summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorRichard Levitte <levitte@openssl.org>2020-04-13 22:34:56 +0200
committerRichard Levitte <levitte@openssl.org>2020-04-28 15:37:37 +0200
commitf844f9eb44186df2f8b0cfd3264b4eb003d8c61a (patch)
tree29860f9c269b67546a418c0197066164e455a362 /crypto
parentcf86057a1acd13b13c9bd8f7b8a14bbc0e3ffd56 (diff)
Rename FIPS_MODE to FIPS_MODULE
This macro is used to determine if certain pieces of code should become part of the FIPS module or not. The old name was confusing. Fixes #11538 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11539)
Diffstat (limited to 'crypto')
-rw-r--r--crypto/bn/bn_conv.c4
-rw-r--r--crypto/bn/bn_ctx.c10
-rw-r--r--crypto/bn/bn_dh.c6
-rw-r--r--crypto/bn/bn_prime.c8
-rw-r--r--crypto/bn/bn_rand.c8
-rw-r--r--crypto/context.c10
-rw-r--r--crypto/core_namemap.c8
-rw-r--r--crypto/dh/dh_check.c8
-rw-r--r--crypto/dh/dh_gen.c18
-rw-r--r--crypto/dh/dh_group_params.c4
-rw-r--r--crypto/dh/dh_key.c20
-rw-r--r--crypto/dh/dh_lib.c30
-rw-r--r--crypto/dh/dh_local.h2
-rw-r--r--crypto/dh/dh_pmeth.c10
-rw-r--r--crypto/dsa/dsa_gen.c8
-rw-r--r--crypto/dsa/dsa_key.c8
-rw-r--r--crypto/dsa/dsa_lib.c22
-rw-r--r--crypto/dsa/dsa_local.h2
-rw-r--r--crypto/dsa/dsa_ossl.c4
-rw-r--r--crypto/ec/ec2_oct.c20
-rw-r--r--crypto/ec/ec2_smpl.c28
-rw-r--r--crypto/ec/ec_asn1.c4
-rw-r--r--crypto/ec/ec_check.c4
-rw-r--r--crypto/ec/ec_ctrl.c2
-rw-r--r--crypto/ec/ec_curve.c42
-rw-r--r--crypto/ec/ec_key.c18
-rw-r--r--crypto/ec/ec_kmeth.c8
-rw-r--r--crypto/ec/ec_lib.c24
-rw-r--r--crypto/ec/ec_local.h2
-rw-r--r--crypto/ec/ec_mult.c6
-rw-r--r--crypto/ec/ecp_nistp224.c10
-rw-r--r--crypto/ec/ecp_nistp256.c10
-rw-r--r--crypto/ec/ecp_nistp521.c10
-rw-r--r--crypto/ec/ecp_oct.c4
-rw-r--r--crypto/evp/digest.c28
-rw-r--r--crypto/evp/e_aes.c10
-rw-r--r--crypto/evp/evp_enc.c24
-rw-r--r--crypto/evp/evp_fetch.c4
-rw-r--r--crypto/evp/evp_lib.c14
-rw-r--r--crypto/evp/exchange.c4
-rw-r--r--crypto/evp/m_sigver.c6
-rw-r--r--crypto/evp/p_lib.c54
-rw-r--r--crypto/evp/pmeth_check.c6
-rw-r--r--crypto/evp/pmeth_gn.c16
-rw-r--r--crypto/evp/pmeth_lib.c24
-rw-r--r--crypto/ffc/ffc_params.c6
-rw-r--r--crypto/ffc/ffc_params_generate.c2
-rw-r--r--crypto/initthread.c18
-rw-r--r--crypto/mem.c4
-rw-r--r--crypto/ppccap.c4
-rw-r--r--crypto/property/property.c2
-rw-r--r--crypto/provider_core.c42
-rw-r--r--crypto/provider_predefined.c2
-rw-r--r--crypto/rand/drbg_ctr.c2
-rw-r--r--crypto/rand/drbg_lib.c12
-rw-r--r--crypto/rand/rand_lib.c16
-rw-r--r--crypto/rand/rand_local.h2
-rw-r--r--crypto/rand/rand_unix.c6
-rw-r--r--crypto/rand/rand_win.c2
-rw-r--r--crypto/rsa/rsa_chk.c10
-rw-r--r--crypto/rsa/rsa_gen.c8
-rw-r--r--crypto/rsa/rsa_lib.c42
-rw-r--r--crypto/rsa/rsa_local.h2
-rw-r--r--crypto/rsa/rsa_mp_names.c6
-rw-r--r--crypto/rsa/rsa_oaep.c6
-rw-r--r--crypto/rsa/rsa_ossl.c22
-rw-r--r--crypto/rsa/rsa_pk1.c2
-rw-r--r--crypto/rsa/rsa_sign.c20
-rw-r--r--crypto/rsa/rsa_sp800_56b_check.c4
-rw-r--r--crypto/self_test_core.c4
-rw-r--r--crypto/threads_pthread.c4
71 files changed, 411 insertions, 411 deletions
diff --git a/crypto/bn/bn_conv.c b/crypto/bn/bn_conv.c
index fd21464d74..089b755748 100644
--- a/crypto/bn/bn_conv.c
+++ b/crypto/bn/bn_conv.c
@@ -46,8 +46,8 @@ char *BN_bn2hex(const BIGNUM *a)
return buf;
}
-#ifndef FIPS_MODE
-/* No BIO_snprintf in FIPS_MODE */
+#ifndef FIPS_MODULE
+/* No BIO_snprintf in FIPS_MODULE */
/* Must 'OPENSSL_free' the returned data */
char *BN_bn2dec(const BIGNUM *a)
{
diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c
index ecc0034bbc..5fc8322a31 100644
--- a/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
@@ -90,7 +90,7 @@ struct bignum_ctx {
OPENSSL_CTX *libctx;
};
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* Debugging functionality */
static void ctxdbg(BIO *channel, const char *text, BN_CTX *ctx)
{
@@ -126,7 +126,7 @@ static void ctxdbg(BIO *channel, const char *text, BN_CTX *ctx)
#else
/* TODO(3.0): Consider if we want to do this in FIPS mode */
# define CTXDBG(str, ctx) do {} while(0)
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx)
