FIPS_cipher_ctx_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
-int FIPS_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                       const unsigned char *in, unsigned int inl);
-
-#endif
-
-#if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSAPI)
-
-#define EVP_MD_CTX_init FIPS_md_ctx_init
-#define EVP_MD_CTX_cleanup FIPS_md_ctx_cleanup
-#define EVP_MD_CTX_create FIPS_md_ctx_create
-#define EVP_MD_CTX_destroy FIPS_md_ctx_destroy
-#define EVP_DigestInit_ex(ctx, type, impl) FIPS_digestinit(ctx, type)
-#define EVP_DigestUpdate FIPS_digestupdate
-#define EVP_Digest(data, count, md, size, type, impl) \
-                       FIPS_digest(data, count, md, size, type)
-#define EVP_DigestFinal_ex FIPS_digestfinal
-#define EVP_MD_CTX_copy_ex FIPS_md_ctx_copy
-
-#define EVP_CipherInit_ex(ctx, cipher, impl, key, iv, enc) \
-                               FIPS_cipherinit(ctx, cipher, key, iv, enc)
-
-#define EVP_CIPHER_CTX_init FIPS_cipher_ctx_init
-#define EVP_CIPHER_CTX_cleanup FIPS_cipher_ctx_cleanup
-#define EVP_Cipher FIPS_cipher
-#define EVP_CIPHER_CTX_ctrl FIPS_cipher_ctx_ctrl
-
-#else
-
 void   EVP_MD_CTX_init(EVP_MD_CTX *ctx);
 int    EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
 EVP_MD_CTX *EVP_MD_CTX_create(void);
 void   EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
+__owur int     EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
+void   EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
+void   EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
+int    EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags);
 __owur int     EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
 __owur int     EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
                         size_t cnt);
 __owur int     EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
 __owur int     EVP_Digest(const void *data, size_t count,
                unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl);
-#endif
-
-__owur int     EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
-void   EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
-void   EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
-int    EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags);
 
 __owur int     EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
 __owur int     EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);

diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index e82a81b03ae62be387a9cdb794209735cf2a314f..90d6b3cd7cf1e5a7f2fad84b110a45e3e3cfd780 100644 (file)
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -62,6 +62,8 @@
  * - Geoff
  */
 
+#define OPENSSL_FIPSAPI
+
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
@@ -70,7 +72,6 @@
 
 #ifdef OPENSSL_FIPS
 
-#define OPENSSL_FIPSAPI
 
 #include <openssl/fips.h>
 #include <openssl/evp.h>

diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index 48cd89dd48cc30aeca24078828f50574790b02aa..eaae71223682099f737e5c8377894662de1a15da 100644 (file)
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -30,10 +30,6 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 static int MGF1(unsigned char *mask, long len,
        const unsigned char *seed, long seedlen);
 

diff --git a/fips/des/fips_desmovs.c b/fips/des/fips_desmovs.c
index 6766d1c9154b82ddd24cba4dfe601d7c99792644..2debcee29ad042a896052c67569a5ab3fa3abb01 100644 (file)
--- a/fips/des/fips_desmovs.c
+++ b/fips/des/fips_desmovs.c
@@ -83,8 +83,8 @@ int main(int argc, char *argv[])
 
 #else
 
-#include <openssl/fips.h>
 #include "fips_utl.h"
+#include <openssl/fips.h>
 
 #define DES_BLOCK_SIZE 8
 

diff --git a/fips/dsa/fips_dssvs.c b/fips/dsa/fips_dssvs.c
index 513df722cbbaf2cb49901658be65b8d8b1b9f67a..4610557f7b48f0e3b6ca6511a9d7653eefbc1e36 100644 (file)
--- a/fips/dsa/fips_dssvs.c
+++ b/fips/dsa/fips_dssvs.c
@@ -1,3 +1,5 @@
+
+#define OPENSSL_FIPSAPI
 #include <openssl/opensslconf.h>
 
 #ifndef OPENSSL_FIPS
@@ -10,8 +12,6 @@ int main(int argc, char **argv)
 }
 #else
 
-#define OPENSSL_FIPSAPI
-
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/fips.h>

diff --git a/fips/fips.h b/fips/fips.h
index 5452db9311f522ec110e257ba18be66b7ba722ea..a49611d9b5b541b9f911ee83b7cbe38e4322810c 100644 (file)
--- a/fips/fips.h
+++ b/fips/fips.h
@@ -60,6 +60,7 @@ extern "C" {
 #endif
 
 struct dsa_st;
+struct rsa_st;
 struct evp_pkey_st;
 struct env_md_st;
 struct evp_cipher_st;
@@ -108,18 +109,41 @@ int fips_cipher_test(struct evp_cipher_ctx_st *ctx,
 void fips_set_selftest_fail(void);
 int fips_check_rsa(struct rsa_st *rsa);
 
-void FIPS_lock(int mode, int type,const char *file,int line);
-
-void FIPS_set_locking_callback (void (*func)(int mode, int type,
+void FIPS_set_locking_callback(void (*func)(int mode, int type,
                                const char *file,int line));
 
