return buf;
}
-#ifndef FIPS_MODE
-/* No BIO_snprintf in FIPS_MODE */
+#ifndef FIPS_MODULE
+/* No BIO_snprintf in FIPS_MODULE */
/* Must 'OPENSSL_free' the returned data */
char *BN_bn2dec(const BIGNUM *a)
{
OPENSSL_CTX *libctx;
};
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* Debugging functionality */
static void ctxdbg(BIO *channel, const char *text, BN_CTX *ctx)
{
#else
/* TODO(3.0): Consider if we want to do this in FIPS mode */
# define CTXDBG(str, ctx) do {} while(0)
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx)
{
return ret;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX *BN_CTX_new(void)
{
return BN_CTX_new_ex(NULL);
return ret;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX *BN_CTX_secure_new(void)
{
return BN_CTX_secure_new_ex(NULL);
{
if (ctx == NULL)
return;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
OSSL_TRACE_BEGIN(BN_CTX) {
BN_POOL_ITEM *pool = ctx->pool.head;
BIO_printf(trc_out,
/* DH parameters from RFC3526 */
-# ifndef FIPS_MODE
+# ifndef FIPS_MODULE
/*
* "1536-bit MODP Group" from RFC3526, Section 2.
*
BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145),
BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF)
};
-# endif /* FIPS_MODE */
+# endif /* FIPS_MODULE */
/*-
* "2048-bit MODP Group" from RFC3526, Section 3.
make_dh_bn(ffdhe8192_p)
make_dh_bn(ffdhe8192_q)
-# ifndef FIPS_MODE
+# ifndef FIPS_MODULE
make_dh_bn(modp_1536_p)
make_dh_bn(modp_1536_q)
# endif
return found;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
{
int do_trial_division, BN_GENCB *cb)
{
int i, status, ret = -1;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX *ctxlocal = NULL;
#else
if (!BN_GENCB_call(cb, 1, -1))
return -1;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (ctx == NULL && (ctxlocal = ctx = BN_CTX_new()) == NULL)
goto err;
#endif
goto err;
ret = (status == BN_PRIMETEST_PROBABLY_PRIME);
err:
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX_free(ctxlocal);
#endif
return ret;
{
return bnrand(NORMAL, rnd, bits, top, bottom, ctx);
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
{
return bnrand(NORMAL, rnd, bits, top, bottom, NULL);
return bnrand(PRIVATE, rnd, bits, top, bottom, ctx);
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom)
{
return bnrand(PRIVATE, rnd, bits, top, bottom, NULL);
return bnrand_range(NORMAL, r, range, ctx);
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int BN_rand_range(BIGNUM *r, const BIGNUM *range)
{
return bnrand_range(NORMAL, r, range, NULL);
return bnrand_range(PRIVATE, r, range, ctx);
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int BN_priv_rand_range(BIGNUM *r, const BIGNUM *range)
{
return bnrand_range(PRIVATE, r, range, NULL);
struct openssl_ctx_onfree_list_st *onfreelist;
};
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
static OPENSSL_CTX default_context_int;
/* Always points at default_context_int if it has been initialised */
return 1;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
void openssl_ctx_default_deinit(void)
{
context_deinit(default_context);
return ctx;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int OPENSSL_CTX_load_config(OPENSSL_CTX *ctx, const char *config_file)
{
return CONF_modules_load_file_with_libctx(ctx, config_file, NULL, 0) > 0;
OPENSSL_CTX *openssl_ctx_get_concrete(OPENSSL_CTX *ctx)
{
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (ctx == NULL) {
if (!RUN_ONCE(&default_context_init, do_default_context_init))
return 0;
int openssl_ctx_is_default(OPENSSL_CTX *ctx)
{
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (ctx == NULL || ctx == default_context)
return 1;
#endif
NAMENUM_ENTRY *namenum_entry, namenum_tmpl;
int number = 0;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (namemap == NULL)
namemap = ossl_namemap_stored(NULL);
#endif
NAMENUM_ENTRY *namenum = NULL;
int tmp_number;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (namemap == NULL)
namemap = ossl_namemap_stored(NULL);
#endif
* ==============
*/
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
#include <openssl/evp.h>
/* Creates an initial namemap with names found in the legacy method db */
openssl_ctx_get_data(libctx, OPENSSL_CTX_NAMEMAP_INDEX,
&stored_namemap_method);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (namemap != NULL && ossl_namemap_empty(namemap)) {
/* Before pilfering, we make sure the legacy database is populated */
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
return errflags == 0;
}
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
int DH_check_params(const DH *dh, int *ret)
{
int nid;
BN_CTX_free(ctx);
return ok;
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
/*-
* Check that p is a safe prime and
/* Note: according to documentation - this only checks the params */
int DH_check(const DH *dh, int *ret)
{
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
return DH_check_params(dh, ret);
#else
int ok = 0, r;
BN_CTX_end(ctx);
BN_CTX_free(ctx);
return ok;
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
}
int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key)
#include "crypto/dh.h"
#include "dh_local.h"
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
BN_GENCB *cb);
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
int dh_generate_ffc_parameters(DH *dh, int type, int pbits,
int qbits, EVP_MD *md, BN_GENCB *cb)
qbits = (pbits >= 2048 ? SHA256_DIGEST_LENGTH :
SHA_DIGEST_LENGTH) * 8;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (type == DH_PARAMGEN_TYPE_FIPS_186_2)
ret = ffc_params_FIPS186_2_generate(dh->libctx, &dh->params,
FFC_PARAM_TYPE_DH,
return nid;
}
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
static int dh_gen_named_group(OPENSSL_CTX *libctx, DH *ret, int prime_len)
{
DH_free(dh);
return ok;
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
BN_GENCB *cb)
{
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
if (generator != 2)
return 0;
return dh_gen_named_group(ret->libctx, ret, prime_len);
if (ret->meth->generate_params)
return ret->meth->generate_params(ret, prime_len, generator, cb);
return dh_builtin_genparams(ret, prime_len, generator, cb);
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/*-
* We generate DH parameters as follows
* find a prime p which is prime_len bits long,
BN_CTX_free(ctx);
return ok;
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
FFDHE(4096),
FFDHE(6144),
FFDHE(8192),
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
MODP(1536),
#endif
MODP(2048),
* Additional dh named groups from RFC 5114 that have a different g.
* The uid can be any unique identifier.
*/
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
RFC5114("dh_1024_160", 1, 1024, 1024_160),
RFC5114("dh_2048_224", 2, 2048, 2048_224),
RFC5114("dh_2048_256", 3, 2048, 2048_256),
#include "crypto/dh.h"
#include "crypto/security_bits.h"
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
# define MIN_STRENGTH 112
#else
# define MIN_STRENGTH 80
BN_MONT_CTX *mont = NULL;
BIGNUM *tmp;
int ret = -1;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int check_result;
#endif
goto err;
}
/* TODO(3.0) : Solve in a PR related to Key validation for DH */
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) {
DHerr(0, DH_R_INVALID_PUBKEY);
goto err;
int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
return compute_key(key, pub_key, dh);
#else
return dh->meth->compute_key(key, pub_key, dh);
{
int rv, pad;
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
rv = compute_key(key, pub_key, dh);
#else
rv = dh->meth->compute_key(key, pub_key, dh);
return 1;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
void DH_set_default_method(const DH_METHOD *meth)
{
default_DH_method = meth;
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
int DH_generate_key(DH *dh)
{
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
return generate_key(dh);
#else
return dh->meth->generate_key(dh);
{
int ok = 0;
int generate_new_key = 0;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
unsigned l;
#endif
BN_CTX *ctx = NULL;
max_strength, priv_key))
goto err;
} else {
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
if (dh->params.q == NULL)
goto err;
#else
static DH *dh_new_intern(ENGINE *engine, OPENSSL_CTX *libctx);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int DH_set_method(DH *dh, const DH_METHOD *meth)
{
/*
{
return dh_new_intern(engine, NULL);
}
-#endif /* !FIPS_MODE */
+#endif /* !FIPS_MODULE */
DH *dh_new_with_libctx(OPENSSL_CTX *libctx)
{
ret->libctx = libctx;
ret->meth = DH_get_default_method();
-#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE)
+#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
ret->flags = ret->meth->flags; /* early default init */
if (engine) {
if (!ENGINE_init(engine)) {
ret->flags = ret->meth->flags;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data))
goto err;
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
DHerr(0, ERR_R_INIT_FAIL);
if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
-#if !defined(FIPS_MODE)
+#if !defined(FIPS_MODULE)
# if !defined(OPENSSL_NO_ENGINE)
ENGINE_finish(r->engine);
# endif
return ((i > 1) ? 1 : 0);
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int DH_set_ex_data(DH *d, int idx, void *arg)
{
return CRYPTO_set_ex_data(&d->ex_data, idx, arg);
dh->flags |= flags;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
ENGINE *DH_get0_engine(DH *dh)
{
return dh->engine;
}
-#endif /*FIPS_MODE */
+#endif /*FIPS_MODULE */
FFC_PARAMS *dh_get0_params(DH *dh)
{
if ((ret = dh_paramgen_check(ctx)) <= 0)
return ret;
-#if !defined(FIPS_MODE)
+#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
if ((ret = dh_paramgen_check(ctx)) <= 0)
return ret;
-#if !defined(FIPS_MODE)
+#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
if ((ret = dh_paramgen_check(ctx)) <= 0)
return ret;
-#if !defined(FIPS_MODE)
+#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
if ((ret = dh_paramgen_check(ctx)) <= 0)
return ret;
-#if !defined(FIPS_MODE)
+#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
if ((ret = dh_paramgen_check(ctx)) <= 0)
return ret;
