remove FIPS mode support. people who require FIPS can buy something that

meets their needs, but dumping it in here only penalizes the rest of us.
ok beck deraadt

diff --git a/lib/libcrypto/Makefile b/lib/libcrypto/Makefile
index 326915d..5c02ba2 100644 (file)
--- a/lib/libcrypto/Makefile
+++ b/lib/libcrypto/Makefile
@@ -35,9 +35,9 @@ GENERAL=Makefile README crypto-lib.com install.com
 LIB= $(TOP)/libcrypto.a
 SHARED_LIB= libcrypto$(SHLIB_EXT)
 LIBSRC=        cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
-       uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c
+       uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c
 LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o \
-       uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ)
+       uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o $(CPUID_OBJ)
 
 SRC= $(LIBSRC)
 

diff --git a/lib/libcrypto/aes/aes_misc.c b/lib/libcrypto/aes/aes_misc.c
index d666c06..9380abc 100644 (file)
--- a/lib/libcrypto/aes/aes_misc.c
+++ b/lib/libcrypto/aes/aes_misc.c
@@ -71,9 +71,6 @@ int
 AES_set_encrypt_key(const unsigned char *userKey, const int bits,
     AES_KEY *key)
 {
-#ifdef OPENSSL_FIPS
-       fips_cipher_abort(AES);
-#endif
        return private_AES_set_encrypt_key(userKey, bits, key);
 }
 
@@ -81,8 +78,5 @@ int
 AES_set_decrypt_key(const unsigned char *userKey, const int bits,
     AES_KEY *key)
 {
-#ifdef OPENSSL_FIPS
-       fips_cipher_abort(AES);
-#endif
        return private_AES_set_decrypt_key(userKey, bits, key);
 }

diff --git a/lib/libcrypto/bf/bf_skey.c b/lib/libcrypto/bf/bf_skey.c
index 3b0bca4..d8e6287 100644 (file)
--- a/lib/libcrypto/bf/bf_skey.c
+++ b/lib/libcrypto/bf/bf_skey.c
@@ -64,13 +64,6 @@
 #include "bf_pi.h"
 
 void BF_set_key(BF_KEY *key, int len, const unsigned char *data)
-#ifdef OPENSSL_FIPS
-       {
-       fips_cipher_abort(BLOWFISH);
-       private_BF_set_key(key, len, data);
-       }
-void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data)
-#endif
        {
        int i;
        BF_LONG *p,ri,in[2];

diff --git a/lib/libcrypto/bf/blowfish.h b/lib/libcrypto/bf/blowfish.h
index 4b6c892..65685f4 100644 (file)
--- a/lib/libcrypto/bf/blowfish.h
+++ b/lib/libcrypto/bf/blowfish.h
@@ -104,9 +104,6 @@ typedef struct bf_key_st
        BF_LONG S[4*256];
        } BF_KEY;
 
-#ifdef OPENSSL_FIPS 
-void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data);
-#endif
 void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
 
 void BF_encrypt(BF_LONG *data,const BF_KEY *key);

diff --git a/lib/libcrypto/bn/bn_lcl.h b/lib/libcrypto/bn/bn_lcl.h
index 817c773..9194e86 100644 (file)
--- a/lib/libcrypto/bn/bn_lcl.h
+++ b/lib/libcrypto/bn/bn_lcl.h
@@ -479,10 +479,6 @@ extern "C" {
        }
 #endif /* !BN_LLONG */
 
-#if defined(OPENSSL_DOING_MAKEDEPEND) && defined(OPENSSL_FIPS)
-#undef bn_div_words
-#endif
-
 void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb);
 void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
 void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);

diff --git a/lib/libcrypto/camellia/camellia.h b/lib/libcrypto/camellia/camellia.h
index 67911e0..cf0457d 100644 (file)
--- a/lib/libcrypto/camellia/camellia.h
+++ b/lib/libcrypto/camellia/camellia.h
@@ -88,10 +88,6 @@ struct camellia_key_st
        };
 typedef struct camellia_key_st CAMELLIA_KEY;
 
-#ifdef OPENSSL_FIPS
-int private_Camellia_set_key(const unsigned char *userKey, const int bits,
-       CAMELLIA_KEY *key);
-#endif
 int Camellia_set_key(const unsigned char *userKey, const int bits,
        CAMELLIA_KEY *key);
 

diff --git a/lib/libcrypto/camellia/cmll_utl.c b/lib/libcrypto/camellia/cmll_utl.c
index 7a35711..b88a996 100644 (file)
--- a/lib/libcrypto/camellia/cmll_utl.c
+++ b/lib/libcrypto/camellia/cmll_utl.c
@@ -57,8 +57,5 @@
 int Camellia_set_key(const unsigned char *userKey, const int bits,
        CAMELLIA_KEY *key)
        {
-#ifdef OPENSSL_FIPS
-       fips_cipher_abort(Camellia);
-#endif
        return private_Camellia_set_key(userKey, bits, key);
        }

diff --git a/lib/libcrypto/cast/c_skey.c b/lib/libcrypto/cast/c_skey.c
index cb6bf9f..54ea98c 100644 (file)
--- a/lib/libcrypto/cast/c_skey.c
+++ b/lib/libcrypto/cast/c_skey.c
@@ -73,13 +73,6 @@
 #define S6 CAST_S_table6
 #define S7 CAST_S_table7
 void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
-#ifdef OPENSSL_FIPS
-       {
-       fips_cipher_abort(CAST);
-       private_CAST_set_key(key, len, data);
-       }
-void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
-#endif
        {
        CAST_LONG x[16];
        CAST_LONG z[16];

diff --git a/lib/libcrypto/cast/cast.h b/lib/libcrypto/cast/cast.h
index 203922e..8741532 100644 (file)
--- a/lib/libcrypto/cast/cast.h
+++ b/lib/libcrypto/cast/cast.h
@@ -83,9 +83,6 @@ typedef struct cast_key_st
        int short_key;  /* Use reduced rounds for short key */
        } CAST_KEY;
 
-#ifdef OPENSSL_FIPS 
-void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
-#endif
 void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
 void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key,
                      int enc);

diff --git a/lib/libcrypto/cmac/cmac.c b/lib/libcrypto/cmac/cmac.c
index 8b72b09..f92a7bb 100644 (file)
--- a/lib/libcrypto/cmac/cmac.c
+++ b/lib/libcrypto/cmac/cmac.c
@@ -57,10 +57,6 @@
 #include "cryptlib.h"
 #include <openssl/cmac.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 struct CMAC_CTX_st
        {
        /* Cipher context to use */
@@ -107,13 +103,6 @@ CMAC_CTX *CMAC_CTX_new(void)
 
 void CMAC_CTX_cleanup(CMAC_CTX *ctx)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !ctx->cctx.engine)
-               {
-               FIPS_cmac_ctx_cleanup(ctx);
-               return;
-               }
-#endif
        EVP_CIPHER_CTX_cleanup(&ctx->cctx);
        OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH);
        OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH);
@@ -153,24 +142,6 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
                        const EVP_CIPHER *cipher, ENGINE *impl)
        {
        static unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH];
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode())
-               {
-               /* If we have an ENGINE need to allow non FIPS */
-               if ((impl || ctx->cctx.engine)
-                       && !(ctx->cctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
-
-                       {
-                       EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS);
-                       return 0;
-                       }
-               /* Other algorithm blocking will be done in FIPS_cmac_init,
-                * via FIPS_cipherinit().
-                */
-               if (!impl && !ctx->cctx.engine)
-                       return FIPS_cmac_init(ctx, key, keylen, cipher, NULL);
-               }
-#endif
        /* All zeros means restart */
        if (!key && !cipher && !impl && keylen == 0)
                {
@@ -216,10 +187,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
        {
        const unsigned char *data = in;
        size_t bl;
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !ctx->cctx.engine)
-               return FIPS_cmac_update(ctx, in, dlen);
-#endif
+
        if (ctx->nlast_block == -1)
                return 0;
        if (dlen == 0)
@@ -261,10 +229,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
 int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
        {
        int i, bl, lb;
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !ctx->cctx.engine)
-               return FIPS_cmac_final(ctx, out, poutlen);
-#endif
+
        if (ctx->nlast_block == -1)
                return 0;
        bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);

diff --git a/lib/libcrypto/crypto.h b/lib/libcrypto/crypto.h
index 351ccfd..56c5dfa 100644 (file)
--- a/lib/libcrypto/crypto.h
+++ b/lib/libcrypto/crypto.h
@@ -538,25 +538,9 @@ void OPENSSL_init(void);
 
 #define fips_md_init(alg) fips_md_init_ctx(alg, alg)
 
-#ifdef OPENSSL_FIPS
-#define fips_md_init_ctx(alg, cx) \
-       int alg##_Init(cx##_CTX *c) \
-       { \
-       if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
-               "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
-       return private_##alg##_Init(c); \
-       } \
-       int private_##alg##_Init(cx##_CTX *c)
-
-#define fips_cipher_abort(alg) \
-       if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
-               "Low level API call to cipher " #alg " forbidden in FIPS mode!")
-
-#else
 #define fips_md_init_ctx(alg, cx) \
        int alg##_Init(cx##_CTX *c)
 #define fips_cipher_abort(alg) while(0)
-#endif
 
