diff options
| author | Richard Levitte <levitte@openssl.org> | 2020-04-13 22:34:56 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-04-28 15:37:37 +0200 |
| commit | f844f9eb44186df2f8b0cfd3264b4eb003d8c61a (patch) | |
| tree | 29860f9c269b67546a418c0197066164e455a362 /crypto/rsa | |
| parent | cf86057a1acd13b13c9bd8f7b8a14bbc0e3ffd56 (diff) | |
Rename FIPS_MODE to FIPS_MODULE
This macro is used to determine if certain pieces of code should
become part of the FIPS module or not. The old name was confusing.
Fixes #11538
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11539)
Diffstat (limited to 'crypto/rsa')
| -rw-r--r-- | crypto/rsa/rsa_chk.c | 10 | ||||
| -rw-r--r-- | crypto/rsa/rsa_gen.c | 8 | ||||
| -rw-r--r-- | crypto/rsa/rsa_lib.c | 42 | ||||
| -rw-r--r-- | crypto/rsa/rsa_local.h | 2 | ||||
| -rw-r--r-- | crypto/rsa/rsa_mp_names.c | 6 | ||||
| -rw-r--r-- | crypto/rsa/rsa_oaep.c | 6 | ||||
| -rw-r--r-- | crypto/rsa/rsa_ossl.c | 22 | ||||
| -rw-r--r-- | crypto/rsa/rsa_pk1.c | 2 | ||||
| -rw-r--r-- | crypto/rsa/rsa_sign.c | 20 | ||||
| -rw-r--r-- | crypto/rsa/rsa_sp800_56b_check.c | 4 |
10 files changed, 61 insertions, 61 deletions
diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c index e6b700bc0d..0bbb6dac03 100644 --- a/crypto/rsa/rsa_chk.c +++ b/crypto/rsa/rsa_chk.c @@ -18,7 +18,7 @@ #include "crypto/rsa.h" #include "rsa_local.h" -#ifndef FIPS_MODE +#ifndef FIPS_MODULE static int rsa_validate_keypair_multiprime(const RSA *key, BN_GENCB *cb) { BIGNUM *i, *j, *k, *l, *m; @@ -228,7 +228,7 @@ static int rsa_validate_keypair_multiprime(const RSA *key, BN_GENCB *cb) BN_CTX_free(ctx); return ret; } -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ int rsa_validate_public(const RSA *key) { @@ -242,7 +242,7 @@ int rsa_validate_private(const RSA *key) int rsa_validate_pairwise(const RSA *key) { -#ifdef FIPS_MODE +#ifdef FIPS_MODULE return rsa_sp800_56b_check_keypair(key, NULL, -1, RSA_bits(key)); #else return rsa_validate_keypair_multiprime(key, NULL); @@ -256,11 +256,11 @@ int RSA_check_key(const RSA *key) int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) { -#ifdef FIPS_MODE +#ifdef FIPS_MODULE return rsa_validate_public(key) && rsa_validate_private(key) && rsa_validate_pairwise(key); #else return rsa_validate_keypair_multiprime(key, cb); -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ } diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index b01f4cf62e..3d5a32a0a1 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -49,7 +49,7 @@ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, BIGNUM *e_value, BN_GENCB *cb) { -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* multi-prime is only supported with the builtin key generation */ if (rsa->meth->rsa_multi_prime_keygen != NULL) { return rsa->meth->rsa_multi_prime_keygen(rsa, bits, primes, @@ -66,7 +66,7 @@ int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, else return 0; } -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ return rsa_keygen(NULL, rsa, bits, primes, e_value, cb, 0); } @@ -74,7 +74,7 @@ static int rsa_keygen(OPENSSL_CTX *libctx, RSA *rsa, int bits, int primes, BIGNUM *e_value, BN_GENCB *cb, int pairwise_test) { int ok = -1; -#ifdef FIPS_MODE +#ifdef FIPS_MODULE if (primes != 2) return 0; ok = rsa_sp800_56b_generate_key(rsa, bits, e_value, cb); @@ -407,7 +407,7 @@ static int rsa_keygen(OPENSSL_CTX *libctx, RSA *rsa, int bits, int