leviathan
/
openssl
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Rename FIPS_MODE to FIPS_MODULE

Browse Source 
This macro is used to determine if certain pieces of code should
become part of the FIPS module or not.  The old name was confusing.

Fixes #11538

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11539)
master
Richard Levitte 3 years ago
parent cf86057a1a
commit f844f9eb44
89 changed files with 458 additions and 458 deletions
Show Stats Download Patch File Download Diff File

4
crypto/bn/bn_conv.c
Unescape Escape View File

@ -46,8 +46,8 @@ char *BN_bn2hex(const BIGNUM *a)
return buf;
}
#ifndef FIPS_MODE
/* No BIO_snprintf in FIPS_MODE */
#ifndef FIPS_MODULE
/* No BIO_snprintf in FIPS_MODULE */
/* Must 'OPENSSL_free' the returned data */
char *BN_bn2dec(const BIGNUM *a)
{

10
crypto/bn/bn_ctx.c
Unescape Escape View File

@ -90,7 +90,7 @@ struct bignum_ctx {
OPENSSL_CTX *libctx;
};
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
/* Debugging functionality */
static void ctxdbg(BIO *channel, const char *text, BN_CTX *ctx)
{
@ -126,7 +126,7 @@ static void ctxdbg(BIO *channel, const char *text, BN_CTX *ctx)
#else
/* TODO(3.0): Consider if we want to do this in FIPS mode */
# define CTXDBG(str, ctx) do {} while(0)
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx)
{
@ -143,7 +143,7 @@ BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx)
return ret;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX *BN_CTX_new(void)
{
return BN_CTX_new_ex(NULL);
@ -159,7 +159,7 @@ BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx)
return ret;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX *BN_CTX_secure_new(void)
{
return BN_CTX_secure_new_ex(NULL);
@ -170,7 +170,7 @@ void BN_CTX_free(BN_CTX *ctx)
{
if (ctx == NULL)
return;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
OSSL_TRACE_BEGIN(BN_CTX) {
BN_POOL_ITEM *pool = ctx->pool.head;
BIO_printf(trc_out,

6
crypto/bn/bn_dh.c
Unescape Escape View File

@ -22,7 +22,7 @@
/* DH parameters from RFC3526 */
# ifndef FIPS_MODE
# ifndef FIPS_MODULE
/*
* "1536-bit MODP Group" from RFC3526, Section 2.
*
@ -60,7 +60,7 @@ static const BN_ULONG modp_1536_q[] = {
BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145),
BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF)
};
# endif /* FIPS_MODE */
# endif /* FIPS_MODULE */
/*-
* "2048-bit MODP Group" from RFC3526, Section 3.
@ -1037,7 +1037,7 @@ make_dh_bn(ffdhe6144_q)
make_dh_bn(ffdhe8192_p)
make_dh_bn(ffdhe8192_q)
# ifndef FIPS_MODE
# ifndef FIPS_MODULE
make_dh_bn(modp_1536_p)
make_dh_bn(modp_1536_q)
# endif

8
crypto/bn/bn_prime.c
Unescape Escape View File

@ -207,7 +207,7 @@ int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe,
return found;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
{
@ -265,7 +265,7 @@ static int bn_is_prime_int(const BIGNUM *w, int checks, BN_CTX *ctx,
int do_trial_division, BN_GENCB *cb)
{
int i, status, ret = -1;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX *ctxlocal = NULL;
#else
@ -301,7 +301,7 @@ static int bn_is_prime_int(const BIGNUM *w, int checks, BN_CTX *ctx,
if (!BN_GENCB_call(cb, 1, -1))
return -1;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (ctx == NULL && (ctxlocal = ctx = BN_CTX_new()) == NULL)
goto err;
#endif
@ -311,7 +311,7 @@ static int bn_is_prime_int(const BIGNUM *w, int checks, BN_CTX *ctx,
goto err;
ret = (status == BN_PRIMETEST_PROBABLY_PRIME);
err:
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX_free(ctxlocal);
#endif
return ret;