 /* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
  * takes an amount of time dependent on |len|, but independent of the contents

diff --git a/lib/libcrypto/crypto/Makefile b/lib/libcrypto/crypto/Makefile
index e3bb0a2..a149537 100644 (file)
--- a/lib/libcrypto/crypto/Makefile
+++ b/lib/libcrypto/crypto/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.8 2014/04/15 17:46:16 beck Exp $
+# $OpenBSD: Makefile,v 1.9 2014/04/15 20:06:09 tedu Exp $
 
 LIB=   crypto
 
@@ -43,7 +43,7 @@ CFLAGS+= -I${LCRYPTO_SRC}/modes -I${LCRYPTO_SRC}/asn1 -I${LCRYPTO_SRC}/evp
 
 # crypto/
 SRCS+= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c
-SRCS+= uid.c o_time.c o_str.c o_fips.c o_init.c fips_ers.c
+SRCS+= uid.c o_time.c o_str.c o_fips.c o_init.c
 
 # aes/
 SRCS+= aes_misc.c aes_ecb.c aes_cfb.c aes_ofb.c
@@ -163,7 +163,7 @@ SRCS+= p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c
 SRCS+= bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c
 SRCS+= c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c
 SRCS+= evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c
-SRCS+= e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c evp_fips.c
+SRCS+= e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c
 SRCS+= e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c
 
 # hmac/

diff --git a/lib/libcrypto/des/des.h b/lib/libcrypto/des/des.h
index 1eaedcb..92b6663 100644 (file)
--- a/lib/libcrypto/des/des.h
+++ b/lib/libcrypto/des/des.h
@@ -224,9 +224,6 @@ int DES_set_key(const_DES_cblock *key,DES_key_schedule *schedule);
 int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);
 int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);
 void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
-#ifdef OPENSSL_FIPS
-void private_DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
-#endif
 void DES_string_to_key(const char *str,DES_cblock *key);
 void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2);
 void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,

diff --git a/lib/libcrypto/des/set_key.c b/lib/libcrypto/des/set_key.c
index 99e3555..e8dea50 100644 (file)
--- a/lib/libcrypto/des/set_key.c
+++ b/lib/libcrypto/des/set_key.c
@@ -336,13 +336,6 @@ int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
        }
 
 void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
-#ifdef OPENSSL_FIPS
-       {
-       fips_cipher_abort(DES);
-       private_DES_set_key_unchecked(key, schedule);
-       }
-void private_DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
-#endif
        {
        static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
        register DES_LONG c,d,t,s,t2;

diff --git a/lib/libcrypto/dh/dh_gen.c b/lib/libcrypto/dh/dh_gen.c
index 7b1fe9c..cfd5b11 100644 (file)
--- a/lib/libcrypto/dh/dh_gen.c
+++ b/lib/libcrypto/dh/dh_gen.c
@@ -66,29 +66,12 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
 
 int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD)
-                       && !(ret->flags & DH_FLAG_NON_FIPS_ALLOW))
-               {
-               DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD);
-               return 0;
-               }
-#endif
        if(ret->meth->generate_params)
                return ret->meth->generate_params(ret, prime_len, generator, cb);
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode())
-               return FIPS_dh_generate_parameters_ex(ret, prime_len,
-                                                       generator, cb);
-#endif
        return dh_builtin_genparams(ret, prime_len, generator, cb);
        }
 

diff --git a/lib/libcrypto/dh/dh_key.c b/lib/libcrypto/dh/dh_key.c
index 89a74db..9596270 100644 (file)
--- a/lib/libcrypto/dh/dh_key.c
+++ b/lib/libcrypto/dh/dh_key.c
@@ -73,27 +73,11 @@ static int dh_finish(DH *dh);
 
 int DH_generate_key(DH *dh)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
-                       && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
-               {
-               DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD);
-               return 0;
-               }
-#endif
        return dh->meth->generate_key(dh);
        }
 
 int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
-                       && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
-               {
-               DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD);
-               return 0;
-               }
-#endif
        return dh->meth->compute_key(key, pub_key, dh);
        }
 

diff --git a/lib/libcrypto/dh/dh_lib.c b/lib/libcrypto/dh/dh_lib.c
index 00218f2..a40caaf 100644 (file)
--- a/lib/libcrypto/dh/dh_lib.c
+++ b/lib/libcrypto/dh/dh_lib.c
@@ -64,10 +64,6 @@
 #include <openssl/engine.h>
 #endif
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
 
 static const DH_METHOD *default_DH_method = NULL;
@@ -81,14 +77,7 @@ const DH_METHOD *DH_get_default_method(void)
        {
        if(!default_DH_method)
                {
-#ifdef OPENSSL_FIPS
-               if (FIPS_mode())
-                       return FIPS_dh_openssl();
-               else
-                       return DH_OpenSSL();
-#else
                default_DH_method = DH_OpenSSL();
-#endif
                }
        return default_DH_method;
        }

diff --git a/lib/libcrypto/dsa/dsa_gen.c b/lib/libcrypto/dsa/dsa_gen.c
index c398761..e6a5452 100644 (file)
--- a/lib/libcrypto/dsa/dsa_gen.c
+++ b/lib/libcrypto/dsa/dsa_gen.c
@@ -81,33 +81,13 @@
 #include <openssl/sha.h>
 #include "dsa_locl.h"
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 int DSA_generate_parameters_ex(DSA *ret, int bits,
                const unsigned char *seed_in, int seed_len,
                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)
-                       && !(ret->flags & DSA_FLAG_NON_FIPS_ALLOW))
-               {
-               DSAerr(DSA_F_DSA_GENERATE_PARAMETERS_EX, DSA_R_NON_FIPS_DSA_METHOD);
-               return 0;
-               }
-#endif
        if(ret->meth->dsa_paramgen)
                return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
                                counter_ret, h_ret, cb);
-#ifdef OPENSSL_FIPS
-       else if (FIPS_mode())
-               {
-               return FIPS_dsa_generate_parameters_ex(ret, bits, 
-                                                       seed_in, seed_len,
-                                                       counter_ret, h_ret, cb);
-               }
-#endif
        else
                {
                const EVP_MD *evpmd;

diff --git a/lib/libcrypto/dsa/dsa_key.c b/lib/libcrypto/dsa/dsa_key.c
index 9cf669b..c4aa86b 100644 (file)
--- a/lib/libcrypto/dsa/dsa_key.c
+++ b/lib/libcrypto/dsa/dsa_key.c
@@ -64,28 +64,12 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 static int dsa_builtin_keygen(DSA *dsa);
 
 int DSA_generate_key(DSA *dsa)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-                       && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-               {
-               DSAerr(DSA_F_DSA_GENERATE_KEY, DSA_R_NON_FIPS_DSA_METHOD);
-               return 0;
-               }
-#endif
        if(dsa->meth->dsa_keygen)
                return dsa->meth->dsa_keygen(dsa);
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode())
-               return FIPS_dsa_generate_key(dsa);
-#endif
        return dsa_builtin_keygen(dsa);
        }
 

diff --git a/lib/libcrypto/dsa/dsa_lib.c b/lib/libcrypto/dsa/dsa_lib.c
index 96d8d0c..897c085 100644 (file)
--- a/lib/libcrypto/dsa/dsa_lib.c
+++ b/lib/libcrypto/dsa/dsa_lib.c
@@ -70,10 +70,6 @@
 #include <openssl/dh.h>
 #endif
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
 
 static const DSA_METHOD *default_DSA_method = NULL;
@@ -87,14 +83,7 @@ const DSA_METHOD *DSA_get_default_method(void)
        {
        if(!default_DSA_method)
                {
-#ifdef OPENSSL_FIPS
-               if (FIPS_mode())
-                       return FIPS_dsa_openssl();
-               else
-                       return DSA_OpenSSL();
-#else
                default_DSA_method = DSA_OpenSSL();
-#endif
                }
        return default_DSA_method;
        }

diff --git a/lib/libcrypto/dsa/dsa_sign.c b/lib/libcrypto/dsa/dsa_sign.c
index c3cc364..e02365a 100644 (file)
--- a/lib/libcrypto/dsa/dsa_sign.c
+++ b/lib/libcrypto/dsa/dsa_sign.c
@@ -65,27 +65,11 @@
 
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-                       && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-               {
-               DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_NON_FIPS_DSA_METHOD);
-               return NULL;
-               }
-#endif
        return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
        }
 
