From 3f773c911a03c5be2eff00beaf94e88f1d997b22 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 1 Jul 2021 17:41:02 +0200 Subject: [PATCH] fips module header inclusion fine-tunning Reviewed-by: Richard Levitte Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15974) --- crypto/dh/dh_backend.c | 3 ++ crypto/dh/dh_lib.c | 4 ++- crypto/dsa/dsa_backend.c | 3 ++ crypto/dsa/dsa_lib.c | 4 ++- crypto/ec/ec_backend.c | 5 ++- crypto/ec/ec_key.c | 4 ++- crypto/ec/ec_kmeth.c | 4 ++- crypto/ec/ecx_backend.c | 3 ++ crypto/evp/digest.c | 4 ++- crypto/evp/evp_enc.c | 4 ++- crypto/evp/evp_lib.c | 2 +- crypto/evp/evp_rand.c | 5 --- crypto/evp/kdf_lib.c | 3 -- crypto/evp/keymgmt_lib.c | 1 - crypto/evp/m_sigver.c | 1 - crypto/evp/p_lib.c | 11 ++++--- crypto/evp/pmeth_check.c | 4 ++- crypto/evp/pmeth_gn.c | 4 ++- crypto/evp/pmeth_lib.c | 9 ++++-- crypto/rsa/rsa_backend.c | 5 ++- crypto/rsa/rsa_lib.c | 4 ++- crypto/rsa/rsa_sign.c | 32 +++++++++---------- include/crypto/dh.h | 1 - include/crypto/dsa.h | 1 - include/crypto/ec.h | 1 - include/crypto/ecx.h | 1 - include/crypto/rsa.h | 1 - providers/common/include/prov/provider_util.h | 2 +- providers/common/provider_util.c | 3 ++ .../keymgmt/mac_legacy_kmgmt.c | 3 ++ providers/implementations/macs/cmac_prov.c | 3 +- providers/implementations/macs/gmac_prov.c | 1 - providers/implementations/macs/hmac_prov.c | 1 - .../signature/mac_legacy_sig.c | 3 ++ ssl/s3_cbc.c | 4 ++- 35 files changed, 88 insertions(+), 56 deletions(-) diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c index a727d5c87b..7bd5c617de 100644 --- a/crypto/dh/dh_backend.c +++ b/crypto/dh/dh_backend.c @@ -15,6 +15,9 @@ #include #include +#ifndef FIPS_MODULE +# include +#endif #include "internal/param_build_set.h" #include "crypto/dh.h" #include "dh_local.h" diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 7154f8c2ab..29cda5d7bf 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -15,7 +15,9 @@ #include #include -#include +#ifndef FIPS_MODULE +# include +#endif #include #include #include "internal/cryptlib.h" diff --git a/crypto/dsa/dsa_backend.c b/crypto/dsa/dsa_backend.c index e4fa070f23..5e3ff85154 100644 --- a/crypto/dsa/dsa_backend.c +++ b/crypto/dsa/dsa_backend.c @@ -15,6 +15,9 @@ #include #include +#ifndef FIPS_MODULE +# include +#endif #include "crypto/dsa.h" #include "dsa_local.h" diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 5512b99ef1..ccc7016592 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -14,7 +14,9 @@ #include "internal/deprecated.h" #include -#include +#ifndef FIPS_MODULE +# include +#endif #include "internal/cryptlib.h" #include "internal/refcount.h" #include "crypto/dsa.h" diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c index 9b4467f2be..381da71f33 100644 --- a/crypto/ec/ec_backend.c +++ b/crypto/ec/ec_backend.c @@ -17,7 +17,10 @@ #include #include #include -#include +#ifndef FIPS_MODULE +# include +# include +#endif #include "crypto/bn.h" #include "crypto/ec.h" #include "ec_local.h" diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index ba6b8df514..eb14f4e409 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -19,7 +19,9 @@ #include "ec_local.h" #include "internal/refcount.h" #include -#include +#ifndef FIPS_MODULE +# include +#endif #include #include "prov/providercommon.h" #include "crypto/bn.h" diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c index 91b7a44082..8c011635cb 100644 --- a/crypto/ec/ec_kmeth.c +++ b/crypto/ec/ec_kmeth.c @@ -15,7 +15,9 @@ #include #include -#include +#ifndef FIPS_MODULE +# include +#endif #include #include "ec_local.h" diff --git