8
crypto/bn/bn_rand.c
Unescape Escape View File

@ -103,7 +103,7 @@ int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx)
{
return bnrand(NORMAL, rnd, bits, top, bottom, ctx);
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
{
return bnrand(NORMAL, rnd, bits, top, bottom, NULL);
@ -120,7 +120,7 @@ int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx)
return bnrand(PRIVATE, rnd, bits, top, bottom, ctx);
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom)
{
return bnrand(PRIVATE, rnd, bits, top, bottom, NULL);
@ -199,7 +199,7 @@ int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx)
return bnrand_range(NORMAL, r, range, ctx);
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int BN_rand_range(BIGNUM *r, const BIGNUM *range)
{
return bnrand_range(NORMAL, r, range, NULL);
@ -211,7 +211,7 @@ int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx)
return bnrand_range(PRIVATE, r, range, ctx);
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int BN_priv_rand_range(BIGNUM *r, const BIGNUM *range)
{
return bnrand_range(PRIVATE, r, range, NULL);

10
crypto/context.c
Unescape Escape View File

@ -39,7 +39,7 @@ struct openssl_ctx_st {
struct openssl_ctx_onfree_list_st *onfreelist;
};
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
static OPENSSL_CTX default_context_int;
/* Always points at default_context_int if it has been initialised */
@ -119,7 +119,7 @@ static int context_deinit(OPENSSL_CTX *ctx)
return 1;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
void openssl_ctx_default_deinit(void)
{
context_deinit(default_context);
@ -146,7 +146,7 @@ OPENSSL_CTX *OPENSSL_CTX_new(void)
return ctx;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int OPENSSL_CTX_load_config(OPENSSL_CTX *ctx, const char *config_file)
{
return CONF_modules_load_file_with_libctx(ctx, config_file, NULL, 0) > 0;
@ -162,7 +162,7 @@ void OPENSSL_CTX_free(OPENSSL_CTX *ctx)
OPENSSL_CTX *openssl_ctx_get_concrete(OPENSSL_CTX *ctx)
{
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (ctx == NULL) {
if (!RUN_ONCE(&default_context_init, do_default_context_init))
return 0;
@ -174,7 +174,7 @@ OPENSSL_CTX *openssl_ctx_get_concrete(OPENSSL_CTX *ctx)
int openssl_ctx_is_default(OPENSSL_CTX *ctx)
{
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (ctx == NULL || ctx == default_context)
return 1;
#endif

8
crypto/core_namemap.c
Unescape Escape View File

@ -136,7 +136,7 @@ int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap,
NAMENUM_ENTRY *namenum_entry, namenum_tmpl;
int number = 0;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (namemap == NULL)
namemap = ossl_namemap_stored(NULL);
#endif
@ -198,7 +198,7 @@ int ossl_namemap_add_name_n(OSSL_NAMEMAP *namemap, int number,
NAMENUM_ENTRY *namenum = NULL;
int tmp_number;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (namemap == NULL)
namemap = ossl_namemap_stored(NULL);
#endif
@ -309,7 +309,7 @@ int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number,
* ==============
*/
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
#include <openssl/evp.h>
/* Creates an initial namemap with names found in the legacy method db */
@ -366,7 +366,7 @@ OSSL_NAMEMAP *ossl_namemap_stored(OPENSSL_CTX *libctx)
openssl_ctx_get_data(libctx, OPENSSL_CTX_NAMEMAP_INDEX,
&stored_namemap_method);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (namemap != NULL && ossl_namemap_empty(namemap)) {
/* Before pilfering, we make sure the legacy database is populated */
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS

8
crypto/dh/dh_check.c
Unescape Escape View File

@ -44,7 +44,7 @@ int DH_check_params_ex(const DH *dh)
return errflags == 0;
}
#ifdef FIPS_MODE
#ifdef FIPS_MODULE
int DH_check_params(const DH *dh, int *ret)
{
int nid;
@ -102,7 +102,7 @@ int DH_check_params(const DH *dh, int *ret)
BN_CTX_free(ctx);
return ok;
}
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
/*-
* Check that p is a safe prime and
@ -140,7 +140,7 @@ int DH_check_ex(const DH *dh)
/* Note: according to documentation - this only checks the params */
int DH_check(const DH *dh, int *ret)
{
#ifdef FIPS_MODE
#ifdef FIPS_MODULE
return DH_check_params(dh, ret);
#else
int ok = 0, r;
@ -210,7 +210,7 @@ int DH_check(const DH *dh, int *ret)
BN_CTX_end(ctx);
BN_CTX_free(ctx);
return ok;
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
}
int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key)

