Move all FIPSAPI renames into fips.h header file, include early in

crypto.h if needed. Modify source tree to handle change.
2011-01-27 19:10:56 +00:00 · 2011-01-27 19:10:56 +00:00 · 7edfe67456
commit 7edfe67456
parent d8ad2e6112
21 changed files with 67 additions and 112 deletions
--- a/crypto/bn/bn_blind.c
+++ b/crypto/bn/bn_blind.c
@ -109,16 +109,12 @@
 * [including the GNU Public Licence.]
 */

+#define OPENSSL_FIPSAPI
+
 #include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"

-#define OPENSSL_FIPSAPI
-
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 #define BN_BLINDING_COUNTER	32

 struct bn_blinding_st
--- a/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
@ -68,10 +68,6 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"

-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 /* TODO list
 *
 * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@ -109,15 +109,11 @@
 *
 */

+#define OPENSSL_FIPSAPI

 #include "cryptlib.h"
 #include "bn_lcl.h"

-#define OPENSSL_FIPSAPI
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 /* maximum precomputation table size for *variable* sliding windows */
 #define TABLE_SIZE	32

--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@ -61,17 +61,14 @@
 # define NDEBUG
 #endif

+#define OPENSSL_FIPSAPI
+
 #include <assert.h>
 #include <limits.h>
 #include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"

-#define OPENSSL_FIPSAPI
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT;

 /* This stuff appears to be completely unused, so is deprecated */
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@ -122,10 +122,6 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"

-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 #define MONT_WORD /* use the faster word-based algorithm */

 #ifdef MONT_WORD
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@ -109,17 +109,14 @@
 *
 */

+#define OPENSSL_FIPSAPI
+
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
 #include <openssl/rand.h>

-#define OPENSSL_FIPSAPI
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 	{
 	unsigned char *buf=NULL;
--- a/crypto/bn/bn_recp.c
+++ b/crypto/bn/bn_recp.c
@ -56,14 +56,12 @@
 * [including the GNU Public Licence.]
 */

+#define OPENSSL_FIPSAPI
+
 #include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"

-#define OPENSSL_FIPSAPI
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif

 void BN_RECP_CTX_init(BN_RECP_CTX *recp)
 	{
--- a/crypto/buffer/buf_str.c
+++ b/crypto/buffer/buf_str.c
@ -56,15 +56,12 @@
 * [including the GNU Public Licence.]
 */

+#define OPENSSL_FIPSAPI
+
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>

-#define OPENSSL_FIPSAPI
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 char *BUF_strdup(const char *str)
 	{
 	if (str == NULL) return(NULL);
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@ -125,6 +125,11 @@
 #include <stdio.h>
 #endif

+/* Get FIPS renames if needed */
+#if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSAPI)
+#include <openssl/fips.h>
+#endif
+
 #include <openssl/stack.h>
 #include <openssl/safestack.h>
 #include <openssl/opensslv.h>
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@ -58,16 +58,13 @@

 /* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */

+#define OPENSSL_FIPSAPI
+
 #include "cryptlib.h"
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/bn.h>

-#define OPENSSL_FIPSAPI
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 	{
 	return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@ -526,70 +526,20 @@ __owur int EVP_Cipher(EVP_CIPHER_CTX *c,
 #define EVP_delete_digest_alias(alias) \
 	OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);