a/crypto/ec/ecx_backend.c b/crypto/ec/ecx_backend.c index 14278592cd..a0144d5a86 100644 --- a/crypto/ec/ecx_backend.c +++ b/crypto/ec/ecx_backend.c @@ -13,6 +13,9 @@ #include #include #include +#ifndef FIPS_MODULE +# include +#endif #include "crypto/ecx.h" #include "ecx_backend.h" diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 4a5c926103..1f2910bc69 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -14,7 +14,9 @@ #include #include #include -#include +#ifndef FIPS_MODULE +# include +#endif #include #include #include "internal/cryptlib.h" diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 3a8e2c643e..e0f411aa06 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -16,7 +16,9 @@ #include #include #include -#include +#ifndef FIPS_MODULE +# include +#endif #include #include #include "internal/cryptlib.h" diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 0b08c9adfd..f78df52ab1 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -25,11 +25,11 @@ #include #include #include "crypto/evp.h" -#include "crypto/asn1.h" #include "internal/provider.h" #include "evp_local.h" #if !defined(FIPS_MODULE) +# include "crypto/asn1.h" int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { diff --git a/crypto/evp/evp_rand.c b/crypto/evp/evp_rand.c index 7b1a44241e..0db755e06b 100644 --- a/crypto/evp/evp_rand.c +++ b/crypto/evp/evp_rand.c @@ -7,13 +7,9 @@ * https://www.openssl.org/source/license.html */ -#include - #include #include -#include #include -#include #include #include #include @@ -22,7 +18,6 @@ #include "internal/numbers.h" #include "internal/provider.h" #include "internal/core.h" -#include "crypto/asn1.h" #include "crypto/evp.h" #include "evp_local.h" diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c index 5552b26601..8177626ae0 100644 --- a/crypto/evp/kdf_lib.c +++ b/crypto/evp/kdf_lib.c @@ -11,13 +11,10 @@ #include #include #include "internal/cryptlib.h" -#include #include -#include #include #include #include -#include "crypto/asn1.h" #include "crypto/evp.h" #include "internal/numbers.h" #include "internal/provider.h" diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c index f3dd876cfd..32e4fbcbaa 100644 --- a/crypto/evp/keymgmt_lib.c +++ b/crypto/evp/keymgmt_lib.c @@ -11,7 +11,6 @@ #include "internal/cryptlib.h" #include "internal/nelem.h" #include "crypto/evp.h" -#include "crypto/asn1.h" #include "internal/core.h" #include "internal/provider.h" #include "evp_local.h" diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 0da6498030..5c5ed05876 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -11,7 +11,6 @@ #include "internal/cryptlib.h" #include #include -#include #include "crypto/evp.h" #include "internal/provider.h" #include "internal/numbers.h" /* includes SIZE_MAX */ diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 07be8884fe..fa3a0258fa 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -22,13 +22,14 @@ #include #include #include -#include #include #include #include #include #include -#include +#ifndef FIPS_MODULE +# include +#endif #include #include #include @@ -36,14 +37,16 @@ #include "internal/numbers.h" /* includes SIZE_MAX */ #include "internal/ffc.h" -#include "crypto/asn1.h" #include "crypto/evp.h" #include "crypto/dh.h" #include "crypto/dsa.h" #include "crypto/ec.h" #include "crypto/ecx.h" #include "crypto/rsa.h" -#include "crypto/x509.h" +#ifndef FIPS_MODULE +# include "crypto/asn1.h" +# include "crypto/x509.h" +#endif #include "internal/provider.h" #include "evp_local.h" diff --git a/crypto/evp/pmeth_check.c b/crypto/evp/pmeth_check.c index 112965e794..2ecf2d0251 