18
crypto/dh/dh_gen.c
Unescape Escape View File

@ -30,10 +30,10 @@
#include "crypto/dh.h"
#include "dh_local.h"
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
BN_GENCB *cb);
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
int dh_generate_ffc_parameters(DH *dh, int type, int pbits,
int qbits, EVP_MD *md, BN_GENCB *cb)
@ -47,7 +47,7 @@ int dh_generate_ffc_parameters(DH *dh, int type, int pbits,
qbits = (pbits >= 2048 ? SHA256_DIGEST_LENGTH :
SHA_DIGEST_LENGTH) * 8;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (type == DH_PARAMGEN_TYPE_FIPS_186_2)
ret = ffc_params_FIPS186_2_generate(dh->libctx, &dh->params,
FFC_PARAM_TYPE_DH,
@ -96,7 +96,7 @@ int dh_get_named_group_uid_from_size(int pbits)
return nid;
}
#ifdef FIPS_MODE
#ifdef FIPS_MODULE
static int dh_gen_named_group(OPENSSL_CTX *libctx, DH *ret, int prime_len)
{
@ -116,12 +116,12 @@ static int dh_gen_named_group(OPENSSL_CTX *libctx, DH *ret, int prime_len)
DH_free(dh);
return ok;
}
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
BN_GENCB *cb)
{
#ifdef FIPS_MODE
#ifdef FIPS_MODULE
if (generator != 2)
return 0;
return dh_gen_named_group(ret->libctx, ret, prime_len);
@ -129,10 +129,10 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
if (ret->meth->generate_params)
return ret->meth->generate_params(ret, prime_len, generator, cb);
return dh_builtin_genparams(ret, prime_len, generator, cb);
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
/*-
* We generate DH parameters as follows
* find a prime p which is prime_len bits long,
@ -238,4 +238,4 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
BN_CTX_free(ctx);
return ok;
}
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */

4
crypto/dh/dh_group_params.c
Unescape Escape View File

@ -59,7 +59,7 @@ static const DH_NAMED_GROUP dh_named_groups[] = {
FFDHE(4096),
FFDHE(6144),
FFDHE(8192),
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
MODP(1536),
#endif
MODP(2048),
@ -71,7 +71,7 @@ static const DH_NAMED_GROUP dh_named_groups[] = {
* Additional dh named groups from RFC 5114 that have a different g.
* The uid can be any unique identifier.
*/
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
RFC5114("dh_1024_160", 1, 1024, 1024_160),
RFC5114("dh_2048_224", 2, 2048, 2048_224),
RFC5114("dh_2048_256", 3, 2048, 2048_256),

20
crypto/dh/dh_key.c
Unescape Escape View File

@ -20,7 +20,7 @@
#include "crypto/dh.h"
#include "crypto/security_bits.h"
#ifdef FIPS_MODE
#ifdef FIPS_MODULE
# define MIN_STRENGTH 112
#else
# define MIN_STRENGTH 80
@ -39,7 +39,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
BN_MONT_CTX *mont = NULL;
BIGNUM *tmp;
int ret = -1;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int check_result;
#endif
@ -74,7 +74,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
goto err;
}
/* TODO(3.0) : Solve in a PR related to Key validation for DH */
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) {
DHerr(0, DH_R_INVALID_PUBKEY);
goto err;
@ -95,7 +95,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
#ifdef FIPS_MODE
#ifdef FIPS_MODULE
return compute_key(key, pub_key, dh);
#else
return dh->meth->compute_key(key, pub_key, dh);
@ -106,7 +106,7 @@ int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
int rv, pad;
#ifdef FIPS_MODE
#ifdef FIPS_MODULE
rv = compute_key(key, pub_key, dh);
#else
rv = dh->meth->compute_key(key, pub_key, dh);
@ -166,16 +166,16 @@ static int dh_finish(DH *dh)
return 1;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
void DH_set_default_method(const DH_METHOD *meth)
{
default_DH_method = meth;
}
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
int DH_generate_key(DH *dh)
{
#ifdef FIPS_MODE
#ifdef FIPS_MODULE
return generate_key(dh);
#else
return dh->meth->generate_key(dh);
@ -214,7 +214,7 @@ static int generate_key(DH *dh)
{
int ok = 0;
int generate_new_key = 0;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
unsigned l;
#endif
BN_CTX *ctx = NULL;
@ -264,7 +264,7 @@ static int generate_key(DH *dh)
max_strength, priv_key))
goto err;
} else {
#ifdef FIPS_MODE
#ifdef FIPS_MODULE
if (dh->params.q == NULL)
goto err;
#else

