From c603c723ce0007c78b154096f1b2f67cea786389 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 18 Oct 2014 23:59:37 +0100 Subject: [PATCH] Remove OPENSSL_FIPSCANISTER code. OPENSSL_FIPSCANISTER is only set if the fips module is being built (as opposed to being used). Since the fips module wont be built in master this is redundant. Reviewed-by: Tim Hudson --- crypto/arm_arch.h | 4 ---- crypto/bn/bn_asm.c | 4 ---- crypto/cryptlib.c | 2 -- crypto/crypto.h | 5 ----- crypto/ecdh/ech_ossl.c | 12 ------------ crypto/ecdsa/ecs_ossl.c | 29 ----------------------------- e_os.h | 2 -- 7 files changed, 58 deletions(-) diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h index 6fa87244d1..d406c8c229 100644 --- a/crypto/arm_arch.h +++ b/crypto/arm_arch.h @@ -48,10 +48,6 @@ # endif #endif -#ifdef OPENSSL_FIPSCANISTER -#include -#endif - #if !__ASSEMBLER__ extern unsigned int OPENSSL_armcap_P; #endif diff --git a/crypto/bn/bn_asm.c b/crypto/bn/bn_asm.c index 23766243be..14eaf2c62d 100644 --- a/crypto/bn/bn_asm.c +++ b/crypto/bn/bn_asm.c @@ -428,12 +428,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) #if defined(BN_MUL_COMBA) && !defined(OPENSSL_SMALL_FOOTPRINT) -#ifndef OPENSSL_FIPSCANISTER #undef bn_mul_comba8 #undef bn_mul_comba4 #undef bn_sqr_comba8 #undef bn_sqr_comba4 -#endif /* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */ /* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */ @@ -948,10 +946,8 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_U #else /* !BN_MUL_COMBA */ /* hmm... is it faster just to do a multiply? */ -#ifndef OPENSSL_FIPSCANISTER #undef bn_sqr_comba4 #undef bn_sqr_comba8 -#endif void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) { BN_ULONG t[8]; diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 897b5b5bc2..07f68e684e 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -394,9 +394,7 @@ void OpenSSLDie(const char *file,int line,const char *assertion) #endif } -#ifndef OPENSSL_FIPSCANISTER void *OPENSSL_stderr(void) { return stderr; } -#endif int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) { diff --git a/crypto/crypto.h b/crypto/crypto.h index 256220ba01..4b542ce622 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -126,11 +126,6 @@ #include #endif -/* Get FIPS renames if needed */ -#if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSAPI) -#include -#endif - #include #include #include diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index 2656797449..e25fd4f1d3 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -234,15 +234,3 @@ err: if (buf) OPENSSL_free(buf); return(ret); } - -#ifdef OPENSSL_FIPSCANISTER -/* FIPS stanadlone version of ecdh_check: just return FIPS method */ -ECDH_DATA *fips_ecdh_check(EC_KEY *key) - { - static ECDH_DATA rv = { - 0,0,0, - &openssl_ecdh_meth - }; - return &rv; - } -#endif diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c index 97541a24b5..ec8e252342 100644 --- a/crypto/ecdsa/ecs_ossl.c +++ b/crypto/ecdsa/ecs_ossl.c @@ -561,32 +561,3 @@ err: EC_POINT_free(point); return ret; } - -#ifdef OPENSSL_FIPSCANISTER -/* FIPS stanadlone version of ecdsa_check: just return FIPS method */ -ECDSA_DATA *fips_ecdsa_check(EC_KEY *key) - { - static ECDSA_DATA rv = { - 0,0,0, - &openssl_ecdsa_meth - }; - return &rv; - } -/* Standalone digest sign and verify */ -int FIPS_ecdsa_verify_digest(EC_KEY *key, - const unsigned char *dig, int dlen, ECDSA_SIG *s) - { - ECDSA_DATA *ecdsa = ecdsa_check(key); - if (ecdsa == NULL) - return 0; - return ecdsa->meth->ecdsa_do_verify(dig, dlen, s, key); - } -ECDSA_SIG * FIPS_ecdsa_sign_digest(EC_KEY *key, - const unsigned char *dig, int dlen) - { - ECDSA_DATA *ecdsa = ecdsa_check(key); - if (ecdsa == NULL) - return NULL; - return ecdsa->meth->ecdsa_do_sign(dig, dlen, NULL, NULL, key); - } -#endif diff --git a/e_os.h b/e_os.h index 141eda67cb..d0217f1863 100644 --- a/e_os.h +++ b/e_os.h @@ -316,10 +316,8 @@ static __inline unsigned int _strlen31(const char *str) # endif # endif # endif -# if !defined(OPENSSL_FIPSCANISTER) # include # include -# endif # ifdef OPENSSL_SYS_WINCE # define OPENSSL_NO_POSIX_IO -- 2.34.1