remove FIPS module code from crypto/evp

Reviewed-by: Tim Hudson <tjh@openssl.org>

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 2222188849de68d0cf2049a139bfb71b30d0e069..0f4481e8e6124db5a586fafa7dff1d8a296017f9 100644 (file)
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -1285,9 +1285,9 @@ static int aes_ctr_cipher (EVP_CIPHER_CTX *ctx, unsigned char *out,
        return 1;
 }
 
-BLOCK_CIPHER_generic_pack(NID_aes,128,EVP_CIPH_FLAG_FIPS)
-BLOCK_CIPHER_generic_pack(NID_aes,192,EVP_CIPH_FLAG_FIPS)
-BLOCK_CIPHER_generic_pack(NID_aes,256,EVP_CIPH_FLAG_FIPS)
+BLOCK_CIPHER_generic_pack(NID_aes,128,0)
+BLOCK_CIPHER_generic_pack(NID_aes,192,0)
+BLOCK_CIPHER_generic_pack(NID_aes,256,0)
 
 static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
        {
@@ -1330,11 +1330,6 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
        case EVP_CTRL_GCM_SET_IVLEN:
                if (arg <= 0)
                        return 0;
-#ifdef OPENSSL_FIPS
-               if (FIPS_module_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)
-                                                && arg < 12)
-                       return 0;
-#endif
                /* Allocate memory for IV if needed */
                if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen))
                        {
@@ -1838,11 +1833,11 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                | EVP_CIPH_CUSTOM_COPY)
 
 BLOCK_CIPHER_custom(NID_aes,128,1,12,gcm,GCM,
-               EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS)
+               EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS)
 BLOCK_CIPHER_custom(NID_aes,192,1,12,gcm,GCM,
-               EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS)
+               EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS)
 BLOCK_CIPHER_custom(NID_aes,256,1,12,gcm,GCM,
-               EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS)
+               EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS)
 
 static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
        {
@@ -1976,15 +1971,6 @@ static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                return 0;
        if (!out || !in || len<AES_BLOCK_SIZE)
                return 0;
-#ifdef OPENSSL_FIPS
-       /* Requirement of SP800-38E */
-       if (FIPS_module_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) &&
-                       (len > (1UL<<20)*16))
-               {
-               EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE);
-               return 0;
-               }
-#endif
        if (xctx->stream)
                (*xctx->stream)(in, out, len,
                                xctx->xts.key1, xctx->xts.key2, ctx->iv);
@@ -2000,8 +1986,8 @@ static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                         | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
                         | EVP_CIPH_CUSTOM_COPY)
 
-BLOCK_CIPHER_custom(NID_aes,128,1,16,xts,XTS,EVP_CIPH_FLAG_FIPS|XTS_FLAGS)
-BLOCK_CIPHER_custom(NID_aes,256,1,16,xts,XTS,EVP_CIPH_FLAG_FIPS|XTS_FLAGS)
+BLOCK_CIPHER_custom(NID_aes,128,1,16,xts,XTS,XTS_FLAGS)
+BLOCK_CIPHER_custom(NID_aes,256,1,16,xts,XTS,XTS_FLAGS)
 
 static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
        {
@@ -2183,9 +2169,9 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
 #define aes_ccm_cleanup NULL
 
-BLOCK_CIPHER_custom(NID_aes,128,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
-BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
-BLOCK_CIPHER_custom(NID_aes,256,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes,128,1,12,ccm,CCM,CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm,CCM,CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes,256,1,12,ccm,CCM,CUSTOM_FLAGS)
 
 typedef struct
        {

diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index eb4c472244c70c4e0e2f3944f40fe4fd5f85ac5a..7d224074790a4dc8cb8901b600c471b18f4885a2 100644 (file)
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -246,17 +246,17 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
 #define des_ede3_ecb_cipher des_ede_ecb_cipher
 
 BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
-               EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+               EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_DEFAULT_ASN1,
                  des_ede3_init_key, NULL, NULL, NULL,
                  des3_ctrl)
 
 BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
-               EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+               EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_DEFAULT_ASN1,
                        des_ede3_init_key, NULL, NULL, NULL,
                        des3_ctrl)
 
 BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
-               EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+               EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_DEFAULT_ASN1,
                        des_ede3_init_key, NULL, NULL, NULL,
                        des3_ctrl)
 

diff --git a/crypto/evp/e_null.c b/crypto/evp/e_null.c
index 9ca12ee2439455b24e5941efc93eda5f919b97c6..4612db3df84c06c81af736e96bd2dd1a7e2ee156 100644 (file)
--- a/crypto/evp/e_null.c
+++ b/crypto/evp/e_null.c
@@ -68,8 +68,7 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static const EVP_CIPHER n_cipher=
        {
        NID_undef,
-       1,0,0,
-       EVP_CIPH_FLAG_FIPS,
+       1,0,0,0,
        null_init_key,
        null_cipher,
        NULL,

diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
index 2e4db3023593c80e38700d05bf6757d09708ea2c..8e78450bec573d914220fa65d7e90cb3c95f6e8c 100644 (file)
--- a/crypto/evp/evp_cnf.c
+++ b/crypto/evp/evp_cnf.c
@@ -64,10 +64,6 @@
 #include <openssl/dso.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 
 /* Algorithm configuration module. */
 

diff --git a/crypto/evp/m_dss.c b/crypto/evp/m_dss.c
index c9ab07349f2007b8dff42f3e3da635348bb4d4be..1c7105102d2909cc49d47b6e7084462a088d1a40 100644 (file)
--- a/crypto/evp/m_dss.c
+++ b/crypto/evp/m_dss.c
@@ -81,7 +81,7 @@ static const EVP_MD dsa_md=
        NID_dsaWithSHA,
        NID_dsaWithSHA,
        SHA_DIGEST_LENGTH,
-       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_PKEY_DIGEST,
        init,
        update,
        final,

diff --git a/crypto/evp/m_dss1.c b/crypto/evp/m_dss1.c
index 5216ffd977795a2824337bb4b7184a215673f499..553c3b7754f26d7f0e2288858c56f49c51f1be26 100644 (file)
--- a/crypto/evp/m_dss1.c
+++ b/crypto/evp/m_dss1.c
@@ -82,7 +82,7 @@ static const EVP_MD dss1_md=
        NID_dsa,
        NID_dsaWithSHA1,
        SHA_DIGEST_LENGTH,
-       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_PKEY_DIGEST,
        init,
        update,
        final,

diff --git a/crypto/evp/m_ecdsa.c b/crypto/evp/m_ecdsa.c
index aeb36ba2be131aa411eeb64af8fd5dfca8f835d7..8a52925e4e638a71a837c8ee19f6b6a0f29ed4de 100644 (file)
--- a/crypto/evp/m_ecdsa.c
+++ b/crypto/evp/m_ecdsa.c
@@ -131,7 +131,7 @@ static const EVP_MD ecdsa_md=
        NID_ecdsa_with_SHA1,
        NID_ecdsa_with_SHA1,
        SHA_DIGEST_LENGTH,
-       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_PKEY_DIGEST,
        init,
        update,
        final,

diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c
index f5eccb7e25a30377b9fd4334243f7ccedcba1846..a0bfd99d22cdcc0d3df0c475eb10096d30f03ce2 100644 (file)
--- a/crypto/evp/m_sha1.c
+++ b/crypto/evp/m_sha1.c
@@ -68,11 +68,6 @@
 #include <openssl/rsa.h>
 #endif
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-
 static int init(EVP_MD_CTX *ctx)
        { return SHA1_Init(ctx->md_data); }
 
@@ -87,7 +82,7 @@ static const EVP_MD sha1_md=
        NID_sha1,
        NID_sha1WithRSAEncryption,
        SHA_DIGEST_LENGTH,
-       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_FIPS,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
        init,
        update,
        final,
@@ -124,7 +119,7 @@ static const EVP_MD sha224_md=
        NID_sha224,
        NID_sha224WithRSAEncryption,
        SHA224_DIGEST_LENGTH,
-       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_FIPS,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
        init224,
        update256,
        final256,
@@ -143,7 +138,7 @@ static const EVP_MD sha256_md=
        NID_sha256,
        NID_sha256WithRSAEncryption,
        SHA256_DIGEST_LENGTH,
-       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_FIPS,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
        init256,
        update256,
        final256,
@@ -174,7 +169,7 @@ static const EVP_MD sha384_md=
        NID_sha384,
        NID_sha384WithRSAEncryption,
        SHA384_DIGEST_LENGTH,
-       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_FIPS,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
        init384,
        update512,
        final512,
@@ -193,7 +188,7 @@ static const EVP_MD sha512_md=
        NID_sha512,
        NID_sha512WithRSAEncryption,
        SHA512_DIGEST_LENGTH,
-       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_FIPS,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
        init512,
        update512,
        final512,