Commit 474e469b authored Jan 27, 2015 by Rich Salz

OPENSSL_NO_xxx cleanup: SHA



Remove support for SHA0 and DSS0 (they were broken), and remove
the ability to attempt to build without SHA (it didn't work).
For simplicity, remove the option of not building various SHA algorithms;
you could argue that SHA_224/256/384/512 should be kept, since they're
like crypto algorithms, but I decided to go the other way.
So these options are gone:
	GENUINE_DSA         OPENSSL_NO_SHA0
	OPENSSL_NO_SHA      OPENSSL_NO_SHA1
	OPENSSL_NO_SHA224   OPENSSL_NO_SHA256
	OPENSSL_NO_SHA384   OPENSSL_NO_SHA512

Reviewed-by: Richard Levitte <levitte@openssl.org>

parent c73ad690

apps/pkcs12.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -58,7 +58,7 @@
		*/

		#include <openssl/opensslconf.h>
		#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
		#if !defined(OPENSSL_NO_DES)

		# include <stdio.h>
		# include <stdlib.h>

apps/progs.h

+1 −13

Original line number	Diff line number	Diff line
		@@ -128,7 +128,7 @@ FUNCTION functions[] = {
		{FUNC_TYPE_GENERAL, "ciphers", ciphers_main},
		#endif
		{FUNC_TYPE_GENERAL, "nseq", nseq_main},
		#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
		#if !defined(OPENSSL_NO_DES)
		{FUNC_TYPE_GENERAL, "pkcs12", pkcs12_main},
		#endif
		{FUNC_TYPE_GENERAL, "pkcs8", pkcs8_main},
		@@ -158,30 +158,18 @@ FUNCTION functions[] = {
		#ifndef OPENSSL_NO_MD5
		{FUNC_TYPE_MD, "md5", dgst_main},
		#endif
		#ifndef OPENSSL_NO_SHA
		{FUNC_TYPE_MD, "sha", dgst_main},
		#endif
		#ifndef OPENSSL_NO_SHA1
		{FUNC_TYPE_MD, "sha1", dgst_main},
		#endif
		#ifndef OPENSSL_NO_MDC2
		{FUNC_TYPE_MD, "mdc2", dgst_main},
		#endif
		#ifndef OPENSSL_NO_RMD160
		{FUNC_TYPE_MD, "rmd160", dgst_main},
		#endif
		#ifndef OPENSSL_NO_SHA224
		{FUNC_TYPE_MD, "sha224", dgst_main},
		#endif
		#ifndef OPENSSL_NO_SHA256
		{FUNC_TYPE_MD, "sha256", dgst_main},
		#endif
		#ifndef OPENSSL_NO_SHA384
		{FUNC_TYPE_MD, "sha384", dgst_main},
		#endif
		#ifndef OPENSSL_NO_SHA512
		{FUNC_TYPE_MD, "sha512", dgst_main},
		#endif
		#ifndef OPENSSL_NO_AES
		{FUNC_TYPE_CIPHER, "aes-128-cbc", enc_main},
		#endif

apps/progs.pl

+18 −16

Original line number	Diff line number	Diff line
		@@ -30,7 +30,7 @@ EOF
		foreach (@ARGV)
		{
		push(@files,$_);
		$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
		$str=" {FUNC_TYPE_GENERAL, \"$_\", ${_}_main},\n";
		if (($_ =~ /^s_/) \|\| ($_ =~ /^ciphers$/))
		{ print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; }
		elsif ( ($_ =~ /^engine$/))
		@@ -44,7 +44,7 @@ foreach (@ARGV)
		elsif ( ($_ =~ /^dh$/) \|\| ($_ =~ /^gendh$/) \|\| ($_ =~ /^dhparam$/))
		{ print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }
		elsif ( ($_ =~ /^pkcs12$/))
		{ print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; }
		{ print "#if !defined(OPENSSL_NO_DES)\n${str}#endif\n"; }
		elsif ( ($_ =~ /^cms$/))
		{ print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; }
		elsif ( ($_ =~ /^ocsp$/))
		@@ -58,7 +58,9 @@ foreach (@ARGV)
		foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160","sha224","sha256","sha384","sha512")
		{
		push(@files,$_);
		printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n";
		printf "#ifndef OPENSSL_NO_".uc($_)."\n" if ! /sha/;
		printf " {FUNC_TYPE_MD, \"".$_."\", dgst_main},\n";
		printf "#endif\n" if ! /sha/;
		}

		foreach (
		@@ -84,7 +86,7 @@ foreach (
		{
		push(@files,$_);

		$t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
		$t=sprintf(" {FUNC_TYPE_CIPHER, \"%s\", enc_main},\n", $_);
		if ($_ =~ /des/) { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; }
		elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; }
		elsif ($_ =~ /camellia/) { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; }
		@@ -99,4 +101,4 @@ foreach (
		print $t;
		}

		print "\t{0,NULL,NULL}\n\t};\n";
		print " {0, NULL, NULL}\n};\n";

apps/speed.c

+3 −47

Original line number	Diff line number	Diff line
		@@ -137,9 +137,7 @@
		# include <openssl/hmac.h>
		#endif
		#include <openssl/evp.h>
		#ifndef OPENSSL_NO_SHA
		# include <openssl/sha.h>
		#endif
		#ifndef OPENSSL_NO_RMD160
		# include <openssl/ripemd.h>
		#endif
		@@ -339,15 +337,10 @@ static const int KDF1_SHA1_len = 20;
		static void KDF1_SHA1(const void in, size_t inlen, void *out,
		size_t *outlen)
		{
		# ifndef OPENSSL_NO_SHA
		if (*outlen < SHA_DIGEST_LENGTH)
		return NULL;
		else
		*outlen = SHA_DIGEST_LENGTH;
		return SHA1(in, inlen, out);
		# else
		return NULL;
		# endif /* OPENSSL_NO_SHA */
		}
		#endif /* OPENSSL_NO_ECDH */

