Rename FIPS_MODE to FIPS_MODULE

This macro is used to determine if certain pieces of code should
become part of the FIPS module or not.  The old name was confusing.

Fixes #11538

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11539)

10 files changed, 23 insertions, 23 deletions

diff --git a/providers/build.info b/providers/build.info
index 45faecf6e9..aae9115dd8 100644
--- a/providers/build.info
+++ b/providers/build.info
@@ -21,11 +21,11 @@
 # libfips.a             Contains all things needed to support
 #                       FIPS implementations, such as code from
 #                       crypto/ and object files that contain
-#                       FIPS-specific code.  FIPS_MODE is defined
+#                       FIPS-specific code.  FIPS_MODULE is defined
 #                       for this library.  The FIPS module uses
 #                       this.
 # libnonfips.a          Corresponds to libfips.a, but built with
-#                       FIPS_MODE undefined.  The default and legacy
+#                       FIPS_MODULE undefined.  The default and legacy
 #                       providers use this.
 
 SUBDIRS=common implementations
@@ -50,7 +50,7 @@ INCLUDE[$LIBIMPLEMENTATIONS]=.. $COMMON_INCLUDES
 INCLUDE[$LIBLEGACY]=.. $COMMON_INCLUDES
 INCLUDE[$LIBNONFIPS]=$COMMON_INCLUDES
 INCLUDE[$LIBFIPS]=.. $COMMON_INCLUDES
-DEFINE[$LIBFIPS]=FIPS_MODE
+DEFINE[$LIBFIPS]=FIPS_MODULE
 
 # Weak dependencies to provide library order information.
 # We make it weak so they aren't both used always; what is
@@ -101,7 +101,7 @@ SUBDIRS=fips
 $FIPSGOAL=fips
 DEPEND[$FIPSGOAL]=$LIBIMPLEMENTATIONS $LIBFIPS
 INCLUDE[$FIPSGOAL]=../include
-DEFINE[$FIPSGOAL]=FIPS_MODE
+DEFINE[$FIPSGOAL]=FIPS_MODULE
 IF[{- defined $target{shared_defflag} -}]
   SOURCE[$FIPSGOAL]=fips.ld
   GENERATE[fips.ld]=../util/providers.num
diff --git a/providers/common/der/der_rsa.c.in b/providers/common/der/der_rsa.c.in
index fb936d2966..5abf079398 100644
--- a/providers/common/der/der_rsa.c.in
+++ b/providers/common/der/der_rsa.c.in
@@ -50,7 +50,7 @@ int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag,
     size_t precompiled_sz = 0;
 
     switch (mdnid) {
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
         MD_CASE(md2);
         MD_CASE(md5);
 #endif
diff --git a/providers/common/provider_util.c b/providers/common/provider_util.c
index a409d717f9..270609e9d6 100644
--- a/providers/common/provider_util.c
+++ b/providers/common/provider_util.c
@@ -46,7 +46,7 @@ static int load_common(const OSSL_PARAM params[], const char **propquery,
     *engine = NULL;
     /* TODO legacy stuff, to be removed */
     /* Inside the FIPS module, we don't support legacy ciphers */
-#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE)
+#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
     p = OSSL_PARAM_locate_const(params, "engine");
     if (p != NULL) {
         if (p->data_type != OSSL_PARAM_UTF8_STRING)
@@ -80,7 +80,7 @@ int ossl_prov_cipher_load_from_params(PROV_CIPHER *pc,
     ERR_set_mark();
     pc->cipher = pc->alloc_cipher = EVP_CIPHER_fetch(ctx, p->data, propquery);
     /* TODO legacy stuff, to be removed */
-#ifndef FIPS_MODE /* Inside the FIPS module, we don't support legacy ciphers */
+#ifndef FIPS_MODULE /* Inside the FIPS module, we don't support legacy ciphers */
     if (pc->cipher == NULL)
         pc->cipher = EVP_get_cipherbyname(p->data);
 #endif
@@ -140,7 +140,7 @@ int ossl_prov_digest_load_from_params(PROV_DIGEST *pd,
     ERR_set_mark();
     pd->md = pd->alloc_md = EVP_MD_fetch(ctx, p->data, propquery);
     /* TODO legacy stuff, to be removed */
-#ifndef FIPS_MODE /* Inside the FIPS module, we don't support legacy digests */
+#ifndef FIPS_MODULE /* Inside the FIPS module, we don't support legacy digests */
     if (pd->md == NULL)
         pd->md = EVP_get_digestbyname(p->data);
 #endif
@@ -231,7 +231,7 @@ int ossl_prov_macctx_load_from_params(EVP_MAC_CTX **macctx,
         *mp++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_PROPERTIES,
                                                  (char *)properties, 0);
 
