From: Richard Levitte Date: Thu, 25 Sep 2003 12:24:52 +0000 (+0000) Subject: Use OPENSSL_FIPS instead of FIPS. X-Git-Tag: BEN_FIPS_TEST_1~18 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=3b84ce3b6f2c6b83f84ebc2d7fee7373f9c702c4;p=oweals%2Fopenssl.git Use OPENSSL_FIPS instead of FIPS. --- diff --git a/Configure b/Configure index f6718535c0..ee4b0e7265 100755 --- a/Configure +++ b/Configure @@ -1151,7 +1151,6 @@ $bn_obj = $bn_asm unless $bn_obj ne ""; if ($fips) { $des_obj=$sha1_obj=""; - $cflags.=" -DFIPS"; } $des_obj=$des_enc unless (!$fips && $des_obj =~ /\.o$/); $bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c index 0b925a8566..ed566a8123 100644 --- a/crypto/aes/aes_core.c +++ b/crypto/aes/aes_core.c @@ -40,7 +40,7 @@ #include #include "aes_locl.h" -#ifndef FIPS +#ifndef OPENSSL_FIPS /* Te0[x] = S [x].[02, 01, 01, 03]; @@ -1258,4 +1258,4 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, PUTU32(out + 12, s3); } -#endif /* ndef FIPS */ +#endif /* ndef OPENSSL_FIPS */ diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 8fe063ff5e..84c1e6853f 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -66,10 +66,10 @@ static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */ #endif -#ifdef FIPS +#ifdef OPENSSL_FIPS int FIPS_mode; void *FIPS_rand_check; -#endif /* def FIPS */ +#endif /* def OPENSSL_FIPS */ DECLARE_STACK_OF(CRYPTO_dynlock) IMPLEMENT_STACK_OF(CRYPTO_dynlock) diff --git a/crypto/des/des_enc.c b/crypto/des/des_enc.c index 3ad3c9bc75..21854270c7 100644 --- a/crypto/des/des_enc.c +++ b/crypto/des/des_enc.c @@ -58,7 +58,7 @@ #include "des_locl.h" -#ifndef FIPS +#ifndef OPENSSL_FIPS void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) { @@ -289,7 +289,7 @@ void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, data[1]=r; } -#endif /* ndef FIPS */ +#endif /* ndef OPENSSL_FIPS */ #ifndef DES_DEFAULT_OPTIONS diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 0cff5c066d..e307beb3da 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -80,7 +80,7 @@ #include #include -#ifndef FIPS +#ifndef OPENSSL_FIPS DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, int *counter_ret, unsigned long *h_ret, @@ -294,6 +294,6 @@ err: if (mont != NULL) BN_MONT_CTX_free(mont); return(ok?ret:NULL); } -#endif /* ndef FIPS */ +#endif /* ndef OPENSSL_FIPS */ #endif /* ndef OPENSSL_NO_SHA */ diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index f95ffa9fe1..f1a85afcde 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -65,7 +65,7 @@ #include #include -#ifndef FIPS +#ifndef OPENSSL_FIPS static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index 03846e539b..1821adf3d6 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -71,7 +71,7 @@ DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { -#ifdef FIPS +#ifdef OPENSSL_FIPS if(FIPS_mode && !FIPS_dsa_check(dsa)) return NULL; #endif @@ -95,7 +95,7 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { -#ifdef FIPS +#ifdef OPENSSL_FIPS if(FIPS_mode && !FIPS_dsa_check(dsa)) return 0; #endif diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c index d8728a0ebc..493bdd07cd 100644 --- a/crypto/dsa/dsa_vrf.c +++ b/crypto/dsa/dsa_vrf.c @@ -73,7 +73,7 @@ int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) { -#ifdef FIPS +#ifdef OPENSSL_FIPS if(FIPS_mode && !FIPS_dsa_check(dsa)) return -1; #endif diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index c8e2dafd93..4dc9300892 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -131,7 +131,7 @@ void ERR_load_crypto_strings(void) ERR_load_OCSP_strings(); ERR_load_UI_strings(); #endif -#ifdef FIPS +#ifdef OPENSSL_FIPS ERR_load_FIPS_strings(); #endif } diff --git a/crypto/md32_common.h b/crypto/md32_common.h index 46603a019d..6fc4467a67 100644 --- a/crypto/md32_common.h +++ b/crypto/md32_common.h @@ -559,7 +559,7 