 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-                       && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-               {
-               DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_NON_FIPS_DSA_METHOD);
-               return 0;
-               }
-#endif
        return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
        }
 

diff --git a/lib/libcrypto/dsa/dsa_vrf.c b/lib/libcrypto/dsa/dsa_vrf.c
index 674cb5f..286ed28 100644 (file)
--- a/lib/libcrypto/dsa/dsa_vrf.c
+++ b/lib/libcrypto/dsa/dsa_vrf.c
@@ -64,13 +64,5 @@
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                  DSA *dsa)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-                       && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-               {
-               DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_NON_FIPS_DSA_METHOD);
-               return -1;
-               }
-#endif
        return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
        }

diff --git a/lib/libcrypto/ec/ec2_smpl.c b/lib/libcrypto/ec/ec2_smpl.c
index e0e59c7..0cf681f 100644 (file)
--- a/lib/libcrypto/ec/ec2_smpl.c
+++ b/lib/libcrypto/ec/ec2_smpl.c
@@ -73,16 +73,8 @@
 
 #ifndef OPENSSL_NO_EC2M
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-
 const EC_METHOD *EC_GF2m_simple_method(void)
        {
-#ifdef OPENSSL_FIPS
-       return fips_ec_gf2m_simple_method();
-#else
        static const EC_METHOD ret = {
                EC_FLAGS_DEFAULT_OCT,
                NID_X9_62_characteristic_two_field,
@@ -126,7 +118,6 @@ const EC_METHOD *EC_GF2m_simple_method(void)
                0 /* field_set_to_one */ };
 
        return &ret;
-#endif
        }
 
 

diff --git a/lib/libcrypto/ec/ec_key.c b/lib/libcrypto/ec/ec_key.c
index 7fa2475..d528601 100644 (file)
--- a/lib/libcrypto/ec/ec_key.c
+++ b/lib/libcrypto/ec/ec_key.c
@@ -64,9 +64,6 @@
 #include <string.h>
 #include "ec_lcl.h"
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 EC_KEY *EC_KEY_new(void)
        {
@@ -241,11 +238,6 @@ int EC_KEY_generate_key(EC_KEY *eckey)
        BIGNUM  *priv_key = NULL, *order = NULL;
        EC_POINT *pub_key = NULL;
 
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode())
-               return FIPS_ec_key_generate_key(eckey);
-#endif
-
        if (!eckey || !eckey->group)
                {
                ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);

diff --git a/lib/libcrypto/ec/ecp_mont.c b/lib/libcrypto/ec/ecp_mont.c
index f04f132..cee0fee 100644 (file)
--- a/lib/libcrypto/ec/ecp_mont.c
+++ b/lib/libcrypto/ec/ecp_mont.c
@@ -63,18 +63,11 @@
 
 #include <openssl/err.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 #include "ec_lcl.h"
 
 
 const EC_METHOD *EC_GFp_mont_method(void)
        {
-#ifdef OPENSSL_FIPS
-       return fips_ec_gfp_mont_method();
-#else
        static const EC_METHOD ret = {
                EC_FLAGS_DEFAULT_OCT,
                NID_X9_62_prime_field,
@@ -115,7 +108,6 @@ const EC_METHOD *EC_GFp_mont_method(void)
                ec_GFp_mont_field_set_to_one };
 
        return &ret;
-#endif
        }
 
 

diff --git a/lib/libcrypto/ec/ecp_nist.c b/lib/libcrypto/ec/ecp_nist.c
index aad2d5f..ac5b814 100644 (file)
--- a/lib/libcrypto/ec/ecp_nist.c
+++ b/lib/libcrypto/ec/ecp_nist.c
@@ -67,15 +67,8 @@
 #include <openssl/obj_mac.h>
 #include "ec_lcl.h"
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 const EC_METHOD *EC_GFp_nist_method(void)
        {
-#ifdef OPENSSL_FIPS
-       return fips_ec_gfp_nist_method();
-#else
        static const EC_METHOD ret = {
                EC_FLAGS_DEFAULT_OCT,
                NID_X9_62_prime_field,
@@ -116,7 +109,6 @@ const EC_METHOD *EC_GFp_nist_method(void)
                0 /* field_set_to_one */ };
 
        return &ret;
-#endif
        }
 
 int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)

diff --git a/lib/libcrypto/ec/ecp_smpl.c b/lib/libcrypto/ec/ecp_smpl.c
index cd05fd1..bf0ad99 100644 (file)
--- a/lib/libcrypto/ec/ecp_smpl.c
+++ b/lib/libcrypto/ec/ecp_smpl.c
@@ -64,17 +64,10 @@
 
 #include <openssl/err.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 #include "ec_lcl.h"
 
 const EC_METHOD *EC_GFp_simple_method(void)
        {
-#ifdef OPENSSL_FIPS
-       return fips_ec_gfp_simple_method();
-#else
        static const EC_METHOD ret = {
                EC_FLAGS_DEFAULT_OCT,
                NID_X9_62_prime_field,
@@ -115,7 +108,6 @@ const EC_METHOD *EC_GFp_simple_method(void)
                0 /* field_set_to_one */ };
 
        return &ret;
-#endif
        }
 
 

diff --git a/lib/libcrypto/ecdh/ech_lib.c b/lib/libcrypto/ecdh/ech_lib.c
index 0644431..ddf226b 100644 (file)
--- a/lib/libcrypto/ecdh/ech_lib.c
+++ b/lib/libcrypto/ecdh/ech_lib.c
@@ -73,9 +73,6 @@
 #include <openssl/engine.h>
 #endif
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT;
 
@@ -94,14 +91,7 @@ const ECDH_METHOD *ECDH_get_default_method(void)
        {
        if(!default_ECDH_method) 
                {
-#ifdef OPENSSL_FIPS
-               if (FIPS_mode())
-                       return FIPS_ecdh_openssl();
-               else
-                       return ECDH_OpenSSL();
-#else
                default_ECDH_method = ECDH_OpenSSL();
-#endif
                }
        return default_ECDH_method;
        }
@@ -234,15 +224,6 @@ ECDH_DATA *ecdh_check(EC_KEY *key)
        }
        else
                ecdh_data = (ECDH_DATA *)data;
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD)
-                       && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW))
-               {
-               ECDHerr(ECDH_F_ECDH_CHECK, ECDH_R_NON_FIPS_METHOD);
-               return NULL;
-               }
-#endif
-       
 
        return ecdh_data;
        }

diff --git a/lib/libcrypto/ecdsa/ecs_lib.c b/lib/libcrypto/ecdsa/ecs_lib.c
index 814a6bf..7b53969 100644 (file)
--- a/lib/libcrypto/ecdsa/ecs_lib.c
+++ b/lib/libcrypto/ecdsa/ecs_lib.c
@@ -60,9 +60,6 @@
 #endif
 #include <openssl/err.h>
 #include <openssl/bn.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 const char ECDSA_version[]="ECDSA" OPENSSL_VERSION_PTEXT;
 
@@ -81,14 +78,7 @@ const ECDSA_METHOD *ECDSA_get_default_method(void)
 {
        if(!default_ECDSA_method) 
                {
-#ifdef OPENSSL_FIPS
-               if (FIPS_mode())
-                       return FIPS_ecdsa_openssl();
-               else
-                       return ECDSA_OpenSSL();
-#else
                default_ECDSA_method = ECDSA_OpenSSL();
-#endif
                }
        return default_ECDSA_method;
 }
@@ -212,14 +202,6 @@ ECDSA_DATA *ecdsa_check(EC_KEY *key)
        }
        else
                ecdsa_data = (ECDSA_DATA *)data;
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(ecdsa_data->flags & ECDSA_FLAG_FIPS_METHOD)
-                       && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW))
-               {
-               ECDSAerr(ECDSA_F_ECDSA_CHECK, ECDSA_R_NON_FIPS_METHOD);
-               return NULL;
-               }
-#endif
 
        return ecdsa_data;
 }

diff --git a/lib/libcrypto/err/err_all.c b/lib/libcrypto/err/err_all.c
index 8eb547d..1c4eccd 100644 (file)
--- a/lib/libcrypto/err/err_all.c
+++ b/lib/libcrypto/err/err_all.c
@@ -97,9 +97,6 @@
 #include <openssl/ui.h>
 #include <openssl/ocsp.h>
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #include <openssl/ts.h>
 #ifndef OPENSSL_NO_CMS
 #include <openssl/cms.h>
@@ -155,9 +152,6 @@ void ERR_load_crypto_strings(void)
 #endif
        ERR_load_OCSP_strings();
        ERR_load_UI_strings();
-#ifdef OPENSSL_FIPS
-       ERR_load_FIPS_strings();
-#endif
 #ifndef OPENSSL_NO_CMS
        ERR_load_CMS_strings();
 #endif

diff --git a/lib/libcrypto/evp/Makefile b/lib/libcrypto/evp/Makefile
index 3982f49..f94a28d 100644 (file)
--- a/lib/libcrypto/evp/Makefile
+++ b/lib/libcrypto/evp/Makefile
@@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
        bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
        c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
        evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
-       e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c evp_fips.c \
+       e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
        e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c
 
