[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Fri Feb 6 13:12:00 UTC 2015
The branch master has been updated
via a283d2a80adfaa88573bcd9acd3d8d7ab55c1af4 (commit)
from 3c33c6f6b10864355553961e638514a6d1bb00f6 (commit)
- Log -----------------------------------------------------------------
commit a283d2a80adfaa88573bcd9acd3d8d7ab55c1af4
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Fri Feb 6 12:16:58 2015 +0000
Remove OPENSSL_NO_HMAC
Disabling HMAC doesn't work. If it did it would end up disabling a lot of
OpenSSL functionality (it is required for all versions of TLS for example).
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/speed.c | 6 +-----
crypto/evp/evp_pbe.c | 5 +----
crypto/evp/p5_crpt2.c | 2 --
crypto/hmac/hmac.h | 4 ----
crypto/hmac/hmactest.c | 8 --------
crypto/pkcs12/p12_mutl.c | 2 --
util/libeay.num | 18 +++++++++---------
util/mk1mf.pl | 1 -
util/mkdef.pl | 4 +---
9 files changed, 12 insertions(+), 38 deletions(-)
diff --git a/apps/speed.c b/apps/speed.c
index 8dc9de9..6ba7a2e 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -133,9 +133,7 @@
#ifndef OPENSSL_NO_MD5
# include <openssl/md5.h>
#endif
-#ifndef OPENSSL_NO_HMAC
# include <openssl/hmac.h>
-#endif
#include <openssl/evp.h>
# include <openssl/sha.h>
#ifndef OPENSSL_NO_RMD160
@@ -1079,9 +1077,7 @@ int MAIN(int argc, char **argv)
#endif
#ifndef OPENSSL_NO_MD5
BIO_printf(bio_err, "md5 ");
-# ifndef OPENSSL_NO_HMAC
BIO_printf(bio_err, "hmac ");
-# endif
#endif
BIO_printf(bio_err, "sha1 ");
BIO_printf(bio_err, "sha256 ");
@@ -1590,7 +1586,7 @@ int MAIN(int argc, char **argv)
}
#endif
-#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC)
+#if !defined(OPENSSL_NO_MD5)
if (doit[D_HMAC]) {
HMAC_CTX hctx;
diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
index e3fa95d..3534652 100644
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -87,9 +87,7 @@ static const EVP_PBE_CTL builtin_pbe[] = {
{EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC,
NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen},
-#ifndef OPENSSL_NO_HMAC
{EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen},
-#endif
{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4,
NID_rc4, NID_sha1, PKCS12_PBE_keyivgen},
@@ -104,9 +102,8 @@ static const EVP_PBE_CTL builtin_pbe[] = {
{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC,
NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen},
-#ifndef OPENSSL_NO_HMAC
{EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen},
-#endif
+
{EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC,
NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen},
{EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC,
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index b9c4dcb..6c458e9 100644
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -59,7 +59,6 @@
#include <stdio.h>
#include <stdlib.h>
#include "cryptlib.h"
-#if !defined(OPENSSL_NO_HMAC)
# include <openssl/x509.h>
# include <openssl/evp.h>
# include <openssl/hmac.h>
@@ -331,4 +330,3 @@ static void h__dump(const unsigned char *p, int len)
fprintf(stderr, "\n");
}
# endif
-#endif
diff --git a/crypto/hmac/hmac.h b/crypto/hmac/hmac.h
index 2712e01..2404e53 100644
--- a/crypto/hmac/hmac.h
+++ b/crypto/hmac/hmac.h
@@ -60,10 +60,6 @@
# include <openssl/opensslconf.h>
-# ifdef OPENSSL_NO_HMAC
-# error HMAC is disabled.
