Browse Source

Rename FIPS_MODE to FIPS_MODULE

This macro is used to determine if certain pieces of code should
become part of the FIPS module or not.  The old name was confusing.

Fixes #11538

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11539)
master
Richard Levitte 2 years ago
parent
commit
f844f9eb44
89 changed files with 458 additions and 458 deletions
  1. +2
    -2
      crypto/bn/bn_conv.c
  2. +5
    -5
      crypto/bn/bn_ctx.c
  3. +3
    -3
      crypto/bn/bn_dh.c
  4. +4
    -4
      crypto/bn/bn_prime.c
  5. +4
    -4
      crypto/bn/bn_rand.c
  6. +5
    -5
      crypto/context.c
  7. +4
    -4
      crypto/core_namemap.c
  8. +4
    -4
      crypto/dh/dh_check.c
  9. +9
    -9
      crypto/dh/dh_gen.c
  10. +2
    -2
      crypto/dh/dh_group_params.c
  11. +10
    -10
      crypto/dh/dh_key.c
  12. +15
    -15
      crypto/dh/dh_lib.c
  13. +1
    -1
      crypto/dh/dh_local.h
  14. +5
    -5
      crypto/dh/dh_pmeth.c
  15. +4
    -4
      crypto/dsa/dsa_gen.c
  16. +4
    -4
      crypto/dsa/dsa_key.c
  17. +11
    -11
      crypto/dsa/dsa_lib.c
  18. +1
    -1
      crypto/dsa/dsa_local.h
  19. +2
    -2
      crypto/dsa/dsa_ossl.c
  20. +10
    -10
      crypto/ec/ec2_oct.c
  21. +14
    -14
      crypto/ec/ec2_smpl.c
  22. +2
    -2
      crypto/ec/ec_asn1.c
  23. +2
    -2
      crypto/ec/ec_check.c
  24. +1
    -1
      crypto/ec/ec_ctrl.c
  25. +21
    -21
      crypto/ec/ec_curve.c
  26. +9
    -9
      crypto/ec/ec_key.c
  27. +4
    -4
      crypto/ec/ec_kmeth.c
  28. +12
    -12
      crypto/ec/ec_lib.c
  29. +1
    -1
      crypto/ec/ec_local.h
  30. +3
    -3
      crypto/ec/ec_mult.c
  31. +5
    -5
      crypto/ec/ecp_nistp224.c
  32. +5
    -5
      crypto/ec/ecp_nistp256.c
  33. +5
    -5
      crypto/ec/ecp_nistp521.c
  34. +2
    -2
      crypto/ec/ecp_oct.c
  35. +14
    -14
      crypto/evp/digest.c
  36. +5
    -5
      crypto/evp/e_aes.c
  37. +12
    -12
      crypto/evp/evp_enc.c
  38. +2
    -2
      crypto/evp/evp_fetch.c
  39. +7
    -7
      crypto/evp/evp_lib.c
  40. +2
    -2
      crypto/evp/exchange.c
  41. +3
    -3
      crypto/evp/m_sigver.c
  42. +27
    -27
      crypto/evp/p_lib.c
  43. +3
    -3
      crypto/evp/pmeth_check.c
  44. +8
    -8
      crypto/evp/pmeth_gn.c
  45. +12
    -12
      crypto/evp/pmeth_lib.c
  46. +3
    -3
      crypto/ffc/ffc_params.c
  47. +1
    -1
      crypto/ffc/ffc_params_generate.c
  48. +9
    -9
      crypto/initthread.c
  49. +2
    -2
      crypto/mem.c
  50. +2
    -2
      crypto/ppccap.c
  51. +1
    -1
      crypto/property/property.c
  52. +21
    -21
      crypto/provider_core.c
  53. +1
    -1
      crypto/provider_predefined.c
  54. +1
    -1
      crypto/rand/drbg_ctr.c
  55. +6
    -6
      crypto/rand/drbg_lib.c
  56. +8
    -8
      crypto/rand/rand_lib.c
  57. +1
    -1
      crypto/rand/rand_local.h
  58. +3
    -3
      crypto/rand/rand_unix.c
  59. +1
    -1
      crypto/rand/rand_win.c
  60. +5
    -5
      crypto/rsa/rsa_chk.c
  61. +4
    -4
      crypto/rsa/rsa_gen.c
  62. +21
    -21
      crypto/rsa/rsa_lib.c
  63. +1
    -1
      crypto/rsa/rsa_local.h
  64. +3
    -3
      crypto/rsa/rsa_mp_names.c
  65. +3
    -3
      crypto/rsa/rsa_oaep.c
  66. +11
    -11
      crypto/rsa/rsa_ossl.c
  67. +1
    -1
      crypto/rsa/rsa_pk1.c
  68. +10
    -10
      crypto/rsa/rsa_sign.c
  69. +2
    -2
      crypto/rsa/rsa_sp800_56b_check.c
  70. +2
    -2
      crypto/self_test_core.c
  71. +2
    -2
      crypto/threads_pthread.c
  72. +6
    -6
      include/crypto/evp.h
  73. +2
    -2
      include/internal/ffc.h
  74. +2
    -2
      include/internal/thread_once.h
  75. +4
    -4
      providers/build.info
  76. +1
    -1
      providers/common/der/der_rsa.c.in
  77. +4
    -4
      providers/common/provider_util.c
  78. +1
    -1
      providers/fips/fipsprov.c
  79. +2
    -2
      providers/implementations/ciphers/cipher_aes_xts_fips.c
  80. +4
    -4
      providers/implementations/exchange/ecdh_exch.c
  81. +2
    -2
      providers/implementations/include/prov/implementations.h
  82. +2
    -2
      providers/implementations/kdfs/pbkdf2_fips.c
  83. +1
    -1
      providers/implementations/keymgmt/rsa_kmgmt.c
  84. +2
    -2
      providers/implementations/signature/rsa.c
  85. +4
    -4
      test/aesgcmtest.c
  86. +1
    -1
      test/drbg_cavs_test.c
  87. +5
    -5
      test/drbgtest.c
  88. +2
    -2
      test/ecdsatest.c
  89. +2
    -2
      test/evp_extra_test.c

