Move libssl related defines used by fips provider to prov_ssl.h

This nicely reduces the number of files considered as fips
provider sources.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15609)

diff --git a/crypto/packet.c b/crypto/packet.c
index 6cd1ed3ed330cb27a70bc8e105e60cc79cc5022a..80202bc08f5902d284e775fca199f48aff609917 100644 (file)
--- a/crypto/packet.c
+++ b/crypto/packet.c
@@ -9,7 +9,7 @@
 
 #include "internal/cryptlib.h"
 #include "internal/packet.h"
 
 #include "internal/cryptlib.h"
 #include "internal/packet.h"

-#include <openssl/sslerr.h>
+#include <openssl/err.h>

 
 #define DEFAULT_BUF_SIZE    256
 
 
 #define DEFAULT_BUF_SIZE    256
 


@@ -105,7 +105,7 @@ static int wpacket_intern_init_len(WPACKET *pkt, size_t lenbytes)
     pkt->written = 0;
 
     if ((pkt->subs = OPENSSL_zalloc(sizeof(*pkt->subs))) == NULL) {
     pkt->written = 0;
 
     if ((pkt->subs = OPENSSL_zalloc(sizeof(*pkt->subs))) == NULL) {

-        ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);

         return 0;
     }
 
         return 0;
     }
 


@@ -352,7 +352,7 @@ int WPACKET_start_sub_packet_len__(WPACKET *pkt, size_t lenbytes)
         return 0;
 
     if ((sub = OPENSSL_zalloc(sizeof(*sub))) == NULL) {
         return 0;
 
     if ((sub = OPENSSL_zalloc(sizeof(*sub))) == NULL) {

-        ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);

         return 0;
     }
 
         return 0;
     }
 

diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c
index f1eabf177c95ea3e4a40fc6457c40b142154b845..89778e6c4dc0f536d3557d610856a9743a28aabd 100644 (file)
--- a/crypto/rsa/rsa_pk1.c
+++ b/crypto/rsa/rsa_pk1.c
@@ -20,7 +20,7 @@
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
 /* Just for the SSL_MAX_MASTER_KEY_LENGTH value */
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
 /* Just for the SSL_MAX_MASTER_KEY_LENGTH value */

-#include <openssl/ssl.h>
+#include <openssl/prov_ssl.h>

 #include "internal/cryptlib.h"
 #include "crypto/rsa.h"
 #include "rsa_local.h"
 #include "internal/cryptlib.h"
 #include "crypto/rsa.h"
 #include "rsa_local.h"

diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h
index 5553fb8c90552e8f7db1ce25518ff16f6d84f735..8a1cd95ce31deb5179e5c55bf000c9bb61d4fb1c 100644 (file)
--- a/include/openssl/dtls1.h
+++ b/include/openssl/dtls1.h
@@ -16,22 +16,21 @@
 #  define HEADER_DTLS1_H
 # endif
 
 #  define HEADER_DTLS1_H
 # endif
 

+# include <openssl/prov_ssl.h>
+

 #ifdef  __cplusplus
 extern "C" {
 #endif
 
 #include <openssl/opensslconf.h>
 
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
 #include <openssl/opensslconf.h>
 

-# define DTLS1_VERSION                   0xFEFF
-# define DTLS1_2_VERSION                 0xFEFD
+/* DTLS*_VERSION constants are defined in prov_ssl.h */

 # ifndef OPENSSL_NO_DEPRECATED_3_0
 #  define DTLS_MIN_VERSION                DTLS1_VERSION
 #  define DTLS_MAX_VERSION                DTLS1_2_VERSION
 # endif
 # define DTLS1_VERSION_MAJOR             0xFE
 
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 #  define DTLS_MIN_VERSION                DTLS1_VERSION
 #  define DTLS_MAX_VERSION                DTLS1_2_VERSION
 # endif
 # define DTLS1_VERSION_MAJOR             0xFE
 

-# define DTLS1_BAD_VER                   0x0100
-

 /* Special value for method supporting multiple versions */
 # define DTLS_ANY_VERSION                0x1FFFF
 