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c) static const unsigned char end[4]={0x80,0x00,0x00,0x00}; const unsigned char *cp=end; -#ifdef FIPS +#ifdef OPENSSL_FIPS if(FIPS_mode && !FIPS_md5_allowed) { FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index 4fdb7005d3..24e590ab64 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -333,7 +333,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) #endif int do_stir_pool = 0; -#ifdef FIPS +#ifdef OPENSSL_FIPS if(FIPS_mode) { FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD); diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 9b6943e07e..869d11cab6 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -87,7 +87,7 @@ int RAND_set_rand_method(const RAND_METHOD *meth) const RAND_METHOD *RAND_get_rand_method(void) { -#ifdef FIPS +#ifdef OPENSSL_FIPS if(FIPS_mode && default_RAND_meth != FIPS_rand_check) { RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD); diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c index 3e5d1e9e7b..de645fc107 100644 --- a/crypto/sha/sha1dgst.c +++ b/crypto/sha/sha1dgst.c @@ -63,18 +63,18 @@ #include -#ifndef FIPS +#ifndef OPENSSL_FIPS const char *SHA1_version="SHA1" OPENSSL_VERSION_PTEXT; /* The implementation is in ../md32_common.h */ #include "sha_locl.h" -#else /* ndef FIPS */ +#else /* ndef OPENSSL_FIPS */ static void *dummy=&dummy; -#endif /* ndef FIPS */ +#endif /* ndef OPENSSL_FIPS */ #endif diff --git a/fips/aes/fips_aes_core.c b/fips/aes/fips_aes_core.c index 1d3481efd4..94db7508fc 100644 --- a/fips/aes/fips_aes_core.c +++ b/fips/aes/fips_aes_core.c @@ -39,7 +39,7 @@ #include #include "fips_aes_locl.h" -#ifdef FIPS +#ifdef OPENSSL_FIPS /* Te0[x] = S [x].[02, 01, 01, 03]; @@ -1257,4 +1257,4 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, PUTU32(out + 12, s3); } -#endif /* def FIPS */ +#endif /* def OPENSSL_FIPS */ diff --git a/fips/aes/fips_aes_selftest.c b/fips/aes/fips_aes_selftest.c index 0bb9f3e48e..8d3e9c212f 100644 --- a/fips/aes/fips_aes_selftest.c +++ b/fips/aes/fips_aes_selftest.c @@ -52,7 +52,7 @@ #include #include -#ifdef FIPS +#ifdef OPENSSL_FIPS static struct { unsigned char key[16]; diff --git a/fips/aes/fips_aesavs.c b/fips/aes/fips_aesavs.c index 5ffbb086c1..ca67657652 100644 --- a/fips/aes/fips_aesavs.c +++ b/fips/aes/fips_aesavs.c @@ -723,7 +723,7 @@ int proc_file(char *rqfile) break; if(!strncasecmp(ibuf,"COUNT = ",8)) break; - + if (strncasecmp(ibuf, "KEY = ", 6) != 0) { printf("Missing KEY\n"); @@ -833,7 +833,7 @@ int proc_file(char *rqfile) err =1; break; } - + PrintValue("CIPHERTEXT", ciphertext, len); if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */ { @@ -889,7 +889,7 @@ int main(int argc, char **argv) char fn[250] = "", rfn[256] = ""; int f_opt = 0, d_opt = 1; -#ifdef FIPS +#ifdef OPENSSL_FIPS if(!FIPS_mode_set(1,argv[0])) { ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); diff --git a/fips/des/fips_des_enc.c b/fips/des/fips_des_enc.c index e1c06e3060..3e7af5c686 100644 --- a/fips/des/fips_des_enc.c +++ b/fips/des/fips_des_enc.c @@ -58,7 +58,7 @@ #include "fips_des_locl.h" -#ifdef FIPS +#ifdef OPENSSL_FIPS void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) { @@ -289,9 +289,9 @@ void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, data[1]=r; } -#else /* ndef FIPS */ +#else /* ndef OPENSSL_FIPS */ static void *dummy=&dummy; -#endif /* ndef FIPS */ +#endif /* ndef OPENSSL_FIPS */ diff --git a/fips/des/fips_desmovs.c b/fips/des/fips_desmovs.c index 177cff26e0..d38e2601db 100644 --- a/fips/des/fips_desmovs.c +++ b/fips/des/fips_desmovs.c @@ -667,7 +667,7 @@ int main(int argc, char **argv) char fn[250] = "", rfn[256] = ""; int f_opt = 0, d_opt = 1; -#ifdef FIPS +#ifdef OPENSSL_FIPS if(!FIPS_mode_set(1,argv[0])) { ERR_load_crypto_strings(); diff --git a/fips/dsa/fips_dsa_gen.c b/fips/dsa/fips_dsa_gen.c index 