+ 2
- 2
crypto/bn/bn_conv.c View File

@ -46,8 +46,8 @@ char *BN_bn2hex(const BIGNUM *a)
return buf;
}
#ifndef FIPS_MODE
/* No BIO_snprintf in FIPS_MODE */
#ifndef FIPS_MODULE
/* No BIO_snprintf in FIPS_MODULE */
/* Must 'OPENSSL_free' the returned data */
char *BN_bn2dec(const BIGNUM *a)
{


+ 5
- 5
crypto/bn/bn_ctx.c View File

@ -90,7 +90,7 @@ struct bignum_ctx {
OPENSSL_CTX *libctx;
};
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
/* Debugging functionality */
static void ctxdbg(BIO *channel, const char *text, BN_CTX *ctx)
{
@ -126,7 +126,7 @@ static void ctxdbg(BIO *channel, const char *text, BN_CTX *ctx)
#else
/* TODO(3.0): Consider if we want to do this in FIPS mode */
# define CTXDBG(str, ctx) do {} while(0)
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx)
{
@ -143,7 +143,7 @@ BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx)
return ret;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX *BN_CTX_new(void)
{
return BN_CTX_new_ex(NULL);
@ -159,7 +159,7 @@ BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx)
return ret;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX *BN_CTX_secure_new(void)
{
return BN_CTX_secure_new_ex(NULL);
@ -170,7 +170,7 @@ void BN_CTX_free(BN_CTX *ctx)
{
if (ctx == NULL)
return;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
OSSL_TRACE_BEGIN(BN_CTX) {
BN_POOL_ITEM *pool = ctx->pool.head;
BIO_printf(trc_out,


+ 3
- 3
crypto/bn/bn_dh.c View File

@ -22,7 +22,7 @@
/* DH parameters from RFC3526 */
# ifndef FIPS_MODE
# ifndef FIPS_MODULE
/*
* "1536-bit MODP Group" from RFC3526, Section 2.
*
@ -60,7 +60,7 @@ static const BN_ULONG modp_1536_q[] = {
BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145),
BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF)
};
# endif /* FIPS_MODE */
# endif /* FIPS_MODULE */
/*-
* "2048-bit MODP Group" from RFC3526, Section 3.
@ -1037,7 +1037,7 @@ make_dh_bn(ffdhe6144_q)
make_dh_bn(ffdhe8192_p)
make_dh_bn(ffdhe8192_q)
# ifndef FIPS_MODE
# ifndef FIPS_MODULE
make_dh_bn(modp_1536_p)
make_dh_bn(modp_1536_q)
# endif


+ 4
- 4
crypto/bn/bn_prime.c View File

@ -207,7 +207,7 @@ int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe,
return found;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
{
@ -265,7 +265,7 @@ static int bn_is_prime_int(const BIGNUM *w, int checks, BN_CTX *ctx,
int do_trial_division, BN_GENCB *cb)
{
int i, status, ret = -1;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX *ctxlocal = NULL;
#else
@ -301,7 +301,7 @@ static int bn_is_prime_int(const BIGNUM *w, int checks, BN_CTX *ctx,
if (!BN_GENCB_call(cb, 1, -1))
return -1;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (ctx == NULL && (ctxlocal = ctx = BN_CTX_new()) == NULL)
goto err;
#endif
@ -311,7 +311,7 @@ static int bn_is_prime_int(const BIGNUM *w, int checks, BN_CTX *ctx,
goto err;
ret = (status == BN_PRIMETEST_PROBABLY_PRIME);
err:
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX_free(ctxlocal);
#endif
return ret;