-#if !defined(FIPS_MODE)
+#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN,
if ((ret = dh_paramgen_check(ctx)) <= 0)
return ret;
-#if !defined(FIPS_MODE)
+#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH,
int flags;
BN_MONT_CTX *method_mont_p;
CRYPTO_REF_COUNT references;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
CRYPTO_EX_DATA ex_data;
ENGINE *engine;
#endif
else
md = EVP_sha1();
}
-# ifndef FIPS_MODE
+# ifndef FIPS_MODULE
if (dctx->paramgen_type == DH_PARAMGEN_TYPE_FIPS_186_2)
rv = ffc_params_FIPS186_2_generate(libctx, &ret->params,
FFC_PARAM_TYPE_DH,
return 1;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (dctx->rfc5114_param) {
switch (dctx->rfc5114_param) {
case 1:
EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh);
return 1;
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
if (ctx->pkey_gencb != NULL) {
pcb = BN_GENCB_new();
return 0;
evp_pkey_set_cb_translate(pcb, ctx);
}
-# ifdef FIPS_MODE
+# ifdef FIPS_MODULE
dctx->paramgen_type = DH_PARAMGEN_TYPE_FIPS_186_4;
-# endif /* FIPS_MODE */
+# endif /* FIPS_MODULE */
if (dctx->paramgen_type >= DH_PARAMGEN_TYPE_FIPS_186_2) {
dh = ffc_params_generate(NULL, dctx, pcb);
BN_GENCB_free(pcb);
qbits = (pbits >= 2048 ? SHA256_DIGEST_LENGTH :
SHA_DIGEST_LENGTH) * 8;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (type == DSA_PARAMGEN_TYPE_FIPS_186_2)
ret = ffc_params_FIPS186_2_generate(dsa->libctx, &dsa->params,
FFC_PARAM_TYPE_DSA,
return ret;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int DSA_generate_parameters_ex(DSA *dsa, int bits,
const unsigned char *seed_in, int seed_len,
int *counter_ret, unsigned long *h_ret,
BN_GENCB *cb)
{
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (dsa->meth->dsa_paramgen)
return dsa->meth->dsa_paramgen(dsa, bits, seed_in, seed_len,
counter_ret, h_ret, cb);
&& !ffc_params_set_validate_params(&dsa->params, seed_in, seed_len, -1))
return 0;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* The old code used FIPS 186-2 DSA Parameter generation */
if (bits <= 1024 && seed_len == 20) {
if (!dsa_generate_ffc_parameters(dsa, DSA_PARAMGEN_TYPE_FIPS_186_2,
#include "crypto/dsa.h"
#include "dsa_local.h"
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
# define MIN_STRENGTH 112
#else
# define MIN_STRENGTH 80
int DSA_generate_key(DSA *dsa)
{
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (dsa->meth->dsa_keygen != NULL)
return dsa->meth->dsa_keygen(dsa);
#endif
dsa->priv_key = priv_key;
dsa->pub_key = pub_key;
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
pairwise_test = 1;
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
ok = 1;
if (pairwise_test) {
static DSA *dsa_new_intern(ENGINE *engine, OPENSSL_CTX *libctx);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int DSA_set_ex_data(DSA *d, int idx, void *arg)
{
meth->init(dsa);
return 1;
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
const DSA_METHOD *DSA_get_method(DSA *d)
ret->libctx = libctx;
ret->meth = DSA_get_default_method();
-#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE)
+#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; /* early default init */
if (engine) {
if (!ENGINE_init(engine)) {
ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (!crypto_new_ex_data_ex(libctx, CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data))
goto err;
#endif
return dsa_new_intern(NULL, libctx);
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
DSA *DSA_new(void)
{
return dsa_new_intern(NULL, NULL);
if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
-#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE)
+#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
ENGINE_finish(r->engine);
#endif
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
#endif
if ((ret = dsa_paramgen_check(ctx)) <= 0)
return ret;
-#if !defined(FIPS_MODE)
+#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
if ((ret = dsa_paramgen_check(ctx)) <= 0)
return ret;
-#if !defined(FIPS_MODE)
+#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
if ((ret = dsa_paramgen_check(ctx)) <= 0)
return ret;
-#if !defined(FIPS_MODE)
+#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL) {
const EVP_MD *md = EVP_get_digestbyname(md_name);
return EVP_PKEY_CTX_set_params(ctx, params);
}
-#if !defined(FIPS_MODE)
+#if !defined(FIPS_MODULE)
int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
{
const char *md_name = (md == NULL) ? "" : EVP_MD_name(md);
/* Normally used to cache montgomery values */
BN_MONT_CTX *method_mont_p;
CRYPTO_REF_COUNT references;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
CRYPTO_EX_DATA ex_data;
#endif
const DSA_METHOD *meth;
static const DSA_METHOD *default_DSA_method = &openssl_dsa_meth;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
void DSA_set_default_method(const DSA_METHOD *meth)
{
default_DSA_method = meth;
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
const DSA_METHOD *DSA_get_default_method(void)
{
{
BIGNUM *tmp, *x, *y, *z;
int ret = 0, z0;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
/* clear error queue */
if (!BN_GF2m_add(tmp, x, tmp))
goto err;
if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx)) {
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
unsigned long err = ERR_peek_last_error();
if (ERR_GET_LIB(err) == ERR_LIB_BN
err:
BN_CTX_end(ctx);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;
int used_ctx = 0;
BIGNUM *x, *y, *yxi;
size_t field_len, i, skip;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
#endif
goto err;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
if (used_ctx)
BN_CTX_end(ctx);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;
err:
if (used_ctx)
BN_CTX_end(ctx);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return 0;
BIGNUM *x, *y, *yxi;
size_t field_len, enc_len;
int ret = 0;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
#endif
return 0;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
err:
BN_CTX_end(ctx);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;
{
int ret = 0;
BIGNUM *b;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
if (ctx == NULL) {
err:
BN_CTX_end(ctx);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;
{
BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t;
int ret = 0;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
#endif
return 1;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
err:
BN_CTX_end(ctx);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;
int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
const BIGNUM *, BN_CTX *);
int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
#endif
if (!point->Z_is_one)
return -1;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
err:
BN_CTX_end(ctx);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;
{
BIGNUM *aX, *aY, *bX, *bY;
int ret = -1;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
#endif
return ((BN_cmp(a->X, b->X) == 0) && BN_cmp(a->Y, b->Y) == 0) ? 0 : 1;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
err:
BN_CTX_end(ctx);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;
{
BIGNUM *x, *y;
int ret = 0;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
#endif
if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
return 1;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
err:
BN_CTX_end(ctx);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;
#include "internal/nelem.h"
#include "crypto/asn1_dsa.h"
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int EC_GROUP_get_basis_type(const EC_GROUP *group)
{
DECLARE_ASN1_FUNCTIONS(ECDSA_SIG)
DECLARE_ASN1_ENCODE_FUNCTIONS_name(ECDSA_SIG, ECDSA_SIG)
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
ECDSA_SIG *ECDSA_SIG_new(void)
{
int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
{
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
/*
* ECC domain parameter validation.
* See SP800-56A R3 5.5.2 "Assurances of Domain-Parameter Validity" Part 1b.
BN_CTX_free(new_ctx);
EC_POINT_free(point);
return ret;
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
}
return 1;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid)
{
if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
}
};
-# ifndef FIPS_MODE
+# ifndef FIPS_MODULE
/* the x9.62 prime curves (minus the nist prime curves) */
static const struct {
EC_CURVE_DATA h;
0x43, 0x21, 0x46, 0x52, 0x65, 0x51
}
};
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
static const struct {
EC_CURVE_DATA h;
}
};
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* the secg prime curves (minus the nist and x9.62 prime curves) */
static const struct {
EC_CURVE_DATA h;
0x5C, 0x5C, 0x2A, 0x3D
}
};
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
#ifndef OPENSSL_NO_EC2M
/* characteristic two curves */
-# ifndef FIPS_MODE
+# ifndef FIPS_MODULE
static const struct {
EC_CURVE_DATA h;
unsigned char data[20 + 15 * 6];
0x33, 0x04, 0x9B, 0xA9, 0x8F
}
};
-# endif /* FIPS_MODE */
+# endif /* FIPS_MODULE */
static const struct {
EC_CURVE_DATA h;
}
};
-# ifndef FIPS_MODE
+# ifndef FIPS_MODULE
static const struct {
EC_CURVE_DATA h;
unsigned char data[0 + 21 * 6];
0xAA, 0xB6, 0x89, 0xC2, 0x9C, 0xA7, 0x10, 0x27, 0x9B
}
};
-# endif /* FIPS_MODE */
+# endif /* FIPS_MODULE */
static const struct {
EC_CURVE_DATA h;
}
};
-# ifndef FIPS_MODE
+# ifndef FIPS_MODULE
static const struct {
EC_CURVE_DATA h;
unsigned char data[20 + 25 * 6];
0xD5
}
};
-# endif /* FIPS_MODE */
+# endif /* FIPS_MODULE */
static const struct {
EC_CURVE_DATA h;
}
};
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
static const struct {
EC_CURVE_DATA h;
unsigned char data[0 + 30 * 6];
0x1D, 0xA8, 0x00, 0xE4, 0x78, 0xA5
}
};
-# endif /* FIPS_MODE */
+# endif /* FIPS_MODULE */
static const struct {
EC_CURVE_DATA h;
}
};
-# ifndef FIPS_MODE
+# ifndef FIPS_MODULE
static const struct {
EC_CURVE_DATA h;
unsigned char data[20 + 21 * 6];
0xED, 0xF9, 0x7C, 0x44, 0xDB, 0x9F, 0x24, 0x20, 0xBA, 0xFC, 0xA7, 0x5E
}
};
-# endif /* FIPS_MODE */
+# endif /* FIPS_MODULE */
#endif /* OPENSSL_NO_EC2M */
/*
* generation mechanism is different from those defined in ANSI X9.62.
