[openssl-commits] [openssl] master update

Dr. Stephen Henson steve at openssl.org
Fri Feb 6 13:12:00 UTC 2015


The branch master has been updated
       via  a283d2a80adfaa88573bcd9acd3d8d7ab55c1af4 (commit)
      from  3c33c6f6b10864355553961e638514a6d1bb00f6 (commit)


- Log -----------------------------------------------------------------
commit a283d2a80adfaa88573bcd9acd3d8d7ab55c1af4
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Fri Feb 6 12:16:58 2015 +0000

    Remove OPENSSL_NO_HMAC
    
    Disabling HMAC doesn't work. If it did it would end up disabling a lot of
    OpenSSL functionality (it is required for all versions of TLS for example).
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 apps/speed.c             |    6 +-----
 crypto/evp/evp_pbe.c     |    5 +----
 crypto/evp/p5_crpt2.c    |    2 --
 crypto/hmac/hmac.h       |    4 ----
 crypto/hmac/hmactest.c   |    8 --------
 crypto/pkcs12/p12_mutl.c |    2 --
 util/libeay.num          |   18 +++++++++---------
 util/mk1mf.pl            |    1 -
 util/mkdef.pl            |    4 +---
 9 files changed, 12 insertions(+), 38 deletions(-)

diff --git a/apps/speed.c b/apps/speed.c
index 8dc9de9..6ba7a2e 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -133,9 +133,7 @@
 #ifndef OPENSSL_NO_MD5
 # include <openssl/md5.h>
 #endif
-#ifndef OPENSSL_NO_HMAC
 # include <openssl/hmac.h>
-#endif
 #include <openssl/evp.h>
 # include <openssl/sha.h>
 #ifndef OPENSSL_NO_RMD160
@@ -1079,9 +1077,7 @@ int MAIN(int argc, char **argv)
 #endif
 #ifndef OPENSSL_NO_MD5
             BIO_printf(bio_err, "md5      ");
-# ifndef OPENSSL_NO_HMAC
             BIO_printf(bio_err, "hmac     ");
-# endif
 #endif
             BIO_printf(bio_err, "sha1     ");
             BIO_printf(bio_err, "sha256   ");
@@ -1590,7 +1586,7 @@ int MAIN(int argc, char **argv)
     }
 #endif
 
-#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC)
+#if !defined(OPENSSL_NO_MD5)
     if (doit[D_HMAC]) {
         HMAC_CTX hctx;
 
diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
index e3fa95d..3534652 100644
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -87,9 +87,7 @@ static const EVP_PBE_CTL builtin_pbe[] = {
     {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC,
      NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen},
 
-#ifndef OPENSSL_NO_HMAC
     {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen},
-#endif
 
     {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4,
      NID_rc4, NID_sha1, PKCS12_PBE_keyivgen},
@@ -104,9 +102,8 @@ static const EVP_PBE_CTL builtin_pbe[] = {
     {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC,
      NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen},
 
-#ifndef OPENSSL_NO_HMAC
     {EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen},
-#endif
+
     {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC,
      NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen},
     {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC,
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index b9c4dcb..6c458e9 100644
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -59,7 +59,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include "cryptlib.h"
-#if !defined(OPENSSL_NO_HMAC)
 # include <openssl/x509.h>
 # include <openssl/evp.h>
 # include <openssl/hmac.h>
@@ -331,4 +330,3 @@ static void h__dump(const unsigned char *p, int len)
     fprintf(stderr, "\n");
 }
 # endif
-#endif
diff --git a/crypto/hmac/hmac.h b/crypto/hmac/hmac.h
index 2712e01..2404e53 100644
--- a/crypto/hmac/hmac.h
+++ b/crypto/hmac/hmac.h
@@ -60,10 +60,6 @@
 
 # include <openssl/opensslconf.h>
 
-# ifdef OPENSSL_NO_HMAC
-#  error HMAC is disabled.
-# endif
-
 # include <openssl/evp.h>
 