-#ifdef OPENSSL_FIPS
-void FIPS_md_ctx_init(EVP_MD_CTX *ctx);
-EVP_MD_CTX *FIPS_md_ctx_create(void);
-void FIPS_md_ctx_destroy(EVP_MD_CTX *ctx);
-int FIPS_digestinit(EVP_MD_CTX *ctx, const EVP_MD *type);
-int FIPS_digestupdate(EVP_MD_CTX *ctx, const void *data, size_t count);
-int FIPS_digestfinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size);
-int FIPS_digest(const void *data, size_t count,
-		unsigned char *md, unsigned int *size, const EVP_MD *type);
-int FIPS_md_ctx_cleanup(EVP_MD_CTX *ctx);
-int     FIPS_md_ctx_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
-
-
-void FIPS_cipher_ctx_init(EVP_CIPHER_CTX *ctx);
-int FIPS_cipher_ctx_cleanup(EVP_CIPHER_CTX *c);
-EVP_CIPHER_CTX *FIPS_cipher_ctx_new(void);
-void FIPS_cipher_ctx_free(EVP_CIPHER_CTX *ctx);
-int FIPS_cipherinit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-	     const unsigned char *key, const unsigned char *iv, int enc);
-int FIPS_cipher_ctx_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
-int FIPS_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			const unsigned char *in, unsigned int inl);
-
-#endif
-
-#if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSAPI)
-
-#define EVP_MD_CTX_init FIPS_md_ctx_init
-#define EVP_MD_CTX_cleanup FIPS_md_ctx_cleanup
-#define EVP_MD_CTX_create FIPS_md_ctx_create
-#define EVP_MD_CTX_destroy FIPS_md_ctx_destroy
-#define EVP_DigestInit_ex(ctx, type, impl) FIPS_digestinit(ctx, type)
-#define EVP_DigestUpdate FIPS_digestupdate
-#define EVP_Digest(data, count, md, size, type, impl) \
-			FIPS_digest(data, count, md, size, type)
-#define EVP_DigestFinal_ex FIPS_digestfinal
-#define EVP_MD_CTX_copy_ex FIPS_md_ctx_copy
-
-#define EVP_CipherInit_ex(ctx, cipher, impl, key, iv, enc) \
-				FIPS_cipherinit(ctx, cipher, key, iv, enc)
-
-#define EVP_CIPHER_CTX_init FIPS_cipher_ctx_init
-#define EVP_CIPHER_CTX_cleanup FIPS_cipher_ctx_cleanup
-#define EVP_Cipher FIPS_cipher
-#define EVP_CIPHER_CTX_ctrl FIPS_cipher_ctx_ctrl
-
-#else
-
 void	EVP_MD_CTX_init(EVP_MD_CTX *ctx);
 int	EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
 EVP_MD_CTX *EVP_MD_CTX_create(void);
 void	EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
+__owur int     EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
+void	EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
+void	EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
+int 	EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags);
 __owur int	EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
 __owur int	EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
 			 size_t cnt);
 __owur int	EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
 __owur int	EVP_Digest(const void *data, size_t count,
 		unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl);
-#endif
-
-__owur int     EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
-void	EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
-void	EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
-int 	EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags);

 __owur int     EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
 __owur int	EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@ -62,6 +62,8 @@
 * - Geoff
 */

+#define OPENSSL_FIPSAPI
+
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
@ -70,7 +72,6 @@

 #ifdef OPENSSL_FIPS

-#define OPENSSL_FIPSAPI

 #include <openssl/fips.h>
 #include <openssl/evp.h>
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@ -30,10 +30,6 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>

-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 static int MGF1(unsigned char *mask, long len,
 	const unsigned char *seed, long seedlen);

--- a/fips/des/fips_desmovs.c
+++ b/fips/des/fips_desmovs.c
@ -83,8 +83,8 @@ int main(int argc, char *argv[])

 #else

-#include <openssl/fips.h>
 #include "fips_utl.h"
+#include <openssl/fips.h>

 #define DES_BLOCK_SIZE 8

--- a/fips/dsa/fips_dssvs.c
+++ b/fips/dsa/fips_dssvs.c
@ -1,3 +1,5 @@
+
+#define OPENSSL_FIPSAPI
 #include <openssl/opensslconf.h>

 #ifndef OPENSSL_FIPS
@ -10,8 +12,6 @@ int main(int argc, char **argv)
 }
 #else

-#define OPENSSL_FIPSAPI
-
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/fips.h>
--- a/fips/fips.h
+++ b/fips/fips.h
@ -60,6 +60,7 @@ extern "C" {
 #endif

 struct dsa_st;
+struct rsa_st;
 struct evp_pkey_st;
 struct env_md_st;
 struct evp_cipher_st;
@ -108,18 +109,41 @@ int fips_cipher_test(struct evp_cipher_ctx_st *ctx,
 void fips_set_selftest_fail(void);
 int fips_check_rsa(struct rsa_st *rsa);