*/
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
static const struct {
EC_CURVE_DATA h;
unsigned char data[0 + 20 * 6];
0x9C, 0xA9, 0x00, 0x69
}
};
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
-#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
static const struct {
EC_CURVE_DATA h;
unsigned char data[0 + 32 * 6];
const char *comment;
} ec_list_element;
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
static const ec_list_element curve_list[] = {
/* prime field curves */
/* secg curves */
"SM2 curve over a 256 bit prime field"},
# endif
};
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
#define curve_list_length OSSL_NELEM(curve_list)
if ((nid = EC_curve_nist2nid(name)) != NID_undef)
return nid;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/*
* TODO(3.0) Figure out if we can use other names than the NIST names
* ("B-163", "K-163" & "P-192") in the FIPS module, or if other names
return ret;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
{
return EC_GROUP_new_by_curve_name_ex(NULL, nid);
static int ecdsa_keygen_pairwise_test(EC_KEY *eckey, OSSL_CALLBACK *cb,
void *cbarg);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
EC_KEY *EC_KEY_new(void)
{
return ec_key_new_method_int(NULL, NULL);
return ret;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
EC_KEY *EC_KEY_new_by_curve_name(int nid)
{
return EC_KEY_new_by_curve_name_ex(NULL, nid);
if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
ENGINE_finish(r->engine);
#endif
if (r->group && r->group->meth->keyfinish)
r->group->meth->keyfinish(r);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, r, &r->ex_data);
#endif
CRYPTO_THREAD_lock_free(r->lock);
dest->meth->finish(dest);
if (dest->group && dest->group->meth->keyfinish)
dest->group->meth->keyfinish(dest);
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
if (ENGINE_finish(dest->engine) == 0)
return 0;
dest->engine = NULL;
dest->conv_form = src->conv_form;
dest->version = src->version;
dest->flags = src->flags;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_EC_KEY,
&dest->ex_data, &src->ex_data))
return NULL;
#endif
if (src->meth != dest->meth) {
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
if (src->engine != NULL && ENGINE_init(src->engine) == 0)
return NULL;
dest->engine = src->engine;
eckey->dirty_cnt++;
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
pairwise_test = 1;
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
ok = 1;
if (pairwise_test) {
if (finish != NULL)
finish(key);
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
ENGINE_finish(key->engine);
key->engine = NULL;
#endif
}
ret->meth = EC_KEY_get_default_method();
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
if (engine != NULL) {
if (!ENGINE_init(engine)) {
ECerr(EC_F_EC_KEY_NEW_METHOD_INT, ERR_R_ENGINE_LIB);
ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
/* No ex_data inside the FIPS provider */
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data)) {
goto err;
}
return NULL;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
EC_KEY *EC_KEY_new_method(ENGINE *engine)
{
return ec_key_new_method_int(NULL, engine);
return NULL;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
{
return EC_GROUP_new_ex(NULL, meth);
{
int r = 0;
BIGNUM *a1, *a2, *a3, *b1, *b2, *b3;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX *ctx_new = NULL;
#endif
if (a->meth->flags & EC_FLAGS_CUSTOM_CURVE)
return 0;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (ctx == NULL)
ctx_new = ctx = BN_CTX_new();
#endif
b3 = BN_CTX_get(ctx);
if (b3 == NULL) {
BN_CTX_end(ctx);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX_free(ctx_new);
#endif
return -1;
}
end:
BN_CTX_end(ctx);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX_free(ctx_new);
#endif
return r;
{
int ret = 0;
size_t i = 0;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
#endif
}
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (ctx == NULL)
ctx = new_ctx = BN_CTX_secure_new();
#endif
/* use default */
ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;
return ret;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg)
{
return CRYPTO_set_ex_data(&key->ex_data, idx, arg);
{
BIGNUM *e = NULL;
int ret = 0;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
#endif
if (group->mont_data == NULL)
return 0;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (ctx == NULL)
ctx = new_ctx = BN_CTX_secure_new();
#endif
err:
BN_CTX_end(ctx);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;
point_conversion_form_t conv_form;
CRYPTO_REF_COUNT references;
int flags;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
CRYPTO_EX_DATA ex_data;
#endif
CRYPTO_RWLOCK *lock;
EC_POINT **points = NULL;
EC_PRE_COMP *pre_comp;
int ret = 0;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
#endif
goto err;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (ctx == NULL)
ctx = new_ctx = BN_CTX_new();
#endif
err:
BN_CTX_end(ctx);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
EC_ec_pre_comp_free(pre_comp);
{
int ret = 0;
BIGNUM *curve_p, *curve_a, *curve_b;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
if (ctx == NULL)
ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
err:
BN_CTX_end(ctx);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;
BIGNUM *x, *y;
EC_POINT *generator = NULL;
felem tmp_felems[32];
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
#endif
/* throw away old precomputation */
EC_pre_comp_free(group);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (ctx == NULL)
ctx = new_ctx = BN_CTX_new();
#endif
err:
BN_CTX_end(ctx);
EC_POINT_free(generator);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
EC_nistp224_pre_comp_free(pre);
{
int ret = 0;
BIGNUM *curve_p, *curve_a, *curve_b;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
if (ctx == NULL)
ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
err:
BN_CTX_end(ctx);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;
EC_POINT *generator = NULL;
smallfelem tmp_smallfelems[32];
felem x_tmp, y_tmp, z_tmp;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
#endif
/* throw away old precomputation */
EC_pre_comp_free(group);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (ctx == NULL)
ctx = new_ctx = BN_CTX_new();
#endif
err:
BN_CTX_end(ctx);
EC_POINT_free(generator);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
EC_nistp256_pre_comp_free(pre);
{
int ret = 0;
BIGNUM *curve_p, *curve_a, *curve_b;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
if (ctx == NULL)
ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
err:
BN_CTX_end(ctx);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;
BIGNUM *x, *y;
EC_POINT *generator = NULL;
felem tmp_felems[16];
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
#endif
/* throw away old precomputation */
EC_pre_comp_free(group);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (ctx == NULL)
ctx = new_ctx = BN_CTX_new();
#endif
err:
BN_CTX_end(ctx);
EC_POINT_free(generator);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
EC_nistp521_pre_comp_free(pre);
BIGNUM *tmp1, *tmp2, *x, *y;
int ret = 0;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* clear error queue */
ERR_clear_error();
#endif
}
if (!BN_mod_sqrt(y, tmp1, group->field, ctx)) {
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
unsigned long err = ERR_peek_last_error();
if (ERR_GET_LIB(err) == ERR_LIB_BN
if (ctx == NULL)
return 1;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */
/*
* pctx should be freed by the user of EVP_MD_CTX
OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
}
-#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE)
+#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
ENGINE_finish(ctx->engine);
#endif
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
{
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
ENGINE *tmpimpl = NULL;
#endif
ctx->reqdigest = type;
/* TODO(3.0): Legacy work around code below. Remove this */
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
/*
* Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
* this context may already have an ENGINE! Try to avoid releasing the
*/
if (ctx->engine != NULL
|| impl != NULL
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
|| tmpimpl != NULL
#endif
|| (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) {
/* TODO(3.0): Start of non-legacy code below */
if (type->prov == NULL) {
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
/* We only do explicit fetches inside the FIPS module */
EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
return 0;
/* TODO(3.0): Remove legacy code below */
legacy:
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
if (type) {
if (impl != NULL) {
if (!ENGINE_init(impl)) {
}
}
}
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
skip_to_init:
#endif
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/*
* TODO(3.0): Temporarily no support for EVP_DigestSign* inside FIPS module
* or when using providers.
/* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */
EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */
if (in->pctx != NULL) {
out->pctx = EVP_PKEY_CTX_dup(in->pctx);
/* TODO(3.0): Remove legacy code below */
legacy:
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
/* Make sure it's safe to copy a digest context using an ENGINE */
if (in->engine && !ENGINE_init(in->engine)) {
EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_ENGINE_LIB);
out->update = in->update;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */
if (in->pctx) {
out->pctx = EVP_PKEY_CTX_dup(in->pctx);
* provider based, we know that none of its code depends on legacy
* NIDs or any functionality that use them.
*/
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* TODO(3.x) get rid of the need for legacy NIDs */
static void set_legacy_nid(const char *name, void *vlegacy_nid)
{
return NULL;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* TODO(3.x) get rid of the need for legacy NIDs */
md->type = NID_undef;
evp_names_do_all(prov, name_id, set_legacy_nid, &md->type);
const unsigned char iv[16]);
} EVP_AES_XTS_CTX;
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
static const int allow_insecure_decrypt = 0;
#else
static const int allow_insecure_decrypt = 1;
return rv;
}
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
/*
* See SP800-38D (GCM) Section 8 "Uniqueness requirement on IVS and keys"
*
return 0;
return 1;
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
if (gctx->tls_aad_len >= 0)
return aes_gcm_tls_cipher(ctx, out, in, len);
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
/*
* FIPS requires generation of AES-GCM IV's inside the FIPS module.
