Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer

to EVP any more. Move locking #define into fips.h. Set FIPS locking callbacks at same time as OpenSSL locking callbacks.
2011-01-27 15:22:26 +00:00 · 2011-01-27 15:22:26 +00:00 · 7c8ced94c3
commit 7c8ced94c3
parent d5df1b3f0d
28 changed files with 38 additions and 29 deletions
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@ -116,7 +116,7 @@
 * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf
 */
-#define OPENSSL_FIPSEVP
+#define OPENSSL_FIPSAPI
 #include <stdio.h>
 #include "cryptlib.h"
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@ -249,10 +249,6 @@ typedef struct openssl_item_st
 #define CRYPTO_add(a,b,c)	((*(a))+=(b))
 #endif
 #if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSEVP)
 #define CRYPTO_lock FIPS_lock
 #endif
 /* Some applications as well as some parts of OpenSSL need to allocate
   and deallocate locks in a dynamic fashion.  The following typedef
   makes this possible in a type-safe manner.  */
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@ -73,7 +73,7 @@
 #ifndef OPENSSL_NO_SHA
-#define OPENSSL_FIPSEVP
+#define OPENSSL_FIPSAPI
 #include <stdio.h>
 #include "cryptlib.h"
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@ -551,7 +551,7 @@ int FIPS_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 #endif
-#if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSEVP)
+#if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSAPI)
 #define EVP_MD_CTX_init FIPS_md_ctx_init
 #define EVP_MD_CTX_cleanup FIPS_md_ctx_cleanup
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
-#define OPENSSL_FIPSEVP
+#define OPENSSL_FIPSAPI
 #include <stdio.h>
 #include <stdlib.h>
--- a/crypto/lock.c
+++ b/crypto/lock.c
@ -116,6 +116,9 @@
 #include "cryptlib.h"
 #include <openssl/safestack.h>
 #ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
 #endif
 #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
 static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
@ -380,6 +383,9 @@ void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func)
 void CRYPTO_set_dynlock_lock_callback(void (*func)(int mode,
 	struct CRYPTO_dynlock_value *l, const char *file, int line))
 	{
 #ifdef OPENSSL_FIPS
 	FIPS_set_locking_callback(CRYPTO_lock);
 #endif
 	dynlock_lock_callback=func;
 	}
@ -405,6 +411,9 @@ int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,
 void CRYPTO_set_locking_callback(void (*func)(int mode,int type,
 					      const char *file,int line))
 	{
 #ifdef OPENSSL_FIPS
 	FIPS_set_locking_callback(CRYPTO_lock);
 #endif
 	locking_callback=func;
 	}
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@ -109,7 +109,7 @@
 *
 */
-#define OPENSSL_FIPSEVP
+#define OPENSSL_FIPSAPI
 #ifdef MD_RAND_DEBUG
 # ifndef NDEBUG
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@ -109,7 +109,7 @@
 *
 */
-#define OPENSSL_FIPSEVP
+#define OPENSSL_FIPSAPI
 #include <stdio.h>
 #include "cryptlib.h"
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@ -18,7 +18,7 @@
 * an equivalent notion.
 */
-#define OPENSSL_FIPSEVP
+#define OPENSSL_FIPSAPI
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
@ -56,7 +56,7 @@
 *
 */
-#define OPENSSL_FIPSEVP
+#define OPENSSL_FIPSAPI
 #include <stdio.h>
 #include "cryptlib.h"
--- a/fips/aes/fips_aes_selftest.c
+++ b/fips/aes/fips_aes_selftest.c
@ -47,7 +47,7 @@
 *
 */
-#define OPENSSL_FIPSEVP
+#define OPENSSL_FIPSAPI
 #include <string.h>
 #include <openssl/err.h>
--- a/fips/aes/fips_aesavs.c
+++ b/fips/aes/fips_aesavs.c
@ -57,7 +57,7 @@
  U.S.A.
  ----------------------------------------------*/
-#define OPENSSL_FIPSEVP
+#define OPENSSL_FIPSAPI
 #include <stdio.h>
 #include <stdlib.h>
--- a/fips/des/fips_des_selftest.c
+++ b/fips/des/fips_des_selftest.c
@ -47,7 +47,7 @@
 *
 */
-#define OPENSSL_FIPSEVP
+#define OPENSSL_FIPSAPI
 #include <string.h>
 #include <openssl/err.h>
--- a/fips/des/fips_desmovs.c
+++ b/fips/des/fips_desmovs.c
@ -58,7 +58,7 @@
  U.S.A.