{
@@ -143,7 +143,7 @@ BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx)
return ret;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX *BN_CTX_new(void)
{
return BN_CTX_new_ex(NULL);
@@ -159,7 +159,7 @@ BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx)
return ret;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX *BN_CTX_secure_new(void)
{
return BN_CTX_secure_new_ex(NULL);
@@ -170,7 +170,7 @@ void BN_CTX_free(BN_CTX *ctx)
{
if (ctx == NULL)
return;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
OSSL_TRACE_BEGIN(BN_CTX) {
BN_POOL_ITEM *pool = ctx->pool.head;
BIO_printf(trc_out,
diff --git a/crypto/bn/bn_dh.c b/crypto/bn/bn_dh.c
index 9ffb6d8d83..9a7cc17f62 100644
--- a/crypto/bn/bn_dh.c
+++ b/crypto/bn/bn_dh.c
@@ -22,7 +22,7 @@
/* DH parameters from RFC3526 */
-# ifndef FIPS_MODE
+# ifndef FIPS_MODULE
/*
* "1536-bit MODP Group" from RFC3526, Section 2.
*
@@ -60,7 +60,7 @@ static const BN_ULONG modp_1536_q[] = {
BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145),
BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF)
};
-# endif /* FIPS_MODE */
+# endif /* FIPS_MODULE */
/*-
* "2048-bit MODP Group" from RFC3526, Section 3.
@@ -1037,7 +1037,7 @@ make_dh_bn(ffdhe6144_q)
make_dh_bn(ffdhe8192_p)
make_dh_bn(ffdhe8192_q)
-# ifndef FIPS_MODE
+# ifndef FIPS_MODULE
make_dh_bn(modp_1536_p)
make_dh_bn(modp_1536_q)
# endif
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index ce5789ea3e..20fa0baac7 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -207,7 +207,7 @@ int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe,
return found;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
{
@@ -265,7 +265,7 @@ static int bn_is_prime_int(const BIGNUM *w, int checks, BN_CTX *ctx,
int do_trial_division, BN_GENCB *cb)
{
int i, status, ret = -1;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX *ctxlocal = NULL;
#else
@@ -301,7 +301,7 @@ static int bn_is_prime_int(const BIGNUM *w, int checks, BN_CTX *ctx,
if (!BN_GENCB_call(cb, 1, -1))
return -1;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (ctx == NULL && (ctxlocal = ctx = BN_CTX_new()) == NULL)
goto err;
#endif
@@ -311,7 +311,7 @@ static int bn_is_prime_int(const BIGNUM *w, int checks, BN_CTX *ctx,
goto err;
ret = (status == BN_PRIMETEST_PROBABLY_PRIME);
err:
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
BN_CTX_free(ctxlocal);
#endif
return ret;
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index 91cb39ee49..e603bb7030 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -103,7 +103,7 @@ int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx)
{
return bnrand(NORMAL, rnd, bits, top, bottom, ctx);
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
{
return bnrand(NORMAL, rnd, bits, top, bottom, NULL);
@@ -120,7 +120,7 @@ int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx)
return bnrand(PRIVATE, rnd, bits, top, bottom, ctx);
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom)
{
return bnrand(PRIVATE, rnd, bits, top, bottom, NULL);
@@ -199,7 +199,7 @@ int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx)
return bnrand_range(NORMAL, r, range, ctx);
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int BN_rand_range(BIGNUM *r, const BIGNUM *range)
{
return bnrand_range(NORMAL, r, range, NULL);
@@ -211,7 +211,7 @@ int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx)
return bnrand_range(PRIVATE, r, range, ctx);
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int BN_priv_rand_range(BIGNUM *r, const BIGNUM *range)
{
return bnrand_range(PRIVATE, r, range, NULL);
diff --git a/crypto/context.c b/crypto/context.c
index cf3b078b5d..1c95298ea2 100644
--- a/crypto/context.c
+++ b/crypto/context.c
@@ -39,7 +39,7 @@ struct openssl_ctx_st {
struct openssl_ctx_onfree_list_st *onfreelist;
};
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
static OPENSSL_CTX default_context_int;
/* Always points at default_context_int if it has been initialised */
