diff options
author | Richard Levitte <levitte@openssl.org> | 2020-04-13 22:34:56 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-04-28 15:37:37 +0200 |
commit | f844f9eb44186df2f8b0cfd3264b4eb003d8c61a (patch) | |
tree | 29860f9c269b67546a418c0197066164e455a362 /providers | |
parent | cf86057a1acd13b13c9bd8f7b8a14bbc0e3ffd56 (diff) |
Rename FIPS_MODE to FIPS_MODULE
This macro is used to determine if certain pieces of code should
become part of the FIPS module or not. The old name was confusing.
Fixes #11538
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11539)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/build.info | 8 | ||||
-rw-r--r-- | providers/common/der/der_rsa.c.in | 2 | ||||
-rw-r--r-- | providers/common/provider_util.c | 8 | ||||
-rw-r--r-- | providers/fips/fipsprov.c | 2 | ||||
-rw-r--r-- | providers/implementations/ciphers/cipher_aes_xts_fips.c | 4 | ||||
-rw-r--r-- | providers/implementations/exchange/ecdh_exch.c | 8 | ||||
-rw-r--r-- | providers/implementations/include/prov/implementations.h | 4 | ||||
-rw-r--r-- | providers/implementations/kdfs/pbkdf2_fips.c | 4 | ||||
-rw-r--r-- | providers/implementations/keymgmt/rsa_kmgmt.c | 2 | ||||
-rw-r--r-- | providers/implementations/signature/rsa.c | 4 |
10 files changed, 23 insertions, 23 deletions
diff --git a/providers/build.info b/providers/build.info index 45faecf6e9..aae9115dd8 100644 --- a/providers/build.info +++ b/providers/build.info @@ -21,11 +21,11 @@ # libfips.a Contains all things needed to support # FIPS implementations, such as code from # crypto/ and object files that contain -# FIPS-specific code. FIPS_MODE is defined +# FIPS-specific code. FIPS_MODULE is defined # for this library. The FIPS module uses # this. # libnonfips.a Corresponds to libfips.a, but built with -# FIPS_MODE undefined. The default and legacy +# FIPS_MODULE undefined. The default and legacy # providers use this. SUBDIRS=common implementations @@ -50,7 +50,7 @@ INCLUDE[$LIBIMPLEMENTATIONS]=.. $COMMON_INCLUDES INCLUDE[$LIBLEGACY]=.. $COMMON_INCLUDES INCLUDE[$LIBNONFIPS]=$COMMON_INCLUDES INCLUDE[$LIBFIPS]=.. $COMMON_INCLUDES -DEFINE[$LIBFIPS]=FIPS_MODE +DEFINE[$LIBFIPS]=FIPS_MODULE # Weak dependencies to provide library order information. # We make it weak so they aren't both used always; what is @@ -101,7 +101,7 @@ SUBDIRS=fips $FIPSGOAL=fips DEPEND[$FIPSGOAL]=$LIBIMPLEMENTATIONS $LIBFIPS INCLUDE[$FIPSGOAL]=../include -DEFINE[$FIPSGOAL]=FIPS_MODE +DEFINE[$FIPSGOAL]=FIPS_MODULE IF[{- defined $target{shared_defflag} -}] SOURCE[$FIPSGOAL]=fips.ld GENERATE[fips.ld]=../util/providers.num diff --git a/providers/common/der/der_rsa.c.in b/providers/common/der/der_rsa.c.in index fb936d2966..5abf079398 100644 --- a/providers/common/der/der_rsa.c.in +++ b/providers/common/der/der_rsa.c.in @@ -50,7 +50,7 @@ int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag, size_t precompiled_sz = 0; switch (mdnid) { -#ifndef FIPS_MODE +#ifndef FIPS_MODULE MD_CASE(md2); MD_CASE(md5); #endif diff --git a/providers/common/provider_util.c b/providers/common/provider_util.c index a409d717f9..270609e9d6 100644 --- a/providers/common/provider_util.c +++ b/providers/common/provider_util.c @@ -46,7 +46,7 @@ static int load_common(const OSSL_PARAM params[], const char **propquery, *engine = NULL; /* TODO legacy stuff, to be removed */ /* Inside the FIPS module, we don't support legacy ciphers */ -#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE) +#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE) p = OSSL_PARAM_locate_const(params, "engine"); if (p != NULL) { if (p->data_type != OSSL_PARAM_UTF8_STRING) @@ -80,7 +80,7 @@ int ossl_prov_cipher_load_from_params(PROV_CIPHER *pc, ERR_set_mark(); pc->cipher = pc->alloc_cipher = EVP_CIPHER_fetch(ctx, p->data, propquery); /* TODO legacy stuff, to be removed */ -#ifndef FIPS_MODE /* Inside the FIPS module, we don't support legacy ciphers */ +#ifndef FIPS_MODULE /* Inside the FIPS module, we don't support legacy ciphers */ if (pc->cipher == NULL) pc->cipher = EVP_get_cipherbyname(p->data); #endif @@ -140,7 +140,7 @@ int ossl_prov_digest_load_from_params(PROV_DIGEST *pd, ERR_set_mark(); pd->md = pd->alloc_md = EVP_MD_fetch(ctx, p->data, propquery); /* TODO legacy stuff, to be removed */ -#ifndef FIPS_MODE /* Inside the FIPS module, we don't support legacy digests */ +#ifndef FIPS_MODULE /* Inside the FIPS module, we don't support legacy digests */ if (pd->md == NULL) pd->md = EVP_get_digestbyname(p->data); #endif @@ -231,7 +231,7 @@ int ossl_prov_macctx_load_from_params(EVP_MAC_CTX **macctx, *mp++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_PROPERTIES, (char *)properties, 0); -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) if ((p = OSSL_PARAM_locate_const(params, "engine")) != NULL) { if (p->data_type != OSSL_PARAM_UTF8_STRING) return 0; diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 98cccbf3d7..faf74831eb 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -233,7 +233,7 @@ static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]) /* FIPS specific version of the function of the same name in provlib.c */ const char *ossl_prov_util_nid_to_name(int nid) { - /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */ + /* We don't have OBJ_nid2n() in FIPS_MODULE so we have an explicit list */ switch (nid) { /* Digests */ diff --git a/providers/implementations/ciphers/cipher_aes_xts_fips.c b/providers/implementations/ciphers/cipher_aes_xts_fips.c index 7c8f40ac57..b294bdecaf 100644 --- a/providers/implementations/ciphers/cipher_aes_xts_fips.c +++ b/providers/implementations/ciphers/cipher_aes_xts_fips.c @@ -16,8 +16,8 @@ #include "cipher_aes_xts.h" -#ifdef FIPS_MODE +#ifdef FIPS_MODULE const int allow_insecure_decrypt = 0; #else const int allow_insecure_decrypt = 1; -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c index 7293e0b9fe..ae0720d90d 100644 --- a/providers/implementations/exchange/ecdh_exch.c +++ b/providers/implementations/exchange/ecdh_exch.c @@ -458,7 +458,7 @@ int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret, return ret; } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE static ossl_inline int ecdh_X9_63_kdf_derive(void *vpecdhctx, unsigned char *secret, size_t *psecretlen, size_t outlen) @@ -498,7 +498,7 @@ int ecdh_X9_63_kdf_derive(void *vpecdhctx, unsigned char *secret, OPENSSL_secure_clear_free(stmp, stmplen); return ret; } -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ static int ecdh_derive(void *vpecdhctx, unsigned char *secret, @@ -509,11 +509,11 @@ int ecdh_derive(void *vpecdhctx, unsigned char *secret, switch (pecdhctx->kdf_type) { case PROV_ECDH_KDF_NONE: return ecdh_plain_derive(vpecdhctx, secret, psecretlen, outlen); -#ifndef FIPS_MODE +#ifndef FIPS_MODULE case PROV_ECDH_KDF_X9_63: return ecdh_X9_63_kdf_derive(vpecdhctx, secret, psecretlen, outlen); -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ default: break; } diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h index 9b5017a144..8d35fba49c 100644 --- a/providers/implementations/include/prov/implementations.h +++ b/providers/implementations/include/prov/implementations.h @@ -181,7 +181,7 @@ extern const OSSL_DISPATCH rc2128ofb128_functions[]; #ifndef OPENSSL_NO_DES extern const OSSL_DISPATCH tdes_ede3_ecb_functions[]; extern const OSSL_DISPATCH tdes_ede3_cbc_functions[]; -# ifndef FIPS_MODE +# ifndef FIPS_MODULE extern const OSSL_DISPATCH tdes_ede3_ofb_functions[]; extern const OSSL_DISPATCH tdes_ede3_cfb_functions[]; extern const OSSL_DISPATCH tdes_ede3_cfb8_functions[]; @@ -201,7 +201,7 @@ extern const OSSL_DISPATCH des_ofb64_functions[]; extern const OSSL_DISPATCH des_cfb64_functions[]; extern const OSSL_DISPATCH des_cfb1_functions[]; extern const OSSL_DISPATCH des_cfb8_functions[]; -# endif /* FIPS_MODE */ +# endif /* FIPS_MODULE */ #endif /* OPENSSL_NO_DES */ #ifndef OPENSSL_NO_RC4 diff --git a/providers/implementations/kdfs/pbkdf2_fips.c b/providers/implementations/kdfs/pbkdf2_fips.c index d33782b24c..cbfc6b7fc3 100644 --- a/providers/implementations/kdfs/pbkdf2_fips.c +++ b/providers/implementations/kdfs/pbkdf2_fips.c @@ -13,8 +13,8 @@ * For backwards compatibility reasons, * Extra checks are done by default in fips mode only. */ -#ifdef FIPS_MODE +#ifdef FIPS_MODULE const int kdf_pbkdf2_default_checks = 1; #else const int kdf_pbkdf2_default_checks = 0; -#endif /* FIPS_MODE */ +#endif /* FIPS_MODULE */ diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c index 8ea394115b..3bf175b752 100644 --- a/providers/implementations/keymgmt/rsa_kmgmt.c +++ b/providers/implementations/keymgmt/rsa_kmgmt.c @@ -176,7 +176,7 @@ err: return ok; } -#ifdef FIPS_MODE +#ifdef FIPS_MODULE /* In fips mode there are no multi-primes. */ # define RSA_KEY_MP_TYPES() \ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, NULL, 0), \ diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c index 0ea5e0a8e9..fdcdb56194 100644 --- a/providers/implementations/signature/rsa.c +++ b/providers/implementations/signature/rsa.c @@ -313,7 +313,7 @@ static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen, return 0; } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE if (EVP_MD_is_a(prsactx->md, OSSL_DIGEST_NAME_MDC2)) { unsigned int sltmp; @@ -407,7 +407,7 @@ static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen, prsactx->pad_mode); } -#ifndef FIPS_MODE +#ifndef FIPS_MODULE end: #endif if (ret <= 0) { |