From 085e3cecbdadde10e93abfb4dbd3e865aeed58d6 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 3 Jun 2021 15:22:05 +0200 Subject: [PATCH] Move libssl related defines used by fips provider to prov_ssl.h This nicely reduces the number of files considered as fips provider sources. Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15609) --- crypto/packet.c | 6 ++-- crypto/rsa/rsa_pk1.c | 2 +- include/openssl/dtls1.h | 7 ++-- include/openssl/prov_ssl.h | 34 +++++++++++++++++++ include/openssl/ssl.h.in | 3 +- include/openssl/ssl3.h | 2 +- include/openssl/tls1.h | 6 ++-- providers/common/capabilities.c | 2 +- .../implementations/asymciphers/rsa_enc.c | 2 +- .../ciphers/cipher_aes_cbc_hmac_sha.c | 4 +-- .../implementations/ciphers/ciphercommon.c | 2 +- .../ciphers/ciphercommon_block.c | 2 +- 12 files changed, 52 insertions(+), 20 deletions(-) create mode 100644 include/openssl/prov_ssl.h diff --git a/crypto/packet.c b/crypto/packet.c index 6cd1ed3ed3..80202bc08f 100644 --- a/crypto/packet.c +++ b/crypto/packet.c @@ -9,7 +9,7 @@ #include "internal/cryptlib.h" #include "internal/packet.h" -#include +#include #define DEFAULT_BUF_SIZE 256 @@ -105,7 +105,7 @@ static int wpacket_intern_init_len(WPACKET *pkt, size_t lenbytes) pkt->written = 0; if ((pkt->subs = OPENSSL_zalloc(sizeof(*pkt->subs))) == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); return 0; } @@ -352,7 +352,7 @@ int WPACKET_start_sub_packet_len__(WPACKET *pkt, size_t lenbytes) return 0; if ((sub = OPENSSL_zalloc(sizeof(*sub))) == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); return 0; } diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c index f1eabf177c..89778e6c4d 100644 --- a/crypto/rsa/rsa_pk1.c +++ b/crypto/rsa/rsa_pk1.c @@ -20,7 +20,7 @@ #include #include /* Just for the SSL_MAX_MASTER_KEY_LENGTH value */ -#include +#include #include "internal/cryptlib.h" #include "crypto/rsa.h" #include "rsa_local.h" diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h index 5553fb8c90..8a1cd95ce3 100644 --- a/include/openssl/dtls1.h +++ b/include/openssl/dtls1.h @@ -16,22 +16,21 @@ # define HEADER_DTLS1_H # endif +# include + #ifdef __cplusplus extern "C" { #endif #include -# define DTLS1_VERSION 0xFEFF -# define DTLS1_2_VERSION 0xFEFD +/* DTLS*_VERSION constants are defined in prov_ssl.h */ # ifndef OPENSSL_NO_DEPRECATED_3_0 # define DTLS_MIN_VERSION DTLS1_VERSION # define DTLS_MAX_VERSION DTLS1_2_VERSION # endif # define DTLS1_VERSION_MAJOR 0xFE -# define DTLS1_BAD_VER 0x0100 - /* Special value for method supporting multiple versions */ # define DTLS_ANY_VERSION 0x1FFFF diff --git a/include/openssl/prov_ssl.h b/include/openssl/prov_ssl.h new file mode 100644 index 0000000000..d3e0896c8e --- /dev/null +++ b/include/openssl/prov_ssl.h @@ -0,0 +1,34 @@ +/* + * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PROV_SSL_H +# define OPENSSL_PROV_SSL_H +# pragma once + +# ifdef __cplusplus +extern "C" { +# endif + +/* SSL/TLS related defines useful to providers */ + +# define SSL_MAX_MASTER_KEY_LENGTH 48 + +# define SSL3_VERSION 0x0300 +# define TLS1_VERSION 0x0301 +# define TLS1_1_VERSION 0x0302 +# define TLS1_2_VERSION 0x0303 +# define TLS1_3_VERSION 0x0304 +# define DTLS1_VERSION 0xFEFF +# define DTLS1_2_VERSION 0xFEFD +# define DTLS1_BAD_VER 0x0100 + +# ifdef __cplusplus +} +# endif +#endif /* OPENSSL_PROV_SSL_H */ diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in index a227090263..2c34fd2a9a 