From d95c516e0772f50a7698a0751ea1b311bb43adaa Mon Sep 17 00:00:00 2001 From: miod Date: Thu, 1 May 2014 11:11:37 +0000 Subject: [PATCH] Remove fips_md_init() macro indirection for digest algorithms, used by the OpenSSL FIPS module to prevent forbidden digests to be allowed. No functional change but readability. ok deraadt@ --- lib/libcrypto/crypto.h | 6 ------ lib/libcrypto/md4/md4_dgst.c | 2 +- lib/libcrypto/md5/md5_dgst.c | 2 +- lib/libcrypto/mdc2/mdc2dgst.c | 2 +- lib/libcrypto/ripemd/rmd_dgst.c | 2 +- lib/libcrypto/sha/sha256.c | 4 ++-- lib/libcrypto/sha/sha512.c | 4 ++-- lib/libcrypto/sha/sha_locl.h | 4 ++-- lib/libcrypto/whrlpool/wp_dgst.c | 2 +- lib/libssl/src/crypto/crypto.h | 6 ------ lib/libssl/src/crypto/md4/md4_dgst.c | 2 +- lib/libssl/src/crypto/md5/md5_dgst.c | 2 +- lib/libssl/src/crypto/mdc2/mdc2dgst.c | 2 +- lib/libssl/src/crypto/ripemd/rmd_dgst.c | 2 +- lib/libssl/src/crypto/sha/sha256.c | 4 ++-- lib/libssl/src/crypto/sha/sha512.c | 4 ++-- lib/libssl/src/crypto/sha/sha_locl.h | 4 ++-- lib/libssl/src/crypto/whrlpool/wp_dgst.c | 2 +- 18 files changed, 22 insertions(+), 34 deletions(-) diff --git a/lib/libcrypto/crypto.h b/lib/libcrypto/crypto.h index 11c34d8bbee..00d3cc2aaed 100644 --- a/lib/libcrypto/crypto.h +++ b/lib/libcrypto/crypto.h @@ -533,12 +533,6 @@ int OPENSSL_isservice(void); void OPENSSL_init(void); -#define fips_md_init(alg) fips_md_init_ctx(alg, alg) - -#define fips_md_init_ctx(alg, cx) \ - int alg##_Init(cx##_CTX *c) -#define fips_cipher_abort(alg) while(0) - /* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It * takes an amount of time dependent on |len|, but independent of the contents * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a diff --git a/lib/libcrypto/md4/md4_dgst.c b/lib/libcrypto/md4/md4_dgst.c index b5b165b0526..b4edd6405f4 100644 --- a/lib/libcrypto/md4/md4_dgst.c +++ b/lib/libcrypto/md4/md4_dgst.c @@ -71,7 +71,7 @@ const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT; #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L -fips_md_init(MD4) +int MD4_Init(MD4_CTX *c) { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; diff --git a/lib/libcrypto/md5/md5_dgst.c b/lib/libcrypto/md5/md5_dgst.c index 265890de52b..dffddf44d95 100644 --- a/lib/libcrypto/md5/md5_dgst.c +++ b/lib/libcrypto/md5/md5_dgst.c @@ -71,7 +71,7 @@ const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT; #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L -fips_md_init(MD5) +int MD5_Init(MD5_CTX *c) { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; diff --git a/lib/libcrypto/mdc2/mdc2dgst.c b/lib/libcrypto/mdc2/mdc2dgst.c index d66ed6a1c6a..302f9ab9a89 100644 --- a/lib/libcrypto/mdc2/mdc2dgst.c +++ b/lib/libcrypto/mdc2/mdc2dgst.c @@ -76,7 +76,7 @@ *((c)++)=(unsigned char)(((l)>>24L)&0xff)) static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len); -fips_md_init(MDC2) +int MDC2_Init(MDC2_CTX *c) { c->num=0; c->pad_type=1; diff --git a/lib/libcrypto/ripemd/rmd_dgst.c b/lib/libcrypto/ripemd/rmd_dgst.c index d8e72da51bf..74dbcd0c75c 100644 --- a/lib/libcrypto/ripemd/rmd_dgst.c +++ b/lib/libcrypto/ripemd/rmd_dgst.c @@ -70,7 +70,7 @@ const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT; void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num); # endif -fips_md_init(RIPEMD160) +int RIPEMD160_Init(RIPEMD160_CTX *c) { memset (c,0,sizeof(*c)); c->A=RIPEMD160_A; diff --git a/lib/libcrypto/sha/sha256.c b/lib/libcrypto/sha/sha256.c index e767afde5ae..cf9c9a050b1 100644 --- a/lib/libcrypto/sha/sha256.c +++ b/lib/libcrypto/sha/sha256.c @@ -17,7 +17,7 @@ const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT; -fips_md_init_ctx(SHA224, SHA256) +int SHA224_Init(SHA256_CTX *c) { memset (c,0,sizeof(*c)); c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL; @@ -28,7 +28,7 @@ fips_md_init_ctx(SHA224, SHA256) return 1; } -fips_md_init(SHA256) +int SHA256_Init(SHA256_CTX *c) { memset (c,0,sizeof(*c)); c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; diff --git a/lib/libcrypto/sha/sha512.c b/lib/libcrypto/sha/sha512.c index ca7991a9ca1..d8fa933cde2 100644 --- a/lib/libcrypto/sha/sha512.c +++ b/lib/libcrypto/sha/sha512.c @@ -60,7 +60,7 @@ const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT; #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA #endif -fips_md_init_ctx(SHA384, SHA512) +int SHA384_Init(SHA512_CTX *c) { c->h[0]=U64(0xcbbb9d5dc1059ed8); c->h[1]=U64(0x629a292a367cd507); @@ -76,7 +76,7 @@ fips_md_init_ctx(SHA384, SHA512) return 1; } -fips_md_init(SHA512) +int SHA512_Init(SHA512_CTX *c) { c->h[0]=U64(0x6a09e667f3bcc908); c->h[1]=U64(0xbb67ae8584caa73b); diff --git a/lib/libcrypto/sha/sha_locl.h b/lib/libcrypto/sha/sha_locl.h index 1210176dda0..08ab20d60fc 100644 --- a/lib/libcrypto/sha/sha_locl.h +++ b/lib/libcrypto/sha/sha_locl.h @@ -116,9 +116,9 @@ void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num); #define INIT_DATA_h4 0xc3d2e1f0UL #ifdef SHA_0 -fips_md_init(SHA) +int SHA_Init(SHA_CTX *c) #else -fips_md_init_ctx(SHA1, SHA) +int SHA1_Init(SHA_CTX *c) #endif { memset (c,0,sizeof(*c)); diff --git a/lib/libcrypto/whrlpool/wp_dgst.c b/lib/libcrypto/whrlpool/wp_dgst.c index 7e28bef51d0..143a70f8bc1 100644 --- a/lib/libcrypto/whrlpool/wp_dgst.c +++ b/lib/libcrypto/whrlpool/wp_dgst.c @@ -55,7 +55,7 @@ #include #include -fips_md_init(WHIRLPOOL) +int WHIRLPOOL_Init(WHIRLPOOL_CTX *c) { memset (c,0,sizeof(*c)); return(1); diff --git a/lib/libssl/src/crypto/crypto.h b/lib/libssl/src/crypto/crypto.h index 11c34d8bbee..00d3cc2aaed 100644 --- a/lib/libssl/src/crypto/crypto.h +++ b/lib/libssl/src/crypto/crypto.h @@ -533,12 +533,6 @@ int OPENSSL_isservice(void); void OPENSSL_init(void); -#define fips_md_init(alg) fips_md_init_ctx(alg, alg) - -#define fips_md_init_ctx(alg, cx) \ - int alg##_Init(cx##_CTX *c) -#define fips_cipher_abort(alg) while(0) - /* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It * takes an amount of time dependent on |len|, but independent of the contents * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a diff --git a/lib/libssl/src/crypto/md4/md4_dgst.c b/lib/libssl/src/crypto/md4/md4_dgst.c index b5b165b0526..b4edd6405f4 100644 --- a/lib/libssl/src/crypto/md4/md4_dgst.c +++ b/lib/libssl/src/crypto/md4/md4_dgst.c @@ -71,7 +71,7 @@ const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT; #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L -fips_md_init(MD4) +int MD4_Init(MD4_CTX *c) { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; diff --git a/lib/libssl/src/crypto/md5/md5_dgst.c b/lib/libssl/src/crypto/md5/md5_dgst.c index 265890de52b..dffddf44d95 100644 --- a/lib/libssl/src/crypto/md5/md5_dgst.c +++ b/lib/libssl/src/crypto/md5/md5_dgst.c @@ -71,7 +71,7 @@ const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT; #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L -fips_md_init(MD5) +int MD5_Init(MD5_CTX *c) { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; diff --git a/lib/libssl/src/crypto/mdc2/mdc2dgst.c b/lib/libssl/src/crypto/mdc2/mdc2dgst.c index d66ed6a1c6a..302f9ab9a89 100644 --- a/lib/libssl/src/crypto/mdc2/mdc2dgst.c +++ b/lib/libssl/src/crypto/mdc2/mdc2dgst.c @@ -76,7 +76,7 @@ *((c)++)=(unsigned char)(((l)>>24L)&0xff)) static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len); -fips_md_init(MDC2) +int MDC2_Init(MDC2_CTX *c) { c->num=0; c->pad_type=1; diff --git a/lib/libssl/src/crypto/ripemd/rmd_dgst.c b/lib/libssl/src/crypto/ripemd/rmd_dgst.c index d8e72da51bf..74dbcd0c75c 100644 --- a/lib/libssl/src/crypto/ripemd/rmd_dgst.c +++ b/lib/libssl/src/crypto/ripemd/rmd_dgst.c @@ -70,7 +70,7 @@ const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT; void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num); # endif -fips_md_init(RIPEMD160) +int RIPEMD160_Init(RIPEMD160_CTX *c) { memset (c,0,sizeof(*c)); c->A=RIPEMD160_A; diff --git a/lib/libssl/src/crypto/sha/sha256.c b/lib/libssl/src/crypto/sha/sha256.c index e767afde5ae..cf9c9a050b1 100644 --- a/lib/libssl/src/crypto/sha/sha256.c +++ b/lib/libssl/src/crypto/sha/sha256.c @@ -17,7 +17,7 @@ const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT; -fips_md_init_ctx(SHA224, SHA256) +int SHA224_Init(SHA256_CTX *c) { memset (c,0,sizeof(*c)); c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL; @@ -28,7 +28,7 @@ fips_md_init_ctx(SHA224, SHA256) return 1; } -fips_md_init(SHA256) +int SHA256_Init(SHA256_CTX *c) { memset (c,0,sizeof(*c)); c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; diff --git a/lib/libssl/src/crypto/sha/sha512.c b/lib/libssl/src/crypto/sha/sha512.c index ca7991a9ca1..d8fa933cde2 100644 --- a/lib/libssl/src/crypto/sha/sha512.c +++ b/lib/libssl/src/crypto/sha/sha512.c @@ -60,7 +60,7 @@ const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT; #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA #endif -fips_md_init_ctx(SHA384, SHA512) +int SHA384_Init(SHA512_CTX *c) { c->h[0]=U64(0xcbbb9d5dc1059ed8); c->h[1]=U64(0x629a292a367cd507); @@ -76,7 +76,7 @@ fips_md_init_ctx(SHA384, SHA512) return 1; } -fips_md_init(SHA512) +int SHA512_Init(SHA512_CTX *c) { c->h[0]=U64(0x6a09e667f3bcc908); c->h[1]=U64(0xbb67ae8584caa73b); diff --git a/lib/libssl/src/crypto/sha/sha_locl.h b/lib/libssl/src/crypto/sha/sha_locl.h index 1210176dda0..08ab20d60fc 100644 --- a/lib/libssl/src/crypto/sha/sha_locl.h +++ b/lib/libssl/src/crypto/sha/sha_locl.h @@ -116,9 +116,9 @@ void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num); #define INIT_DATA_h4 0xc3d2e1f0UL #ifdef SHA_0 -fips_md_init(SHA) +int SHA_Init(SHA_CTX *c) #else -fips_md_init_ctx(SHA1, SHA) +int SHA1_Init(SHA_CTX *c) #endif { memset (c,0,sizeof(*c)); diff --git a/lib/libssl/src/crypto/whrlpool/wp_dgst.c b/lib/libssl/src/crypto/whrlpool/wp_dgst.c index 7e28bef51d0..143a70f8bc1 100644 --- a/lib/libssl/src/crypto/whrlpool/wp_dgst.c +++ b/lib/libssl/src/crypto/whrlpool/wp_dgst.c @@ -55,7 +55,7 @@ #include #include -fips_md_init(WHIRLPOOL) +int WHIRLPOOL_Init(WHIRLPOOL_CTX *c) { memset (c,0,sizeof(*c)); return(1); -- 2.20.1