 LIBOBJ=        encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
@@ -41,7 +41,7 @@ LIBOBJ=       encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
        bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
        c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
        evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
-       e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o evp_fips.o \
+       e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o \
        e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o
 
 SRC= $(LIBSRC)

diff --git a/lib/libcrypto/evp/digest.c b/lib/libcrypto/evp/digest.c
index d14e8e4..782d319 100644 (file)
--- a/lib/libcrypto/evp/digest.c
+++ b/lib/libcrypto/evp/digest.c
@@ -117,10 +117,6 @@
 #include <openssl/engine.h>
 #endif
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
        {
        memset(ctx,'\0',sizeof *ctx);
@@ -229,26 +225,12 @@ skip_to_init:
                }
        if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
                return 1;
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode())
-               {
-               if (FIPS_digestinit(ctx, type))
-                       return 1;
-               OPENSSL_free(ctx->md_data);
-               ctx->md_data = NULL;
-               return 0;
-               }
-#endif
        return ctx->digest->init(ctx);
        }
 
 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
        {
-#ifdef OPENSSL_FIPS
-       return FIPS_digestupdate(ctx, data, count);
-#else
        return ctx->update(ctx,data,count);
-#endif
        }
 
 /* The caller can assume that this removes any secret data from the context */
@@ -263,9 +245,6 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 /* The caller can assume that this removes any secret data from the context */
 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
        {
-#ifdef OPENSSL_FIPS
-       return FIPS_digestfinal(ctx, md, size);
-#else
        int ret;
 
        OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
@@ -279,7 +258,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
                }
        memset(ctx->md_data,0,ctx->digest->ctx_size);
        return ret;
-#endif
        }
 
 int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
@@ -376,7 +354,6 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
 /* This call frees resources associated with the context */
 int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
        {
-#ifndef OPENSSL_FIPS
        /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
         * because sometimes only copies of the context are ever finalised.
         */
@@ -389,7 +366,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
                OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
                OPENSSL_free(ctx->md_data);
                }
-#endif
        if (ctx->pctx)
                EVP_PKEY_CTX_free(ctx->pctx);
 #ifndef OPENSSL_NO_ENGINE
@@ -397,9 +373,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
                /* The EVP_MD we used belongs to an ENGINE, release the
                 * functional reference we held for this reason. */
                ENGINE_finish(ctx->engine);
-#endif
-#ifdef OPENSSL_FIPS
-       FIPS_md_ctx_cleanup(ctx);
 #endif
        memset(ctx,'\0',sizeof *ctx);
 

diff --git a/lib/libcrypto/evp/e_null.c b/lib/libcrypto/evp/e_null.c
index f0c1f78..98a7849 100644 (file)
--- a/lib/libcrypto/evp/e_null.c
+++ b/lib/libcrypto/evp/e_null.c
@@ -61,8 +61,6 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 
-#ifndef OPENSSL_FIPS
-
 static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        const unsigned char *iv,int enc);
 static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
@@ -101,4 +99,3 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                memcpy((char *)out,(const char *)in,inl);
        return 1;
        }
-#endif

diff --git a/lib/libcrypto/evp/evp_enc.c b/lib/libcrypto/evp/evp_enc.c
index 0c54f05..50403a7 100644 (file)
--- a/lib/libcrypto/evp/evp_enc.c
+++ b/lib/libcrypto/evp/evp_enc.c
@@ -64,17 +64,9 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #include "evp_locl.h"
 
-#ifdef OPENSSL_FIPS
-#define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl)
-#else
 #define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
-#endif
-
 
 const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
 
@@ -169,10 +161,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                        ctx->engine = NULL;
 #endif
 
-#ifdef OPENSSL_FIPS
-               if (FIPS_mode())
-                       return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-#endif
                ctx->cipher=cipher;
                if (ctx->cipher->ctx_size)
                        {
@@ -205,10 +193,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                }
 #ifndef OPENSSL_NO_ENGINE
 skip_to_init:
-#endif
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode())
-               return FIPS_cipherinit(ctx, cipher, key, iv, enc);
 #endif
        /* we assume block size is a power of 2 in *cryptUpdate */
        OPENSSL_assert(ctx->cipher->block_size == 1
@@ -568,7 +552,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
 
 int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
        {
-#ifndef OPENSSL_FIPS
        if (c->cipher != NULL)
                {
                if(c->cipher->cleanup && !c->cipher->cleanup(c))
@@ -579,15 +562,11 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
                }
        if (c->cipher_data)
                OPENSSL_free(c->cipher_data);
-#endif
 #ifndef OPENSSL_NO_ENGINE
        if (c->engine)
                /* The EVP_CIPHER we used belongs to an ENGINE, release the
                 * functional reference we held for this reason. */
                ENGINE_finish(c->engine);
-#endif
-#ifdef OPENSSL_FIPS
-       FIPS_cipher_ctx_cleanup(c);
 #endif
        memset(c,0,sizeof(EVP_CIPHER_CTX));
        return 1;

diff --git a/lib/libcrypto/evp/evp_fips.c b/lib/libcrypto/evp/evp_fips.c
deleted file mode 100644 (file)
index cb7f4fc..0000000
--- a/lib/libcrypto/evp/evp_fips.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/* crypto/evp/evp_fips.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-
-#include <openssl/evp.h>
-
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-
-const EVP_CIPHER *EVP_aes_128_cbc(void)  { return FIPS_evp_aes_128_cbc(); }
-const EVP_CIPHER *EVP_aes_128_ccm(void)  { return FIPS_evp_aes_128_ccm(); }
-const EVP_CIPHER *EVP_aes_128_cfb1(void)  { return FIPS_evp_aes_128_cfb1(); }
-const EVP_CIPHER *EVP_aes_128_cfb128(void)  { return FIPS_evp_aes_128_cfb128(); }
-const EVP_CIPHER *EVP_aes_128_cfb8(void)  { return FIPS_evp_aes_128_cfb8(); }
-const EVP_CIPHER *EVP_aes_128_ctr(void)  { return FIPS_evp_aes_128_ctr(); }
-const EVP_CIPHER *EVP_aes_128_ecb(void)  { return FIPS_evp_aes_128_ecb(); }
-const EVP_CIPHER *EVP_aes_128_gcm(void)  { return FIPS_evp_aes_128_gcm(); }
-const EVP_CIPHER *EVP_aes_128_ofb(void)  { return FIPS_evp_aes_128_ofb(); }
-const EVP_CIPHER *EVP_aes_128_xts(void)  { return FIPS_evp_aes_128_xts(); }
-const EVP_CIPHER *EVP_aes_192_cbc(void)  { return FIPS_evp_aes_192_cbc(); }
-const EVP_CIPHER *EVP_aes_192_ccm(void)  { return FIPS_evp_aes_192_ccm(); }
-const EVP_CIPHER *EVP_aes_192_cfb1(void)  { return FIPS_evp_aes_192_cfb1(); }
-const EVP_CIPHER *EVP_aes_192_cfb128(void)  { return FIPS_evp_aes_192_cfb128(); }
-const EVP_CIPHER *EVP_aes_192_cfb8(void)  { return FIPS_evp_aes_192_cfb8(); }
-const EVP_CIPHER *EVP_aes_192_ctr(void)  { return FIPS_evp_aes_192_ctr(); }
-const EVP_CIPHER *EVP_aes_192_ecb(void)  { return FIPS_evp_aes_192_ecb(); }
-const EVP_CIPHER *EVP_aes_192_gcm(void)  { return FIPS_evp_aes_192_gcm(); }
-const EVP_CIPHER *EVP_aes_192_ofb(void)  { return FIPS_evp_aes_192_ofb(); }
-const EVP_CIPHER *EVP_aes_256_cbc(void)  { return FIPS_evp_aes_256_cbc(); }
-const EVP_CIPHER *EVP_aes_256_ccm(void)  { return FIPS_evp_aes_256_ccm(); }
-const EVP_CIPHER *EVP_aes_256_cfb1(void)  { return FIPS_evp_aes_256_cfb1(); }
-const EVP_CIPHER *EVP_aes_256_cfb128(void)  { return FIPS_evp_aes_256_cfb128(); }
-const EVP_CIPHER *EVP_aes_256_cfb8(void)  { return FIPS_evp_aes_256_cfb8(); }
-const EVP_CIPHER *EVP_aes_256_ctr(void)  { return FIPS_evp_aes_256_ctr(); }
-const EVP_CIPHER *EVP_aes_256_ecb(void)  { return FIPS_evp_aes_256_ecb(); }
-const EVP_CIPHER *EVP_aes_256_gcm(void)  { return FIPS_evp_aes_256_gcm(); }
-const EVP_CIPHER *EVP_aes_256_ofb(void)  { return FIPS_evp_aes_256_ofb(); }
-const EVP_CIPHER *EVP_aes_256_xts(void)  { return FIPS_evp_aes_256_xts(); }
-const EVP_CIPHER *EVP_des_ede(void)  { return FIPS_evp_des_ede(); }
-const EVP_CIPHER *EVP_des_ede3(void)  { return FIPS_evp_des_ede3(); }
-const EVP_CIPHER *EVP_des_ede3_cbc(void)  { return FIPS_evp_des_ede3_cbc(); }
-const EVP_CIPHER *EVP_des_ede3_cfb1(void)  { return FIPS_evp_des_ede3_cfb1(); }
-const EVP_CIPHER *EVP_des_ede3_cfb64(void)  { return FIPS_evp_des_ede3_cfb64(); }
-const EVP_CIPHER *EVP_des_ede3_cfb8(void)  { return FIPS_evp_des_ede3_cfb8(); }
-const EVP_CIPHER *EVP_des_ede3_ecb(void)  { return FIPS_evp_des_ede3_ecb(); }
-const EVP_CIPHER *EVP_des_ede3_ofb(void)  { return FIPS_evp_des_ede3_ofb(); }
-const EVP_CIPHER *EVP_des_ede_cbc(void)  { return FIPS_evp_des_ede_cbc(); }
-const EVP_CIPHER *EVP_des_ede_cfb64(void)  { return FIPS_evp_des_ede_cfb64(); }
-const EVP_CIPHER *EVP_des_ede_ecb(void)  { return FIPS_evp_des_ede_ecb(); }
-const EVP_CIPHER *EVP_des_ede_ofb(void)  { return FIPS_evp_des_ede_ofb(); }
-const EVP_CIPHER *EVP_enc_null(void)  { return FIPS_evp_enc_null(); }
-
-const EVP_MD *EVP_sha1(void)  { return FIPS_evp_sha1(); }
-const EVP_MD *EVP_sha224(void)  { return FIPS_evp_sha224(); }
-const EVP_MD *EVP_sha256(void)  { return FIPS_evp_sha256(); }
-const EVP_MD *EVP_sha384(void)  { return FIPS_evp_sha384(); }
-const EVP_MD *EVP_sha512(void)  { return FIPS_evp_sha512(); }
-
-const EVP_MD *EVP_dss(void)  { return FIPS_evp_dss(); }
-const EVP_MD *EVP_dss1(void)  { return FIPS_evp_dss1(); }
-const EVP_MD *EVP_ecdsa(void)  { return FIPS_evp_ecdsa(); }
-
-#endif

