[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Tue Jan 27 17:40:23 UTC 2015
The branch master has been updated
via 474e469bbd056aebcf7e7d3207ef820f2faed4ce (commit)
from c73ad690174171b63a53dabdb2f2d9ebfd30053a (commit)
- Log -----------------------------------------------------------------
commit 474e469bbd056aebcf7e7d3207ef820f2faed4ce
Author: Rich Salz <rsalz at openssl.org>
Date: Tue Jan 27 12:34:45 2015 -0500
OPENSSL_NO_xxx cleanup: SHA
Remove support for SHA0 and DSS0 (they were broken), and remove
the ability to attempt to build without SHA (it didn't work).
For simplicity, remove the option of not building various SHA algorithms;
you could argue that SHA_224/256/384/512 should be kept, since they're
like crypto algorithms, but I decided to go the other way.
So these options are gone:
GENUINE_DSA OPENSSL_NO_SHA0
OPENSSL_NO_SHA OPENSSL_NO_SHA1
OPENSSL_NO_SHA224 OPENSSL_NO_SHA256
OPENSSL_NO_SHA384 OPENSSL_NO_SHA512
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/pkcs12.c | 2 +-
apps/progs.h | 14 +--
apps/progs.pl | 34 +++----
apps/speed.c | 50 +----------
crypto/asn1/x_crl.c | 2 -
crypto/bn/bn_rand.c | 2 -
crypto/dsa/dsa_depr.c | 33 +++----
crypto/dsa/dsa_gen.c | 30 ++-----
crypto/dsa/dsa_key.c | 8 +-
crypto/dsa/dsa_ossl.c | 5 +-
crypto/ecdh/ecdhtest.c | 7 +-
crypto/ecdsa/ecs_ossl.c | 5 +-
crypto/engine/eng_openssl.c | 7 --
crypto/evp/Makefile | 17 +---
crypto/evp/c_allc.c | 4 -
crypto/evp/c_alld.c | 12 ---
crypto/evp/e_aes_cbc_hmac_sha1.c | 2 +-
crypto/evp/e_aes_cbc_hmac_sha256.c | 2 +-
crypto/evp/e_des3.c | 4 +-
crypto/evp/evp.h | 12 ---
crypto/evp/m_dss.c | 2 -
crypto/evp/m_dss1.c | 15 ++--
crypto/evp/m_ecdsa.c | 3 -
crypto/evp/m_sha.c | 105 ----------------------
crypto/evp/m_sha1.c | 19 ++--
crypto/evp/p5_crpt2.c | 2 +-
crypto/evp/p5_crpt2_test.c | 15 ----
crypto/lhash/lhash.h | 4 +
crypto/ocsp/ocsp_lib.c | 2 -
crypto/rand/rand_lcl.h | 12 +--
crypto/rsa/rsa_eay.c | 4 -
crypto/rsa/rsa_oaep.c | 21 ++---
crypto/sha/Makefile | 15 +---
crypto/sha/sha.h | 45 +++-------
crypto/sha/sha1_one.c | 2 -
crypto/sha/sha1dgst.c | 6 --
crypto/sha/sha1test.c | 44 +++------
crypto/sha/sha256.c | 64 +++++++------
crypto/sha/sha256t.c | 9 --
crypto/sha/sha512.c | 169 +++++++++++++++++-----------------
crypto/sha/sha512t.c | 9 --
crypto/sha/sha_dgst.c | 74 ---------------
crypto/sha/sha_locl.h | 38 +++-----
crypto/sha/sha_one.c | 79 ----------------
crypto/sha/shatest.c | 174 ------------------------------------
crypto/x509/x509.h | 8 +-
crypto/x509/x509_cmp.c | 4 -
crypto/x509v3/v3_purp.c | 2 -
doc/crypto/EVP_DigestInit.pod | 11 ++-
engines/e_sureware.c | 2 -
makevms.com | 6 --
ssl/s3_cbc.c | 21 +----
ssl/s3_clnt.c | 4 -
ssl/s3_srvr.c | 2 +-
ssl/ssl_algs.c | 17 +---
ssl/ssl_locl.h | 5 --
ssl/t1_lib.c | 22 +----
util/mk1mf.pl | 13 +--
util/mkdef.pl | 1 -
59 files changed, 240 insertions(+), 1062 deletions(-)
delete mode 100644 crypto/evp/m_sha.c
delete mode 100644 crypto/sha/sha_dgst.c
delete mode 100644 crypto/sha/sha_one.c
delete mode 100644 crypto/sha/shatest.c
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 1e26c13..0de46f0 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -58,7 +58,7 @@
*/
#include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
+#if !defined(OPENSSL_NO_DES)
# include <stdio.h>
# include <stdlib.h>
diff --git a/apps/progs.h b/apps/progs.h
index c66da30..9a8a192 100644
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -128,7 +128,7 @@ FUNCTION functions[] = {
{FUNC_TYPE_GENERAL, "ciphers", ciphers_main},
#endif
{FUNC_TYPE_GENERAL, "nseq", nseq_main},
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
+#if !defined(OPENSSL_NO_DES)
{FUNC_TYPE_GENERAL, "pkcs12", pkcs12_main},
#endif
{FUNC_TYPE_GENERAL, "pkcs8", pkcs8_main},
@@ -158,30 +158,18 @@ FUNCTION functions[] = {
#ifndef OPENSSL_NO_MD5
{FUNC_TYPE_MD, "md5", dgst_main},
#endif
-#ifndef OPENSSL_NO_SHA
{FUNC_TYPE_MD, "sha", dgst_main},
-#endif
-#ifndef OPENSSL_NO_SHA1
{FUNC_TYPE_MD, "sha1", dgst_main},
-#endif
#ifndef OPENSSL_NO_MDC2
{FUNC_TYPE_MD, "mdc2", dgst_main},
#endif
#ifndef OPENSSL_NO_RMD160
{FUNC_TYPE_MD, "rmd160", dgst_main},
#endif
-#ifndef OPENSSL_NO_SHA224
{FUNC_TYPE_MD, "sha224", dgst_main},
-#endif
-#ifndef OPENSSL_NO_SHA256
{FUNC_TYPE_MD, "sha256", dgst_main},
-#endif
-#ifndef OPENSSL_NO_SHA384
{FUNC_TYPE_MD, "sha384", dgst_main},
-#endif
-#ifndef OPENSSL_NO_SHA512
{FUNC_TYPE_MD, "sha512", dgst_main},
-#endif
#ifndef OPENSSL_NO_AES
{FUNC_TYPE_CIPHER, "aes-128-cbc", enc_main},
#endif
diff --git a/apps/progs.pl b/apps/progs.pl
index 8695742..09dd00b 100644
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -6,22 +6,22 @@ print "/* automatically generated by progs.pl for openssl.c */\n\n";
grep(s/^asn1pars$/asn1parse/, at ARGV);
foreach (@ARGV)
- { printf "extern int %s_main(int argc,char *argv[]);\n",$_; }
+ { printf "extern int %s_main(int argc, char *argv[]);\n",$_; }
print <<'EOF';
-#define FUNC_TYPE_GENERAL 1
-#define FUNC_TYPE_MD 2
-#define FUNC_TYPE_CIPHER 3
-#define FUNC_TYPE_PKEY 4
-#define FUNC_TYPE_MD_ALG 5
-#define FUNC_TYPE_CIPHER_ALG 6
+#define FUNC_TYPE_GENERAL 1
+#define FUNC_TYPE_MD 2
+#define FUNC_TYPE_CIPHER 3
+#define FUNC_TYPE_PKEY 4
+#define FUNC_TYPE_MD_ALG 5
+#define FUNC_TYPE_CIPHER_ALG 6
typedef struct {
- int type;
- const char *name;
- int (*func)(int argc,char *argv[]);
- } FUNCTION;
+ int type;
+ const char *name;
+ int (*func) (int argc, char *argv[]);
+} FUNCTION;
DECLARE_LHASH_OF(FUNCTION);
FUNCTION functions[] = {
@@ -30,7 +30,7 @@ EOF
foreach (@ARGV)
{
push(@files,$_);
- $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
+ $str=" {FUNC_TYPE_GENERAL, \"$_\", ${_}_main},\n";
if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
{ print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; }
elsif ( ($_ =~ /^engine$/))
@@ -44,7 +44,7 @@ foreach (@ARGV)
elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/))
{ print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }
elsif ( ($_ =~ /^pkcs12$/))
- { print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; }
+ { print "#if !defined(OPENSSL_NO_DES)\n${str}#endif\n"; }
elsif ( ($_ =~ /^cms$/))
{ print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; }
elsif ( ($_ =~ /^ocsp$/))
@@ -58,7 +58,9 @@ foreach (@ARGV)
foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160","sha224","sha256","sha384","sha512")
{
push(@files,$_);
- printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n";
+ printf "#ifndef OPENSSL_NO_".uc($_)."\n" if ! /sha/;
+ printf " {FUNC_TYPE_MD, \"".$_."\", dgst_main},\n";
+ printf "#endif\n" if ! /sha/;
}
foreach (
@@ -84,7 +86,7 @@ foreach (
{
push(@files,$_);
- $t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
+ $t=sprintf(" {FUNC_TYPE_CIPHER, \"%s\", enc_main},\n", $_);
if ($_ =~ /des/) { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; }
elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; }
elsif ($_ =~ /camellia/) { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; }
@@ -99,4 +101,4 @@ foreach (
print $t;
}
-print "\t{0,NULL,NULL}\n\t};\n";
+print " {0, NULL, NULL}\n};\n";
diff --git a/apps/speed.c b/apps/speed.c
index f5af9a3..419dced 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -137,9 +137,7 @@
# include <openssl/hmac.h>
#endif
#include <openssl/evp.h>
-#ifndef OPENSSL_NO_SHA
# include <openssl/sha.h>
-#endif
#ifndef OPENSSL_NO_RMD160
# include <openssl/ripemd.h>
#endif
