diff options
author | Emilia Kasper <emilia@openssl.org> | 2017-02-28 12:30:28 +0100 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2017-02-28 15:26:25 +0100 |
commit | b53338cbf8822dd774f9e4057307f347d2b63ff0 (patch) | |
tree | 762d5194d048f5ae4d156b769115ca8f3b5b4155 /crypto | |
parent | 223a90cc9a94d1f6abf04ef28dc30b03c3e5e0c1 (diff) |
Clean up references to FIPS
This removes the fips configure option. This option is broken as the
required FIPS code is not available.
FIPS_mode() and FIPS_mode_set() are retained for compatibility, but
FIPS_mode() always returns 0, and FIPS_mode_set() can only be used to
turn FIPS mode off.
Reviewed-by: Stephen Henson <steve@openssl.org>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/aes/asm/aes-mips.pl | 4 | ||||
-rw-r--r-- | crypto/bn/asm/sparcv8plus.S | 4 | ||||
-rw-r--r-- | crypto/des/asm/des_enc.m4 | 4 | ||||
-rw-r--r-- | crypto/err/err_all.c | 9 | ||||
-rw-r--r-- | crypto/evp/evp_cnf.c | 8 | ||||
-rw-r--r-- | crypto/o_fips.c | 12 | ||||
-rw-r--r-- | crypto/o_init.c | 19 | ||||
-rw-r--r-- | crypto/rand/md_rand.c | 4 | ||||
-rw-r--r-- | crypto/rand/rand_lib.c | 5 | ||||
-rw-r--r-- | crypto/sha/asm/sha1-mips.pl | 4 | ||||
-rw-r--r-- | crypto/sha/asm/sha512-mips.pl | 4 | ||||
-rw-r--r-- | crypto/sparccpuid.S | 4 |
12 files changed, 4 insertions, 77 deletions
diff --git a/crypto/aes/asm/aes-mips.pl b/crypto/aes/asm/aes-mips.pl index 0eb1474a3a..ba3e4545df 100644 --- a/crypto/aes/asm/aes-mips.pl +++ b/crypto/aes/asm/aes-mips.pl @@ -105,10 +105,6 @@ $code.=<<___; #include "mips_arch.h" .text -#ifdef OPENSSL_FIPSCANISTER -# include <openssl/fipssyms.h> -#endif - #if !defined(__mips_eabi) && (!defined(__vxworks) || defined(__pic__)) .option pic2 #endif diff --git a/crypto/bn/asm/sparcv8plus.S b/crypto/bn/asm/sparcv8plus.S index 714a136675..f3c611ae31 100644 --- a/crypto/bn/asm/sparcv8plus.S +++ b/crypto/bn/asm/sparcv8plus.S @@ -144,10 +144,6 @@ * } */ -#ifdef OPENSSL_FIPSCANISTER -#include <openssl/fipssyms.h> -#endif - #if defined(__SUNPRO_C) && defined(__sparcv9) /* They've said -xarch=v9 at command line */ .register %g2,#scratch diff --git a/crypto/des/asm/des_enc.m4 b/crypto/des/asm/des_enc.m4 index 2d794d3374..c1f6391f53 100644 --- a/crypto/des/asm/des_enc.m4 +++ b/crypto/des/asm/des_enc.m4 @@ -31,10 +31,6 @@ #include <openssl/opensslconf.h> -#ifdef OPENSSL_FIPSCANISTER -#include <openssl/fipssyms.h> -#endif - #if defined(__SUNPRO_C) && defined(__sparcv9) # define ABI64 /* They've said -xarch=v9 at command line */ #elif defined(__GNUC__) && defined(__arch64__) diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index 3b1304f8e0..6cc8c8f20b 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -31,9 +31,6 @@ #include <openssl/ui.h> #include <openssl/ocsp.h> #include <openssl/err.h> -#ifdef OPENSSL_FIPS -# include <openssl/fips.h> -#endif #include <openssl/ts.h> #include <openssl/cms.h> #include <openssl/ct.h> @@ -43,9 +40,6 @@ int err_load_crypto_strings_int(void) { if ( -#ifdef OPENSSL_FIPS - FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata) == 0 || -#endif #ifndef OPENSSL_NO_ERR ERR_load_ERR_strings() == 0 || /* include error strings for SYSerr */ ERR_load_BN_strings() == 0 || @@ -91,9 +85,6 @@ int err_load_crypto_strings_int(void) #ifndef OPENSSL_NO_UI ERR_load_UI_strings() == 0 || #endif -# ifdef OPENSSL_FIPS - ERR_load_FIPS_strings() == 0 || -# endif # ifndef OPENSSL_NO_CMS ERR_load_CMS_strings() == 0 || # endif diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c index 71d13b8df0..d0d61b28be 100644 --- a/crypto/evp/evp_cnf.c +++ b/crypto/evp/evp_cnf.c @@ -38,16 +38,8 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) return 0; } if (m > 0) { -#ifdef OPENSSL_FIPS - if (!FIPS_mode() && !FIPS_mode_set(1)) { - EVPerr(EVP_F_ALG_MODULE_INIT, - EVP_R_ERROR_SETTING_FIPS_MODE); - return 0; - } -#else EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_FIPS_MODE_NOT_SUPPORTED); return 0; -#endif } } else { EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_UNKNOWN_OPTION); diff --git a/crypto/o_fips.c b/crypto/o_fips.c index bf6db65fed..050ea9c216 100644 --- a/crypto/o_fips.c +++ b/crypto/o_fips.c @@ -8,27 +8,17 @@ */ #include "internal/cryptlib.h" -#ifdef OPENSSL_FIPS -# include <openssl/fips.h> -#endif int FIPS_mode(void) { -#ifdef OPENSSL_FIPS - return FIPS_module_mode(); -#else + /* This version of the library does not support FIPS mode. */ return 0; -#endif } int FIPS_mode_set(int r) { -#ifdef OPENSSL_FIPS - return FIPS_module_mode_set(r); -#else if (r == 0) return 1; CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED); return 0; -#endif } diff --git a/crypto/o_init.c b/crypto/o_init.c index 2e0c126095..5eb7654d32 100644 --- a/crypto/o_init.c +++ b/crypto/o_init.c @@ -9,26 +9,13 @@ #include <e_os.h> #include <openssl/err.h> -#ifdef OPENSSL_FIPS -# include <openssl/fips.h> -# include <openssl/rand.h> -#endif /* - * Perform any essential OpenSSL initialization operations. Currently only - * sets FIPS callbacks + * Perform any essential OpenSSL initialization operations. Currently does + * nothing. */ void OPENSSL_init(void) { - static int done = 0; - if (done) - return; - done = 1; -#ifdef OPENSSL_FIPS - FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock); - FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata); - FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free); - RAND_init_fips(); -#endif + return; } diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index 78da14a8e6..8cbfae170f 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -29,10 +29,6 @@ #include <internal/thread_once.h> -#ifdef OPENSSL_FIPS -# include <openssl/fips.h> -#endif - #if defined(BN_DEBUG) || defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) # define PREDICT #endif diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 238712671b..fc47dc97a2 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -15,11 +15,6 @@ #include <openssl/engine.h> -#ifdef OPENSSL_FIPS -# include <openssl/fips.h> -# include <openssl/fips_rand.h> -#endif - #ifndef OPENSSL_NO_ENGINE /* non-NULL if default_RAND_meth is ENGINE-provided */ static ENGINE *funct_ref = NULL; diff --git a/crypto/sha/asm/sha1-mips.pl b/crypto/sha/asm/sha1-mips.pl index d9911c8503..ab2924070a 100644 --- a/crypto/sha/asm/sha1-mips.pl +++ b/crypto/sha/asm/sha1-mips.pl @@ -342,10 +342,6 @@ $SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0xc0fff008" : "0xc0ff0000"; $code=<<___; #include "mips_arch.h" -#ifdef OPENSSL_FIPSCANISTER -# include <openssl/fipssyms.h> -#endif - .text .set noat diff --git a/crypto/sha/asm/sha512-mips.pl b/crypto/sha/asm/sha512-mips.pl index 5464543db8..e6fd2687f8 100644 --- a/crypto/sha/asm/sha512-mips.pl +++ b/crypto/sha/asm/sha512-mips.pl @@ -304,10 +304,6 @@ $SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0xc0fff008" : "0xc0ff0000"; $code.=<<___; #include "mips_arch.h" -#ifdef OPENSSL_FIPSCANISTER -# include <openssl/fipssyms.h> -#endif - .text .set noat #if !defined(__mips_eabi) && (!defined(__vxworks) || defined(__pic__)) diff --git a/crypto/sparccpuid.S b/crypto/sparccpuid.S index c6ca224738..95acd2f9d4 100644 --- a/crypto/sparccpuid.S +++ b/crypto/sparccpuid.S @@ -5,10 +5,6 @@ ! in the file LICENSE in the source distribution or at ! https://www.openssl.org/source/license.html -#ifdef OPENSSL_FIPSCANISTER -#include <openssl/fipssyms.h> -#endif - #if defined(__SUNPRO_C) && defined(__sparcv9) # define ABI64 /* They've said -xarch=v9 at command line */ #elif defined(__GNUC__) && defined(__arch64__) |