Move libssl related defines used by fips provider to prov_ssl.h

This nicely reduces the number of files considered as fips provider sources. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15609)
2 years ago · 085e3cecbd
parent 51cda01c61
commit 085e3cecbd
12 changed files with 52 additions and 20 deletions
--- a/crypto/packet.c
+++ b/crypto/packet.c
@ -9,7 +9,7 @@

 #include "internal/cryptlib.h"
 #include "internal/packet.h"
-#include <openssl/sslerr.h>
+#include <openssl/err.h>

 #define DEFAULT_BUF_SIZE    256

@ -105,7 +105,7 @@ static int wpacket_intern_init_len(WPACKET *pkt, size_t lenbytes)
    pkt->written = 0;

    if ((pkt->subs = OPENSSL_zalloc(sizeof(*pkt->subs))) == NULL) {
-        ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
        return 0;
    }

@ -352,7 +352,7 @@ int WPACKET_start_sub_packet_len__(WPACKET *pkt, size_t lenbytes)
        return 0;

    if ((sub = OPENSSL_zalloc(sizeof(*sub))) == NULL) {
-        ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
        return 0;
    }

--- a/crypto/rsa/rsa_pk1.c
+++ b/crypto/rsa/rsa_pk1.c
@ -20,7 +20,7 @@
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
 /* Just for the SSL_MAX_MASTER_KEY_LENGTH value */
-#include <openssl/ssl.h>
+#include <openssl/prov_ssl.h>
 #include "internal/cryptlib.h"
 #include "crypto/rsa.h"
 #include "rsa_local.h"
--- a/include/openssl/dtls1.h
+++ b/include/openssl/dtls1.h
@ -16,22 +16,21 @@
 #  define HEADER_DTLS1_H
 # endif

+# include <openssl/prov_ssl.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif

 #include <openssl/opensslconf.h>

-# define DTLS1_VERSION                   0xFEFF
-# define DTLS1_2_VERSION                 0xFEFD
+/* DTLS*_VERSION constants are defined in prov_ssl.h */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 #  define DTLS_MIN_VERSION                DTLS1_VERSION
 #  define DTLS_MAX_VERSION                DTLS1_2_VERSION
 # endif
 # define DTLS1_VERSION_MAJOR             0xFE

-# define DTLS1_BAD_VER                   0x0100
-
 /* Special value for method supporting multiple versions */
 # define DTLS_ANY_VERSION                0x1FFFF

--- a/include/openssl/prov_ssl.h
+++ b/include/openssl/prov_ssl.h
@ -0,0 +1,34 @@
+/*
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_PROV_SSL_H
+# define OPENSSL_PROV_SSL_H
+# pragma once
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+/* SSL/TLS related defines useful to providers */
+
+# define SSL_MAX_MASTER_KEY_LENGTH 48
+
+# define SSL3_VERSION                    0x0300
+# define TLS1_VERSION                    0x0301
+# define TLS1_1_VERSION                  0x0302
+# define TLS1_2_VERSION                  0x0303
+# define TLS1_3_VERSION                  0x0304
+# define DTLS1_VERSION                   0xFEFF
+# define DTLS1_2_VERSION                 0xFEFD
+# define DTLS1_BAD_VER                   0x0100
+
+# ifdef __cplusplus
+}
+# endif
+#endif /* OPENSSL_PROV_SSL_H */
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@ -42,6 +42,7 @@ use OpenSSL::stackhash qw(generate_stack_macros generate_const_stack_macros);
 # include <openssl/symhacks.h>
 # include <openssl/ct.h>
 # include <openssl/sslerr.h>
+# include <openssl/prov_ssl.h>

 #ifdef  __cplusplus
 extern "C" {
@ -59,7 +60,7 @@ extern "C" {

 # define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES     (512/8)
 # define SSL_MAX_KEY_ARG_LENGTH                  8
-# define SSL_MAX_MASTER_KEY_LENGTH               48
+/* SSL_MAX_MASTER_KEY_LENGTH is defined in prov_ssl.h */

 /* The maximum number of encrypt/decrypt pipelines we can support */
 # define SSL_MAX_PIPELINES  32
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@ -212,7 +212,7 @@ extern "C" {
 # define SSL3_MD_CLIENT_FINISHED_CONST   "\x43\x4C\x4E\x54"
 # define SSL3_MD_SERVER_FINISHED_CONST   "\x53\x52\x56\x52"

-# define SSL3_VERSION                    0x0300
+/* SSL3_VERSION is defined in prov_ssl.h */
 # define SSL3_VERSION_MAJOR              0x03
 # define SSL3_VERSION_MINOR              0x00

--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@ -20,6 +20,7 @@

 # include <openssl/buffer.h>
 # include <openssl/x509.h>
+# include <openssl/prov_ssl.h>

 #ifdef  __cplusplus
 extern "C" {
@ -30,10 +31,7 @@ extern "C" {
 #  define OPENSSL_TLS_SECURITY_LEVEL 1
 # endif

-# define TLS1_VERSION                    0x0301
-# define TLS1_1_VERSION                  0x0302
-# define TLS1_2_VERSION                  0x0303
-# define TLS1_3_VERSION                  0x0304
+/* TLS*_VERSION constants are defined in prov_ssl.h */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 #  define TLS_MAX_VERSION                TLS1_3_VERSION
 # endif
--- a/providers/common/capabilities.c
+++ b/providers/common/capabilities.c
@ -12,7 +12,7 @@
 #include <openssl/core_dispatch.h>
 #include <openssl/core_names.h>
 /* For TLS1_VERSION etc */
-#include <openssl/ssl.h>
+#include <openssl/prov_ssl.h>
 #include <openssl/params.h>
 #include "internal/nelem.h"
 #include "internal/tlsgroups.h"
--- a/providers/implementations/asymciphers/rsa_enc.c
+++ b/providers/implementations/asymciphers/rsa_enc.c
@ -22,7 +22,7 @@
 #include <openssl/err.h>
 #include <openssl/proverr.h>
 /* Just for SSL_MAX_MASTER_KEY_LENGTH */
-#include <openssl/ssl.h>
+#include <openssl/prov_ssl.h>
 #include "internal/constant_time.h"
 #include "internal/sizes.h"
 #include "crypto/rsa.h"
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
@ -16,8 +16,8 @@

 /* Dispatch functions for AES_CBC_HMAC_SHA ciphers */

-/* Only for SSL3_VERSION and TLS1_VERSION */
-#include <openssl/ssl.h>
+/* For SSL3_VERSION and TLS1_VERSION */
+#include <openssl/prov_ssl.h>
 #include <openssl/proverr.h>
 #include "cipher_aes_cbc_hmac_sha.h"
 #include "prov/implementations.h"
--- a/providers/implementations/ciphers/ciphercommon.c
+++ b/providers/implementations/ciphers/ciphercommon.c
@ -12,7 +12,7 @@
 */

 /* For SSL3_VERSION */
-#include <openssl/ssl.h>
+#include <openssl/prov_ssl.h>
 #include <openssl/proverr.h>
 #include "ciphercommon_local.h"
 #include "prov/provider_ctx.h"
--- a/providers/implementations/ciphers/ciphercommon_block.c
+++ b/providers/implementations/ciphers/ciphercommon_block.c
@ -9,7 +9,7 @@

 #include <assert.h>
 /* For SSL3_VERSION, TLS1_VERSION etc */
-#include <openssl/ssl.h>
+#include <openssl/prov_ssl.h>
 #include <openssl/rand.h>
 #include <openssl/proverr.h>
 #include "internal/constant_time.h"