[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Wed Feb 4 19:15:24 UTC 2015
The branch master has been updated
via f0983d3953fdc3e162e97ae4d35086e687aa4c89 (commit)
via 5496cd3e5d9a0ab4c1235bdda9872eeb5ec130bb (commit)
from 6922ddee1b7b1bddbe0d59a5bbdcf8ff39343434 (commit)
- Log -----------------------------------------------------------------
commit f0983d3953fdc3e162e97ae4d35086e687aa4c89
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sun Feb 1 14:51:46 2015 +0000
Updates to reformat script.
Don't change files if they're unmodified.
Indicate which files have changed and a summary.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 5496cd3e5d9a0ab4c1235bdda9872eeb5ec130bb
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Feb 3 22:53:15 2015 +0000
More unused FIPS module code.
Remove fips_algvs.c
Remove unused fips module build code from Configure and Makefile.org
Reviewed-by: Tim Hudson <tjh at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
Configure | 34 +----
Makefile.org | 84 ------------
test/Makefile | 2 +-
test/fips_algvs.c | 312 --------------------------------------------
util/openssl-format-source | 26 +++-
5 files changed, 23 insertions(+), 435 deletions(-)
delete mode 100644 test/fips_algvs.c
diff --git a/Configure b/Configure
index d56c3d9..c9d3aeb 100755
--- a/Configure
+++ b/Configure
@@ -1124,24 +1124,7 @@ my $IsMK1MF=scalar grep /^$target$/, at MK1MF_Builds;
$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/);
$exe_ext=".nlm" if ($target =~ /netware/);
$exe_ext=".pm" if ($target =~ /vos/);
-if ($openssldir eq "" and $prefix eq "")
- {
- if ($fips)
- {
- if (exists $ENV{FIPSDIR})
- {
- $openssldir="$ENV{FIPSDIR}";
- }
- else
- {
- $openssldir="/usr/local/ssl/fips-2.0";
- }
- }
- else
- {
- $openssldir="/usr/local/ssl";
- }
- }
+$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
$prefix=$openssldir if $prefix eq "";
$default_ranlib= &which("ranlib") or $default_ranlib="true";
@@ -1149,10 +1132,6 @@ $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
or $perl="perl";
my $make = $ENV{'MAKE'} || "make";
-my $fips_auth_key = $ENV{'FIPS_AUTH_KEY'};
-my $fips_auth_officer = $ENV{'FIPS_AUTH_OFFICER'};
-my $fips_auth_user = $ENV{'FIPS_AUTH_USER'};
-
$cross_compile_prefix=$ENV{'CROSS_COMPILE'} if $cross_compile_prefix eq "";
chop $openssldir if $openssldir =~ /\/$/;
@@ -2027,16 +2006,9 @@ BEGIN
BEGIN
BLOCK "040904b0"
BEGIN
-#if defined(FIPS)
- VALUE "Comments", "WARNING: TEST VERSION ONLY ***NOT*** FIPS 140-2 VALIDATED.\\0"
-#endif
// Required:
VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0"
-#if defined(FIPS)
- VALUE "FileDescription", "TEST UNVALIDATED FIPS140-2 DLL\\0"
-#else
VALUE "FileDescription", "OpenSSL Shared Library\\0"
-#endif
VALUE "FileVersion", "$version\\0"
#if defined(CRYPTO)
VALUE "InternalName", "libeay32\\0"
@@ -2044,10 +2016,6 @@ BEGIN
#elif defined(SSL)
VALUE "InternalName", "ssleay32\\0"
VALUE "OriginalFilename", "ssleay32.dll\\0"
-#elif defined(FIPS)
- VALUE "InternalName", "libosslfips\\0"
- VALUE "OriginalFilename", "libosslfips.dll\\0"
-#endif
VALUE "ProductName", "The OpenSSL Toolkit\\0"
VALUE "ProductVersion", "$version\\0"
// Optional:
diff --git a/Makefile.org b/Makefile.org
index 2e4c76e..3fa129c 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -245,7 +245,6 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
