Use OPENSSL_FIPS instead of FIPS.

2003-09-25 12:24:52 +00:00 · 2003-09-25 12:24:52 +00:00 · 3b84ce3b6f
commit 3b84ce3b6f
parent 2667b068a1
29 changed files with 47 additions and 46 deletions
--- a/1
+++ b/1
@ -1151,7 +1151,6 @@ $bn_obj = $bn_asm unless $bn_obj ne "";
 if ($fips)
 	{
 	$des_obj=$sha1_obj="";
-	$cflags.=" -DFIPS";
 	}
 $des_obj=$des_enc	unless (!$fips && $des_obj =~ /\.o$/);
 $bf_obj=$bf_enc		unless ($bf_obj =~ /\.o$/);
--- a/crypto/aes/aes_core.c
+++ b/crypto/aes/aes_core.c
@ -40,7 +40,7 @@
 #include <openssl/fips.h>
 #include "aes_locl.h"

-#ifndef FIPS
+#ifndef OPENSSL_FIPS

 /*
 Te0[x] = S [x].[02, 01, 01, 03];
@ -1258,4 +1258,4 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
 	PUTU32(out + 12, s3);
 }

-#endif /* ndef FIPS */
+#endif /* ndef OPENSSL_FIPS */
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@ -66,10 +66,10 @@
 static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
 #endif

-#ifdef FIPS
+#ifdef OPENSSL_FIPS
 int FIPS_mode;
 void *FIPS_rand_check;
-#endif /* def FIPS */
+#endif /* def OPENSSL_FIPS */

 DECLARE_STACK_OF(CRYPTO_dynlock)
 IMPLEMENT_STACK_OF(CRYPTO_dynlock)
--- a/crypto/des/des_enc.c
+++ b/crypto/des/des_enc.c
@ -58,7 +58,7 @@

 #include "des_locl.h"

-#ifndef FIPS
+#ifndef OPENSSL_FIPS

 void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
 	{
@ -289,7 +289,7 @@ void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
 	data[1]=r;
 	}

-#endif /* ndef FIPS */
+#endif /* ndef OPENSSL_FIPS */

 #ifndef DES_DEFAULT_OPTIONS

--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@ -80,7 +80,7 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>

-#ifndef FIPS
+#ifndef OPENSSL_FIPS
 DSA *DSA_generate_parameters(int bits,
 		unsigned char *seed_in, int seed_len,
 		int *counter_ret, unsigned long *h_ret,
@ -294,6 +294,6 @@ err:
 	if (mont != NULL) BN_MONT_CTX_free(mont);
 	return(ok?ret:NULL);
 	}
-#endif /* ndef FIPS */
+#endif /* ndef OPENSSL_FIPS */
 #endif /* ndef OPENSSL_NO_SHA */

--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@ -65,7 +65,7 @@
 #include <openssl/rand.h>
 #include <openssl/asn1.h>

-#ifndef FIPS
+#ifndef OPENSSL_FIPS
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
 static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@ -71,7 +71,7 @@

 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 	{
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
 	if(FIPS_mode && !FIPS_dsa_check(dsa))
 		return NULL;
 #endif
@ -95,7 +95,7 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,

 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 	{
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
 	if(FIPS_mode && !FIPS_dsa_check(dsa))
 		return 0;
 #endif
--- a/crypto/dsa/dsa_vrf.c
+++ b/crypto/dsa/dsa_vrf.c
@ -73,7 +73,7 @@
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
 		  DSA *dsa)
 	{
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
 	if(FIPS_mode && !FIPS_dsa_check(dsa))
 		return -1;
 #endif
--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@ -131,7 +131,7 @@ void ERR_load_crypto_strings(void)
 	ERR_load_OCSP_strings();
 	ERR_load_UI_strings();
 #endif
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
 	ERR_load_FIPS_strings();
 #endif
 	}
--- a/crypto/md32_common.h
+++ b/crypto/md32_common.h
@ -559,7 +559,7 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c)
 	static const unsigned char end[4]={0x80,0x00,0x00,0x00};
 	const unsigned char *cp=end;

-#ifdef FIPS
+#ifdef OPENSSL_FIPS
 	if(FIPS_mode && !FIPS_md5_allowed)
 	    {
 	    FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD);
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@ -333,7 +333,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 #endif
 	int do_stir_pool = 0;