@@ -339,15 +337,10 @@ static const int KDF1_SHA1_len = 20;
static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
size_t *outlen)
{
-# ifndef OPENSSL_NO_SHA
if (*outlen < SHA_DIGEST_LENGTH)
return NULL;
- else
- *outlen = SHA_DIGEST_LENGTH;
+ *outlen = SHA_DIGEST_LENGTH;
return SHA1(in, inlen, out);
-# else
- return NULL;
-# endif /* OPENSSL_NO_SHA */
}
#endif /* OPENSSL_NO_ECDH */
@@ -382,15 +375,9 @@ int MAIN(int argc, char **argv)
unsigned char md5[MD5_DIGEST_LENGTH];
unsigned char hmac[MD5_DIGEST_LENGTH];
#endif
-#ifndef OPENSSL_NO_SHA
unsigned char sha[SHA_DIGEST_LENGTH];
-# ifndef OPENSSL_NO_SHA256
unsigned char sha256[SHA256_DIGEST_LENGTH];
-# endif
-# ifndef OPENSSL_NO_SHA512
unsigned char sha512[SHA512_DIGEST_LENGTH];
-# endif
-#endif
#ifndef OPENSSL_NO_WHIRLPOOL
unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH];
#endif
@@ -827,23 +814,15 @@ int MAIN(int argc, char **argv)
doit[D_HMAC] = 1;
else
#endif
-#ifndef OPENSSL_NO_SHA
if (strcmp(*argv, "sha1") == 0)
doit[D_SHA1] = 1;
else if (strcmp(*argv, "sha") == 0)
doit[D_SHA1] = 1, doit[D_SHA256] = 1, doit[D_SHA512] = 1;
- else
-# ifndef OPENSSL_NO_SHA256
- if (strcmp(*argv, "sha256") == 0)
+ else if (strcmp(*argv, "sha256") == 0)
doit[D_SHA256] = 1;
- else
-# endif
-# ifndef OPENSSL_NO_SHA512
- if (strcmp(*argv, "sha512") == 0)
+ else if (strcmp(*argv, "sha512") == 0)
doit[D_SHA512] = 1;
else
-# endif
-#endif
#ifndef OPENSSL_NO_WHIRLPOOL
if (strcmp(*argv, "whirlpool") == 0)
doit[D_WHIRLPOOL] = 1;
@@ -1110,27 +1089,16 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "hmac ");
# endif
#endif
-#ifndef OPENSSL_NO_SHA1
BIO_printf(bio_err, "sha1 ");
-#endif
-#ifndef OPENSSL_NO_SHA256
BIO_printf(bio_err, "sha256 ");
-#endif
-#ifndef OPENSSL_NO_SHA512
BIO_printf(bio_err, "sha512 ");
-#endif
#ifndef OPENSSL_NO_WHIRLPOOL
BIO_printf(bio_err, "whirlpool");
#endif
#ifndef OPENSSL_NO_RMD160
BIO_printf(bio_err, "rmd160");
#endif
-#if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \
- !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
- !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RMD160) || \
- !defined(OPENSSL_NO_WHIRLPOOL)
BIO_printf(bio_err, "\n");
-#endif
#ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err, "idea-cbc ");
@@ -1660,23 +1628,16 @@ int MAIN(int argc, char **argv)
HMAC_CTX_cleanup(&hctx);
}
#endif
-#ifndef OPENSSL_NO_SHA
if (doit[D_SHA1]) {
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_SHA1], c[D_SHA1][j], lengths[j]);
Time_F(START);
for (count = 0, run = 1; COND(c[D_SHA1][j]); count++)
-# if 0
- EVP_Digest(buf, (unsigned long)lengths[j], &(sha[0]), NULL,
- EVP_sha1(), NULL);
-# else
SHA1(buf, lengths[j], sha);
-# endif
d = Time_F(STOP);
print_result(D_SHA1, j, count, d);
}
}
-# ifndef OPENSSL_NO_SHA256
if (doit[D_SHA256]) {
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_SHA256], c[D_SHA256][j], lengths[j]);
@@ -1687,9 +1648,6 @@ int MAIN(int argc, char **argv)
print_result(D_SHA256, j, count, d);
}
}
-# endif
-
-# ifndef OPENSSL_NO_SHA512
if (doit[D_SHA512]) {
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_SHA512], c[D_SHA512][j], lengths[j]);
@@ -1700,8 +1658,6 @@ int MAIN(int argc, char **argv)
print_result(D_SHA512, j, count, d);
}
}
-# endif
-#endif
#ifndef OPENSSL_NO_WHIRLPOOL
if (doit[D_WHIRLPOOL]) {
diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c
index 0279503..79eab4f 100644
--- a/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c
@@ -220,9 +220,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
break;
case ASN1_OP_D2I_POST:
-#ifndef OPENSSL_NO_SHA
X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL);
-#endif
crl->idp = X509_CRL_get_ext_d2i(crl,
NID_issuing_distribution_point, NULL,
NULL);
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index de60286..ecdce9f 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -289,7 +289,6 @@ int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
return bn_rand_range(1, r, range);
}
-#ifndef OPENSSL_NO_SHA512
/*
* BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike
* BN_rand_range, it also includes the contents of |priv| and |message| in
@@ -362,4 +361,3 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
OPENSSL_free(k_bytes);
return ret;
}
-#endif /* OPENSSL_NO_SHA512 */
diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c
index b3d0fab..be1df13 100644
--- a/crypto/dsa/dsa_depr.c
+++ b/crypto/dsa/dsa_depr.c
@@ -58,37 +58,25 @@
* version(s).
*/
-#undef GENUINE_DSA
-
-#ifdef GENUINE_DSA
-/*
- * Parameter generation follows the original release of FIPS PUB 186,
- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180)
- */
-# define HASH EVP_sha()
-#else
/*
* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
* also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB
* 180-1)
*/
-# define HASH EVP_sha1()
-#endif
+#define xxxHASH EVP_sha1()
static void *dummy = &dummy;
-#ifndef OPENSSL_NO_SHA
-
-# include <stdio.h>
-# include <time.h>
-# include "cryptlib.h"
-# include <openssl/evp.h>
-# include <openssl/bn.h>
-# include <openssl/dsa.h>
-# include <openssl/rand.h>
-# include <openssl/sha.h>
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
-# ifndef OPENSSL_NO_DEPRECATED
+#ifndef OPENSSL_NO_DEPRECATED
DSA *DSA_generate_parameters(int bits,
unsigned char *seed_in, int seed_len,
int *counter_ret, unsigned long *h_ret,
@@ -117,5 +105,4 @@ DSA *DSA_generate_parameters(int bits,
DSA_free(ret);
return NULL;
}
-# endif
#endif
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 5e92d93..37b23c9 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -56,35 +56,23 @@
* [including the GNU Public Licence.]
*/
-#undef GENUINE_DSA
-
-#ifdef GENUINE_DSA
-/*
- * Parameter generation follows the original release of FIPS PUB 186,
- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180)
- */
-# define HASH EVP_sha()
-#else
/*
* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
* also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB
* 180-1)
*/
-# define HASH EVP_sha1()
-#endif
+#define xxxHASH EVP_sha1()
#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */
-#ifndef OPENSSL_NO_SHA
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
-# include <stdio.h>
-# include "cryptlib.h"
-# include <openssl/evp.h>
-# include <openssl/bn.h>
-# include <openssl/rand.h>
-# include <openssl/sha.h>
-
-# include "dsa_locl.h"
+#include "dsa_locl.h"
int DSA_generate_parameters_ex(DSA *ret, int bits,
const unsigned char *seed_in, int seed_len,
@@ -714,5 +702,3 @@ int dsa_paramgen_check_g(DSA *dsa)
return rv;
}
-
-#endif
diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
index 8584963..1c05b0f 100644
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -59,10 +59,9 @@
#include <stdio.h>
#include <time.h>
#include "cryptlib.h"
-#ifndef OPENSSL_NO_SHA
-# include <openssl/bn.h>
-# include <openssl/dsa.h>
-# include <openssl/rand.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
static int dsa_builtin_keygen(DSA *dsa);
@@ -133,4 +132,3 @@ static int dsa_builtin_keygen(DSA *dsa)
BN_CTX_free(ctx);
return (ok);
}
-#endif
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index bd83227..96f5d6f 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -258,7 +258,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
/* Get random k */
do {
-#ifndef OPENSSL_NO_SHA512
if (dgst != NULL) {
/*
* We calculate k from SHA512(private_key + H(message) + random).