* The IV can still be set externally (the security policy will state that
#else
if (!gctx->iv_set)
return -1;
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
if (in) {
if (out == NULL) {
OPENSSL_cleanse(ctx->cipher_data, ctx->cipher->ctx_size);
}
OPENSSL_free(ctx->cipher_data);
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
ENGINE_finish(ctx->engine);
#endif
memset(ctx, 0, sizeof(*ctx));
ENGINE *impl, const unsigned char *key,
const unsigned char *iv, int enc)
{
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
ENGINE *tmpimpl = NULL;
#endif
const EVP_CIPHER *tmpcipher;
/* TODO(3.0): Legacy work around code below. Remove this */
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
/*
* Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
* this context may already have an ENGINE! Try to avoid releasing the
* If there are engines involved then we should use legacy handling for now.
*/
if (ctx->engine != NULL
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
|| tmpimpl != NULL
#endif
|| impl != NULL) {
cipher = ctx->cipher;
if (cipher->prov == NULL) {
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
/* We only do explicit fetches inside the FIPS module */
EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
return 0;
ctx->encrypt = enc;
ctx->flags = flags;
}
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
if (impl != NULL) {
if (!ENGINE_init(impl)) {
EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
}
}
}
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
skip_to_init:
#endif
if (ctx->cipher == NULL)
if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
return 0;
#else
{
return 0;
return 1;
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
}
int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
/* TODO(3.0): Remove legacy code below */
legacy:
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
/* Make sure it's safe to copy a cipher context using an ENGINE */
if (in->engine && !ENGINE_init(in->engine)) {
EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_ENGINE_LIB);
* provider based, we know that none of its code depends on legacy
* NIDs or any functionality that use them.
*/
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* TODO(3.x) get rid of the need for legacy NIDs */
static void set_legacy_nid(const char *name, void *vlegacy_nid)
{
return NULL;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* TODO(3.x) get rid of the need for legacy NIDs */
cipher->nid = NID_undef;
evp_names_do_all(prov, name_id, set_legacy_nid, &cipher->nid);
if (ret == NULL) {
int code = EVP_R_FETCH_FAILED;
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
ERR_raise(ERR_LIB_EVP, code);
#else
ERR_raise_data(ERR_LIB_EVP, code,
if (ret == NULL) {
int code = EVP_R_FETCH_FAILED;
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
ERR_raise(ERR_LIB_EVP, code);
#else
{
#include "internal/provider.h"
#include "evp_local.h"
-#if !defined(FIPS_MODE)
+#if !defined(FIPS_MODULE)
int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
{
int ret = -1; /* Assume the worst */
}
return i;
}
-#endif /* !defined(FIPS_MODE) */
+#endif /* !defined(FIPS_MODULE) */
/* Convert the various cipher NIDs and dummies to a proper OID NID */
int EVP_CIPHER_type(const EVP_CIPHER *ctx)
return NID_des_cfb64;
default:
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
return NID_undef;
#else
{
{
if (cipher->prov != NULL)
return evp_first_name(cipher->prov, cipher->name_id);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
return OBJ_nid2sn(EVP_CIPHER_nid(cipher));
#else
return NULL;
{
if (md->prov != NULL)
return evp_first_name(md->prov, md->name_id);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
return OBJ_nid2sn(EVP_MD_nid(md));
#else
return NULL;
return ctx->pctx;
}
-#if !defined(FIPS_MODE)
+#if !defined(FIPS_MODULE)
/* TODO(3.0): EVP_DigestSign* not yet supported in FIPS module */
void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx)
{
EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
}
}
-#endif /* !defined(FIPS_MODE) */
+#endif /* !defined(FIPS_MODULE) */
void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx)
{
*/
ERR_pop_to_mark();
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
return 0;
#else
if (ctx->pmeth == NULL || ctx->pmeth->derive == NULL) {
return ctx->op.kex.exchange->set_peer(ctx->op.kex.exchprovctx, provkey);
legacy:
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
return ret;
#else
/*
#include "internal/provider.h"
#include "evp_local.h"
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
{
return EVP_DigestUpdate(ctx, data, dsize);
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
size_t *siglen)
{
return -1;
return EVP_DigestVerifyFinal(ctx, sigret, siglen);
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
int len, EVP_KEYMGMT *keymgmt);
static void evp_pkey_free_it(EVP_PKEY *key);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* The type of parameters selected in key parameter functions */
# define SELECT_PARAMETERS OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
return ret;
}
# endif /* OPENSSL_NO_DSA */
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
# ifndef OPENSSL_NO_EC
int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
{
int EVP_PKEY_is_a(const EVP_PKEY *pkey, const char *name)
{
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (pkey->keymgmt == NULL) {
/*
* These hard coded cases are pure hackery to get around the fact
return rv;
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
-/*- All methods below can also be used in FIPS_MODE */
+/*- All methods below can also be used in FIPS_MODULE */
EVP_PKEY *EVP_PKEY_new(void)
{
EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE);
goto err;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EVP_PKEY, ret, &ret->ex_data)) {
EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE);
goto err;
static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str,
int len, EVP_KEYMGMT *keymgmt)
{
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
const EVP_PKEY_ASN1_METHOD *ameth = NULL;
ENGINE **eptr = (e == NULL) ? &e : NULL;
#endif
if (pkey != NULL) {
int free_it = 0;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
free_it = free_it || pkey->pkey.ptr != NULL;
#endif
free_it = free_it || pkey->keydata != NULL;
if (free_it)
evp_pkey_free_it(pkey);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/*
* If key type matches and a method exists then this lookup has
* succeeded once so just indicate success.
# endif
#endif
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (str != NULL)
ameth = EVP_PKEY_asn1_find_str(eptr, str, len);
else if (type != EVP_PKEY_NONE)
{
int check = 1;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
check = check && ameth == NULL;
#endif
check = check && keymgmt == NULL;
pkey->save_type = type;
pkey->type = type;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/*
* If the internal "origin" key is provider side, don't save |ameth|.
* The main reason is that |ameth| is one factor to detect that the
return 1;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
static void find_ameth(const char *name, void *data)
{
const char **str = data;
int EVP_PKEY_set_type_by_keymgmt(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt)
{
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
# define EVP_PKEY_TYPE_STR str[0]
# define EVP_PKEY_TYPE_STRLEN (str[0] == NULL ? -1 : (int)strlen(str[0]))
/*
return ((i > 1) ? 1 : 0);
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
void evp_pkey_free_legacy(EVP_PKEY *x)
{
if (x->ameth != NULL) {
# endif
x->type = EVP_PKEY_NONE;
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
static void evp_pkey_free_it(EVP_PKEY *x)
{
/* internal function; x is never NULL */
evp_keymgmt_util_clear_operation_cache(x);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
evp_pkey_free_legacy(x);
#endif
return;
REF_ASSERT_ISNT(i < 0);
evp_pkey_free_it(x);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EVP_PKEY, x, &x->ex_data);
#endif
CRYPTO_THREAD_lock_free(x->lock);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
#endif
OPENSSL_free(x);
if (pkey != NULL) {
size = pkey->cache.size;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (pkey->ameth != NULL && pkey->ameth->pkey_size != NULL)
size = pkey->ameth->pkey_size(pkey);
#endif
/* No key data => nothing to export */
check = 1;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
check = check && pk->pkey.ptr == NULL;
#endif
check = check && pk->keydata == NULL;
if (check)
return NULL;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (pk->pkey.ptr != NULL) {
/*
* If the legacy key doesn't have an dirty counter or export function,
if (tmp_keymgmt == NULL)
goto end;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (pk->pkey.ptr != NULL) {
size_t i = 0;
pk->dirty_cnt_copy = pk->ameth->dirty_cnt(pk);
goto end;
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
keydata = evp_keymgmt_util_export_to_provider(pk, tmp_keymgmt);
return keydata;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int evp_pkey_downgrade(EVP_PKEY *pk)
{
EVP_KEYMGMT *keymgmt = pk->keymgmt;
evp_keymgmt_util_cache_keyinfo(pk);
return 0; /* No downgrade, but at least the key is restored */
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
const OSSL_PARAM *EVP_PKEY_gettable_params(EVP_PKEY *pkey)
{
if (pkey->type == EVP_PKEY_NONE)
goto not_supported;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* legacy */
/* call customized public key check function first */
if (ctx->pmeth->public_check != NULL)
if (pkey->type == EVP_PKEY_NONE)
goto not_supported;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* legacy */
/* call customized param check function first */
if (ctx->pmeth->param_check != NULL)
if (pkey->type == EVP_PKEY_NONE)
goto not_supported;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* legacy */
/* call customized check function first */
if (ctx->pmeth->check != NULL)
#include "crypto/evp.h"
#include "evp_local.h"
-#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_EC)
+#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_EC)
# define TMP_SM2_HACK
#endif
goto end;
legacy:
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
goto not_supported;
#else
if (ctx->pmeth == NULL
ossl_callback_to_pkey_gencb, ctx)
!= NULL);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* In case |*ppkey| was originally a legacy key */
if (ret)
evp_pkey_free_legacy(*ppkey);
goto end;
legacy:
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
goto not_supported;
#else
if (ctx->pkey && !evp_pkey_downgrade(ctx->pkey))
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATON_NOT_INITIALIZED);
ret = -1;
goto end;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
not_accessible:
ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_DOMAIN_PARAMETERS);
ret = -1;
return ctx->keygen_info[idx];
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
const unsigned char *key, int keylen)
return mac_key;
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
-/*- All methods below can also be used in FIPS_MODE */
+/*- All methods below can also be used in FIPS_MODULE */
static int fromdata_init(EVP_PKEY_CTX *ctx, int operation)
{
#include "internal/provider.h"
#include "evp_local.h"
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
typedef const EVP_PKEY_METHOD *(*pmeth_fn)(void);
typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC;
return pmeth;
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
static EVP_PKEY_CTX *int_ctx_new(OPENSSL_CTX *libctx,
EVP_PKEY *pkey, ENGINE *e,
keytype = evp_first_name(pkey->keymgmt->prov, pkey->keymgmt->name_id);
goto common;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* TODO(3.0) Legacy code should be removed when all is provider based */
/* BEGIN legacy */
if (id == -1) {
return NULL;
}
/* END legacy */
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
common:
/*
* If there's no engine and there's a name, we try fetching a provider
ret = OPENSSL_zalloc(sizeof(*ret));
if (ret == NULL) {
EVP_KEYMGMT_free(keymgmt);
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
ENGINE_finish(e);
#endif
EVPerr(EVP_F_INT_CTX_NEW, ERR_R_MALLOC_FAILURE);
return ret;
}
-/*- All methods below can also be used in FIPS_MODE */
+/*- All methods below can also be used in FIPS_MODULE */
EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_name(OPENSSL_CTX *libctx,
const char *name,
ctx->op.kex.exchange = NULL;
}
/* TODO(3.0): add dependancies and uncomment this when available for fips mode */
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)) {
if (ctx->op.ciph.ciphprovctx != NULL && ctx->op.ciph.cipher != NULL)
ctx->op.ciph.cipher->freectx(ctx->op.ciph.ciphprovctx);
EVP_PKEY_free(ctx->pkey);
EVP_PKEY_free(ctx->peerkey);
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
ENGINE_finish(ctx->engine);
#endif
OPENSSL_free(ctx);
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
const EVP_PKEY_METHOD *meth)
return 0;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
{
if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)
*
* In particular they return -2 if any of the params is not supported.