+ 4
- 4
crypto/bn/bn_rand.c View File

@ -103,7 +103,7 @@ int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx)
{
return bnrand(NORMAL, rnd, bits, top, bottom, ctx);
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
{
return bnrand(NORMAL, rnd, bits, top, bottom, NULL);
@ -120,7 +120,7 @@ int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx)
return bnrand(PRIVATE, rnd, bits, top, bottom, ctx);
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom)
{
return bnrand(PRIVATE, rnd, bits, top, bottom, NULL);
@ -199,7 +199,7 @@ int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx)
return bnrand_range(NORMAL, r, range, ctx);
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int BN_rand_range(BIGNUM *r, const BIGNUM *range)
{
return bnrand_range(NORMAL, r, range, NULL);
@ -211,7 +211,7 @@ int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx)
return bnrand_range(PRIVATE, r, range, ctx);
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int BN_priv_rand_range(BIGNUM *r, const BIGNUM *range)
{
return bnrand_range(PRIVATE, r, range, NULL);


+ 5
- 5
crypto/context.c View File

@ -39,7 +39,7 @@ struct openssl_ctx_st {
struct openssl_ctx_onfree_list_st *onfreelist;
};
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
static OPENSSL_CTX default_context_int;
/* Always points at default_context_int if it has been initialised */
@ -119,7 +119,7 @@ static int context_deinit(OPENSSL_CTX *ctx)
return 1;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
void openssl_ctx_default_deinit(void)
{
context_deinit(default_context);
@ -146,7 +146,7 @@ OPENSSL_CTX *OPENSSL_CTX_new(void)
return ctx;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int OPENSSL_CTX_load_config(OPENSSL_CTX *ctx, const char *config_file)
{
return CONF_modules_load_file_with_libctx(ctx, config_file, NULL, 0) > 0;
@ -162,7 +162,7 @@ void OPENSSL_CTX_free(OPENSSL_CTX *ctx)
OPENSSL_CTX *openssl_ctx_get_concrete(OPENSSL_CTX *ctx)
{
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (ctx == NULL) {
if (!RUN_ONCE(&default_context_init, do_default_context_init))
return 0;
@ -174,7 +174,7 @@ OPENSSL_CTX *openssl_ctx_get_concrete(OPENSSL_CTX *ctx)
int openssl_ctx_is_default(OPENSSL_CTX *ctx)
{
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (ctx == NULL || ctx == default_context)
return 1;
#endif


+ 4
- 4
crypto/core_namemap.c View File

@ -136,7 +136,7 @@ int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap,
NAMENUM_ENTRY *namenum_entry, namenum_tmpl;
int number = 0;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (namemap == NULL)
namemap = ossl_namemap_stored(NULL);
#endif
@ -198,7 +198,7 @@ int ossl_namemap_add_name_n(OSSL_NAMEMAP *namemap, int number,
NAMENUM_ENTRY *namenum = NULL;
int tmp_number;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (namemap == NULL)
namemap = ossl_namemap_stored(NULL);
#endif
@ -309,7 +309,7 @@ int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number,
* ==============
*/
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
#include <openssl/evp.h>
/* Creates an initial namemap with names found in the legacy method db */
@ -366,7 +366,7 @@ OSSL_NAMEMAP *ossl_namemap_stored(OPENSSL_CTX *libctx)
openssl_ctx_get_data(libctx, OPENSSL_CTX_NAMEMAP_INDEX,
&stored_namemap_method);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (namemap != NULL && ossl_namemap_empty(namemap)) {
/* Before pilfering, we make sure the legacy database is populated */
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS


+ 4
- 4
crypto/dh/dh_check.c View File

@ -44,7 +44,7 @@ int DH_check_params_ex(const DH *dh)
return errflags == 0;
}
#ifdef FIPS_MODE
#ifdef FIPS_MODULE
int DH_check_params(const DH *dh, int *ret)
{
int nid;
@ -102,7 +102,7 @@ int DH_check_params(const DH *dh, int *ret)
BN_CTX_free(ctx);
return ok;
}
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
/*-
* Check that p is a safe prime and
@ -140,7 +140,7 @@ int DH_check_ex(const DH *dh)
/* Note: according to documentation - this only checks the params */
int DH_check(const DH *dh, int *ret)
{
#ifdef FIPS_MODE
#ifdef FIPS_MODULE
return DH_check_params(dh, ret);
#else
int ok = 0, r;
@ -210,7 +210,7 @@ int DH_check(const DH *dh, int *ret)
BN_CTX_end(ctx);
BN_CTX_free(ctx);
return ok;
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
}
int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key)