@@ -267,9 +266,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
if (!BN_generate_dsa_nonce(k, dsa->q, dsa->priv_key, dgst,
dlen, ctx))
goto err;
- } else
-#endif
- if (!BN_rand_range(k, dsa->q))
+ } else if (!BN_rand_range(k, dsa->q))
goto err;
} while (BN_is_zero(k));
diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c
index a791d63..04b0cf3 100644
--- a/crypto/ecdh/ecdhtest.c
+++ b/crypto/ecdh/ecdhtest.c
@@ -103,15 +103,10 @@ static const int KDF1_SHA1_len = 20;
static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
size_t *outlen)
{
-# ifndef OPENSSL_NO_SHA
if (*outlen < SHA_DIGEST_LENGTH)
return NULL;
- else
- *outlen = SHA_DIGEST_LENGTH;
+ *outlen = SHA_DIGEST_LENGTH;
return SHA1(in, inlen, out);
-# else
- return NULL;
-# endif
}
static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out)
diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c
index 95d9dad..c232321 100644
--- a/crypto/ecdsa/ecs_ossl.c
+++ b/crypto/ecdsa/ecs_ossl.c
@@ -140,7 +140,6 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
do {
/* get random k */
do
-#ifndef OPENSSL_NO_SHA512
if (dgst != NULL) {
if (!BN_generate_dsa_nonce
(k, order, EC_KEY_get0_private_key(eckey), dgst, dlen,
@@ -149,9 +148,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
goto err;
}
- } else
-#endif
- {
+ } else {
if (!BN_rand_range(k, order)) {
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
index 19c5213..3e12ecf 100644
--- a/crypto/engine/eng_openssl.c
+++ b/crypto/engine/eng_openssl.c
@@ -108,13 +108,6 @@
# undef TEST_ENG_OPENSSL_RC4_P_INIT
# undef TEST_ENG_OPENSSL_RC4_P_CIPHER
#endif
-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1)
-# undef TEST_ENG_OPENSSL_SHA
-# undef TEST_ENG_OPENSSL_SHA_OTHERS
-# undef TEST_ENG_OPENSSL_SHA_P_INIT
-# undef TEST_ENG_OPENSSL_SHA_P_UPDATE
-# undef TEST_ENG_OPENSSL_SHA_P_FINAL
-#endif
#ifdef TEST_ENG_OPENSSL_RC4
static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile
index fd5727d..f882096 100644
--- a/crypto/evp/Makefile
+++ b/crypto/evp/Makefile
@@ -22,7 +22,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \
e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\
e_rc4.c e_aes.c names.c e_seed.c \
e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
- m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c m_wp.c \
+ m_null.c m_md2.c m_md4.c m_md5.c m_sha1.c m_wp.c \
m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\
p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
@@ -35,7 +35,7 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \
e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\
e_rc4.o e_aes.o names.o e_seed.o \
e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \
- m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o m_wp.o \
+ m_null.o m_md2.o m_md4.o m_md5.o m_sha1.o m_wp.o \
m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\
p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
@@ -568,19 +568,6 @@ m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
m_ripemd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
m_ripemd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_ripemd.c
-m_sha.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_sha.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_sha.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_sha.o: ../cryptlib.h m_sha.c
m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
index 0a1f90a..174a419 100644
--- a/crypto/evp/c_allc.c
+++ b/crypto/evp/c_allc.c
@@ -214,14 +214,10 @@ void OpenSSL_add_all_ciphers(void)
EVP_add_cipher(EVP_aes_256_wrap_pad());
EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
-# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
-# endif
-# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
-# endif
#endif
#ifndef OPENSSL_NO_CAMELLIA
diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c
index 7e1200b..0d4278b 100644
--- a/crypto/evp/c_alld.c
+++ b/crypto/evp/c_alld.c
@@ -71,13 +71,6 @@ void OpenSSL_add_all_digests(void)
EVP_add_digest(EVP_md5());
EVP_add_digest_alias(SN_md5, "ssl3-md5");
#endif
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
- EVP_add_digest(EVP_sha());
-# ifndef OPENSSL_NO_DSA
- EVP_add_digest(EVP_dss());
-# endif
-#endif
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
EVP_add_digest(EVP_sha1());
EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
@@ -90,7 +83,6 @@ void OpenSSL_add_all_digests(void)
# ifndef OPENSSL_NO_ECDSA
EVP_add_digest(EVP_ecdsa());
# endif
-#endif
#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
EVP_add_digest(EVP_mdc2());
#endif
@@ -99,14 +91,10 @@ void OpenSSL_add_all_digests(void)
EVP_add_digest_alias(SN_ripemd160, "ripemd");
EVP_add_digest_alias(SN_ripemd160, "rmd160");
#endif
-#ifndef OPENSSL_NO_SHA256
EVP_add_digest(EVP_sha224());
EVP_add_digest(EVP_sha256());
-#endif
-#ifndef OPENSSL_NO_SHA512
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
-#endif
#ifndef OPENSSL_NO_WHIRLPOOL
EVP_add_digest(EVP_whirlpool());
#endif
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
index e0127a9..960be3c 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -52,7 +52,7 @@
#include <stdio.h>
#include <string.h>
-#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA1)
+#if !defined(OPENSSL_NO_AES)
# include <openssl/evp.h>
# include <openssl/objects.h>
diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
index 598c096..bea8f6d 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -52,7 +52,7 @@
#include <stdio.h>
#include <string.h>
-#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA256)
+#if !defined(OPENSSL_NO_AES)
# include <openssl/evp.h>
# include <openssl/objects.h>
diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index 0627a63..73d7923 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -374,9 +374,8 @@ const EVP_CIPHER *EVP_des_ede3(void)
return &des_ede3_ecb;
}
-# ifndef OPENSSL_NO_SHA
-# include <openssl/sha.h>
+# include <openssl/sha.h>
static const unsigned char wrap_iv[8] =
{ 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 };
@@ -482,5 +481,4 @@ const EVP_CIPHER *EVP_des_ede3_wrap(void)
return &des3_wrap;
}
-# endif
#endif
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index 7a95de0..ca7447f 100644
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -759,21 +759,13 @@ const EVP_MD *EVP_md4(void);
# ifndef OPENSSL_NO_MD5
const EVP_MD *EVP_md5(void);
# endif
-# ifndef OPENSSL_NO_SHA
-const EVP_MD *EVP_sha(void);
const EVP_MD *EVP_sha1(void);
-const EVP_MD *EVP_dss(void);
const EVP_MD *EVP_dss1(void);
const EVP_MD *EVP_ecdsa(void);
-# endif
-# ifndef OPENSSL_NO_SHA256
const EVP_MD *EVP_sha224(void);
const EVP_MD *EVP_sha256(void);
-# endif
-# ifndef OPENSSL_NO_SHA512
const EVP_MD *EVP_sha384(void);
const EVP_MD *EVP_sha512(void);
-# endif
# ifndef OPENSSL_NO_MDC2
const EVP_MD *EVP_mdc2(void);
# endif
@@ -917,14 +909,10 @@ const EVP_CIPHER *EVP_aes_256_wrap_pad(void);
# ifndef OPENSSL_NO_OCB
const EVP_CIPHER *EVP_aes_256_ocb(void);
# endif
-# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void);
-# endif
-# ifndef OPENSSL_NO_SHA256
const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void);
const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void);
-# endif
# endif
# ifndef OPENSSL_NO_CAMELLIA
const EVP_CIPHER *EVP_camellia_128_ecb(void);
diff --git a/crypto/evp/m_dss.c b/crypto/evp/m_dss.c
index 221eda4..7fa1ca3 100644
--- a/crypto/evp/m_dss.c
+++ b/crypto/evp/m_dss.c
@@ -65,7 +65,6 @@
# include <openssl/dsa.h>
#endif
-#ifndef OPENSSL_NO_SHA
static int init(EVP_MD_CTX *ctx)
{
@@ -101,4 +100,3 @@ const EVP_MD *EVP_dss(void)
{
return (&dsa_md);
}
-#endif
diff --git a/crypto/evp/m_dss1.c b/crypto/evp/m_dss1.c
index a80a865..41b837c 100644
--- a/crypto/evp/m_dss1.c
+++ b/crypto/evp/m_dss1.c
@@ -59,14 +59,12 @@
#include <stdio.h>
#include "cryptlib.h"
-#ifndef OPENSSL_NO_SHA
-
-# include <openssl/evp.h>
-# include <openssl/objects.h>
-# include <openssl/sha.h>
-# ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-# endif
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/sha.h>
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
static int init(EVP_MD_CTX *ctx)
{
@@ -102,4 +100,3 @@ const EVP_MD *EVP_dss1(void)
{
return (&dss1_md);
}
-#endif
diff --git a/crypto/evp/m_ecdsa.c b/crypto/evp/m_ecdsa.c
index b774e41..181f19f 100644
--- a/crypto/evp/m_ecdsa.c
+++ b/crypto/evp/m_ecdsa.c
@@ -115,8 +115,6 @@
#include <openssl/objects.h>
#include <openssl/sha.h>
-#ifndef OPENSSL_NO_SHA
-
static int init(EVP_MD_CTX *ctx)
{
return SHA1_Init(ctx->md_data);
@@ -151,4 +149,3 @@ const EVP_MD *EVP_ecdsa(void)
{
return (&ecdsa_md);
}
-#endif
diff --git a/crypto/evp/m_sha.c b/crypto/evp/m_sha.c
deleted file mode 100644
index 548fae4..0000000
--- a/crypto/evp/m_sha.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/* crypto/evp/m_sha.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
-
-# include <openssl/evp.h>
-# include <openssl/objects.h>
-# include <openssl/x509.h>
-# ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-# endif
-
-static int init(EVP_MD_CTX *ctx)
-{
- return SHA_Init(ctx->md_data);
-}
-
-static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
- return SHA_Update(ctx->md_data, data, count);
-}
-
-static int final(EVP_MD_CTX *ctx, unsigned char *md)
-{
- return SHA_Final(md, ctx->md_data);
-}
-
-static const EVP_MD sha_md = {
- NID_sha,
- NID_shaWithRSAEncryption,
- SHA_DIGEST_LENGTH,
- 0,
- init,
- update,
- final,
- NULL,
- NULL,
- EVP_PKEY_RSA_method,
- SHA_CBLOCK,
- sizeof(EVP_MD *) + sizeof(SHA_CTX),
-};
-
-const EVP_MD *EVP_sha(void)
-{
- return (&sha_md);
-}
-#endif
diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c
index 83edc40..9ab8c90 100644
--- a/crypto/evp/m_sha1.c
+++ b/crypto/evp/m_sha1.c
@@ -59,14 +59,12 @@
#include <stdio.h>
#include "cryptlib.h"
-#ifndef OPENSSL_NO_SHA
-
-# include <openssl/evp.h>
-# include <openssl/objects.h>
-# include <openssl/sha.h>
-# ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-# endif
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/sha.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
static int init(EVP_MD_CTX *ctx)
{
@@ -102,9 +100,7 @@ const EVP_MD *EVP_sha1(void)