*
- * They are not available in FIPS_MODE as they depend on
+ * They are not available in FIPS_MODULE as they depend on
* - EVP_PKEY_CTX_{get,set}_params()
* - EVP_PKEY_CTX_{gettable,settable}_params()
*
*pdigest_custom = pmeth->digest_custom;
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
#include "internal/ffc.h"
#include "internal/param_build_set.h"
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
# include <openssl/asn1.h> /* ffc_params_print */
#endif
return 1;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int ffc_params_print(BIO *bp, const FFC_PARAMS *ffc, int indent)
{
if (!ASN1_bn_print(bp, "prime P:", ffc->p, NULL, indent))
err:
return 0;
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
EVP_MD *evpmd_fetch = NULL;
*res = 0;
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
/*
* FIPS 186-4 states that validation can only be done for this pair.
* (Even though the original spec allowed L = 512 + 64*j (j = 0.. 8))
#include "prov/providercommon.h"
#include "internal/thread_once.h"
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
/*
* Thread aware code may want to be told about thread stop events. We register
* to hear about those thread stop events when we see a new thread has started.
THREAD_EVENT_HANDLER *next;
};
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
DEFINE_SPECIAL_STACK_OF(THREAD_EVENT_HANDLER_PTR, THREAD_EVENT_HANDLER *)
typedef struct global_tevent_register_st GLOBAL_TEVENT_REGISTER;
}
#endif
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
static int init_thread_push_handlers(THREAD_EVENT_HANDLER **hands);
static void init_thread_remove_handlers(THREAD_EVENT_HANDLER **handsin);
static void init_thread_destructor(void *hands);
return NULL;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (!init_thread_push_handlers(hands)) {
CRYPTO_THREAD_set_local(local, NULL);
OPENSSL_free(hands);
return hands;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/*
* Since per-thread-specific-data destructors are not universally
* available, i.e. not on Windows, only below CRYPTO_THREAD_LOCAL key
init_thread_stop(arg, hands);
OPENSSL_free(hands);
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
static void init_thread_stop(void *arg, THREAD_EVENT_HANDLER **hands)
{
THREAD_EVENT_HANDLER **hands;
THREAD_EVENT_HANDLER *hand;
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
OPENSSL_CTX *ctx = arg;
/*
if (hands == NULL)
return 0;
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
if (*hands == NULL) {
/*
* We've not yet registered any handlers for this thread. We need to get
return 1;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
static int init_thread_deregister(void *index, int all)
{
GLOBAL_TEVENT_REGISTER *gtr;
static CRYPTO_realloc_fn realloc_impl = CRYPTO_realloc;
static CRYPTO_free_fn free_impl = CRYPTO_free;
-#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODULE)
# include "internal/tsan_assist.h"
static TSAN_QUALIFIER int malloc_count;
*free_fn = free_impl;
}
-#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODULE)
void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount)
{
if (mcount != NULL)
* TODO(3.0): Temporarily disabled some assembler that hasn't been brought into
* the FIPS module yet.
*/
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
# ifndef OPENSSL_NO_CHACHA
void ChaCha20_ctr32_int(unsigned char *out, const unsigned char *inp,
size_t len, const unsigned int key[8],
return 1;
}
# endif
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
#ifdef ECP_NISTZ256_ASM
void ecp_nistz256_mul_mont(unsigned long res[4], const unsigned long a[4],
int ret = 0;
int j, best = -1, score, optional;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
#endif
#include "internal/provider.h"
#include "internal/refcount.h"
#include "provider_local.h"
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
# include <openssl/self_test.h>
#endif
STACK_OF(INFOPAIR) *parameters;
OPENSSL_CTX *libctx; /* The library context this instance is in */
struct provider_store_st *store; /* The store this instance belongs to */
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/*
* In the FIPS module inner provider, this isn't needed, since the
* error upcalls are always direct calls to the outer provider.
}
prov->libctx = ctx;
prov->store = store;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
prov->error_lib = ERR_get_next_error_library();
#endif
if(p->is_fallback)
OSSL_PROVIDER tmpl = { 0, };
int i;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/*
* Make sure any providers are loaded from config before we try to find
* them.
} else {
prov->libctx = libctx;
prov->store = store;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
prov->error_lib = ERR_get_next_error_library();
#endif
}
* When that happens, the provider is inactivated.
*/
if (ref < 2 && prov->flag_initialized) {
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
ossl_init_thread_deregister(prov);
#endif
if (prov->teardown != NULL)
prov->teardown(prov->provctx);
#ifndef OPENSSL_NO_ERR
-# ifndef FIPS_MODE
+# ifndef FIPS_MODULE
if (prov->error_strings != NULL) {
ERR_unload_strings(prov->error_lib, prov->error_strings);
OPENSSL_free(prov->error_strings);
* the store. All we have to do here is clean it out.
*/
if (ref == 0) {
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
DSO_free(prov->module);
#endif
OPENSSL_free(prov->name);
{
const OSSL_DISPATCH *provider_dispatch = NULL;
#ifndef OPENSSL_NO_ERR
-# ifndef FIPS_MODE
+# ifndef FIPS_MODULE
OSSL_provider_get_reason_strings_fn *p_get_reason_strings = NULL;
# endif
#endif
* a loadable module.
*/
if (prov->init_function == NULL) {
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
return 0;
#else
if (prov->module == NULL) {
&prov->provctx)) {
ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL, NULL,
"name=%s", prov->name);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
DSO_free(prov->module);
prov->module = NULL;
#endif
OSSL_get_provider_query_operation(provider_dispatch);
break;
#ifndef OPENSSL_NO_ERR
-# ifndef FIPS_MODE
+# ifndef FIPS_MODULE
case OSSL_FUNC_PROVIDER_GET_REASON_STRINGS:
p_get_reason_strings =
OSSL_get_provider_get_reason_strings(provider_dispatch);
}
#ifndef OPENSSL_NO_ERR
-# ifndef FIPS_MODE
+# ifndef FIPS_MODULE
if (p_get_reason_strings != NULL) {
const OSSL_ITEM *reasonstrings = p_get_reason_strings(prov->provctx);
size_t cnt, cnt2;
int ret = 1;
struct provider_store_st *store = get_provider_store(ctx);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/*
* Make sure any providers are loaded from config before we try to use
* them.
const char *ossl_provider_module_name(const OSSL_PROVIDER *prov)
{
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
return NULL;
#else
return DSO_get_filename(prov->module);
const char *ossl_provider_module_path(const OSSL_PROVIDER *prov)
{
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
return NULL;
#else
/* FIXME: Ensure it's a full path */
static OSSL_core_get_params_fn core_get_params;
static OSSL_core_thread_start_fn core_thread_start;
static OSSL_core_get_library_context_fn core_get_libctx;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
static OSSL_core_new_error_fn core_new_error;
static OSSL_core_set_error_debug_fn core_set_error_debug;
static OSSL_core_vset_error_fn core_vset_error;
if ((p = OSSL_PARAM_locate(params, "provider-name")) != NULL)
OSSL_PARAM_set_utf8_ptr(p, prov->name);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if ((p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_MODULE_FILENAME)) != NULL)
OSSL_PARAM_set_utf8_ptr(p, ossl_provider_module_path(prov));
#endif
* needed there, since the FIPS module upcalls are always the outer provider
* ones.