+ 9
- 9
crypto/dh/dh_gen.c View File

@ -30,10 +30,10 @@
#include "crypto/dh.h"
#include "dh_local.h"
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
BN_GENCB *cb);
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
int dh_generate_ffc_parameters(DH *dh, int type, int pbits,
int qbits, EVP_MD *md, BN_GENCB *cb)
@ -47,7 +47,7 @@ int dh_generate_ffc_parameters(DH *dh, int type, int pbits,
qbits = (pbits >= 2048 ? SHA256_DIGEST_LENGTH :
SHA_DIGEST_LENGTH) * 8;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (type == DH_PARAMGEN_TYPE_FIPS_186_2)
ret = ffc_params_FIPS186_2_generate(dh->libctx, &dh->params,
FFC_PARAM_TYPE_DH,
@ -96,7 +96,7 @@ int dh_get_named_group_uid_from_size(int pbits)
return nid;
}
#ifdef FIPS_MODE
#ifdef FIPS_MODULE
static int dh_gen_named_group(OPENSSL_CTX *libctx, DH *ret, int prime_len)
{
@ -116,12 +116,12 @@ static int dh_gen_named_group(OPENSSL_CTX *libctx, DH *ret, int prime_len)
DH_free(dh);
return ok;
}
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
BN_GENCB *cb)
{
#ifdef FIPS_MODE
#ifdef FIPS_MODULE
if (generator != 2)
return 0;
return dh_gen_named_group(ret->libctx, ret, prime_len);
@ -129,10 +129,10 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
if (ret->meth->generate_params)
return ret->meth->generate_params(ret, prime_len, generator, cb);
return dh_builtin_genparams(ret, prime_len, generator, cb);
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
/*-
* We generate DH parameters as follows
* find a prime p which is prime_len bits long,
@ -238,4 +238,4 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
BN_CTX_free(ctx);
return ok;
}
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */

+ 2
- 2
crypto/dh/dh_group_params.c View File

@ -59,7 +59,7 @@ static const DH_NAMED_GROUP dh_named_groups[] = {
FFDHE(4096),
FFDHE(6144),
FFDHE(8192),
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
MODP(1536),
#endif
MODP(2048),
@ -71,7 +71,7 @@ static const DH_NAMED_GROUP dh_named_groups[] = {
* Additional dh named groups from RFC 5114 that have a different g.
* The uid can be any unique identifier.
*/
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
RFC5114("dh_1024_160", 1, 1024, 1024_160),
RFC5114("dh_2048_224", 2, 2048, 2048_224),
RFC5114("dh_2048_256", 3, 2048, 2048_256),


+ 10
- 10
crypto/dh/dh_key.c View File

@ -20,7 +20,7 @@
#include "crypto/dh.h"
#include "crypto/security_bits.h"
#ifdef FIPS_MODE
#ifdef FIPS_MODULE
# define MIN_STRENGTH 112
#else
# define MIN_STRENGTH 80
@ -39,7 +39,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
BN_MONT_CTX *mont = NULL;
BIGNUM *tmp;
int ret = -1;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int check_result;
#endif
@ -74,7 +74,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
goto err;
}
/* TODO(3.0) : Solve in a PR related to Key validation for DH */
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) {
DHerr(0, DH_R_INVALID_PUBKEY);
goto err;
@ -95,7 +95,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
#ifdef FIPS_MODE
#ifdef FIPS_MODULE
return compute_key(key, pub_key, dh);
#else
return dh->meth->compute_key(key, pub_key, dh);
@ -106,7 +106,7 @@ int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
int rv, pad;
#ifdef FIPS_MODE
#ifdef FIPS_MODULE
rv = compute_key(key, pub_key, dh);
#else
rv = dh->meth->compute_key(key, pub_key, dh);
@ -166,16 +166,16 @@ static int dh_finish(DH *dh)
return 1;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
void DH_set_default_method(const DH_METHOD *meth)
{
default_DH_method = meth;
}
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
int DH_generate_key(DH *dh)
{
#ifdef FIPS_MODE
#ifdef FIPS_MODULE
return generate_key(dh);
#else
return dh->meth->generate_key(dh);
@ -214,7 +214,7 @@ static int generate_key(DH *dh)
{
int ok = 0;
int generate_new_key = 0;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
unsigned l;
#endif
BN_CTX *ctx = NULL;
@ -264,7 +264,7 @@ static int generate_key(DH *dh)
max_strength, priv_key))
goto err;
} else {
#ifdef FIPS_MODE
#ifdef FIPS_MODULE
if (dh->params.q == NULL)
goto err;
#else


