diff options
| author | Rich Salz <rsalz@openssl.org> | 2015-01-27 12:34:45 -0500 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2015-01-27 12:34:45 -0500 |
| commit | 474e469bbd056aebcf7e7d3207ef820f2faed4ce (patch) | |
| tree | 435a3d3feb5795d101fe89055e2b86b75c94476a | |
| parent | c73ad690174171b63a53dabdb2f2d9ebfd30053a (diff) | |
OPENSSL_NO_xxx cleanup: SHA
Remove support for SHA0 and DSS0 (they were broken), and remove
the ability to attempt to build without SHA (it didn't work).
For simplicity, remove the option of not building various SHA algorithms;
you could argue that SHA_224/256/384/512 should be kept, since they're
like crypto algorithms, but I decided to go the other way.
So these options are gone:
GENUINE_DSA OPENSSL_NO_SHA0
OPENSSL_NO_SHA OPENSSL_NO_SHA1
OPENSSL_NO_SHA224 OPENSSL_NO_SHA256
OPENSSL_NO_SHA384 OPENSSL_NO_SHA512
Reviewed-by: Richard Levitte <levitte@openssl.org>
59 files changed, 240 insertions, 1062 deletions
diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 1e26c1333b..0de46f008d 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -58,7 +58,7 @@ */ #include <openssl/opensslconf.h> -#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1) +#if !defined(OPENSSL_NO_DES) # include <stdio.h> # include <stdlib.h> diff --git a/apps/progs.h b/apps/progs.h index c66da3036b..9a8a1923ee 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -128,7 +128,7 @@ FUNCTION functions[] = { {FUNC_TYPE_GENERAL, "ciphers", ciphers_main}, #endif {FUNC_TYPE_GENERAL, "nseq", nseq_main}, -#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1) +#if !defined(OPENSSL_NO_DES) {FUNC_TYPE_GENERAL, "pkcs12", pkcs12_main}, #endif {FUNC_TYPE_GENERAL, "pkcs8", pkcs8_main}, @@ -158,30 +158,18 @@ FUNCTION functions[] = { #ifndef OPENSSL_NO_MD5 {FUNC_TYPE_MD, "md5", dgst_main}, #endif -#ifndef OPENSSL_NO_SHA {FUNC_TYPE_MD, "sha", dgst_main}, -#endif -#ifndef OPENSSL_NO_SHA1 {FUNC_TYPE_MD, "sha1", dgst_main}, -#endif #ifndef OPENSSL_NO_MDC2 {FUNC_TYPE_MD, "mdc2", dgst_main}, #endif #ifndef OPENSSL_NO_RMD160 {FUNC_TYPE_MD, "rmd160", dgst_main}, #endif -#ifndef OPENSSL_NO_SHA224 {FUNC_TYPE_MD, "sha224", dgst_main}, -#endif -#ifndef OPENSSL_NO_SHA256 {FUNC_TYPE_MD, "sha256", dgst_main}, -#endif -#ifndef OPENSSL_NO_SHA384 {FUNC_TYPE_MD, "sha384", dgst_main}, -#endif -#ifndef OPENSSL_NO_SHA512 {FUNC_TYPE_MD, "sha512", dgst_main}, -#endif #ifndef OPENSSL_NO_AES {FUNC_TYPE_CIPHER, "aes-128-cbc", enc_main}, #endif diff --git a/apps/progs.pl b/apps/progs.pl index 8695742f28..09dd00b7ee 100644 --- a/apps/progs.pl +++ b/apps/progs.pl @@ -6,22 +6,22 @@ print "/* automatically generated by progs.pl for openssl.c */\n\n"; grep(s/^asn1pars$/asn1parse/,@ARGV); foreach (@ARGV) - { printf "extern int %s_main(int argc,char *argv[]);\n",$_; } + { printf "extern int %s_main(int argc, char *argv[]);\n",$_; } print <<'EOF'; -#define FUNC_TYPE_GENERAL 1 -#define FUNC_TYPE_MD 2 -#define FUNC_TYPE_CIPHER 3 -#define FUNC_TYPE_PKEY 4 -#define FUNC_TYPE_MD_ALG 5 -#define FUNC_TYPE_CIPHER_ALG 6 +#define FUNC_TYPE_GENERAL 1 +#define FUNC_TYPE_MD 2 +#define FUNC_TYPE_CIPHER 3 +#define FUNC_TYPE_PKEY 4 +#define FUNC_TYPE_MD_ALG 5 +#define FUNC_TYPE_CIPHER_ALG 6 typedef struct { - int type; - const char *name; - int (*func)(int argc,char *argv[]); - } FUNCTION; + int type; + const char *name; + int (*func) (int argc, char *argv[]); +} FUNCTION; DECLARE_LHASH_OF(FUNCTION); FUNCTION functions[] = { @@ -30,7 +30,7 @@ EOF foreach (@ARGV) { push(@files,$_); - $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; + $str=" {FUNC_TYPE_GENERAL, \"$_\", ${_}_main},\n"; if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) { print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; } elsif ( ($_ =~ /^engine$/)) @@ -44,7 +44,7 @@ foreach (@ARGV) elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/)) { print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; } elsif ( ($_ =~ /^pkcs12$/)) - { print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; } + { print "#if !defined(OPENSSL_NO_DES)\n${str}#endif\n"; } elsif ( ($_ =~ /^cms$/)) { print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; } elsif ( ($_ =~ /^ocsp$/)) @@ -58,7 +58,9 @@ foreach (@ARGV) foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160","sha224","sha256","sha384","sha512") { push(@files,$_); - printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n"; + printf "#ifndef OPENSSL_NO_".uc($_)."