@@ -119,7 +119,7 @@ static int context_deinit(OPENSSL_CTX *ctx)
return 1;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
void openssl_ctx_default_deinit(void)
{
context_deinit(default_context);
@@ -146,7 +146,7 @@ OPENSSL_CTX *OPENSSL_CTX_new(void)
return ctx;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int OPENSSL_CTX_load_config(OPENSSL_CTX *ctx, const char *config_file)
{
return CONF_modules_load_file_with_libctx(ctx, config_file, NULL, 0) > 0;
@@ -162,7 +162,7 @@ void OPENSSL_CTX_free(OPENSSL_CTX *ctx)
OPENSSL_CTX *openssl_ctx_get_concrete(OPENSSL_CTX *ctx)
{
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (ctx == NULL) {
if (!RUN_ONCE(&default_context_init, do_default_context_init))
return 0;
@@ -174,7 +174,7 @@ OPENSSL_CTX *openssl_ctx_get_concrete(OPENSSL_CTX *ctx)
int openssl_ctx_is_default(OPENSSL_CTX *ctx)
{
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (ctx == NULL || ctx == default_context)
return 1;
#endif
diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c
index 3d509314fa..94c80de091 100644
--- a/crypto/core_namemap.c
+++ b/crypto/core_namemap.c
@@ -136,7 +136,7 @@ int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap,
NAMENUM_ENTRY *namenum_entry, namenum_tmpl;
int number = 0;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (namemap == NULL)
namemap = ossl_namemap_stored(NULL);
#endif
@@ -198,7 +198,7 @@ int ossl_namemap_add_name_n(OSSL_NAMEMAP *namemap, int number,
NAMENUM_ENTRY *namenum = NULL;
int tmp_number;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (namemap == NULL)
namemap = ossl_namemap_stored(NULL);
#endif
@@ -309,7 +309,7 @@ int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number,
* ==============
*/
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
#include <openssl/evp.h>
/* Creates an initial namemap with names found in the legacy method db */
@@ -366,7 +366,7 @@ OSSL_NAMEMAP *ossl_namemap_stored(OPENSSL_CTX *libctx)
openssl_ctx_get_data(libctx, OPENSSL_CTX_NAMEMAP_INDEX,
&stored_namemap_method);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (namemap != NULL && ossl_namemap_empty(namemap)) {
/* Before pilfering, we make sure the legacy database is populated */
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index a25e83f15e..9dd595ae12 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -44,7 +44,7 @@ int DH_check_params_ex(const DH *dh)
return errflags == 0;
}
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
int DH_check_params(const DH *dh, int *ret)
{
int nid;
@@ -102,7 +102,7 @@ int DH_check_params(const DH *dh, int *ret)
BN_CTX_free(ctx);
return ok;
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
/*-
* Check that p is a safe prime and
@@ -140,7 +140,7 @@ int DH_check_ex(const DH *dh)
/* Note: according to documentation - this only checks the params */
int DH_check(const DH *dh, int *ret)
{
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
return DH_check_params(dh, ret);
#else
int ok = 0, r;
@@ -210,7 +210,7 @@ int DH_check(const DH *dh, int *ret)
BN_CTX_end(ctx);
BN_CTX_free(ctx);
return ok;
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
}
int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key)
diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
index 39bb365216..327f6ff610 100644
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -30,10 +30,10 @@
#include "crypto/dh.h"
#include "dh_local.h"
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
BN_GENCB *cb);
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
int dh_generate_ffc_parameters(DH *dh, int type, int pbits,
int qbits, EVP_MD *md, BN_GENCB *cb)
@@ -47,7 +47,7 @@ int dh_generate_ffc_parameters(DH *dh, int type, int pbits,
qbits = (pbits >= 2048 ? SHA256_DIGEST_LENGTH :
SHA_DIGEST_LENGTH) * 8;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (type == DH_PARAMGEN_TYPE_FIPS_186_2)
ret = ffc_params_FIPS186_2_generate(dh->libctx, &dh->params,
FFC_PARAM_TYPE_DH,
@@ -96,7 +96,7 @@ int dh_get_named_group_uid_from_size(int pbits)
return nid;
}