{
return (&sha1_md);
}
-#endif
-#ifndef OPENSSL_NO_SHA256
static int init224(EVP_MD_CTX *ctx)
{
return SHA224_Init(ctx->md_data);
@@ -169,9 +165,7 @@ const EVP_MD *EVP_sha256(void)
{
return (&sha256_md);
}
-#endif /* ifndef OPENSSL_NO_SHA256 */
-#ifndef OPENSSL_NO_SHA512
static int init384(EVP_MD_CTX *ctx)
{
return SHA384_Init(ctx->md_data);
@@ -232,4 +226,3 @@ const EVP_MD *EVP_sha512(void)
{
return (&sha512_md);
}
-#endif /* ifndef OPENSSL_NO_SHA512 */
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index f2ae1e5..b9c4dcb 100644
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -59,7 +59,7 @@
#include <stdio.h>
#include <stdlib.h>
#include "cryptlib.h"
-#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA)
+#if !defined(OPENSSL_NO_HMAC)
# include <openssl/x509.h>
# include <openssl/evp.h>
# include <openssl/hmac.h>
diff --git a/crypto/evp/p5_crpt2_test.c b/crypto/evp/p5_crpt2_test.c
index 451c580..01661b1 100644
--- a/crypto/evp/p5_crpt2_test.c
+++ b/crypto/evp/p5_crpt2_test.c
@@ -60,14 +60,6 @@
#include <openssl/err.h>
#include <openssl/conf.h>
-#ifdef OPENSSL_NO_SHA
-int main(int argc, char *argv[])
-{
- printf("No SHA support\n");
- return (0);
-}
-#else
-
typedef struct {
const char *pass;
int passlen;
@@ -200,15 +192,9 @@ int main(int argc, char **argv)
printf("PKCS5_PBKDF2_HMAC() tests ");
for (i = 0; test->pass != NULL; i++, test++) {
-# ifndef OPENSSL_NO_SHA0
test_p5_pbkdf2(i, "sha1", test, sha1_results[i]);
-# endif
-# ifndef OPENSSL_NO_SHA256
test_p5_pbkdf2(i, "sha256", test, sha256_results[i]);
-# endif
-# ifndef OPENSSL_NO_SHA512
test_p5_pbkdf2(i, "sha512", test, sha512_results[i]);
-# endif
printf(".");
}
printf(" done\n");
@@ -223,4 +209,3 @@ int main(int argc, char **argv)
CRYPTO_mem_leaks_fp(stderr);
return 0;
}
-#endif /* OPENSSL_NO_SHA */
diff --git a/crypto/lhash/lhash.h b/crypto/lhash/lhash.h
index 92ec80a..cb01854 100644
--- a/crypto/lhash/lhash.h
+++ b/crypto/lhash/lhash.h
@@ -178,6 +178,10 @@ void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg);
unsigned long lh_strhash(const char *c);
unsigned long lh_num_items(const _LHASH *lh);
+# ifndef OPENSSL_NO_STDIO
+void lh_stats(const _LHASH *lh, FILE *fp);
+void lh_node_stats(const _LHASH *lh, FILE *fp);
+# endif
void lh_stats_bio(const _LHASH *lh, BIO *out);
void lh_node_stats_bio(const _LHASH *lh, BIO *out);
void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out);
diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
index 442a5b6..24ca40e 100644
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@@ -81,10 +81,8 @@ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
X509_NAME *iname;
ASN1_INTEGER *serial;
ASN1_BIT_STRING *ikey;
-#ifndef OPENSSL_NO_SHA1
if (!dgst)
dgst = EVP_sha1();
-#endif
if (subject) {
iname = X509_get_issuer_name(subject);
serial = X509_get_serialNumber(subject);
diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h
index e2f7844..3ced44d 100644
--- a/crypto/rand/rand_lcl.h
+++ b/crypto/rand/rand_lcl.h
@@ -115,17 +115,7 @@
# define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */
# if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
-# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
-# define USE_SHA1_RAND
-# elif !defined(OPENSSL_NO_MD5)
-# define USE_MD5_RAND
-# elif !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
-# define USE_MDC2_RAND
-# elif !defined(OPENSSL_NO_MD2)
-# define USE_MD2_RAND
-# else
-# error No message digest algorithm available
-# endif
+# define USE_SHA1_RAND
# endif
# include <openssl/evp.h>
diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c
index b8d9221..73a8e07 100644
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -193,11 +193,9 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
case RSA_PKCS1_PADDING:
i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen);
break;
-# ifndef OPENSSL_NO_SHA
case RSA_PKCS1_OAEP_PADDING:
i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
break;
-# endif
case RSA_SSLV23_PADDING:
i = RSA_padding_add_SSLv23(buf, num, from, flen);
break;
@@ -603,11 +601,9 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
case RSA_PKCS1_PADDING:
r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num);
break;
-# ifndef OPENSSL_NO_SHA
case RSA_PKCS1_OAEP_PADDING:
r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0);
break;
-# endif
case RSA_SSLV23_PADDING:
r = RSA_padding_check_SSLv23(to, num, buf, j, num);
break;
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index ebaad1a..ab8f9ec 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -19,14 +19,13 @@
#include "constant_time_locl.h"
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
-# include <stdio.h>
-# include "cryptlib.h"
-# include <openssl/bn.h>
-# include <openssl/rsa.h>
-# include <openssl/evp.h>
-# include <openssl/rand.h>
-# include <openssl/sha.h>
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
const unsigned char *from, int flen,
@@ -76,11 +75,11 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
if (RAND_bytes(seed, mdlen) <= 0)
return 0;
-# ifdef PKCS_TESTVECT
+#ifdef PKCS_TESTVECT
memcpy(seed,
"\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
20);
-# endif
+#endif
dbmask = OPENSSL_malloc(emlen - mdlen);
if (dbmask == NULL) {
@@ -279,5 +278,3 @@ int PKCS1_MGF1(unsigned char *mask, long len,
EVP_MD_CTX_cleanup(&c);
return rv;
}
-
-#endif
diff --git a/crypto/sha/Makefile b/crypto/sha/Makefile
index a8c0cf7..c72bba6 100644
--- a/crypto/sha/Makefile
+++ b/crypto/sha/Makefile
@@ -22,8 +22,8 @@ TEST=shatest.c sha1test.c sha256t.c sha512t.c
APPS=
LIB=$(TOP)/libcrypto.a
-LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c sha256.c sha512.c
-LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o sha256.o sha512.o $(SHA1_ASM_OBJ)
+LIBSRC=sha1dgst.c sha1_one.c sha256.c sha512.c
+LIBOBJ=sha1dgst.o sha1_one.o sha256.o sha512.o $(SHA1_ASM_OBJ)
SRC= $(LIBSRC)
@@ -162,14 +162,3 @@ sha512.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
sha512.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
sha512.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
sha512.o: ../cryptlib.h sha512.c
-sha_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-sha_dgst.o: ../../include/openssl/opensslconf.h
-sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-sha_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-sha_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h
-sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-sha_one.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-sha_one.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-sha_one.o: ../../include/openssl/symhacks.h sha_one.c
diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h
index d76790b..e35f328 100644
--- a/crypto/sha/sha.h
+++ b/crypto/sha/sha.h
@@ -66,10 +66,6 @@
extern "C" {
#endif
-# if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1))
-# error SHA is disabled.
-# endif
-
/*-
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
* ! SHA_LONG has to be at least 32 bits wide. !
@@ -91,26 +87,15 @@ typedef struct SHAstate_st {
unsigned int num;
} SHA_CTX;
-# ifndef OPENSSL_NO_SHA0
-int SHA_Init(SHA_CTX *c);
-int SHA_Update(SHA_CTX *c, const void *data, size_t len);
-int SHA_Final(unsigned char *md, SHA_CTX *c);
-unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md);
-void SHA_Transform(SHA_CTX *c, const unsigned char *data);
-# endif
-# ifndef OPENSSL_NO_SHA1
int SHA1_Init(SHA_CTX *c);
int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
int SHA1_Final(unsigned char *md, SHA_CTX *c);
unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md);
void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
-# endif
# define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a
* contiguous array of 32 bit wide
* big-endian values. */
-# define SHA224_DIGEST_LENGTH 28
-# define SHA256_DIGEST_LENGTH 32
typedef struct SHA256state_st {
SHA_LONG h[8];
@@ -119,7 +104,6 @@ typedef struct SHA256state_st {
unsigned int num, md_len;
} SHA256_CTX;
-# ifndef OPENSSL_NO_SHA256
int SHA224_Init(SHA256_CTX *c);
int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
int SHA224_Final(unsigned char *md, SHA256_CTX *c);
@@ -129,12 +113,12 @@ int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
int SHA256_Final(unsigned char *md, SHA256_CTX *c);
unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
-# endif
+# define SHA224_DIGEST_LENGTH 28
+# define SHA256_DIGEST_LENGTH 32
# define SHA384_DIGEST_LENGTH 48
# define SHA512_DIGEST_LENGTH 64
-# ifndef OPENSSL_NO_SHA512
/*
* Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64
* being exactly 64-bit wide. See Implementation Notes in sha512.c
@@ -145,17 +129,17 @@ void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
* contiguous array of 64 bit
* wide big-endian values.
*/
-# define SHA512_CBLOCK (SHA_LBLOCK*8)
-# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
-# define SHA_LONG64 unsigned __int64
-# define U64(C) C##UI64
-# elif defined(__arch64__)
-# define SHA_LONG64 unsigned long
-# define U64(C) C##UL
-# else
-# define SHA_LONG64 unsigned long long
-# define U64(C) C##ULL
-# endif
+# define SHA512_CBLOCK (SHA_LBLOCK*8)
+# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+# define SHA_LONG64 unsigned __int64
+# define U64(C) C##UI64
+# elif defined(__arch64__)
+# define SHA_LONG64 unsigned long
+# define U64(C) C##UL
+# else
+# define SHA_LONG64 unsigned long long
+# define U64(C) C##ULL
+# endif
typedef struct SHA512state_st {
SHA_LONG64 h[8];
@@ -166,9 +150,7 @@ typedef struct SHA512state_st {
} u;
unsigned int num, md_len;
} SHA512_CTX;
-# endif
-# ifndef OPENSSL_NO_SHA512
int SHA384_Init(SHA512_CTX *c);
int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
int SHA384_Final(unsigned char *md, SHA512_CTX *c);
@@ -178,7 +160,6 @@ int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
int SHA512_Final(unsigned char *md, SHA512_CTX *c);
unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md);
void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);
-# endif
#ifdef __cplusplus
}
diff --git a/crypto/sha/sha1_one.c b/crypto/sha/sha1_one.c
index a6dd760..4a59115 100644