*/
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/*
* TODO(3.0) These error functions should use |prov| to select the proper
* library context to report in the correct error stack, at least if error
{
return ERR_pop_to_mark();
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
/*
* Functions provided by the core. Blank line separates "families" of related
{ OSSL_FUNC_CORE_GET_PARAMS, (void (*)(void))core_get_params },
{ OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT, (void (*)(void))core_get_libctx },
{ OSSL_FUNC_CORE_THREAD_START, (void (*)(void))core_thread_start },
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
{ OSSL_FUNC_CORE_NEW_ERROR, (void (*)(void))core_new_error },
{ OSSL_FUNC_CORE_SET_ERROR_DEBUG, (void (*)(void))core_set_error_debug },
{ OSSL_FUNC_CORE_VSET_ERROR, (void (*)(void))core_vset_error },
OSSL_provider_init_fn ossl_legacy_provider_init;
#endif
const struct predefined_providers_st predefined_providers[] = {
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
{ "fips", fips_intern_provider_init, 1 },
#else
{ "default", ossl_default_provider_init, 1 },
drbg->max_perslen = DRBG_MAX_LENGTH;
drbg->max_adinlen = DRBG_MAX_LENGTH;
} else {
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
RANDerr(RAND_F_DRBG_CTR_INIT,
RAND_R_DERIVATION_FUNCTION_MANDATORY_FOR_FIPS);
return 0;
if (dgbl == NULL)
return NULL;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/*
* We need to ensure that base libcrypto thread handling has been
* initialised.
drbg->parent = parent;
if (parent == NULL) {
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
drbg->get_entropy = rand_crngt_get_entropy;
drbg->cleanup_entropy = rand_crngt_cleanup_entropy;
#else
drbg->meth->uninstantiate(drbg);
rand_pool_free(drbg->adin_pool);
CRYPTO_THREAD_lock_free(drbg->lock);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RAND_DRBG, drbg, &drbg->ex_data);
#endif
return 1;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/*
* Get and set the EXDATA
*/
buflen = (size_t)num;
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
/*
* NIST SP-800-90A mandates that entropy *shall not* be provided
* by the consuming application. By setting the randomness to zero,
RAND_METHOD *RAND_OpenSSL(void)
{
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
return &rand_meth;
#else
return NULL;
#include "rand_local.h"
#include "e_os.h"
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
# ifndef OPENSSL_NO_ENGINE
/* non-NULL if default_RAND_meth is ENGINE-provided */
static ENGINE *funct_ref;
static CRYPTO_ONCE rand_init = CRYPTO_ONCE_STATIC_INIT;
static int rand_inited = 0;
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
#ifdef OPENSSL_RAND_SEED_RDTSC
/*
rand_pool_reattach(pool, out);
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
DEFINE_RUN_ONCE_STATIC(do_rand_init)
{
# ifndef OPENSSL_NO_ENGINE
return ret;
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
/*
* Allocate memory and initialize a new random pool
return 1;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int RAND_set_rand_method(const RAND_METHOD *meth)
{
if (!RUN_ONCE(&rand_init, do_rand_init))
const RAND_METHOD *RAND_get_rand_method(void)
{
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
return NULL;
#else
const RAND_METHOD *tmp_meth = NULL;
#endif
}
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
int RAND_set_rand_engine(ENGINE *engine)
{
const RAND_METHOD *tmp_meth = NULL;
return RAND_bytes_ex(NULL, buf, num);
}
-#if !defined(OPENSSL_NO_DEPRECATED_1_1_0) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_DEPRECATED_1_1_0) && !defined(FIPS_MODULE)
int RAND_pseudo_bytes(unsigned char *buf, int num)
{
const RAND_METHOD *meth = RAND_get_rand_method();
size_t seedlen;
DRBG_STATUS state;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* Application data, mainly used in the KATs. */
CRYPTO_EX_DATA ex_data;
#endif
if (getentropy != NULL)
return getentropy(buf, buflen) == 0 ? (ssize_t)buflen : -1;
-# elif !defined(FIPS_MODE)
+# elif !defined(FIPS_MODULE)
union {
void *p;
int (*f)(void *buffer, size_t length);
# if defined(__linux) && defined(DEVRANDOM_WAIT)
static void *shm_addr;
-# if !defined(FIPS_MODE)
+# if !defined(FIPS_MODULE)
static void cleanup_shm(void)
{
shmdt(shm_addr);
* If this call fails, it isn't a big problem.
*/
shm_addr = shmat(shm_id, NULL, SHM_RDONLY);
-# ifndef FIPS_MODE
+# ifndef FIPS_MODULE
/* TODO 3.0: The FIPS provider doesn't have OPENSSL_atexit */
if (shm_addr != (void *)-1)
OPENSSL_atexit(&cleanup_shm);
return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
}
-# if !defined(OPENSSL_NO_DEPRECATED_1_1_0) && !defined(FIPS_MODE)
+# if !defined(OPENSSL_NO_DEPRECATED_1_1_0) && !defined(FIPS_MODULE)
int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
{
RAND_poll();
#include "crypto/rsa.h"
#include "rsa_local.h"
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
static int rsa_validate_keypair_multiprime(const RSA *key, BN_GENCB *cb)
{
BIGNUM *i, *j, *k, *l, *m;
BN_CTX_free(ctx);
return ret;
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
int rsa_validate_public(const RSA *key)
{
int rsa_validate_pairwise(const RSA *key)
{
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
return rsa_sp800_56b_check_keypair(key, NULL, -1, RSA_bits(key));
#else
return rsa_validate_keypair_multiprime(key, NULL);
int RSA_check_key_ex(const RSA *key, BN_GENCB *cb)
{
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
return rsa_validate_public(key)
&& rsa_validate_private(key)
&& rsa_validate_pairwise(key);
#else
return rsa_validate_keypair_multiprime(key, cb);
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
}
int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes,
BIGNUM *e_value, BN_GENCB *cb)
{
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* multi-prime is only supported with the builtin key generation */
if (rsa->meth->rsa_multi_prime_keygen != NULL) {
return rsa->meth->rsa_multi_prime_keygen(rsa, bits, primes,
else
return 0;
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
return rsa_keygen(NULL, rsa, bits, primes, e_value, cb, 0);
}
BIGNUM *e_value, BN_GENCB *cb, int pairwise_test)
{
int ok = -1;
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
if (primes != 2)
return 0;
ok = rsa_sp800_56b_generate_key(rsa, bits, e_value, cb);
}
BN_CTX_end(ctx);
BN_CTX_free(ctx);
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
if (pairwise_test && ok > 0) {
OSSL_CALLBACK *stcb = NULL;
static RSA *rsa_new_intern(ENGINE *engine, OPENSSL_CTX *libctx);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
RSA *RSA_new(void)
{
return rsa_new_intern(NULL, NULL);
ret->libctx = libctx;
ret->meth = RSA_get_default_method();
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
if (engine) {
if (!ENGINE_init(engine)) {
#endif
ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) {
goto err;
}
if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
ENGINE_finish(r->engine);
#endif
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
#endif
BN_clear_free(r->dmp1);
BN_clear_free(r->dmq1);
BN_clear_free(r->iqmp);
- /* TODO(3.0): Support PSS in FIPS_MODE */
-#ifndef FIPS_MODE
+ /* TODO(3.0): Support PSS in FIPS_MODULE */
+#ifndef FIPS_MODULE
RSA_PSS_PARAMS_free(r->pss);
sk_RSA_PRIME_INFO_pop_free(r->prime_infos, rsa_multip_info_free);
#endif
return i > 1 ? 1 : 0;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int RSA_set_ex_data(RSA *r, int idx, void *arg)
{
return CRYPTO_set_ex_data(&r->ex_data, idx, arg);
{
int bits = BN_num_bits(rsa->n);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (rsa->version == RSA_ASN1_VERSION_MULTI) {
/* This ought to mean that we have private key at hand. */
int ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos);
return 1;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/*
* Is it better to export RSA_PRIME_INFO structure
* and related functions to let user pass a triplet?