diff --git a/lib/libcrypto/evp/evp_locl.h b/lib/libcrypto/evp/evp_locl.h
index 08c0a66..9e71f39 100644 (file)
--- a/lib/libcrypto/evp/evp_locl.h
+++ b/lib/libcrypto/evp/evp_locl.h
@@ -347,39 +347,3 @@ void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
 int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                             ASN1_TYPE *param,
                             const EVP_CIPHER *c, const EVP_MD *md, int en_de);
-
-#ifdef OPENSSL_FIPS
-
-#ifdef OPENSSL_DOING_MAKEDEPEND
-#undef SHA1_Init
-#undef SHA1_Update
-#undef SHA224_Init
-#undef SHA256_Init
-#undef SHA384_Init
-#undef SHA512_Init
-#undef DES_set_key_unchecked
-#endif
-
-#define RIPEMD160_Init private_RIPEMD160_Init
-#define WHIRLPOOL_Init private_WHIRLPOOL_Init
-#define MD5_Init       private_MD5_Init
-#define MD4_Init       private_MD4_Init
-#define MD2_Init       private_MD2_Init
-#define MDC2_Init      private_MDC2_Init
-#define SHA_Init       private_SHA_Init
-#define SHA1_Init      private_SHA1_Init
-#define SHA224_Init    private_SHA224_Init
-#define SHA256_Init    private_SHA256_Init
-#define SHA384_Init    private_SHA384_Init
-#define SHA512_Init    private_SHA512_Init
-
-#define BF_set_key     private_BF_set_key
-#define CAST_set_key   private_CAST_set_key
-#define idea_set_encrypt_key   private_idea_set_encrypt_key
-#define SEED_set_key   private_SEED_set_key
-#define RC2_set_key    private_RC2_set_key
-#define RC4_set_key    private_RC4_set_key
-#define DES_set_key_unchecked  private_DES_set_key_unchecked
-#define Camellia_set_key       private_Camellia_set_key
-
-#endif

diff --git a/lib/libcrypto/evp/m_dss.c b/lib/libcrypto/evp/m_dss.c
index 6fb7e9a..89ea5b7 100644 (file)
--- a/lib/libcrypto/evp/m_dss.c
+++ b/lib/libcrypto/evp/m_dss.c
@@ -66,7 +66,6 @@
 #endif
 
 #ifndef OPENSSL_NO_SHA
-#ifndef OPENSSL_FIPS
 
 static int init(EVP_MD_CTX *ctx)
        { return SHA1_Init(ctx->md_data); }
@@ -98,4 +97,3 @@ const EVP_MD *EVP_dss(void)
        return(&dsa_md);
        }
 #endif
-#endif

diff --git a/lib/libcrypto/evp/m_dss1.c b/lib/libcrypto/evp/m_dss1.c
index 2df362a..a010103 100644 (file)
--- a/lib/libcrypto/evp/m_dss1.c
+++ b/lib/libcrypto/evp/m_dss1.c
@@ -68,8 +68,6 @@
 #include <openssl/dsa.h>
 #endif
 
-#ifndef OPENSSL_FIPS 
-
 static int init(EVP_MD_CTX *ctx)
        { return SHA1_Init(ctx->md_data); }
 
@@ -100,4 +98,3 @@ const EVP_MD *EVP_dss1(void)
        return(&dss1_md);
        }
 #endif
-#endif

diff --git a/lib/libcrypto/evp/m_ecdsa.c b/lib/libcrypto/evp/m_ecdsa.c
index 4b15fb0..a6ed24b 100644 (file)
--- a/lib/libcrypto/evp/m_ecdsa.c
+++ b/lib/libcrypto/evp/m_ecdsa.c
@@ -116,7 +116,6 @@
 #include <openssl/x509.h>
 
 #ifndef OPENSSL_NO_SHA
-#ifndef OPENSSL_FIPS
 
 static int init(EVP_MD_CTX *ctx)
        { return SHA1_Init(ctx->md_data); }
@@ -148,4 +147,3 @@ const EVP_MD *EVP_ecdsa(void)
        return(&ecdsa_md);
        }
 #endif
-#endif

diff --git a/lib/libcrypto/evp/m_sha1.c b/lib/libcrypto/evp/m_sha1.c
index bd0c01a..f39ae77 100644 (file)
--- a/lib/libcrypto/evp/m_sha1.c
+++ b/lib/libcrypto/evp/m_sha1.c
@@ -59,8 +59,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
 
-#ifndef OPENSSL_FIPS
-
 #ifndef OPENSSL_NO_SHA
 
 #include <openssl/evp.h>
@@ -205,5 +203,3 @@ static const EVP_MD sha512_md=
 const EVP_MD *EVP_sha512(void)
        { return(&sha512_md); }
 #endif /* ifndef OPENSSL_NO_SHA512 */
-
-#endif

diff --git a/lib/libcrypto/fips_ers.c b/lib/libcrypto/fips_ers.c
deleted file mode 100644 (file)
index 1788ed2..0000000
--- a/lib/libcrypto/fips_ers.c
+++ /dev/null
@@ -1,7 +0,0 @@
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_FIPS
-# include "fips_err.h"
-#else
-static void *dummy = &dummy;
-#endif

diff --git a/lib/libcrypto/hmac/hmac.c b/lib/libcrypto/hmac/hmac.c
index ba27cbf..6c98fc4 100644 (file)
--- a/lib/libcrypto/hmac/hmac.c
+++ b/lib/libcrypto/hmac/hmac.c
@@ -61,34 +61,12 @@
 #include "cryptlib.h"
 #include <openssl/hmac.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                  const EVP_MD *md, ENGINE *impl)
        {
        int i,j,reset=0;
        unsigned char pad[HMAC_MAX_MD_CBLOCK];
 
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode())
-               {
-               /* If we have an ENGINE need to allow non FIPS */
-               if ((impl || ctx->i_ctx.engine)
-                       &&  !(ctx->i_ctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
-                       {
-                       EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS);
-                       return 0;
-                       }
-               /* Other algorithm blocking will be done in FIPS_cmac_init,
-                * via FIPS_hmac_init_ex().
-                */
-               if (!impl && !ctx->i_ctx.engine)
-                       return FIPS_hmac_init_ex(ctx, key, len, md, NULL);
-               }
-#endif
-
        if (md != NULL)
                {
                reset=1;
@@ -155,10 +133,6 @@ int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
 
 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !ctx->i_ctx.engine)
-               return FIPS_hmac_update(ctx, data, len);
-#endif
        return EVP_DigestUpdate(&ctx->md_ctx,data,len);
        }
 