PERLASM_SCHEME='$(PERLASM_SCHEME)' \
FIPSLIBDIR='${FIPSLIBDIR}' \
FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
- FIPS_EX_OBJ='${FIPS_EX_OBJ}' \
THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
# which in turn eliminates ambiguities in variable treatment with -e.
@@ -277,89 +276,6 @@ BUILD_ONE_CMD=\
reflect:
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
-FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
- ../crypto/aes/aes_ecb.o \
- ../crypto/aes/aes_ofb.o \
- ../crypto/bn/bn_add.o \
- ../crypto/bn/bn_blind.o \
- ../crypto/bn/bn_ctx.o \
- ../crypto/bn/bn_div.o \
- ../crypto/bn/bn_exp2.o \
- ../crypto/bn/bn_exp.o \
- ../crypto/bn/bn_gcd.o \
- ../crypto/bn/bn_gf2m.o \
- ../crypto/bn/bn_lib.o \
- ../crypto/bn/bn_mod.o \
- ../crypto/bn/bn_mont.o \
- ../crypto/bn/bn_mul.o \
- ../crypto/bn/bn_nist.o \
- ../crypto/bn/bn_prime.o \
- ../crypto/bn/bn_rand.o \
- ../crypto/bn/bn_recp.o \
- ../crypto/bn/bn_shift.o \
- ../crypto/bn/bn_sqr.o \
- ../crypto/bn/bn_word.o \
- ../crypto/bn/bn_x931p.o \
- ../crypto/buffer/buf_str.o \
- ../crypto/cmac/cmac.o \
- ../crypto/cryptlib.o \
- ../crypto/des/cfb64ede.o \
- ../crypto/des/cfb64enc.o \
- ../crypto/des/cfb_enc.o \
- ../crypto/des/ecb3_enc.o \
- ../crypto/des/ofb64ede.o \
- ../crypto/des/fcrypt.o \
- ../crypto/des/set_key.o \
- ../crypto/dh/dh_check.o \
- ../crypto/dh/dh_gen.o \
- ../crypto/dh/dh_key.o \
- ../crypto/dsa/dsa_gen.o \
- ../crypto/dsa/dsa_key.o \
- ../crypto/dsa/dsa_ossl.o \
- ../crypto/ec/ec_curve.o \
- ../crypto/ec/ec_cvt.o \
- ../crypto/ec/ec_key.o \
- ../crypto/ec/ec_lib.o \
- ../crypto/ec/ecp_mont.o \
- ../crypto/ec/ec_mult.o \
- ../crypto/ec/ecp_nist.o \
- ../crypto/ec/ecp_smpl.o \
- ../crypto/ec/ec2_mult.o \
- ../crypto/ec/ec2_smpl.o \
- ../crypto/ecdh/ech_key.o \
- ../crypto/ecdh/ech_ossl.o \
- ../crypto/ecdsa/ecs_ossl.o \
- ../crypto/evp/e_aes.o \
- ../crypto/evp/e_des3.o \
- ../crypto/evp/e_null.o \
- ../crypto/evp/m_sha1.o \
- ../crypto/evp/m_dss1.o \
- ../crypto/evp/m_dss.o \
- ../crypto/evp/m_ecdsa.o \
- ../crypto/hmac/hmac.o \
- ../crypto/modes/cbc128.o \
- ../crypto/modes/ccm128.o \
- ../crypto/modes/cfb128.o \
- ../crypto/modes/ctr128.o \
- ../crypto/modes/gcm128.o \
- ../crypto/modes/ofb128.o \
- ../crypto/modes/xts128.o \
- ../crypto/rsa/rsa_eay.o \
- ../crypto/rsa/rsa_gen.o \
- ../crypto/rsa/rsa_crpt.o \
- ../crypto/rsa/rsa_none.o \
- ../crypto/rsa/rsa_oaep.o \
- ../crypto/rsa/rsa_pk1.o \
- ../crypto/rsa/rsa_pss.o \
- ../crypto/rsa/rsa_ssl.o \
- ../crypto/rsa/rsa_x931.o \
- ../crypto/rsa/rsa_x931g.o \
- ../crypto/sha/sha1dgst.o \
- ../crypto/sha/sha256.o \
- ../crypto/sha/sha512.o \
- ../crypto/thr_id.o \
- ../crypto/uid.o
-
sub_all: build_all
build_all: build_libs build_apps build_tests build_tools
diff --git a/test/Makefile b/test/Makefile
index f0eb183..fa5bd9f 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -12,7 +12,7 @@ PERL= perl
# KRB5 stuff
KRB5_INCLUDES=
LIBKRB5=
-TEST= fips_algvs.c igetest.c
+TEST= igetest.c
PEX_LIBS=
EX_LIBS= #-lnsl -lsocket
diff --git a/test/fips_algvs.c b/test/fips_algvs.c
deleted file mode 100644
index 18a5bab..0000000
--- a/test/fips_algvs.c
+++ /dev/null
@@ -1,312 +0,0 @@
-/* test/fips_algvs.c */
-/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
- * 2011
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_FIPS
-# include <stdio.h>
-
-int main(int argc, char **argv)