		@@ -382,15 +375,9 @@ int MAIN(int argc, char **argv)
		unsigned char md5[MD5_DIGEST_LENGTH];
		unsigned char hmac[MD5_DIGEST_LENGTH];
		#endif
		#ifndef OPENSSL_NO_SHA
		unsigned char sha[SHA_DIGEST_LENGTH];
		# ifndef OPENSSL_NO_SHA256
		unsigned char sha256[SHA256_DIGEST_LENGTH];
		# endif
		# ifndef OPENSSL_NO_SHA512
		unsigned char sha512[SHA512_DIGEST_LENGTH];
		# endif
		#endif
		#ifndef OPENSSL_NO_WHIRLPOOL
		unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH];
		#endif
		@@ -827,23 +814,15 @@ int MAIN(int argc, char **argv)
		doit[D_HMAC] = 1;
		else
		#endif
		#ifndef OPENSSL_NO_SHA
		if (strcmp(*argv, "sha1") == 0)
		doit[D_SHA1] = 1;
		else if (strcmp(*argv, "sha") == 0)
		doit[D_SHA1] = 1, doit[D_SHA256] = 1, doit[D_SHA512] = 1;
		else
		# ifndef OPENSSL_NO_SHA256
		if (strcmp(*argv, "sha256") == 0)
		else if (strcmp(*argv, "sha256") == 0)
		doit[D_SHA256] = 1;
		else
		# endif
		# ifndef OPENSSL_NO_SHA512
		if (strcmp(*argv, "sha512") == 0)
		else if (strcmp(*argv, "sha512") == 0)
		doit[D_SHA512] = 1;
		else
		# endif
		#endif
		#ifndef OPENSSL_NO_WHIRLPOOL
		if (strcmp(*argv, "whirlpool") == 0)
		doit[D_WHIRLPOOL] = 1;
		@@ -1110,27 +1089,16 @@ int MAIN(int argc, char **argv)
		BIO_printf(bio_err, "hmac ");
		# endif
		#endif
		#ifndef OPENSSL_NO_SHA1
		BIO_printf(bio_err, "sha1 ");
		#endif
		#ifndef OPENSSL_NO_SHA256
		BIO_printf(bio_err, "sha256 ");
		#endif
		#ifndef OPENSSL_NO_SHA512
		BIO_printf(bio_err, "sha512 ");
		#endif
		#ifndef OPENSSL_NO_WHIRLPOOL
		BIO_printf(bio_err, "whirlpool");
		#endif
		#ifndef OPENSSL_NO_RMD160
		BIO_printf(bio_err, "rmd160");
		#endif
		#if !defined(OPENSSL_NO_MD2) \|\| !defined(OPENSSL_NO_MDC2) \|\| \
		!defined(OPENSSL_NO_MD4) \|\| !defined(OPENSSL_NO_MD5) \|\| \
		!defined(OPENSSL_NO_SHA1) \|\| !defined(OPENSSL_NO_RMD160) \|\| \
		!defined(OPENSSL_NO_WHIRLPOOL)
		BIO_printf(bio_err, "\n");
		#endif

		#ifndef OPENSSL_NO_IDEA
		BIO_printf(bio_err, "idea-cbc ");
		@@ -1660,23 +1628,16 @@ int MAIN(int argc, char **argv)
		HMAC_CTX_cleanup(&hctx);
		}
		#endif
		#ifndef OPENSSL_NO_SHA
		if (doit[D_SHA1]) {
		for (j = 0; j < SIZE_NUM; j++) {
		print_message(names[D_SHA1], c[D_SHA1][j], lengths[j]);
		Time_F(START);
		for (count = 0, run = 1; COND(c[D_SHA1][j]); count++)
		# if 0
		EVP_Digest(buf, (unsigned long)lengths[j], &(sha[0]), NULL,
		EVP_sha1(), NULL);
		# else
		SHA1(buf, lengths[j], sha);
		# endif
		d = Time_F(STOP);
		print_result(D_SHA1, j, count, d);
		}
		}
		# ifndef OPENSSL_NO_SHA256
		if (doit[D_SHA256]) {
		for (j = 0; j < SIZE_NUM; j++) {
		print_message(names[D_SHA256], c[D_SHA256][j], lengths[j]);
		@@ -1687,9 +1648,6 @@ int MAIN(int argc, char **argv)
		print_result(D_SHA256, j, count, d);
		}
		}
		# endif

		# ifndef OPENSSL_NO_SHA512
		if (doit[D_SHA512]) {
		for (j = 0; j < SIZE_NUM; j++) {
		print_message(names[D_SHA512], c[D_SHA512][j], lengths[j]);
		@@ -1700,8 +1658,6 @@ int MAIN(int argc, char **argv)
		print_result(D_SHA512, j, count, d);
		}
		}
		# endif
		#endif

		#ifndef OPENSSL_NO_WHIRLPOOL
		if (doit[D_WHIRLPOOL]) {

crypto/asn1/x_crl.c

+0 −2

Original line number	Diff line number	Diff line
		@@ -220,9 +220,7 @@ static int crl_cb(int operation, ASN1_VALUE *pval, const ASN1_ITEM it,
		break;

		case ASN1_OP_D2I_POST:
		#ifndef OPENSSL_NO_SHA
		X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL);
		#endif
		crl->idp = X509_CRL_get_ext_d2i(crl,
		NID_issuing_distribution_point, NULL,
		NULL);