diff options
author | Rich Salz <rsalz@openssl.org> | 2015-01-27 12:34:45 -0500 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2015-01-27 12:34:45 -0500 |
commit | 474e469bbd056aebcf7e7d3207ef820f2faed4ce (patch) | |
tree | 435a3d3feb5795d101fe89055e2b86b75c94476a /crypto/dsa | |
parent | c73ad690174171b63a53dabdb2f2d9ebfd30053a (diff) | |
download | openssl-474e469bbd056aebcf7e7d3207ef820f2faed4ce.tar.gz |
OPENSSL_NO_xxx cleanup: SHA
Remove support for SHA0 and DSS0 (they were broken), and remove
the ability to attempt to build without SHA (it didn't work).
For simplicity, remove the option of not building various SHA algorithms;
you could argue that SHA_224/256/384/512 should be kept, since they're
like crypto algorithms, but I decided to go the other way.
So these options are gone:
GENUINE_DSA OPENSSL_NO_SHA0
OPENSSL_NO_SHA OPENSSL_NO_SHA1
OPENSSL_NO_SHA224 OPENSSL_NO_SHA256
OPENSSL_NO_SHA384 OPENSSL_NO_SHA512
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'crypto/dsa')
-rw-r--r-- | crypto/dsa/dsa_depr.c | 33 | ||||
-rw-r--r-- | crypto/dsa/dsa_gen.c | 30 | ||||
-rw-r--r-- | crypto/dsa/dsa_key.c | 8 | ||||
-rw-r--r-- | crypto/dsa/dsa_ossl.c | 5 |
4 files changed, 22 insertions, 54 deletions
diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c index b3d0fab14b..be1df138cb 100644 --- a/crypto/dsa/dsa_depr.c +++ b/crypto/dsa/dsa_depr.c @@ -58,37 +58,25 @@ * version(s). */ -#undef GENUINE_DSA - -#ifdef GENUINE_DSA -/* - * Parameter generation follows the original release of FIPS PUB 186, - * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) - */ -# define HASH EVP_sha() -#else /* * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB * 180-1) */ -# define HASH EVP_sha1() -#endif +#define xxxHASH EVP_sha1() static void *dummy = &dummy; -#ifndef OPENSSL_NO_SHA - -# include <stdio.h> -# include <time.h> -# include "cryptlib.h" -# include <openssl/evp.h> -# include <openssl/bn.h> -# include <openssl/dsa.h> -# include <openssl/rand.h> -# include <openssl/sha.h> +#include <stdio.h> +#include <time.h> +#include "cryptlib.h" +#include <openssl/evp.h> +#include <openssl/bn.h> +#include <openssl/dsa.h> +#include <openssl/rand.h> +#include <openssl/sha.h> -# ifndef OPENSSL_NO_DEPRECATED +#ifndef OPENSSL_NO_DEPRECATED DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, int *counter_ret, unsigned long *h_ret, @@ -117,5 +105,4 @@ DSA *DSA_generate_parameters(int bits, DSA_free(ret); return NULL; } -# endif #endif diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 5e92d93d9a..37b23c9f41 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -56,35 +56,23 @@ * [including the GNU Public Licence.] */ -#undef GENUINE_DSA - -#ifdef GENUINE_DSA -/* - * Parameter generation follows the original release of FIPS PUB 186, - * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) - */ -# define HASH EVP_sha() -#else /* * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB * 180-1) */ -# define HASH EVP_sha1() -#endif +#define xxxHASH EVP_sha1() #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */ -#ifndef OPENSSL_NO_SHA +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/evp.h> +#include <openssl/bn.h> +#include <openssl/rand.h> +#include <openssl/sha.h> -# include <stdio.h> -# include "cryptlib.h" -# include <openssl/evp.h> -# include <openssl/bn.h> -# include <openssl/rand.h> -# include <openssl/sha.h> - -# include "dsa_locl.h" +#include "dsa_locl.h" int DSA_generate_parameters_ex(DSA *ret, int bits, const unsigned char *seed_in, int seed_len, @@ -714,5 +702,3 @@ int dsa_paramgen_check_g(DSA *dsa) return rv; } - -#endif diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index 8584963609..1c05b0f80d 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -59,10 +59,9 @@ #include <stdio.h> #include <time.h> #include "cryptlib.h" -#ifndef OPENSSL_NO_SHA -# include <openssl/bn.h> -# include <openssl/dsa.h> -# include <openssl/rand.h> +#include <openssl/bn.h> +#include <openssl/dsa.h> +#include <openssl/rand.h> static int dsa_builtin_keygen(DSA *dsa); @@ -133,4 +132,3 @@ static int dsa_builtin_keygen(DSA *dsa) BN_CTX_free(ctx); return (ok); } -#endif diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index bd83227549..96f5d6fed1 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -258,7 +258,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, /* Get random k */ do { -#ifndef OPENSSL_NO_SHA512 if (dgst != NULL) { /* * We calculate k from SHA512(private_key + H(message) + random). @@ -267,9 +266,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, if (!BN_generate_dsa_nonce(k, dsa->q, dsa->priv_key, dgst, dlen, ctx)) goto err; - } else -#endif - if (!BN_rand_range(k, dsa->q)) + } else if (!BN_rand_range(k, dsa->q)) goto err; } while (BN_is_zero(k)); |