@@ -166,10 +140,6 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
        {
        unsigned int i;
        unsigned char buf[EVP_MAX_MD_SIZE];
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !ctx->i_ctx.engine)
-               return FIPS_hmac_final(ctx, md, len);
-#endif
 
        if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i))
                goto err;
@@ -209,13 +179,6 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
 
 void HMAC_CTX_cleanup(HMAC_CTX *ctx)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !ctx->i_ctx.engine)
-               {
-               FIPS_hmac_ctx_cleanup(ctx);
-               return;
-               }
-#endif
        EVP_MD_CTX_cleanup(&ctx->i_ctx);
        EVP_MD_CTX_cleanup(&ctx->o_ctx);
        EVP_MD_CTX_cleanup(&ctx->md_ctx);

diff --git a/lib/libcrypto/idea/i_skey.c b/lib/libcrypto/idea/i_skey.c
index afb8309..244562e 100644 (file)
--- a/lib/libcrypto/idea/i_skey.c
+++ b/lib/libcrypto/idea/i_skey.c
@@ -62,13 +62,6 @@
 
 static IDEA_INT inverse(unsigned int xin);
 void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
-#ifdef OPENSSL_FIPS
-       {
-       fips_cipher_abort(IDEA);
-       private_idea_set_encrypt_key(key, ks);
-       }
-void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
-#endif
        {
        int i;
        register IDEA_INT *kt,*kf,r0,r1,r2;

diff --git a/lib/libcrypto/idea/idea.h b/lib/libcrypto/idea/idea.h
index e9a1e7f..5782e54 100644 (file)
--- a/lib/libcrypto/idea/idea.h
+++ b/lib/libcrypto/idea/idea.h
@@ -83,9 +83,6 @@ typedef struct idea_key_st
 const char *idea_options(void);
 void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
        IDEA_KEY_SCHEDULE *ks);
-#ifdef OPENSSL_FIPS
-void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
-#endif
 void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
 void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
 void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,

diff --git a/lib/libcrypto/md2/md2.h b/lib/libcrypto/md2/md2.h
index d59c9f2..a46120e 100644 (file)
--- a/lib/libcrypto/md2/md2.h
+++ b/lib/libcrypto/md2/md2.h
@@ -81,9 +81,6 @@ typedef struct MD2state_st
        } MD2_CTX;
 
 const char *MD2_options(void);
-#ifdef OPENSSL_FIPS
-int private_MD2_Init(MD2_CTX *c);
-#endif
 int MD2_Init(MD2_CTX *c);
 int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len);
 int MD2_Final(unsigned char *md, MD2_CTX *c);

diff --git a/lib/libcrypto/md4/md4.h b/lib/libcrypto/md4/md4.h
index a55368a..c3ed9b3 100644 (file)
--- a/lib/libcrypto/md4/md4.h
+++ b/lib/libcrypto/md4/md4.h
@@ -105,9 +105,6 @@ typedef struct MD4state_st
        unsigned int num;
        } MD4_CTX;
 
-#ifdef OPENSSL_FIPS
-int private_MD4_Init(MD4_CTX *c);
-#endif
 int MD4_Init(MD4_CTX *c);
 int MD4_Update(MD4_CTX *c, const void *data, size_t len);
 int MD4_Final(unsigned char *md, MD4_CTX *c);

diff --git a/lib/libcrypto/md5/md5.h b/lib/libcrypto/md5/md5.h
index 541cc92..4cbf843 100644 (file)
--- a/lib/libcrypto/md5/md5.h
+++ b/lib/libcrypto/md5/md5.h
@@ -105,9 +105,6 @@ typedef struct MD5state_st
        unsigned int num;
        } MD5_CTX;
 
-#ifdef OPENSSL_FIPS
-int private_MD5_Init(MD5_CTX *c);
-#endif
 int MD5_Init(MD5_CTX *c);
 int MD5_Update(MD5_CTX *c, const void *data, size_t len);
 int MD5_Final(unsigned char *md, MD5_CTX *c);

diff --git a/lib/libcrypto/mdc2/mdc2.h b/lib/libcrypto/mdc2/mdc2.h
index f3e8e57..72778a5 100644 (file)
--- a/lib/libcrypto/mdc2/mdc2.h
+++ b/lib/libcrypto/mdc2/mdc2.h
@@ -81,9 +81,6 @@ typedef struct mdc2_ctx_st
        } MDC2_CTX;
 
 
-#ifdef OPENSSL_FIPS
-int private_MDC2_Init(MDC2_CTX *c);
-#endif
 int MDC2_Init(MDC2_CTX *c);
 int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
 int MDC2_Final(unsigned char *md, MDC2_CTX *c);

diff --git a/lib/libcrypto/o_fips.c b/lib/libcrypto/o_fips.c
index 9c185cf..43312ae 100644 (file)
--- a/lib/libcrypto/o_fips.c
+++ b/lib/libcrypto/o_fips.c
@@ -56,42 +56,20 @@
  */
 
 #include "cryptlib.h"
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-#include <openssl/rand.h>
-#endif
 
 int
 FIPS_mode(void)
 {
        OPENSSL_init();
-#ifdef OPENSSL_FIPS
-       return FIPS_module_mode();
-#else
        return 0;
-#endif
 }
 
 int
 FIPS_mode_set(int r)
 {
        OPENSSL_init();
-#ifdef OPENSSL_FIPS
-#ifndef FIPS_AUTH_USER_PASS
-#define FIPS_AUTH_USER_PASS    "Default FIPS Crypto User Password"
-#endif
-       if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS))
-               return 0;
-       if (r)
-               RAND_set_rand_method(FIPS_rand_get_method());
-       else
-               RAND_set_rand_method(NULL);
-       return 1;
-#else
        if (r == 0)
                return 1;
        CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED);
        return 0;
-#endif
 }

diff --git a/lib/libcrypto/o_init.c b/lib/libcrypto/o_init.c
index 07c8e0d..5e905d9 100644 (file)
--- a/lib/libcrypto/o_init.c
+++ b/lib/libcrypto/o_init.c
@@ -54,10 +54,6 @@
 
 #include <e_os.h>
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#include <openssl/rand.h>
-#endif
 
 /* Perform any essential OpenSSL initialization operations.
  * Currently only sets FIPS callbacks
@@ -70,12 +66,6 @@ OPENSSL_init(void)
        if (done)
                return;
        done = 1;
-#ifdef OPENSSL_FIPS
-       FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock);
-       FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
-       FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);
-       RAND_init_fips();
-#endif
 #if 0
        fprintf(stderr, "Called OPENSSL_init\n");
 #endif

diff --git a/lib/libcrypto/opensslv.h b/lib/libcrypto/opensslv.h
index ebe7180..7ba6281 100644 (file)
--- a/lib/libcrypto/opensslv.h
+++ b/lib/libcrypto/opensslv.h
@@ -26,11 +26,7 @@
  *  major minor fix final patch/beta)
  */
 #define OPENSSL_VERSION_NUMBER 0x1000107fL
-#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.1g-fips 7 Apr 2014"
-#else
 #define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.1g 7 Apr 2014"
-#endif
 #define OPENSSL_VERSION_PTEXT  " part of " OPENSSL_VERSION_TEXT
 
 

diff --git a/lib/libcrypto/pem/pem_all.c b/lib/libcrypto/pem/pem_all.c
index eac0460..6ff6be7 100644 (file)
--- a/lib/libcrypto/pem/pem_all.c
+++ b/lib/libcrypto/pem/pem_all.c
@@ -193,61 +193,8 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
 
 #endif
 
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-       if (FIPS_mode())
-               {
-               EVP_PKEY *k;
-               int ret;
-               k = EVP_PKEY_new();
-               if (!k)
-                       return 0;
-               EVP_PKEY_set1_RSA(k, x);
-
-               ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-               EVP_PKEY_free(k);
-               return ret;
-               }
-       else
-               return PEM_ASN1_write_bio((i2d_of_void *)i2d_RSAPrivateKey,
-                                       PEM_STRING_RSA,bp,x,enc,kstr,klen,cb,u);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-       if (FIPS_mode())
-               {
-               EVP_PKEY *k;
-               int ret;
-               k = EVP_PKEY_new();
-               if (!k)
-                       return 0;
-
-               EVP_PKEY_set1_RSA(k, x);
-
-               ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-               EVP_PKEY_free(k);
-               return ret;
-               }
-       else
-               return PEM_ASN1_write((i2d_of_void *)i2d_RSAPrivateKey,
-                                       PEM_STRING_RSA,fp,x,enc,kstr,klen,cb,u);
-}
-#endif
-
-#else
-
 IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
 
-#endif
-
 IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
 IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
 
@@ -277,59 +224,8 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
        return pkey_get_dsa(pktmp, dsa);        /* will free pktmp */
 }
 