30
crypto/dh/dh_lib.c
Unescape Escape View File

@ -26,7 +26,7 @@
static DH *dh_new_intern(ENGINE *engine, OPENSSL_CTX *libctx);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int DH_set_method(DH *dh, const DH_METHOD *meth)
{
/*
@ -61,7 +61,7 @@ DH *DH_new_method(ENGINE *engine)
{
return dh_new_intern(engine, NULL);
}
#endif /* !FIPS_MODE */
#endif /* !FIPS_MODULE */
DH *dh_new_with_libctx(OPENSSL_CTX *libctx)
{
@ -87,7 +87,7 @@ static DH *dh_new_intern(ENGINE *engine, OPENSSL_CTX *libctx)
ret->libctx = libctx;
ret->meth = DH_get_default_method();
#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE)
#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
ret->flags = ret->meth->flags; /* early default init */
if (engine) {
if (!ENGINE_init(engine)) {
@ -108,10 +108,10 @@ static DH *dh_new_intern(ENGINE *engine, OPENSSL_CTX *libctx)
ret->flags = ret->meth->flags;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data))
goto err;
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
DHerr(0, ERR_R_INIT_FAIL);
@ -140,7 +140,7 @@ void DH_free(DH *r)
if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
#if !defined(FIPS_MODE)
#if !defined(FIPS_MODULE)
# if !defined(OPENSSL_NO_ENGINE)
ENGINE_finish(r->engine);
# endif
@ -167,7 +167,7 @@ int DH_up_ref(DH *r)
return ((i > 1) ? 1 : 0);
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int DH_set_ex_data(DH *d, int idx, void *arg)
{
return CRYPTO_set_ex_data(&d->ex_data, idx, arg);
@ -310,12 +310,12 @@ void DH_set_flags(DH *dh, int flags)
dh->flags |= flags;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
ENGINE *DH_get0_engine(DH *dh)
{
return dh->engine;
}
#endif /*FIPS_MODE */
#endif /*FIPS_MODULE */
FFC_PARAMS *dh_get0_params(DH *dh)
{
@ -400,7 +400,7 @@ int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int typ)
if ((ret = dh_paramgen_check(ctx)) <= 0)
return ret;
#if !defined(FIPS_MODE)
#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
@ -426,7 +426,7 @@ int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int pbits)
if ((ret = dh_paramgen_check(ctx)) <= 0)
return ret;
#if !defined(FIPS_MODE)
#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
@ -447,7 +447,7 @@ int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int qbits)
if ((ret = dh_paramgen_check(ctx)) <= 0)
return ret;
#if !defined(FIPS_MODE)
#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
@ -468,7 +468,7 @@ int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen)
if ((ret = dh_paramgen_check(ctx)) <= 0)
return ret;
#if !defined(FIPS_MODE)
#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
@ -490,7 +490,7 @@ int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int gen)
if ((ret = dh_paramgen_check(ctx)) <= 0)
return ret;
#if !defined(FIPS_MODE)
#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN,
@ -520,7 +520,7 @@ int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid)
if ((ret = dh_paramgen_check(ctx)) <= 0)
return ret;
#if !defined(FIPS_MODE)
#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH,

2
crypto/dh/dh_local.h
Unescape Escape View File

@ -28,7 +28,7 @@ struct dh_st {
int flags;
BN_MONT_CTX *method_mont_p;
CRYPTO_REF_COUNT references;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
CRYPTO_EX_DATA ex_data;
ENGINE *engine;
#endif

10
crypto/dh/dh_pmeth.c
Unescape Escape View File

@ -306,7 +306,7 @@ static DH *ffc_params_generate(OPENSSL_CTX *libctx, DH_PKEY_CTX *dctx,
else
md = EVP_sha1();
}
# ifndef FIPS_MODE
# ifndef FIPS_MODULE
if (dctx->paramgen_type == DH_PARAMGEN_TYPE_FIPS_186_2)
rv = ffc_params_FIPS186_2_generate(libctx, &ret->params,
FFC_PARAM_TYPE_DH,
@ -346,7 +346,7 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx,
return 1;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (dctx->rfc5114_param) {
switch (dctx->rfc5114_param) {
case 1:
@ -367,7 +367,7 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx,
EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh);
return 1;
}
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
if (ctx->pkey_gencb != NULL) {
pcb = BN_GENCB_new();
@ -375,9 +375,9 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx,
return 0;
evp_pkey_set_cb_translate(pcb, ctx);
}
# ifdef FIPS_MODE
# ifdef FIPS_MODULE
dctx->paramgen_type = DH_PARAMGEN_TYPE_FIPS_186_4;
# endif /* FIPS_MODE */
# endif /* FIPS_MODULE */
if (dctx->paramgen_type >= DH_PARAMGEN_TYPE_FIPS_186_2) {
dh = ffc_params_generate(NULL, dctx, pcb);
BN_GENCB_free(pcb);