+ 15
- 15
crypto/dh/dh_lib.c View File

@ -26,7 +26,7 @@
static DH *dh_new_intern(ENGINE *engine, OPENSSL_CTX *libctx);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int DH_set_method(DH *dh, const DH_METHOD *meth)
{
/*
@ -61,7 +61,7 @@ DH *DH_new_method(ENGINE *engine)
{
return dh_new_intern(engine, NULL);
}
#endif /* !FIPS_MODE */
#endif /* !FIPS_MODULE */
DH *dh_new_with_libctx(OPENSSL_CTX *libctx)
{
@ -87,7 +87,7 @@ static DH *dh_new_intern(ENGINE *engine, OPENSSL_CTX *libctx)
ret->libctx = libctx;
ret->meth = DH_get_default_method();
#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE)
#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
ret->flags = ret->meth->flags; /* early default init */
if (engine) {
if (!ENGINE_init(engine)) {
@ -108,10 +108,10 @@ static DH *dh_new_intern(ENGINE *engine, OPENSSL_CTX *libctx)
ret->flags = ret->meth->flags;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data))
goto err;
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
DHerr(0, ERR_R_INIT_FAIL);
@ -140,7 +140,7 @@ void DH_free(DH *r)
if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
#if !defined(FIPS_MODE)
#if !defined(FIPS_MODULE)
# if !defined(OPENSSL_NO_ENGINE)
ENGINE_finish(r->engine);
# endif
@ -167,7 +167,7 @@ int DH_up_ref(DH *r)
return ((i > 1) ? 1 : 0);
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int DH_set_ex_data(DH *d, int idx, void *arg)
{
return CRYPTO_set_ex_data(&d->ex_data, idx, arg);
@ -310,12 +310,12 @@ void DH_set_flags(DH *dh, int flags)
dh->flags |= flags;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
ENGINE *DH_get0_engine(DH *dh)
{
return dh->engine;
}
#endif /*FIPS_MODE */
#endif /*FIPS_MODULE */
FFC_PARAMS *dh_get0_params(DH *dh)
{
@ -400,7 +400,7 @@ int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int typ)
if ((ret = dh_paramgen_check(ctx)) <= 0)
return ret;
#if !defined(FIPS_MODE)
#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
@ -426,7 +426,7 @@ int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int pbits)
if ((ret = dh_paramgen_check(ctx)) <= 0)
return ret;
#if !defined(FIPS_MODE)
#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
@ -447,7 +447,7 @@ int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int qbits)
if ((ret = dh_paramgen_check(ctx)) <= 0)
return ret;
#if !defined(FIPS_MODE)
#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
@ -468,7 +468,7 @@ int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen)
if ((ret = dh_paramgen_check(ctx)) <= 0)
return ret;
#if !defined(FIPS_MODE)
#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
@ -490,7 +490,7 @@ int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int gen)
if ((ret = dh_paramgen_check(ctx)) <= 0)
return ret;
#if !defined(FIPS_MODE)
#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN,
@ -520,7 +520,7 @@ int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid)
if ((ret = dh_paramgen_check(ctx)) <= 0)
return ret;
#if !defined(FIPS_MODE)
#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH,


+ 1
- 1
crypto/dh/dh_local.h View File

@ -28,7 +28,7 @@ struct dh_st {
int flags;
BN_MONT_CTX *method_mont_p;
CRYPTO_REF_COUNT references;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
CRYPTO_EX_DATA ex_data;
ENGINE *engine;
#endif


+ 5
- 5
crypto/dh/dh_pmeth.c View File

@ -306,7 +306,7 @@ static DH *ffc_params_generate(OPENSSL_CTX *libctx, DH_PKEY_CTX *dctx,
else
md = EVP_sha1();
}
# ifndef FIPS_MODE
# ifndef FIPS_MODULE
if (dctx->paramgen_type == DH_PARAMGEN_TYPE_FIPS_186_2)
rv = ffc_params_FIPS186_2_generate(libctx, &ret->params,
FFC_PARAM_TYPE_DH,
@ -346,7 +346,7 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx,
return 1;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (dctx->rfc5114_param) {
switch (dctx->rfc5114_param) {
case 1:
@ -367,7 +367,7 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx,
EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh);
return 1;
}
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
if (ctx->pkey_gencb != NULL) {
pcb = BN_GENCB_new();
@ -375,9 +375,9 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx,
return 0;
evp_pkey_set_cb_translate(pcb, ctx);
}
# ifdef FIPS_MODE
# ifdef FIPS_MODULE
dctx->paramgen_type = DH_PARAMGEN_TYPE_FIPS_186_4;
# endif /* FIPS_MODE */
# endif /* FIPS_MODULE */
if (dctx->paramgen_type >= DH_PARAMGEN_TYPE_FIPS_186_2) {
dh = ffc_params_generate(NULL, dctx, pcb);
BN_GENCB_free(pcb);