--- a/crypto/sha/sha1_one.c
+++ b/crypto/sha/sha1_one.c
@@ -61,7 +61,6 @@
#include <openssl/crypto.h>
#include <openssl/sha.h>
-#ifndef OPENSSL_NO_SHA1
unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
{
SHA_CTX c;
@@ -76,4 +75,3 @@ unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
OPENSSL_cleanse(&c, sizeof(c));
return (md);
}
-#endif
diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c
index a67f1fe..9f1b8f0 100644
--- a/crypto/sha/sha1dgst.c
+++ b/crypto/sha/sha1dgst.c
@@ -58,10 +58,6 @@
#include <openssl/crypto.h>
#include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
-
-# undef SHA_0
-# define SHA_1
# include <openssl/opensslv.h>
@@ -70,5 +66,3 @@ const char SHA1_version[] = "SHA1" OPENSSL_VERSION_PTEXT;
/* The implementation is in ../md32_common.h */
# include "sha_locl.h"
-
-#endif
diff --git a/crypto/sha/sha1test.c b/crypto/sha/sha1test.c
index 0052a95..cc3633d 100644
--- a/crypto/sha/sha1test.c
+++ b/crypto/sha/sha1test.c
@@ -61,23 +61,12 @@
#include <stdlib.h>
#include "../e_os.h"
+#include <openssl/evp.h>
+#include <openssl/sha.h>
-#ifdef OPENSSL_NO_SHA
-int main(int argc, char *argv[])
-{
- printf("No SHA support\n");
- return (0);
-}
-#else
-# include <openssl/evp.h>
-# include <openssl/sha.h>
-
-# ifdef CHARSET_EBCDIC
-# include <openssl/ebcdic.h>
-# endif
-
-# undef SHA_0 /* FIPS 180 */
-# define SHA_1 /* FIPS 180-1 */
+#ifdef CHARSET_EBCDIC
+# include <openssl/ebcdic.h>
+#endif
static char *test[] = {
"abc",
@@ -85,22 +74,12 @@ static char *test[] = {
NULL,
};
-# ifdef SHA_0
-static char *ret[] = {
- "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
- "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
-};
-
-static char *bigret = "3232affa48628a26653b5aaa44541fd90d690603";
-# endif
-# ifdef SHA_1
static char *ret[] = {
"a9993e364706816aba3e25717850c26c9cd0d89d",
"84983e441c3bd26ebaae4aa1f95129e5e54670f1",
};
static char *bigret = "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
-# endif
static char *pt(unsigned char *md);
int main(int argc, char *argv[])
@@ -112,10 +91,10 @@ int main(int argc, char *argv[])
EVP_MD_CTX c;
unsigned char md[SHA_DIGEST_LENGTH];
-# ifdef CHARSET_EBCDIC
+#ifdef CHARSET_EBCDIC
ebcdic2ascii(test[0], test[0], strlen(test[0]));
ebcdic2ascii(test[1], test[1], strlen(test[1]));
-# endif
+#endif
EVP_MD_CTX_init(&c);
P = test;
@@ -136,9 +115,9 @@ int main(int argc, char *argv[])
}
memset(buf, 'a', 1000);
-# ifdef CHARSET_EBCDIC
+#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, 1000);
-# endif /* CHARSET_EBCDIC */
+#endif /* CHARSET_EBCDIC */
EVP_DigestInit_ex(&c, EVP_sha1(), NULL);
for (i = 0; i < 1000; i++)
EVP_DigestUpdate(&c, buf, 1000);
@@ -153,10 +132,10 @@ int main(int argc, char *argv[])
} else
printf("test 3 ok\n");
-# ifdef OPENSSL_SYS_NETWARE
+#ifdef OPENSSL_SYS_NETWARE
if (err)
printf("ERROR: %d\n", err);
-# endif
+#endif
EXIT(err);
EVP_MD_CTX_cleanup(&c);
return (0);
@@ -171,4 +150,3 @@ static char *pt(unsigned char *md)
sprintf(&(buf[i * 2]), "%02x", md[i]);
return (buf);
}
-#endif
diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c
index 92d8dd8..eec0cad 100644
--- a/crypto/sha/sha256.c
+++ b/crypto/sha/sha256.c
@@ -5,14 +5,13 @@
* ====================================================================
*/
#include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
-# include <stdlib.h>
-# include <string.h>
+#include <stdlib.h>
+#include <string.h>
-# include <openssl/crypto.h>
-# include <openssl/sha.h>
-# include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+#include <openssl/opensslv.h>
const char SHA256_version[] = "SHA-256" OPENSSL_VERSION_PTEXT;
@@ -84,11 +83,12 @@ int SHA224_Final(unsigned char *md, SHA256_CTX *c)
return SHA256_Final(md, c);
}
-# define DATA_ORDER_IS_BIG_ENDIAN
+#define DATA_ORDER_IS_BIG_ENDIAN
+
+#define HASH_LONG SHA_LONG
+#define HASH_CTX SHA256_CTX
+#define HASH_CBLOCK SHA_CBLOCK
-# define HASH_LONG SHA_LONG
-# define HASH_CTX SHA256_CTX
-# define HASH_CBLOCK SHA_CBLOCK
/*
* Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
* default: case below covers for it. It's not clear however if it's
@@ -97,7 +97,7 @@ int SHA224_Final(unsigned char *md, SHA256_CTX *c)
* Idea behind separate cases for pre-defined lenghts is to let the
* compiler decide if it's appropriate to unroll small loops.
*/
-# define HASH_MAKE_STRING(c,s) do { \
+#define HASH_MAKE_STRING(c,s) do { \
unsigned long ll; \
unsigned int nn; \
switch ((c)->md_len) \
@@ -118,18 +118,18 @@ int SHA224_Final(unsigned char *md, SHA256_CTX *c)
} \
} while (0)
-# define HASH_UPDATE SHA256_Update
-# define HASH_TRANSFORM SHA256_Transform
-# define HASH_FINAL SHA256_Final
-# define HASH_BLOCK_DATA_ORDER sha256_block_data_order
-# ifndef SHA256_ASM
+#define HASH_UPDATE SHA256_Update
+#define HASH_TRANSFORM SHA256_Transform
+#define HASH_FINAL SHA256_Final
+#define HASH_BLOCK_DATA_ORDER sha256_block_data_order
+#ifndef SHA256_ASM
static
-# endif
+#endif
void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num);
-# include "md32_common.h"
+#include "md32_common.h"
-# ifndef SHA256_ASM
+#ifndef SHA256_ASM
static const SHA_LONG K256[64] = {
0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
@@ -154,15 +154,15 @@ static const SHA_LONG K256[64] = {
* is left one. This is why you might notice that rotation coefficients
* differ from those observed in FIPS document by 32-N...
*/
-# define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
-# define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
-# define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
-# define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
+# define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
+# define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
+# define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
+# define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
-# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
-# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
-# ifdef OPENSSL_SMALL_FOOTPRINT
+# ifdef OPENSSL_SMALL_FOOTPRINT
static void sha256_block_data_order(SHA256_CTX *ctx, const void *in,
size_t num)
@@ -229,14 +229,14 @@ static void sha256_block_data_order(SHA256_CTX *ctx, const void *in,
}
}
-# else
+# else
-# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
+# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \
h = Sigma0(a) + Maj(a,b,c); \
d += T1; h += T1; } while (0)
-# define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \
+# define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \
s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \
s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \
T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \
@@ -381,7 +381,5 @@ static void sha256_block_data_order(SHA256_CTX *ctx, const void *in,
}
}
-# endif
-# endif /* SHA256_ASM */
-
-#endif /* OPENSSL_NO_SHA256 */
+# endif
+#endif /* SHA256_ASM */
diff --git a/crypto/sha/sha256t.c b/crypto/sha/sha256t.c
index 476702c..0872f34 100644
--- a/crypto/sha/sha256t.c
+++ b/crypto/sha/sha256t.c
@@ -10,14 +10,6 @@
#include <openssl/sha.h>
#include <openssl/evp.h>
-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA256)
-int main(int argc, char *argv[])
-{
- printf("No SHA256 support\n");
- return (0);
-}
-#else
-
unsigned char app_b1[SHA256_DIGEST_LENGTH] = {
0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
@@ -159,4 +151,3 @@ int main(int argc, char **argv)
return 0;
}
-#endif
diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c
index d79c2a0..f934c74 100644
--- a/crypto/sha/sha512.c
+++ b/crypto/sha/sha512.c
@@ -5,7 +5,6 @@
* ====================================================================
*/
#include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
/*-
* IMPLEMENTATION NOTES.
*
@@ -41,24 +40,24 @@
* 16-bit platforms.
* <appro at fy.chalmers.se>
*/
-# include <stdlib.h>
-# include <string.h>
+#include <stdlib.h>
+#include <string.h>
-# include <openssl/crypto.h>
-# include <openssl/sha.h>
-# include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+#include <openssl/opensslv.h>
-# include "cryptlib.h"
+#include "cryptlib.h"
const char SHA512_version[] = "SHA-512" OPENSSL_VERSION_PTEXT;
-# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
defined(__s390__) || defined(__s390x__) || \
defined(__aarch64__) || \
defined(SHA512_ASM)
-# define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
-# endif
+# define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+#endif
int SHA384_Init(SHA512_CTX *c)
{
@@ -96,9 +95,9 @@ int SHA512_Init(SHA512_CTX *c)
return 1;
}
-# ifndef SHA512_ASM
+#ifndef SHA512_ASM
static
-# endif
+#endif
void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num);
int SHA512_Final(unsigned char *md, SHA512_CTX *c)
@@ -113,10 +112,10 @@ int SHA512_Final(unsigned char *md, SHA512_CTX *c)
sha512_block_data_order(c, p, 1);
memset(p + n, 0, sizeof(c->u) - 16 - n);
-# ifdef B_ENDIAN
+#ifdef B_ENDIAN
c->u.d[SHA_LBLOCK - 2] = c->Nh;
c->u.d[SHA_LBLOCK - 1] = c->Nl;
-# else
+#else
p[sizeof(c->u) - 1] = (unsigned char)(c->Nl);
p[sizeof(c->u) - 2] = (unsigned char)(c->Nl >> 8);
p[sizeof(c->u) - 3] = (unsigned char)(c->Nl >> 16);
@@ -133,7 +132,7 @@ int SHA512_Final(unsigned char *md, SHA512_CTX *c)
p[sizeof(c->u) - 14] = (unsigned char)(c->Nh >> 40);
p[sizeof(c->u) - 15] = (unsigned char)(c->Nh >> 48);
p[sizeof(c->u) - 16] = (unsigned char)(c->Nh >> 56);
-# endif
+#endif
sha512_block_data_order(c, p, 1);
@@ -213,14 +212,14 @@ int SHA512_Update(SHA512_CTX *c, const void *_data, size_t len)
}
if (len >= sizeof(c->u)) {
-# ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
if ((size_t)data % sizeof(c->u.d[0]) != 0)
while (len >= sizeof(c->u))
memcpy(p, data, sizeof(c->u)),
sha512_block_data_order(c, p, 1),
len -= sizeof(c->u), data += sizeof(c->u);
else
-# endif
+#endif
sha512_block_data_order(c, data, len / sizeof(c->u)),
data += len, len %= sizeof(c->u), data -= len;
}
@@ -238,10 +237,10 @@ int SHA384_Update(SHA512_CTX *c, const void *data, size_t len)
void SHA512_Transform(SHA512_CTX *c, const unsigned char *data)
{
-# ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