8
crypto/dsa/dsa_gen.c
Unescape Escape View File

@ -36,7 +36,7 @@ int dsa_generate_ffc_parameters(DSA *dsa, int type,
qbits = (pbits >= 2048 ? SHA256_DIGEST_LENGTH :
SHA_DIGEST_LENGTH) * 8;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (type == DSA_PARAMGEN_TYPE_FIPS_186_2)
ret = ffc_params_FIPS186_2_generate(dsa->libctx, &dsa->params,
FFC_PARAM_TYPE_DSA,
@ -51,13 +51,13 @@ int dsa_generate_ffc_parameters(DSA *dsa, int type,
return ret;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int DSA_generate_parameters_ex(DSA *dsa, int bits,
const unsigned char *seed_in, int seed_len,
int *counter_ret, unsigned long *h_ret,
BN_GENCB *cb)
{
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (dsa->meth->dsa_paramgen)
return dsa->meth->dsa_paramgen(dsa, bits, seed_in, seed_len,
counter_ret, h_ret, cb);
@ -66,7 +66,7 @@ int DSA_generate_parameters_ex(DSA *dsa, int bits,
&& !ffc_params_set_validate_params(&dsa->params, seed_in, seed_len, -1))
return 0;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
/* The old code used FIPS 186-2 DSA Parameter generation */
if (bits <= 1024 && seed_len == 20) {
if (!dsa_generate_ffc_parameters(dsa, DSA_PARAMGEN_TYPE_FIPS_186_2,

8
crypto/dsa/dsa_key.c
Unescape Escape View File

@ -21,7 +21,7 @@
#include "crypto/dsa.h"
#include "dsa_local.h"
#ifdef FIPS_MODE
#ifdef FIPS_MODULE
# define MIN_STRENGTH 112
#else
# define MIN_STRENGTH 80
@ -32,7 +32,7 @@ static int dsa_keygen_pairwise_test(DSA *dsa, OSSL_CALLBACK *cb, void *cbarg);
int DSA_generate_key(DSA *dsa)
{
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (dsa->meth->dsa_keygen != NULL)
return dsa->meth->dsa_keygen(dsa);
#endif
@ -96,9 +96,9 @@ static int dsa_keygen(DSA *dsa, int pairwise_test)
dsa->priv_key = priv_key;
dsa->pub_key = pub_key;
#ifdef FIPS_MODE
#ifdef FIPS_MODULE
pairwise_test = 1;
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
ok = 1;
if (pairwise_test) {

