From: Rich Salz Date: Tue, 27 Jan 2015 17:34:45 +0000 (-0500) Subject: OPENSSL_NO_xxx cleanup: SHA X-Git-Tag: OpenSSL_1_1_0-pre1~1757 X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=474e469bbd056aebcf7e7d3207ef820f2faed4ce OPENSSL_NO_xxx cleanup: SHA Remove support for SHA0 and DSS0 (they were broken), and remove the ability to attempt to build without SHA (it didn't work). For simplicity, remove the option of not building various SHA algorithms; you could argue that SHA_224/256/384/512 should be kept, since they're like crypto algorithms, but I decided to go the other way. So these options are gone: GENUINE_DSA OPENSSL_NO_SHA0 OPENSSL_NO_SHA OPENSSL_NO_SHA1 OPENSSL_NO_SHA224 OPENSSL_NO_SHA256 OPENSSL_NO_SHA384 OPENSSL_NO_SHA512 Reviewed-by: Richard Levitte --- diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 1e26c1333b..0de46f008d 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -58,7 +58,7 @@ */ #include -#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1) +#if !defined(OPENSSL_NO_DES) # include # include diff --git a/apps/progs.h b/apps/progs.h index c66da3036b..9a8a1923ee 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -128,7 +128,7 @@ FUNCTION functions[] = { {FUNC_TYPE_GENERAL, "ciphers", ciphers_main}, #endif {FUNC_TYPE_GENERAL, "nseq", nseq_main}, -#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1) +#if !defined(OPENSSL_NO_DES) {FUNC_TYPE_GENERAL, "pkcs12", pkcs12_main}, #endif {FUNC_TYPE_GENERAL, "pkcs8", pkcs8_main}, @@ -158,30 +158,18 @@ FUNCTION functions[] = { #ifndef OPENSSL_NO_MD5 {FUNC_TYPE_MD, "md5", dgst_main}, #endif -#ifndef OPENSSL_NO_SHA {FUNC_TYPE_MD, "sha", dgst_main}, -#endif -#ifndef OPENSSL_NO_SHA1 {FUNC_TYPE_MD, "sha1", dgst_main}, -#endif #ifndef OPENSSL_NO_MDC2 {FUNC_TYPE_MD, "mdc2", dgst_main}, #endif #ifndef OPENSSL_NO_RMD160 {FUNC_TYPE_MD, "rmd160", dgst_main}, #endif -#ifndef OPENSSL_NO_SHA224 {FUNC_TYPE_MD, "sha224", dgst_main}, -#endif -#ifndef OPENSSL_NO_SHA256 {FUNC_TYPE_MD, "sha256", dgst_main}, -#endif -#ifndef OPENSSL_NO_SHA384 {FUNC_TYPE_MD, "sha384", dgst_main}, -#endif -#ifndef OPENSSL_NO_SHA512 {FUNC_TYPE_MD, "sha512", dgst_main}, -#endif #ifndef OPENSSL_NO_AES {FUNC_TYPE_CIPHER, "aes-128-cbc", enc_main}, #endif diff --git a/apps/progs.pl b/apps/progs.pl index 8695742f28..09dd00b7ee 100644 --- a/apps/progs.pl +++ b/apps/progs.pl @@ -6,22 +6,22 @@ print "/* automatically generated by progs.pl for openssl.c */\n\n"; grep(s/^asn1pars$/asn1parse/,@ARGV); foreach (@ARGV) - { printf "extern int %s_main(int argc,char *argv[]);\n",$_; } + { printf "extern int %s_main(int argc, char *argv[]);\n",$_; } print <<'EOF'; -#define FUNC_TYPE_GENERAL 1 -#define FUNC_TYPE_MD 2 -#define FUNC_TYPE_CIPHER 3 -#define FUNC_TYPE_PKEY 4 -#define FUNC_TYPE_MD_ALG 5 -#define FUNC_TYPE_CIPHER_ALG 6 +#define FUNC_TYPE_GENERAL 1 +#define FUNC_TYPE_MD 2 +#define FUNC_TYPE_CIPHER 3 +#define FUNC_TYPE_PKEY 4 +#define FUNC_TYPE_MD_ALG 5 +#define FUNC_TYPE_CIPHER_ALG 6 typedef struct { - int type; - const char *name; - int (*func)(int argc,char *argv[]); - } FUNCTION; + int type; + const char *name; + int (*func) (int argc, char *argv[]); +} FUNCTION; DECLARE_LHASH_OF(FUNCTION); FUNCTION functions[] = { @@ -30,7 +30,7 @@ EOF foreach (@ARGV) { push(@files,$_); - $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; + $str=" {FUNC_TYPE_GENERAL, \"$_\", ${_}_main},\n"; if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) { print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; } elsif ( ($_ =~ /^engine$/)) @@ -44,7 +44,7 @@ foreach (@ARGV) elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/)) { print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; } elsif ( ($_ =~ /^pkcs12$/)) - { print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; } + { print "#if !defined(OPENSSL_NO_DES)\n${str}#endif\n"; } elsif ( ($_ =~ /^cms$/)) { print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; } elsif ( ($_ =~ /^ocsp$/)) @@ -58,7 +58,9 @@ foreach (@ARGV) foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160","sha224","sha256","sha384","sha512") { push(@files,$_); - printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n"; + printf "#ifndef OPENSSL_NO_".uc($_)."\n" if ! /sha/; + printf " {FUNC_TYPE_MD, \"".$_."\", dgst_main},\n"; + printf "#endif\n" if ! /sha/; } foreach ( @@ -84,7 +86,7 @@ foreach ( { push(@files,$_); - $t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_); + $t=sprintf(" {FUNC_TYPE_CIPHER, \"%s\", enc_main},\n", $_); if ($_ =~ /des/) { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; } elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; } elsif ($_ =~ /camellia/) { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; } @@ -99,4 +101,4 @@ foreach ( print $t; } -print "\t{0,NULL,NULL}\n\t};\n"; +print " {0, NULL, NULL}\n};\n"; diff --git a/apps/speed.c b/apps/speed.c index f5af9a345e..419dced807 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -137,9 +137,7 @@ # include #endif #include -#ifndef OPENSSL_NO_SHA # include -#endif #ifndef OPENSSL_NO_RMD160 # include #endif @@ -339,15 +337,10 @@ static const int KDF1_SHA1_len = 20; static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { -# ifndef OPENSSL_NO_SHA if (*outlen < SHA_DIGEST_LENGTH) return NULL; - else - *outlen = SHA_DIGEST_LENGTH; + *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); -# else - return NULL; -# endif /* OPENSSL_NO_SHA */ } #endif /* OPENSSL_NO_ECDH */ @@ -382,15 +375,9 @@ int MAIN(int argc, char **argv) unsigned char md5[MD5_DIGEST_LENGTH]; unsigned char hmac[MD5_DIGEST_LENGTH]; #endif -#ifndef OPENSSL_NO_SHA unsigned char sha[SHA_DIGEST_LENGTH]; -# ifndef OPENSSL_NO_SHA256 unsigned char sha256[SHA256_DIGEST_LENGTH]; -# endif -# ifndef OPENSSL_NO_SHA512 unsigned char sha512[SHA512_DIGEST_LENGTH]; -# endif -#endif #ifndef OPENSSL_NO_WHIRLPOOL unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH]; #endif @@ -827,23 +814,15 @@ int MAIN(int argc, char **argv) doit[D_HMAC] = 1; else #endif -#ifndef OPENSSL_NO_SHA if (strcmp(*argv, "sha1") == 0) doit[D_SHA1] = 1; else if (strcmp(*argv, "sha") == 0) doit[D_SHA1] = 1, doit[D_SHA256] = 1, doit[D_SHA512] = 1; - else -# ifndef OPENSSL_NO_SHA256 - if (strcmp(*argv, "sha256") == 0) + else if (strcmp(*argv, "sha256") == 0) doit[D_SHA256] = 1; - else -# endif -# ifndef OPENSSL_NO_SHA512 - if (strcmp(*argv, "sha512") == 0) + else if (strcmp(*argv, "sha512") == 0) doit[D_SHA512] = 1; else -# endif -#endif #ifndef OPENSSL_NO_WHIRLPOOL if (strcmp(*argv, "whirlpool") == 0) doit[D_WHIRLPOOL] = 1; @@ -1110,27 +1089,16 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "hmac "); # endif #endif -#ifndef OPENSSL_NO_SHA1 BIO_printf(bio_err, "sha1 "); -#endif -#ifndef OPENSSL_NO_SHA256 BIO_printf(bio_err, "sha256 "); -#endif -#ifndef OPENSSL_NO_SHA512 BIO_printf(bio_err, "sha512 "); -#endif #ifndef OPENSSL_NO_WHIRLPOOL BIO_printf(bio_err, "whirlpool"); #endif #ifndef OPENSSL_NO_RMD160 BIO_printf(bio_err, "rmd160"); #endif -#if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \ - !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \ - !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RMD160) || \ - !defined(OPENSSL_NO_WHIRLPOOL) BIO_printf(bio_err, "\n"); -#endif #ifndef OPENSSL_NO_IDEA BIO_printf(bio_err, "idea-cbc "); @@ -1660,23 +1628,16 @@ int MAIN(int argc, char **argv) HMAC_CTX_cleanup(&hctx); } #endif -#ifndef OPENSSL_NO_SHA if (doit[D_SHA1]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_SHA1], c[D_SHA1][j], lengths[j]); Time_F(START); for (count = 0, run = 1; COND(c[D_SHA1][j]); count++) -# if 0 - EVP_Digest(buf, (unsigned long)lengths[j], &(sha[0]), NULL, - EVP_sha1(), NULL); -# else SHA1(buf, lengths[j], sha); -# endif d = Time_F(STOP); print_result(D_SHA1, j, count, d); } } -# ifndef OPENSSL_NO_SHA256 if (doit[D_SHA256]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_SHA256], c[D_SHA256][j], lengths[j]); @@ -1687,9 +1648,6 @@ int MAIN(int argc, char **argv) print_result(D_SHA256, j, count, d); } } -# endif - -# ifndef OPENSSL_NO_SHA512 if (doit[D_SHA512]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_SHA512], c[D_SHA512][j], lengths[j]); @@ -1700,8 +1658,6 @@ int MAIN(int argc, char **argv) print_result(D_SHA512, j, count, d); } } -# endif -#endif #ifndef OPENSSL_NO_WHIRLPOOL if (doit[D_WHIRLPOOL]) { diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c index 027950330d..79eab4f398 100644 --- a/crypto/asn1/x_crl.c +++ b/crypto/asn1/x_crl.c @@ -220,9 +220,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, break; case ASN1_OP_D2I_POST: -#ifndef OPENSSL_NO_SHA X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL); -#endif crl->idp = X509_CRL_get_ext_d2i(crl, NID_issuing_distribution_point, NULL, NULL); diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index de6028698e..ecdce9ff14 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -289,7 +289,6 @@ int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) return bn_rand_range(1, r, range); } -#ifndef OPENSSL_NO_SHA512 /* * BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike * BN_rand_range, it also includes the contents of |priv| and |message| in @@ -362,4 +361,3 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, OPENSSL_free(k_bytes); return ret; } -#endif /* OPENSSL_NO_SHA512 */ diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c index b3d0fab14b..be1df138cb 100644 --- a/crypto/dsa/dsa_depr.c +++ b/crypto/dsa/dsa_depr.c @@ -58,37 +58,25 @@ * version(s). */ -#undef GENUINE_DSA - -#ifdef GENUINE_DSA -/* - * Parameter generation follows the original release of FIPS PUB 186, - * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) - */ -# define HASH EVP_sha() -#else /* * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB * 180-1) */ -# define HASH EVP_sha1() -#endif +#define xxxHASH EVP_sha1() static void *dummy = &dummy; -#ifndef OPENSSL_NO_SHA - -# include -# include -# include "cryptlib.h" -# include -# include -# include -# include -# include +#include +#include +#include "cryptlib.h" +#include +#include +#include +#include +#include -# ifndef OPENSSL_NO_DEPRECATED +#ifndef OPENSSL_NO_DEPRECATED DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, int *counter_ret, unsigned long *h_ret, @@ -117,5 +105,4 @@ DSA *DSA_generate_parameters(int bits, DSA_free(ret); return NULL; } -# endif #endif diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 5e92d93d9a..37b23c9f41 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -56,35 +56,23 @@ * [including the GNU Public Licence.] */ -#undef GENUINE_DSA - -#ifdef GENUINE_DSA -/* - * Parameter generation follows the original release of FIPS PUB 186, - * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) - */ -# define HASH EVP_sha() -#else /* * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB * 180-1) */ -# define HASH EVP_sha1() -#endif +#define xxxHASH EVP_sha1() #include /* To see if OPENSSL_NO_SHA is defined */ -#ifndef OPENSSL_NO_SHA +#include +#include "cryptlib.h" +#include +#include +#include +#include -# include -# include "cryptlib.h" -# include -# include -# include -# include - -# include "dsa_locl.h" +#include "dsa_locl.h" int DSA_generate_parameters_ex(DSA *ret, int bits, const unsigned char *seed_in, int seed_len, @@ -714,5 +702,3 @@ int dsa_paramgen_check_g(DSA *dsa) return rv; } - -#endif diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index 8584963609..1c05b0f80d 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -59,10 +59,9 @@ #include #include #include "cryptlib.h" -#ifndef OPENSSL_NO_SHA -# include -# include -# include +#include +#include +#include static int dsa_builtin_keygen(DSA *dsa); @@ -133,4 +132,3 @@ static int dsa_builtin_keygen(DSA *dsa) BN_CTX_free(ctx); return (ok); } -#endif diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index bd83227549..96f5d6fed1 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -258,7 +258,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, /* Get random k */ do { -#ifndef OPENSSL_NO_SHA512 if (dgst != NULL) { /* * We calculate k from SHA512(private_key + H(message) + random). @@ -267,9 +266,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, if (!BN_generate_dsa_nonce(k, dsa->q, dsa->priv_key, dgst, dlen, ctx)) goto err; - } else -#endif - if (!BN_rand_range(k, dsa->q)) + } else if (!BN_rand_range(k, dsa->q)) goto err; } while (BN_is_zero(k)); diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c index a791d63ca7..04b0cf30d0 100644 --- a/crypto/ecdh/ecdhtest.c +++ b/crypto/ecdh/ecdhtest.c @@ -103,15 +103,10 @@ static const int KDF1_SHA1_len = 20; static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { -# ifndef OPENSSL_NO_SHA if (*outlen < SHA_DIGEST_LENGTH) return NULL; - else - *outlen = SHA_DIGEST_LENGTH; + *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); -# else - return NULL; -# endif } static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out) diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c index 95d9dadc84..c232321cf9 100644 --- a/crypto/ecdsa/ecs_ossl.c +++ b/crypto/ecdsa/ecs_ossl.c @@ -140,7 +140,6 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, do { /* get random k */ do -#ifndef OPENSSL_NO_SHA512 if (dgst != NULL) { if (!BN_generate_dsa_nonce (k, order, EC_KEY_get0_private_key(eckey), dgst, dlen, @@ -149,9 +148,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); goto err; } - } else -#endif - { + } else { if (!BN_rand_range(k, order)) { ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 19c5213b5b..3e12ecf760 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -108,13 +108,6 @@ # undef TEST_ENG_OPENSSL_RC4_P_INIT # undef TEST_ENG_OPENSSL_RC4_P_CIPHER #endif -#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1) -# undef TEST_ENG_OPENSSL_SHA -# undef TEST_ENG_OPENSSL_SHA_OTHERS -# undef TEST_ENG_OPENSSL_SHA_P_INIT -# undef TEST_ENG_OPENSSL_SHA_P_UPDATE -# undef TEST_ENG_OPENSSL_SHA_P_FINAL -#endif #ifdef TEST_ENG_OPENSSL_RC4 static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index fd5727dd45..f882096ceb 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -22,7 +22,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \ e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\ e_rc4.c e_aes.c names.c e_seed.c \ e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \ - m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c m_wp.c \ + m_null.c m_md2.c m_md4.c m_md5.c m_sha1.c m_wp.c \ m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ @@ -35,7 +35,7 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \ e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\ e_rc4.o e_aes.o names.o e_seed.o \ e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \ - m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o m_wp.o \ + m_null.o m_md2.o m_md4.o m_md5.o m_sha1.o m_wp.o \ m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\ p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \ bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \ @@ -568,19 +568,6 @@ m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h m_ripemd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h m_ripemd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_ripemd.c -m_sha.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -m_sha.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_sha.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_sha.o: ../cryptlib.h m_sha.c m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index 0a1f90a079..174a419883 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -214,14 +214,10 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_aes_256_wrap_pad()); EVP_add_cipher_alias(SN_aes_256_cbc, "AES256"); EVP_add_cipher_alias(SN_aes_256_cbc, "aes256"); -# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); -# endif -# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); -# endif #endif #ifndef OPENSSL_NO_CAMELLIA diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c index 7e1200b157..0d4278b86a 100644 --- a/crypto/evp/c_alld.c +++ b/crypto/evp/c_alld.c @@ -71,13 +71,6 @@ void OpenSSL_add_all_digests(void) EVP_add_digest(EVP_md5()); EVP_add_digest_alias(SN_md5, "ssl3-md5"); #endif -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) - EVP_add_digest(EVP_sha()); -# ifndef OPENSSL_NO_DSA - EVP_add_digest(EVP_dss()); -# endif -#endif -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) EVP_add_digest(EVP_sha1()); EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); @@ -90,7 +83,6 @@ void OpenSSL_add_all_digests(void) # ifndef OPENSSL_NO_ECDSA EVP_add_digest(EVP_ecdsa()); # endif -#endif #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) EVP_add_digest(EVP_mdc2()); #endif @@ -99,14 +91,10 @@ void OpenSSL_add_all_digests(void) EVP_add_digest_alias(SN_ripemd160, "ripemd"); EVP_add_digest_alias(SN_ripemd160, "rmd160"); #endif -#ifndef OPENSSL_NO_SHA256 EVP_add_digest(EVP_sha224()); EVP_add_digest(EVP_sha256()); -#endif -#ifndef OPENSSL_NO_SHA512 EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); -#endif #ifndef OPENSSL_NO_WHIRLPOOL EVP_add_digest(EVP_whirlpool()); #endif diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c index e0127a9bb2..960be3cdbc 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -52,7 +52,7 @@ #include #include -#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA1) +#if !defined(OPENSSL_NO_AES) # include # include diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index 598c096d9e..bea8f6dd50 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -52,7 +52,7 @@ #include #include -#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA256) +#if !defined(OPENSSL_NO_AES) # include # include diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 0627a63b55..73d792304f 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -374,9 +374,8 @@ const EVP_CIPHER *EVP_des_ede3(void) return &des_ede3_ecb; } -# ifndef OPENSSL_NO_SHA -# include +# include static const unsigned char wrap_iv[8] = { 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 }; @@ -482,5 +481,4 @@ const EVP_CIPHER *EVP_des_ede3_wrap(void) return &des3_wrap; } -# endif #endif diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 7a95de0b1d..ca7447f540 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -759,21 +759,13 @@ const EVP_MD *EVP_md4(void); # ifndef OPENSSL_NO_MD5 const EVP_MD *EVP_md5(void); # endif -# ifndef OPENSSL_NO_SHA -const EVP_MD *EVP_sha(void); const EVP_MD *EVP_sha1(void); -const EVP_MD *EVP_dss(void); const EVP_MD *EVP_dss1(void); const EVP_MD *EVP_ecdsa(void); -# endif -# ifndef OPENSSL_NO_SHA256 const EVP_MD *EVP_sha224(void); const EVP_MD *EVP_sha256(void); -# endif -# ifndef OPENSSL_NO_SHA512 const EVP_MD *EVP_sha384(void); const EVP_MD *EVP_sha512(void); -# endif # ifndef OPENSSL_NO_MDC2 const EVP_MD *EVP_mdc2(void); # endif @@ -917,14 +909,10 @@ const EVP_CIPHER *EVP_aes_256_wrap_pad(void); # ifndef OPENSSL_NO_OCB const EVP_CIPHER *EVP_aes_256_ocb(void); # endif -# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); -# endif -# ifndef OPENSSL_NO_SHA256 const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void); const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void); -# endif # endif # ifndef OPENSSL_NO_CAMELLIA const EVP_CIPHER *EVP_camellia_128_ecb(void); diff --git a/crypto/evp/m_dss.c b/crypto/evp/m_dss.c index 221eda4cf7..7fa1ca36e6 100644 --- a/crypto/evp/m_dss.c +++ b/crypto/evp/m_dss.c @@ -65,7 +65,6 @@ # include #endif -#ifndef OPENSSL_NO_SHA static int init(EVP_MD_CTX *ctx) { @@ -101,4 +100,3 @@ const EVP_MD *EVP_dss(void) { return (&dsa_md); } -#endif diff --git a/crypto/evp/m_dss1.c b/crypto/evp/m_dss1.c index a80a865769..41b837cd77 100644 --- a/crypto/evp/m_dss1.c +++ b/crypto/evp/m_dss1.c @@ -59,14 +59,12 @@ #include #include "cryptlib.h" -#ifndef OPENSSL_NO_SHA - -# include -# include -# include -# ifndef OPENSSL_NO_DSA -# include -# endif +#include +#include +#include +#ifndef OPENSSL_NO_DSA +# include +#endif static int init(EVP_MD_CTX *ctx) { @@ -102,4 +100,3 @@ const EVP_MD *EVP_dss1(void) { return (&dss1_md); } -#endif diff --git a/crypto/evp/m_ecdsa.c b/crypto/evp/m_ecdsa.c index b774e41fda..181f19f744 100644 --- a/crypto/evp/m_ecdsa.c +++ b/crypto/evp/m_ecdsa.c @@ -115,8 +115,6 @@ #include #include -#ifndef OPENSSL_NO_SHA - static int init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); @@ -151,4 +149,3 @@ const EVP_MD *EVP_ecdsa(void) { return (&ecdsa_md); } -#endif diff --git a/crypto/evp/m_sha.c b/crypto/evp/m_sha.c deleted file mode 100644 index 548fae424c..0000000000 --- a/crypto/evp/m_sha.c +++ /dev/null @@ -1,105 +0,0 @@ -/* crypto/evp/m_sha.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" - -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) - -# include -# include -# include -# ifndef OPENSSL_NO_RSA -# include -# endif - -static int init(EVP_MD_CTX *ctx) -{ - return SHA_Init(ctx->md_data); -} - -static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA_Update(ctx->md_data, data, count); -} - -static int final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA_Final(md, ctx->md_data); -} - -static const EVP_MD sha_md = { - NID_sha, - NID_shaWithRSAEncryption, - SHA_DIGEST_LENGTH, - 0, - init, - update, - final, - NULL, - NULL, - EVP_PKEY_RSA_method, - SHA_CBLOCK, - sizeof(EVP_MD *) + sizeof(SHA_CTX), -}; - -const EVP_MD *EVP_sha(void) -{ - return (&sha_md); -} -#endif diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c index 83edc40638..9ab8c9093e 100644 --- a/crypto/evp/m_sha1.c +++ b/crypto/evp/m_sha1.c @@ -59,14 +59,12 @@ #include #include "cryptlib.h" -#ifndef OPENSSL_NO_SHA - -# include -# include -# include -# ifndef OPENSSL_NO_RSA -# include -# endif +#include +#include +#include +#ifndef OPENSSL_NO_RSA +# include +#endif static int init(EVP_MD_CTX *ctx) { @@ -102,9 +100,7 @@ const EVP_MD *EVP_sha1(void) { return (&sha1_md); } -#endif -#ifndef OPENSSL_NO_SHA256 static int init224(EVP_MD_CTX *ctx) { return SHA224_Init(ctx->md_data); @@ -169,9 +165,7 @@ const EVP_MD *EVP_sha256(void) { return (&sha256_md); } -#endif /* ifndef OPENSSL_NO_SHA256 */ -#ifndef OPENSSL_NO_SHA512 static int init384(EVP_MD_CTX *ctx) { return SHA384_Init(ctx->md_data); @@ -232,4 +226,3 @@ const EVP_MD *EVP_sha512(void) { return (&sha512_md); } -#endif /* ifndef OPENSSL_NO_SHA512 */ diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index f2ae1e5790..b9c4dcbeda 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -59,7 +59,7 @@ #include #include #include "cryptlib.h" -#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) +#if !defined(OPENSSL_NO_HMAC) # include # include # include diff --git a/crypto/evp/p5_crpt2_test.c b/crypto/evp/p5_crpt2_test.c index 451c580a07..01661b15ed 100644 --- a/crypto/evp/p5_crpt2_test.c +++ b/crypto/evp/p5_crpt2_test.c @@ -60,14 +60,6 @@ #include #include -#ifdef OPENSSL_NO_SHA -int main(int argc, char *argv[]) -{ - printf("No SHA support\n"); - return (0); -} -#else - typedef struct { const char *pass; int passlen; @@ -200,15 +192,9 @@ int main(int argc, char **argv) printf("PKCS5_PBKDF2_HMAC() tests "); for (i = 0; test->pass != NULL; i++, test++) { -# ifndef OPENSSL_NO_SHA0 test_p5_pbkdf2(i, "sha1", test, sha1_results[i]); -# endif -# ifndef OPENSSL_NO_SHA256 test_p5_pbkdf2(i, "sha256", test, sha256_results[i]); -# endif -# ifndef OPENSSL_NO_SHA512 test_p5_pbkdf2(i, "sha512", test, sha512_results[i]); -# endif printf("."); } printf(" done\n"); @@ -223,4 +209,3 @@ int main(int argc, char **argv) CRYPTO_mem_leaks_fp(stderr); return 0; } -#endif /* OPENSSL_NO_SHA */ diff --git a/crypto/lhash/lhash.h b/crypto/lhash/lhash.h index 92ec80af4b..cb01854138 100644 --- a/crypto/lhash/lhash.h +++ b/crypto/lhash/lhash.h @@ -178,6 +178,10 @@ void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg); unsigned long lh_strhash(const char *c); unsigned long lh_num_items(const _LHASH *lh); +# ifndef OPENSSL_NO_STDIO +void lh_stats(const _LHASH *lh, FILE *fp); +void lh_node_stats(const _LHASH *lh, FILE *fp); +# endif void lh_stats_bio(const _LHASH *lh, BIO *out); void lh_node_stats_bio(const _LHASH *lh, BIO *out); void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out); diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index 442a5b63d4..24ca40eef1 100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -81,10 +81,8 @@ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer) X509_NAME *iname; ASN1_INTEGER *serial; ASN1_BIT_STRING *ikey; -#ifndef OPENSSL_NO_SHA1 if (!dgst) dgst = EVP_sha1(); -#endif if (subject) { iname = X509_get_issuer_name(subject); serial = X509_get_serialNumber(subject); diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h index e2f784479d..3ced44d803 100644 --- a/crypto/rand/rand_lcl.h +++ b/crypto/rand/rand_lcl.h @@ -115,17 +115,7 @@ # define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */ # if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) -# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) -# define USE_SHA1_RAND -# elif !defined(OPENSSL_NO_MD5) -# define USE_MD5_RAND -# elif !