-void *FIPS_malloc(int num, const char *file, int line);
-void FIPS_free(void *);
+/* Where necessary redirect standard OpenSSL APIs to FIPS versions */
 
 #if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSAPI)
+
 #define CRYPTO_lock FIPS_lock
 #define CRYPTO_malloc FIPS_malloc
 #define CRYPTO_free FIPS_free
+
+#define EVP_MD_CTX_init FIPS_md_ctx_init
+#define EVP_MD_CTX_cleanup FIPS_md_ctx_cleanup
+#define EVP_MD_CTX_create FIPS_md_ctx_create
+#define EVP_MD_CTX_destroy FIPS_md_ctx_destroy
+#define EVP_DigestInit_ex(ctx, type, impl) FIPS_digestinit(ctx, type)
+#define EVP_DigestInit FIPS_digestinit
+#define EVP_DigestUpdate FIPS_digestupdate
+#define EVP_Digest(data, count, md, size, type, impl) \
+                       FIPS_digest(data, count, md, size, type)
+#define EVP_DigestFinal_ex FIPS_digestfinal
+#define EVP_MD_CTX_copy_ex FIPS_md_ctx_copy
+
+#define EVP_CipherInit_ex(ctx, cipher, impl, key, iv, enc) \
+                               FIPS_cipherinit(ctx, cipher, key, iv, enc)
+
+#define EVP_CipherInit FIPS_cipherinit
+
+#define EVP_CIPHER_CTX_init FIPS_cipher_ctx_init
+#define EVP_CIPHER_CTX_cleanup FIPS_cipher_ctx_cleanup
+#define EVP_Cipher FIPS_cipher
+#define EVP_CIPHER_CTX_ctrl FIPS_cipher_ctx_ctrl
+#define EVP_CIPHER_CTX_new FIPS_cipher_ctx_new
+#define EVP_CIPHER_CTX_free FIPS_cipher_ctx_free
+
 #endif
 
 /* BEGIN ERROR CODES */

diff --git a/fips/fips_utl.h b/fips/fips_utl.h
index 76ae4f8e38d25ce8de5b5fcab14786bdfe07bda4..eccc8ddf4496d9988c8407d769d6bca67b66ecc3 100644 (file)
--- a/fips/fips_utl.h
+++ b/fips/fips_utl.h
@@ -48,7 +48,6 @@
  */
 
 #define OPENSSL_FIPSAPI
-#include <openssl/fips.h>
 
 int hex2bin(const char *in, unsigned char *out);
 unsigned char *hex2bin_m(const char *in, long *plen);

diff --git a/fips/hmac/fips_hmactest.c b/fips/hmac/fips_hmactest.c
index 8c51fe523be1ce5e6e61165a267ec2e443bd9fcb..af6ce29b801a81ce1ab4e31f8bb3327fe5ccec8e 100644 (file)
--- a/fips/hmac/fips_hmactest.c
+++ b/fips/hmac/fips_hmactest.c
@@ -56,6 +56,8 @@
  *
  */
 
+#define OPENSSL_FIPSAPI
+
 #include <stdio.h>
 #include <ctype.h>
 #include <string.h>
@@ -77,6 +79,7 @@ int main(int argc, char *argv[])
 
 #else
 
+#include <openssl/fips.h>
 #include "fips_utl.h"
 
 static int hmac_test(const EVP_MD *md, FILE *out, FILE *in);

diff --git a/fips/rand/fips_randtest.c b/fips/rand/fips_randtest.c
index 31c51d3392886ca4ae8aa016f7087210258570a4..b211a039c085f7cc7c2bb53ae245623de28ece31 100644 (file)
--- a/fips/rand/fips_randtest.c
+++ b/fips/rand/fips_randtest.c
@@ -103,6 +103,8 @@
  *
  */
 
+#define OPENSSL_FIPSAPI
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -125,8 +127,8 @@ int main(int argc, char *argv[])
 
 #define OPENSSL_FIPSAPI
 
-#include <openssl/fips.h>
 #include "fips_utl.h"
+#include <openssl/fips.h>
 
 typedef struct
        {

diff --git a/fips/rand/fips_rngvs.c b/fips/rand/fips_rngvs.c
index 2d198c77e3ce1ebabb79589ab5d20cbef931f3c2..972acce6d1eb75c460e5fdf7c78d184fc2bab58e 100644 (file)
--- a/fips/rand/fips_rngvs.c
+++ b/fips/rand/fips_rngvs.c
@@ -7,6 +7,9 @@
  * Validation System (RNGVS)", May 25, 2004.
  *
  */
+
+#define OPENSSL_FIPSAPI
+
 #include <openssl/opensslconf.h>
 
 #ifndef OPENSSL_FIPS

diff --git a/fips/utl/fips_mem.c b/fips/utl/fips_mem.c
index d8f197bd45661d641b65d5db571db91354a6bec7..3d5c907f1aae5645a8e471ae08ea1ae99f660984 100644 (file)
--- a/fips/utl/fips_mem.c
+++ b/fips/utl/fips_mem.c
@@ -51,6 +51,8 @@
  * ====================================================================
  */
 
+#define OPENSSL_FIPSAPI
+
 #include <openssl/err.h>
 #include <openssl/fips.h>