From f844f9eb44186df2f8b0cfd3264b4eb003d8c61a Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Mon, 13 Apr 2020 22:34:56 +0200
Subject: Rename FIPS_MODE to FIPS_MODULE

This macro is used to determine if certain pieces of code should
become part of the FIPS module or not.  The old name was confusing.

Fixes #11538

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11539)
---
 crypto/dsa/dsa_gen.c   |  8 ++++----
 crypto/dsa/dsa_key.c   |  8 ++++----
 crypto/dsa/dsa_lib.c   | 22 +++++++++++-----------
 crypto/dsa/dsa_local.h |  2 +-
 crypto/dsa/dsa_ossl.c  |  4 ++--
 5 files changed, 22 insertions(+), 22 deletions(-)

(limited to 'crypto/dsa')

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 7b72867f71..acd088ee79 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -36,7 +36,7 @@ int dsa_generate_ffc_parameters(DSA *dsa, int type,
             qbits = (pbits >= 2048 ? SHA256_DIGEST_LENGTH :
                                      SHA_DIGEST_LENGTH) * 8;
     }
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
     if (type == DSA_PARAMGEN_TYPE_FIPS_186_2)
         ret = ffc_params_FIPS186_2_generate(dsa->libctx, &dsa->params,
                                             FFC_PARAM_TYPE_DSA,
@@ -51,13 +51,13 @@ int dsa_generate_ffc_parameters(DSA *dsa, int type,
     return ret;
 }
 
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
 int DSA_generate_parameters_ex(DSA *dsa, int bits,
                                const unsigned char *seed_in, int seed_len,
                                int *counter_ret, unsigned long *h_ret,
                                BN_GENCB *cb)
 {
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
     if (dsa->meth->dsa_paramgen)
         return dsa->meth->dsa_paramgen(dsa, bits, seed_in, seed_len,
                                        counter_ret, h_ret, cb);
@@ -66,7 +66,7 @@ int DSA_generate_parameters_ex(DSA *dsa, int bits,
         && !ffc_params_set_validate_params(&dsa->params, seed_in, seed_len, -1))
         return 0;
 
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
     /* The old code used FIPS 186-2 DSA Parameter generation */
     if (bits <= 1024 && seed_len == 20) {
         if (!dsa_generate_ffc_parameters(dsa, DSA_PARAMGEN_TYPE_FIPS_186_2,
diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
index f9bb3470f6..7bd9c5ff2e 100644
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -21,7 +21,7 @@
 #include "crypto/dsa.h"
 #include "dsa_local.h"
 
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
 # define MIN_STRENGTH 112
 #else
 # define MIN_STRENGTH 80
@@ -32,7 +32,7 @@ static int dsa_keygen_pairwise_test(DSA *dsa, OSSL_CALLBACK *cb, void *cbarg);
 
 int DSA_generate_key(DSA *dsa)
 {
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
     if (dsa->meth->dsa_keygen != NULL)
         return dsa->meth->dsa_keygen(dsa);
 #endif
@@ -96,9 +96,9 @@ static int dsa_keygen(DSA *dsa, int pairwise_test)
     dsa->priv_key = priv_key;
     dsa->pub_key = pub_key;
 
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
     pairwise_test = 1;
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
 
     ok = 1;
     if (pairwise_test) {
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index b773f2c526..e71a8c8f8e 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -27,7 +27,7 @@
 
 static DSA *dsa_new_intern(ENGINE *engine, OPENSSL_CTX *libctx);
 
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
 
 int DSA_set_ex_data(DSA *d, int idx, void *arg)
 {
@@ -124,7 +124,7 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
         meth->init(dsa);
     return 1;
 }
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
 
 
 const DSA_METHOD *DSA_get_method(DSA *d)
@@ -151,7 +151,7 @@ static DSA *dsa_new_intern(ENGINE *engine, OPENSSL_CTX *libctx)
 
     ret->libctx = libctx;
     ret->meth = DSA_get_default_method();
-#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE)
+#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
     ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; /* early default init */
     if (engine) {
         if (!ENGINE_init(engine)) {
@@ -172,7 +172,7 @@ static DSA *dsa_new_intern(ENGINE *engine, OPENSSL_CTX *libctx)
 
     ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
 
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
     if (!crypto_new_ex_data_ex(libctx, CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data))
         goto err;
 #endif
@@ -199,7 +199,7 @@ DSA *dsa_new_with_ctx(OPENSSL_CTX *libctx)
     return dsa_new_intern(NULL, libctx);
 }
 
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
 DSA *DSA_new(void)
 {
     return dsa_new_intern(NULL, NULL);
@@ -221,11 +221,11 @@ void DSA_free(DSA *r)
 
     if (r->meth != NULL && r->meth->finish != NULL)
         r->meth->finish(r);
-#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE)
+#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
     ENGINE_finish(r->engine);
 #endif
 
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
     CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
 #endif
 
@@ -430,7 +430,7 @@ int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits)
     if ((ret = dsa_paramgen_check(ctx)) <= 0)
         return ret;
 
-#if !defined(FIPS_MODE)
+#if !defined(FIPS_MODULE)
     /* TODO(3.0): Remove this eventually when no more legacy */
     if (ctx->op.keymgmt.genctx == NULL)
         return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA,  EVP_PKEY_OP_PARAMGEN,
@@ -452,7 +452,7 @@ int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits)
     if ((ret = dsa_paramgen_check(ctx)) <= 0)
         return ret;
 
-#if !defined(FIPS_MODE)
+#if !defined(FIPS_MODULE)
     /* TODO(3.0): Remove this eventually when no more legacy */
     if (ctx->op.keymgmt.genctx == NULL)
         return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA,  EVP_PKEY_OP_PARAMGEN,
@@ -475,7 +475,7 @@ int EVP_PKEY_CTX_set_dsa_paramgen_md_props(EVP_PKEY_CTX *ctx,
     if ((ret = dsa_paramgen_check(ctx)) <= 0)
         return ret;
 
-#if !defined(FIPS_MODE)
+#if !defined(FIPS_MODULE)
     /* TODO(3.0): Remove this eventually when no more legacy */
     if (ctx->op.keymgmt.genctx == NULL) {
         const EVP_MD *md = EVP_get_digestbyname(md_name);
@@ -495,7 +495,7 @@ int EVP_PKEY_CTX_set_dsa_paramgen_md_props(EVP_PKEY_CTX *ctx,
     return EVP_PKEY_CTX_set_params(ctx, params);
 }
 
-#if !defined(FIPS_MODE)
+#if !defined(FIPS_MODULE)
 int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
 {
     const char *md_name = (md == NULL) ? "" : EVP_MD_name(md);
diff --git a/crypto/dsa/dsa_local.h b/crypto/dsa/dsa_local.h
index b841595c1c..7b43ec6108 100644
--- a/crypto/dsa/dsa_local.h
+++ b/crypto/dsa/dsa_local.h
@@ -25,7 +25,7 @@ struct dsa_st {
     /* Normally used to cache montgomery values */
     BN_MONT_CTX *method_mont_p;
     CRYPTO_REF_COUNT references;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
     CRYPTO_EX_DATA ex_data;
 #endif
     const DSA_METHOD *meth;
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 7288832e08..b52fa1c00b 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -50,12 +50,12 @@ static DSA_METHOD openssl_dsa_meth = {
 
 static const DSA_METHOD *default_DSA_method = &openssl_dsa_meth;
 
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
 void DSA_set_default_method(const DSA_METHOD *meth)
 {
     default_DSA_method = meth;
 }
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
 
 const DSA_METHOD *DSA_get_default_method(void)
 {
-- 
cgit v1.2.3