\n" if ! /sha/; + printf " {FUNC_TYPE_MD, \"".$_."\", dgst_main},\n"; + printf "#endif\n" if ! /sha/; } foreach ( @@ -84,7 +86,7 @@ foreach ( { push(@files,$_); - $t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_); + $t=sprintf(" {FUNC_TYPE_CIPHER, \"%s\", enc_main},\n", $_); if ($_ =~ /des/) { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; } elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; } elsif ($_ =~ /camellia/) { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; } @@ -99,4 +101,4 @@ foreach ( print $t; } -print "\t{0,NULL,NULL}\n\t};\n"; +print " {0, NULL, NULL}\n};\n"; diff --git a/apps/speed.c b/apps/speed.c index f5af9a345e..419dced807 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -137,9 +137,7 @@ # include <openssl/hmac.h> #endif #include <openssl/evp.h> -#ifndef OPENSSL_NO_SHA # include <openssl/sha.h> -#endif #ifndef OPENSSL_NO_RMD160 # include <openssl/ripemd.h> #endif @@ -339,15 +337,10 @@ static const int KDF1_SHA1_len = 20; static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { -# ifndef OPENSSL_NO_SHA if (*outlen < SHA_DIGEST_LENGTH) return NULL; - else - *outlen = SHA_DIGEST_LENGTH; + *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); -# else - return NULL; -# endif /* OPENSSL_NO_SHA */ } #endif /* OPENSSL_NO_ECDH */ @@ -382,15 +375,9 @@ int MAIN(int argc, char **argv) unsigned char md5[MD5_DIGEST_LENGTH]; unsigned char hmac[MD5_DIGEST_LENGTH]; #endif -#ifndef OPENSSL_NO_SHA unsigned char sha[SHA_DIGEST_LENGTH]; -# ifndef OPENSSL_NO_SHA256 unsigned char sha256[SHA256_DIGEST_LENGTH]; -# endif -# ifndef OPENSSL_NO_SHA512 unsigned char sha512[SHA512_DIGEST_LENGTH]; -# endif -#endif #ifndef OPENSSL_NO_WHIRLPOOL unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH]; #endif @@ -827,23 +814,15 @@ int MAIN(int argc, char **argv) doit[D_HMAC] = 1; else #endif -#ifndef OPENSSL_NO_SHA if (strcmp(*argv, "sha1") == 0) doit[D_SHA1] = 1; else if (strcmp(*argv, "sha") == 0) doit[D_SHA1] = 1, doit[D_SHA256] = 1, doit[D_SHA512] = 1; - else -# ifndef OPENSSL_NO_SHA256 - if (strcmp(*argv, "sha256") == 0) + else if (strcmp(*argv, "sha256") == 0) doit[D_SHA256] = 1; - else -# endif -# ifndef OPENSSL_NO_SHA512 - if (strcmp(*argv, "sha512") == 0) + else if (strcmp(*argv, "sha512") == 0) doit[D_SHA512] = 1; else -# endif -#endif #ifndef OPENSSL_NO_WHIRLPOOL if (strcmp(*argv, "whirlpool") == 0) doit[D_WHIRLPOOL] = 1; @@ -1110,27 +1089,16 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "hmac "); # endif #endif -#ifndef OPENSSL_NO_SHA1 BIO_printf(bio_err, "sha1 "); -#endif -#ifndef OPENSSL_NO_SHA256 BIO_printf(bio_err, "sha256 "); -#endif -#ifndef OPENSSL_NO_SHA512 BIO_printf(bio_err, "sha512 "); -#endif #ifndef OPENSSL_NO_WHIRLPOOL BIO_printf(bio_err, "whirlpool"); #endif #ifndef OPENSSL_NO_RMD160 BIO_printf(bio_err, "rmd160"); #endif -#if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \ - !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \ - !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RMD160) || \ - !defined(OPENSSL_NO_WHIRLPOOL) BIO_printf(bio_err, "\n"); -#endif #ifndef OPENSSL_NO_IDEA BIO_printf(bio_err, "idea-cbc "); @@ -1660,23 +1628,16 @@ int MAIN(int argc, char **argv) HMAC_CTX_cleanup(&hctx); } #endif -#ifndef OPENSSL_NO_SHA if (doit[D_SHA1]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_SHA1], c[D_SHA1][j], lengths[j]); Time_F(START); for (count = 0, run = 1; COND(c[D_SHA1][j]); count++) -# if 0 - EVP_Digest(buf, (unsigned long)lengths[j], &(sha[0]), NULL, - EVP_sha1(), NULL); -# else SHA1(buf, lengths[j], sha); -# endif d = Time_F(STOP); print_result(D_SHA1, j, count, d); } } -# ifndef OPENSSL_NO_SHA256 if (doit[D_SHA256]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_SHA256], c[D_SHA256][j], lengths[j]); @@ -1687,9 +1648,6 @@ int MAIN(int argc, char **argv) print_result(D_SHA256, j, count, d); } } -# endif - -# ifndef OPENSSL_NO_SHA512 if (doit[D_SHA512]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_SHA512], c[D_SHA512][j], lengths[j]); @@ -1700,8 +1658,6 @@ int MAIN(int argc, char **argv) print_result(D_SHA512, j, count, d); } } -# endif -#endif #ifndef OPENSSL_NO_WHIRLPOOL if (doit[D_WHIRLPOOL]) { diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c index 027950330d..79eab4f398 100644 --- a/crypto/asn1/x_crl.c +++ b/crypto/asn1/x_crl.c @@ -220,9 +220,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, break; case ASN1_OP_D2I_POST: -#ifndef OPENSSL_NO_SHA X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL); -#endif crl->idp = X509_CRL_get_ext_d2i(crl, NID_issuing_distribution_point, NULL, NULL); diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index de6028698e..ecdce9ff14 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -289,7 +289,6 @@ int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) return bn_rand_range(1, r, range); } -#ifndef OPENSSL_NO_SHA512 /* * BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike * BN_rand_range, it also includes the contents of |priv| and |message| in @@ -362,4 +361,3 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, OPENSSL_free(k_bytes); return ret; } -#endif /* OPENSSL_NO_SHA512 */ diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c index b3d0fab14b..be1df138cb 100644 --- a/crypto/dsa/dsa_depr.c +++ b/crypto/dsa/dsa_depr.c @@ -58,37 +58,25 @@ * version(s). */ -#undef GENUINE_DSA - -#ifdef GENUINE_DSA -/* - * Parameter generation follows the original release of FIPS PUB 186, - * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) - */ -# define HASH EVP_sha() -#else /* * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB * 180-1) */ -# define HASH EVP_sha1() -#endif +#define xxxHASH EVP_sha1() static void *dummy = &dummy; -#ifndef OPENSSL_NO_SHA - -# include <stdio.h> -# include <time.h> -# include "cryptlib.h" -# include <openssl/evp.h> -# include <openssl/bn.h> -# include <openssl/dsa.h> -# include <openssl/rand.h> -# include <openssl/sha.h> +#include <stdio.h> +#include <time.h> +#include "cryptlib.h" +#include <openssl/evp.h> +#include <openssl/bn.h> +#include <openssl/dsa.h> +#include <openssl/rand.h> +#include <openssl/sha.h> -# ifndef OPENSSL_NO_DEPRECATED +#ifndef OPENSSL_NO_DEPRECATED DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, int *counter_ret, unsigned long *h_ret, @@ -117,5 +105,4 @@ DSA *DSA_generate_parameters(int bits, DSA_free(ret); return NULL; } -# endif #endif diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 5e92d93d9a..37b23c9f41 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -56,35 +56,23 @@ * [including the GNU Public Licence.] */ -#undef GENUINE_DSA - -#ifdef GENUINE_DSA -/* - * Parameter generation follows the original release of FIPS PUB 186, - * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) - */ -# define HASH EVP_sha() -#else /* * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB * 180-1) */ -# define HASH EVP_sha1() -#endif +#define xxxHASH EVP_sha1() #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */ -#ifndef OPENSSL_NO_SHA +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/evp.h> +#include <openssl/bn.h> +#include <openssl/rand.h> +#include <openssl/sha.h> -# include <stdio.h> -# include "cryptlib.h" -# include <openssl/evp.h> -# include <openssl/bn.h> -# include <openssl/rand.h> -# include <openssl/sha.h> - -# include "dsa_locl.h" +#include "dsa_locl.h" int DSA_generate_parameters_ex(DSA *ret, int bits, const unsigned char *seed_in, int seed_len, @@ -714,5 +702,3 @@ int dsa_paramgen_check_g(DSA *dsa) return rv; } - -#endif diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index 8584963609..1c05b0f80d 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -59,10 +59,9 @@ #include <stdio.h> #include <time.h> #include "cryptlib.h" -#ifndef OPENSSL_NO_SHA -# include <openssl/bn.h> -# include <openssl/dsa.h> -# include <openssl/rand.h> +#include <openssl/bn.h> +#include <openssl/dsa.h> +#include <openssl/rand.h> static int dsa_builtin_keygen(DSA *dsa); @@ -133,4 +132,3 @@ static int dsa_builtin_keygen(DSA *dsa) BN_CTX_free(ctx); return (ok); } -#endif diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index bd83227549..96f5d6fed1 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -258,7 +258,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, /* Get random k */ do { -#ifndef OPENSSL_NO_SHA512 if (dgst != NULL) { /* * We calculate k from SHA512(private_key + H(message) + random). @@ -267,9 +266,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, if (!BN_generate_dsa_nonce(k, dsa->q, dsa->priv_key, dgst, dlen, ctx)) goto err; - } else -#endif - if (!BN_rand_range(k, dsa->q)) + } else if (!BN_rand_range(k, dsa->q)) goto err; } while (BN_is_zero(k)); diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c index a791d63ca7..04b0cf30d0 100644 --- a/crypto/ecdh/ecdhtest.c +++ b/crypto/ecdh/ecdhtest.c @@ -103,15 +103,10 @@ static const int KDF1_SHA1_len = 20; static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { -# ifndef OPENSSL_NO_SHA if (*outlen < SHA_DIGEST_LENGTH) return NULL; - else - *outlen = SHA_DIGEST_LENGTH; + *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); -# else - return NULL; -# endif } static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out) diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c index 95d9dadc84..c232321cf9 100644 --- a/crypto/ecdsa/ecs_ossl.c +++ b/crypto/ecdsa/ecs_ossl.c @@ -140,7 +140,6 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, do { /* get random k */ do -#ifndef OPENSSL_NO_SHA512 if (dgst != NULL) { if (!BN_generate_dsa_nonce (k, order, EC_KEY_get0_private_key(eckey), dgst, dlen, @@ -149,9 +148,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); goto err; } - } else -#endif - { + } else { if (!BN_rand_range(k, order)) { ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 19c5213b5b..3e12ecf760 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -108,13 +108,6 @@ # undef TEST_ENG_OPENSSL_RC4_P_INIT # undef TEST_ENG_OPENSSL_RC4_P_CIPHER #endif -#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1) -# undef TEST_ENG_OPENSSL_SHA -# undef TEST_ENG_OPENSSL_SHA_OTHERS -# undef TEST_ENG_OPENSSL_SHA_P_INIT -# undef TEST_ENG_OPENSSL_SHA_P_UPDATE -# undef TEST_ENG_OPENSSL_SHA_P_FINAL -#endif #ifdef TEST_ENG_OPENSSL_RC4 static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index fd5727dd45..f882096ceb 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -22,7 +22,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \ e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\ e_rc4.c e_aes.c names.c e_seed.c \ e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \ - m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c m_wp.c \ + m_null.c m_md2.c m_md4.c m_md5.c m_sha1.c m_wp.c \ m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ @@ -35,7 +35,7 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \ e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\ e_rc4.o e_aes.o names.o e_seed.o \ e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \ - m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o m_wp.o \ + m_null.o m_md2.o m_md4.o m_md5.o m_sha1.o m_wp.o \ m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\ |