-#ifdef FIPS
+#ifdef OPENSSL_FIPS
 	if(FIPS_mode)
 	    {
 	    FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD);
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@ -87,7 +87,7 @@ int RAND_set_rand_method(const RAND_METHOD *meth)

 const RAND_METHOD *RAND_get_rand_method(void)
 	{
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
 	if(FIPS_mode && default_RAND_meth != FIPS_rand_check)
 	    {
 	    RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
--- a/crypto/sha/sha1dgst.c
+++ b/crypto/sha/sha1dgst.c
@ -63,18 +63,18 @@

 #include <openssl/opensslv.h>

-#ifndef FIPS
+#ifndef OPENSSL_FIPS
 const char *SHA1_version="SHA1" OPENSSL_VERSION_PTEXT;

 /* The implementation is in ../md32_common.h */

 #include "sha_locl.h"

-#else /* ndef FIPS */
+#else /* ndef OPENSSL_FIPS */

 static void *dummy=&dummy;

-#endif /* ndef FIPS */
+#endif /* ndef OPENSSL_FIPS */

 #endif

--- a/fips/aes/fips_aes_core.c
+++ b/fips/aes/fips_aes_core.c
@ -39,7 +39,7 @@
 #include <openssl/aes.h>
 #include "fips_aes_locl.h"

-#ifdef FIPS
+#ifdef OPENSSL_FIPS

 /*
 Te0[x] = S [x].[02, 01, 01, 03];
@ -1257,4 +1257,4 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
 	PUTU32(out + 12, s3);
 }

-#endif /* def FIPS */
+#endif /* def OPENSSL_FIPS */
--- a/fips/aes/fips_aes_selftest.c
+++ b/fips/aes/fips_aes_selftest.c
@ -52,7 +52,7 @@
 #include <openssl/fips.h>
 #include <openssl/aes.h>

-#ifdef FIPS
+#ifdef OPENSSL_FIPS
 static struct
    {
    unsigned char key[16];
--- a/fips/aes/fips_aesavs.c
+++ b/fips/aes/fips_aesavs.c
@ -723,7 +723,7 @@ int proc_file(char *rqfile)
 		break;
 	    if(!strncasecmp(ibuf,"COUNT = ",8))
 		break;
-	  
+
 	    if (strncasecmp(ibuf, "KEY = ", 6) != 0)
 		{
 		printf("Missing KEY\n");
@ -833,7 +833,7 @@ int proc_file(char *rqfile)
 		    err =1;
 		    break;
 		    }
-		
+
 		PrintValue("CIPHERTEXT", ciphertext, len);
 		if (strcmp(atest, "MCT") == 0)  /* Monte Carlo Test */
 		    {
@ -889,7 +889,7 @@ int main(int argc, char **argv)
    char fn[250] = "", rfn[256] = "";
    int f_opt = 0, d_opt = 1;

-#ifdef FIPS
+#ifdef OPENSSL_FIPS
    if(!FIPS_mode_set(1,argv[0]))
 	{
 	ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
--- a/fips/des/fips_des_enc.c
+++ b/fips/des/fips_des_enc.c
@ -58,7 +58,7 @@

 #include "fips_des_locl.h"

-#ifdef FIPS
+#ifdef OPENSSL_FIPS

 void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
 	{
@ -289,9 +289,9 @@ void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
 	data[1]=r;
 	}

-#else /* ndef FIPS */
+#else /* ndef OPENSSL_FIPS */

 static void *dummy=&dummy;

-#endif /* ndef FIPS */
+#endif /* ndef OPENSSL_FIPS */

--- a/fips/des/fips_desmovs.c
+++ b/fips/des/fips_desmovs.c
@ -667,7 +667,7 @@ int main(int argc, char **argv)
    char fn[250] = "", rfn[256] = "";
    int f_opt = 0, d_opt = 1;

-#ifdef FIPS
+#ifdef OPENSSL_FIPS
    if(!FIPS_mode_set(1,argv[0]))
 	{
 	ERR_load_crypto_strings();
--- a/fips/dsa/fips_dsa_gen.c
+++ b/fips/dsa/fips_dsa_gen.c
@ -84,7 +84,7 @@
 #ifndef OPENSSL_NO_SHA
 #include <openssl/sha.h>