100644 --- a/crypto/evp/pmeth_check.c +++ b/crypto/evp/pmeth_check.c @@ -13,7 +13,9 @@ #include #include #include "crypto/bn.h" -#include "crypto/asn1.h" +#ifndef FIPS_MODULE +# include "crypto/asn1.h" +#endif #include "crypto/evp.h" #include "evp_local.h" diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index 2d96e3c227..af3d990869 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -16,7 +16,9 @@ #include #include #include "crypto/bn.h" -#include "crypto/asn1.h" +#ifndef FIPS_MODULE +# include "crypto/asn1.h" +#endif #include "crypto/evp.h" #include "evp_local.h" diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 1256e981eb..c214163588 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -15,15 +15,18 @@ #include #include -#include +#ifndef FIPS_MODULE +# include +#endif #include -#include #include #include #include #include #include "internal/cryptlib.h" -#include "crypto/asn1.h" +#ifndef FIPS_MODULE +# include "crypto/asn1.h" +#endif #include "crypto/evp.h" #include "crypto/dh.h" #include "crypto/ec.h" diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c index e824dcaf3c..85ad54e4cf 100644 --- a/crypto/rsa/rsa_backend.c +++ b/crypto/rsa/rsa_backend.c @@ -18,9 +18,12 @@ #include #include #include +#ifndef FIPS_MODULE +# include +# include "crypto/asn1.h" +#endif #include "internal/sizes.h" #include "internal/param_build_set.h" -#include "crypto/asn1.h" #include "crypto/rsa.h" #include "rsa_local.h" diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 70eaa59a8b..6433282597 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -15,7 +15,9 @@ #include #include -#include +#ifndef FIPS_MODULE +# include +#endif #include #include #include "internal/cryptlib.h" diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 21a2e9d727..c5a664dc0b 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -18,22 +18,22 @@ #include #include #include -#include -#include "crypto/x509.h" -#ifndef OPENSSL_NO_MD2 -# include /* uses MD2_DIGEST_LENGTH */ -#endif -#ifndef OPENSSL_NO_MD4 -# include /* uses MD4_DIGEST_LENGTH */ -#endif -#ifndef OPENSSL_NO_MD5 -# include /* uses MD5_DIGEST_LENGTH */ -#endif -#ifndef OPENSSL_NO_MDC2 -# include /* uses MDC2_DIGEST_LENGTH */ -#endif -#ifndef OPENSSL_NO_RMD160 -# include /* uses RIPEMD160_DIGEST_LENGTH */ +#ifndef FIPS_MODULE +# ifndef OPENSSL_NO_MD2 +# include /* uses MD2_DIGEST_LENGTH */ +# endif +# ifndef OPENSSL_NO_MD4 +# include /* uses MD4_DIGEST_LENGTH */ +# endif +# ifndef OPENSSL_NO_MD5 +# include /* uses MD5_DIGEST_LENGTH */ +# endif +# ifndef OPENSSL_NO_MDC2 +# include /* uses MDC2_DIGEST_LENGTH */ +# endif +# ifndef OPENSSL_NO_RMD160 +# include /* uses RIPEMD160_DIGEST_LENGTH */ +# endif #endif #include /* uses SHA???_DIGEST_LENGTH */ #include "crypto/rsa.h" diff --git a/include/crypto/dh.h b/include/crypto/dh.h index 8613f9038e..f6be4ae006 100644 --- a/include/crypto/dh.h +++ b/include/crypto/dh.h @@ -14,7 +14,6 @@ # include # include # include -# include # include "internal/ffc.h" DH *ossl_dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid); diff --git a/include/crypto/dsa.h b/include/crypto/dsa.h index dad056bb28..eedbd8c7d1 100644 --- a/include/crypto/dsa.h +++ b/include/crypto/dsa.h @@ -13,7 +13,6 @@ # include # include -# include # include "internal/ffc.h" #define DSA_PARAMGEN_TYPE_FIPS_186_4 0 /* Use FIPS186-4 standard */ diff --git a/include/crypto/ec.h b/include/crypto/ec.h index 77972c3650..62163b31ac 100644 --- a/include/crypto/ec.h +++ b/include/crypto/ec.h @@ -24,7 +24,6 @@ int evp_pkey_ctx_set_ec_param_enc_prov(EVP_PKEY_CTX *ctx, int param_enc); # ifndef