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) -# define USE_MDC2_RAND -# elif !defined(OPENSSL_NO_MD2) -# define USE_MD2_RAND -# else -# error No message digest algorithm available -# endif +# define USE_SHA1_RAND # endif # include diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index b8d9221592..73a8e07d35 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -193,11 +193,9 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, case RSA_PKCS1_PADDING: i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen); break; -# ifndef OPENSSL_NO_SHA case RSA_PKCS1_OAEP_PADDING: i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0); break; -# endif case RSA_SSLV23_PADDING: i = RSA_padding_add_SSLv23(buf, num, from, flen); break; @@ -603,11 +601,9 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, case RSA_PKCS1_PADDING: r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num); break; -# ifndef OPENSSL_NO_SHA case RSA_PKCS1_OAEP_PADDING: r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0); break; -# endif case RSA_SSLV23_PADDING: r = RSA_padding_check_SSLv23(to, num, buf, j, num); break; diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index ebaad1a8ac..ab8f9ec078 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -19,14 +19,13 @@ #include "constant_time_locl.h" -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) -# include -# include "cryptlib.h" -# include -# include -# include -# include -# include +#include +#include "cryptlib.h" +#include +#include +#include +#include +#include int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, const unsigned char *from, int flen, @@ -76,11 +75,11 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen); if (RAND_bytes(seed, mdlen) <= 0) return 0; -# ifdef PKCS_TESTVECT +#ifdef PKCS_TESTVECT memcpy(seed, "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f", 20); -# endif +#endif dbmask = OPENSSL_malloc(emlen - mdlen); if (dbmask == NULL) { @@ -279,5 +278,3 @@ int PKCS1_MGF1(unsigned char *mask, long len, EVP_MD_CTX_cleanup(&c); return rv; } - -#endif diff --git a/crypto/sha/Makefile b/crypto/sha/Makefile index a8c0cf7850..c72bba69bd 100644 --- a/crypto/sha/Makefile +++ b/crypto/sha/Makefile @@ -22,8 +22,8 @@ TEST=shatest.c sha1test.c sha256t.c sha512t.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c sha256.c sha512.c -LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o sha256.o sha512.o $(SHA1_ASM_OBJ) +LIBSRC=sha1dgst.c sha1_one.c sha256.c sha512.c +LIBOBJ=sha1dgst.o sha1_one.o sha256.o sha512.o $(SHA1_ASM_OBJ) SRC= $(LIBSRC) @@ -162,14 +162,3 @@ sha512.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h sha512.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h sha512.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h sha512.o: ../cryptlib.h sha512.c -sha_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -sha_dgst.o: ../../include/openssl/opensslconf.h -sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -sha_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -sha_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h -sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -sha_one.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -sha_one.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -sha_one.o: ../../include/openssl/symhacks.h sha_one.c diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h index d76790b35a..e35f328943 100644 --- a/crypto/sha/sha.h +++ b/crypto/sha/sha.h @@ -66,10 +66,6 @@ extern "C" { #endif -# if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1)) -# error SHA is disabled. -# endif - /*- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! * ! SHA_LONG has to be at least 32 bits wide. ! @@ -91,26 +87,15 @@ typedef struct SHAstate_st { unsigned int num; } SHA_CTX; -# ifndef OPENSSL_NO_SHA0 -int SHA_Init(SHA_CTX *c); -int SHA_Update(SHA_CTX *c, const void *data, size_t len); -int SHA_Final(unsigned char *md, SHA_CTX *c); -unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md); -void SHA_Transform(SHA_CTX *c, const unsigned char *data); -# endif -# ifndef OPENSSL_NO_SHA1 int SHA1_Init(SHA_CTX *c); int SHA1_Update(SHA_CTX *c, const void *data, size_t len); int SHA1_Final(unsigned char *md, SHA_CTX *c); unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); void SHA1_Transform(SHA_CTX *c, const unsigned char *data); -# endif # define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a * contiguous array of 32 bit wide * big-endian values. */ -# define SHA224_DIGEST_LENGTH 28 -# define SHA256_DIGEST_LENGTH 32 typedef struct SHA256state_st { SHA_LONG h[8]; @@ -119,7 +104,6 @@ typedef struct SHA256state_st { unsigned int num, md_len; } SHA256_CTX; -# ifndef OPENSSL_NO_SHA256 int SHA224_Init(SHA256_CTX *c); int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); int SHA224_Final(unsigned char *md, SHA256_CTX *c); @@ -129,12 +113,12 @@ int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); int SHA256_Final(unsigned char *md, SHA256_CTX *c); unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md); void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); -# endif +# define SHA224_DIGEST_LENGTH 28 +# define SHA256_DIGEST_LENGTH 32 # define SHA384_DIGEST_LENGTH 48 # define SHA512_DIGEST_LENGTH 64 -# ifndef OPENSSL_NO_SHA512 /* * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 * being exactly 64-bit wide. See Implementation Notes in sha512.c @@ -145,17 +129,17 @@ void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); * contiguous array of 64 bit * wide big-endian values. */ -# define SHA512_CBLOCK (SHA_LBLOCK*8) -# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) -# define SHA_LONG64 unsigned __int64 -# define U64(C) C##UI64 -# elif defined(__arch64__) -# define SHA_LONG64 unsigned long -# define U64(C) C##UL -# else -# define SHA_LONG64 unsigned long long -# define U64(C) C##ULL -# endif +# define SHA512_CBLOCK (SHA_LBLOCK*8) +# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +# define SHA_LONG64 unsigned __int64 +# define U64(C) C##UI64 +# elif defined(__arch64__) +# define SHA_LONG64 unsigned long +# define U64(C) C##UL +# else +# define SHA_LONG64 unsigned long long +# define U64(C) C##ULL +# endif typedef struct SHA512state_st { SHA_LONG64 h[8]; @@ -166,9 +150,7 @@ typedef struct SHA512state_st { } u; unsigned int num, md_len; } SHA512_CTX; -# endif -# ifndef OPENSSL_NO_SHA512 int SHA384_Init(SHA512_CTX *c); int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); int SHA384_Final(unsigned char *md, SHA512_CTX *c); @@ -178,7 +160,6 @@ int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); int SHA512_Final(unsigned char *md, SHA512_CTX *c); unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md); void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); -# endif #ifdef __cplusplus } diff --git a/crypto/sha/sha1_one.c b/crypto/sha/sha1_one.c index a6dd760a1e..4a59115664 100644 --- a/crypto/sha/sha1_one.c +++ b/crypto/sha/sha1_one.c @@ -61,7 +61,6 @@ #include #include -#ifndef OPENSSL_NO_SHA1 unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) { SHA_CTX c; @@ -76,4 +75,3 @@ unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) OPENSSL_cleanse(&c, sizeof(c)); return (md); } -#endif diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c index a67f1fe364..9f1b8f0630 100644 --- a/crypto/sha/sha1dgst.c +++ b/crypto/sha/sha1dgst.c @@ -58,10 +58,6 @@ #include #include -#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA) - -# undef SHA_0 -# define SHA_1 # include @@ -70,5 +66,3 @@ const char SHA1_version[] = "SHA1" OPENSSL_VERSION_PTEXT; /* The implementation is in ../md32_common.h */ # include "sha_locl.h" - -#endif diff --git a/crypto/sha/sha1test.c b/crypto/sha/sha1test.c index 0052a95c7d..cc3633dc68 100644 --- a/crypto/sha/sha1test.c +++ b/crypto/sha/sha1test.c @@ -61,23 +61,12 @@ #include #include "../e_os.h" +#include +#include -#ifdef OPENSSL_NO_SHA -int main(int argc, char *argv[]) -{ - printf("No SHA support\n"); - return (0); -} -#else -# include -# include - -# ifdef CHARSET_EBCDIC -# include -# endif - -# undef SHA_0 /* FIPS 180 */ -# define SHA_1 /* FIPS 180-1 */ +#ifdef CHARSET_EBCDIC +# include +#endif static char *test[] = { "abc", @@ -85,22 +74,12 @@ static char *test[] = { NULL, }; -# ifdef SHA_0 -static char *ret[] = { - "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880", - "d2516ee1acfa5baf33dfc1c471e438449ef134c8", -}; - -static char *bigret = "3232affa48628a26653b5aaa44541fd90d690603"; -# endif -# ifdef SHA_1 static char *ret[] = { "a9993e364706816aba3e25717850c26c9cd0d89d", "84983e441c3bd26ebaae4aa1f95129e5e54670f1", }; static char *bigret = "34aa973cd4c4daa4f61eeb2bdbad27316534016f"; -# endif static char *pt(unsigned char *md); int main(int argc, char *argv[]) @@ -112,10 +91,10 @@ int main(int argc, char *argv[]) EVP_MD_CTX c; unsigned char md[SHA_DIGEST_LENGTH]; -# ifdef CHARSET_EBCDIC +#ifdef CHARSET_EBCDIC ebcdic2ascii(test[0], test[0], strlen(test[0])); ebcdic2ascii(test[1], test[1], strlen(test[1])); -# endif +#endif EVP_MD_CTX_init(&c); P = test; @@ -136,9 +115,9 @@ int main(int argc, char *argv[]) } memset(buf, 'a', 1000); -# ifdef CHARSET_EBCDIC +#ifdef CHARSET_EBCDIC ebcdic2ascii(buf, buf, 1000); -# endif /* CHARSET_EBCDIC */ +#endif /* CHARSET_EBCDIC */ EVP_DigestInit_ex(&c, EVP_sha1(), NULL); for (i = 0; i < 1000; i++) EVP_DigestUpdate(&c, buf, 1000); @@ -153,10 +132,10 @@ int main(int argc, char *argv[]) } else printf("test 3 ok\n"); -# ifdef OPENSSL_SYS_NETWARE +#ifdef OPENSSL_SYS_NETWARE if (err) printf("ERROR: %d\n", err); -# endif +#endif EXIT(err); EVP_MD_CTX_cleanup(&c); return (0); @@ -171,4 +150,3 @@ static char *pt(unsigned char *md) sprintf(&(buf[i * 2]), "%02x", md[i]); return (buf); } -#endif diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c index 92d8dd84f2..eec0cadf98 100644 --- a/crypto/sha/sha256.c +++ b/crypto/sha/sha256.c @@ -5,14 +5,13 @@ * ==================================================================== */ #include -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) -# include -# include +#include +#include -# include -# include -# include +#include +#include +#include const char SHA256_version[] = "SHA-256" OPENSSL_VERSION_PTEXT; @@ -84,11 +83,12 @@ int SHA224_Final(unsigned char *md, SHA256_CTX *c) return SHA256_Final(md, c); } -# define DATA_ORDER_IS_BIG_ENDIAN +#define DATA_ORDER_IS_BIG_ENDIAN + +#define HASH_LONG SHA_LONG +#define HASH_CTX SHA256_CTX +#define HASH_CBLOCK SHA_CBLOCK -# define HASH_LONG SHA_LONG -# define HASH_CTX SHA256_CTX -# define HASH_CBLOCK SHA_CBLOCK /* * Note that FIPS180-2 discusses "Truncation of the Hash Function Output." * default: case below covers for it. It's not clear however if it's @@ -97,7 +97,7 @@ int SHA224_Final(unsigned char *md, SHA256_CTX *c) * Idea behind separate cases for pre-defined lenghts is to let the * compiler decide if it's appropriate to unroll small loops. */ -# define HASH_MAKE_STRING(c,s) do { \ +#define HASH_MAKE_STRING(c,s) do { \ unsigned long ll; \ unsigned int nn; \ switch ((c)->md_len) \ @@ -118,18 +118,18 @@ int SHA224_Final(unsigned char *md, SHA256_CTX *c) } \ } while (0) -# define HASH_UPDATE SHA256_Update -# define HASH_TRANSFORM SHA256_Transform -# define HASH_FINAL SHA256_Final -# define HASH_BLOCK_DATA_ORDER sha256_block_data_order -# ifndef SHA256_ASM +#define HASH_UPDATE SHA256_Update +#define HASH_TRANSFORM SHA256_Transform +#define HASH_FINAL SHA256_Final +#define HASH_BLOCK_DATA_ORDER sha256_block_data_order +#ifndef SHA256_ASM static -# endif +#endif void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num); -# include "md32_common.h" +#include "md32_common.h" -# ifndef SHA256_ASM +#ifndef SHA256_ASM static const SHA_LONG K256[64] = { 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, @@ -154,15 +154,15 @@ static const SHA_LONG K256[64] = { * is left one. This is why you might notice that rotation coefficients * differ from those observed in FIPS document by 32-N... */ -# define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10)) -# define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7)) -# define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3)) -# define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10)) +# define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10)) +# define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7)) +# define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3)) +# define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10)) -# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) +# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) -# ifdef OPENSSL_SMALL_FOOTPRINT +# ifdef OPENSSL_SMALL_FOOTPRINT static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num) @@ -229,14 +229,14 @@ static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, } } -# else +# else -# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ +# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \ h = Sigma0(a) + Maj(a,b,c); \ d += T1; h += T1; } while (0) -# define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \ +# define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \ s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ @@ -381,7 +381,5 @@ static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, } } -# endif -# endif /* SHA256_ASM */ - -#endif /* OPENSSL_NO_SHA256 */ +# endif +#endif /* SHA256_ASM */ diff --git a/crypto/sha/sha256t.c b/crypto/sha/sha256t.c index 476702c7ed..0872f346b7 100644 --- a/crypto/sha/sha256t.c +++ b/crypto/sha/sha256t.c @@ -10,14 +10,6 @@ #include #include -#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA256) -int main(int argc, char *argv[]) -{ - printf("No SHA256 support\n"); - return (0); -} -#else - unsigned char app_b1[SHA256_DIGEST_LENGTH] = { 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, @@ -159,4 +151,3 @@ int main(int argc, char **argv) return 0; } -#endif diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c index d79c2a0e70..f934c74414 100644 --- a/crypto/sha/sha512.c +++ b/crypto/sha/sha512.c @@ -5,7 +5,6 @@ * ==================================================================== */ #include -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) /*- * IMPLEMENTATION NOTES. * @@ -41,24 +40,24 @@ * 16-bit platforms. * */ -# include -# include +#include +#include -# include -# include -# include +#include +#include +#include -# include "cryptlib.h" +#include "cryptlib.h" const char SHA512_version[] = "SHA-512" OPENSSL_VERSION_PTEXT; -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ defined(__s390__) || defined(__s390x__) || \ defined(__aarch64__) || \ defined(SHA512_ASM) -# define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA -# endif +# define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA +#endif int SHA384_Init(SHA512_CTX *c) { @@ -96,9 +95,9 @@ int SHA512_Init(SHA512_CTX *c) return 1; } -# ifndef SHA512_ASM +#ifndef SHA512_ASM static -# endif +#endif void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num); int SHA512_Final(unsigned char *md, SHA512_CTX *c) @@ -113,10 +112,10 @@ int SHA512_Final(unsigned char *md, SHA512_CTX *c) sha512_block_data_order(c, p, 1); memset(p + n, 0, sizeof(c->u) - 16 - n); -# ifdef B_ENDIAN +#ifdef B_ENDIAN c->u.d[SHA_LBLOCK - 2] = c->Nh; c->u.d[SHA_LBLOCK - 1] = c->Nl; -# else +#else p[sizeof(c->u) - 1] = (unsigned char)(c->Nl); p[sizeof(c->u) - 2] = (unsigned char)(c->Nl >> 8); p[sizeof(c->u) - 3] = (unsigned char)(c->Nl >> 16); @@ -133,7 +132,7 @@ int SHA512_Final(unsigned char *md, SHA512_CTX *c) p[sizeof(c->u) - 14] = (unsigned char)(c->Nh >> 40); p[sizeof(c->u) - 15] = (unsigned char)(c->Nh >> 48); p[sizeof(c->u) - 16] = (unsigned char)(c->Nh >> 56); -# endif +#endif sha512_block_data_order(c, p, 1); @@ -213,14 +212,14 @@ int SHA512_Update(SHA512_CTX *c, const void *_data, size_t len) } if (len >= sizeof(c->u)) { -# ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA +#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA if ((size_t)data % sizeof(c->u.d[0]) != 0) while (len >= sizeof(c->u)) memcpy(p, data, sizeof(c->u)), sha512_block_data_order(c, p, 1), len -= sizeof(c->u), data += sizeof(c->u); else -# endif +#endif sha512_block_data_order(c, data, len / sizeof(c->u)), data += len, len %= sizeof(c->u), data -= len; } @@ -238,10 +237,10 @@ int SHA384_Update(SHA512_CTX *c, const void *data, size_t len) void SHA512_Transform(SHA512_CTX *c, const unsigned char *data) { -# ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA +#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA if ((size_t)data % sizeof(c->u.d[0]) != 0) memcpy(c->u.p, data, sizeof(c->u.p)), data = c->u.p; -# endif +#endif sha512_block_data_order(c, data, 1); } @@ -273,7 +272,7 @@ unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md) return (md); } -# ifndef SHA512_ASM +#ifndef SHA512_ASM static const SHA_LONG64 K512[80] = { U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd), U64(0xb5c0fbcfec4d3b2f), U64(0xe9b5dba58189dbbc), @@ -317,23 +316,23 @@ static const SHA_LONG64 K512[80] = { U64(0x5fcb6fab3ad6faec), U64(0x6c44198c4a475817) }; -# ifndef PEDANTIC -# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -# if defined(__x86_64) || defined(__x86_64__) -# define ROTR(a,n) ({ SHA_LONG64 ret; \ +# ifndef PEDANTIC +# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +# if defined(__x86_64) || defined(__x86_64__) +# define ROTR(a,n) ({ SHA_LONG64 ret; \ asm ("rorq %1,%0" \ : "=r"(ret) \ : "J"(n),"0"(a) \ : "cc"); ret; }) -# if !defined(B_ENDIAN) -# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ +# if !defined(B_ENDIAN) +# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ asm ("bswapq %0" \ : "=r"(ret) \ : "0"(ret)); ret; }) -# endif -# elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN) -# if defined(I386_ONLY) -# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ +# endif +# elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN) +# if defined(I386_ONLY) +# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ unsigned int hi=p[0],lo=p[1]; \ asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\ "roll $16,%%eax; roll $16,%%edx; "\ @@ -341,39 +340,39 @@ static const SHA_LONG64 K512[80] = { : "=a"(lo),"=d"(hi) \ : "0"(lo),"1"(hi) : "cc"); \ ((SHA_LONG64)hi)<<32|lo; }) -# else -# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ +# else +# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ unsigned int hi=p[0],lo=p[1]; \ asm ("bswapl %0; bswapl %1;" \ : "=r"(lo),"=r"(hi) \ : "0"(lo),"1"(hi)); \ ((SHA_LONG64)hi)<<32|lo; }) -# endif -# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) -# define ROTR(a,n) ({ SHA_LONG64 ret; \ +# endif +# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) +# define ROTR(a,n) ({ SHA_LONG64 ret; \ asm ("rotrdi %0,%1,%2" \ : "=r"(ret) \ : "r"(a),"K"(n)); ret; }) -# elif defined(__aarch64__) -# define ROTR(a,n) ({ SHA_LONG64 ret; \ +# elif defined(__aarch64__) +# define ROTR(a,n) ({ SHA_LONG64 ret; \ asm ("ror %0,%1,%2" \ : "=r"(ret) \ : "r"(a),"I"(n)); ret; }) -# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ +# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ -# define PULL64(x) ({ SHA_LONG64 ret; \ +# define PULL64(x) ({ SHA_LONG64 ret; \ asm ("rev %0,%1" \ : "=r"(ret) \ : "r"(*((const SHA_LONG64 *)(&(x))))); ret; }) -# endif # endif -# elif defined(_MSC_VER) -# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ -# pragma intrinsic(_rotr64) -# define ROTR(a,n) _rotr64((a),n) -# endif -# if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -# if defined(I386_ONLY) +# endif +# elif defined(_MSC_VER) +# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ +# pragma intrinsic(_rotr64) +# define ROTR(a,n) _rotr64((a),n) +# endif +# if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +# if defined(I386_ONLY) static SHA_LONG64 __fastcall __pull64be(const void *x) { _asm mov edx,[ecx + 0] @@ -381,34 +380,34 @@ static SHA_LONG64 __fastcall __pull64be(const void *x) _asm xchg dh, dl _asm xchg ah, al _asm rol edx, 16 _asm rol eax, 16 _asm xchg dh, dl _asm xchg ah, al} -# else +# else static SHA_LONG64 __fastcall __pull64be(const void *x) { _asm mov edx,[ecx + 0] _asm mov eax,[ecx + 4] _asm bswap edx _asm bswap eax} -# endif -# define PULL64(x) __pull64be(&(x)) -# if _MSC_VER<=1200 -# pragma inline_depth(0) -# endif +# endif +# define PULL64(x) __pull64be(&(x)) +# if _MSC_VER<=1200 +# pragma inline_depth(0) # endif # endif # endif -# ifndef PULL64 -# define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8)) -# define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7)) -# endif -# ifndef ROTR -# define ROTR(x,s) (((x)>>s) | (x)<<(64-s)) -# endif -# define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) -# define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) -# define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) -# define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) -# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) +# endif +# ifndef PULL64 +# define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8)) +# define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7)) +# endif +# ifndef ROTR +# define ROTR(x,s) (((x)>>s) | (x)<<(64-s)) +# endif +# define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) +# define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) +# define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) +# define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) +# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) +# if defined(__i386) || defined(__i386__) || defined(_M_IX86) /* * This code should give better results on 32-bit CPU with less than * ~24 registers, both size and performance wise... @@ -433,11 +432,11 @@ _asm bswap edx _asm bswap eax} F[7] = ctx->h[7]; for (i = 0; i < 16; i++, F--) { -# ifdef B_ENDIAN +# ifdef B_ENDIAN T = W[i]; -# else +# else T = PULL64(W[i]); -# endif +# endif F[0] = A; F[4] = E; F[8] = T; @@ -472,7 +471,7 @@ _asm bswap edx _asm bswap eax} } } -# elif defined(OPENSSL_SMALL_FOOTPRINT) +# elif defined(OPENSSL_SMALL_FOOTPRINT) static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num) { @@ -493,11 +492,11 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, h = ctx->h[7]; for (i = 0; i < 16; i++) { -# ifdef B_ENDIAN +# ifdef B_ENDIAN T1 = X[i] = W[i]; -# else +# else T1 = X[i] = PULL64(W[i]); -# endif +# endif T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i]; T2 = Sigma0(a) + Maj(a, b, c); h = g; @@ -542,12 +541,12 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, } } -# else -# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ +# else +# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \ h = Sigma0(a) + Maj(a,b,c); \ d += T1; h += T1; } while (0) -# define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X) do { \ +# define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X) do { \ s0 = X[(j+1)&0x0f]; s0 = sigma0(s0); \ s1 = X[(j+14)&0x0f]; s1 = sigma1(s1); \ T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f]; \ @@ -571,7 +570,7 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, g = ctx->h[6]; h = ctx->h[7]; -# ifdef B_ENDIAN +# ifdef B_ENDIAN T1 = X[0] = W[0]; ROUND_00_15(0, a, b, c, d, e, f, g, h); T1 = X[1] = W[1]; @@ -604,7 +603,7 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, ROUND_00_15(14, c, d, e, f, g, h, a, b); T1 = X[15] = W[15]; ROUND_00_15(15, b, c, d, e, f, g, h, a); -# else +# else T1 = X[0] = PULL64(W[0]); ROUND_00_15(0, a, b, c, d, e, f, g, h); T1 = X[1] = PULL64(W[1]); @@ -637,7 +636,7 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, ROUND_00_15(14, c, d, e, f, g, h, a, b); T1 = X[15] = PULL64(W[15]); ROUND_00_15(15, b, c, d, e, f, g, h, a); -# endif +# endif for (i = 16; i < 80; i += 16) { ROUND_16_80(i, 0, a, b, c, d, e, f, g, h, X); @@ -671,14 +670,6 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, } } -# endif - -# endif /* SHA512_ASM */ - -#else /* !OPENSSL_NO_SHA512 */ - -# if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) -static void *dummy = &dummy; # endif -#endif /* !OPENSSL_NO_SHA512 */ +#endif /* SHA512_ASM */ diff --git a/crypto/sha/sha512t.c b/crypto/sha/sha512t.c index 178882fc76..a4d4b5e80b 100644 --- a/crypto/sha/sha512t.c +++ b/crypto/sha/sha512t.c @@ -11,14 +11,6 @@ #include #include -#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA512) -int main(int argc, char *argv[]) -{ - printf("No SHA512 support\n"); - return (0); -} -#else - unsigned char app_c1[SHA512_DIGEST_LENGTH] = { 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31, @@ -193,4 +185,3 @@ int main(int argc, char **argv) return 0; } -#endif diff --git a/crypto/sha/sha_dgst.c b/crypto/sha/sha_dgst.c deleted file mode 100644 index f77cf5e38d..0000000000 --- a/crypto/sha/sha_dgst.c +++ /dev/null @@ -1,74 +0,0 @@ -/* crypto/sha/sha1dgst.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) - -# undef SHA_1 -# define SHA_0 - -# include - -const char SHA_version[] = "SHA" OPENSSL_VERSION_PTEXT; - -/* The implementation is in ../md32_common.h */ - -# include "sha_locl.h" - -#endif diff --git a/crypto/sha/sha_locl.h b/crypto/sha/sha_locl.h index 2a44f57c7b..af62d9e290 100644 --- a/crypto/sha/sha_locl.h +++ b/crypto/sha/sha_locl.h @@ -76,35 +76,19 @@ ll=(c)->h4; (void)HOST_l2c(ll,(s)); \ } while (0) -#if defined(SHA_0) - -# define HASH_UPDATE SHA_Update -# define HASH_TRANSFORM SHA_Transform -# define HASH_FINAL SHA_Final -# define HASH_INIT SHA_Init -# define HASH_BLOCK_DATA_ORDER sha_block_data_order -# define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id)) - -static void sha_block_data_order(SHA_CTX *c, const void *p, size_t num); - -#elif defined(SHA_1) - -# define HASH_UPDATE SHA1_Update -# define HASH_TRANSFORM SHA1_Transform -# define HASH_FINAL SHA1_Final -# define HASH_INIT SHA1_Init -# define HASH_BLOCK_DATA_ORDER sha1_block_data_order -# define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \ +#define HASH_UPDATE SHA1_Update +#define HASH_TRANSFORM SHA1_Transform +#define HASH_FINAL SHA1_Final +#define HASH_INIT SHA1_Init +#define HASH_BLOCK_DATA_ORDER sha1_block_data_order +#define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \ ix=(a)=ROTATE((a),1) \ ) -# ifndef SHA1_ASM -static -# endif -void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); - +#ifndef SHA1_ASM +static void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); #else -# error "Either SHA_0 or SHA_1 must be defined." +void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); #endif #include "md32_common.h" @@ -197,7 +181,7 @@ int HASH_INIT(SHA_CTX *c) # define X(i) XX[i] # endif -# if !defined(SHA_1) || !defined(SHA1_ASM) +# if !defined(SHA1_ASM) static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) { const unsigned char *data = p; @@ -431,7 +415,7 @@ static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) E=D, D=C, C=ROTATE(B,30), B=A; \ A=ROTATE(A,5)+T+xa; } while(0) -# if !defined(SHA_1) || !defined(SHA1_ASM) +# if !defined(SHA1_ASM) static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) { const unsigned char *data = p; diff --git a/crypto/sha/sha_one.c b/crypto/sha/sha_one.c deleted file mode 100644 index 0930b98a66..0000000000 --- a/crypto/sha/sha_one.c +++ /dev/null @@ -1,79 +0,0 @@ -/* crypto/sha/sha_one.