+ 4
- 4
crypto/dsa/dsa_gen.c View File

@ -36,7 +36,7 @@ int dsa_generate_ffc_parameters(DSA *dsa, int type,
qbits = (pbits >= 2048 ? SHA256_DIGEST_LENGTH :
SHA_DIGEST_LENGTH) * 8;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (type == DSA_PARAMGEN_TYPE_FIPS_186_2)
ret = ffc_params_FIPS186_2_generate(dsa->libctx, &dsa->params,
FFC_PARAM_TYPE_DSA,
@ -51,13 +51,13 @@ int dsa_generate_ffc_parameters(DSA *dsa, int type,
return ret;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int DSA_generate_parameters_ex(DSA *dsa, int bits,
const unsigned char *seed_in, int seed_len,
int *counter_ret, unsigned long *h_ret,
BN_GENCB *cb)
{
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (dsa->meth->dsa_paramgen)
return dsa->meth->dsa_paramgen(dsa, bits, seed_in, seed_len,
counter_ret, h_ret, cb);
@ -66,7 +66,7 @@ int DSA_generate_parameters_ex(DSA *dsa, int bits,
&& !ffc_params_set_validate_params(&dsa->params, seed_in, seed_len, -1))
return 0;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
/* The old code used FIPS 186-2 DSA Parameter generation */
if (bits <= 1024 && seed_len == 20) {
if (!dsa_generate_ffc_parameters(dsa, DSA_PARAMGEN_TYPE_FIPS_186_2,


+ 4
- 4
crypto/dsa/dsa_key.c View File

@ -21,7 +21,7 @@
#include "crypto/dsa.h"
#include "dsa_local.h"
#ifdef FIPS_MODE
#ifdef FIPS_MODULE
# define MIN_STRENGTH 112
#else
# define MIN_STRENGTH 80
@ -32,7 +32,7 @@ static int dsa_keygen_pairwise_test(DSA *dsa, OSSL_CALLBACK *cb, void *cbarg);
int DSA_generate_key(DSA *dsa)
{
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (dsa->meth->dsa_keygen != NULL)
return dsa->meth->dsa_keygen(dsa);
#endif
@ -96,9 +96,9 @@ static int dsa_keygen(DSA *dsa, int pairwise_test)
dsa->priv_key = priv_key;
dsa->pub_key = pub_key;
#ifdef FIPS_MODE
#ifdef FIPS_MODULE
pairwise_test = 1;
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
ok = 1;
if (pairwise_test) {


+ 11
- 11
crypto/dsa/dsa_lib.c View File

@ -27,7 +27,7 @@
static DSA *dsa_new_intern(ENGINE *engine, OPENSSL_CTX *libctx);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int DSA_set_ex_data(DSA *d, int idx, void *arg)
{
@ -124,7 +124,7 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
meth->init(dsa);
return 1;
}
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
const DSA_METHOD *DSA_get_method(DSA *d)
@ -151,7 +151,7 @@ static DSA *dsa_new_intern(ENGINE *engine, OPENSSL_CTX *libctx)
ret->libctx = libctx;
ret->meth = DSA_get_default_method();
#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE)
#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; /* early default init */
if (engine) {
if (!ENGINE_init(engine)) {
@ -172,7 +172,7 @@ static DSA *dsa_new_intern(ENGINE *engine, OPENSSL_CTX *libctx)
ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (!crypto_new_ex_data_ex(libctx, CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data))
goto err;
#endif
@ -199,7 +199,7 @@ DSA *dsa_new_with_ctx(OPENSSL_CTX *libctx)
return dsa_new_intern(NULL, libctx);
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
DSA *DSA_new(void)
{
return dsa_new_intern(NULL, NULL);
@ -221,11 +221,11 @@ void DSA_free(DSA *r)
if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE)
#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
ENGINE_finish(r->engine);
#endif
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
#endif
@ -430,7 +430,7 @@ int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits)
if ((ret = dsa_paramgen_check(ctx)) <= 0)
return ret;
#if !defined(FIPS_MODE)
#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
@ -452,7 +452,7 @@ int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits)
if ((ret = dsa_paramgen_check(ctx)) <= 0)
return ret;
#if !defined(FIPS_MODE)
#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
@ -475,7 +475,7 @@ int EVP_PKEY_CTX_set_dsa_paramgen_md_props(EVP_PKEY_CTX *ctx,
if ((ret = dsa_paramgen_check(ctx)) <= 0)
return ret;
#if !defined(FIPS_MODE)
#if !defined(FIPS_MODULE)
/* TODO(3.0): Remove this eventually when no more legacy */
if (ctx->op.keymgmt.genctx == NULL) {
const EVP_MD *md = EVP_get_digestbyname(md_name);
@ -495,7 +495,7 @@ int EVP_PKEY_CTX_set_dsa_paramgen_md_props(EVP_PKEY_CTX *ctx,
return EVP_PKEY_CTX_set_params(ctx, params);
}
#if !defined(FIPS_MODE)
#if !defined(FIPS_MODULE)
int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
{
const char *md_name = (md == NULL) ? "" : EVP_MD_name(md);