-#ifdef FIPS
+#ifdef OPENSSL_FIPS

 DSA *DSA_generate_parameters(int bits,
 		unsigned char *seed_in, int seed_len,
--- a/fips/dsa/fips_dsa_ossl.c
+++ b/fips/dsa/fips_dsa_ossl.c
@ -68,7 +68,7 @@
 #endif
 #include <openssl/fips.h>

-#ifdef FIPS
+#ifdef OPENSSL_FIPS

 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
@ -367,8 +367,8 @@ static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 	return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
 }

-#else /* ndef FIPS */
+#else /* ndef OPENSSL_FIPS */

 static void *dummy=&dummy;

-#endif /* ndef FIPS */
+#endif /* ndef OPENSSL_FIPS */
--- a/fips/dsa/fips_dsatest.c
+++ b/fips/dsa/fips_dsatest.c
@ -74,7 +74,7 @@
 #include <openssl/fips.h>
 #include <openssl/fips_rand.h>

-#if defined(OPENSSL_NO_DSA) || !defined(FIPS)
+#if defined(OPENSSL_NO_DSA) || !defined(OPENSSL_FIPS)
 int main(int argc, char *argv[])
 {
    printf("No FIPS DSA support\n");
@ -146,7 +146,7 @@ int main(int argc, char **argv)
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);

-#ifdef FIPS
+#ifdef OPENSSL_FIPS
 	if(!FIPS_mode_set(1,argv[0]))
 	    {
 	    ERR_print_errors(bio_err);
--- a/fips/fips.c
+++ b/fips/fips.c
@ -57,7 +57,7 @@
 #include <limits.h>
 #include "fips_locl.h"

-#ifdef FIPS
+#ifdef OPENSSL_FIPS

 int FIPS_md5_allowed;

--- a/fips/fips.h
+++ b/fips/fips.h
@ -47,7 +47,9 @@
 *
 */

-#if defined(FIPS) || defined(OPENSSL_FIPS)
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_FIPS
 /* Note that these are defined in crypto/cryptlib.c so they're
 * available even without -lfips.
 */
--- a/fips/fips_err_wrapper.c
+++ b/fips/fips_err_wrapper.c
@ -1,4 +1,4 @@
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
 # include "fips_err.h"
 #else
 static void *dummy=&dummy;
--- a/fips/rand/fips_randtest.c
+++ b/fips/rand/fips_randtest.c
@ -110,7 +110,7 @@

 #include "e_os.h"

-#ifndef FIPS
+#ifndef OPENSSL_FIPS
 int main(int argc, char *argv[])
 {
    printf("No FIPS RAND support\n");
--- a/fips/sha1/fips_sha1_selftest.c
+++ b/fips/sha1/fips_sha1_selftest.c
@ -52,7 +52,7 @@
 #include <openssl/fips.h>
 #include <openssl/sha.h>

-#ifdef FIPS
+#ifdef OPENSSL_FIPS
 static char *test[]=
    {
    "",
--- a/fips/sha1/fips_sha1dgst.c
+++ b/fips/sha1/fips_sha1dgst.c
@ -63,18 +63,18 @@

 #include <openssl/opensslv.h>

-#ifdef FIPS
+#ifdef OPENSSL_FIPS
 const char *SHA1_version="SHA1" OPENSSL_VERSION_PTEXT;

 /* The implementation is in fips_md32_common.h */

 #include "fips_sha_locl.h"

-#else /* ndef FIPS */
+#else /* ndef OPENSSL_FIPS */

 static void *dummy=&dummy;

-#endif /* ndef FIPS */
+#endif /* ndef OPENSSL_FIPS */

 #endif

--- a/fips/sha1/fips_sha1test.c
+++ b/fips/sha1/fips_sha1test.c
@ -7,7 +7,7 @@
 #include <openssl/err.h>
 #include <openssl/fips.h>

-#ifndef FIPS
+#ifndef OPENSSL_FIPS
 int main(int argc, char *argv[])
 {
    printf("No FIPS SHA1 support\n");
--- a/fips/sha1/fips_standalone_sha1.c
+++ b/fips/sha1/fips_standalone_sha1.c
@ -53,7 +53,7 @@

 int main(int argc,char **argv)
    {
-#ifdef FIPS
+#ifdef OPENSSL_FIPS
    int n;

    if(argc < 2)