100644 --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in @@ -42,6 +42,7 @@ use OpenSSL::stackhash qw(generate_stack_macros generate_const_stack_macros); # include # include # include +# include #ifdef __cplusplus extern "C" { @@ -59,7 +60,7 @@ extern "C" { # define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) # define SSL_MAX_KEY_ARG_LENGTH 8 -# define SSL_MAX_MASTER_KEY_LENGTH 48 +/* SSL_MAX_MASTER_KEY_LENGTH is defined in prov_ssl.h */ /* The maximum number of encrypt/decrypt pipelines we can support */ # define SSL_MAX_PIPELINES 32 diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index 9fc6b3abcb..e5a41faa05 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -212,7 +212,7 @@ extern "C" { # define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" # define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" -# define SSL3_VERSION 0x0300 +/* SSL3_VERSION is defined in prov_ssl.h */ # define SSL3_VERSION_MAJOR 0x03 # define SSL3_VERSION_MINOR 0x00 diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index cd1f818c1a..d6e9331fa1 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -20,6 +20,7 @@ # include # include +# include #ifdef __cplusplus extern "C" { @@ -30,10 +31,7 @@ extern "C" { # define OPENSSL_TLS_SECURITY_LEVEL 1 # endif -# define TLS1_VERSION 0x0301 -# define TLS1_1_VERSION 0x0302 -# define TLS1_2_VERSION 0x0303 -# define TLS1_3_VERSION 0x0304 +/* TLS*_VERSION constants are defined in prov_ssl.h */ # ifndef OPENSSL_NO_DEPRECATED_3_0 # define TLS_MAX_VERSION TLS1_3_VERSION # endif diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c index 781acae8db..f6d95197f0 100644 --- a/providers/common/capabilities.c +++ b/providers/common/capabilities.c @@ -12,7 +12,7 @@ #include #include /* For TLS1_VERSION etc */ -#include +#include #include #include "internal/nelem.h" #include "internal/tlsgroups.h" diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c index 7b534e76ed..ce5ddff651 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c @@ -22,7 +22,7 @@ #include #include /* Just for SSL_MAX_MASTER_KEY_LENGTH */ -#include +#include #include "internal/constant_time.h" #include "internal/sizes.h" #include "crypto/rsa.h" diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c index a0eef7c1e5..f9a8a58041 100644 --- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c +++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c @@ -16,8 +16,8 @@ /* Dispatch functions for AES_CBC_HMAC_SHA ciphers */ -/* Only for SSL3_VERSION and TLS1_VERSION */ -#include +/* For SSL3_VERSION and TLS1_VERSION */ +#include #include #include "cipher_aes_cbc_hmac_sha.h" #include "prov/implementations.h" diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c index 3c8ea8c03c..b5a0d43b78 100644 --- a/providers/implementations/ciphers/ciphercommon.c +++ b/providers/implementations/ciphers/ciphercommon.c @@ -12,7 +12,7 @@ */ /* For SSL3_VERSION */ -#include +#include #include #include "ciphercommon_local.h" #include "prov/provider_ctx.h" diff --git a/providers/implementations/ciphers/ciphercommon_block.c b/providers/implementations/ciphers/ciphercommon_block.c index 14f7503b36..6e6bb091e7 100644 --- a/providers/implementations/ciphers/ciphercommon_block.c +++ b/providers/implementations/ciphers/ciphercommon_block.c @@ -9,7 +9,7 @@ #include /* For SSL3_VERSION, TLS1_VERSION etc */ -#include +#include #include #include #include "internal/constant_time.h" -- 2.34.1