-{
- printf("No FIPS ALGVS support\n");
- return 0;
-}
-#else
-
-# define FIPS_ALGVS
-
-extern int fips_aesavs_main(int argc, char **argv);
-extern int fips_cmactest_main(int argc, char **argv);
-extern int fips_desmovs_main(int argc, char **argv);
-extern int fips_dhvs_main(int argc, char **argv);
-extern int fips_drbgvs_main(int argc, char **argv);
-extern int fips_dssvs_main(int argc, char **argv);
-extern int fips_ecdhvs_main(int argc, char **argv);
-extern int fips_ecdsavs_main(int argc, char **argv);
-extern int fips_gcmtest_main(int argc, char **argv);
-extern int fips_hmactest_main(int argc, char **argv);
-extern int fips_rngvs_main(int argc, char **argv);
-extern int fips_rsagtest_main(int argc, char **argv);
-extern int fips_rsastest_main(int argc, char **argv);
-extern int fips_rsavtest_main(int argc, char **argv);
-extern int fips_shatest_main(int argc, char **argv);
-extern int fips_test_suite_main(int argc, char **argv);
-
-# include "fips_aesavs.c"
-# include "fips_cmactest.c"
-# include "fips_desmovs.c"
-# include "fips_dhvs.c"
-# include "fips_drbgvs.c"
-# include "fips_dssvs.c"
-# include "fips_ecdhvs.c"
-# include "fips_ecdsavs.c"
-# include "fips_gcmtest.c"
-# include "fips_hmactest.c"
-# include "fips_rngvs.c"
-# include "fips_rsagtest.c"
-# include "fips_rsastest.c"
-# include "fips_rsavtest.c"
-# include "fips_shatest.c"
-# include "fips_test_suite.c"
-
-typedef struct {
- const char *name;
- int (*func) (int argc, char **argv);
-} ALGVS_FUNCTION;
-
-static ALGVS_FUNCTION algvs[] = {
- {"fips_aesavs", fips_aesavs_main},
- {"fips_cmactest", fips_cmactest_main},
- {"fips_desmovs", fips_desmovs_main},
- {"fips_dhvs", fips_dhvs_main},
- {"fips_drbgvs", fips_drbgvs_main},
- {"fips_dssvs", fips_dssvs_main},
- {"fips_ecdhvs", fips_ecdhvs_main},
- {"fips_ecdsavs", fips_ecdsavs_main},
- {"fips_gcmtest", fips_gcmtest_main},
- {"fips_hmactest", fips_hmactest_main},
- {"fips_rngvs", fips_rngvs_main},
- {"fips_rsagtest", fips_rsagtest_main},
- {"fips_rsastest", fips_rsastest_main},
- {"fips_rsavtest", fips_rsavtest_main},
- {"fips_shatest", fips_shatest_main},
- {"fips_test_suite", fips_test_suite_main},
- {NULL, 0}
-};
-
-/* Argument parsing taken from apps/apps.c */
-
-typedef struct args_st {
- char **data;
- int count;
-} ARGS;
-
-static int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
-{
- int num, i;
- char *p;
-
- *argc = 0;
- *argv = NULL;
-
- i = 0;
- if (arg->count == 0) {
- arg->count = 20;
- arg->data = (char **)OPENSSL_malloc(sizeof(char *) * arg->count);
- }
- for (i = 0; i < arg->count; i++)
- arg->data[i] = NULL;
-
- num = 0;
- p = buf;
- for (;;) {
- /* first scan over white space */
- if (!*p)
- break;
- while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
- p++;
- if (!*p)
- break;
-
- /* The start of something good :-) */
- if (num >= arg->count) {
- fprintf(stderr, "Too many arguments!!\n");
- return 0;
- }
- arg->data[num++] = p;
-
- /* now look for the end of this */
- if ((*p == '\'') || (*p == '\"')) { /* scan for closing quote */
- i = *(p++);
- arg->data[num - 1]++; /* jump over quote */
- while (*p && (*p != i))
- p++;
- *p = '\0';
- } else {
- while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
- p++;
-
- if (*p == '\0')
- p--;
- else
- *p = '\0';
- }
- p++;
- }
- *argc = num;
- *argv = arg->data;
- return (1);
-}
-
