From a283d2a80adfaa88573bcd9acd3d8d7ab55c1af4 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 6 Feb 2015 12:16:58 +0000 Subject: [PATCH] Remove OPENSSL_NO_HMAC Disabling HMAC doesn't work. If it did it would end up disabling a lot of OpenSSL functionality (it is required for all versions of TLS for example). Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte --- apps/speed.c | 6 +----- crypto/evp/evp_pbe.c | 5 +---- crypto/evp/p5_crpt2.c | 2 -- crypto/hmac/hmac.h | 4 ---- crypto/hmac/hmactest.c | 8 -------- crypto/pkcs12/p12_mutl.c | 2 -- util/libeay.num | 18 +++++++++--------- util/mk1mf.pl | 1 - util/mkdef.pl | 4 +--- 9 files changed, 12 insertions(+), 38 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index 8dc9de9ce6..6ba7a2ece7 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -133,9 +133,7 @@ #ifndef OPENSSL_NO_MD5 # include #endif -#ifndef OPENSSL_NO_HMAC # include -#endif #include # include #ifndef OPENSSL_NO_RMD160 @@ -1079,9 +1077,7 @@ int MAIN(int argc, char **argv) #endif #ifndef OPENSSL_NO_MD5 BIO_printf(bio_err, "md5 "); -# ifndef OPENSSL_NO_HMAC BIO_printf(bio_err, "hmac "); -# endif #endif BIO_printf(bio_err, "sha1 "); BIO_printf(bio_err, "sha256 "); @@ -1590,7 +1586,7 @@ int MAIN(int argc, char **argv) } #endif -#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC) +#if !defined(OPENSSL_NO_MD5) if (doit[D_HMAC]) { HMAC_CTX hctx; diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index e3fa95db92..35346525ee 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -87,9 +87,7 @@ static const EVP_PBE_CTL builtin_pbe[] = { {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC, NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen}, -#ifndef OPENSSL_NO_HMAC {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen}, -#endif {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4, NID_rc4, NID_sha1, PKCS12_PBE_keyivgen}, @@ -104,9 +102,8 @@ static const EVP_PBE_CTL builtin_pbe[] = { {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC, NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen}, -#ifndef OPENSSL_NO_HMAC {EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen}, -#endif + {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC, NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen}, {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC, diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index b9c4dcbeda..6c458e9df8 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -59,7 +59,6 @@ #include #include #include "cryptlib.h" -#if !defined(OPENSSL_NO_HMAC) # include # include # include @@ -331,4 +330,3 @@ static void h__dump(const unsigned char *p, int len) fprintf(stderr, "\n"); } # endif -#endif diff --git a/crypto/hmac/hmac.h b/crypto/hmac/hmac.h index 2712e011f9..2404e530ee 100644 --- a/crypto/hmac/hmac.h +++ b/crypto/hmac/hmac.h @@ -60,10 +60,6 @@ # include -# ifdef OPENSSL_NO_HMAC -# error HMAC is disabled. -# endif - # include # define HMAC_MAX_MD_CBLOCK 128/* largest known is SHA512 */ diff --git a/crypto/hmac/hmactest.c b/crypto/hmac/hmactest.c index 492f5c5e81..de8d1c911c 100644 --- a/crypto/hmac/hmactest.c +++ b/crypto/hmac/hmactest.c @@ -62,13 +62,6 @@ #include "../e_os.h" -#ifdef OPENSSL_NO_HMAC -int main(int argc, char *argv[]) -{ - printf("No HMAC support\n"); - return (0); -} -#else # include # ifndef OPENSSL_NO_MD5 # include @@ -163,4 +156,3 @@ static char *pt(unsigned char *md) return (buf); } # endif -#endif diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 256b210cce..4138a4d508 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -57,7 +57,6 @@ * */ -#ifndef OPENSSL_NO_HMAC # include # include "cryptlib.h" # include @@ -191,4 +190,3 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, return 1; } -#endif diff --git a/util/libeay.num b/util/libeay.num index 9920db1c77..e77c94ecb9 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -942,10 +942,10 @@ X509_load_crl_file 958 EXIST::FUNCTION:STDIO EVP_rc2_40_cbc 959 EXIST::FUNCTION:RC2 EVP_rc4_40 960 EXIST::FUNCTION:RC4 EVP_CIPHER_CTX_init 961 EXIST::FUNCTION: -HMAC 962 EXIST::FUNCTION:HMAC -HMAC_Init 963 EXIST::FUNCTION:HMAC -HMAC_Update 964 EXIST::FUNCTION:HMAC -HMAC_Final 965 EXIST::FUNCTION:HMAC +HMAC 962 EXIST::FUNCTION: +HMAC_Init 963 EXIST::FUNCTION: +HMAC_Update 964 EXIST::FUNCTION: +HMAC_Final 965 EXIST::FUNCTION: ERR_get_next_error_library 966 EXIST::FUNCTION: EVP_PKEY_cmp_parameters 967 EXIST::FUNCTION: HMAC_cleanup 968 NOEXIST::FUNCTION: @@ -1998,7 +1998,7 @@ EC_GROUP_method_of 2568 EXIST::FUNCTION:EC i2d_KRB5_APREQ 2569 EXIST::FUNCTION: _ossl_old_des_encrypt 2570 NOEXIST::FUNCTION: ASN1_PRINTABLE_new 2571 EXIST::FUNCTION: -HMAC_Init_ex 2572 EXIST::FUNCTION:HMAC +HMAC_Init_ex 2572 EXIST::FUNCTION: d2i_KRB5_AUTHENT 2573 EXIST::FUNCTION: OCSP_archive_cutoff_new 2574 EXIST::FUNCTION: EC_POINT_set_Jprojective_coordinates_GFp 2575 EXIST:!VMS:FUNCTION:EC @@ -2206,7 +2206,7 @@ OBJ_NAME_do_all_sorted 2743 EXIST::FUNCTION: i2d_OCSP_BASICRESP 2744 EXIST::FUNCTION: i2d_OCSP_RESPBYTES 2745 EXIST::FUNCTION: PKCS12_unpack_p7encdata 2746 EXIST::FUNCTION: -HMAC_CTX_init 2747 EXIST::FUNCTION:HMAC +HMAC_CTX_init 2747 EXIST::FUNCTION: ENGINE_get_digest 2748 EXIST::FUNCTION:ENGINE OCSP_RESPONSE_print 2749 EXIST::FUNCTION: KRB5_TKTBODY_it 2750 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2255,7 +2255,7 @@ CRYPTO_get_locked_mem_ex_functions 2781 EXIST:!VMS:FUNCTION: CRYPTO_get_locked_mem_ex_funcs 2781 EXIST:VMS:FUNCTION: ASN1_TIME_check 2782 EXIST::FUNCTION: UI_get0_user_data 2783 EXIST::FUNCTION: -HMAC_CTX_cleanup 2784 EXIST::FUNCTION:HMAC +HMAC_CTX_cleanup 2784 EXIST::FUNCTION: DSA_up_ref 2785 EXIST::FUNCTION:DSA _ossl_odes_ede3_cfb64_encrypt 2786 NOEXIST::FUNCTION: _ossl_old_des_ede3_cfb64_encrypt 2786 NOEXIST::FUNCTION: @@ -2844,7 +2844,7 @@ FIPS_selftest_failed 3284 NOEXIST::FUNCTION: sk_is_sorted 3285 EXIST::FUNCTION: X509_check_ca 3286 EXIST::FUNCTION: private_idea_set_encrypt_key 3287 NOEXIST::FUNCTION: -HMAC_CTX_set_flags 3288 EXIST::FUNCTION:HMAC +HMAC_CTX_set_flags 3288 EXIST::FUNCTION: private_SHA_Init 3289 NOEXIST::FUNCTION: private_CAST_set_key 3290 NOEXIST::FUNCTION: private_RIPEMD160_Init 3291 NOEXIST::FUNCTION: @@ -3958,7 +3958,7 @@ d2i_TS_TST_INFO_bio 4336 EXIST::FUNCTION: TS_TST_INFO_get_ordering 4337 EXIST::FUNCTION: TS_RESP_print_bio 4338 EXIST::FUNCTION: TS_TST_INFO_get_exts 4339 EXIST::FUNCTION: -HMAC_CTX_copy 4340 EXIST::FUNCTION:HMAC +HMAC_CTX_copy 4340 EXIST::FUNCTION: PKCS5_pbe2_set_iv 4341 EXIST::FUNCTION: ENGINE_get_pkey_asn1_meths 4342 EXIST::FUNCTION:ENGINE b2i_PrivateKey 4343 EXIST::FUNCTION: diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 01329b74ef..809e9b3d14 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -1410,7 +1410,6 @@ sub read_options "no-rsa" => \$no_rsa, "no-dsa" => \$no_dsa, "no-dh" => \$no_dh, - "no-hmac" => \$no_hmac, "no-asm" => \$no_asm, "nasm" => \$nasm, "nw-nasm" => \$nw_nasm, diff --git a/util/mkdef.pl b/util/mkdef.pl index ed10da2b31..3ae0a90703 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -135,7 +135,7 @@ close(IN); my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf; my $no_cast; my $no_whirlpool; my $no_camellia; my $no_seed; my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; -my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; +my $no_rsa; my $no_dsa; my $no_dh; my $no_aes; my $no_krb5; my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; @@ -212,7 +212,6 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-ec$/) { $no_ec=1; } elsif (/^no-ecdsa$/) { $no_ecdsa=1; } elsif (/^no-ecdh$/) { $no_ecdh=1; } - elsif (/^no-hmac$/) { $no_hmac=1; } elsif (/^no-aes$/) { $no_aes=1; } elsif (/^no-camellia$/) { $no_camellia=1; } elsif (/^no-seed$/) { $no_seed=1; } @@ -1188,7 +1187,6 @@ sub is_valid if ($keyword eq "EC" && $no_ec) { return 0; } if ($keyword eq "ECDSA" && $no_ecdsa) { return 0; } if ($keyword eq "ECDH" && $no_ecdh) { return 0; } - if ($keyword eq "HMAC" && $no_hmac) { return 0; } if ($keyword eq "AES" && $no_aes) { return 0; } if ($keyword eq "CAMELLIA" && $no_camellia) { return 0; } if ($keyword eq "SEED" && $no_seed) { return 0; } -- 2.34.1