From 7c8ced94c32131f24d469d2899f3339f77c47aa1 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 27 Jan 2011 15:22:26 +0000 Subject: [PATCH] Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer to EVP any more. Move locking #define into fips.h. Set FIPS locking callbacks at same time as OpenSSL locking callbacks. --- crypto/bn/bn_mont.c | 2 +- crypto/crypto.h | 4 ---- crypto/dsa/dsa_gen.c | 2 +- crypto/evp/evp.h | 2 +- crypto/hmac/hmac.c | 2 +- crypto/lock.c | 9 +++++++++ crypto/rand/md_rand.c | 2 +- crypto/rsa/rsa_eay.c | 2 +- crypto/rsa/rsa_oaep.c | 2 +- crypto/rsa/rsa_pss.c | 2 +- fips/aes/fips_aes_selftest.c | 2 +- fips/aes/fips_aesavs.c | 2 +- fips/des/fips_des_selftest.c | 2 +- fips/des/fips_desmovs.c | 2 +- fips/dsa/fips_dsa_selftest.c | 2 +- fips/dsa/fips_dsa_sign.c | 2 +- fips/dsa/fips_dssvs.c | 2 +- fips/fips.c | 2 +- fips/fips.h | 4 ++++ fips/fips_test_suite.c | 2 +- fips/rand/fips_rand.c | 2 +- fips/rsa/fips_rsa_sign.c | 2 +- fips/rsa/fips_rsagtest.c | 2 +- fips/rsa/fips_rsastest.c | 2 +- fips/rsa/fips_rsavtest.c | 2 +- fips/sha/fips_sha1_selftest.c | 2 +- fips/sha/fips_shatest.c | 2 +- fips/utl/fips_lck.c | 2 +- 28 files changed, 38 insertions(+), 29 deletions(-) diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index b00a8cf34..2f7fb843a 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -116,7 +116,7 @@ * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf */ -#define OPENSSL_FIPSEVP +#define OPENSSL_FIPSAPI #include #include "cryptlib.h" diff --git a/crypto/crypto.h b/crypto/crypto.h index 84d3520ec..5089c6588 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -249,10 +249,6 @@ typedef struct openssl_item_st #define CRYPTO_add(a,b,c) ((*(a))+=(b)) #endif -#if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSEVP) -#define CRYPTO_lock FIPS_lock -#endif - /* Some applications as well as some parts of OpenSSL need to allocate and deallocate locks in a dynamic fashion. The following typedef makes this possible in a type-safe manner. */ diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 8096a15eb..d5a41c249 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -73,7 +73,7 @@ #ifndef OPENSSL_NO_SHA -#define OPENSSL_FIPSEVP +#define OPENSSL_FIPSAPI #include #include "cryptlib.h" diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 0db6f15ac..086da7c79 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -551,7 +551,7 @@ int FIPS_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, #endif -#if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSEVP) +#if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSAPI) #define EVP_MD_CTX_init FIPS_md_ctx_init #define EVP_MD_CTX_cleanup FIPS_md_ctx_cleanup diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index 88941bdb4..dc28d8da8 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ -#define OPENSSL_FIPSEVP +#define OPENSSL_FIPSAPI #include #include diff --git a/crypto/lock.c b/crypto/lock.c index 49db044fc..bbce52add 100644 --- a/crypto/lock.c +++ b/crypto/lock.c @@ -116,6 +116,9 @@ #include "cryptlib.h" #include +#ifdef OPENSSL_FIPS +#include +#endif #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */ @@ -380,6 +383,9 @@ void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func) void CRYPTO_set_dynlock_lock_callback(void (*func)(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line)) { +#ifdef OPENSSL_FIPS + FIPS_set_locking_callback(CRYPTO_lock); +#endif dynlock_lock_callback=func; } @@ -405,6 +411,9 @@ int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type, void CRYPTO_set_locking_callback(void (*func)(int mode,int type, const char *file,int line)) { +#ifdef OPENSSL_FIPS + FIPS_set_locking_callback(CRYPTO_lock); +#endif locking_callback=func; } diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index a06fd209d..87d4bfb75 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -109,7 +109,7 @@ * */ -#define OPENSSL_FIPSEVP +#define OPENSSL_FIPSAPI #ifdef MD_RAND_DEBUG # ifndef NDEBUG diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 1f18854f0..b088d0dbf 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -109,7 +109,7 @@ * */ -#define OPENSSL_FIPSEVP +#define OPENSSL_FIPSAPI #include #include "cryptlib.h" diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index bf8dd044b..eaae71223 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -18,7 +18,7 @@ * an equivalent notion. */ -#define OPENSSL_FIPSEVP +#define OPENSSL_FIPSAPI #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index 794de9dff..e8f6798bb 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -56,7 +56,7 @@ * */ -#define OPENSSL_FIPSEVP +#define OPENSSL_FIPSAPI #include #include "cryptlib.h" diff --git a/fips/aes/fips_aes_selftest.c b/fips/aes/fips_aes_selftest.c index 8b6dd9756..8c5a0eeac 100644 --- a/fips/aes/fips_aes_selftest.c +++ b/fips/aes/fips_aes_selftest.c @@ -47,7 +47,7 @@ * */ -#define OPENSSL_FIPSEVP +#define OPENSSL_FIPSAPI #include #include diff --git a/fips/aes/fips_aesavs.c b/fips/aes/fips_aesavs.c index d7b18ee97..1f302a59f 100644 --- a/fips/aes/fips_aesavs.c +++ b/fips/aes/fips_aesavs.c @@ -57,7 +57,7 @@ U.S.A. ----------------------------------------------*/ -#define OPENSSL_FIPSEVP +#define OPENSSL_FIPSAPI #include #include diff --git a/fips/des/fips_des_selftest.c b/fips/des/fips_des_selftest.c index cad3270cc..d93d3b555 100644 --- a/fips/des/fips_des_selftest.c +++ b/fips/des/fips_des_selftest.c @@ -47,7 +47,7 @@ * */ -#define OPENSSL_FIPSEVP +#define OPENSSL_FIPSAPI #include #include diff --git a/fips/des/fips_desmovs.c b/fips/des/fips_desmovs.c index baa0b0488..6766d1c91 100644 --- a/fips/des/fips_desmovs.c +++ b/fips/des/fips_desmovs.c @@ -58,7 +58,7 @@ U.S.A. ----------------------------------------------*/ -#define OPENSSL_FIPSEVP +#define OPENSSL_FIPSAPI #include #include diff --git a/fips/dsa/fips_dsa_selftest.c b/fips/dsa/fips_dsa_selftest.c index db000a848..9524e634a 100644 --- a/fips/dsa/fips_dsa_selftest.c +++ b/fips/dsa/fips_dsa_selftest.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ -#define OPENSSL_FIPSEVP +#define OPENSSL_FIPSAPI #include #include diff --git a/fips/dsa/fips_dsa_sign.c b/fips/dsa/fips_dsa_sign.c index c111ce0f2..7223589af 100644 --- a/fips/dsa/fips_dsa_sign.c +++ b/fips/dsa/fips_dsa_sign.c @@ -56,7 +56,7 @@ * */ -#define OPENSSL_FIPSEVP +#define OPENSSL_FIPSAPI #include #include diff --git a/fips/dsa/fips_dssvs.c b/fips/dsa/fips_dssvs.c index 9c9e37b45..513df722c 100644 --- a/fips/dsa/fips_dssvs.c +++ b/fips/dsa/fips_dssvs.c @@ -10,7 +10,7 @@ int main(int argc, char **argv) } #else -#define OPENSSL_FIPSEVP +#define OPENSSL_FIPSAPI #include #include diff --git a/fips/fips.c b/fips/fips.c index b6de3f7fd..83b72e577 100644 --- a/fips/fips.c +++ b/fips/fips.c @@ -47,7 +47,7 @@ * */ -#define OPENSSL_FIPSEVP +#define OPENSSL_FIPSAPI #include #include diff --git a/fips/fips.h b/fips/fips.h index 061ed9394..96d8ff64b 100644 --- a/fips/fips.h +++ b/fips/fips.h @@ -122,6 +122,10 @@ int FIPS_evp_md_ctx_cleanup(EVP_MD_CTX *ctx); void FIPS_set_locking_callback (void (*func)(int mode, int type, const char *file,int line)); +#if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSAPI) +#define CRYPTO_lock FIPS_lock +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/fips/fips_test_suite.c b/fips/fips_test_suite.c index 0d6bc807f..6944dbca4 100644 --- a/fips/fips_test_suite.c +++ b/fips/fips_test_suite.c @@ -12,7 +12,7 @@ * */ -#define OPENSSL_FIPSEVP +#define OPENSSL_FIPSAPI #include #include diff --git a/fips/rand/fips_rand.c b/fips/rand/fips_rand.c index b0505782d..f573b26b6 100644 --- a/fips/rand/fips_rand.c +++ b/fips/rand/fips_rand.c @@ -47,7 +47,7 @@ * */ -#define OPENSSL_FIPSEVP +#define OPENSSL_FIPSAPI /* * This is a FIPS approved AES PRNG based on ANSI X9.31 A.2.4. diff --git a/fips/rsa/fips_rsa_sign.c b/fips/rsa/fips_rsa_sign.c index a7f73f512..d07111b4b 100644 --- a/fips/rsa/fips_rsa_sign.c +++ b/fips/rsa/fips_rsa_sign.c @@ -56,7 +56,7 @@ * */ -#define OPENSSL_FIPSEVP +#define OPENSSL_FIPSAPI #include #include diff --git a/fips/rsa/fips_rsagtest.c b/fips/rsa/fips_rsagtest.c index 1b79ffa70..95960ef00 100644 --- a/fips/rsa/fips_rsagtest.c +++ b/fips/rsa/fips_rsagtest.c @@ -56,7 +56,7 @@ * */ -#define OPENSSL_FIPSEVP +#define OPENSSL_FIPSAPI #include #include diff --git a/fips/rsa/fips_rsastest.c b/fips/rsa/fips_rsastest.c index 2a125ae02..9dff464a3 100644 --- a/fips/rsa/fips_rsastest.c +++ b/fips/rsa/fips_rsastest.c @@ -56,7 +56,7 @@ * */ -#define OPENSSL_FIPSEVP +#define OPENSSL_FIPSAPI #include #include diff --git a/fips/rsa/fips_rsavtest.c b/fips/rsa/fips_rsavtest.c index 042180762..0971f15fc 100644 --- a/fips/rsa/fips_rsavtest.c +++ b/fips/rsa/fips_rsavtest.c @@ -56,7 +56,7 @@ * */ -#define OPENSSL_FIPSEVP +#define OPENSSL_FIPSAPI #include #include diff --git a/fips/sha/fips_sha1_selftest.c b/fips/sha/fips_sha1_selftest.c index 2c6a5917d..429161759 100644 --- a/fips/sha/fips_sha1_selftest.c +++ b/fips/sha/fips_sha1_selftest.c @@ -47,7 +47,7 @@ * */ -#define OPENSSL_FIPSEVP +#define OPENSSL_FIPSAPI #include #include diff --git a/fips/sha/fips_shatest.c b/fips/sha/fips_shatest.c index 97b68b82b..480b990fb 100644 --- a/fips/sha/fips_shatest.c +++ b/fips/sha/fips_shatest.c @@ -56,7 +56,7 @@ * */ -#define OPENSSL_FIPSEVP +#define OPENSSL_FIPSAPI #include #include diff --git a/fips/utl/fips_lck.c b/fips/utl/fips_lck.c index 47168af23..63b4c0da7 100644 --- a/fips/utl/fips_lck.c +++ b/fips/utl/fips_lck.c @@ -51,7 +51,7 @@ * ==================================================================== */ -#define OPENSSL_FIPSEVP +#define OPENSSL_FIPSAPI #include #include