*q = r->q;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int RSA_get_multi_prime_extra_count(const RSA *r)
{
int pnum;
*iqmp = r->iqmp;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[],
const BIGNUM *coeffs[])
{
return r->version;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
ENGINE *RSA_get0_engine(const RSA *r)
{
return r->engine;
const STACK_OF(BIGNUM) *exps,
const STACK_OF(BIGNUM) *coeffs)
{
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
STACK_OF(RSA_PRIME_INFO) *prime_infos, *old_infos = NULL;
#endif
int pnum;
sk_BIGNUM_value(coeffs, 0)))
return 0;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
old_infos = r->prime_infos;
#endif
if (pnum > 2) {
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int i;
prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, pnum);
#endif
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (old_infos != NULL) {
/*
* This is hard to deal with, since the old infos could
r->dirty_cnt++;
return 1;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
err:
/* r, d, t should not be freed */
sk_RSA_PRIME_INFO_pop_free(prime_infos, rsa_multip_info_free_ex);
STACK_OF(BIGNUM_const) *exps,
STACK_OF(BIGNUM_const) *coeffs)
{
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
RSA_PRIME_INFO *pinfo;
int i, pnum;
#endif
sk_BIGNUM_const_push(exps, RSA_get0_dmq1(r));
sk_BIGNUM_const_push(coeffs, RSA_get0_iqmp(r));
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
pnum = RSA_get_multi_prime_extra_count(r);
for (i = 0; i < pnum; i++) {
pinfo = sk_RSA_PRIME_INFO_value(r->prime_infos, i);
return 1;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad_mode)
{
OSSL_PARAM pad_params[2], *p = pad_params;
BIGNUM *iqmp;
/* If a PSS only key this contains the parameter restrictions */
RSA_PSS_PARAMS *pss;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* for multi-prime RSA, defined in RFC 8017 */
STACK_OF(RSA_PRIME_INFO) *prime_infos;
/* Be careful using this if the RSA structure is shared */
const char *rsa_mp_factor_names[] = {
OSSL_PKEY_PARAM_RSA_FACTOR1,
OSSL_PKEY_PARAM_RSA_FACTOR2,
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
OSSL_PKEY_PARAM_RSA_FACTOR3,
OSSL_PKEY_PARAM_RSA_FACTOR4,
OSSL_PKEY_PARAM_RSA_FACTOR5,
const char *rsa_mp_exp_names[] = {
OSSL_PKEY_PARAM_RSA_EXPONENT1,
OSSL_PKEY_PARAM_RSA_EXPONENT2,
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
OSSL_PKEY_PARAM_RSA_EXPONENT3,
OSSL_PKEY_PARAM_RSA_EXPONENT4,
OSSL_PKEY_PARAM_RSA_EXPONENT5,
const char *rsa_mp_coeff_names[] = {
OSSL_PKEY_PARAM_RSA_COEFFICIENT1,
OSSL_PKEY_PARAM_RSA_COEFFICIENT2,
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
OSSL_PKEY_PARAM_RSA_COEFFICIENT3,
OSSL_PKEY_PARAM_RSA_COEFFICIENT4,
OSSL_PKEY_PARAM_RSA_COEFFICIENT5,
unsigned char seedmask[EVP_MAX_MD_SIZE];
int mdlen, dbmask_len = 0;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (md == NULL)
md = EVP_sha1();
#else
int mdlen;
if (md == NULL) {
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
md = EVP_sha1();
#else
RSAerr(0, ERR_R_PASSED_NULL_PARAMETER);
to[i] = constant_time_select_8(mask, db[i + mdlen + 1], to[i]);
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/*
* To avoid chosen ciphertext attacks, the error message should not
* reveal which kind of decoding error happened.
from, flen, NULL, 0,
NULL, NULL);
break;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
case RSA_SSLV23_PADDING:
i = rsa_padding_add_SSLv23_with_libctx(rsa->libctx, buf, num, from,
flen);
case RSA_PKCS1_OAEP_PADDING:
r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0);
break;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
case RSA_SSLV23_PADDING:
r = RSA_padding_check_SSLv23(to, num, buf, j, num);
break;
RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
goto err;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/*
* This trick doesn't work in the FIPS provider because libcrypto manages
* the error stack. Instead we opt not to put an error on the stack at all
{
BIGNUM *r1, *m1, *vrfy;
int ret = 0, smooth = 0;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BIGNUM *r2, *m[RSA_MAX_PRIME_NUM - 2];
int i, ex_primes = 0;
RSA_PRIME_INFO *pinfo;
BN_CTX_start(ctx);
r1 = BN_CTX_get(ctx);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
r2 = BN_CTX_get(ctx);
#endif
m1 = BN_CTX_get(ctx);
if (vrfy == NULL)
goto err;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (rsa->version == RSA_ASN1_VERSION_MULTI
&& ((ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) <= 0
|| ex_primes > RSA_MAX_PRIME_NUM - 2))
BN_free(factor);
goto err;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
for (i = 0; i < ex_primes; i++) {
pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
BN_with_flags(factor, pinfo->r, BN_FLG_CONSTTIME);
BN_free(factor);
smooth = (rsa->meth->bn_mod_exp == BN_mod_exp_mont)
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
&& (ex_primes == 0)
#endif
&& (BN_num_bits(rsa->q) == BN_num_bits(rsa->p));
BN_free(dmp1);
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/*
* calculate m_i in multi-prime case
*
if (!BN_add(r0, r1, m1))
goto err;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* add m_i to m in multi-prime case */
if (ex_primes > 0) {
BIGNUM *pr2 = BN_new();
static int rsa_ossl_finish(RSA *rsa)
{
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int i;
RSA_PRIME_INFO *pinfo;
}
OPENSSL_clear_free(em, num);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/*
* This trick doesn't work in the FIPS provider because libcrypto manages
* the error stack. Instead we opt not to put an error on the stack at all
ASN1_OCTET_STRING, sz \
};
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
# ifndef OPENSSL_NO_MD2
ENCODE_DIGESTINFO_MD(md2, 0x02, MD2_DIGEST_LENGTH)
# endif
ASN1_OCTET_STRING, RIPEMD160_DIGEST_LENGTH
};
# endif
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
/* SHA-1 (1 3 14 3 2 26) */
static const unsigned char digestinfo_sha1_der[] = {
const unsigned char *rsa_digestinfo_encoding(int md_nid, size_t *len)
{
switch (md_nid) {
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
# ifndef OPENSSL_NO_MDC2
MD_CASE(mdc2)
# endif
# ifndef OPENSSL_NO_RMD160
MD_CASE(ripemd160)
# endif
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
MD_CASE(sha1)
MD_CASE(sha224)
MD_CASE(sha256)
static int digest_sz_from_nid(int nid)
{
switch (nid) {
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
# ifndef OPENSSL_NO_MDC2
MD_NID_CASE(mdc2, MDC2_DIGEST_LENGTH)
# endif
# ifndef OPENSSL_NO_RMD160
MD_NID_CASE(ripemd160, RIPEMD160_DIGEST_LENGTH)
# endif
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
MD_NID_CASE(sha1, SHA_DIGEST_LENGTH)
MD_NID_CASE(sha224, SHA224_DIGEST_LENGTH)
MD_NID_CASE(sha256, SHA256_DIGEST_LENGTH)
unsigned char *tmps = NULL;
const unsigned char *encoded = NULL;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (rsa->meth->rsa_sign != NULL)
return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
/* Compute the encoded digest. */
if (type == NID_md5_sha1) {
goto err;
decrypt_len = len;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (type == NID_md5_sha1) {
/*
* NID_md5_sha1 corresponds to the MD5/SHA1 combination in TLS 1.1 and
}
}
} else
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
{
/*
* If recovering the digest, extract a digest-sized output from the end
int rsa_sp800_56b_check_public(const RSA *rsa)
{
int ret = 0, status;
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
int nbits;
#endif
BN_CTX *ctx = NULL;
if (rsa->n == NULL || rsa->e == NULL)
return 0;
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
/*
* (Step a): modulus must be 2048 or 3072 (caveat from SP800-56Br1)
* NOTE: changed to allow keys >= 2048
&self_test_set_callback_method);
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
void OSSL_SELF_TEST_set_callback(OPENSSL_CTX *libctx, OSSL_CALLBACK *cb,
void *cbarg)
{
stcb->cbarg = cbarg;
}
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
void OSSL_SELF_TEST_get_callback(OPENSSL_CTX *libctx, OSSL_CALLBACK **cb,
void **cbarg)
return 1;
}
-# ifndef FIPS_MODE
+# ifndef FIPS_MODULE
/* TODO(3.0): No fork protection in FIPS module yet! */
# ifdef OPENSSL_SYS_UNIX
# endif
return 0;
}
-# endif /* FIPS_MODE */
+# endif /* FIPS_MODULE */
int openssl_get_fork_id(void)
{
int type;
int save_type;
-# ifndef FIPS_MODE
+# ifndef FIPS_MODULE
/*
* Legacy key "origin" is composed of a pointer to an EVP_PKEY_ASN1_METHOD,
* a pointer to a low level key and possibly a pointer to an engine.
CRYPTO_RWLOCK *lock;
STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
int save_parameters;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
CRYPTO_EX_DATA ex_data;
#endif
void *evp_pkey_export_to_provider(EVP_PKEY *pk, OPENSSL_CTX *libctx,
EVP_KEYMGMT **keymgmt,
const char *propquery);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int evp_pkey_downgrade(EVP_PKEY *pk);
void evp_pkey_free_legacy(EVP_PKEY *x);
#endif
const EVP_CIPHER *evp_get_cipherbyname_ex(OPENSSL_CTX *libctx, const char *name);
const EVP_MD *evp_get_digestbyname_ex(OPENSSL_CTX *libctx, const char *name);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/*
* Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params().
*
*
* In particular they return -2 if any of the params is not supported.
*
- * They are not available in FIPS_MODE as they depend on
+ * They are not available in FIPS_MODULE as they depend on
* - EVP_PKEY_CTX_{get,set}_params()
* - EVP_PKEY_CTX_{gettable,settable}_params()
*
EVP_PKEY *evp_pkcs82pkey_int(const PKCS8_PRIV_KEY_INFO *p8, OPENSSL_CTX *libctx,
const char *propq);
-#endif /* !defined(FIPS_MODE) */
+#endif /* !defined(FIPS_MODULE) */
int ffc_params_copy(FFC_PARAMS *dst, const FFC_PARAMS *src);
int ffc_params_cmp(const FFC_PARAMS *a, const FFC_PARAMS *b, int ignore_q);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int ffc_params_print(BIO *bp, const FFC_PARAMS *ffc, int indent);
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
int ffc_params_FIPS186_4_generate(OPENSSL_CTX *libctx, FFC_PARAMS *params,
* OPENSSL_CTX object. In this way data will get cleaned up correctly when the
* module gets unloaded.