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
     if ((p = OSSL_PARAM_locate_const(params, "engine")) != NULL) {
         if (p->data_type != OSSL_PARAM_UTF8_STRING)
             return 0;
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 98cccbf3d7..faf74831eb 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -233,7 +233,7 @@ static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
 /* FIPS specific version of the function of the same name in provlib.c */
 const char *ossl_prov_util_nid_to_name(int nid)
 {
-    /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */
+    /* We don't have OBJ_nid2n() in FIPS_MODULE so we have an explicit list */
 
     switch (nid) {
     /* Digests */
diff --git a/providers/implementations/ciphers/cipher_aes_xts_fips.c b/providers/implementations/ciphers/cipher_aes_xts_fips.c
index 7c8f40ac57..b294bdecaf 100644
--- a/providers/implementations/ciphers/cipher_aes_xts_fips.c
+++ b/providers/implementations/ciphers/cipher_aes_xts_fips.c
@@ -16,8 +16,8 @@
 
 #include "cipher_aes_xts.h"
 
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
 const int allow_insecure_decrypt = 0;
 #else
 const int allow_insecure_decrypt = 1;
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c
index 7293e0b9fe..ae0720d90d 100644
--- a/providers/implementations/exchange/ecdh_exch.c
+++ b/providers/implementations/exchange/ecdh_exch.c
@@ -458,7 +458,7 @@ int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret,
     return ret;
 }
 
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
 static ossl_inline
 int ecdh_X9_63_kdf_derive(void *vpecdhctx, unsigned char *secret,
                           size_t *psecretlen, size_t outlen)
@@ -498,7 +498,7 @@ int ecdh_X9_63_kdf_derive(void *vpecdhctx, unsigned char *secret,
     OPENSSL_secure_clear_free(stmp, stmplen);
     return ret;
 }
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
 
 static
 int ecdh_derive(void *vpecdhctx, unsigned char *secret,
@@ -509,11 +509,11 @@ int ecdh_derive(void *vpecdhctx, unsigned char *secret,
     switch (pecdhctx->kdf_type) {
         case PROV_ECDH_KDF_NONE:
             return ecdh_plain_derive(vpecdhctx, secret, psecretlen, outlen);
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
         case PROV_ECDH_KDF_X9_63:
             return ecdh_X9_63_kdf_derive(vpecdhctx, secret, psecretlen, outlen);
 
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
         default:
             break;
     }
diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h
index 9b5017a144..8d35fba49c 100644
--- a/providers/implementations/include/prov/implementations.h
+++ b/providers/implementations/include/prov/implementations.h
@@ -181,7 +181,7 @@ extern const OSSL_DISPATCH rc2128ofb128_functions[];
 #ifndef OPENSSL_NO_DES
 extern const OSSL_DISPATCH tdes_ede3_ecb_functions[];
 extern const OSSL_DISPATCH tdes_ede3_cbc_functions[];
-# ifndef FIPS_MODE
+# ifndef FIPS_MODULE
 extern const OSSL_DISPATCH tdes_ede3_ofb_functions[];
 extern const OSSL_DISPATCH tdes_ede3_cfb_functions[];
 extern const OSSL_DISPATCH tdes_ede3_cfb8_functions[];
@@ -201,7 +201,7 @@ extern const OSSL_DISPATCH des_ofb64_functions[];
 extern const OSSL_DISPATCH des_cfb64_functions[];
 extern const OSSL_DISPATCH des_cfb1_functions[];
 extern const OSSL_DISPATCH des_cfb8_functions[];
-# endif /* FIPS_MODE */
+# endif /* FIPS_MODULE */
 #endif /* OPENSSL_NO_DES */
 
 #ifndef OPENSSL_NO_RC4
diff --git a/providers/implementations/kdfs/pbkdf2_fips.c b/providers/implementations/kdfs/pbkdf2_fips.c
index d33782b24c..cbfc6b7fc3 100644
--- a/providers/implementations/kdfs/pbkdf2_fips.c
+++ b/providers/implementations/kdfs/pbkdf2_fips.c
@@ -13,8 +13,8 @@
  * For backwards compatibility reasons,
  * Extra checks are done by default in fips mode only.
  */
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
 const int kdf_pbkdf2_default_checks = 1;
 #else
 const int kdf_pbkdf2_default_checks = 0;
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c
index 8ea394115b..3bf175b752 100644
--- a/providers/implementations/keymgmt/rsa_kmgmt.c
+++ b/providers/implementations/keymgmt/rsa_kmgmt.c
@@ -176,7 +176,7 @@ err:
     return ok;
 }
 
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
 /* In fips mode there are no multi-primes. */
 # define RSA_KEY_MP_TYPES()                                                    \
 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, NULL, 0),                           \
diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c
index 0ea5e0a8e9..fdcdb56194 100644
--- a/providers/implementations/signature/rsa.c
+++ b/providers/implementations/signature/rsa.c
@@ -313,7 +313,7 @@ static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen,
             return 0;
         }
 
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
         if (EVP_MD_is_a(prsactx->md, OSSL_DIGEST_NAME_MDC2)) {
             unsigned int sltmp;
 
@@ -407,7 +407,7 @@ static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen,
                                   prsactx->pad_mode);
     }
 
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
  end:
 #endif
     if (ret <= 0) {