primes, } BN_CTX_end(ctx); BN_CTX_free(ctx); -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ if (pairwise_test && ok > 0) { OSSL_CALLBACK *stcb = NULL; diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 6f657f772f..81daec4b34 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -29,7 +29,7 @@ static RSA *rsa_new_intern(ENGINE *engine, OPENSSL_CTX *libctx); -#ifndef FIPS_MODE +#ifndef FIPS_MODULE RSA *RSA_new(void) { return rsa_new_intern(NULL, NULL); @@ -90,7 +90,7 @@ static RSA *rsa_new_intern(ENGINE *engine, OPENSSL_CTX *libctx) ret->libctx = libctx; ret->meth = RSA_get_default_method(); -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; if (engine) { if (!ENGINE_init(engine)) { @@ -111,7 +111,7 @@ static RSA *rsa_new_intern(ENGINE *engine, OPENSSL_CTX *libctx) #endif ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { goto err; } @@ -144,11 +144,11 @@ void RSA_free(RSA *r) if (r->meth != NULL && r->meth->finish != NULL) r->meth->finish(r); -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) ENGINE_finish(r->engine); #endif -#ifndef FIPS_MODE +#ifndef FIPS_MODULE CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); #endif @@ -162,8 +162,8 @@ void RSA_free(RSA *r) BN_clear_free(r->dmp1); BN_clear_free(r->dmq1); BN_clear_free(r->iqmp); - /* TODO(3.0): Support PSS in FIPS_MODE */ -#ifndef FIPS_MODE + /* TODO(3.0): Support PSS in FIPS_MODULE */ +#ifndef FIPS_MODULE RSA_PSS_PARAMS_free(r->pss); sk_RSA_PRIME_INFO_pop_free(r->prime_infos, rsa_multip_info_free); #endif @@ -185,7 +185,7 @@ int RSA_up_ref(RSA *r) return i > 1 ? 1 : 0; } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE int RSA_set_ex_data(RSA *r, int idx, void *arg) { return CRYPTO_set_ex_data(&r->ex_data, idx, arg); @@ -339,7 +339,7 @@ int RSA_security_bits(const RSA *rsa) { int bits = BN_num_bits(rsa->n); -#ifndef FIPS_MODE +#ifndef FIPS_MODULE if (rsa->version == RSA_ASN1_VERSION_MULTI) { /* This ought to mean that we have private key at hand. */ int ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos); @@ -433,7 +433,7 @@ int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) return 1; } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* * Is it better to export RSA_PRIME_INFO structure * and related functions to let user pass a triplet? @@ -523,7 +523,7 @@ void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) *q = r->q; } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE int RSA_get_multi_prime_extra_count(const RSA *r) { int pnum; @@ -567,7 +567,7 @@ void RSA_get0_crt_params(const RSA *r, *iqmp = r->iqmp; } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], const BIGNUM *coeffs[]) { @@ -661,7 +661,7 @@ int RSA_get_version(RSA *r) return r->version; } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE ENGINE *RSA_get0_engine(const RSA *r) { return r->engine; @@ -684,7 +684,7 @@ int rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes, const STACK_OF(BIGNUM) *exps, const STACK_OF(BIGNUM) *coeffs) { -#ifndef FIPS_MODE +#ifndef FIPS_MODULE STACK_OF(RSA_PRIME_INFO) *prime_infos, *old_infos = NULL; #endif int pnum; @@ -705,12 +705,12 @@ int rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes, sk_BIGNUM_value(coeffs, 0))) return 0; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE old_infos = r->prime_infos; #endif if (pnum > 2) { -#ifndef FIPS_MODE +#ifndef FIPS_MODULE int i; prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, pnum); @@ -752,7 +752,7 @@ int rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes, #endif } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE if (old_infos != NULL) { /* * This is hard to deal with, since the old infos could @@ -768,7 +768,7 @@ int rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes, r->dirty_cnt++; return 1; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE err: /* r, d, t should not be freed */ sk_RSA_PRIME_INFO_pop_free(prime_infos, rsa_multip_info_free_ex); @@ -782,7 +782,7 @@ int rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes, STACK_OF(BIGNUM_const) *exps, STACK_OF(BIGNUM_const) *coeffs) { -#ifndef FIPS_MODE +#ifndef FIPS_MODULE RSA_PRIME_INFO *pinfo; int i, pnum; #endif @@ -800,7 +800,7 @@ int rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes, sk_BIGNUM_const_push(exps, RSA_get0_dmq1(r)); sk_BIGNUM_const_push(coeffs, RSA_get0_iqmp(r)); -#ifndef FIPS_MODE +#ifndef FIPS_MODULE pnum = RSA_get_multi_prime_extra_count(r); for (i = 0; i < pnum; i++) { pinfo = sk_RSA_PRIME_INFO_value(r->prime_infos, i); @@ -813,7 +813,7 @@ int rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes, return 1; } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad_mode) { OSSL_PARAM pad_params[2], *p = pad_params; diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h index a5e4b6fdf8..6c4ae8611b 100644 --- a/crypto/rsa/rsa_local.h +++ b/crypto/rsa/rsa_local.h @@ -52,7 +52,7 @@ struct rsa_st { BIGNUM *iqmp; /* If a PSS only key this contains the parameter restrictions */ RSA_PSS_PARAMS *pss; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* for multi-prime RSA, defined in RFC 8017 */ STACK_OF(RSA_PRIME_INFO) *prime_infos; /* Be careful using this if the RSA structure is shared */ diff --git a/crypto/rsa/rsa_mp_names.c b/crypto/rsa/rsa_mp_names.c index e69321a4b7..15b1b9e0da 100644 --- a/crypto/rsa/rsa_mp_names.c +++ b/crypto/rsa/rsa_mp_names.c @@ -23,7 +23,7 @@ const char *rsa_mp_factor_names[] = { OSSL_PKEY_PARAM_RSA_FACTOR1, OSSL_PKEY_PARAM_RSA_FACTOR2, -#ifndef FIPS_MODE +#ifndef FIPS_MODULE OSSL_PKEY_PARAM_RSA_FACTOR3, OSSL_PKEY_PARAM_RSA_FACTOR4, OSSL_PKEY_PARAM_RSA_FACTOR5, @@ -43,7 +43,7 @@ const char *rsa_mp_factor_names[] = { const char *rsa_mp_exp_names[] = { OSSL_PKEY_PARAM_RSA_EXPONENT1, OSSL_PKEY_PARAM_RSA_EXPONENT2, -#ifndef FIPS_MODE +#ifndef FIPS_MODULE OSSL_PKEY_PARAM_RSA_EXPONENT3, OSSL_PKEY_PARAM_RSA_EXPONENT4, OSSL_PKEY_PARAM_RSA_EXPONENT5, @@ -63,7 +63,7 @@ const char *rsa_mp_exp_names[] = { const char *rsa_mp_coeff_names[] = { OSSL_PKEY_PARAM_RSA_COEFFICIENT1, OSSL_PKEY_PARAM_RSA_COEFFICIENT2, -#ifndef FIPS_MODE +#ifndef FIPS_MODULE OSSL_PKEY_PARAM_RSA_COEFFICIENT3, OSSL_PKEY_PARAM_RSA_COEFFICIENT4, OSSL_PKEY_PARAM_RSA_COEFFICIENT5, diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index d0e1ffa82e..8ffde9ff18 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -67,7 +67,7 @@ int rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(OPENSSL_CTX *libctx, unsigned char seedmask[EVP_MAX_MD_SIZE]; int mdlen, dbmask_len = 0; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE if (md == NULL) md = EVP_sha1(); #else @@ -171,7 +171,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, int mdlen; if (md == NULL) { -#ifndef FIPS_MODE +#ifndef FIPS_MODULE md = EVP_sha1(); #else RSAerr(0, ERR_R_PASSED_NULL_PARAMETER); @@ -302,7 +302,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, to[i] = constant_time_select_8(mask, db[i + mdlen + 1], to[i]); } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* * To avoid chosen ciphertext attacks, the error message should not * reveal which kind of decoding error happened. diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c index 76b84608b1..b996e4d05e 100644 --- a/crypto/rsa/rsa_ossl.c +++ b/crypto/rsa/rsa_ossl.c @@ -119,7 +119,7 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, from, flen, NULL, 0, NULL, NULL); break; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE case RSA_SSLV23_PADDING: i = rsa_padding_add_SSLv23_with_libctx(rsa->libctx, buf, num, from, flen); @@ -492,7 +492,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, case RSA_PKCS1_OAEP_PADDING: r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0); break; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE case RSA_SSLV23_PADDING: r = RSA_padding_check_SSLv23(to, num, buf, j, num); break; @@ -504,7 +504,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); goto err; } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* * This trick doesn't work in the FIPS provider because libcrypto manages * the error stack. Instead we opt not to put an error on the stack at all @@ -623,7 +623,7 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { BIGNUM *r1, *m1, *vrfy; int ret = 0, smooth = 0; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE BIGNUM *r2, *m[RSA_MAX_PRIME_NUM - 2]; int i, ex_primes = 0; RSA_PRIME_INFO *pinfo; @@ -632,7 +632,7 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) BN_CTX_start(ctx); r1 = BN_CTX_get(ctx); -#ifndef FIPS_MODE +#ifndef FIPS_MODULE r2 = BN_CTX_get(ctx); #endif m1 = BN_CTX_get(ctx); @@ -640,7 +640,7 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) if (vrfy == NULL) goto err; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE if (rsa->version == RSA_ASN1_VERSION_MULTI && ((ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) <= 0 || ex_primes > RSA_MAX_PRIME_NUM - 2)) @@ -666,7 +666,7 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) BN_free(factor); goto err; } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE for (i = 0; i < ex_primes; i++) { pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i); BN_with_flags(factor, pinfo->r, BN_FLG_CONSTTIME); @@ -682,7 +682,7 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) BN_free(factor); smooth = (rsa->meth->bn_mod_exp == BN_mod_exp_mont) -#ifndef FIPS_MODE +#ifndef FIPS_MODULE && (ex_primes == 0) #endif && (BN_num_bits(rsa->q) == BN_num_bits(rsa->p)); @@ -790,7 +790,7 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) BN_free(dmp1); } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* * calculate m_i in multi-prime case * @@ -884,7 +884,7 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) if (!BN_add(r0, r1, m1)) goto err; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* add m_i to m in multi-prime case */ if (ex_primes > 0) { BIGNUM *pr2 = BN_new(); @@ -1003,7 +1003,7 @@ static int rsa_ossl_init(RSA *rsa) static int rsa_ossl_finish(RSA *rsa) { -#ifndef FIPS_MODE +#ifndef FIPS_MODULE int i; RSA_PRIME_INFO *pinfo; diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c index 0554f1837c..b594534563 100644 --- a/crypto/rsa/rsa_pk1.c +++ b/crypto/rsa/rsa_pk1.c @@ -265,7 +265,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, } OPENSSL_clear_free(em, num); -#ifndef FIPS_MODE +#ifndef FIPS_MODULE /* * This trick doesn't work