OPENSSL_NO_xxx cleanup: SHA

Remove support for SHA0 and DSS0 (they were broken), and remove
the ability to attempt to build without SHA (it didn't work).
For simplicity, remove the option of not building various SHA algorithms;
you could argue that SHA_224/256/384/512 should be kept, since they're
like crypto algorithms, but I decided to go the other way.
So these options are gone:
	GENUINE_DSA         OPENSSL_NO_SHA0
	OPENSSL_NO_SHA      OPENSSL_NO_SHA1
	OPENSSL_NO_SHA224   OPENSSL_NO_SHA256
	OPENSSL_NO_SHA384   OPENSSL_NO_SHA512

Reviewed-by: Richard Levitte <[email protected]>

apps/pkcs12.c

@@ -58,7 +58,7 @@
  */
 
 #include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
+#if !defined(OPENSSL_NO_DES)
 
 # include <stdio.h>
 # include <stdlib.h>

apps/progs.h

@@ -128,7 +128,7 @@ FUNCTION functions[] = {
     {FUNC_TYPE_GENERAL, "ciphers", ciphers_main},
 #endif
     {FUNC_TYPE_GENERAL, "nseq", nseq_main},
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
+#if !defined(OPENSSL_NO_DES)
     {FUNC_TYPE_GENERAL, "pkcs12", pkcs12_main},
 #endif
     {FUNC_TYPE_GENERAL, "pkcs8", pkcs8_main},
@@ -158,30 +158,18 @@ FUNCTION functions[] = {
 #ifndef OPENSSL_NO_MD5
     {FUNC_TYPE_MD, "md5", dgst_main},
 #endif
-#ifndef OPENSSL_NO_SHA
     {FUNC_TYPE_MD, "sha", dgst_main},
-#endif
-#ifndef OPENSSL_NO_SHA1
     {FUNC_TYPE_MD, "sha1", dgst_main},
-#endif
 #ifndef OPENSSL_NO_MDC2
     {FUNC_TYPE_MD, "mdc2", dgst_main},
 #endif
 #ifndef OPENSSL_NO_RMD160
     {FUNC_TYPE_MD, "rmd160", dgst_main},
 #endif
-#ifndef OPENSSL_NO_SHA224
     {FUNC_TYPE_MD, "sha224", dgst_main},
-#endif
-#ifndef OPENSSL_NO_SHA256
     {FUNC_TYPE_MD, "sha256", dgst_main},
-#endif
-#ifndef OPENSSL_NO_SHA384
     {FUNC_TYPE_MD, "sha384", dgst_main},
-#endif
-#ifndef OPENSSL_NO_SHA512
     {FUNC_TYPE_MD, "sha512", dgst_main},
-#endif
 #ifndef OPENSSL_NO_AES
     {FUNC_TYPE_CIPHER, "aes-128-cbc", enc_main},
 #endif

apps/progs.pl

@@ -6,22 +6,22 @@
 grep(s/^asn1pars$/asn1parse/,@ARGV);
 
 foreach (@ARGV)
-	{ printf "extern int %s_main(int argc,char *argv[]);\n",$_; }
+	{ printf "extern int %s_main(int argc, char *argv[]);\n",$_; }
 
 print <<'EOF';
 
-#define FUNC_TYPE_GENERAL	1
-#define FUNC_TYPE_MD		2
-#define FUNC_TYPE_CIPHER	3
-#define FUNC_TYPE_PKEY		4
-#define FUNC_TYPE_MD_ALG	5
-#define FUNC_TYPE_CIPHER_ALG	6
+#define FUNC_TYPE_GENERAL       1
+#define FUNC_TYPE_MD            2
+#define FUNC_TYPE_CIPHER        3
+#define FUNC_TYPE_PKEY          4
+#define FUNC_TYPE_MD_ALG        5
+#define FUNC_TYPE_CIPHER_ALG    6
 
 typedef struct {
-	int type;
-	const char *name;
-	int (*func)(int argc,char *argv[]);
-	} FUNCTION;
+    int type;
+    const char *name;
+    int (*func) (int argc, char *argv[]);
+} FUNCTION;
 DECLARE_LHASH_OF(FUNCTION);
 
 FUNCTION functions[] = {
@@ -30,7 +30,7 @@
 foreach (@ARGV)
 	{
 	push(@files,$_);
-	$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
+	$str="    {FUNC_TYPE_GENERAL, \"$_\", ${_}_main},\n";
 	if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
 		{ print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; } 
 	elsif ( ($_ =~ /^engine$/))
@@ -44,7 +44,7 @@
 	elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/))
 		{ print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }
 	elsif ( ($_ =~ /^pkcs12$/))
-		{ print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; }
+		{ print "#if !defined(OPENSSL_NO_DES)\n${str}#endif\n"; }
 	elsif ( ($_ =~ /^cms$/))
 		{ print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; }
 	elsif ( ($_ =~ /^ocsp$/))
@@ -58,7 +58,9 @@
 foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160","sha224","sha256","sha384","sha512")
 	{
 	push(@files,$_);
-	printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n";
+        printf "#ifndef OPENSSL_NO_".uc($_)."\n" if ! /sha/;
+        printf "    {FUNC_TYPE_MD, \"".$_."\", dgst_main},\n";
+        printf "#endif\n" if ! /sha/;
 	}
 
 foreach (
@@ -84,7 +86,7 @@
 	{
 	push(@files,$_);
 
