Rename FIPS_MODE to FIPS_MODULE
This macro is used to determine if certain pieces of code should
become part of the FIPS module or not. The old name was confusing.
Fixes #11538
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11539)
diff --git a/test/aesgcmtest.c b/test/aesgcmtest.c
index 4a255d5..3bb3a54 100644
--- a/test/aesgcmtest.c
+++ b/test/aesgcmtest.c
@@ -116,7 +116,7 @@
return ret;
}
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
static int ivgen_test(void)
{
unsigned char iv_gen[16];
@@ -127,14 +127,14 @@
return do_encrypt(iv_gen, ct, &ctlen, tag, &taglen)
&& do_decrypt(iv_gen, ct, ctlen, tag, taglen);
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
int setup_tests(void)
{
ADD_TEST(kat_test);
ADD_TEST(badkeylen_test);
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
ADD_TEST(ivgen_test);
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
return 1;
}
diff --git a/test/drbg_cavs_test.c b/test/drbg_cavs_test.c
index 2c0829d..d82cc81 100644
--- a/test/drbg_cavs_test.c
+++ b/test/drbg_cavs_test.c
@@ -254,7 +254,7 @@
const struct drbg_kat *td = test[i];
int rv = 0;
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
/* FIPS mode doesn't support instantiating without a derivation function */
if ((td->flags & USE_DF) == 0)
return TEST_skip("instantiating without derivation function "
diff --git a/test/drbgtest.c b/test/drbgtest.c
index 3354fe1..4eb8f7a 100644
--- a/test/drbgtest.c
+++ b/test/drbgtest.c
@@ -111,7 +111,7 @@
make_drbg_test_data(nid, 0, pr, p)
static DRBG_SELFTEST_DATA drbg_test[] = {
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* FIPS mode doesn't support CTR DRBG without a derivation function */
make_drbg_test_data_no_df (NID_aes_128_ctr, aes_128_no_df, 0),
make_drbg_test_data_no_df (NID_aes_192_ctr, aes_192_no_df, 0),
@@ -850,7 +850,7 @@
/* fill 'randomness' buffer with some arbitrary data */
memset(rand_add_buf, 'r', sizeof(rand_add_buf));
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/*
* Test whether all three DRBGs are reseeded by RAND_add().
* The before_reseed time has to be measured here and passed into the
@@ -876,7 +876,7 @@
if (!TEST_true(test_drbg_reseed(0, master, public, private, 0, 0, 0, 0)))
goto error;
reset_drbg_hook_ctx();
-#else /* FIPS_MODE */
+#else /* FIPS_MODULE */
/*
* In FIPS mode, random data provided by the application via RAND_add()
* is not considered a trusted entropy source. It is only treated as
@@ -1251,7 +1251,7 @@
&& TEST_int_eq(public->flags, RAND_DRBG_FLAG_PUBLIC)
/* FIPS mode doesn't support CTR DRBG without a derivation function */
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
/* Change DRBG defaults and change master and check again */
&& TEST_true(RAND_DRBG_set_defaults(NID_aes_256_ctr,
RAND_DRBG_FLAG_CTR_NO_DF))
@@ -1347,7 +1347,7 @@
crngt_case = n % crngt_num_cases;
crngt_idx = 0;
crngt_get_entropy = &crngt_entropy_cb;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
if (!TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_crngt_get_entropy,
&rand_crngt_cleanup_entropy,
&rand_drbg_get_nonce,
diff --git a/test/ecdsatest.c b/test/ecdsatest.c
index cbe5e62..f7d6608 100644
--- a/test/ecdsatest.c
+++ b/test/ecdsatest.c
@@ -123,10 +123,10 @@
TEST_info("ECDSA KATs for curve %s", OBJ_nid2sn(nid));
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
if (EC_curve_nid2nist(nid) == NULL)
return TEST_skip("skip non approved curves");
-#endif /* FIPS_MODE */
+#endif /* FIPS_MODULE */
if (!TEST_ptr(mctx = EVP_MD_CTX_new())
/* get the message digest */
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 115a133..b7e23a1 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -765,7 +765,7 @@
}
#endif
-#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
static int test_EVP_SM2_verify(void)
{
@@ -1590,7 +1590,7 @@
#ifndef OPENSSL_NO_EC
ADD_TEST(test_EVP_PKCS82PKEY);
#endif
-#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
ADD_TEST(test_EVP_SM2);
ADD_TEST(test_EVP_SM2_verify);
#endif