22
crypto/dsa/dsa_lib.c
Unescape Escape View File

@ -27,7 +27,7 @@
static DSA *dsa_new_intern(ENGINE *engine, OPENSSL_CTX *libctx);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int DSA_set_ex_data(DSA *d, int idx, void *arg)
{
@ -124,7 +124,7 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
meth->init(dsa);
return 1;
}
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
const DSA_METHOD *DSA_get_method(DSA *d)
@ -151,7 +151,7 @@ static DSA *dsa_new_intern(ENGINE *engine, OPENSSL_CTX *libctx)
ret->libctx = libctx;
ret->meth = DSA_get_default_method();
#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE)
#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; /* early default init */
if (engine) {
if (!ENGINE_init(engine)) {
@ -172,7 +172,7 @@ static DSA *dsa_new_intern(ENGINE *engine, OPENSSL_CTX *libctx)
ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (!crypto_new_ex_data_ex(libctx, CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data))
goto err;
#endif
@ -199,7 +199,7 @@ DSA *dsa_new_with_ctx(OPENSSL_CTX *libctx)
return dsa_new_intern(NULL, libctx);
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
DSA *DSA_new(void)
{
return dsa_new_intern(NULL, NULL);
@ -221,11 +221,11 @@ void DSA_free(DSA *r)
if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE)
#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
ENGINE_finish(r->engine);
#endif
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
#endif
@ -430,7 +430,7 @@ int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits)
if ((ret = dsa_paramgen_check(ctx)) <= 0)
return ret;
#if !defined(FIPS_MODE)
#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
@ -452,7 +452,7 @@ int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits)
if ((ret = dsa_paramgen_check(ctx)) <= 0)
return ret;
#if !defined(FIPS_MODE)
#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
@ -475,7 +475,7 @@ int EVP_PKEY_CTX_set_dsa_paramgen_md_props(EVP_PKEY_CTX *ctx,
if ((ret = dsa_paramgen_check(ctx)) <= 0)
return ret;
#if !defined(FIPS_MODE)
#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL) {
const EVP_MD *md = EVP_get_digestbyname(md_name);
@ -495,7 +495,7 @@ int EVP_PKEY_CTX_set_dsa_paramgen_md_props(EVP_PKEY_CTX *ctx,
return EVP_PKEY_CTX_set_params(ctx, params);
}
#if !defined(FIPS_MODE)
#if !defined(FIPS_MODULE)
int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
{
const char *md_name = (md == NULL) ? "" : EVP_MD_name(md);

2
crypto/dsa/dsa_local.h
Unescape Escape View File

@ -25,7 +25,7 @@ struct dsa_st {
/* Normally used to cache montgomery values */
BN_MONT_CTX *method_mont_p;
CRYPTO_REF_COUNT references;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
CRYPTO_EX_DATA ex_data;
#endif
const DSA_METHOD *meth;

4
crypto/dsa/dsa_ossl.c
Unescape Escape View File

@ -50,12 +50,12 @@ static DSA_METHOD openssl_dsa_meth = {
static const DSA_METHOD *default_DSA_method = &openssl_dsa_meth;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
void DSA_set_default_method(const DSA_METHOD *meth)
{
default_DSA_method = meth;
}
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
const DSA_METHOD *DSA_get_default_method(void)
{

20
crypto/ec/ec2_oct.c
Unescape Escape View File

@ -43,7 +43,7 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,
{
BIGNUM *tmp, *x, *y, *z;
int ret = 0, z0;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
/* clear error queue */
@ -81,7 +81,7 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,
if (!BN_GF2m_add(tmp, x, tmp))
goto err;
if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx)) {
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
unsigned long err = ERR_peek_last_error();
if (ERR_GET_LIB(err) == ERR_LIB_BN
@ -113,7 +113,7 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;
@ -132,7 +132,7 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
int used_ctx = 0;
BIGNUM *x, *y, *yxi;
size_t field_len, i, skip;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
#endif
@ -168,7 +168,7 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
goto err;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
@ -236,7 +236,7 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
if (used_ctx)
BN_CTX_end(ctx);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;
@ -244,7 +244,7 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
err:
if (used_ctx)
BN_CTX_end(ctx);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return 0;
@ -263,7 +263,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
BIGNUM *x, *y, *yxi;
size_t field_len, enc_len;
int ret = 0;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
#endif
@ -305,7 +305,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
return 0;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
@ -358,7 +358,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;

28
crypto/ec/ec2_smpl.c
Unescape Escape View File

@ -182,7 +182,7 @@ int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group,
{
int ret = 0;
BIGNUM *b;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
if (ctx == NULL) {
@ -213,7 +213,7 @@ int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group,
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;
@ -361,7 +361,7 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
{
BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t;
int ret = 0;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
#endif
@ -377,7 +377,7 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
return 1;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
@ -467,7 +467,7 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;
@ -514,7 +514,7 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
const BIGNUM *, BN_CTX *);
int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
#endif
@ -528,7 +528,7 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
if (!point->Z_is_one)
return -1;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
@ -566,7 +566,7 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;
@ -584,7 +584,7 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
{
BIGNUM *aX, *aY, *bX, *bY;
int ret = -1;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
#endif
@ -599,7 +599,7 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
return ((BN_cmp(a->X, b->X) == 0) && BN_cmp(a->Y, b->Y) == 0) ? 0 : 1;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
@ -623,7 +623,7 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;
@ -635,14 +635,14 @@ int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
{
BIGNUM *x, *y;
int ret = 0;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
#endif
if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
return 1;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
@ -670,7 +670,7 @@ int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;