+ 1
- 1
crypto/dsa/dsa_local.h View File

@ -25,7 +25,7 @@ struct dsa_st {
/* Normally used to cache montgomery values */
BN_MONT_CTX *method_mont_p;
CRYPTO_REF_COUNT references;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
CRYPTO_EX_DATA ex_data;
#endif
const DSA_METHOD *meth;


+ 2
- 2
crypto/dsa/dsa_ossl.c View File

@ -50,12 +50,12 @@ static DSA_METHOD openssl_dsa_meth = {
static const DSA_METHOD *default_DSA_method = &openssl_dsa_meth;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
void DSA_set_default_method(const DSA_METHOD *meth)
{
default_DSA_method = meth;
}
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
const DSA_METHOD *DSA_get_default_method(void)
{


+ 10
- 10
crypto/ec/ec2_oct.c View File

@ -43,7 +43,7 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,
{
BIGNUM *tmp, *x, *y, *z;
int ret = 0, z0;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
/* clear error queue */
@ -81,7 +81,7 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,
if (!BN_GF2m_add(tmp, x, tmp))
goto err;
if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx)) {
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
unsigned long err = ERR_peek_last_error();
if (ERR_GET_LIB(err) == ERR_LIB_BN
@ -113,7 +113,7 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;
@ -132,7 +132,7 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
int used_ctx = 0;
BIGNUM *x, *y, *yxi;
size_t field_len, i, skip;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
#endif
@ -168,7 +168,7 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
goto err;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
@ -236,7 +236,7 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
if (used_ctx)
BN_CTX_end(ctx);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;
@ -244,7 +244,7 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
err:
if (used_ctx)
BN_CTX_end(ctx);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return 0;
@ -263,7 +263,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
BIGNUM *x, *y, *yxi;
size_t field_len, enc_len;
int ret = 0;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
#endif
@ -305,7 +305,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
return 0;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
@ -358,7 +358,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;


+ 14
- 14
crypto/ec/ec2_smpl.c View File

@ -182,7 +182,7 @@ int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group,
{
int ret = 0;
BIGNUM *b;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
if (ctx == NULL) {
@ -213,7 +213,7 @@ int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group,
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;
@ -361,7 +361,7 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
{
BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t;
int ret = 0;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
#endif
@ -377,7 +377,7 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
return 1;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
@ -467,7 +467,7 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;
@ -514,7 +514,7 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
const BIGNUM *, BN_CTX *);
int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
#endif
@ -528,7 +528,7 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
if (!point->Z_is_one)
return -1;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
@ -566,7 +566,7 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;
@ -584,7 +584,7 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
{
BIGNUM *aX, *aY, *bX, *bY;
int ret = -1;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
#endif
@ -599,7 +599,7 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
return ((BN_cmp(a->X, b->X) == 0) && BN_cmp(a->Y, b->Y) == 0) ? 0 : 1;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
@ -623,7 +623,7 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;
@ -635,14 +635,14 @@ int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
{
BIGNUM *x, *y;
int ret = 0;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX *new_ctx = NULL;
#endif
if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
return 1;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
@ -670,7 +670,7 @@ int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
BN_CTX_free(new_ctx);
#endif
return ret;


+ 2
- 2
crypto/ec/ec_asn1.c View File

@ -21,7 +21,7 @@
#include "internal/nelem.h"
#include "crypto/asn1_dsa.h"
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int EC_GROUP_get_basis_type(const EC_GROUP *group)
{
@ -1237,7 +1237,7 @@ int i2o_ECPublicKey(const EC_KEY *a, unsigned char **out)
DECLARE_ASN1_FUNCTIONS(ECDSA_SIG)
DECLARE_ASN1_ENCODE_FUNCTIONS_name(ECDSA_SIG, ECDSA_SIG)
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
ECDSA_SIG *ECDSA_SIG_new(void)
{


+ 2
- 2
crypto/ec/ec_check.c View File

@ -45,7 +45,7 @@ int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only,
int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
{
#ifdef FIPS_MODE
#ifdef FIPS_MODULE
/*
* ECC domain parameter validation.
* See SP800-56A R3 5.5.2 "Assurances of Domain-Parameter Validity" Part 1b.
@ -114,5 +114,5 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
BN_CTX_free(new_ctx);
EC_POINT_free(point);
return ret;
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
}

+ 1
- 1
crypto/ec/ec_ctrl.c View File

@ -463,7 +463,7 @@ int EVP_PKEY_CTX_get_ec_paramgen_curve_name(EVP_PKEY_CTX *ctx,
return 1;
}
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid)
{
if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) {


