diff options
author | Richard Levitte <levitte@openssl.org> | 2020-04-13 22:34:56 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-04-28 15:37:37 +0200 |
commit | f844f9eb44186df2f8b0cfd3264b4eb003d8c61a (patch) | |
tree | 29860f9c269b67546a418c0197066164e455a362 /crypto/evp | |
parent | cf86057a1acd13b13c9bd8f7b8a14bbc0e3ffd56 (diff) |
Rename FIPS_MODE to FIPS_MODULE
This macro is used to determine if certain pieces of code should
become part of the FIPS module or not. The old name was confusing.
Fixes #11538
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11539)
Diffstat (limited to 'crypto/evp')
-rw-r--r-- | crypto/evp/digest.c | 28 | ||||
-rw-r--r-- | crypto/evp/e_aes.c | 10 | ||||
-rw-r--r-- | crypto/evp/evp_enc.c | 24 | ||||
-rw-r--r-- | crypto/evp/evp_fetch.c | 4 | ||||
-rw-r--r-- | crypto/evp/evp_lib.c | 14 | ||||
-rw-r--r-- | crypto/evp/exchange.c | 4 | ||||
-rw-r--r-- | crypto/evp/m_sigver.c | 6 | ||||
-rw-r--r-- | crypto/evp/p_lib.c | 54 | ||||
-rw-r--r-- | crypto/evp/pmeth_check.c | 6 | ||||
-rw-r--r-- | crypto/evp/pmeth_gn.c | 16 | ||||
-rw-r--r-- | crypto/evp/pmeth_lib.c | 24 |
11 files changed, 95 insertions, 95 deletions
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index fba5315232..91baa0d45c 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -24,7 +24,7 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) if (ctx == NULL) return 1; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */ /* * pctx should be freed by the user of EVP_MD_CTX @@ -59,7 +59,7 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); } -#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE) +#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE) ENGINE_finish(ctx->engine); #endif @@ -94,7 +94,7 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) ENGINE *tmpimpl = NULL; #endif @@ -114,7 +114,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) ctx->reqdigest = type; /* TODO(3.0): Legacy work around code below. Remove this */ -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) /* * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so * this context may already have an ENGINE! Try to avoid releasing the @@ -145,7 +145,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) */ if (ctx->engine != NULL || impl != NULL -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) || tmpimpl != NULL #endif || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) { @@ -164,7 +164,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) /* TODO(3.0): Start of non-legacy code below */ if (type->prov == NULL) { -#ifdef FIPS_MODE +#ifdef FIPS_MODULE /* We only do explicit fetches inside the FIPS module */ EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; @@ -205,7 +205,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) /* TODO(3.0): Remove legacy code below */ legacy: -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) if (type) { if (impl != NULL) { if (!ENGINE_init(impl)) { @@ -257,10 +257,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) } } } -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) skip_to_init: #endif -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* * TODO(3.0): Temporarily no support for EVP_DigestSign* inside FIPS module * or when using providers. @@ -452,7 +452,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */ EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */ if (in->pctx != NULL) { out->pctx = EVP_PKEY_CTX_dup(in->pctx); @@ -468,7 +468,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) /* TODO(3.0): Remove legacy code below */ legacy: -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) /* Make sure it's safe to copy a digest context using an ENGINE */ if (in->engine && !ENGINE_init(in->engine)) { EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_ENGINE_LIB); @@ -509,7 +509,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) out->update = in->update; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */ if (in->pctx) { out->pctx = EVP_PKEY_CTX_dup(in->pctx); @@ -724,7 +724,7 @@ EVP_MD *evp_md_new(void) * provider based, we know that none of its code depends on legacy * NIDs or any functionality that use them. */ -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* TODO(3.x) get rid of the need for legacy NIDs */ static void set_legacy_nid(const char *name, void *vlegacy_nid) { @@ -764,7 +764,7 @@ static void *evp_md_from_dispatch(int name_id, return NULL; } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* TODO(3.x) get rid of the need for legacy NIDs */ md->type = NID_undef; evp_names_do_all(prov, name_id, set_legacy_nid, &md->type); diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 39c53b5595..05be21901d 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -71,7 +71,7 @@ typedef struct { const unsigned char iv[16]); } EVP_AES_XTS_CTX; -#ifdef FIPS_MODE +#ifdef FIPS_MODULE static const int allow_insecure_decrypt = 0; #else static const int allow_insecure_decrypt = 1; @@ -2901,7 +2901,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return