From 7edfe6745670d2f4d53d96f268f2dba11326a51c Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 27 Jan 2011 19:10:56 +0000 Subject: [PATCH] Move all FIPSAPI renames into fips.h header file, include early in crypto.h if needed. Modify source tree to handle change. --- crypto/bn/bn_blind.c | 8 ++---- crypto/bn/bn_ctx.c | 4 --- crypto/bn/bn_exp.c | 6 +--- crypto/bn/bn_lib.c | 7 ++--- crypto/bn/bn_mont.c | 4 --- crypto/bn/bn_rand.c | 7 ++--- crypto/bn/bn_recp.c | 6 ++-- crypto/buffer/buf_str.c | 7 ++--- crypto/crypto.h | 5 ++++ crypto/dsa/dsa_sign.c | 7 ++--- crypto/evp/evp.h | 58 +++------------------------------------ crypto/rsa/rsa_gen.c | 3 +- crypto/rsa/rsa_oaep.c | 4 --- fips/des/fips_desmovs.c | 2 +- fips/dsa/fips_dssvs.c | 4 +-- fips/fips.h | 34 +++++++++++++++++++---- fips/fips_utl.h | 1 - fips/hmac/fips_hmactest.c | 3 ++ fips/rand/fips_randtest.c | 4 ++- fips/rand/fips_rngvs.c | 3 ++ fips/utl/fips_mem.c | 2 ++ 21 files changed, 67 insertions(+), 112 deletions(-) diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c index d2bba48b0d..2dc677c739 100644 --- a/crypto/bn/bn_blind.c +++ b/crypto/bn/bn_blind.c @@ -109,16 +109,12 @@ * [including the GNU Public Licence.] */ +#define OPENSSL_FIPSAPI + #include #include "cryptlib.h" #include "bn_lcl.h" -#define OPENSSL_FIPSAPI - -#ifdef OPENSSL_FIPS -#include -#endif - #define BN_BLINDING_COUNTER 32 struct bn_blinding_st diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index f16fb35f5a..0272dbb62b 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -68,10 +68,6 @@ #include "cryptlib.h" #include "bn_lcl.h" -#ifdef OPENSSL_FIPS -#include -#endif - /* TODO list * * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 2267367793..ce31ad0a58 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -109,15 +109,11 @@ * */ +#define OPENSSL_FIPSAPI #include "cryptlib.h" #include "bn_lcl.h" -#define OPENSSL_FIPSAPI -#ifdef OPENSSL_FIPS -#include -#endif - /* maximum precomputation table size for *variable* sliding windows */ #define TABLE_SIZE 32 diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 503762b31e..e7dea71911 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -61,17 +61,14 @@ # define NDEBUG #endif +#define OPENSSL_FIPSAPI + #include #include #include #include "cryptlib.h" #include "bn_lcl.h" -#define OPENSSL_FIPSAPI -#ifdef OPENSSL_FIPS -#include -#endif - const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT; /* This stuff appears to be completely unused, so is deprecated */ diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index ba659cfd1d..2f7fb843a9 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -122,10 +122,6 @@ #include "cryptlib.h" #include "bn_lcl.h" -#ifdef OPENSSL_FIPS -#include -#endif - #define MONT_WORD /* use the faster word-based algorithm */ #ifdef MONT_WORD diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 070b1e4ed2..215285b90f 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -109,17 +109,14 @@ * */ +#define OPENSSL_FIPSAPI + #include #include #include "cryptlib.h" #include "bn_lcl.h" #include -#define OPENSSL_FIPSAPI -#ifdef OPENSSL_FIPS -#include -#endif - static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) { unsigned char *buf=NULL; diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c index dde27ae71a..c086af6d0b 100644 --- a/crypto/bn/bn_recp.c +++ b/crypto/bn/bn_recp.c @@ -56,14 +56,12 @@ * [including the GNU Public Licence.] */ +#define OPENSSL_FIPSAPI + #include #include "cryptlib.h" #include "bn_lcl.h" -#define OPENSSL_FIPSAPI -#ifdef OPENSSL_FIPS -#include -#endif void BN_RECP_CTX_init(BN_RECP_CTX *recp) { diff --git a/crypto/buffer/buf_str.c b/crypto/buffer/buf_str.c index 6d94942df8..11241f8727 100644 --- a/crypto/buffer/buf_str.c +++ b/crypto/buffer/buf_str.c @@ -56,15 +56,12 @@ * [including the GNU Public Licence.] */ +#define OPENSSL_FIPSAPI + #include #include "cryptlib.h" #include -#define OPENSSL_FIPSAPI -#ifdef OPENSSL_FIPS -#include -#endif - char *BUF_strdup(const char *str) { if (str == NULL) return(NULL); diff --git a/crypto/crypto.h b/crypto/crypto.h index 5089c65882..938c2bc144 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -125,6 +125,11 @@ #include #endif +/* Get FIPS renames if needed */ +#if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSAPI) +#include +#endif + #include #include #include diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index 3684960203..d983471e3b 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -58,16 +58,13 @@ /* Original version from Steven Schoch */ +#define OPENSSL_FIPSAPI + #include "cryptlib.h" #include #include #include -#define OPENSSL_FIPSAPI -#ifdef OPENSSL_FIPS -#include -#endif - DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { return dsa->meth->dsa_do_sign(dgst, dlen, dsa); diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 086da7c794..01f43993aa 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -526,70 +526,20 @@ __owur int EVP_Cipher(EVP_CIPHER_CTX *c, #define EVP_delete_digest_alias(alias) \ OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); -#ifdef OPENSSL_FIPS -void FIPS_md_ctx_init(EVP_MD_CTX *ctx); -EVP_MD_CTX *FIPS_md_ctx_create(void); -void FIPS_md_ctx_destroy(EVP_MD_CTX *ctx); -int FIPS_digestinit(EVP_MD_CTX *ctx, const EVP_MD *type); -int FIPS_digestupdate(EVP_MD_CTX *ctx, const void *data, size_t count); -int FIPS_digestfinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size); -int FIPS_digest(const void *data, size_t count, - unsigned char *md, unsigned int *size, const EVP_MD *type); -int FIPS_md_ctx_cleanup(EVP_MD_CTX *ctx); -int FIPS_md_ctx_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in); - - -void FIPS_cipher_ctx_init(EVP_CIPHER_CTX *ctx); -int FIPS_cipher_ctx_cleanup(EVP_CIPHER_CTX *c); -EVP_CIPHER_CTX *FIPS_cipher_ctx_new(void); -void FIPS_cipher_ctx_free(EVP_CIPHER_CTX *ctx); -int FIPS_cipherinit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv, int enc); -int FIPS_cipher_ctx_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); -int FIPS_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl); - -#endif - -#if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSAPI) - -#define EVP_MD_CTX_init FIPS_md_ctx_init -#define EVP_MD_CTX_cleanup FIPS_md_ctx_cleanup -#define EVP_MD_CTX_create FIPS_md_ctx_create -#define EVP_MD_CTX_destroy FIPS_md_ctx_destroy -#define EVP_DigestInit_ex(ctx, type, impl) FIPS_digestinit(ctx, type) -#define EVP_DigestUpdate FIPS_digestupdate -#define EVP_Digest(data, count, md, size, type, impl) \ - FIPS_digest(data, count, md, size, type) -#define EVP_DigestFinal_ex FIPS_digestfinal -#define EVP_MD_CTX_copy_ex FIPS_md_ctx_copy - -#define EVP_CipherInit_ex(ctx, cipher, impl, key, iv, enc) \ - FIPS_cipherinit(ctx, cipher, key, iv, enc) - -#define EVP_CIPHER_CTX_init FIPS_cipher_ctx_init -#define EVP_CIPHER_CTX_cleanup FIPS_cipher_ctx_cleanup -#define EVP_Cipher FIPS_cipher -#define EVP_CIPHER_CTX_ctrl FIPS_cipher_ctx_ctrl - -#else - void EVP_MD_CTX_init(EVP_MD_CTX *ctx); int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); EVP_MD_CTX *EVP_MD_CTX_create(void); void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); +__owur int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); +void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); +void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); +int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags); __owur int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); __owur int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, size_t cnt); __owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); __owur int EVP_Digest(const void *data, size_t count, unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl); -#endif - -__owur int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); -void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); -void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); -int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags); __owur int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in); __owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index e82a81b03a..90d6b3cd7c 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -62,6 +62,8 @@ * - Geoff */ +#define OPENSSL_FIPSAPI + #include #include #include "cryptlib.h" @@ -70,7 +72,6 @@ #ifdef OPENSSL_FIPS -#define OPENSSL_FIPSAPI #include #include diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index 48cd89dd48..eaae712236 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -30,10 +30,6 @@ #include #include -#ifdef OPENSSL_FIPS -#include -#endif - static int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen); diff --git a/fips/des/fips_desmovs.c b/fips/des/fips_desmovs.c index 6766d1c915..2debcee29a 100644 --- a/fips/des/fips_desmovs.c +++ b/fips/des/fips_desmovs.c @@ -83,8 +83,8 @@ int main(int argc, char *argv[]) #else -#include #include "fips_utl.h" +#include #define DES_BLOCK_SIZE 8 diff --git a/fips/dsa/fips_dssvs.c b/fips/dsa/fips_dssvs.c index 513df722cb..4610557f7b 100644 --- a/fips/dsa/fips_dssvs.c +++ b/fips/dsa/fips_dssvs.c @@ -1,3 +1,5 @@ + +#define OPENSSL_FIPSAPI #include #ifndef OPENSSL_FIPS @@ -10,8 +12,6 @@ int main(int argc, char **argv) } #else -#define OPENSSL_FIPSAPI - #include #include #include diff --git a/fips/fips.h b/fips/fips.h index 5452db9311..a49611d9b5 100644 --- a/fips/fips.h +++ b/fips/fips.h @@ -60,6 +60,7 @@ extern "C" { #endif struct dsa_st; +struct rsa_st; struct evp_pkey_st; struct env_md_st; struct evp_cipher_st; @@ -108,18 +109,41 @@ int fips_cipher_test(struct evp_cipher_ctx_st *ctx, void fips_set_selftest_fail(void); int fips_check_rsa(struct rsa_st *rsa); -void FIPS_lock(int mode, int type,const char *file,int line); - -void FIPS_set_locking_callback (void (*func)(int mode, int type, +void FIPS_set_locking_callback(void (*func)(int mode, int type, const char *file,int line)); -void *FIPS_malloc(int num, const char *file, int line); -void FIPS_free(void *); +/* Where necessary redirect standard OpenSSL APIs to FIPS versions */ #if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSAPI) + #define CRYPTO_lock FIPS_lock #define CRYPTO_malloc FIPS_malloc #define CRYPTO_free FIPS_free + +#define EVP_MD_CTX_init FIPS_md_ctx_init +#define EVP_MD_CTX_cleanup FIPS_md_ctx_cleanup +#define EVP_MD_CTX_create FIPS_md_ctx_create +#define EVP_MD_CTX_destroy FIPS_md_ctx_destroy +#define EVP_DigestInit_ex(ctx, type, impl) FIPS_digestinit(ctx, type) +#define EVP_DigestInit FIPS_digestinit +#define EVP_DigestUpdate FIPS_digestupdate +#define EVP_Digest(data, count, md, size, type, impl) \ + FIPS_digest(data, count, md, size, type) +#define EVP_DigestFinal_ex FIPS_digestfinal +#define EVP_MD_CTX_copy_ex FIPS_md_ctx_copy + +#define EVP_CipherInit_ex(ctx, cipher, impl, key, iv, enc) \ + FIPS_cipherinit(ctx, cipher, key, iv, enc) + +#define EVP_CipherInit FIPS_cipherinit + +#define EVP_CIPHER_CTX_init FIPS_cipher_ctx_init +#define EVP_CIPHER_CTX_cleanup FIPS_cipher_ctx_cleanup +#define EVP_Cipher FIPS_cipher +#define EVP_CIPHER_CTX_ctrl FIPS_cipher_ctx_ctrl +#define EVP_CIPHER_CTX_new FIPS_cipher_ctx_new +#define EVP_CIPHER_CTX_free FIPS_cipher_ctx_free + #endif /* BEGIN ERROR CODES */ diff --git a/fips/fips_utl.h b/fips/fips_utl.h index 76ae4f8e38..eccc8ddf44 100644 --- a/fips/fips_utl.h +++ b/fips/fips_utl.h @@ -48,7 +48,6 @@ */ #define OPENSSL_FIPSAPI -#include int hex2bin(const char *in, unsigned char *out); unsigned char *hex2bin_m(const char *in, long *plen); diff --git a/fips/hmac/fips_hmactest.c b/fips/hmac/fips_hmactest.c index 8c51fe523b..af6ce29b80 100644 --- a/fips/hmac/fips_hmactest.c +++ b/fips/hmac/fips_hmactest.c @@ -56,6 +56,8 @@ * */ +#define OPENSSL_FIPSAPI + #include #include #include @@ -77,6 +79,7 @@ int main(int argc, char *argv[]) #else +#include #include "fips_utl.h" static int hmac_test(const EVP_MD *md, FILE *out, FILE *in); diff --git a/fips/rand/fips_randtest.c b/fips/rand/fips_randtest.c index 31c51d3392..b211a039c0 100644 --- a/fips/rand/fips_randtest.c +++ b/fips/rand/fips_randtest.c @@ -103,6 +103,8 @@ * */ +#define OPENSSL_FIPSAPI + #include #include #include @@ -125,8 +127,8 @@ int main(int argc, char *argv[]) #define OPENSSL_FIPSAPI -#include #include "fips_utl.h" +#include typedef struct { diff --git a/fips/rand/fips_rngvs.c b/fips/rand/fips_rngvs.c index 2d198c77e3..972acce6d1 100644 --- a/fips/rand/fips_rngvs.c +++ b/fips/rand/fips_rngvs.c @@ -7,6 +7,9 @@ * Validation System (RNGVS)", May 25, 2004. * */ + +#define OPENSSL_FIPSAPI + #include #ifndef OPENSSL_FIPS diff --git a/fips/utl/fips_mem.c b/fips/utl/fips_mem.c index d8f197bd45..3d5c907f1a 100644 --- a/fips/utl/fips_mem.c +++ b/fips/utl/fips_mem.c @@ -51,6 +51,8 @@ * ==================================================================== */ +#define OPENSSL_FIPSAPI + #include #include -- 2.25.1