-	$t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
+	$t=sprintf("    {FUNC_TYPE_CIPHER, \"%s\", enc_main},\n", $_);
 	if    ($_ =~ /des/)  { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; }
 	elsif ($_ =~ /aes/)  { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; }
 	elsif ($_ =~ /camellia/)  { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; }
@@ -99,4 +101,4 @@
 	print $t;
 	}
 
-print "\t{0,NULL,NULL}\n\t};\n";
+print "    {0, NULL, NULL}\n};\n";

apps/speed.c

@@ -137,9 +137,7 @@
 # include <openssl/hmac.h>
 #endif
 #include <openssl/evp.h>
-#ifndef OPENSSL_NO_SHA
 # include <openssl/sha.h>
-#endif
 #ifndef OPENSSL_NO_RMD160
 # include <openssl/ripemd.h>
 #endif
@@ -339,15 +337,10 @@ static const int KDF1_SHA1_len = 20;
 static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
                        size_t *outlen)
 {
-# ifndef OPENSSL_NO_SHA
     if (*outlen < SHA_DIGEST_LENGTH)
         return NULL;
-    else
-        *outlen = SHA_DIGEST_LENGTH;
+    *outlen = SHA_DIGEST_LENGTH;
     return SHA1(in, inlen, out);
-# else
-    return NULL;
-# endif                        /* OPENSSL_NO_SHA */
 }
 #endif                         /* OPENSSL_NO_ECDH */
 
@@ -382,15 +375,9 @@ int MAIN(int argc, char **argv)
     unsigned char md5[MD5_DIGEST_LENGTH];
     unsigned char hmac[MD5_DIGEST_LENGTH];
 #endif
-#ifndef OPENSSL_NO_SHA
     unsigned char sha[SHA_DIGEST_LENGTH];
-# ifndef OPENSSL_NO_SHA256
     unsigned char sha256[SHA256_DIGEST_LENGTH];
-# endif
-# ifndef OPENSSL_NO_SHA512
     unsigned char sha512[SHA512_DIGEST_LENGTH];
-# endif
-#endif
 #ifndef OPENSSL_NO_WHIRLPOOL
     unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH];
 #endif
@@ -827,23 +814,15 @@ int MAIN(int argc, char **argv)
             doit[D_HMAC] = 1;
         else
 #endif
-#ifndef OPENSSL_NO_SHA
         if (strcmp(*argv, "sha1") == 0)
             doit[D_SHA1] = 1;
         else if (strcmp(*argv, "sha") == 0)
             doit[D_SHA1] = 1, doit[D_SHA256] = 1, doit[D_SHA512] = 1;
-        else
-# ifndef OPENSSL_NO_SHA256
-        if (strcmp(*argv, "sha256") == 0)
+        else if (strcmp(*argv, "sha256") == 0)
             doit[D_SHA256] = 1;
-        else
-# endif
-# ifndef OPENSSL_NO_SHA512
-        if (strcmp(*argv, "sha512") == 0)
+        else if (strcmp(*argv, "sha512") == 0)
             doit[D_SHA512] = 1;
         else
-# endif
-#endif
 #ifndef OPENSSL_NO_WHIRLPOOL
         if (strcmp(*argv, "whirlpool") == 0)
             doit[D_WHIRLPOOL] = 1;
@@ -1110,27 +1089,16 @@ int MAIN(int argc, char **argv)
             BIO_printf(bio_err, "hmac     ");
 # endif
 #endif
-#ifndef OPENSSL_NO_SHA1
             BIO_printf(bio_err, "sha1     ");
-#endif
-#ifndef OPENSSL_NO_SHA256
             BIO_printf(bio_err, "sha256   ");
-#endif
-#ifndef OPENSSL_NO_SHA512
             BIO_printf(bio_err, "sha512   ");
-#endif
 #ifndef OPENSSL_NO_WHIRLPOOL
             BIO_printf(bio_err, "whirlpool");
 #endif
 #ifndef OPENSSL_NO_RMD160
             BIO_printf(bio_err, "rmd160");
 #endif
-#if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \
-    !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
-    !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RMD160) || \
-    !defined(OPENSSL_NO_WHIRLPOOL)
             BIO_printf(bio_err, "\n");
-#endif
 
