OPENSSL_NO_xxx cleanup: SHA

Remove support for SHA0 and DSS0 (they were broken), and remove the ability to attempt to build without SHA (it didn't work). For simplicity, remove the option of not building various SHA algorithms; you could argue that SHA_224/256/384/512 should be kept, since they're like crypto algorithms, but I decided to go the other way. So these options are gone: GENUINE_DSA OPENSSL_NO_SHA0 OPENSSL_NO_SHA OPENSSL_NO_SHA1 OPENSSL_NO_SHA224 OPENSSL_NO_SHA256 OPENSSL_NO_SHA384 OPENSSL_NO_SHA512 Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Rich Salz <rsalz@openssl.org> 2015-01-27 12:34:45 -0500
committer: Rich Salz <rsalz@openssl.org> 2015-01-27 12:34:45 -0500
commit: 474e469bbd056aebcf7e7d3207ef820f2faed4ce (patch)
tree: 435a3d3feb5795d101fe89055e2b86b75c94476a /crypto/dsa
parent: c73ad690174171b63a53dabdb2f2d9ebfd30053a (diff)
download: openssl-474e469bbd056aebcf7e7d3207ef820f2faed4ce.tar.gz
4 files changed, 22 insertions, 54 deletions
diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c
index b3d0fab14b..be1df138cb 100644
--- a/crypto/dsa/dsa_depr.c
+++ b/crypto/dsa/dsa_depr.c
@@ -58,37 +58,25 @@
  * version(s).
  */
 
-#undef GENUINE_DSA
-
-#ifdef GENUINE_DSA
-/*
- * Parameter generation follows the original release of FIPS PUB 186,
- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180)
- */
-# define HASH    EVP_sha()
-#else
 /*
  * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
  * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB
  * 180-1)
  */
-# define HASH    EVP_sha1()
-#endif
+#define xxxHASH    EVP_sha1()
 
 static void *dummy = &dummy;
 
-#ifndef OPENSSL_NO_SHA
-
-# include <stdio.h>
-# include <time.h>
-# include "cryptlib.h"
-# include <openssl/evp.h>
-# include <openssl/bn.h>
-# include <openssl/dsa.h>
-# include <openssl/rand.h>
-# include <openssl/sha.h>
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
 
-# ifndef OPENSSL_NO_DEPRECATED
+#ifndef OPENSSL_NO_DEPRECATED
 DSA *DSA_generate_parameters(int bits,
                              unsigned char *seed_in, int seed_len,
                              int *counter_ret, unsigned long *h_ret,
@@ -117,5 +105,4 @@ DSA *DSA_generate_parameters(int bits,
     DSA_free(ret);
     return NULL;
 }
-# endif
 #endif
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 5e92d93d9a..37b23c9f41 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -56,35 +56,23 @@
  * [including the GNU Public Licence.]
  */
 
-#undef GENUINE_DSA
-
-#ifdef GENUINE_DSA
-/*
- * Parameter generation follows the original release of FIPS PUB 186,
- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180)
- */
-# define HASH    EVP_sha()
-#else
 /*
  * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
  * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB
  * 180-1)
  */
-# define HASH    EVP_sha1()
-#endif
+#define xxxHASH    EVP_sha1()
 
 #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */
 
-#ifndef OPENSSL_NO_SHA
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
 
-# include <stdio.h>
-# include "cryptlib.h"
-# include <openssl/evp.h>
-# include <openssl/bn.h>
-# include <openssl/rand.h>
-# include <openssl/sha.h>
-
-# include "dsa_locl.h"
+#include "dsa_locl.h"
 
 int DSA_generate_parameters_ex(DSA *ret, int bits,
                                const unsigned char *seed_in, int seed_len,
@@ -714,5 +702,3 @@ int dsa_paramgen_check_g(DSA *dsa)
     return rv;
 
 }
-
-#endif
diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
index 8584963609..1c05b0f80d 100644
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -59,10 +59,9 @@
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
-#ifndef OPENSSL_NO_SHA
-# include <openssl/bn.h>
-# include <openssl/dsa.h>
-# include <openssl/rand.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
 
 static int dsa_builtin_keygen(DSA *dsa);
 
@@ -133,4 +132,3 @@ static int dsa_builtin_keygen(DSA *dsa)
         BN_CTX_free(ctx);
     return (ok);
 }
-#endif
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index bd83227549..96f5d6fed1 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -258,7 +258,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
 
     /* Get random k */
     do {
-#ifndef OPENSSL_NO_SHA512
         if (dgst != NULL) {
             /*
              * We calculate k from SHA512(private_key + H(message) + random).
@@ -267,9 +266,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
             if (!BN_generate_dsa_nonce(k, dsa->q, dsa->priv_key, dgst,
                                        dlen, ctx))
                 goto err;
-        } else
-#endif
-        if (!BN_rand_range(k, dsa->q))
+        } else if (!BN_rand_range(k, dsa->q))
             goto err;
     } while (BN_is_zero(k));
author	Rich Salz <rsalz@openssl.org>	2015-01-27 12:34:45 -0500
committer	Rich Salz <rsalz@openssl.org>	2015-01-27 12:34:45 -0500
commit	474e469bbd056aebcf7e7d3207ef820f2faed4ce (patch)
tree	435a3d3feb5795d101fe89055e2b86b75c94476a /crypto/dsa
parent	c73ad690174171b63a53dabdb2f2d9ebfd30053a (diff)
download	openssl-474e469bbd056aebcf7e7d3207ef820f2faed4ce.tar.gz