 /* Special value for method supporting multiple versions */
 # define DTLS_ANY_VERSION                0x1FFFF
 

diff --git a/include/openssl/prov_ssl.h b/include/openssl/prov_ssl.h
new file mode 100644 (file)
index 0000000..d3e0896
--- /dev/null
+++ b/include/openssl/prov_ssl.h
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_PROV_SSL_H
+# define OPENSSL_PROV_SSL_H
+# pragma once
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+/* SSL/TLS related defines useful to providers */
+
+# define SSL_MAX_MASTER_KEY_LENGTH 48
+
+# define SSL3_VERSION                    0x0300
+# define TLS1_VERSION                    0x0301
+# define TLS1_1_VERSION                  0x0302
+# define TLS1_2_VERSION                  0x0303
+# define TLS1_3_VERSION                  0x0304
+# define DTLS1_VERSION                   0xFEFF
+# define DTLS1_2_VERSION                 0xFEFD
+# define DTLS1_BAD_VER                   0x0100
+
+# ifdef __cplusplus
+}
+# endif
+#endif /* OPENSSL_PROV_SSL_H */

diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index a227090263712f8e6f218a7dfcc8d7356f52c167..2c34fd2a9aa528855cc5c309246c20bf4ab7aa4f 100644 (file)
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -42,6 +42,7 @@ use OpenSSL::stackhash qw(generate_stack_macros generate_const_stack_macros);
 # include <openssl/symhacks.h>
 # include <openssl/ct.h>
 # include <openssl/sslerr.h>
 # include <openssl/symhacks.h>
 # include <openssl/ct.h>
 # include <openssl/sslerr.h>

+# include <openssl/prov_ssl.h>

 
 #ifdef  __cplusplus
 extern "C" {
 
 #ifdef  __cplusplus
 extern "C" {


@@ -59,7 +60,7 @@ extern "C" {
 
 # define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES     (512/8)
 # define SSL_MAX_KEY_ARG_LENGTH                  8
 
 # define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES     (512/8)
 # define SSL_MAX_KEY_ARG_LENGTH                  8

-# define SSL_MAX_MASTER_KEY_LENGTH               48
+/* SSL_MAX_MASTER_KEY_LENGTH is defined in prov_ssl.h */

 
 /* The maximum number of encrypt/decrypt pipelines we can support */
 # define SSL_MAX_PIPELINES  32
 
 /* The maximum number of encrypt/decrypt pipelines we can support */
 # define SSL_MAX_PIPELINES  32

diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index 9fc6b3abcbdd5920498dd1a7407d6feac94908cb..e5a41faa052c67534879f7141b47ee8679d9ecec 100644 (file)
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -212,7 +212,7 @@ extern "C" {
 # define SSL3_MD_CLIENT_FINISHED_CONST   "\x43\x4C\x4E\x54"
 # define SSL3_MD_SERVER_FINISHED_CONST   "\x53\x52\x56\x52"
 
 # define SSL3_MD_CLIENT_FINISHED_CONST   "\x43\x4C\x4E\x54"
 # define SSL3_MD_SERVER_FINISHED_CONST   "\x53\x52\x56\x52"
 

-# define SSL3_VERSION                    0x0300
+/* SSL3_VERSION is defined in prov_ssl.h */

 # define SSL3_VERSION_MAJOR              0x03
 # define SSL3_VERSION_MINOR              0x00
 
 # define SSL3_VERSION_MAJOR              0x03
 # define SSL3_VERSION_MINOR              0x00
 

diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index cd1f818c1a9f2a9dec61e809a1da1936ad1afe5c..d6e9331fa1e94de4cfcf13d765b08b29a385d1cf 100644 (file)
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -20,6 +20,7 @@
 
 # include <openssl/buffer.h>
 # include <openssl/x509.h>
 
 # include <openssl/buffer.h>
 # include <openssl/x509.h>

+# include <openssl/prov_ssl.h>

 
 #ifdef  __cplusplus
 extern "C" {
 
 #ifdef  __cplusplus
 extern "C" {


@@ -30,10 +31,7 @@ extern "C" {
 #  define OPENSSL_TLS_SECURITY_LEVEL 1
 # endif
 
 #  define OPENSSL_TLS_SECURITY_LEVEL 1
 # endif
 

-# define TLS1_VERSION                    0x0301
-# define TLS1_1_VERSION                  0x0302
-# define TLS1_2_VERSION                  0x0303
-# define TLS1_3_VERSION                  0x0304
+/* TLS*_VERSION constants are defined in prov_ssl.h */

