diff options
author | Emilia Kasper <emilia@openssl.org> | 2017-02-28 12:30:28 +0100 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2017-02-28 15:26:25 +0100 |
commit | b53338cbf8822dd774f9e4057307f347d2b63ff0 (patch) | |
tree | 762d5194d048f5ae4d156b769115ca8f3b5b4155 /Configure | |
parent | 223a90cc9a94d1f6abf04ef28dc30b03c3e5e0c1 (diff) |
Clean up references to FIPS
This removes the fips configure option. This option is broken as the
required FIPS code is not available.
FIPS_mode() and FIPS_mode_set() are retained for compatibility, but
FIPS_mode() always returns 0, and FIPS_mode_set() can only be used to
turn FIPS mode off.
Reviewed-by: Stephen Henson <steve@openssl.org>
Diffstat (limited to 'Configure')
-rwxr-xr-x | Configure | 37 |
1 files changed, 3 insertions, 34 deletions
@@ -302,12 +302,9 @@ $config{openssldir}=""; $config{processor}=""; $config{libdir}=""; $config{cross_compile_prefix}=""; -$config{fipslibdir}="/usr/local/ssl/fips-2.0/lib/"; -my $nofipscanistercheck=0; $config{baseaddr}="0xFB00000"; my $auto_threads=1; # enable threads automatically? true by default my $default_ranlib; -$config{fips}=0; # Top level directories to build $config{dirs} = [ "crypto", "ssl", "engines", "apps", "test", "util", "tools", "fuzz" ]; @@ -685,7 +682,7 @@ while (@argvcopy) { $config{processor}=386; } elsif (/^fips$/) { - $config{fips}=1; + die "FIPS mode not supported\n"; } elsif (/^rsaref$/) { @@ -695,8 +692,7 @@ while (@argvcopy) } elsif (/^nofipscanistercheck$/) { - $config{fips} = 1; - $nofipscanistercheck = 1; + die "FIPS mode not supported\n"; } elsif (/^[-+]/) { @@ -734,10 +730,6 @@ while (@argvcopy) { $withargs{fuzzer_include}=$1; } - elsif (/^--with-fipslibdir=(.*)$/) - { - $config{fipslibdir}="$1/"; - } elsif (/^--with-baseaddr=(.*)$/) { $config{baseaddr}="$1"; @@ -821,15 +813,6 @@ if ($libs =~ /(^|\s)-Wl,-rpath,/ "***** any of asan, msan or ubsan\n"; } -if ($config{fips}) - { - delete $disabled{"shared"} if ($disabled{"shared"} =~ /^default/); - } -else - { - @{$config{dirs}} = grep !/^fips$/, @{$config{dirs}}; - } - my @tocheckfor = (keys %disabled); while (@tocheckfor) { my %new_tocheckfor = (); @@ -1058,15 +1041,6 @@ if (!$disabled{dso} && $target{dso_scheme} ne "") $config{ex_libs}="$libs$config{ex_libs}" if ($libs ne ""); -if ($disabled{asm}) - { - if ($config{fips}) - { - @{$config{defines}} = grep !/^[BL]_ENDIAN$/, @{$config{defines}}; - @{$target{defines}} = grep !/^[BL]_ENDIAN$/, @{$target{defines}}; - } - } - # If threads aren't disabled, check how possible they are unless ($disabled{threads}) { if ($auto_threads) { @@ -1107,8 +1081,7 @@ if (defined($disabled{"deprecated"})) { if ($target{shared_target} eq "") { $no_shared_warn = 1 - if ((!$disabled{shared} || !$disabled{"dynamic-engine"}) - && !$config{fips}); + if (!$disabled{shared} || !$disabled{"dynamic-engine"}); $disabled{shared} = "no-shared-target"; $disabled{pic} = $disabled{shared} = $disabled{"dynamic-engine"} = "no-shared-target"; @@ -1172,10 +1145,6 @@ unless ($disabled{asm}) { push @{$config{defines}}, "OPENSSL_BN_ASM_MONT5" if ($target{bn_asm_src} =~ /-mont5/); push @{$config{defines}}, "OPENSSL_BN_ASM_GF2m" if ($target{bn_asm_src} =~ /-gf2m/); - if ($config{fips}) { - push @{$config{openssl_other_defines}}, "OPENSSL_FIPS"; - } - if ($target{sha1_asm_src}) { push @{$config{defines}}, "SHA1_ASM" if ($target{sha1_asm_src} =~ /sx86/ || $target{sha1_asm_src} =~ /sha1/); push @{$config{defines}}, "SHA256_ASM" if ($target{sha1_asm_src} =~ /sha256/); |