  ----------------------------------------------*/
-#define OPENSSL_FIPSEVP
+#define OPENSSL_FIPSAPI
 #include <stdio.h>
 #include <stdlib.h>
--- a/fips/dsa/fips_dsa_selftest.c
+++ b/fips/dsa/fips_dsa_selftest.c
@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
-#define OPENSSL_FIPSEVP
+#define OPENSSL_FIPSAPI
 #include <string.h>
 #include <openssl/crypto.h>
--- a/fips/dsa/fips_dsa_sign.c
+++ b/fips/dsa/fips_dsa_sign.c
@ -56,7 +56,7 @@
 *
 */
-#define OPENSSL_FIPSEVP
+#define OPENSSL_FIPSAPI
 #include <string.h>
 #include <openssl/evp.h>
--- a/fips/dsa/fips_dssvs.c
+++ b/fips/dsa/fips_dssvs.c
@ -10,7 +10,7 @@ int main(int argc, char **argv)
 }
 #else
-#define OPENSSL_FIPSEVP
+#define OPENSSL_FIPSAPI
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
--- a/fips/fips.c
+++ b/fips/fips.c
@ -47,7 +47,7 @@
 *
 */
-#define OPENSSL_FIPSEVP
+#define OPENSSL_FIPSAPI
 #include <openssl/rand.h>
 #include <openssl/fips_rand.h>
--- a/fips/fips.h
+++ b/fips/fips.h
@ -122,6 +122,10 @@ int FIPS_evp_md_ctx_cleanup(EVP_MD_CTX *ctx);
 void FIPS_set_locking_callback (void (*func)(int mode, int type,
 				const char *file,int line));
 #if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSAPI)
 #define CRYPTO_lock FIPS_lock
 #endif
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
--- a/fips/fips_test_suite.c
+++ b/fips/fips_test_suite.c
@ -12,7 +12,7 @@
 *
 */
-#define OPENSSL_FIPSEVP
+#define OPENSSL_FIPSAPI
 #include <stdio.h>
 #include <assert.h>
--- a/fips/rand/fips_rand.c
+++ b/fips/rand/fips_rand.c
@ -47,7 +47,7 @@
 *
 */
-#define OPENSSL_FIPSEVP
+#define OPENSSL_FIPSAPI
 /*
 * This is a FIPS approved AES PRNG based on ANSI X9.31 A.2.4.
--- a/fips/rsa/fips_rsa_sign.c
+++ b/fips/rsa/fips_rsa_sign.c
@ -56,7 +56,7 @@
 *
 */
-#define OPENSSL_FIPSEVP
+#define OPENSSL_FIPSAPI
 #include <string.h>
 #include <openssl/evp.h>
--- a/fips/rsa/fips_rsagtest.c
+++ b/fips/rsa/fips_rsagtest.c
@ -56,7 +56,7 @@
 *
 */
-#define OPENSSL_FIPSEVP
+#define OPENSSL_FIPSAPI
 #include <stdio.h>
 #include <ctype.h>
--- a/fips/rsa/fips_rsastest.c
+++ b/fips/rsa/fips_rsastest.c
@ -56,7 +56,7 @@
 *
 */
-#define OPENSSL_FIPSEVP
+#define OPENSSL_FIPSAPI
 #include <stdio.h>
 #include <ctype.h>
--- a/fips/rsa/fips_rsavtest.c
+++ b/fips/rsa/fips_rsavtest.c
@ -56,7 +56,7 @@
 *
 */
-#define OPENSSL_FIPSEVP
+#define OPENSSL_FIPSAPI
 #include <stdio.h>
 #include <ctype.h>
--- a/fips/sha/fips_sha1_selftest.c
+++ b/fips/sha/fips_sha1_selftest.c
@ -47,7 +47,7 @@
 *
 */
-#define OPENSSL_FIPSEVP
+#define OPENSSL_FIPSAPI
 #include <string.h>
 #include <openssl/err.h>
--- a/fips/sha/fips_shatest.c
+++ b/fips/sha/fips_shatest.c
@ -56,7 +56,7 @@
 *
 */
-#define OPENSSL_FIPSEVP
+#define OPENSSL_FIPSAPI
 #include <stdio.h>
 #include <ctype.h>
--- a/fips/utl/fips_lck.c
+++ b/fips/utl/fips_lck.c
@ -51,7 +51,7 @@
 * ====================================================================
 */
-#define OPENSSL_FIPSEVP
+#define OPENSSL_FIPSAPI
 #include <openssl/evp.h>
 #include <openssl/fips.h>