rv; } -#ifdef FIPS_MODE +#ifdef FIPS_MODULE /* * See SP800-38D (GCM) Section 8 "Uniqueness requirement on IVS and keys" * @@ -2923,7 +2923,7 @@ static int aes_gcm_iv_generate(EVP_AES_GCM_CTX *gctx, int offset) return 0; return 1; } -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) @@ -2937,7 +2937,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (gctx->tls_aad_len >= 0) return aes_gcm_tls_cipher(ctx, out, in, len); -#ifdef FIPS_MODE +#ifdef FIPS_MODULE /* * FIPS requires generation of AES-GCM IV's inside the FIPS module. * The IV can still be set externally (the security policy will state that @@ -2954,7 +2954,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, #else if (!gctx->iv_set) return -1; -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ if (in) { if (out == NULL) { diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index f6d7e87f12..0f7b0a7dde 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -51,7 +51,7 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx) OPENSSL_cleanse(ctx->cipher_data, ctx->cipher->ctx_size); } OPENSSL_free(ctx->cipher_data); -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) ENGINE_finish(ctx->engine); #endif memset(ctx, 0, sizeof(*ctx)); @@ -81,7 +81,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc) { -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) ENGINE *tmpimpl = NULL; #endif const EVP_CIPHER *tmpcipher; @@ -106,7 +106,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, /* TODO(3.0): Legacy work around code below. Remove this */ -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) /* * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so * this context may already have an ENGINE! Try to avoid releasing the @@ -127,7 +127,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, * If there are engines involved then we should use legacy handling for now. */ if (ctx->engine != NULL -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) || tmpimpl != NULL #endif || impl != NULL) { @@ -321,7 +321,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, cipher = ctx->cipher; if (cipher->prov == NULL) { -#ifdef FIPS_MODE +#ifdef FIPS_MODULE /* We only do explicit fetches inside the FIPS module */ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; @@ -404,7 +404,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ctx->encrypt = enc; ctx->flags = flags; } -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) if (impl != NULL) { if (!ENGINE_init(impl)) { EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); @@ -460,7 +460,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, } } } -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) skip_to_init: #endif if (ctx->cipher == NULL) @@ -1340,7 +1340,7 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); -#ifdef FIPS_MODE +#ifdef FIPS_MODULE return 0; #else { @@ -1351,7 +1351,7 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) return 0; return 1; } -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ } int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) @@ -1390,7 +1390,7 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) /* TODO(3.0): Remove legacy code below */ legacy: -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) /* Make sure it's safe to copy a cipher context using an ENGINE */ if (in->engine && !ENGINE_init(in->engine)) { EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_ENGINE_LIB); @@ -1440,7 +1440,7 @@ EVP_CIPHER *evp_cipher_new(void) * provider based, we know that none of its code depends on legacy * NIDs or any functionality that use them. */ -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* TODO(3.x) get rid of the need for legacy NIDs */ static void set_legacy_nid(const char *name, void *vlegacy_nid) { @@ -1478,7 +1478,7 @@ static void *evp_cipher_from_dispatch(const int name_id, return NULL; } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* TODO(3.x) get rid of the need for legacy NIDs */ cipher->nid = NID_undef; evp_names_do_all(prov, name_id, set_legacy_nid, &cipher->nid); diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index ca06b57864..3176aa6b59 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -301,7 +301,7 @@ void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id, if (ret == NULL) { int code = EVP_R_FETCH_FAILED; -#ifdef FIPS_MODE +#ifdef FIPS_MODULE ERR_raise(ERR_LIB_EVP, code); #else ERR_raise_data(ERR_LIB_EVP, code, @@ -339,7 +339,7 @@ void *evp_generic_fetch_by_number(OPENSSL_CTX *libctx, int operation_id, if (ret == NULL) { int code = EVP_R_FETCH_FAILED; -#ifdef FIPS_MODE +#ifdef FIPS_MODULE ERR_raise(ERR_LIB_EVP, code); #else { diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index d5f758fb4f..229485102a 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -18,7 +18,7 @@ #include "internal/provider.h" #include "evp_local.h" -#if !defined(FIPS_MODE) +#if !defined(FIPS_MODULE) int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { int ret = -1; /* Assume the worst */ @@ -206,7 +206,7 @@ int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) } return i; } -#endif /* !defined(FIPS_MODE) */ +#endif /* !defined(FIPS_MODULE) */ /* Convert the various cipher NIDs and dummies to a proper OID NID */ int EVP_CIPHER_type(const EVP_CIPHER *ctx) @@ -258,7 +258,7 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx) return NID_des_cfb64; default: -#ifdef FIPS_MODE +#ifdef FIPS_MODULE return NID_undef; #else { @@ -548,7 +548,7 @@ const char *EVP_CIPHER_name(const EVP_CIPHER *cipher) { if (cipher->prov != NULL) return evp_first_name(cipher->prov, cipher->name_id); -#ifndef FIPS_MODE +#ifndef FIPS_MODULE return OBJ_nid2sn(EVP_CIPHER_nid(cipher)); #else return NULL; @@ -589,7 +589,7 @@ const char *EVP_MD_name(const EVP_MD *md) { if (md->prov != NULL) return evp_first_name(md->prov, md->name_id); -#ifndef FIPS_MODE +#ifndef FIPS_MODULE return OBJ_nid2sn(EVP_MD_nid(md)); #else return NULL; @@ -844,7 +844,7 @@ EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx) return ctx->pctx; } -#if !defined(FIPS_MODE) +#if !defined(FIPS_MODULE) /* TODO(3.0): EVP_DigestSign* not yet supported in FIPS module */ void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx) { @@ -864,7 +864,7 @@ void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx) EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); } } -#endif /* !defined(FIPS_MODE) */ +#endif /* !defined(FIPS_MODULE) */ void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx) { diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c index 8b2c07725a..6423fd9eff 100644 --- a/crypto/evp/exchange.c +++ b/crypto/evp/exchange.c @@ -275,7 +275,7 @@ int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) */ ERR_pop_to_mark(); -#ifdef FIPS_MODE +#ifdef FIPS_MODULE return 0; #else if (ctx->pmeth == NULL || ctx->pmeth->derive == NULL) { @@ -323,7 +323,7 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) return ctx->op.kex.exchange->set_peer(ctx->op.kex.exchprovctx, provkey); legacy: -#ifdef FIPS_MODE +#ifdef FIPS_MODULE return ret; #else /* diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 5f2e27ed27..85c1fa281a 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -16,7 +16,7 @@ #include "internal/provider.h" #include "evp_local.h" -#ifndef FIPS_MODE +#ifndef FIPS_MODULE static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) { @@ -354,7 +354,7 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) return EVP_DigestUpdate(ctx, data, dsize); } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen) { @@ -550,4 +550,4 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, return -1; return EVP_DigestVerifyFinal(ctx, sigret, siglen); } -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 0b75777a09..84fb91412f 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -47,7 +47,7 @@ static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, int len, EVP_KEYMGMT *keymgmt); static void evp_pkey_free_it(EVP_PKEY *key); -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* The type of parameters selected in key parameter functions */ # define SELECT_PARAMETERS OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS @@ -656,9 +656,9 @@ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) return ret; } # endif /* OPENSSL_NO_DSA */ -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ -#ifndef FIPS_MODE +#ifndef FIPS_MODULE # ifndef OPENSSL_NO_EC int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) { @@ -752,7 +752,7 @@ int EVP_PKEY_base_id(const EVP_PKEY *pkey) int EVP_PKEY_is_a(const EVP_PKEY *pkey, const char *name) { -#ifndef FIPS_MODE +#ifndef FIPS_MODULE if (pkey->keymgmt == NULL) { /* * These hard coded cases are pure hackery to get around the fact @@ -1064,9 +1064,9 @@ size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt) return rv; } -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ -/*- All methods below can also be used in FIPS_MODE */ +/*- All methods below can also be used in FIPS_MODULE */ EVP_PKEY *EVP_PKEY_new(void) { @@ -1085,7 +1085,7 @@ EVP_PKEY *EVP_PKEY_new(void) EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE); goto err; } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EVP_PKEY, ret, &ret->ex_data)) { EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE); goto err; @@ -1115,7 +1115,7 @@ EVP_PKEY *EVP_PKEY_new(void) static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, int len, EVP_KEYMGMT *keymgmt) { -#ifndef FIPS_MODE +#ifndef FIPS_MODULE const EVP_PKEY_ASN1_METHOD *ameth = NULL; ENGINE **eptr = (e == NULL) ? &e : NULL; #endif @@ -1133,13 +1133,13 @@ static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, if (pkey != NULL) { int free_it = 0; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE free_it = free_it || pkey->pkey.ptr != NULL; #endif free_it = free_it || pkey->keydata != NULL; if (free_it) evp_pkey_free_it(pkey); -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* * If key type matches and a method exists then this lookup has * succeeded once so just indicate success. @@ -1157,7 +1157,7 @@ static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, # endif #endif } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE if (str != NULL) ameth = EVP_PKEY_asn1_find_str(eptr, str, len); else if (type != EVP_PKEY_NONE) @@ -1172,7 +1172,7 @@ static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, { int check = 1; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE check = check && ameth == NULL; #endif check = check && keymgmt == NULL; @@ -1192,7 +1192,7 @@ static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, pkey->save_type = type; pkey->type = type; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* * If the internal "origin" key is provider side, don't save |ameth|. * The main reason is that |ameth| is one factor to detect that the @@ -1219,7 +1219,7 @@ static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, return 1; } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE static void find_ameth(const char *name, void *data) { const char **str = data; @@ -1244,7 +1244,7 @@ static void find_ameth(const char *name, void *data) int EVP_PKEY_set_type_by_keymgmt(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt) { -#ifndef FIPS_MODE +#ifndef FIPS_MODULE # define EVP_PKEY_TYPE_STR str[0] # define EVP_PKEY_TYPE_STRLEN (str[0] == NULL ? -1 : (int)strlen(str[0])) /* @@ -1283,7 +1283,7 @@ int EVP_PKEY_up_ref(EVP_PKEY *pkey) return ((i > 1) ? 1 : 0); } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE void evp_pkey_free_legacy(EVP_PKEY *x) { if (x->ameth != NULL) { @@ -1299,14 +1299,14 @@ void evp_pkey_free_legacy(EVP_PKEY *x) # endif x->type = EVP_PKEY_NONE; } -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ static void evp_pkey_free_it(EVP_PKEY *x) { /* internal function; x is never NULL */ evp_keymgmt_util_clear_operation_cache(x); -#ifndef FIPS_MODE +#ifndef FIPS_MODULE evp_pkey_free_legacy(x); #endif @@ -1331,11 +1331,11 @@ void EVP_PKEY_free(EVP_PKEY *x) return; REF_ASSERT_ISNT(i < 0); evp_pkey_free_it(x); -#ifndef FIPS_MODE +#ifndef FIPS_MODULE CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EVP_PKEY, x, &x->ex_data); #endif CRYPTO_THREAD_lock_free(x->lock); -#ifndef FIPS_MODE +#ifndef FIPS_MODULE sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); #endif OPENSSL_free(x); @@ -1347,7 +1347,7 @@ int EVP_PKEY_size(const EVP_PKEY *pkey) if (pkey != NULL) { size = pkey->cache.size; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE if (pkey->ameth != NULL && pkey->ameth->pkey_size != NULL) size = pkey->ameth->pkey_size(pkey); #endif @@ -1369,14 +1369,14 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OPENSSL_CTX *libctx, /* No key data => nothing to export */ check = 1; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE check = check && pk->pkey.ptr == NULL; #endif check = check && pk->keydata == NULL; if (check) return NULL; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE if (pk->pkey.ptr != NULL) { /* * If the legacy key doesn't have an dirty counter or export function, @@ -1408,7 +1408,7 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OPENSSL_CTX *libctx, if (tmp_keymgmt == NULL) goto end; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE if (pk->pkey.ptr != NULL) { size_t i = 0; @@ -1480,7 +1480,7 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OPENSSL_CTX *libctx, pk->dirty_cnt_copy = pk->ameth->dirty_cnt(pk); goto end; } -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ keydata = evp_keymgmt_util_export_to_provider(pk, tmp_keymgmt); @@ -1500,7 +1500,7 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OPENSSL_CTX *libctx, return keydata; } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE int evp_pkey_downgrade(EVP_PKEY *pk) { EVP_KEYMGMT *keymgmt = pk->keymgmt; @@ -1606,7 +1606,7 @@ int evp_pkey_downgrade(EVP_PKEY *pk) evp_keymgmt_util_cache_keyinfo(pk); return 0; /* No downgrade, but at least the key is restored */ } -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ const OSSL_PARAM *EVP_PKEY_gettable_params(EVP_PKEY *pkey) { diff --git a/crypto/evp/pmeth_check.c b/crypto/evp/pmeth_check.c index 587e8ae12a..b99d5b1abd 100644 --- a/crypto/evp/pmeth_check.c +++ b/crypto/evp/pmeth_check.c @@ -38,7 +38,7 @@ int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx) if (pkey->type == EVP_PKEY_NONE) goto not_supported; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* legacy */ /* call customized public key check function first */ if (ctx->pmeth->public_check != NULL) @@ -76,7 +76,7 @@ int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx) if (pkey->type == EVP_PKEY_NONE) goto not_supported; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* legacy */ /* call customized param check function first */ if (ctx->pmeth->param_check != NULL) @@ -156,7 +156,7 @@ int EVP_PKEY_check(EVP_PKEY_CTX *ctx) if (pkey->type == EVP_PKEY_NONE) goto not_supported; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* legacy */ /* call customized check function first */ if (ctx->pmeth->check != NULL) diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index 0d6a82200f..dbc6c914e7 