From: Tomas Mraz Date: Thu, 1 Jul 2021 15:41:02 +0000 (+0200) Subject: fips module header inclusion fine-tunning X-Git-Tag: openssl-3.0.0-beta2~113 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3f773c911a03c5be2eff00beaf94e88f1d997b22;p=thirdparty%2Fopenssl.git fips module header inclusion fine-tunning Reviewed-by: Richard Levitte Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15974) --- diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c index a727d5c87b8..7bd5c617deb 100644 --- a/crypto/dh/dh_backend.c +++ b/crypto/dh/dh_backend.c @@ -15,6 +15,9 @@ #include #include +#ifndef FIPS_MODULE +# include +#endif #include "internal/param_build_set.h" #include "crypto/dh.h" #include "dh_local.h" diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 7154f8c2abe..29cda5d7bfa 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -15,7 +15,9 @@ #include #include -#include +#ifndef FIPS_MODULE +# include +#endif #include #include #include "internal/cryptlib.h" diff --git a/crypto/dsa/dsa_backend.c b/crypto/dsa/dsa_backend.c index e4fa070f237..5e3ff851544 100644 --- a/crypto/dsa/dsa_backend.c +++ b/crypto/dsa/dsa_backend.c @@ -15,6 +15,9 @@ #include #include +#ifndef FIPS_MODULE +# include +#endif #include "crypto/dsa.h" #include "dsa_local.h" diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 5512b99ef10..ccc70165921 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -14,7 +14,9 @@ #include "internal/deprecated.h" #include -#include +#ifndef FIPS_MODULE +# include +#endif #include "internal/cryptlib.h" #include "internal/refcount.h" #include "crypto/dsa.h" diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c index 9b4467f2bea..381da71f33a 100644 --- a/crypto/ec/ec_backend.c +++ b/crypto/ec/ec_backend.c @@ -17,7 +17,10 @@ #include #include #include -#include +#ifndef FIPS_MODULE +# include +# include +#endif #include "crypto/bn.h" #include "crypto/ec.h" #include "ec_local.h" diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index ba6b8df5140..eb14f4e4090 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -19,7 +19,9 @@ #include "ec_local.h" #include "internal/refcount.h" #include -#include +#ifndef FIPS_MODULE +# include +#endif #include #include "prov/providercommon.h" #include "crypto/bn.h" diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c index 91b7a440825..8c011635cb4 100644 --- a/crypto/ec/ec_kmeth.c +++ b/crypto/ec/ec_kmeth.c @@ -15,7 +15,9 @@ #include #include -#include +#ifndef FIPS_MODULE +# include +#endif #include #include "ec_local.h" diff --git a/crypto/ec/ecx_backend.c b/crypto/ec/ecx_backend.c index 14278592cda..a0144d5a86b 100644 --- a/crypto/ec/ecx_backend.c +++ b/crypto/ec/ecx_backend.c @@ -13,6 +13,9 @@ #include #include #include +#ifndef FIPS_MODULE +# include +#endif #include "crypto/ecx.h" #include "ecx_backend.h" diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 4a5c926103f..1f2910bc695 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -14,7 +14,9 @@ #include #include #include -#include +#ifndef FIPS_MODULE +# include +#endif #include #include #include "internal/cryptlib.h" diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 3a8e2c643e4..e0f411aa063 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -16,7 +16,9 @@ #include #include #include -#include +#ifndef FIPS_MODULE +# include +#endif #include #include #include "internal/cryptlib.h" diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 0b08c9adfd1..f78df52ab19 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -25,11 +25,11 @@ #include #include #include "crypto/evp.h" -#include "crypto/asn1.h" #include "internal/provider.h" #include "evp_local.h" #if !defined(FIPS_MODULE) +# include "crypto/asn1.h" int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { diff --git a/crypto/evp/evp_rand.c b/crypto/evp/evp_rand.c index 7b1a44241ec..0db755e06b4 100644 --- a/crypto/evp/evp_rand.c +++ b/crypto/evp/evp_rand.c @@ -7,13 +7,9 @@ * https://www.openssl.org/source/license.html */ -#include - #include #include -#include #include -#include #include #include #include @@ -22,7 +18,6 @@ #include "internal/numbers.h" #include "internal/provider.h" #include "internal/core.h" -#include "crypto/asn1.h" #include "crypto/evp.h" #include "evp_local.h" diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c index 5552b266011..8177626ae06 100644 --- a/crypto/evp/kdf_lib.c +++ b/crypto/evp/kdf_lib.c @@ -11,13 +11,10 @@ #include #include #include "internal/cryptlib.h" -#include #include -#include #include #include #include -#include "crypto/asn1.h" #include "crypto/evp.h" #include "internal/numbers.h" #include "internal/provider.h" diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c index f3dd876cfdf..32e4fbcbaa0 100644 --- a/crypto/evp/keymgmt_lib.c +++ b/crypto/evp/keymgmt_lib.c @@ -11,7 +11,6 @@ #include "internal/cryptlib.h" #include "internal/nelem.h" #include "crypto/evp.h" -#include "crypto/asn1.h" #include "internal/core.h" #include "internal/provider.h" #include "evp_local.h" diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 0da6498030b..5c5ed058764 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -11,7 +11,6 @@ #include "internal/cryptlib.h" #include #include -#include #include "crypto/evp.h" #include "internal/provider.h" #include "internal/numbers.h" /* includes SIZE_MAX */ diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 07be8884feb..fa3a0258fab 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -22,13 +22,14 @@ #include #include #include -#include #include #include #include #include #include -#include +#ifndef FIPS_MODULE +# include +#endif #include #include #include @@ -36,14 +37,16 @@ #include "internal/numbers.h" /* includes SIZE_MAX */ #include "internal/ffc.h" -#include "crypto/asn1.h" #include "crypto/evp.h" #include "crypto/dh.h" #include "crypto/dsa.h" #include "crypto/ec.h" #include "crypto/ecx.h" #include "crypto/rsa.h" -#include "crypto/x509.h" +#ifndef FIPS_MODULE +# include "crypto/asn1.h" +# include "crypto/x509.h" +#endif #include "internal/provider.h" #include "evp_local.h" diff --git a/crypto/evp/pmeth_check.c b/crypto/evp/pmeth_check.c index 112965e7944..2ecf2d02518 100644 --- a/crypto/evp/pmeth_check.c +++ b/crypto/evp/pmeth_check.c @@ -13,7 +13,9 @@ #include #include #include "crypto/bn.h" -#include "crypto/asn1.h" +#ifndef FIPS_MODULE +# include "crypto/asn1.h" +#endif #include "crypto/evp.h" #include "evp_local.h" diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index 2d96e3c227f..af3d990869d 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -16,7 +16,9 @@ #include #include #include "crypto/bn.h" -#include "crypto/asn1.h" +#ifndef FIPS_MODULE +# include "crypto/asn1.h" +#endif #include "crypto/evp.h" #include "evp_local.h" diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 1256e981eb8..c214163588c 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -15,15 +15,18 @@ #include #include -#include +#ifndef FIPS_MODULE +# include +#endif #include -#include #include #include #include #include #include "internal/cryptlib.h" -#include "crypto/asn1.h" +#ifndef FIPS_MODULE +# include "crypto/asn1.h" +#endif #include "crypto/evp.h" #include "crypto/dh.h" #include "crypto/ec.h" diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c index e824dcaf3cd..85ad54e4cfd 100644 --- a/crypto/rsa/rsa_backend.c +++ b/crypto/rsa/rsa_backend.c @@ -18,9 +18,12 @@ #include #include #include +#ifndef FIPS_MODULE +# include +# include "crypto/asn1.h" +#endif #include "internal/sizes.h" #include "internal/param_build_set.h" -#include "crypto/asn1.h" #include "crypto/rsa.h" #include "rsa_local.h" diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 70eaa59a8b3..64332825970 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -15,7 +15,9 @@ #include #include -#include +#ifndef FIPS_MODULE +# include +#endif #include #include #include "internal/cryptlib.h" diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 21a2e9d727b..c5a664dc0b0 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -18,22 +18,22 @@ #include #include #include -#include -#include "crypto/x509.h" -#ifndef OPENSSL_NO_MD2 -# include /* uses MD2_DIGEST_LENGTH */ -#endif -#ifndef OPENSSL_NO_MD4 -# include /* uses MD4_DIGEST_LENGTH */ -#endif -#ifndef OPENSSL_NO_MD5 -# include /* uses MD5_DIGEST_LENGTH */ -#endif -#ifndef OPENSSL_NO_MDC2 -# include /* uses MDC2_DIGEST_LENGTH */ -#endif -#ifndef OPENSSL_NO_RMD160 -# include /* uses RIPEMD160_DIGEST_LENGTH */ +#ifndef FIPS_MODULE +# ifndef OPENSSL_NO_MD2 +# include /* uses MD2_DIGEST_LENGTH */ +# endif +# ifndef OPENSSL_NO_MD4 +# include /* uses MD4_DIGEST_LENGTH */ +# endif +# ifndef OPENSSL_NO_MD5 +# include /* uses MD5_DIGEST_LENGTH */ +# endif +# ifndef OPENSSL_NO_MDC2 +# include /* uses MDC2_DIGEST_LENGTH */ +# endif +# ifndef OPENSSL_NO_RMD160 +# include /* uses RIPEMD160_DIGEST_LENGTH */ +# endif #endif #include /* uses SHA???