OPENSSL_NO_EC # include # include -# include # include "crypto/types.h" /*- diff --git a/include/crypto/ecx.h b/include/crypto/ecx.h index 82671a8f4d..48b95fa5ba 100644 --- a/include/crypto/ecx.h +++ b/include/crypto/ecx.h @@ -20,7 +20,6 @@ # include # include # include -# include # include "internal/refcount.h" # include "crypto/types.h" diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h index cc67e1f709..100e7ceb05 100644 --- a/include/crypto/rsa.h +++ b/include/crypto/rsa.h @@ -13,7 +13,6 @@ # include # include -# include # include "crypto/types.h" #define RSA_MIN_MODULUS_BITS 512 diff --git a/providers/common/include/prov/provider_util.h b/providers/common/include/prov/provider_util.h index 1f6f4687ad..fa73e46506 100644 --- a/providers/common/include/prov/provider_util.h +++ b/providers/common/include/prov/provider_util.h @@ -8,7 +8,7 @@ */ #include -#include +#include typedef struct { /* diff --git a/providers/common/provider_util.c b/providers/common/provider_util.c index 30fe7c6b21..662175c2f3 100644 --- a/providers/common/provider_util.c +++ b/providers/common/provider_util.c @@ -14,6 +14,9 @@ #include #include #include +#ifndef FIPS_MODULE +# include +#endif #include "prov/provider_util.h" #include "internal/nelem.h" diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c index e1e2609dfa..63553996bd 100644 --- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c +++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c @@ -18,6 +18,9 @@ #include #include #include +#ifndef FIPS_MODULE +# include +#endif #include "internal/param_build_set.h" #include "prov/implementations.h" #include "prov/providercommon.h" diff --git a/providers/implementations/macs/cmac_prov.c b/providers/implementations/macs/cmac_prov.c index 2291276035..b44f13b5fa 100644 --- a/providers/implementations/macs/cmac_prov.c +++ b/providers/implementations/macs/cmac_prov.c @@ -16,7 +16,6 @@ #include #include #include -#include #include #include @@ -111,7 +110,7 @@ static int cmac_setkey(struct cmac_data_st *macctx, ossl_prov_cipher_cipher(&macctx->cipher), ossl_prov_cipher_engine(&macctx->cipher)); ossl_prov_cipher_reset(&macctx->cipher); - return rv; + return rv; } static int cmac_init(void *vmacctx, const unsigned char *key, diff --git a/providers/implementations/macs/gmac_prov.c b/providers/implementations/macs/gmac_prov.c index 29fb9f87df..89904fc89d 100644 --- a/providers/implementations/macs/gmac_prov.c +++ b/providers/implementations/macs/gmac_prov.c @@ -11,7 +11,6 @@ #include #include #include -#include #include #include #include diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c index 3a0679ce8f..78c4924a38 100644 --- a/providers/implementations/macs/hmac_prov.c +++ b/providers/implementations/macs/hmac_prov.c @@ -18,7 +18,6 @@ #include #include #include -#include #include #include diff --git a/providers/implementations/signature/mac_legacy_sig.c b/providers/implementations/signature/mac_legacy_sig.c index d9fd105289..06f79505ff 100644 --- a/providers/implementations/signature/mac_legacy_sig.c +++ b/providers/implementations/signature/mac_legacy_sig.c @@ -16,6 +16,9 @@ #include #include #include +#ifndef FIPS_MODULE +# include +#endif #include "prov/implementations.h" #include "prov/provider_ctx.h" #include "prov/macsignature.h" diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index b0e3496ba2..85f296b807 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -27,7 +27,9 @@ #include "internal/cryptlib.h" #include -#include +#ifndef FIPS_MODULE +# include +#endif #include char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);