 # ifndef OPENSSL_NO_DEPRECATED_3_0
 #  define TLS_MAX_VERSION                TLS1_3_VERSION
 # endif
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 #  define TLS_MAX_VERSION                TLS1_3_VERSION
 # endif

diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c
index 781acae8db6f8cff6c4af9e7cd5ba36eec82d255..f6d95197f07c0fdc066d23f175c1b7f737fba3ae 100644 (file)
--- a/providers/common/capabilities.c
+++ b/providers/common/capabilities.c
@@ -12,7 +12,7 @@
 #include <openssl/core_dispatch.h>
 #include <openssl/core_names.h>
 /* For TLS1_VERSION etc */
 #include <openssl/core_dispatch.h>
 #include <openssl/core_names.h>
 /* For TLS1_VERSION etc */

-#include <openssl/ssl.h>
+#include <openssl/prov_ssl.h>

 #include <openssl/params.h>
 #include "internal/nelem.h"
 #include "internal/tlsgroups.h"
 #include <openssl/params.h>
 #include "internal/nelem.h"
 #include "internal/tlsgroups.h"

diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
index 7b534e76ed321ad94af5281ff361c95c387e6734..ce5ddff651d223731262c779f6dedd29c0160c1c 100644 (file)
--- a/providers/implementations/asymciphers/rsa_enc.c
+++ b/providers/implementations/asymciphers/rsa_enc.c
@@ -22,7 +22,7 @@
 #include <openssl/err.h>
 #include <openssl/proverr.h>
 /* Just for SSL_MAX_MASTER_KEY_LENGTH */
 #include <openssl/err.h>
 #include <openssl/proverr.h>
 /* Just for SSL_MAX_MASTER_KEY_LENGTH */

-#include <openssl/ssl.h>
+#include <openssl/prov_ssl.h>

 #include "internal/constant_time.h"
 #include "internal/sizes.h"
 #include "crypto/rsa.h"
 #include "internal/constant_time.h"
 #include "internal/sizes.h"
 #include "crypto/rsa.h"

diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
index a0eef7c1e516eccc77f2e78d092298da29062574..f9a8a58041494b712c4ac9560b6f4530822fd684 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
@@ -16,8 +16,8 @@
 
 /* Dispatch functions for AES_CBC_HMAC_SHA ciphers */
 
 
 /* Dispatch functions for AES_CBC_HMAC_SHA ciphers */
 

-/* Only for SSL3_VERSION and TLS1_VERSION */
-#include <openssl/ssl.h>
+/* For SSL3_VERSION and TLS1_VERSION */
+#include <openssl/prov_ssl.h>

 #include <openssl/proverr.h>
 #include "cipher_aes_cbc_hmac_sha.h"
 #include "prov/implementations.h"
 #include <openssl/proverr.h>
 #include "cipher_aes_cbc_hmac_sha.h"
 #include "prov/implementations.h"

diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c
index 3c8ea8c03ca5b6da78bc1f85c1af5e81342d0eae..b5a0d43b7880e2f981d3335ab715f7e6cdb58477 100644 (file)
--- a/providers/implementations/ciphers/ciphercommon.c
+++ b/providers/implementations/ciphers/ciphercommon.c
@@ -12,7 +12,7 @@
  */
 
 /* For SSL3_VERSION */
  */
 
 /* For SSL3_VERSION */

-#include <openssl/ssl.h>
+#include <openssl/prov_ssl.h>

 #include <openssl/proverr.h>
 #include "ciphercommon_local.h"
 #include "prov/provider_ctx.h"
 #include <openssl/proverr.h>
 #include "ciphercommon_local.h"
 #include "prov/provider_ctx.h"

diff --git a/providers/implementations/ciphers/ciphercommon_block.c b/providers/implementations/ciphers/ciphercommon_block.c
index 14f7503b3627a5c3ce4aa293cda2e121ab3142b7..6e6bb091e76ba8419c06cb78610b2c1de02f14c7 100644 (file)
--- a/providers/implementations/ciphers/ciphercommon_block.c
+++ b/providers/implementations/ciphers/ciphercommon_block.c
@@ -9,7 +9,7 @@
 
 #include <assert.h>
 /* For SSL3_VERSION, TLS1_VERSION etc */
 
 #include <assert.h>
 /* For SSL3_VERSION, TLS1_VERSION etc */

-#include <openssl/ssl.h>
+#include <openssl/prov_ssl.h>

 #include <openssl/rand.h>
 #include <openssl/proverr.h>
 #include "internal/constant_time.h"
 #include <openssl/rand.h>
 #include <openssl/proverr.h>
 #include "internal/constant_time.h"