4
crypto/ec/ec_asn1.c
Unescape Escape View File

@ -21,7 +21,7 @@
#include "internal/nelem.h"
#include "crypto/asn1_dsa.h"
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int EC_GROUP_get_basis_type(const EC_GROUP *group)
{
@ -1237,7 +1237,7 @@ int i2o_ECPublicKey(const EC_KEY *a, unsigned char **out)
DECLARE_ASN1_FUNCTIONS(ECDSA_SIG)
DECLARE_ASN1_ENCODE_FUNCTIONS_name(ECDSA_SIG, ECDSA_SIG)
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
ECDSA_SIG *ECDSA_SIG_new(void)
{

4
crypto/ec/ec_check.c
Unescape Escape View File

@ -45,7 +45,7 @@ int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only,
int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
{
#ifdef FIPS_MODE
#ifdef FIPS_MODULE
/*
* ECC domain parameter validation.
* See SP800-56A R3 5.5.2 "Assurances of Domain-Parameter Validity" Part 1b.
@ -114,5 +114,5 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
BN_CTX_free(new_ctx);
EC_POINT_free(point);
return ret;
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
}

2
crypto/ec/ec_ctrl.c
Unescape Escape View File

@ -463,7 +463,7 @@ int EVP_PKEY_CTX_get_ec_paramgen_curve_name(EVP_PKEY_CTX *ctx,
return 1;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid)
{
if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) {

42
crypto/ec/ec_curve.c
Unescape Escape View File

@ -200,7 +200,7 @@ static const struct {
}
};
# ifndef FIPS_MODE
# ifndef FIPS_MODULE
/* the x9.62 prime curves (minus the nist prime curves) */
static const struct {
EC_CURVE_DATA h;
@ -379,7 +379,7 @@ static const struct {
0x43, 0x21, 0x46, 0x52, 0x65, 0x51
}
};
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
static const struct {
EC_CURVE_DATA h;
@ -419,7 +419,7 @@ static const struct {
}
};
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
/* the secg prime curves (minus the nist and x9.62 prime curves) */
static const struct {
EC_CURVE_DATA h;
@ -841,13 +841,13 @@ static const struct {
0x5C, 0x5C, 0x2A, 0x3D
}
};
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
#ifndef OPENSSL_NO_EC2M
/* characteristic two curves */
# ifndef FIPS_MODE
# ifndef FIPS_MODULE
static const struct {
EC_CURVE_DATA h;
unsigned char data[20 + 15 * 6];
@ -975,7 +975,7 @@ static const struct {
0x33, 0x04, 0x9B, 0xA9, 0x8F
}
};
# endif /* FIPS_MODE */
# endif /* FIPS_MODULE */
static const struct {
EC_CURVE_DATA h;
@ -1007,7 +1007,7 @@ static const struct {
}
};
# ifndef FIPS_MODE
# ifndef FIPS_MODULE
static const struct {
EC_CURVE_DATA h;
unsigned char data[0 + 21 * 6];
@ -1036,7 +1036,7 @@ static const struct {
0xAA, 0xB6, 0x89, 0xC2, 0x9C, 0xA7, 0x10, 0x27, 0x9B
}
};
# endif /* FIPS_MODE */
# endif /* FIPS_MODULE */
static const struct {
EC_CURVE_DATA h;
@ -1067,7 +1067,7 @@ static const struct {
}
};
# ifndef FIPS_MODE
# ifndef FIPS_MODULE
static const struct {
EC_CURVE_DATA h;
unsigned char data[20 + 25 * 6];
@ -1143,7 +1143,7 @@ static const struct {
0xD5
}
};
# endif /* FIPS_MODE */
# endif /* FIPS_MODULE */
static const struct {
EC_CURVE_DATA h;
@ -1219,7 +1219,7 @@ static const struct {
}
};
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
static const struct {
EC_CURVE_DATA h;
unsigned char data[0 + 30 * 6];
@ -1255,7 +1255,7 @@ static const struct {
0x1D, 0xA8, 0x00, 0xE4, 0x78, 0xA5
}
};
# endif /* FIPS_MODE */
# endif /* FIPS_MODULE */
static const struct {
EC_CURVE_DATA h;
@ -1539,7 +1539,7 @@ static const struct {
}
};
# ifndef FIPS_MODE
# ifndef FIPS_MODULE
static const struct {
EC_CURVE_DATA h;