*/
-#if !defined(FIPS_MODE) || defined(ALLOW_RUN_ONCE_IN_FIPS)
+#if !defined(FIPS_MODULE) || defined(ALLOW_RUN_ONCE_IN_FIPS)
/*
* DEFINE_RUN_ONCE: Define an initialiser function that should be run exactly
* once. It takes no arguments and returns and int result (1 for success or
# define RUN_ONCE_ALT(once, initalt, init) \
(CRYPTO_THREAD_run_once(once, initalt##_ossl_) ? init##_ossl_ret_ : 0)
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
# libfips.a Contains all things needed to support
# FIPS implementations, such as code from
# crypto/ and object files that contain
-# FIPS-specific code. FIPS_MODE is defined
+# FIPS-specific code. FIPS_MODULE is defined
# for this library. The FIPS module uses
# this.
# libnonfips.a Corresponds to libfips.a, but built with
-# FIPS_MODE undefined. The default and legacy
+# FIPS_MODULE undefined. The default and legacy
# providers use this.
SUBDIRS=common implementations
INCLUDE[$LIBLEGACY]=.. $COMMON_INCLUDES
INCLUDE[$LIBNONFIPS]=$COMMON_INCLUDES
INCLUDE[$LIBFIPS]=.. $COMMON_INCLUDES
-DEFINE[$LIBFIPS]=FIPS_MODE
+DEFINE[$LIBFIPS]=FIPS_MODULE
# Weak dependencies to provide library order information.
# We make it weak so they aren't both used always; what is
$FIPSGOAL=fips
DEPEND[$FIPSGOAL]=$LIBIMPLEMENTATIONS $LIBFIPS
INCLUDE[$FIPSGOAL]=../include
-DEFINE[$FIPSGOAL]=FIPS_MODE
+DEFINE[$FIPSGOAL]=FIPS_MODULE
IF[{- defined $target{shared_defflag} -}]
SOURCE[$FIPSGOAL]=fips.ld
GENERATE[fips.ld]=../util/providers.num
size_t precompiled_sz = 0;
switch (mdnid) {
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
MD_CASE(md2);
MD_CASE(md5);
#endif
*engine = NULL;
/* TODO legacy stuff, to be removed */
/* Inside the FIPS module, we don't support legacy ciphers */
-#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE)
+#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
p = OSSL_PARAM_locate_const(params, "engine");
if (p != NULL) {
if (p->data_type != OSSL_PARAM_UTF8_STRING)
ERR_set_mark();
pc->cipher = pc->alloc_cipher = EVP_CIPHER_fetch(ctx, p->data, propquery);
/* TODO legacy stuff, to be removed */
-#ifndef FIPS_MODE /* Inside the FIPS module, we don't support legacy ciphers */
+#ifndef FIPS_MODULE /* Inside the FIPS module, we don't support legacy ciphers */
if (pc->cipher == NULL)
pc->cipher = EVP_get_cipherbyname(p->data);
#endif
ERR_set_mark();
pd->md = pd->alloc_md = EVP_MD_fetch(ctx, p->data, propquery);
/* TODO legacy stuff, to be removed */
-#ifndef FIPS_MODE /* Inside the FIPS module, we don't support legacy digests */
+#ifndef FIPS_MODULE /* Inside the FIPS module, we don't support legacy digests */
if (pd->md == NULL)
pd->md = EVP_get_digestbyname(p->data);
#endif
*mp++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_PROPERTIES,
(char *)properties, 0);
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
if ((p = OSSL_PARAM_locate_const(params, "engine")) != NULL) {
if (p->data_type != OSSL_PARAM_UTF8_STRING)
return 0;
/* FIPS specific version of the function of the same name in provlib.c */
const char *ossl_prov_util_nid_to_name(int nid)
{
- /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */
+ /* We don't have OBJ_nid2n() in FIPS_MODULE so we have an explicit list */
switch (nid) {
/* Digests */
#include "cipher_aes_xts.h"
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
const int allow_insecure_decrypt = 0;
#else
const int allow_insecure_decrypt = 1;
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
return ret;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
static ossl_inline
int ecdh_X9_63_kdf_derive(void *vpecdhctx, unsigned char *secret,
size_t *psecretlen, size_t outlen)
OPENSSL_secure_clear_free(stmp, stmplen);
return ret;
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
static
int ecdh_derive(void *vpecdhctx, unsigned char *secret,
switch (pecdhctx->kdf_type) {
case PROV_ECDH_KDF_NONE:
return ecdh_plain_derive(vpecdhctx, secret, psecretlen, outlen);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
case PROV_ECDH_KDF_X9_63:
return ecdh_X9_63_kdf_derive(vpecdhctx, secret, psecretlen, outlen);
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
default:
break;
}
#ifndef OPENSSL_NO_DES
extern const OSSL_DISPATCH tdes_ede3_ecb_functions[];
extern const OSSL_DISPATCH tdes_ede3_cbc_functions[];
-# ifndef FIPS_MODE
+# ifndef FIPS_MODULE
extern const OSSL_DISPATCH tdes_ede3_ofb_functions[];
extern const OSSL_DISPATCH tdes_ede3_cfb_functions[];
extern const OSSL_DISPATCH tdes_ede3_cfb8_functions[];
extern const OSSL_DISPATCH des_cfb64_functions[];
extern const OSSL_DISPATCH des_cfb1_functions[];
extern const OSSL_DISPATCH des_cfb8_functions[];
-# endif /* FIPS_MODE */
+# endif /* FIPS_MODULE */
#endif /* OPENSSL_NO_DES */
#ifndef OPENSSL_NO_RC4
* For backwards compatibility reasons,
* Extra checks are done by default in fips mode only.
*/
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
const int kdf_pbkdf2_default_checks = 1;
#else
const int kdf_pbkdf2_default_checks = 0;
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
return ok;
}
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
/* In fips mode there are no multi-primes. */
# define RSA_KEY_MP_TYPES() \
OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, NULL, 0), \
return 0;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (EVP_MD_is_a(prsactx->md, OSSL_DIGEST_NAME_MDC2)) {
unsigned int sltmp;
prsactx->pad_mode);
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
end:
#endif
if (ret <= 0) {
return ret;
}
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
static int ivgen_test(void)
{
unsigned char iv_gen[16];
return do_encrypt(iv_gen, ct, &ctlen, tag, &taglen)
&& do_decrypt(iv_gen, ct, ctlen, tag, taglen);
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
int setup_tests(void)
{
ADD_TEST(kat_test);
ADD_TEST(badkeylen_test);
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
ADD_TEST(ivgen_test);
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
return 1;
}
const struct drbg_kat *td = test[i];
int rv = 0;
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
/* FIPS mode doesn't support instantiating without a derivation function */
if ((td->flags & USE_DF) == 0)
return TEST_skip("instantiating without derivation function "
make_drbg_test_data(nid, 0, pr, p)
static DRBG_SELFTEST_DATA drbg_test[] = {
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* FIPS mode doesn't support CTR DRBG without a derivation function */
make_drbg_test_data_no_df (NID_aes_128_ctr, aes_128_no_df, 0),
make_drbg_test_data_no_df (NID_aes_192_ctr, aes_192_no_df, 0),
/* fill 'randomness' buffer with some arbitrary data */
memset(rand_add_buf, 'r', sizeof(rand_add_buf));
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/*
* Test whether all three DRBGs are reseeded by RAND_add().
* The before_reseed time has to be measured here and passed into the
if (!TEST_true(test_drbg_reseed(0, master, public, private, 0, 0, 0, 0)))
goto error;
reset_drbg_hook_ctx();
-#else /* FIPS_MODE */
+#else /* FIPS_MODULE */
/*
* In FIPS mode, random data provided by the application via RAND_add()
* is not considered a trusted entropy source. It is only treated as
&& TEST_int_eq(public->flags, RAND_DRBG_FLAG_PUBLIC)
/* FIPS mode doesn't support CTR DRBG without a derivation function */
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* Change DRBG defaults and change master and check again */
&& TEST_true(RAND_DRBG_set_defaults(NID_aes_256_ctr,
RAND_DRBG_FLAG_CTR_NO_DF))
crngt_case = n % crngt_num_cases;
crngt_idx = 0;
crngt_get_entropy = &crngt_entropy_cb;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (!TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_crngt_get_entropy,
&rand_crngt_cleanup_entropy,
&rand_drbg_get_nonce,
TEST_info("ECDSA KATs for curve %s", OBJ_nid2sn(nid));
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
if (EC_curve_nid2nist(nid) == NULL)
return TEST_skip("skip non approved curves");
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
if (!TEST_ptr(mctx = EVP_MD_CTX_new())
/* get the message digest */
}
#endif
-#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
static int test_EVP_SM2_verify(void)
{
#ifndef OPENSSL_NO_EC
ADD_TEST(test_EVP_PKCS82PKEY);
#endif
-#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
ADD_TEST(test_EVP_SM2);
ADD_TEST(test_EVP_SM2_verify);
#endif
projects / oweals / openssl.git / commitdiff