_DIGEST_LENGTH */ #include "crypto/rsa.h" diff --git a/include/crypto/dh.h b/include/crypto/dh.h index 8613f9038e8..f6be4ae006a 100644 --- a/include/crypto/dh.h +++ b/include/crypto/dh.h @@ -14,7 +14,6 @@ # include # include # include -# include # include "internal/ffc.h" DH *ossl_dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid); diff --git a/include/crypto/dsa.h b/include/crypto/dsa.h index dad056bb28a..eedbd8c7d10 100644 --- a/include/crypto/dsa.h +++ b/include/crypto/dsa.h @@ -13,7 +13,6 @@ # include # include -# include # include "internal/ffc.h" #define DSA_PARAMGEN_TYPE_FIPS_186_4 0 /* Use FIPS186-4 standard */ diff --git a/include/crypto/ec.h b/include/crypto/ec.h index 77972c3650b..62163b31ac1 100644 --- a/include/crypto/ec.h +++ b/include/crypto/ec.h @@ -24,7 +24,6 @@ int evp_pkey_ctx_set_ec_param_enc_prov(EVP_PKEY_CTX *ctx, int param_enc); # ifndef OPENSSL_NO_EC # include # include -# include # include "crypto/types.h" /*- diff --git a/include/crypto/ecx.h b/include/crypto/ecx.h index 82671a8f4dc..48b95fa5bac 100644 --- a/include/crypto/ecx.h +++ b/include/crypto/ecx.h @@ -20,7 +20,6 @@ # include # include # include -# include # include "internal/refcount.h" # include "crypto/types.h" diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h index cc67e1f7098..100e7ceb059 100644 --- a/include/crypto/rsa.h +++ b/include/crypto/rsa.h @@ -13,7 +13,6 @@ # include # include -# include # include "crypto/types.h" #define RSA_MIN_MODULUS_BITS 512 diff --git a/providers/common/include/prov/provider_util.h b/providers/common/include/prov/provider_util.h index 1f6f4687ad5..fa73e465067 100644 --- a/providers/common/include/prov/provider_util.h +++ b/providers/common/include/prov/provider_util.h @@ -8,7 +8,7 @@ */ #include -#include +#include typedef struct { /* diff --git a/providers/common/provider_util.c b/providers/common/provider_util.c index 30fe7c6b213..662175c2f3b 100644 --- a/providers/common/provider_util.c +++ b/providers/common/provider_util.c @@ -14,6 +14,9 @@ #include #include #include +#ifndef FIPS_MODULE +# include +#endif #include "prov/provider_util.h" #include "internal/nelem.h" diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c index e1e2609dfa3..63553996bd9 100644 --- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c +++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c @@ -18,6 +18,9 @@ #include #include #include +#ifndef FIPS_MODULE +# include +#endif #include "internal/param_build_set.h" #include "prov/implementations.h" #include "prov/providercommon.h" diff --git a/providers/implementations/macs/cmac_prov.c b/providers/implementations/macs/cmac_prov.c index 22912760351..b44f13b5fae 100644 --- a/providers/implementations/macs/cmac_prov.c +++ b/providers/implementations/macs/cmac_prov.c @@ -16,7 +16,6 @@ #include #include #include -#include #include #include @@ -111,7 +110,7 @@ static int cmac_setkey(struct cmac_data_st *macctx, ossl_prov_cipher_cipher(&macctx->cipher), ossl_prov_cipher_engine(&macctx->cipher)); ossl_prov_cipher_reset(&macctx->cipher); - return rv; + return rv; } static int cmac_init(void *vmacctx, const unsigned char *key, diff --git a/providers/implementations/macs/gmac_prov.c b/providers/implementations/macs/gmac_prov.c index 29fb9f87df3..89904fc89d4 100644 --- a/providers/implementations/macs/gmac_prov.c +++ b/providers/implementations/macs/gmac_prov.c @@ -11,7 +11,6 @@ #include #include #include -#include #include #include #include diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c index 3a0679ce8f8..78c4924a38c 100644 --- a/providers/implementations/macs/hmac_prov.c +++ b/providers/implementations/macs/hmac_prov.c @@ -18,7 +18,6 @@ #include #include #include -#include #include #include diff --git a/providers/implementations/signature/mac_legacy_sig.c b/providers/implementations/signature/mac_legacy_sig.c index d9fd1052890..06f79505ff4 100644 --- a/providers/implementations/signature/mac_legacy_sig.c +++ b/providers/implementations/signature/mac_legacy_sig.c @@ -16,6 +16,9 @@ #include #include #include +#ifndef FIPS_MODULE +# include +#endif #include "prov/implementations.h" #include "prov/provider_ctx.h" #include "prov/macsignature.h" diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index b0e3496ba22..85f296b8078 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -27,7 +27,9 @@ #include "internal/cryptlib.h" #include -#include +#ifndef FIPS_MODULE +# include +#endif #include char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);