if ((size_t)data % sizeof(c->u.d[0]) != 0)
memcpy(c->u.p, data, sizeof(c->u.p)), data = c->u.p;
-# endif
+#endif
sha512_block_data_order(c, data, 1);
}
@@ -273,7 +272,7 @@ unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
return (md);
}
-# ifndef SHA512_ASM
+#ifndef SHA512_ASM
static const SHA_LONG64 K512[80] = {
U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd),
U64(0xb5c0fbcfec4d3b2f), U64(0xe9b5dba58189dbbc),
@@ -317,23 +316,23 @@ static const SHA_LONG64 K512[80] = {
U64(0x5fcb6fab3ad6faec), U64(0x6c44198c4a475817)
};
-# ifndef PEDANTIC
-# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-# if defined(__x86_64) || defined(__x86_64__)
-# define ROTR(a,n) ({ SHA_LONG64 ret; \
+# ifndef PEDANTIC
+# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+# if defined(__x86_64) || defined(__x86_64__)
+# define ROTR(a,n) ({ SHA_LONG64 ret; \
asm ("rorq %1,%0" \
: "=r"(ret) \
: "J"(n),"0"(a) \
: "cc"); ret; })
-# if !defined(B_ENDIAN)
-# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \
+# if !defined(B_ENDIAN)
+# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \
asm ("bswapq %0" \
: "=r"(ret) \
: "0"(ret)); ret; })
-# endif
-# elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN)
-# if defined(I386_ONLY)
-# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
+# endif
+# elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN)
+# if defined(I386_ONLY)
+# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
unsigned int hi=p[0],lo=p[1]; \
asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\
"roll $16,%%eax; roll $16,%%edx; "\
@@ -341,39 +340,39 @@ static const SHA_LONG64 K512[80] = {
: "=a"(lo),"=d"(hi) \
: "0"(lo),"1"(hi) : "cc"); \
((SHA_LONG64)hi)<<32|lo; })
-# else
-# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
+# else
+# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
unsigned int hi=p[0],lo=p[1]; \
asm ("bswapl %0; bswapl %1;" \
: "=r"(lo),"=r"(hi) \
: "0"(lo),"1"(hi)); \
((SHA_LONG64)hi)<<32|lo; })
-# endif
-# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64)
-# define ROTR(a,n) ({ SHA_LONG64 ret; \
+# endif
+# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64)
+# define ROTR(a,n) ({ SHA_LONG64 ret; \
asm ("rotrdi %0,%1,%2" \
: "=r"(ret) \
: "r"(a),"K"(n)); ret; })
-# elif defined(__aarch64__)
-# define ROTR(a,n) ({ SHA_LONG64 ret; \
+# elif defined(__aarch64__)
+# define ROTR(a,n) ({ SHA_LONG64 ret; \
asm ("ror %0,%1,%2" \
: "=r"(ret) \
: "r"(a),"I"(n)); ret; })
-# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
+# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
__BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
-# define PULL64(x) ({ SHA_LONG64 ret; \
+# define PULL64(x) ({ SHA_LONG64 ret; \
asm ("rev %0,%1" \
: "=r"(ret) \
: "r"(*((const SHA_LONG64 *)(&(x))))); ret; })
-# endif
# endif
-# elif defined(_MSC_VER)
-# if defined(_WIN64) /* applies to both IA-64 and AMD64 */
-# pragma intrinsic(_rotr64)
-# define ROTR(a,n) _rotr64((a),n)
-# endif
-# if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-# if defined(I386_ONLY)
+# endif
+# elif defined(_MSC_VER)
+# if defined(_WIN64) /* applies to both IA-64 and AMD64 */
+# pragma intrinsic(_rotr64)
+# define ROTR(a,n) _rotr64((a),n)
+# endif
+# if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+# if defined(I386_ONLY)
static SHA_LONG64 __fastcall __pull64be(const void *x)
{
_asm mov edx,[ecx + 0]
@@ -381,34 +380,34 @@ static SHA_LONG64 __fastcall __pull64be(const void *x)
_asm xchg dh, dl
_asm xchg ah, al
_asm rol edx, 16 _asm rol eax, 16 _asm xchg dh, dl _asm xchg ah, al}
-# else
+# else
static SHA_LONG64 __fastcall __pull64be(const void *x)
{
_asm mov edx,[ecx + 0]
_asm mov eax,[ecx + 4]
_asm bswap edx _asm bswap eax}
-# endif
-# define PULL64(x) __pull64be(&(x))
-# if _MSC_VER<=1200
-# pragma inline_depth(0)
-# endif
+# endif
+# define PULL64(x) __pull64be(&(x))
+# if _MSC_VER<=1200
+# pragma inline_depth(0)
# endif
# endif
# endif
-# ifndef PULL64
-# define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8))
-# define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
-# endif
-# ifndef ROTR
-# define ROTR(x,s) (((x)>>s) | (x)<<(64-s))
-# endif
-# define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
-# define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
-# define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7))
-# define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
-# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
-# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
-# if defined(__i386) || defined(__i386__) || defined(_M_IX86)
+# endif
+# ifndef PULL64
+# define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8))
+# define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
+# endif
+# ifndef ROTR
+# define ROTR(x,s) (((x)>>s) | (x)<<(64-s))
+# endif
+# define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
+# define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
+# define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7))
+# define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
+# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86)
/*
* This code should give better results on 32-bit CPU with less than
* ~24 registers, both size and performance wise...
@@ -433,11 +432,11 @@ _asm bswap edx _asm bswap eax}
F[7] = ctx->h[7];
for (i = 0; i < 16; i++, F--) {
-# ifdef B_ENDIAN
+# ifdef B_ENDIAN
T = W[i];
-# else
+# else
T = PULL64(W[i]);
-# endif
+# endif
F[0] = A;
F[4] = E;
F[8] = T;
@@ -472,7 +471,7 @@ _asm bswap edx _asm bswap eax}
}
}
-# elif defined(OPENSSL_SMALL_FOOTPRINT)
+# elif defined(OPENSSL_SMALL_FOOTPRINT)
static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
size_t num)
{
@@ -493,11 +492,11 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
h = ctx->h[7];
for (i = 0; i < 16; i++) {
-# ifdef B_ENDIAN
+# ifdef B_ENDIAN
T1 = X[i] = W[i];
-# else
+# else
T1 = X[i] = PULL64(W[i]);
-# endif
+# endif
T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i];
T2 = Sigma0(a) + Maj(a, b, c);
h = g;
@@ -542,12 +541,12 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
}
}
-# else
-# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
+# else
+# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \
h = Sigma0(a) + Maj(a,b,c); \
d += T1; h += T1; } while (0)
-# define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X) do { \
+# define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X) do { \
s0 = X[(j+1)&0x0f]; s0 = sigma0(s0); \
s1 = X[(j+14)&0x0f]; s1 = sigma1(s1); \
T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f]; \
@@ -571,7 +570,7 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
g = ctx->h[6];
h = ctx->h[7];
-# ifdef B_ENDIAN
+# ifdef B_ENDIAN
T1 = X[0] = W[0];
ROUND_00_15(0, a, b, c, d, e, f, g, h);
T1 = X[1] = W[1];
@@ -604,7 +603,7 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
ROUND_00_15(14, c, d, e, f, g, h, a, b);
T1 = X[15] = W[15];
ROUND_00_15(15, b, c, d, e, f, g, h, a);
-# else
+# else
T1 = X[0] = PULL64(W[0]);
ROUND_00_15(0, a, b, c, d, e, f, g, h);
T1 = X[1] = PULL64(W[1]);
@@ -637,7 +636,7 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
ROUND_00_15(14, c, d, e, f, g, h, a, b);
T1 = X[15] = PULL64(W[15]);
ROUND_00_15(15, b, c, d, e, f, g, h, a);
-# endif
+# endif
for (i = 16; i < 80; i += 16) {
ROUND_16_80(i, 0, a, b, c, d, e, f, g, h, X);
@@ -671,14 +670,6 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
}
}
-# endif
-
-# endif /* SHA512_ASM */
-
-#else /* !OPENSSL_NO_SHA512 */
-
-# if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX)
-static void *dummy = &dummy;
# endif
-#endif /* !OPENSSL_NO_SHA512 */
+#endif /* SHA512_ASM */
diff --git a/crypto/sha/sha512t.c b/crypto/sha/sha512t.c
index 178882f..a4d4b5e 100644
--- a/crypto/sha/sha512t.c
+++ b/crypto/sha/sha512t.c
@@ -11,14 +11,6 @@
#include <openssl/evp.h>
#include <openssl/crypto.h>
-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA512)
-int main(int argc, char *argv[])
-{
- printf("No SHA512 support\n");
- return (0);
-}
-#else
-
unsigned char app_c1[SHA512_DIGEST_LENGTH] = {
0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba,
0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31,
@@ -193,4 +185,3 @@ int main(int argc, char **argv)
return 0;
}
-#endif
diff --git a/crypto/sha/sha_dgst.c b/crypto/sha/sha_dgst.c
deleted file mode 100644
index f77cf5e..0000000
--- a/crypto/sha/sha_dgst.c
+++ /dev/null
@@ -1,74 +0,0 @@
-/* crypto/sha/sha1dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/crypto.h>
-#include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
-
-# undef SHA_1
-# define SHA_0
-
-# include <openssl/opensslv.h>
-
-const char SHA_version[] = "SHA" OPENSSL_VERSION_PTEXT;
-
-/* The implementation is in ../md32_common.h */
-
-# include "sha_locl.h"
-
-#endif
diff --git a/crypto/sha/sha_locl.h b/crypto/sha/sha_locl.h
index 2a44f57..af62d9e 100644
--- a/crypto/sha/sha_locl.h
+++ b/crypto/sha/sha_locl.h
@@ -76,35 +76,19 @@
ll=(c)->h4; (void)HOST_l2c(ll,(s)); \
} while (0)
-#if defined(SHA_0)
-
-# define HASH_UPDATE SHA_Update
-# define HASH_TRANSFORM SHA_Transform
-# define HASH_FINAL SHA_Final
-# define HASH_INIT SHA_Init
-# define HASH_BLOCK_DATA_ORDER sha_block_data_order
-# define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id))
-
-static void sha_block_data_order(SHA_CTX *c, const void *p, size_t num);
-
-#elif defined(SHA_1)
-
-# define HASH_UPDATE SHA1_Update
-# define HASH_TRANSFORM SHA1_Transform
-# define HASH_FINAL SHA1_Final
-# define HASH_INIT SHA1_Init
-# define HASH_BLOCK_DATA_ORDER sha1_block_data_order
-# define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \
+#define HASH_UPDATE SHA1_Update
+#define HASH_TRANSFORM SHA1_Transform
+#define HASH_FINAL SHA1_Final
+#define HASH_INIT SHA1_Init
+#define HASH_BLOCK_DATA_ORDER sha1_block_data_order
+#define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \
ix=(a)=ROTATE((a),1) \
)
-# ifndef SHA1_ASM
-static
-# endif
-void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
-
+#ifndef SHA1_ASM
+static void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
#else
-# error "Either SHA_0 or SHA_1 must be defined."