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include - -#ifndef OPENSSL_NO_SHA0 -unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md) -{ - SHA_CTX c; - static unsigned char m[SHA_DIGEST_LENGTH]; - - if (md == NULL) - md = m; - if (!SHA_Init(&c)) - return NULL; - SHA_Update(&c, d, n); - SHA_Final(md, &c); - OPENSSL_cleanse(&c, sizeof(c)); - return (md); -} -#endif diff --git a/crypto/sha/shatest.c b/crypto/sha/shatest.c deleted file mode 100644 index 105060a7ec..0000000000 --- a/crypto/sha/shatest.c +++ /dev/null @@ -1,174 +0,0 @@ -/* crypto/sha/shatest.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include - -#include "../e_os.h" - -#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) -int main(int argc, char *argv[]) -{ - printf("No SHA0 support\n"); - return (0); -} -#else -# include -# include - -# ifdef CHARSET_EBCDIC -# include -# endif - -# define SHA_0 /* FIPS 180 */ -# undef SHA_1 /* FIPS 180-1 */ - -static char *test[] = { - "abc", - "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - NULL, -}; - -# ifdef SHA_0 -static char *ret[] = { - "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880", - "d2516ee1acfa5baf33dfc1c471e438449ef134c8", -}; - -static char *bigret = "3232affa48628a26653b5aaa44541fd90d690603"; -# endif -# ifdef SHA_1 -static char *ret[] = { - "a9993e364706816aba3e25717850c26c9cd0d89d", - "84983e441c3bd26ebaae4aa1f95129e5e54670f1", -}; - -static char *bigret = "34aa973cd4c4daa4f61eeb2bdbad27316534016f"; -# endif - -static char *pt(unsigned char *md); -int main(int argc, char *argv[]) -{ - int i, err = 0; - char **P, **R; - static unsigned char buf[1000]; - char *p, *r; - EVP_MD_CTX c; - unsigned char md[SHA_DIGEST_LENGTH]; - -# ifdef CHARSET_EBCDIC - ebcdic2ascii(test[0], test[0], strlen(test[0])); - ebcdic2ascii(test[1], test[1], strlen(test[1])); -# endif - - EVP_MD_CTX_init(&c); - P = test; - R = ret; - i = 1; - while (*P != NULL) { - EVP_Digest(*P, strlen(*P), md, NULL, EVP_sha(), NULL); - p = pt(md); - if (strcmp(p, *R) != 0) { - printf("error calculating SHA on '%s'\n", *P); - printf("got %s instead of %s\n", p, *R); - err++; - } else - printf("test %d ok\n", i); - i++; - R++; - P++; - } - - memset(buf, 'a', 1000); -# ifdef CHARSET_EBCDIC - ebcdic2ascii(buf, buf, 1000); -# endif /* CHARSET_EBCDIC */ - EVP_DigestInit_ex(&c, EVP_sha(), NULL); - for (i = 0; i < 1000; i++) - EVP_DigestUpdate(&c, buf, 1000); - EVP_DigestFinal_ex(&c, md, NULL); - p = pt(md); - - r = bigret; - if (strcmp(p, r) != 0) { - printf("error calculating SHA on '%s'\n", p); - printf("got %s instead of %s\n", p, r); - err++; - } else - printf("test 3 ok\n"); - -# ifdef OPENSSL_SYS_NETWARE - if (err) - printf("ERROR: %d\n", err); -# endif - EVP_MD_CTX_cleanup(&c); - EXIT(err); - return (0); -} - -static char *pt(unsigned char *md) -{ - int i; - static char buf[80]; - - for (i = 0; i < SHA_DIGEST_LENGTH; i++) - sprintf(&(buf[i * 2]), "%02x", md[i]); - return (buf); -} -#endif diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 13f7531c24..fae320f9f3 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -97,9 +97,7 @@ # endif # endif -# ifndef OPENSSL_NO_SHA -# include -# endif +# include # include #ifdef __cplusplus @@ -280,9 +278,7 @@ struct x509_st { NAME_CONSTRAINTS *nc; STACK_OF(IPAddressFamily) *rfc3779_addr; struct ASIdentifiers_st *rfc3779_asid; -# ifndef OPENSSL_NO_SHA unsigned char sha1_hash[SHA_DIGEST_LENGTH]; -# endif X509_CERT_AUX *aux; } /* X509 */ ; @@ -453,9 +449,7 @@ struct X509_crl_st { /* CRL and base CRL numbers for delta processing */ ASN1_INTEGER *crl_number; ASN1_INTEGER *base_crl_number; -# ifndef OPENSSL_NO_SHA unsigned char sha1_hash[SHA_DIGEST_LENGTH]; -# endif STACK_OF(GENERAL_NAMES) *issuers; const X509_CRL_METHOD *meth; void *meth_data; diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 49c71b9128..04cecad14a 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -122,12 +122,10 @@ int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) return (X509_NAME_cmp(a->crl->issuer, b->crl->issuer)); } -#ifndef OPENSSL_NO_SHA int X509_CRL_match(const X509_CRL *a, const X509_CRL *b) { return memcmp(a->sha1_hash, b->sha1_hash, 20); } -#endif X509_NAME *X509_get_issuer_name(X509 *a) { @@ -168,7 +166,6 @@ unsigned long X509_subject_name_hash_old(X509 *x) } #endif -#ifndef OPENSSL_NO_SHA /* * Compare two certificates: they must be identical for this to work. NB: * Although "cmp" operations are generally prototyped to take "const" @@ -197,7 +194,6 @@ int X509_cmp(const X509 *a, const X509 *b) } return rv; } -#endif int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) { diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index dfc8c5b8e1..b748e98b2c 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -390,9 +390,7 @@ static void x509v3_cache_extensions(X509 *x) int i; if (x->ex_flags & EXFLAG_SET) return; -#ifndef OPENSSL_NO_SHA X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); -#endif /* V1 should mean no extensions ... */ if (!X509_get_version(x)) x->ex_flags |= EXFLAG_V1; diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod index d9fada9c0b..66055070c2 100644 --- a/doc/crypto/EVP_DigestInit.pod +++ b/doc/crypto/EVP_DigestInit.pod @@ -6,7 +6,7 @@ EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, EVP_MD_CTX_copy_ex, EVP_DigestInit, EVP_DigestFinal, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, -EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, +EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha1, EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1, EVP_mdc2, EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - EVP digest routines @@ -49,7 +49,6 @@ EVP digest routines const EVP_MD *EVP_md_null(void); const EVP_MD *EVP_md2(void); const EVP_MD *EVP_md5(void); - const EVP_MD *EVP_sha(void); const EVP_MD *EVP_sha1(void); const EVP_MD *EVP_dss(void); const EVP_MD *EVP_dss1(void); @@ -134,9 +133,9 @@ return B. Since digests and signature algorithms are no longer linked this function is only retained for compatibility reasons. -EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_sha224(), EVP_sha256(), +EVP_md2(), EVP_md5(), EVP_sha1(), EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160() return B -structures for the MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2 +structures for the MD2, MD5, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2 and RIPEMD160 digest algorithms respectively. EVP_dss() and EVP_dss1() return B structures for SHA and SHA1 digest @@ -165,7 +164,7 @@ corresponding OBJECT IDENTIFIER or NID_undef if none exists. EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and EVP_MD_CTX_block_size() return the digest or block size in bytes. -EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(), +EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(), EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the corresponding EVP_MD structures. @@ -269,7 +268,7 @@ EVP_MD_CTX_init(), EVP_MD_CTX_create(), EVP_MD_CTX_copy_ex(), EVP_MD_CTX_cleanup(), EVP_MD_CTX_destroy(), EVP_DigestInit_ex() and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7. -EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), +EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(), EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were changed to return truly const EVP_MD * in OpenSSL 0.9.7. diff --git a/engines/e_sureware.c b/engines/e_sureware.c index dc3e21f56e..aae568ab71 100644 --- a/engines/e_sureware.c +++ b/engines/e_sureware.c @@ -946,13 +946,11 @@ static int surewarehk_rsa_priv_dec(int flen, const unsigned char *from, } memcpy(buf, to, tlen); /* transfert to into buf */ switch (padding) { /* check padding in software */ -# ifndef OPENSSL_NO_SHA case RSA_PKCS1_OAEP_PADDING: ret = RSA_padding_check_PKCS1_OAEP(to, tlen, (unsigned char *)buf, tlen, tlen, NULL, 0); break; -# endif case RSA_SSLV23_PADDING: ret = RSA_padding_check_SSLv23(to, tlen, (unsigned char *)buf, flen, diff --git a/makevms.com b/makevms.com index 47053462f8..331b1be625 100755 --- a/makevms.com +++ b/makevms.com @@ -566,12 +566,6 @@ $ WRITE H_FILE "#undef SIXTEEN_BIT" $ WRITE H_FILE "#undef EIGHT_BIT" $ WRITE H_FILE "#endif" $! -$! Oddly enough, the following symbol is tested in crypto/sha/sha512.c -$! before sha.h gets included (and HEADER_SHA_H defined), so we will not -$! protect this one... -$ WRITE H_FILE "#undef OPENSSL_NO_SHA512" -$ WRITE H_FILE "#define OPENSSL_NO_SHA512" -$! $ WRITE H_FILE "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION" $ WRITE H_FILE "#define OPENSSL_EXPORT_VAR_AS_FUNCTION" $! diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index e5a04ace60..53e3c8764c 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -328,9 +328,6 @@ static void tls1_sha1_final_raw(void *ctx, unsigned char *md_out) l2n(sha1->h4, md_out); } -#define LARGEST_DIGEST_CTX SHA_CTX - -#ifndef OPENSSL_NO_SHA256 static void tls1_sha256_final_raw(void *ctx, unsigned char *md_out) { SHA256_CTX *sha256 = ctx; @@ -341,11 +338,6 @@ static void tls1_sha256_final_raw(void *ctx, unsigned char *md_out) } } -# undef LARGEST_DIGEST_CTX -# define LARGEST_DIGEST_CTX SHA256_CTX -#endif - -#ifndef OPENSSL_NO_SHA512 static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out) { SHA512_CTX *sha512 = ctx; @@ -356,9 +348,8 @@ static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out) } } -# undef LARGEST_DIGEST_CTX -# define LARGEST_DIGEST_CTX SHA512_CTX -#endif +#undef LARGEST_DIGEST_CTX +#define LARGEST_DIGEST_CTX SHA512_CTX /* * ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function @@ -371,14 +362,10 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) switch (EVP_MD_CTX_type(ctx)) { case NID_md5: case NID_sha1: -#ifndef OPENSSL_NO_SHA256 case NID_sha224: case NID_sha256: -#endif -#ifndef OPENSSL_NO_SHA512 case NID_sha384: case NID_sha512: -#endif return 1; default: return 0; @@ -465,7 +452,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, (void (*)(void *ctx, const unsigned char *block))SHA1_Transform; md_size = 20; break; -#ifndef OPENSSL_NO_SHA256 case NID_sha224: SHA224_Init((SHA256_CTX *)md_state.c); md_final_raw = tls1_sha256_final_raw; @@ -480,8 +466,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, (void (*)(void *ctx, const unsigned char *block))SHA256_Transform; md_size = 32; break; -#endif -#ifndef OPENSSL_NO_SHA512 case NID_sha384: SHA384_Init((SHA512_CTX *)md_state.c); md_final_raw = tls1_sha512_final_raw; @@ -500,7 +484,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, md_block_size = 128; md_length_size = 16; break; -#endif default: /* * ssl3_cbc_record_digest_supported should have been called first to diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 93518b89b3..a383eee70a 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2225,11 +2225,7 @@ int ssl3_get_new_session_ticket(SSL *s) */ EVP_Digest(p, ticklen, s->session->session_id, &s->session->session_id_length, -# ifndef OPENSSL_NO_SHA256 EVP_sha256(), NULL); -# else - EVP_sha1(), NULL); -# endif ret = 1; return (ret); f_err: diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index ccc418ad78..e929658798 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -3385,7 +3385,7 @@ int ssl3_send_newsession_ticket(SSL *s) EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, tctx->tlsext_tick_aes_key, iv); HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, - tlsext_tick_md(), NULL); + EVP_sha256(), NULL); memcpy(key_name, tctx->tlsext_tick_key_name, 16); } diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c index fdf1481444..3843aefe8d 100644 --- a/ssl/ssl_algs.c +++ b/ssl/ssl_algs.c @@ -91,14 +91,10 @@ int SSL_library_init(void) EVP_add_cipher(EVP_aes_256_cbc()); EVP_add_cipher(EVP_aes_128_gcm()); EVP_add_cipher(EVP_aes_256_gcm()); -# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); -# endif -# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); -# endif #endif #ifndef OPENSSL_NO_CAMELLIA EVP_add_cipher(EVP_camellia_128_cbc()); @@ -113,20 +109,14 @@ int SSL_library_init(void) EVP_add_digest(EVP_md5()); EVP_add_digest_alias(SN_md5, "ssl3-md5"); #endif -#ifndef OPENSSL_NO_SHA EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); -#endif -#ifndef OPENSSL_NO_SHA256 EVP_add_digest(EVP_sha224()); EVP_add_digest(EVP_sha256()); -#endif -#ifndef OPENSSL_NO_SHA512 EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); -#endif -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) +#if !defined(OPENSSL_NO_DSA) EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); @@ -134,11 +124,6 @@ int SSL_library_init(void) #endif #ifndef OPENSSL_NO_ECDSA EVP_add_digest(EVP_ecdsa()); -#endif - /* If you want support for phased out ciphers, add the following */ -#if 0 - EVP_add_digest(EVP_sha()); - EVP_add_digest(EVP_dss()); #endif #ifndef OPENSSL_NO_COMP /* diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index f58a605ad0..fcf5f8d61d 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1329,11 +1329,6 @@ int tls1_process_heartbeat(SSL *s); int dtls1_process_heartbeat(SSL *s); # endif -# ifdef OPENSSL_NO_SHA256 -# define tlsext_tick_md EVP_sha1 -# else -# define tlsext_tick_md EVP_sha256 -# endif int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, const unsigned char *limit, SSL_SESSION **ret); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 115aab5596..6a1ed6a742 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -906,17 +906,11 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md) tlsext_sigalg_ecdsa(md) static const unsigned char tls12_sigalgs[] = { -# ifndef OPENSSL_NO_SHA512 tlsext_sigalg(TLSEXT_hash_sha512) tlsext_sigalg(TLSEXT_hash_sha384) -# endif -# ifndef OPENSSL_NO_SHA256 tlsext_sigalg(TLSEXT_hash_sha256) tlsext_sigalg(TLSEXT_hash_sha224) -# endif -# ifndef OPENSSL_NO_SHA tlsext_sigalg(TLSEXT_hash_sha1) -# endif }; # ifndef OPENSSL_NO_ECDSA @@ -3318,7 +3312,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) return 2; HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, - tlsext_tick_md(), NULL); + EVP_sha256(), NULL); EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, tctx->tlsext_tick_aes_key, etick + 16); } @@ -3462,25 +3456,11 @@ static const tls12_hash_info tls12_md_info[] = { # else {NID_md5, 64, EVP_md5}, # endif -# ifdef OPENSSL_NO_SHA - {NID_sha1, 80, 0}, -# else {NID_sha1, 80, EVP_sha1}, -# endif -# ifdef OPENSSL_NO_SHA256 - {NID_sha224, 112, 0}, - {NID_sha256, 128, 0}, -# else {NID_sha224, 112, EVP_sha224}, {NID_sha256, 128, EVP_sha256}, -# endif -# ifdef OPENSSL_NO_SHA512 - {NID_sha384, 192, 0}, - {NID_sha512, 256, 0} -# else {NID_sha384, 192, EVP_sha384}, {NID_sha512, 256, EVP_sha512} -# endif }; static const tls12_hash_info *tls12_get_hash_info(unsigned char hash_alg) diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 07f6fdd56d..5424ed543c 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -177,7 +177,7 @@ $no_static_engine = 0 if (!$shlib); $no_mdc2=1 if ($no_des); -$no_ssl3=1 if ($no_md5 || $no_sha); +$no_ssl3=1 if ($no_md5); $no_ssl3=1 if ($no_rsa && $no_dh); $out_def="out"; @@ -281,8 +281,6 @@ $cflags.=" -DOPENSSL_NO_RC5" if $no_rc5; $cflags.=" -DOPENSSL_NO_MD2" if $no_md2; $cflags.=" -DOPENSSL_NO_MD4" if $no_md4; $cflags.=" -DOPENSSL_NO_MD5" if $no_md5; -$cflags.=" -DOPENSSL_NO_SHA" if $no_sha; -$cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1; $cflags.=" -DOPENSSL_NO_RMD160" if $no_ripemd; $cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2; $cflags.=" -DOPENSSL_NO_BF" if $no_bf; @@ -1123,8 +1121,6 @@ sub var_add @a=grep(!/_dhp$/,@a) if $no_dh; - @a=grep(!/(^sha[^1])|(_sha$)|(m_dss$)/,@a) if $no_sha; - @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; @a=grep(!/_mdc2$/,@a) if $no_mdc2; @a=grep(!/(srp)/,@a) if $no_srp; @@ -1133,11 +1129,8 @@ sub var_add @a=grep(!/^hw$/,@a) if $no_hw; @a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa; @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa; - @a=grep(!/^gendsa$/,@a) if $no_sha1; @a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh; - @a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; - grep($_="$dir/$_",@a); @a=grep(!/(^|\/)s_/,@a) if $no_sock; @a=grep(!/(^|\/)bio_sock/,@a) if $no_sock; @@ -1409,8 +1402,6 @@ sub read_options "no-md2" => \$no_md2, "no-md4" => \$no_md4, "no-md5" => \$no_md5, - "no-sha" => \$no_sha, - "no-sha1" => \$no_sha1, "no-ripemd" => \$no_ripemd, "no-mdc2" => \$no_mdc2, "no-whirlpool" => \$no_whirlpool, @@ -1444,7 +1435,7 @@ sub read_options "no-hw" => \$no_hw, "just-ssl" => [\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast, - \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh, + \$no_md2, \$no_mdc2, \$no_dsa, \$no_dh, \$no_err, \$no_ripemd, \$no_rc5, \$no_aes, \$no_camellia, \$no_seed, \$no_srp], "rsaref" => 0, diff --git a/util/mkdef.pl b/util/mkdef.pl index a6f64e3fc3..1dbd555797 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -972,7 +972,6 @@ sub do_defs $a .= ",RC4" if($s =~ /EVP_rc4/); $a .= ",RC5" if($s =~ /EVP_rc5/); $a .= ",RIPEMD" if($s =~ /EVP_ripemd/); - $a .= ",SHA" if($s =~ /EVP_sha/); $a .= ",RSA" if($s =~ /EVP_(Open|Seal)(Final|Init)/); $a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/); $a .= ",RSA" if($s =~ /RSAPrivateKey/);