+ 21
- 21
crypto/ec/ec_curve.c View File

@ -200,7 +200,7 @@ static const struct {
}
};
# ifndef FIPS_MODE
# ifndef FIPS_MODULE
/* the x9.62 prime curves (minus the nist prime curves) */
static const struct {
EC_CURVE_DATA h;
@ -379,7 +379,7 @@ static const struct {
0x43, 0x21, 0x46, 0x52, 0x65, 0x51
}
};
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
static const struct {
EC_CURVE_DATA h;
@ -419,7 +419,7 @@ static const struct {
}
};
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
/* the secg prime curves (minus the nist and x9.62 prime curves) */
static const struct {
EC_CURVE_DATA h;
@ -841,13 +841,13 @@ static const struct {
0x5C, 0x5C, 0x2A, 0x3D
}
};
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
#ifndef OPENSSL_NO_EC2M
/* characteristic two curves */
# ifndef FIPS_MODE
# ifndef FIPS_MODULE
static const struct {
EC_CURVE_DATA h;
unsigned char data[20 + 15 * 6];
@ -975,7 +975,7 @@ static const struct {
0x33, 0x04, 0x9B, 0xA9, 0x8F
}
};
# endif /* FIPS_MODE */
# endif /* FIPS_MODULE */
static const struct {
EC_CURVE_DATA h;
@ -1007,7 +1007,7 @@ static const struct {
}
};
# ifndef FIPS_MODE
# ifndef FIPS_MODULE
static const struct {
EC_CURVE_DATA h;
unsigned char data[0 + 21 * 6];
@ -1036,7 +1036,7 @@ static const struct {
0xAA, 0xB6, 0x89, 0xC2, 0x9C, 0xA7, 0x10, 0x27, 0x9B
}
};
# endif /* FIPS_MODE */
# endif /* FIPS_MODULE */
static const struct {
EC_CURVE_DATA h;
@ -1067,7 +1067,7 @@ static const struct {
}
};
# ifndef FIPS_MODE
# ifndef FIPS_MODULE
static const struct {
EC_CURVE_DATA h;
unsigned char data[20 + 25 * 6];
@ -1143,7 +1143,7 @@ static const struct {
0xD5
}
};
# endif /* FIPS_MODE */
# endif /* FIPS_MODULE */
static const struct {
EC_CURVE_DATA h;
@ -1219,7 +1219,7 @@ static const struct {
}
};
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
static const struct {
EC_CURVE_DATA h;
unsigned char data[0 + 30 * 6];
@ -1255,7 +1255,7 @@ static const struct {
0x1D, 0xA8, 0x00, 0xE4, 0x78, 0xA5
}
};
# endif /* FIPS_MODE */
# endif /* FIPS_MODULE */
static const struct {
EC_CURVE_DATA h;
@ -1539,7 +1539,7 @@ static const struct {
}
};
# ifndef FIPS_MODE
# ifndef FIPS_MODULE
static const struct {
EC_CURVE_DATA h;
unsigned char data[20 + 21 * 6];
@ -2224,7 +2224,7 @@ static const struct {
0xED, 0xF9, 0x7C, 0x44, 0xDB, 0x9F, 0x24, 0x20, 0xBA, 0xFC, 0xA7, 0x5E
}
};
# endif /* FIPS_MODE */
# endif /* FIPS_MODULE */
#endif /* OPENSSL_NO_EC2M */
/*
@ -2235,7 +2235,7 @@ static const struct {
* generation mechanism is different from those defined in ANSI X9.62.
*/
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
static const struct {
EC_CURVE_DATA h;
unsigned char data[0 + 20 * 6];
@ -2775,9 +2775,9 @@ static const struct {
0x9C, 0xA9, 0x00, 0x69
}
};
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODE)
#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
static const struct {
EC_CURVE_DATA h;
unsigned char data[0 + 32 * 6];
@ -2824,7 +2824,7 @@ typedef struct _ec_list_element_st {
const char *comment;
} ec_list_element;
#ifdef FIPS_MODE
#ifdef FIPS_MODULE
static const ec_list_element curve_list[] = {
/* prime field curves */
/* secg curves */
@ -3113,7 +3113,7 @@ static const ec_list_element curve_list[] = {
"SM2 curve over a 256 bit prime field"},
# endif
};
#endif /* FIPS_MODE */
#endif /* FIPS_MODULE */
#define curve_list_length OSSL_NELEM(curve_list)
@ -3165,7 +3165,7 @@ int ec_curve_name2nid(const char *name)
if ((nid = EC_curve_nist2nid(name)) != NID_undef)
return nid;
#ifndef FIPS_MODE
#ifndef FIPS_MODULE
/*
* TODO(3.0) Figure out if we can use other names than the NIST names
* ("B-163", "K-163" & "P-192") in the FIPS module, or if other names
@ -3302,7 +3302,7 @@ EC_GROUP *EC_GROUP_new_by_curve_name_ex(OPENSSL_CTX *libctx, int nid)
return ret;
}