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-       if (FIPS_mode())
-               {
-               EVP_PKEY *k;
-               int ret;
-               k = EVP_PKEY_new();
-               if (!k)
-                       return 0;
-               EVP_PKEY_set1_DSA(k, x);
-
-               ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-               EVP_PKEY_free(k);
-               return ret;
-               }
-       else
-               return PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPrivateKey,
-                                       PEM_STRING_DSA,bp,x,enc,kstr,klen,cb,u);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-       if (FIPS_mode())
-               {
-               EVP_PKEY *k;
-               int ret;
-               k = EVP_PKEY_new();
-               if (!k)
-                       return 0;
-               EVP_PKEY_set1_DSA(k, x);
-               ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-               EVP_PKEY_free(k);
-               return ret;
-               }
-       else
-               return PEM_ASN1_write((i2d_of_void *)i2d_DSAPrivateKey,
-                                       PEM_STRING_DSA,fp,x,enc,kstr,klen,cb,u);
-}
-#endif
-
-#else
-
 IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
 
-#endif
-
 IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
 
 #ifndef OPENSSL_NO_FP_API
@@ -377,61 +273,8 @@ IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKPa
 
 
 
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-       if (FIPS_mode())
-               {
-               EVP_PKEY *k;
-               int ret;
-               k = EVP_PKEY_new();
-               if (!k)
-                       return 0;
-               EVP_PKEY_set1_EC_KEY(k, x);
-
-               ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-               EVP_PKEY_free(k);
-               return ret;
-               }
-       else
-               return PEM_ASN1_write_bio((i2d_of_void *)i2d_ECPrivateKey,
-                                               PEM_STRING_ECPRIVATEKEY,
-                                               bp,x,enc,kstr,klen,cb,u);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-       if (FIPS_mode())
-               {
-               EVP_PKEY *k;
-               int ret;
-               k = EVP_PKEY_new();
-               if (!k)
-                       return 0;
-               EVP_PKEY_set1_EC_KEY(k, x);
-               ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-               EVP_PKEY_free(k);
-               return ret;
-               }
-       else
-               return PEM_ASN1_write((i2d_of_void *)i2d_ECPrivateKey,
-                                               PEM_STRING_ECPRIVATEKEY,
-                                               fp,x,enc,kstr,klen,cb,u);
-}
-#endif
-
-#else
-
 IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
 
-#endif
-
 IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
 
 #ifndef OPENSSL_NO_FP_API

diff --git a/lib/libcrypto/pkcs12/p12_crt.c b/lib/libcrypto/pkcs12/p12_crt.c
index a34915d..0c5e8dc 100644 (file)
--- a/lib/libcrypto/pkcs12/p12_crt.c
+++ b/lib/libcrypto/pkcs12/p12_crt.c
@@ -91,11 +91,6 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
        /* Set defaults */
        if (!nid_cert)
                {
-#ifdef OPENSSL_FIPS
-               if (FIPS_mode())
-                       nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-               else
-#endif
                nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
                }
        if (!nid_key)

diff --git a/lib/libcrypto/rc2/rc2.h b/lib/libcrypto/rc2/rc2.h
index e542ec9..4c737f5 100644 (file)
--- a/lib/libcrypto/rc2/rc2.h
+++ b/lib/libcrypto/rc2/rc2.h
@@ -79,9 +79,6 @@ typedef struct rc2_key_st
        RC2_INT data[64];
        } RC2_KEY;
 
-#ifdef OPENSSL_FIPS 
-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
-#endif
 void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
 void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,
                     int enc);

diff --git a/lib/libcrypto/rc2/rc2_skey.c b/lib/libcrypto/rc2/rc2_skey.c
index 6668ac0..26b8dd6 100644 (file)
--- a/lib/libcrypto/rc2/rc2_skey.c
+++ b/lib/libcrypto/rc2/rc2_skey.c
@@ -96,13 +96,6 @@ static const unsigned char key_table[256]={
  * the same as specifying 1024 for the 'bits' parameter.  Bsafe uses
  * a version where the bits parameter is the same as len*8 */
 void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
-#ifdef OPENSSL_FIPS
-       {
-       fips_cipher_abort(RC2);
-       private_RC2_set_key(key, len, data, bits);
-       }
-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
-#endif
        {
        int i,j;
        unsigned char *k;

diff --git a/lib/libcrypto/rc4/rc4_utl.c b/lib/libcrypto/rc4/rc4_utl.c
index ab3f02f..bd39a76 100644 (file)
--- a/lib/libcrypto/rc4/rc4_utl.c
+++ b/lib/libcrypto/rc4/rc4_utl.c
@@ -55,8 +55,5 @@
 
 void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
        {
-#ifdef OPENSSL_FIPS
-       fips_cipher_abort(RC4);
-#endif
        private_RC4_set_key(key, len, data);
        }

diff --git a/lib/libcrypto/ripemd/ripemd.h b/lib/libcrypto/ripemd/ripemd.h
index 189bd8c..5942eb6 100644 (file)
--- a/lib/libcrypto/ripemd/ripemd.h
+++ b/lib/libcrypto/ripemd/ripemd.h
@@ -91,9 +91,6 @@ typedef struct RIPEMD160state_st
        unsigned int   num;
        } RIPEMD160_CTX;
 
-#ifdef OPENSSL_FIPS
-int private_RIPEMD160_Init(RIPEMD160_CTX *c);
-#endif
 int RIPEMD160_Init(RIPEMD160_CTX *c);
 int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
 int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);

diff --git a/lib/libcrypto/rsa/rsa_crpt.c b/lib/libcrypto/rsa/rsa_crpt.c
index d3e4478..7750366 100644 (file)
--- a/lib/libcrypto/rsa/rsa_crpt.c
+++ b/lib/libcrypto/rsa/rsa_crpt.c
@@ -75,56 +75,24 @@ int RSA_size(const RSA *r)
 int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
             RSA *rsa, int padding)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                       && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-               {
-               RSAerr(RSA_F_RSA_PUBLIC_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-               return -1;
-               }
-#endif
        return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
        }
 
 int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
             RSA *rsa, int padding)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                       && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-               {
-               RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-               return -1;
-               }
-#endif
        return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
        }
 
 int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
             RSA *rsa, int padding)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                       && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-               {
-               RSAerr(RSA_F_RSA_PRIVATE_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-               return -1;
-               }
-#endif
        return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
        }
 
 int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
             RSA *rsa, int padding)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                       && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-               {
-               RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-               return -1;
-               }
-#endif
        return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
        }
 

diff --git a/lib/libcrypto/rsa/rsa_gen.c b/lib/libcrypto/rsa/rsa_gen.c
index 42290cc..767f7ab 100644 (file)
--- a/lib/libcrypto/rsa/rsa_gen.c
+++ b/lib/libcrypto/rsa/rsa_gen.c
@@ -67,9 +67,6 @@
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
 
@@ -80,20 +77,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
  * now just because key-generation is part of RSA_METHOD. */
 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                       && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-               {
-               RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
-               return 0;
-               }
-#endif
        if(rsa->meth->rsa_keygen)
                return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode())
-               return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
-#endif
        return rsa_builtin_keygen(rsa, bits, e_value, cb);
        }
 

diff --git a/lib/libcrypto/rsa/rsa_lib.c b/lib/libcrypto/rsa/rsa_lib.c
index c95ceaf..9e3f7da 100644 (file)
--- a/lib/libcrypto/rsa/rsa_lib.c
+++ b/lib/libcrypto/rsa/rsa_lib.c
@@ -67,10 +67,6 @@
 #include <openssl/engine.h>
 #endif
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
 
 static const RSA_METHOD *default_RSA_meth=NULL;
@@ -91,17 +87,10 @@ const RSA_METHOD *RSA_get_default_method(void)
        {
        if (default_RSA_meth == NULL)
                {
-#ifdef OPENSSL_FIPS
-               if (FIPS_mode())
-                       return FIPS_rsa_pkcs1_ssleay();
-               else
-                       return RSA_PKCS1_SSLeay();
-#else
 #ifdef RSA_NULL
                default_RSA_meth=RSA_null_method();
 #else
                default_RSA_meth=RSA_PKCS1_SSLeay();
-#endif
 #endif
                }
 

diff --git a/lib/libcrypto/rsa/rsa_pmeth.c b/lib/libcrypto/rsa/rsa_pmeth.c
index 157aa5c..d706d35 100644 (file)
--- a/lib/libcrypto/rsa/rsa_pmeth.c
+++ b/lib/libcrypto/rsa/rsa_pmeth.c
@@ -66,9 +66,6 @@
 #ifndef OPENSSL_NO_CMS
 #include <openssl/cms.h>
 #endif
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #include "evp_locl.h"
 #include "rsa_locl.h"
 