 #ifndef OPENSSL_NO_IDEA
             BIO_printf(bio_err, "idea-cbc ");
@@ -1660,23 +1628,16 @@ int MAIN(int argc, char **argv)
         HMAC_CTX_cleanup(&hctx);
     }
 #endif
-#ifndef OPENSSL_NO_SHA
     if (doit[D_SHA1]) {
         for (j = 0; j < SIZE_NUM; j++) {
             print_message(names[D_SHA1], c[D_SHA1][j], lengths[j]);
             Time_F(START);
             for (count = 0, run = 1; COND(c[D_SHA1][j]); count++)
-# if 0
-                EVP_Digest(buf, (unsigned long)lengths[j], &(sha[0]), NULL,
-                           EVP_sha1(), NULL);
-# else
                 SHA1(buf, lengths[j], sha);
-# endif
             d = Time_F(STOP);
             print_result(D_SHA1, j, count, d);
         }
     }
-# ifndef OPENSSL_NO_SHA256
     if (doit[D_SHA256]) {
         for (j = 0; j < SIZE_NUM; j++) {
             print_message(names[D_SHA256], c[D_SHA256][j], lengths[j]);
@@ -1687,9 +1648,6 @@ int MAIN(int argc, char **argv)
             print_result(D_SHA256, j, count, d);
         }
     }
-# endif
-
-# ifndef OPENSSL_NO_SHA512
     if (doit[D_SHA512]) {
         for (j = 0; j < SIZE_NUM; j++) {
             print_message(names[D_SHA512], c[D_SHA512][j], lengths[j]);
@@ -1700,8 +1658,6 @@ int MAIN(int argc, char **argv)
             print_result(D_SHA512, j, count, d);
         }
     }
-# endif
-#endif
 
 #ifndef OPENSSL_NO_WHIRLPOOL
     if (doit[D_WHIRLPOOL]) {

crypto/asn1/x_crl.c

@@ -220,9 +220,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         break;
 
     case ASN1_OP_D2I_POST:
-#ifndef OPENSSL_NO_SHA
         X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL);
-#endif
         crl->idp = X509_CRL_get_ext_d2i(crl,
                                         NID_issuing_distribution_point, NULL,
                                         NULL);

crypto/bn/bn_rand.c

@@ -289,7 +289,6 @@ int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
     return bn_rand_range(1, r, range);
 }
 
-#ifndef OPENSSL_NO_SHA512
 /*
  * BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike
  * BN_rand_range, it also includes the contents of |priv| and |message| in
@@ -362,4 +361,3 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
         OPENSSL_free(k_bytes);
     return ret;
 }
-#endif                          /* OPENSSL_NO_SHA512 */

crypto/dsa/dsa_depr.c

@@ -58,37 +58,25 @@
  * version(s).
  */
 
-#undef GENUINE_DSA
-
-#ifdef GENUINE_DSA
-/*
- * Parameter generation follows the original release of FIPS PUB 186,
- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180)
- */
-# define HASH    EVP_sha()
-#else
 /*
  * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
  * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB
  * 180-1)
  */
-# define HASH    EVP_sha1()
-#endif
+#define xxxHASH    EVP_sha1()
 
 static void *dummy = &dummy;
 
-#ifndef OPENSSL_NO_SHA
-
-# include <stdio.h>
-# include <time.h>
-# include "cryptlib.h"
-# include <openssl/evp.h>
-# include <openssl/bn.h>
-# include <openssl/dsa.h>
-# include <openssl/rand.h>
-# include <openssl/sha.h>
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
 
-# ifndef OPENSSL_NO_DEPRECATED
+#ifndef OPENSSL_NO_DEPRECATED
 DSA *DSA_generate_parameters(int bits,
                              unsigned char *seed_in, int seed_len,
                              int *counter_ret, unsigned long *h_ret,
@@ -117,5 +105,4 @@ DSA *DSA_generate_parameters(int bits,
     DSA_free(ret);
     return NULL;
 }
-# endif
 #endif

crypto/dsa/dsa_gen.c

@@ -56,35 +56,23 @@
  * [including the GNU Public Licence.]
  */
 
-#undef GENUINE_DSA
-
-#ifdef GENUINE_DSA
-/*
- * Parameter generation follows the original release of FIPS PUB 186,
- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180)
- */
-# define HASH    EVP_sha()
-#else
 /*
  * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
  * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB
  * 180-1)
  */
-# define HASH    EVP_sha1()
-#endif
+#define xxxHASH    EVP_sha1()
 
 #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */
 
-#ifndef OPENSSL_NO_SHA
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
 
-# include <stdio.h>
-# include "cryptlib.h"
-# include <openssl/evp.h>
-# include <openssl/bn.h>
-# include <openssl/rand.h>
-# include <openssl/sha.h>
-
-# include "dsa_locl.h"
+#include "dsa_locl.h"
 
 int DSA_generate_parameters_ex(DSA *ret, int bits,
                                const unsigned char *seed_in, int seed_len,
@@ -714,5 +702,3 @@ int dsa_paramgen_check_g(DSA *dsa)
     return rv;
 
 }
-
-#endif