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
static int dh_gen_named_group(OPENSSL_CTX *libctx, DH *ret, int prime_len)
{
@@ -116,12 +116,12 @@ static int dh_gen_named_group(OPENSSL_CTX *libctx, DH *ret, int prime_len)
DH_free(dh);
return ok;
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
BN_GENCB *cb)
{
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
if (generator != 2)
return 0;
return dh_gen_named_group(ret->libctx, ret, prime_len);
@@ -129,10 +129,10 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
if (ret->meth->generate_params)
return ret->meth->generate_params(ret, prime_len, generator, cb);
return dh_builtin_genparams(ret, prime_len, generator, cb);
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/*-
* We generate DH parameters as follows
* find a prime p which is prime_len bits long,
@@ -238,4 +238,4 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
BN_CTX_free(ctx);
return ok;
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
diff --git a/crypto/dh/dh_group_params.c b/crypto/dh/dh_group_params.c
index 7221e806c5..e0daa6ebc4 100644
--- a/crypto/dh/dh_group_params.c
+++ b/crypto/dh/dh_group_params.c
@@ -59,7 +59,7 @@ static const DH_NAMED_GROUP dh_named_groups[] = {
FFDHE(4096),
FFDHE(6144),
FFDHE(8192),
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
MODP(1536),
#endif
MODP(2048),
@@ -71,7 +71,7 @@ static const DH_NAMED_GROUP dh_named_groups[] = {
* Additional dh named groups from RFC 5114 that have a different g.
* The uid can be any unique identifier.
*/
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
RFC5114("dh_1024_160", 1, 1024, 1024_160),
RFC5114("dh_2048_224", 2, 2048, 2048_224),
RFC5114("dh_2048_256", 3, 2048, 2048_256),
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 918949d953..1893b487ca 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -20,7 +20,7 @@
#include "crypto/dh.h"
#include "crypto/security_bits.h"
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
# define MIN_STRENGTH 112
#else
# define MIN_STRENGTH 80
@@ -39,7 +39,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
BN_MONT_CTX *mont = NULL;
BIGNUM *tmp;
int ret = -1;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int check_result;
#endif
@@ -74,7 +74,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
goto err;
}
/* TODO(3.0) : Solve in a PR related to Key validation for DH */
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) {
DHerr(0, DH_R_INVALID_PUBKEY);
goto err;
@@ -95,7 +95,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
return compute_key(key, pub_key, dh);
#else
return dh->meth->compute_key(key, pub_key, dh);
@@ -106,7 +106,7 @@ int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
int rv, pad;
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
rv = compute_key(key, pub_key, dh);
#else
rv = dh->meth->compute_key(key, pub_key, dh);
@@ -166,16 +166,16 @@ static int dh_finish(DH *dh)
return 1;
}
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
void DH_set_default_method(const DH_METHOD *meth)
{
default_DH_method = meth;
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
int DH_generate_key(DH *dh)
{
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
return generate_key(dh);
#else
return dh->meth->generate_key(dh);
@@ -214,7 +214,7 @@ static int generate_key(DH *dh)
{
int ok = 0;
int generate_new_key = 0;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
unsigned l;
#endif
BN_CTX *ctx = NULL;
@@ -264,7 +264,7 @@ static int generate_key(DH *dh)
max_strength, priv_key))
goto err;
} else {
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
if (dh->params.q == NULL)
goto err;
#else
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index 7e42d13f3c..c3585f264f 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -26,7 +26,7 @@
static DH *dh_new_intern(ENGINE *engine, OPENSSL_CTX *libctx);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
int DH_set_method(DH *dh, const DH_METHOD *meth)
{
/*
@@ -61,7 +61,7 @@ DH *DH_new_method(ENGINE *engine)