34f389790f..cf74020b5c 100644 --- a/fips/dsa/fips_dsa_gen.c +++ b/fips/dsa/fips_dsa_gen.c @@ -84,7 +84,7 @@ #ifndef OPENSSL_NO_SHA #include -#ifdef FIPS +#ifdef OPENSSL_FIPS DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, diff --git a/fips/dsa/fips_dsa_ossl.c b/fips/dsa/fips_dsa_ossl.c index 7fc0648c10..f7c775f2c4 100644 --- a/fips/dsa/fips_dsa_ossl.c +++ b/fips/dsa/fips_dsa_ossl.c @@ -68,7 +68,7 @@ #endif #include -#ifdef FIPS +#ifdef OPENSSL_FIPS static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); @@ -367,8 +367,8 @@ static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); } -#else /* ndef FIPS */ +#else /* ndef OPENSSL_FIPS */ static void *dummy=&dummy; -#endif /* ndef FIPS */ +#endif /* ndef OPENSSL_FIPS */ diff --git a/fips/dsa/fips_dsatest.c b/fips/dsa/fips_dsatest.c index 8fc4d01fc0..ffc9ccd828 100644 --- a/fips/dsa/fips_dsatest.c +++ b/fips/dsa/fips_dsatest.c @@ -74,7 +74,7 @@ #include #include -#if defined(OPENSSL_NO_DSA) || !defined(FIPS) +#if defined(OPENSSL_NO_DSA) || !defined(OPENSSL_FIPS) int main(int argc, char *argv[]) { printf("No FIPS DSA support\n"); @@ -146,7 +146,7 @@ int main(int argc, char **argv) if (bio_err == NULL) bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); -#ifdef FIPS +#ifdef OPENSSL_FIPS if(!FIPS_mode_set(1,argv[0])) { ERR_print_errors(bio_err); diff --git a/fips/fips.c b/fips/fips.c index e5861efdf3..0db04e098a 100644 --- a/fips/fips.c +++ b/fips/fips.c @@ -57,7 +57,7 @@ #include #include "fips_locl.h" -#ifdef FIPS +#ifdef OPENSSL_FIPS int FIPS_md5_allowed; diff --git a/fips/fips.h b/fips/fips.h index a93edd4976..2e7dc3c1a4 100644 --- a/fips/fips.h +++ b/fips/fips.h @@ -47,7 +47,9 @@ * */ -#if defined(FIPS) || defined(OPENSSL_FIPS) +#include + +#ifdef OPENSSL_FIPS /* Note that these are defined in crypto/cryptlib.c so they're * available even without -lfips. */ diff --git a/fips/fips_err_wrapper.c b/fips/fips_err_wrapper.c index f849ca7c94..0897551671 100644 --- a/fips/fips_err_wrapper.c +++ b/fips/fips_err_wrapper.c @@ -1,4 +1,4 @@ -#ifdef FIPS +#ifdef OPENSSL_FIPS # include "fips_err.h" #else static void *dummy=&dummy; diff --git a/fips/rand/fips_randtest.c b/fips/rand/fips_randtest.c index 011678a5a5..fa9185010d 100644 --- a/fips/rand/fips_randtest.c +++ b/fips/rand/fips_randtest.c @@ -110,7 +110,7 @@ #include "e_os.h" -#ifndef FIPS +#ifndef OPENSSL_FIPS int main(int argc, char *argv[]) { printf("No FIPS RAND support\n"); diff --git a/fips/sha1/fips_sha1_selftest.c b/fips/sha1/fips_sha1_selftest.c index 4dd880e537..505e6f893d 100644 --- a/fips/sha1/fips_sha1_selftest.c +++ b/fips/sha1/fips_sha1_selftest.c @@ -52,7 +52,7 @@ #include #include -#ifdef FIPS +#ifdef OPENSSL_FIPS static char *test[]= { "", diff --git a/fips/sha1/fips_sha1dgst.c b/fips/sha1/fips_sha1dgst.c index e766095291..89462fcc64 100644 --- a/fips/sha1/fips_sha1dgst.c +++ b/fips/sha1/fips_sha1dgst.c @@ -63,18 +63,18 @@ #include -#ifdef FIPS +#ifdef OPENSSL_FIPS const char *SHA1_version="SHA1" OPENSSL_VERSION_PTEXT; /* The implementation is in fips_md32_common.h */ #include "fips_sha_locl.h" -#else /* ndef FIPS */ +#else /* ndef OPENSSL_FIPS */ static void *dummy=&dummy; -#endif /* ndef FIPS */ +#endif /* ndef OPENSSL_FIPS */ #endif diff --git a/fips/sha1/fips_sha1test.c b/fips/sha1/fips_sha1test.c index f4fa43d249..5a5ed2b69b 100644 --- a/fips/sha1/fips_sha1test.c +++ b/fips/sha1/fips_sha1test.c @@ -7,7 +7,7 @@ #include #include -#ifndef FIPS +#ifndef OPENSSL_FIPS int main(int argc, char *argv[]) { printf("No FIPS SHA1 support\n"); diff --git a/fips/sha1/fips_standalone_sha1.c b/fips/sha1/fips_standalone_sha1.c index 55a12cd3a0..9631470ccd 100644 --- a/fips/sha1/fips_standalone_sha1.c +++ b/fips/sha1/fips_standalone_sha1.c @@ -53,7 +53,7 @@ int main(int argc,char **argv) { -#ifdef FIPS +#ifdef OPENSSL_FIPS int n; if(argc < 2)