 # define HMAC_MAX_MD_CBLOCK      128/* largest known is SHA512 */
diff --git a/crypto/hmac/hmactest.c b/crypto/hmac/hmactest.c
index 492f5c5..de8d1c9 100644
--- a/crypto/hmac/hmactest.c
+++ b/crypto/hmac/hmactest.c
@@ -62,13 +62,6 @@
 
 #include "../e_os.h"
 
-#ifdef OPENSSL_NO_HMAC
-int main(int argc, char *argv[])
-{
-    printf("No HMAC support\n");
-    return (0);
-}
-#else
 # include <openssl/hmac.h>
 # ifndef OPENSSL_NO_MD5
 #  include <openssl/md5.h>
@@ -163,4 +156,3 @@ static char *pt(unsigned char *md)
     return (buf);
 }
 # endif
-#endif
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index 256b210..4138a4d 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -57,7 +57,6 @@
  *
  */
 
-#ifndef OPENSSL_NO_HMAC
 # include <stdio.h>
 # include "cryptlib.h"
 # include <openssl/hmac.h>
@@ -191,4 +190,3 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
 
     return 1;
 }
-#endif
diff --git a/util/libeay.num b/util/libeay.num
index 9920db1..e77c94e 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -942,10 +942,10 @@ X509_load_crl_file                      958	EXIST::FUNCTION:STDIO
 EVP_rc2_40_cbc                          959	EXIST::FUNCTION:RC2
 EVP_rc4_40                              960	EXIST::FUNCTION:RC4
 EVP_CIPHER_CTX_init                     961	EXIST::FUNCTION:
-HMAC                                    962	EXIST::FUNCTION:HMAC
-HMAC_Init                               963	EXIST::FUNCTION:HMAC
-HMAC_Update                             964	EXIST::FUNCTION:HMAC
-HMAC_Final                              965	EXIST::FUNCTION:HMAC
+HMAC                                    962	EXIST::FUNCTION:
+HMAC_Init                               963	EXIST::FUNCTION:
+HMAC_Update                             964	EXIST::FUNCTION:
+HMAC_Final                              965	EXIST::FUNCTION:
 ERR_get_next_error_library              966	EXIST::FUNCTION:
 EVP_PKEY_cmp_parameters                 967	EXIST::FUNCTION:
 HMAC_cleanup                            968	NOEXIST::FUNCTION:
@@ -1998,7 +1998,7 @@ EC_GROUP_method_of                      2568	EXIST::FUNCTION:EC
 i2d_KRB5_APREQ                          2569	EXIST::FUNCTION:
 _ossl_old_des_encrypt                   2570	NOEXIST::FUNCTION:
 ASN1_PRINTABLE_new                      2571	EXIST::FUNCTION:
-HMAC_Init_ex                            2572	EXIST::FUNCTION:HMAC
+HMAC_Init_ex                            2572	EXIST::FUNCTION:
 d2i_KRB5_AUTHENT                        2573	EXIST::FUNCTION:
 OCSP_archive_cutoff_new                 2574	EXIST::FUNCTION:
 EC_POINT_set_Jprojective_coordinates_GFp 2575	EXIST:!VMS:FUNCTION:EC
@@ -2206,7 +2206,7 @@ OBJ_NAME_do_all_sorted                  2743	EXIST::FUNCTION:
 i2d_OCSP_BASICRESP                      2744	EXIST::FUNCTION:
 i2d_OCSP_RESPBYTES                      2745	EXIST::FUNCTION:
 PKCS12_unpack_p7encdata                 2746	EXIST::FUNCTION:
-HMAC_CTX_init                           2747	EXIST::FUNCTION:HMAC
+HMAC_CTX_init                           2747	EXIST::FUNCTION:
 ENGINE_get_digest                       2748	EXIST::FUNCTION:ENGINE
 OCSP_RESPONSE_print                     2749	EXIST::FUNCTION:
 KRB5_TKTBODY_it                         2750	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2255,7 +2255,7 @@ CRYPTO_get_locked_mem_ex_functions      2781	EXIST:!VMS:FUNCTION:
 CRYPTO_get_locked_mem_ex_funcs          2781	EXIST:VMS:FUNCTION:
 ASN1_TIME_check                         2782	EXIST::FUNCTION:
 UI_get0_user_data                       2783	EXIST::FUNCTION:
-HMAC_CTX_cleanup                        2784	EXIST::FUNCTION:HMAC
+HMAC_CTX_cleanup                        2784	EXIST::FUNCTION:
 DSA_up_ref                              2785	EXIST::FUNCTION:DSA
 _ossl_odes_ede3_cfb64_encrypt           2786	NOEXIST::FUNCTION:
 _ossl_old_des_ede3_cfb64_encrypt        2786	NOEXIST::FUNCTION:
@@ -2844,7 +2844,7 @@ FIPS_selftest_failed                    3284	NOEXIST::FUNCTION:
 sk_is_sorted                            3285	EXIST::FUNCTION:
 X509_check_ca                           3286	EXIST::FUNCTION:
 private_idea_set_encrypt_key            3287	NOEXIST::FUNCTION:
-HMAC_CTX_set_flags                      3288	EXIST::FUNCTION:HMAC
+HMAC_CTX_set_flags                      3288	EXIST::FUNCTION:
 private_SHA_Init                        3289	NOEXIST::FUNCTION:
 private_CAST_set_key                    3290	NOEXIST::FUNCTION:
 private_RIPEMD160_Init                  3291	NOEXIST::FUNCTION:
@@ -3958,7 +3958,7 @@ d2i_TS_TST_INFO_bio                     4336	EXIST::FUNCTION:
 TS_TST_INFO_get_ordering                4337	EXIST::FUNCTION:
 TS_RESP_print_bio                       4338	EXIST::FUNCTION:
 TS_TST_INFO_get_exts                    4339	EXIST::FUNCTION:
-HMAC_CTX_copy                           4340	EXIST::FUNCTION:HMAC
+HMAC_CTX_copy                           4340	EXIST::FUNCTION:
 PKCS5_pbe2_set_iv                       4341	EXIST::FUNCTION:
 ENGINE_get_pkey_asn1_meths              4342	EXIST::FUNCTION:ENGINE
 b2i_PrivateKey                          4343	EXIST::FUNCTION:
diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index 01329b7..809e9b3 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -1410,7 +1410,6 @@ sub read_options
 		"no-rsa" => \$no_rsa,
 		"no-dsa" => \$no_dsa,
 		"no-dh" => \$no_dh,
-		"no-hmac" => \$no_hmac,
 		"no-asm" => \$no_asm,
 		"nasm" => \$nasm,
 		"nw-nasm" => \$nw_nasm,
diff --git a/util/mkdef.pl b/util/mkdef.pl
index ed10da2..3ae0a90 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -135,7 +135,7 @@ close(IN);
 my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf;
 my $no_cast; my $no_whirlpool; my $no_camellia; my $no_seed;
 my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
-my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
+my $no_rsa; my $no_dsa; my $no_dh; my $no_aes; my $no_krb5;
 my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
 my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
 my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
@@ -212,7 +212,6 @@ foreach (@ARGV, split(/ /, $options))
 	elsif (/^no-ec$/)       { $no_ec=1; }
 	elsif (/^no-ecdsa$/)	{ $no_ecdsa=1; }
 	elsif (/^no-ecdh$/) 	{ $no_ecdh=1; }
-	elsif (/^no-hmac$/)	{ $no_hmac=1; }
 	elsif (/^no-aes$/)	{ $no_aes=1; }
 	elsif (/^no-camellia$/)	{ $no_camellia=1; }
 	elsif (/^no-seed$/)     { $no_seed=1; }
@@ -1188,7 +1187,6 @@ sub is_valid
 			if ($keyword eq "EC" && $no_ec) { return 0; }
 			if ($keyword eq "ECDSA" && $no_ecdsa) { return 0; }
 			if ($keyword eq "ECDH" && $no_ecdh) { return 0; }
-			if ($keyword eq "HMAC" && $no_hmac) { return 0; }
 			if ($keyword eq "AES" && $no_aes) { return 0; }
 			if ($keyword eq "CAMELLIA" && $no_camellia) { return 0; }
 			if ($keyword eq "SEED" && $no_seed) { return 0; }


More information about the openssl-commits mailing list