-void FIPS_lock(int mode, int type,const char *file,int line);
-
-void FIPS_set_locking_callback (void (*func)(int mode, int type,
+void FIPS_set_locking_callback(void (*func)(int mode, int type,
 				const char *file,int line));

-void *FIPS_malloc(int num, const char *file, int line);
-void FIPS_free(void *);
+/* Where necessary redirect standard OpenSSL APIs to FIPS versions */

 #if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSAPI)
+
 #define CRYPTO_lock FIPS_lock
 #define CRYPTO_malloc FIPS_malloc
 #define CRYPTO_free FIPS_free
+
+#define EVP_MD_CTX_init FIPS_md_ctx_init
+#define EVP_MD_CTX_cleanup FIPS_md_ctx_cleanup
+#define EVP_MD_CTX_create FIPS_md_ctx_create
+#define EVP_MD_CTX_destroy FIPS_md_ctx_destroy
+#define EVP_DigestInit_ex(ctx, type, impl) FIPS_digestinit(ctx, type)
+#define EVP_DigestInit FIPS_digestinit
+#define EVP_DigestUpdate FIPS_digestupdate
+#define EVP_Digest(data, count, md, size, type, impl) \
+			FIPS_digest(data, count, md, size, type)
+#define EVP_DigestFinal_ex FIPS_digestfinal
+#define EVP_MD_CTX_copy_ex FIPS_md_ctx_copy
+
+#define EVP_CipherInit_ex(ctx, cipher, impl, key, iv, enc) \
+				FIPS_cipherinit(ctx, cipher, key, iv, enc)
+
+#define EVP_CipherInit FIPS_cipherinit
+
+#define EVP_CIPHER_CTX_init FIPS_cipher_ctx_init
+#define EVP_CIPHER_CTX_cleanup FIPS_cipher_ctx_cleanup
+#define EVP_Cipher FIPS_cipher
+#define EVP_CIPHER_CTX_ctrl FIPS_cipher_ctx_ctrl
+#define EVP_CIPHER_CTX_new FIPS_cipher_ctx_new
+#define EVP_CIPHER_CTX_free FIPS_cipher_ctx_free
+
 #endif

 /* BEGIN ERROR CODES */
--- a/fips/fips_utl.h
+++ b/fips/fips_utl.h
@ -48,7 +48,6 @@
 */

 #define OPENSSL_FIPSAPI
-#include <openssl/fips.h>

 int hex2bin(const char *in, unsigned char *out);
 unsigned char *hex2bin_m(const char *in, long *plen);
--- a/fips/hmac/fips_hmactest.c
+++ b/fips/hmac/fips_hmactest.c
@ -56,6 +56,8 @@
 *
 */

+#define OPENSSL_FIPSAPI
+
 #include <stdio.h>
 #include <ctype.h>
 #include <string.h>
@ -77,6 +79,7 @@ int main(int argc, char *argv[])

 #else

+#include <openssl/fips.h>
 #include "fips_utl.h"

 static int hmac_test(const EVP_MD *md, FILE *out, FILE *in);
--- a/fips/rand/fips_randtest.c
+++ b/fips/rand/fips_randtest.c
@ -103,6 +103,8 @@
 *
 */

+#define OPENSSL_FIPSAPI
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@ -125,8 +127,8 @@ int main(int argc, char *argv[])

 #define OPENSSL_FIPSAPI

-#include <openssl/fips.h>
 #include "fips_utl.h"
+#include <openssl/fips.h>

 typedef struct
 	{
--- a/fips/rand/fips_rngvs.c
+++ b/fips/rand/fips_rngvs.c
@ -7,6 +7,9 @@
 * Validation System (RNGVS)", May 25, 2004.
 *
 */
+
+#define OPENSSL_FIPSAPI
+
 #include <openssl/opensslconf.h>

 #ifndef OPENSSL_FIPS
--- a/fips/utl/fips_mem.c
+++ b/fips/utl/fips_mem.c
@ -51,6 +51,8 @@
 * ====================================================================
 */

+#define OPENSSL_FIPSAPI
+
 #include <openssl/err.h>
 #include <openssl/fips.h>