-# endif
-
# include <openssl/evp.h>
# define HMAC_MAX_MD_CBLOCK 128/* largest known is SHA512 */
diff --git a/crypto/hmac/hmactest.c b/crypto/hmac/hmactest.c
index 492f5c5..de8d1c9 100644
--- a/crypto/hmac/hmactest.c
+++ b/crypto/hmac/hmactest.c
@@ -62,13 +62,6 @@
#include "../e_os.h"
-#ifdef OPENSSL_NO_HMAC
-int main(int argc, char *argv[])
-{
- printf("No HMAC support\n");
- return (0);
-}
-#else
# include <openssl/hmac.h>
# ifndef OPENSSL_NO_MD5
# include <openssl/md5.h>
@@ -163,4 +156,3 @@ static char *pt(unsigned char *md)
return (buf);
}
# endif
-#endif
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index 256b210..4138a4d 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -57,7 +57,6 @@
*
*/
-#ifndef OPENSSL_NO_HMAC
# include <stdio.h>
# include "cryptlib.h"
# include <openssl/hmac.h>
@@ -191,4 +190,3 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
return 1;
}
-#endif
diff --git a/util/libeay.num b/util/libeay.num
index 9920db1..e77c94e 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -942,10 +942,10 @@ X509_load_crl_file 958 EXIST::FUNCTION:STDIO
EVP_rc2_40_cbc 959 EXIST::FUNCTION:RC2
EVP_rc4_40 960 EXIST::FUNCTION:RC4
EVP_CIPHER_CTX_init 961 EXIST::FUNCTION:
-HMAC 962 EXIST::FUNCTION:HMAC
-HMAC_Init 963 EXIST::FUNCTION:HMAC
-HMAC_Update 964 EXIST::FUNCTION:HMAC
-HMAC_Final 965 EXIST::FUNCTION:HMAC
+HMAC 962 EXIST::FUNCTION:
+HMAC_Init 963 EXIST::FUNCTION:
+HMAC_Update 964 EXIST::FUNCTION:
+HMAC_Final 965 EXIST::FUNCTION:
ERR_get_next_error_library 966 EXIST::FUNCTION:
EVP_PKEY_cmp_parameters 967 EXIST::FUNCTION:
HMAC_cleanup 968 NOEXIST::FUNCTION:
@@ -1998,7 +1998,7 @@ EC_GROUP_method_of 2568 EXIST::FUNCTION:EC
i2d_KRB5_APREQ 2569 EXIST::FUNCTION:
_ossl_old_des_encrypt 2570 NOEXIST::FUNCTION:
ASN1_PRINTABLE_new 2571 EXIST::FUNCTION:
-HMAC_Init_ex 2572 EXIST::FUNCTION:HMAC
+HMAC_Init_ex 2572 EXIST::FUNCTION:
d2i_KRB5_AUTHENT 2573 EXIST::FUNCTION:
OCSP_archive_cutoff_new 2574 EXIST::FUNCTION:
EC_POINT_set_Jprojective_coordinates_GFp 2575 EXIST:!VMS:FUNCTION:EC
@@ -2206,7 +2206,7 @@ OBJ_NAME_do_all_sorted 2743 EXIST::FUNCTION:
i2d_OCSP_BASICRESP 2744 EXIST::FUNCTION:
i2d_OCSP_RESPBYTES 2745 EXIST::FUNCTION:
PKCS12_unpack_p7encdata 2746 EXIST::FUNCTION:
-HMAC_CTX_init 2747 EXIST::FUNCTION:HMAC
+HMAC_CTX_init 2747 EXIST::FUNCTION:
ENGINE_get_digest 2748 EXIST::FUNCTION:ENGINE
OCSP_RESPONSE_print 2749 EXIST::FUNCTION:
KRB5_TKTBODY_it 2750 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2255,7 +2255,7 @@ CRYPTO_get_locked_mem_ex_functions 2781 EXIST:!VMS:FUNCTION:
CRYPTO_get_locked_mem_ex_funcs 2781 EXIST:VMS:FUNCTION:
ASN1_TIME_check 2782 EXIST::FUNCTION:
UI_get0_user_data 2783 EXIST::FUNCTION:
-HMAC_CTX_cleanup 2784 EXIST::FUNCTION:HMAC
+HMAC_CTX_cleanup 2784 EXIST::FUNCTION:
DSA_up_ref 2785 EXIST::FUNCTION:DSA
_ossl_odes_ede3_cfb64_encrypt 2786 NOEXIST::FUNCTION:
_ossl_old_des_ede3_cfb64_encrypt 2786 NOEXIST::FUNCTION:
@@ -2844,7 +2844,7 @@ FIPS_selftest_failed 3284 NOEXIST::FUNCTION:
sk_is_sorted 3285 EXIST::FUNCTION:
X509_check_ca 3286 EXIST::FUNCTION:
private_idea_set_encrypt_key 3287 NOEXIST::FUNCTION:
-HMAC_CTX_set_flags 3288 EXIST::FUNCTION:HMAC
+HMAC_CTX_set_flags 3288 EXIST::FUNCTION:
private_SHA_Init 3289 NOEXIST::FUNCTION:
private_CAST_set_key 3290 NOEXIST::FUNCTION:
private_RIPEMD160_Init 3291 NOEXIST::FUNCTION:
@@ -3958,7 +3958,7 @@ d2i_TS_TST_INFO_bio 4336 EXIST::FUNCTION:
TS_TST_INFO_get_ordering 4337 EXIST::FUNCTION:
TS_RESP_print_bio 4338 EXIST::FUNCTION:
TS_TST_INFO_get_exts 4339 EXIST::FUNCTION:
-HMAC_CTX_copy 4340 EXIST::FUNCTION:HMAC
+HMAC_CTX_copy 4340 EXIST::FUNCTION:
PKCS5_pbe2_set_iv 4341 EXIST::FUNCTION:
ENGINE_get_pkey_asn1_meths 4342 EXIST::FUNCTION:ENGINE
b2i_PrivateKey 4343 EXIST::FUNCTION:
diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index 01329b7..809e9b3 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -1410,7 +1410,6 @@ sub read_options
"no-rsa" => \$no_rsa,
"no-dsa" => \$no_dsa,
"no-dh" => \$no_dh,
- "no-hmac" => \$no_hmac,
"no-asm" => \$no_asm,
"nasm" => \$nasm,
"nw-nasm" => \$nw_nasm,
diff --git a/util/mkdef.pl b/util/mkdef.pl
index ed10da2..3ae0a90 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -135,7 +135,7 @@ close(IN);
my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf;
my $no_cast; my $no_whirlpool; my $no_camellia; my $no_seed;
my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
-my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
+my $no_rsa; my $no_dsa; my $no_dh; my $no_aes; my $no_krb5;
my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
@@ -212,7 +212,6 @@ foreach (@ARGV, split(/ /, $options))
elsif (/^no-ec$/) { $no_ec=1; }
elsif (/^no-ecdsa$/) { $no_ecdsa=1; }
elsif (/^no-ecdh$/) { $no_ecdh=1; }
- elsif (/^no-hmac$/) { $no_hmac=1; }
elsif (/^no-aes$/) { $no_aes=1; }
elsif (/^no-camellia$/) { $no_camellia=1; }
elsif (/^no-seed$/) { $no_seed=1; }
@@ -1188,7 +1187,6 @@ sub is_valid
if ($keyword eq "EC" && $no_ec) { return 0; }
if ($keyword eq "ECDSA" && $no_ecdsa) { return 0; }
if ($keyword eq "ECDH" && $no_ecdh) { return 0; }
- if ($keyword eq "HMAC" && $no_hmac) { return 0; }
if ($keyword eq "AES" && $no_aes) { return 0; }
if ($keyword eq "CAMELLIA" && $no_camellia) { return 0; }
if ($keyword eq "SEED" && $no_seed) { return 0; }
More information about the openssl-commits
mailing list