+void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
#endif
#include "md32_common.h"
@@ -197,7 +181,7 @@ int HASH_INIT(SHA_CTX *c)
# define X(i) XX[i]
# endif
-# if !defined(SHA_1) || !defined(SHA1_ASM)
+# if !defined(SHA1_ASM)
static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num)
{
const unsigned char *data = p;
@@ -431,7 +415,7 @@ static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num)
E=D, D=C, C=ROTATE(B,30), B=A; \
A=ROTATE(A,5)+T+xa; } while(0)
-# if !defined(SHA_1) || !defined(SHA1_ASM)
+# if !defined(SHA1_ASM)
static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num)
{
const unsigned char *data = p;
diff --git a/crypto/sha/sha_one.c b/crypto/sha/sha_one.c
deleted file mode 100644
index 0930b98..0000000
--- a/crypto/sha/sha_one.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/* crypto/sha/sha_one.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/sha.h>
-#include <openssl/crypto.h>
-
-#ifndef OPENSSL_NO_SHA0
-unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md)
-{
- SHA_CTX c;
- static unsigned char m[SHA_DIGEST_LENGTH];
-
- if (md == NULL)
- md = m;
- if (!SHA_Init(&c))
- return NULL;
- SHA_Update(&c, d, n);
- SHA_Final(md, &c);
- OPENSSL_cleanse(&c, sizeof(c));
- return (md);
-}
-#endif
diff --git a/crypto/sha/shatest.c b/crypto/sha/shatest.c
deleted file mode 100644
index 105060a..0000000
--- a/crypto/sha/shatest.c
+++ /dev/null
@@ -1,174 +0,0 @@
-/* crypto/sha/shatest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0)
-int main(int argc, char *argv[])
-{
- printf("No SHA0 support\n");
- return (0);
-}
-#else
-# include <openssl/evp.h>
-# include <openssl/sha.h>
-
-# ifdef CHARSET_EBCDIC
-# include <openssl/ebcdic.h>
-# endif
-
-# define SHA_0 /* FIPS 180 */
-# undef SHA_1 /* FIPS 180-1 */
-
-static char *test[] = {
- "abc",
- "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
- NULL,
-};
-
-# ifdef SHA_0
-static char *ret[] = {
- "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
- "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
-};
-
-static char *bigret = "3232affa48628a26653b5aaa44541fd90d690603";
-# endif
-# ifdef SHA_1
-static char *ret[] = {
- "a9993e364706816aba3e25717850c26c9cd0d89d",
- "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
-};
-
-static char *bigret = "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
-# endif
-
-static char *pt(unsigned char *md);
-int main(int argc, char *argv[])
-{
- int i, err = 0;
- char **P, **R;
- static unsigned char buf[1000];
- char *p, *r;
- EVP_MD_CTX c;
- unsigned char md[SHA_DIGEST_LENGTH];
-
-# ifdef CHARSET_EBCDIC
- ebcdic2ascii(test[0], test[0], strlen(test[0]));
- ebcdic2ascii(test[1], test[1], strlen(test[1]));
-# endif
-
- EVP_MD_CTX_init(&c);
- P = test;
- R = ret;
- i = 1;
- while (*P != NULL) {
- EVP_Digest(*P, strlen(*P), md, NULL, EVP_sha(), NULL);
- p = pt(md);
- if (strcmp(p, *R) != 0) {
- printf("error calculating SHA on '%s'\n", *P);
- printf("got %s instead of %s\n", p, *R);
- err++;
- } else
- printf("test %d ok\n", i);
- i++;
- R++;
- P++;
- }
-
- memset(buf, 'a', 1000);
-# ifdef CHARSET_EBCDIC
- ebcdic2ascii(buf, buf, 1000);
-# endif /* CHARSET_EBCDIC */
- EVP_DigestInit_ex(&c, EVP_sha(), NULL);
- for (i = 0; i < 1000; i++)
- EVP_DigestUpdate(&c, buf, 1000);
- EVP_DigestFinal_ex(&c, md, NULL);
- p = pt(md);
-
- r = bigret;
- if (strcmp(p, r) != 0) {
- printf("error calculating SHA on '%s'\n", p);
- printf("got %s instead of %s\n", p, r);
- err++;
- } else
- printf("test 3 ok\n");
-
-# ifdef OPENSSL_SYS_NETWARE
- if (err)
- printf("ERROR: %d\n", err);
-# endif
- EVP_MD_CTX_cleanup(&c);
- EXIT(err);
- return (0);
-}
-
-static char *pt(unsigned char *md)
-{
- int i;
- static char buf[80];
-
- for (i = 0; i < SHA_DIGEST_LENGTH; i++)
- sprintf(&(buf[i * 2]), "%02x", md[i]);
- return (buf);
-}
-#endif
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 13f7531..fae320f 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -97,9 +97,7 @@
# endif
# endif
-# ifndef OPENSSL_NO_SHA
-# include <openssl/sha.h>
-# endif
+# include <openssl/sha.h>
# include <openssl/ossl_typ.h>
#ifdef __cplusplus
@@ -280,9 +278,7 @@ struct x509_st {
NAME_CONSTRAINTS *nc;
STACK_OF(IPAddressFamily) *rfc3779_addr;
struct ASIdentifiers_st *rfc3779_asid;
-# ifndef OPENSSL_NO_SHA
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
-# endif
X509_CERT_AUX *aux;
} /* X509 */ ;
@@ -453,9 +449,7 @@ struct X509_crl_st {
/* CRL and base CRL numbers for delta processing */
ASN1_INTEGER *crl_number;
ASN1_INTEGER *base_crl_number;
-# ifndef OPENSSL_NO_SHA
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
-# endif
STACK_OF(GENERAL_NAMES) *issuers;
const X509_CRL_METHOD *meth;
void *meth_data;
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 49c71b9..04cecad 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -122,12 +122,10 @@ int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
return (X509_NAME_cmp(a->crl->issuer, b->crl->issuer));
}
-#ifndef OPENSSL_NO_SHA
int X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
{
return memcmp(a->sha1_hash, b->sha1_hash, 20);
}
-#endif
X509_NAME *X509_get_issuer_name(X509 *a)
{
@@ -168,7 +166,6 @@ unsigned long X509_subject_name_hash_old(X509 *x)
}
#endif
-#ifndef OPENSSL_NO_SHA
/*
* Compare two certificates: they must be identical for this to work. NB:
* Although "cmp" operations are generally prototyped to take "const"
@@ -197,7 +194,6 @@ int X509_cmp(const X509 *a, const X509 *b)
}
return rv;
}
-#endif
int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
{
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index dfc8c5b..b748e98 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -390,9 +390,7 @@ static void x509v3_cache_extensions(X509 *x)
int i;
if (x->ex_flags & EXFLAG_SET)
return;
-#ifndef OPENSSL_NO_SHA
X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
-#endif
/* V1 should mean no extensions ... */
if (!X509_get_version(x))
x->ex_flags |= EXFLAG_V1;
diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod
index d9fada9..6605507 100644
--- a/doc/crypto/EVP_DigestInit.pod
+++ b/doc/crypto/EVP_DigestInit.pod
@@ -6,7 +6,7 @@ EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
EVP_MD_CTX_copy_ex, EVP_DigestInit, EVP_DigestFinal, EVP_MD_CTX_copy, EVP_MD_type,
EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size,
-EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1,
+EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha1,
EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1, EVP_mdc2,
EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
EVP digest routines
@@ -49,7 +49,6 @@ EVP digest routines
const EVP_MD *EVP_md_null(void);
const EVP_MD *EVP_md2(void);
const EVP_MD *EVP_md5(void);
- const EVP_MD *EVP_sha(void);
const EVP_MD *EVP_sha1(void);
const EVP_MD *EVP_dss(void);
const EVP_MD *EVP_dss1(void);
@@ -134,9 +133,9 @@ return B<NID_sha1WithRSAEncryption>. Since digests and signature algorithms
are no longer linked this function is only retained for compatibility
reasons.
-EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_sha224(), EVP_sha256(),
+EVP_md2(), EVP_md5(), EVP_sha1(), EVP_sha224(), EVP_sha256(),
EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160() return B<EVP_MD>
-structures for the MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2
+structures for the MD2, MD5, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2
and RIPEMD160 digest algorithms respectively.
EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
@@ -165,7 +164,7 @@ corresponding OBJECT IDENTIFIER or NID_undef if none exists.
EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and
EVP_MD_CTX_block_size() return the digest or block size in bytes.
-EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(), EVP_dss(),
EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
corresponding EVP_MD structures.
@@ -269,7 +268,7 @@ EVP_MD_CTX_init(), EVP_MD_CTX_create(), EVP_MD_CTX_copy_ex(),
EVP_MD_CTX_cleanup(), EVP_MD_CTX_destroy(), EVP_DigestInit_ex()
and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7.
-EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(),
EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were
changed to return truly const EVP_MD * in OpenSSL 0.9.7.
diff --git a/engines/e_sureware.c b/engines/e_sureware.c
index dc3e21f..aae568a 100644
--- a/engines/e_sureware.c
+++ b/engines/e_sureware.c
@@ -946,13 +946,11 @@ static int surewarehk_rsa_priv_dec(int flen, const unsigned char *from,
}
memcpy(buf, to, tlen); /* transfert to into buf */
switch (padding) { /* check padding in software */
-# ifndef OPENSSL_NO_SHA
case RSA_PKCS1_OAEP_PADDING:
ret =
RSA_padding_check_PKCS1_OAEP(to, tlen, (unsigned char *)buf,
tlen, tlen, NULL, 0);
break;
-# endif
case RSA_SSLV23_PADDING:
ret =
RSA_padding_check_SSLv23(to, tlen, (unsigned char *)buf, flen,
diff --git a/makevms.com b/makevms.com
index 4705346..331b1be 100755
--- a/makevms.com
+++ b/makevms.com
@@ -566,12 +566,6 @@ $ WRITE H_FILE "#undef SIXTEEN_BIT"
$ WRITE H_FILE "#undef EIGHT_BIT"
$ WRITE H_FILE "#endif"
$!
-$! Oddly enough, the following symbol is tested in crypto/sha/sha512.c
-$! before sha.h gets included (and HEADER_SHA_H defined), so we will not
-$! protect this one...
-$ WRITE H_FILE "#undef OPENSSL_NO_SHA512"
-$ WRITE H_FILE "#define OPENSSL_NO_SHA512"
-$!
$ WRITE H_FILE "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION"
$ WRITE H_FILE "#define OPENSSL_EXPORT_VAR_AS_FUNCTION"
$!