in the FIPS provider because libcrypto manages * the error stack. Instead we opt not to put an error on the stack at all diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 4a7b53f779..e3425b9e36 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -93,7 +93,7 @@ static const unsigned char digestinfo_##name##_der[] = { \ ASN1_OCTET_STRING, sz \ }; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE # ifndef OPENSSL_NO_MD2 ENCODE_DIGESTINFO_MD(md2, 0x02, MD2_DIGEST_LENGTH) # endif @@ -123,7 +123,7 @@ static const unsigned char digestinfo_ripemd160_der[] = { ASN1_OCTET_STRING, RIPEMD160_DIGEST_LENGTH }; # endif -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ /* SHA-1 (1 3 14 3 2 26) */ static const unsigned char digestinfo_sha1_der[] = { @@ -153,7 +153,7 @@ ENCODE_DIGESTINFO_SHA(sha3_512, 0x0a, SHA512_DIGEST_LENGTH) const unsigned char *rsa_digestinfo_encoding(int md_nid, size_t *len) { switch (md_nid) { -#ifndef FIPS_MODE +#ifndef FIPS_MODULE # ifndef OPENSSL_NO_MDC2 MD_CASE(mdc2) # endif @@ -169,7 +169,7 @@ const unsigned char *rsa_digestinfo_encoding(int md_nid, size_t *len) # ifndef OPENSSL_NO_RMD160 MD_CASE(ripemd160) # endif -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ MD_CASE(sha1) MD_CASE(sha224) MD_CASE(sha256) @@ -193,7 +193,7 @@ const unsigned char *rsa_digestinfo_encoding(int md_nid, size_t *len) static int digest_sz_from_nid(int nid) { switch (nid) { -#ifndef FIPS_MODE +#ifndef FIPS_MODULE # ifndef OPENSSL_NO_MDC2 MD_NID_CASE(mdc2, MDC2_DIGEST_LENGTH) # endif @@ -209,7 +209,7 @@ static int digest_sz_from_nid(int nid) # ifndef OPENSSL_NO_RMD160 MD_NID_CASE(ripemd160, RIPEMD160_DIGEST_LENGTH) # endif -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ MD_NID_CASE(sha1, SHA_DIGEST_LENGTH) MD_NID_CASE(sha224, SHA224_DIGEST_LENGTH) MD_NID_CASE(sha256, SHA256_DIGEST_LENGTH) @@ -278,10 +278,10 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, unsigned char *tmps = NULL; const unsigned char *encoded = NULL; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE if (rsa->meth->rsa_sign != NULL) return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa); -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ /* Compute the encoded digest. */ if (type == NID_md5_sha1) { @@ -354,7 +354,7 @@ int int_rsa_verify(int type, const unsigned char *m, unsigned int m_len, goto err; decrypt_len = len; -#ifndef FIPS_MODE +#ifndef FIPS_MODULE if (type == NID_md5_sha1) { /* * NID_md5_sha1 corresponds to the MD5/SHA1 combination in TLS 1.1 and @@ -401,7 +401,7 @@ int int_rsa_verify(int type, const unsigned char *m, unsigned int m_len, } } } else -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ { /* * If recovering the digest, extract a digest-sized output from the end diff --git a/crypto/rsa/rsa_sp800_56b_check.c b/crypto/rsa/rsa_sp800_56b_check.c index 2abd6db1d3..662502190e 100644 --- a/crypto/rsa/rsa_sp800_56b_check.c +++ b/crypto/rsa/rsa_sp800_56b_check.c @@ -238,7 +238,7 @@ int rsa_get_lcm(BN_CTX *ctx, const BIGNUM *p, const BIGNUM *q, int rsa_sp800_56b_check_public(const RSA *rsa) { int ret = 0, status; -#ifdef FIPS_MODE +#ifdef FIPS_MODULE int nbits; #endif BN_CTX *ctx = NULL; @@ -247,7 +247,7 @@ int rsa_sp800_56b_check_public(const RSA *rsa) if (rsa->n == NULL || rsa->e == NULL) return 0; -#ifdef FIPS_MODE +#ifdef FIPS_MODULE /* * (Step a): modulus must be 2048 or 3072 (caveat from SP800-56Br1) * NOTE: changed to allow keys >= 2048 |