-static int run_prg(int argc, char **argv)
-{
- ALGVS_FUNCTION *t;
- const char *prg_name;
- prg_name = strrchr(argv[0], '/');
- if (prg_name)
- prg_name++;
- else
- prg_name = argv[0];
- for (t = algvs; t->name; t++) {
- if (!strcmp(prg_name, t->name))
- return t->func(argc, argv);
- }
- return -100;
-}
-
-int main(int argc, char **argv)
-{
- char buf[1024];
- char **args = argv + 1;
- const char *sname = "fipstests.sh";
- ARGS arg;
- int xargc;
- char **xargv;
- int lineno = 0, badarg = 0;
- int nerr = 0, quiet = 0, verbose = 0;
- int rv;
- FILE *in = NULL;
-# ifdef FIPS_ALGVS_MEMCHECK
- CRYPTO_malloc_debug_init();
- OPENSSL_init();
- CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-# endif
-
- if (*args && *args[0] != '-') {
- rv = run_prg(argc - 1, args);
-# ifdef FIPS_ALGVS_MEMCHECK
- CRYPTO_mem_leaks_fp(stderr);
-# endif
- return rv;
- }
- while (!badarg && *args && *args[0] == '-') {
- if (!strcmp(*args, "-script")) {
- if (args[1]) {
- args++;
- sname = *args;
- } else
- badarg = 1;
- } else if (!strcmp(*args, "-quiet"))
- quiet = 1;
- else if (!strcmp(*args, "-verbose"))
- verbose = 1;
- else
- badarg = 1;
- args++;
- }
-
- if (badarg) {
- fprintf(stderr, "Error processing arguments\n");
- return 1;
- }
-
- in = fopen(sname, "r");
- if (!in) {
- fprintf(stderr, "Error opening script file \"%s\"\n", sname);
- return 1;
- }
-
- arg.data = NULL;
- arg.count = 0;
-
- while (fgets(buf, sizeof(buf), in)) {
- lineno++;
- if (!chopup_args(&arg, buf, &xargc, &xargv))
- fprintf(stderr, "Error processing line %d\n", lineno);
- else {
- if (!quiet) {
- int i;
- int narg = verbose ? xargc : xargc - 2;
- printf("Running command line:");
- for (i = 0; i < narg; i++)
- printf(" %s", xargv[i]);
- printf("\n");
- }
- rv = run_prg(xargc, xargv);
- if (FIPS_module_mode())
- FIPS_module_mode_set(0, NULL);
- if (rv != 0)
- nerr++;
- if (rv == -100)
- fprintf(stderr, "ERROR: Command not found\n");
- else if (rv != 0)
- fprintf(stderr, "ERROR: returned %d\n", rv);
- else if (verbose)
- printf("\tCommand run successfully\n");
- }
- }
-
- if (!quiet)
- printf("Completed with %d errors\n", nerr);
-
- if (arg.data)
- OPENSSL_free(arg.data);
-
- fclose(in);
-# ifdef FIPS_ALGVS_MEMCHECK
- CRYPTO_mem_leaks_fp(stderr);
-# endif
- if (nerr == 0)
- return 0;
- return 1;
-}
-#endif
diff --git a/util/openssl-format-source b/util/openssl-format-source
index 4e90147..6380a10 100755
--- a/util/openssl-format-source
+++ b/util/openssl-format-source
@@ -30,6 +30,7 @@ VERBOSE=false
DONT=false
STOPARGS=false
COMMENTS=false
+CHANGED=false
DEBUG=""
# for this exercise, we want to force the openssl style, so we roll
@@ -82,10 +83,6 @@ do
fi
fi
- if [ "$VERBOSE" = "true" ]; then
- echo "$j"
- fi
-
if [ "$DONT" = "false" ]; then
tmp=$(mktemp /tmp/indent.XXXXXX)
trap 'rm -f "$tmp"' HUP INT TERM EXIT
@@ -138,7 +135,18 @@ do
else
expand "$j" | indent $INDENT_ARGS > "$tmp"
fi;
- mv "$tmp" "$j"
+ if cmp -s "$tmp" "$j"; then
+ if [ "$VERBOSE" = "true" ]; then
+ echo "$j unchanged"
+ fi
+ rm "$tmp"
+ else
+ if [ "$VERBOSE" = "true" ]; then
+ echo "$j changed"
+ fi
+ CHANGED=true
+ mv "$tmp" "$j"
+ fi
;;
esac
fi
@@ -146,3 +154,11 @@ do
done
+if [ "$VERBOSE" = "true" ]; then
+ echo
+ if [ "$CHANGED" = "true" ]; then
+ echo "SOURCE WAS MODIFIED"
+ else
+ echo "SOURCE WAS NOT MODIFIED"
+ fi
+fi
More information about the openssl-commits
mailing list