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index e5a04ac..53e3c87 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -328,9 +328,6 @@ static void tls1_sha1_final_raw(void *ctx, unsigned char *md_out)
l2n(sha1->h4, md_out);
}
-#define LARGEST_DIGEST_CTX SHA_CTX
-
-#ifndef OPENSSL_NO_SHA256
static void tls1_sha256_final_raw(void *ctx, unsigned char *md_out)
{
SHA256_CTX *sha256 = ctx;
@@ -341,11 +338,6 @@ static void tls1_sha256_final_raw(void *ctx, unsigned char *md_out)
}
}
-# undef LARGEST_DIGEST_CTX
-# define LARGEST_DIGEST_CTX SHA256_CTX
-#endif
-
-#ifndef OPENSSL_NO_SHA512
static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out)
{
SHA512_CTX *sha512 = ctx;
@@ -356,9 +348,8 @@ static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out)
}
}
-# undef LARGEST_DIGEST_CTX
-# define LARGEST_DIGEST_CTX SHA512_CTX
-#endif
+#undef LARGEST_DIGEST_CTX
+#define LARGEST_DIGEST_CTX SHA512_CTX
/*
* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
@@ -371,14 +362,10 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
switch (EVP_MD_CTX_type(ctx)) {
case NID_md5:
case NID_sha1:
-#ifndef OPENSSL_NO_SHA256
case NID_sha224:
case NID_sha256:
-#endif
-#ifndef OPENSSL_NO_SHA512
case NID_sha384:
case NID_sha512:
-#endif
return 1;
default:
return 0;
@@ -465,7 +452,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
(void (*)(void *ctx, const unsigned char *block))SHA1_Transform;
md_size = 20;
break;
-#ifndef OPENSSL_NO_SHA256
case NID_sha224:
SHA224_Init((SHA256_CTX *)md_state.c);
md_final_raw = tls1_sha256_final_raw;
@@ -480,8 +466,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
(void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
md_size = 32;
break;
-#endif
-#ifndef OPENSSL_NO_SHA512
case NID_sha384:
SHA384_Init((SHA512_CTX *)md_state.c);
md_final_raw = tls1_sha512_final_raw;
@@ -500,7 +484,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
md_block_size = 128;
md_length_size = 16;
break;
-#endif
default:
/*
* ssl3_cbc_record_digest_supported should have been called first to
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 93518b8..a383eee 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2225,11 +2225,7 @@ int ssl3_get_new_session_ticket(SSL *s)
*/
EVP_Digest(p, ticklen,
s->session->session_id, &s->session->session_id_length,
-# ifndef OPENSSL_NO_SHA256
EVP_sha256(), NULL);
-# else
- EVP_sha1(), NULL);
-# endif
ret = 1;
return (ret);
f_err:
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index ccc418a..e929658 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -3385,7 +3385,7 @@ int ssl3_send_newsession_ticket(SSL *s)
EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
tctx->tlsext_tick_aes_key, iv);
HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
- tlsext_tick_md(), NULL);
+ EVP_sha256(), NULL);
memcpy(key_name, tctx->tlsext_tick_key_name, 16);
}
diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c
index fdf1481..3843aef 100644
--- a/ssl/ssl_algs.c
+++ b/ssl/ssl_algs.c
@@ -91,14 +91,10 @@ int SSL_library_init(void)
EVP_add_cipher(EVP_aes_256_cbc());
EVP_add_cipher(EVP_aes_128_gcm());
EVP_add_cipher(EVP_aes_256_gcm());
-# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
-# endif
-# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
-# endif
#endif
#ifndef OPENSSL_NO_CAMELLIA
EVP_add_cipher(EVP_camellia_128_cbc());
@@ -113,20 +109,14 @@ int SSL_library_init(void)
EVP_add_digest(EVP_md5());
EVP_add_digest_alias(SN_md5, "ssl3-md5");
#endif
-#ifndef OPENSSL_NO_SHA
EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
-#endif
-#ifndef OPENSSL_NO_SHA256
EVP_add_digest(EVP_sha224());
EVP_add_digest(EVP_sha256());
-#endif
-#ifndef OPENSSL_NO_SHA512
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
-#endif
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
+#if !defined(OPENSSL_NO_DSA)
EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
@@ -135,11 +125,6 @@ int SSL_library_init(void)
#ifndef OPENSSL_NO_ECDSA
EVP_add_digest(EVP_ecdsa());
#endif
- /* If you want support for phased out ciphers, add the following */
-#if 0
- EVP_add_digest(EVP_sha());
- EVP_add_digest(EVP_dss());
-#endif
#ifndef OPENSSL_NO_COMP
/*
* This will initialise the built-in compression algorithms. The value
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index f58a605..fcf5f8d 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1329,11 +1329,6 @@ int tls1_process_heartbeat(SSL *s);
int dtls1_process_heartbeat(SSL *s);
# endif
-# ifdef OPENSSL_NO_SHA256
-# define tlsext_tick_md EVP_sha1
-# else
-# define tlsext_tick_md EVP_sha256
-# endif
int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
const unsigned char *limit, SSL_SESSION **ret);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 115aab5..6a1ed6a 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -906,17 +906,11 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
tlsext_sigalg_ecdsa(md)
static const unsigned char tls12_sigalgs[] = {
-# ifndef OPENSSL_NO_SHA512
tlsext_sigalg(TLSEXT_hash_sha512)
tlsext_sigalg(TLSEXT_hash_sha384)
-# endif
-# ifndef OPENSSL_NO_SHA256
tlsext_sigalg(TLSEXT_hash_sha256)
tlsext_sigalg(TLSEXT_hash_sha224)
-# endif
-# ifndef OPENSSL_NO_SHA
tlsext_sigalg(TLSEXT_hash_sha1)
-# endif
};
# ifndef OPENSSL_NO_ECDSA
@@ -3318,7 +3312,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
if (memcmp(etick, tctx->tlsext_tick_key_name, 16))
return 2;
HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
- tlsext_tick_md(), NULL);
+ EVP_sha256(), NULL);
EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
tctx->tlsext_tick_aes_key, etick + 16);
}
@@ -3462,25 +3456,11 @@ static const tls12_hash_info tls12_md_info[] = {
# else
{NID_md5, 64, EVP_md5},
# endif
-# ifdef OPENSSL_NO_SHA
- {NID_sha1, 80, 0},
-# else
{NID_sha1, 80, EVP_sha1},
-# endif
-# ifdef OPENSSL_NO_SHA256
- {NID_sha224, 112, 0},
- {NID_sha256, 128, 0},
-# else
{NID_sha224, 112, EVP_sha224},
{NID_sha256, 128, EVP_sha256},
-# endif
-# ifdef OPENSSL_NO_SHA512
- {NID_sha384, 192, 0},
- {NID_sha512, 256, 0}
-# else
{NID_sha384, 192, EVP_sha384},
{NID_sha512, 256, EVP_sha512}
-# endif
};
static const tls12_hash_info *tls12_get_hash_info(unsigned char hash_alg)
diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index 07f6fdd..5424ed5 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -177,7 +177,7 @@ $no_static_engine = 0 if (!$shlib);
$no_mdc2=1 if ($no_des);
-$no_ssl3=1 if ($no_md5 || $no_sha);
+$no_ssl3=1 if ($no_md5);
$no_ssl3=1 if ($no_rsa && $no_dh);
$out_def="out";
@@ -281,8 +281,6 @@ $cflags.=" -DOPENSSL_NO_RC5" if $no_rc5;
$cflags.=" -DOPENSSL_NO_MD2" if $no_md2;
$cflags.=" -DOPENSSL_NO_MD4" if $no_md4;
$cflags.=" -DOPENSSL_NO_MD5" if $no_md5;
-$cflags.=" -DOPENSSL_NO_SHA" if $no_sha;
-$cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1;
$cflags.=" -DOPENSSL_NO_RMD160" if $no_ripemd;
$cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2;
$cflags.=" -DOPENSSL_NO_BF" if $no_bf;
@@ -1123,8 +1121,6 @@ sub var_add
@a=grep(!/_dhp$/, at a) if $no_dh;
- @a=grep(!/(^sha[^1])|(_sha$)|(m_dss$)/, at a) if $no_sha;
- @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/, at a) if $no_sha1;
@a=grep(!/_mdc2$/, at a) if $no_mdc2;
@a=grep(!/(srp)/, at a) if $no_srp;
@@ -1133,11 +1129,8 @@ sub var_add
@a=grep(!/^hw$/, at a) if $no_hw;
@a=grep(!/(^rsa$)|(^genrsa$)/, at a) if $no_rsa;
@a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/, at a) if $no_dsa;
- @a=grep(!/^gendsa$/, at a) if $no_sha1;
@a=grep(!/(^dh$)|(^gendh$)/, at a) if $no_dh;
- @a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/, at a) if $no_sha1;
-
grep($_="$dir/$_", at a);
@a=grep(!/(^|\/)s_/, at a) if $no_sock;
@a=grep(!/(^|\/)bio_sock/, at a) if $no_sock;
@@ -1409,8 +1402,6 @@ sub read_options
"no-md2" => \$no_md2,
"no-md4" => \$no_md4,
"no-md5" => \$no_md5,
- "no-sha" => \$no_sha,
- "no-sha1" => \$no_sha1,
"no-ripemd" => \$no_ripemd,
"no-mdc2" => \$no_mdc2,
"no-whirlpool" => \$no_whirlpool,
@@ -1444,7 +1435,7 @@ sub read_options
"no-hw" => \$no_hw,
"just-ssl" =>
[\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast,
- \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh,
+ \$no_md2, \$no_mdc2, \$no_dsa, \$no_dh,
\$no_err, \$no_ripemd, \$no_rc5,
\$no_aes, \$no_camellia, \$no_seed, \$no_srp],
"rsaref" => 0,
diff --git a/util/mkdef.pl b/util/mkdef.pl
index a6f64e3..1dbd555 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -972,7 +972,6 @@ sub do_defs
$a .= ",RC4" if($s =~ /EVP_rc4/);
$a .= ",RC5" if($s =~ /EVP_rc5/);
$a .= ",RIPEMD" if($s =~ /EVP_ripemd/);
- $a .= ",SHA" if($s =~ /EVP_sha/);
$a .= ",RSA" if($s =~ /EVP_(Open|Seal)(Final|Init)/);
$a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/);
$a .= ",RSA" if($s =~ /RSAPrivateKey/);
More information about the openssl-commits
mailing list