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -20,7 +20,7 @@ #include "crypto/evp.h" #include "evp_local.h" -#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_EC) +#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_EC) # define TMP_SM2_HACK #endif @@ -69,7 +69,7 @@ static int gen_init(EVP_PKEY_CTX *ctx, int operation) goto end; legacy: -#ifdef FIPS_MODE +#ifdef FIPS_MODULE goto not_supported; #else if (ctx->pmeth == NULL @@ -189,7 +189,7 @@ int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) ossl_callback_to_pkey_gencb, ctx) != NULL); -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* In case |*ppkey| was originally a legacy key */ if (ret) evp_pkey_free_legacy(*ppkey); @@ -223,7 +223,7 @@ int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) goto end; legacy: -#ifdef FIPS_MODE +#ifdef FIPS_MODULE goto not_supported; #else if (ctx->pkey && !evp_pkey_downgrade(ctx->pkey)) @@ -256,7 +256,7 @@ int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) ERR_raise(ERR_LIB_EVP, EVP_R_OPERATON_NOT_INITIALIZED); ret = -1; goto end; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE not_accessible: ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_DOMAIN_PARAMETERS); ret = -1; @@ -319,7 +319,7 @@ int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx) return ctx->keygen_info[idx]; } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, int keylen) @@ -340,9 +340,9 @@ EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, return mac_key; } -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ -/*- All methods below can also be used in FIPS_MODE */ +/*- All methods below can also be used in FIPS_MODULE */ static int fromdata_init(EVP_PKEY_CTX *ctx, int operation) { diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 2b99b52c56..e262e87319 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -30,7 +30,7 @@ #include "internal/provider.h" #include "evp_local.h" -#ifndef FIPS_MODE +#ifndef FIPS_MODULE typedef const EVP_PKEY_METHOD *(*pmeth_fn)(void); typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); @@ -135,7 +135,7 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags) pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC; return pmeth; } -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ static EVP_PKEY_CTX *int_ctx_new(OPENSSL_CTX *libctx, EVP_PKEY *pkey, ENGINE *e, @@ -165,7 +165,7 @@ static EVP_PKEY_CTX *int_ctx_new(OPENSSL_CTX *libctx, keytype = evp_first_name(pkey->keymgmt->prov, pkey->keymgmt->name_id); goto common; } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* TODO(3.0) Legacy code should be removed when all is provider based */ /* BEGIN legacy */ if (id == -1) { @@ -221,7 +221,7 @@ static EVP_PKEY_CTX *int_ctx_new(OPENSSL_CTX *libctx, return NULL; } /* END legacy */ -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ common: /* * If there's no engine and there's a name, we try fetching a provider @@ -237,7 +237,7 @@ static EVP_PKEY_CTX *int_ctx_new(OPENSSL_CTX *libctx, ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { EVP_KEYMGMT_free(keymgmt); -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) ENGINE_finish(e); #endif EVPerr(EVP_F_INT_CTX_NEW, ERR_R_MALLOC_FAILURE); @@ -265,7 +265,7 @@ static EVP_PKEY_CTX *int_ctx_new(OPENSSL_CTX *libctx, return ret; } -/*- All methods below can also be used in FIPS_MODE */ +/*- All methods below can also be used in FIPS_MODULE */ EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_name(OPENSSL_CTX *libctx, const char *name, @@ -296,7 +296,7 @@ void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX *ctx) ctx->op.kex.exchange = NULL; } /* TODO(3.0): add dependancies and uncomment this when available for fips mode */ -#ifndef FIPS_MODE +#ifndef FIPS_MODULE else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)) { if (ctx->op.ciph.ciphprovctx != NULL && ctx->op.ciph.cipher != NULL) ctx->op.ciph.cipher->freectx(ctx->op.ciph.ciphprovctx); @@ -322,13 +322,13 @@ void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) EVP_PKEY_free(ctx->pkey); EVP_PKEY_free(ctx->peerkey); -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) ENGINE_finish(ctx->engine); #endif OPENSSL_free(ctx); } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, const EVP_PKEY_METHOD *meth) @@ -592,7 +592,7 @@ int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) return 0; } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) { if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx) @@ -670,7 +670,7 @@ const OSSL_PARAM *EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX *ctx) * * In particular they return -2 if any of the params is not supported. * - * They are not available in FIPS_MODE as they depend on + * They are not available in FIPS_MODULE as they depend on * - EVP_PKEY_CTX_{get,set}_params() * - EVP_PKEY_CTX_{gettable,settable}_params() * @@ -1592,4 +1592,4 @@ void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, *pdigest_custom = pmeth->digest_custom; } -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ |