[openssl-commits] [openssl] master update

Dr. Stephen Henson steve at openssl.org
Wed Feb 4 19:15:24 UTC 2015


The branch master has been updated
       via  f0983d3953fdc3e162e97ae4d35086e687aa4c89 (commit)
       via  5496cd3e5d9a0ab4c1235bdda9872eeb5ec130bb (commit)
      from  6922ddee1b7b1bddbe0d59a5bbdcf8ff39343434 (commit)


- Log -----------------------------------------------------------------
commit f0983d3953fdc3e162e97ae4d35086e687aa4c89
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Sun Feb 1 14:51:46 2015 +0000

    Updates to reformat script.
    
    Don't change files if they're unmodified.
    
    Indicate which files have changed and a summary.
    Reviewed-by: Rich Salz <rsalz at openssl.org>

commit 5496cd3e5d9a0ab4c1235bdda9872eeb5ec130bb
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Tue Feb 3 22:53:15 2015 +0000

    More unused FIPS module code.
    
    Remove fips_algvs.c
    
    Remove unused fips module build code from Configure and Makefile.org
    Reviewed-by: Tim Hudson <tjh at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 Configure                  |   34 +----
 Makefile.org               |   84 ------------
 test/Makefile              |    2 +-
 test/fips_algvs.c          |  312 --------------------------------------------
 util/openssl-format-source |   26 +++-
 5 files changed, 23 insertions(+), 435 deletions(-)
 delete mode 100644 test/fips_algvs.c

diff --git a/Configure b/Configure
index d56c3d9..c9d3aeb 100755
--- a/Configure
+++ b/Configure
@@ -1124,24 +1124,7 @@ my $IsMK1MF=scalar grep /^$target$/, at MK1MF_Builds;
 $exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/);
 $exe_ext=".nlm" if ($target =~ /netware/);
 $exe_ext=".pm"  if ($target =~ /vos/);
-if ($openssldir eq "" and $prefix eq "")
-	{
-	if ($fips)
-		{
-		if (exists $ENV{FIPSDIR})
-			{
-			$openssldir="$ENV{FIPSDIR}";
-			}
-		else
-			{
-			$openssldir="/usr/local/ssl/fips-2.0";
-			}
-		}
-	else
-		{
-		$openssldir="/usr/local/ssl";
-		}
-	}
+$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
 $prefix=$openssldir if $prefix eq "";
 
 $default_ranlib= &which("ranlib") or $default_ranlib="true";
@@ -1149,10 +1132,6 @@ $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
   or $perl="perl";
 my $make = $ENV{'MAKE'} || "make";
 
-my $fips_auth_key = $ENV{'FIPS_AUTH_KEY'};
-my $fips_auth_officer = $ENV{'FIPS_AUTH_OFFICER'};
-my $fips_auth_user = $ENV{'FIPS_AUTH_USER'};
-
 $cross_compile_prefix=$ENV{'CROSS_COMPILE'} if $cross_compile_prefix eq "";
 
 chop $openssldir if $openssldir =~ /\/$/;
@@ -2027,16 +2006,9 @@ BEGIN
     BEGIN
 	BLOCK "040904b0"
 	BEGIN
-#if defined(FIPS)
-	    VALUE "Comments", "WARNING: TEST VERSION ONLY ***NOT*** FIPS 140-2 VALIDATED.\\0"
-#endif
 	    // Required:
 	    VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0"
-#if defined(FIPS)
-	    VALUE "FileDescription", "TEST UNVALIDATED FIPS140-2 DLL\\0"
-#else
 	    VALUE "FileDescription", "OpenSSL Shared Library\\0"
-#endif
 	    VALUE "FileVersion", "$version\\0"
 #if defined(CRYPTO)
 	    VALUE "InternalName", "libeay32\\0"
@@ -2044,10 +2016,6 @@ BEGIN
 #elif defined(SSL)
 	    VALUE "InternalName", "ssleay32\\0"
 	    VALUE "OriginalFilename", "ssleay32.dll\\0"
-#elif defined(FIPS)
-	    VALUE "InternalName", "libosslfips\\0"
-	    VALUE "OriginalFilename", "libosslfips.dll\\0"
-#endif
 	    VALUE "ProductName", "The OpenSSL Toolkit\\0"
 	    VALUE "ProductVersion", "$version\\0"
 	    // Optional:
diff --git a/Makefile.org b/Makefile.org
index 2e4c76e..3fa129c 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -245,7 +245,6 @@ BUILDENV=	PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
 		PERLASM_SCHEME='$(PERLASM_SCHEME)'		\
 		FIPSLIBDIR='${FIPSLIBDIR}'			\
 		FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}"	\
-		FIPS_EX_OBJ='${FIPS_EX_OBJ}'	\
 		THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
 # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
 # which in turn eliminates ambiguities in variable treatment with -e.
@@ -277,89 +276,6 @@ BUILD_ONE_CMD=\
 reflect:
 	@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
 
-FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
-	../crypto/aes/aes_ecb.o \
-	../crypto/aes/aes_ofb.o \
-	../crypto/bn/bn_add.o \
-	../crypto/bn/bn_blind.o \
-	../crypto/bn/bn_ctx.o \
-	../crypto/bn/bn_div.o \
-	../crypto/bn/bn_exp2.o \
-	../crypto/bn/bn_exp.o \
-	../crypto/bn/bn_gcd.o \
-	../crypto/bn/bn_gf2m.o \
-	../crypto/bn/bn_lib.o \
-	../crypto/bn/bn_mod.o \
-	../crypto/bn/bn_mont.o \
-	../crypto/bn/bn_mul.o \
-	../crypto/bn/bn_nist.o \
-	../crypto/bn/bn_prime.o \
-	../crypto/bn/bn_rand.o \
-	../crypto/bn/bn_recp.o \
-	../crypto/bn/bn_shift.o \
-	../crypto/bn/bn_sqr.o \
-	../crypto/bn/bn_word.o \
-	../crypto/bn/bn_x931p.o \
-	../crypto/buffer/buf_str.o \
-	../crypto/cmac/cmac.o \
-	../crypto/cryptlib.o \
-	../crypto/des/cfb64ede.o \
-	../crypto/des/cfb64enc.o \
-	../crypto/des/cfb_enc.o \
-	../crypto/des/ecb3_enc.o \
-	../crypto/des/ofb64ede.o \
-	../crypto/des/fcrypt.o \
-	../crypto/des/set_key.o \
-	../crypto/dh/dh_check.o \
-	../crypto/dh/dh_gen.o \
-	../crypto/dh/dh_key.o \
-	../crypto/dsa/dsa_gen.o \
-	../crypto/dsa/dsa_key.o \
-	../crypto/dsa/dsa_ossl.o \
-	../crypto/ec/ec_curve.o \
-	../crypto/ec/ec_cvt.o \
-	../crypto/ec/ec_key.o \
-	../crypto/ec/ec_lib.o \
-	../crypto/ec/ecp_mont.o \
-	../crypto/ec/ec_mult.o \
-	../crypto/ec/ecp_nist.o \
-	../crypto/ec/ecp_smpl.o \
-	../crypto/ec/ec2_mult.o \
-	../crypto/ec/ec2_smpl.o \
-	../crypto/ecdh/ech_key.o \
-	../crypto/ecdh/ech_ossl.o \
-	../crypto/ecdsa/ecs_ossl.o \
-	../crypto/evp/e_aes.o \
-	../crypto/evp/e_des3.o \
-	../crypto/evp/e_null.o \
-	../crypto/evp/m_sha1.o \
-	../crypto/evp/m_dss1.o \
-	../crypto/evp/m_dss.o \
-	../crypto/evp/m_ecdsa.o \
-	../crypto/hmac/hmac.o \
-	../crypto/modes/cbc128.o \
-	../crypto/modes/ccm128.o \
-	../crypto/modes/cfb128.o \
-	../crypto/modes/ctr128.o \
-	../crypto/modes/gcm128.o \
-	../crypto/modes/ofb128.o \
-	../crypto/modes/xts128.o \
-	../crypto/rsa/rsa_eay.o \
-	../crypto/rsa/rsa_gen.o \
-	../crypto/rsa/rsa_crpt.o \
-	../crypto/rsa/rsa_none.o \
-	../crypto/rsa/rsa_oaep.o \
-	../crypto/rsa/rsa_pk1.o \
-	../crypto/rsa/rsa_pss.o \
-	../crypto/rsa/rsa_ssl.o \
-	../crypto/rsa/rsa_x931.o \
-	../crypto/rsa/rsa_x931g.o \
-	../crypto/sha/sha1dgst.o \
-	../crypto/sha/sha256.o \
-	../crypto/sha/sha512.o \
-	../crypto/thr_id.o \
-	../crypto/uid.o
-
 sub_all: build_all
 
 build_all: build_libs build_apps build_tests build_tools
diff --git a/test/Makefile b/test/Makefile
index f0eb183..fa5bd9f 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -12,7 +12,7 @@ PERL=		perl
 # KRB5 stuff
 KRB5_INCLUDES=
 LIBKRB5=
-TEST=		fips_algvs.c igetest.c
+TEST=		igetest.c
 
 PEX_LIBS=
 EX_LIBS= #-lnsl -lsocket
diff --git a/test/fips_algvs.c b/test/fips_algvs.c
deleted file mode 100644
index 18a5bab..0000000
--- a/test/fips_algvs.c
+++ /dev/null
@@ -1,312 +0,0 @@
-/* test/fips_algvs.c */
-/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
- * 2011
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_FIPS
-# include <stdio.h>
-
-int main(int argc, char **argv)
-{
-    printf("No FIPS ALGVS support\n");
-    return 0;
-}
-#else
-
-# define FIPS_ALGVS
-
-extern int fips_aesavs_main(int argc, char **argv);
-extern int fips_cmactest_main(int argc, char **argv);
-extern int fips_desmovs_main(int argc, char **argv);
-extern int fips_dhvs_main(int argc, char **argv);
-extern int fips_drbgvs_main(int argc, char **argv);
-extern int fips_dssvs_main(int argc, char **argv);
-extern int fips_ecdhvs_main(int argc, char **argv);
-extern int fips_ecdsavs_main(int argc, char **argv);
-extern int fips_gcmtest_main(int argc, char **argv);
-extern int fips_hmactest_main(int argc, char **argv);
-extern int fips_rngvs_main(int argc, char **argv);
-extern int fips_rsagtest_main(int argc, char **argv);
-extern int fips_rsastest_main(int argc, char **argv);
-extern int fips_rsavtest_main(int argc, char **argv);
-extern int fips_shatest_main(int argc, char **argv);
-extern int fips_test_suite_main(int argc, char **argv);
-
-# include "fips_aesavs.c"
-# include "fips_cmactest.c"
-# include "fips_desmovs.c"
-# include "fips_dhvs.c"
-# include "fips_drbgvs.c"
-# include "fips_dssvs.c"
-# include "fips_ecdhvs.c"
-# include "fips_ecdsavs.c"
-# include "fips_gcmtest.c"
-# include "fips_hmactest.c"
-# include "fips_rngvs.c"
-# include "fips_rsagtest.c"
-# include "fips_rsastest.c"
-# include "fips_rsavtest.c"
-# include "fips_shatest.c"
-# include "fips_test_suite.c"
-
-typedef struct {
-    const char *name;
-    int (*func) (int argc, char **argv);
-} ALGVS_FUNCTION;
-
-static ALGVS_FUNCTION algvs[] = {
-    {"fips_aesavs", fips_aesavs_main},
-    {"fips_cmactest", fips_cmactest_main},
-    {"fips_desmovs", fips_desmovs_main},
-    {"fips_dhvs", fips_dhvs_main},
-    {"fips_drbgvs", fips_drbgvs_main},
-    {"fips_dssvs", fips_dssvs_main},
-    {"fips_ecdhvs", fips_ecdhvs_main},
-    {"fips_ecdsavs", fips_ecdsavs_main},
-    {"fips_gcmtest", fips_gcmtest_main},
-    {"fips_hmactest", fips_hmactest_main},
-    {"fips_rngvs", fips_rngvs_main},
-    {"fips_rsagtest", fips_rsagtest_main},
-    {"fips_rsastest", fips_rsastest_main},
-    {"fips_rsavtest", fips_rsavtest_main},
-    {"fips_shatest", fips_shatest_main},
-    {"fips_test_suite", fips_test_suite_main},
-    {NULL, 0}
-};
-
-/* Argument parsing taken from apps/apps.c */
-
-typedef struct args_st {
-    char **data;
-    int count;
-} ARGS;
-
-static int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
-{
-    int num, i;
-    char *p;
-
-    *argc = 0;
-    *argv = NULL;
-
-    i = 0;
-    if (arg->count == 0) {
-        arg->count = 20;
-        arg->data = (char **)OPENSSL_malloc(sizeof(char *) * arg->count);
-    }
-    for (i = 0; i < arg->count; i++)
-        arg->data[i] = NULL;
-
-    num = 0;
-    p = buf;
-    for (;;) {
-        /* first scan over white space */
-        if (!*p)
-            break;
-        while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
-            p++;
-        if (!*p)
-            break;
-
-        /* The start of something good :-) */
-        if (num >= arg->count) {
-            fprintf(stderr, "Too many arguments!!\n");
-            return 0;
-        }
-        arg->data[num++] = p;
-
-        /* now look for the end of this */
-        if ((*p == '\'') || (*p == '\"')) { /* scan for closing quote */
-            i = *(p++);
-            arg->data[num - 1]++; /* jump over quote */
-            while (*p && (*p != i))
-                p++;
-            *p = '\0';
-        } else {
-            while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
-                p++;
-
-            if (*p == '\0')
-                p--;
-            else
-                *p = '\0';
-        }
-        p++;
-    }
-    *argc = num;
-    *argv = arg->data;
-    return (1);
-}
-
-static int run_prg(int argc, char **argv)
-{
-    ALGVS_FUNCTION *t;
-    const char *prg_name;
-    prg_name = strrchr(argv[0], '/');
-    if (prg_name)
-        prg_name++;
-    else
-        prg_name = argv[0];
-    for (t = algvs; t->name; t++) {
-        if (!strcmp(prg_name, t->name))
-            return t->func(argc, argv);
-    }
-    return -100;
-}
-
-int main(int argc, char **argv)
-{
-    char buf[1024];
-    char **args = argv + 1;
-    const char *sname = "fipstests.sh";
-    ARGS arg;
-    int xargc;
-    char **xargv;
-    int lineno = 0, badarg = 0;
-    int nerr = 0, quiet = 0, verbose = 0;
-    int rv;
-    FILE *in = NULL;
-# ifdef FIPS_ALGVS_MEMCHECK
-    CRYPTO_malloc_debug_init();
-    OPENSSL_init();
-    CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-# endif
-
-    if (*args && *args[0] != '-') {
-        rv = run_prg(argc - 1, args);
-# ifdef FIPS_ALGVS_MEMCHECK
-        CRYPTO_mem_leaks_fp(stderr);
-# endif
-        return rv;
-    }
-    while (!badarg && *args && *args[0] == '-') {
-        if (!strcmp(*args, "-script")) {
-            if (args[1]) {
-                args++;
-                sname = *args;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-quiet"))
-            quiet = 1;
-        else if (!strcmp(*args, "-verbose"))
-            verbose = 1;
-        else
-            badarg = 1;
-        args++;
-    }
-
-    if (badarg) {
-        fprintf(stderr, "Error processing arguments\n");
-        return 1;
-    }
-
-    in = fopen(sname, "r");
-    if (!in) {
-        fprintf(stderr, "Error opening script file \"%s\"\n", sname);
-        return 1;
-    }
-
-    arg.data = NULL;
-    arg.count = 0;
-
-    while (fgets(buf, sizeof(buf), in)) {
-        lineno++;
-        if (!chopup_args(&arg, buf, &xargc, &xargv))
-            fprintf(stderr, "Error processing line %d\n", lineno);
-        else {
-            if (!quiet) {
-                int i;
-                int narg = verbose ? xargc : xargc - 2;
-                printf("Running command line:");
-                for (i = 0; i < narg; i++)
-                    printf(" %s", xargv[i]);
-                printf("\n");
-            }
-            rv = run_prg(xargc, xargv);
-            if (FIPS_module_mode())
-                FIPS_module_mode_set(0, NULL);
-            if (rv != 0)
-                nerr++;
-            if (rv == -100)
-                fprintf(stderr, "ERROR: Command not found\n");
-            else if (rv != 0)
-                fprintf(stderr, "ERROR: returned %d\n", rv);
-            else if (verbose)
-                printf("\tCommand run successfully\n");
-        }
-    }
-
-    if (!quiet)
-        printf("Completed with %d errors\n", nerr);
-
-    if (arg.data)
-        OPENSSL_free(arg.data);
-
-    fclose(in);
-# ifdef FIPS_ALGVS_MEMCHECK
-    CRYPTO_mem_leaks_fp(stderr);
-# endif
-    if (nerr == 0)
-        return 0;
-    return 1;
-}
-#endif
diff --git a/util/openssl-format-source b/util/openssl-format-source
index 4e90147..6380a10 100755
--- a/util/openssl-format-source
+++ b/util/openssl-format-source
@@ -30,6 +30,7 @@ VERBOSE=false
 DONT=false
 STOPARGS=false
 COMMENTS=false
+CHANGED=false
 DEBUG=""
 
 # for this exercise, we want to force the openssl style, so we roll
@@ -82,10 +83,6 @@ do
       fi
     fi
 
-    if [ "$VERBOSE" = "true" ]; then
-      echo "$j"
-    fi
-
     if [ "$DONT" = "false" ]; then
       tmp=$(mktemp /tmp/indent.XXXXXX)
       trap 'rm -f "$tmp"' HUP INT TERM EXIT
@@ -138,7 +135,18 @@ do
 	  else
 	    expand "$j" | indent $INDENT_ARGS > "$tmp"
 	  fi;
-	  mv "$tmp" "$j"
+	  if cmp -s "$tmp" "$j"; then
+	    if [ "$VERBOSE" = "true" ]; then
+	      echo "$j unchanged"
+	    fi
+	    rm "$tmp"
+	  else
+	    if [ "$VERBOSE" = "true" ]; then
+	      echo "$j changed"
+	    fi
+	    CHANGED=true
+	    mv "$tmp" "$j"
+	  fi
 	  ;;
       esac
     fi
@@ -146,3 +154,11 @@ do
 done
 
 
+if [ "$VERBOSE" = "true" ]; then
+  echo
+  if [ "$CHANGED" = "true" ]; then
+    echo "SOURCE WAS MODIFIED"
+  else
+    echo "SOURCE WAS NOT MODIFIED"
+  fi
+fi


More information about the openssl-commits mailing list