@@ -156,32 +153,6 @@ static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
                OPENSSL_free(rctx);
                }
        }
-#ifdef OPENSSL_FIPS
-/* FIP checker. Return value indicates status of context parameters:
- * 1  : redirect to FIPS.
- * 0  : don't redirect to FIPS.
- * -1 : illegal operation in FIPS mode.
- */
-
-static int pkey_fips_check_ctx(EVP_PKEY_CTX *ctx)
-       {
-       RSA_PKEY_CTX *rctx = ctx->data;
-       RSA *rsa = ctx->pkey->pkey.rsa;
-       int rv = -1;
-       if (!FIPS_mode())
-               return 0;
-       if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
-               rv = 0;
-       if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv)
-               return -1;
-       if (rctx->md && !(rctx->md->flags & EVP_MD_FLAG_FIPS))
-               return rv;
-       if (rctx->mgf1md && !(rctx->mgf1md->flags & EVP_MD_FLAG_FIPS))
-               return rv;
-       return 1;
-       }
-#endif
-
 static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                                        const unsigned char *tbs, size_t tbslen)
        {
@@ -189,15 +160,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
        RSA_PKEY_CTX *rctx = ctx->data;
        RSA *rsa = ctx->pkey->pkey.rsa;
 
-#ifdef OPENSSL_FIPS
-       ret = pkey_fips_check_ctx(ctx);
-       if (ret < 0)
-               {
-               RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-               return -1;
-               }
-#endif
-
        if (rctx->md)
                {
                if (tbslen != (size_t)EVP_MD_size(rctx->md))
@@ -206,22 +168,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                                        RSA_R_INVALID_DIGEST_LENGTH);
                        return -1;
                        }
-#ifdef OPENSSL_FIPS
-               if (ret > 0)
-                       {
-                       unsigned int slen;
-                       ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md,
-                                                       rctx->pad_mode,
-                                                       rctx->saltlen,
-                                                       rctx->mgf1md,
-                                                       sig, &slen);
-                       if (ret > 0)
-                               *siglen = slen;
-                       else
-                               *siglen = 0;
-                       return ret;
-                       }
-#endif
 
                if (EVP_MD_type(rctx->md) == NID_mdc2)
                        {
@@ -343,30 +289,8 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
        RSA_PKEY_CTX *rctx = ctx->data;
        RSA *rsa = ctx->pkey->pkey.rsa;
        size_t rslen;
-#ifdef OPENSSL_FIPS
-       int rv;
-       rv = pkey_fips_check_ctx(ctx);
-       if (rv < 0)
-               {
-               RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-               return -1;
-               }
-#endif
        if (rctx->md)
                {
-#ifdef OPENSSL_FIPS
-               if (rv > 0)
-                       {
-                       return FIPS_rsa_verify_digest(rsa,
-                                                       tbs, tbslen,
-                                                       rctx->md,
-                                                       rctx->pad_mode,
-                                                       rctx->saltlen,
-                                                       rctx->mgf1md,
-                                                       sig, siglen);
-                                                       
-                       }
-#endif
                if (rctx->pad_mode == RSA_PKCS1_PADDING)
                        return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
                                        sig, siglen, rsa);

diff --git a/lib/libcrypto/rsa/rsa_sign.c b/lib/libcrypto/rsa/rsa_sign.c
index b6f6037..fa3239a 100644 (file)
--- a/lib/libcrypto/rsa/rsa_sign.c
+++ b/lib/libcrypto/rsa/rsa_sign.c
@@ -77,14 +77,6 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
        const unsigned char *s = NULL;
        X509_ALGOR algor;
        ASN1_OCTET_STRING digest;
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                       && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-               {
-               RSAerr(RSA_F_RSA_SIGN, RSA_R_NON_FIPS_RSA_METHOD);
-               return 0;
-               }
-#endif
        if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
                {
                return rsa->meth->rsa_sign(type, m, m_len,
@@ -161,15 +153,6 @@ int int_rsa_verify(int dtype, const unsigned char *m,
        unsigned char *s;
        X509_SIG *sig=NULL;
 
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                       && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-               {
-               RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_NON_FIPS_RSA_METHOD);
-               return 0;
-               }
-#endif
-
        if (siglen != (unsigned int)RSA_size(rsa))
                {
                RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);

diff --git a/lib/libcrypto/seed/seed.c b/lib/libcrypto/seed/seed.c
index 3e675a8..934664d 100644 (file)
--- a/lib/libcrypto/seed/seed.c
+++ b/lib/libcrypto/seed/seed.c
@@ -198,13 +198,6 @@ static const seed_word KC[] = {
        KC8,    KC9,    KC10,   KC11,   KC12,   KC13,   KC14,   KC15    };
 #endif
 void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks)
-#ifdef OPENSSL_FIPS
-       {
-       fips_cipher_abort(SEED);
-       private_SEED_set_key(rawkey, ks);
-       }
-void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks)
-#endif
 {
        seed_word x1, x2, x3, x4;
        seed_word t0, t1;

diff --git a/lib/libcrypto/seed/seed.h b/lib/libcrypto/seed/seed.h
index c50fdd3..6e2ade3 100644 (file)
--- a/lib/libcrypto/seed/seed.h
+++ b/lib/libcrypto/seed/seed.h
@@ -116,9 +116,6 @@ typedef struct seed_key_st {
 #endif
 } SEED_KEY_SCHEDULE;
 
-#ifdef OPENSSL_FIPS
-void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks);
-#endif
 void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks);
 
 void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks);

diff --git a/lib/libcrypto/sha/sha.h b/lib/libcrypto/sha/sha.h
index 8a6bf4b..7cbca26 100644 (file)
--- a/lib/libcrypto/sha/sha.h
+++ b/lib/libcrypto/sha/sha.h
@@ -70,10 +70,6 @@ extern "C" {
 #error SHA is disabled.
 #endif
 
-#if defined(OPENSSL_FIPS)
-#define FIPS_SHA_SIZE_T size_t
-#endif
-
 /*
  * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !
@@ -106,9 +102,6 @@ typedef struct SHAstate_st
        } SHA_CTX;
 
 #ifndef OPENSSL_NO_SHA0
-#ifdef OPENSSL_FIPS
-int private_SHA_Init(SHA_CTX *c);
-#endif
 int SHA_Init(SHA_CTX *c);
 int SHA_Update(SHA_CTX *c, const void *data, size_t len);
 int SHA_Final(unsigned char *md, SHA_CTX *c);
@@ -116,9 +109,6 @@ unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md);
 void SHA_Transform(SHA_CTX *c, const unsigned char *data);
 #endif
 #ifndef OPENSSL_NO_SHA1
-#ifdef OPENSSL_FIPS
-int private_SHA1_Init(SHA_CTX *c);
-#endif
 int SHA1_Init(SHA_CTX *c);
 int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
 int SHA1_Final(unsigned char *md, SHA_CTX *c);
@@ -141,10 +131,6 @@ typedef struct SHA256state_st
        } SHA256_CTX;
 
 #ifndef OPENSSL_NO_SHA256
-#ifdef OPENSSL_FIPS
-int private_SHA224_Init(SHA256_CTX *c);
-int private_SHA256_Init(SHA256_CTX *c);
-#endif
 int SHA224_Init(SHA256_CTX *c);
 int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
 int SHA224_Final(unsigned char *md, SHA256_CTX *c);
@@ -192,10 +178,6 @@ typedef struct SHA512state_st
 #endif
 
 #ifndef OPENSSL_NO_SHA512
-#ifdef OPENSSL_FIPS
-int private_SHA384_Init(SHA512_CTX *c);
-int private_SHA512_Init(SHA512_CTX *c);
-#endif
 int SHA384_Init(SHA512_CTX *c);
 int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
 int SHA384_Final(unsigned char *md, SHA512_CTX *c);

diff --git a/lib/libcrypto/whrlpool/whrlpool.h b/lib/libcrypto/whrlpool/whrlpool.h
index 9e01f5b..03c91da 100644 (file)
--- a/lib/libcrypto/whrlpool/whrlpool.h
+++ b/lib/libcrypto/whrlpool/whrlpool.h
@@ -24,9 +24,6 @@ typedef struct        {
        } WHIRLPOOL_CTX;
 
 #ifndef OPENSSL_NO_WHIRLPOOL
-#ifdef OPENSSL_FIPS
-int private_WHIRLPOOL_Init(WHIRLPOOL_CTX *c);
-#endif
 int WHIRLPOOL_Init     (WHIRLPOOL_CTX *c);
 int WHIRLPOOL_Update   (WHIRLPOOL_CTX *c,const void *inp,size_t bytes);
 void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits);

diff --git a/lib/libssl/src/crypto/Makefile b/lib/libssl/src/crypto/Makefile
index 326915d..5c02ba2 100644 (file)
--- a/lib/libssl/src/crypto/Makefile
+++ b/lib/libssl/src/crypto/Makefile
@@ -35,9 +35,9 @@ GENERAL=Makefile README crypto-lib.com install.com
 LIB= $(TOP)/libcrypto.a
 SHARED_LIB= libcrypto$(SHLIB_EXT)
 LIBSRC=        cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
-       uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c
+       uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c
 LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o \
-       uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ)
+       uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o $(CPUID_OBJ)
 
 SRC= $(LIBSRC)
 

diff --git a/lib/libssl/src/crypto/aes/aes_misc.c b/lib/libssl/src/crypto/aes/aes_misc.c
index d666c06..9380abc 100644 (file)
--- a/lib/libssl/src/crypto/aes/aes_misc.c
+++ b/lib/libssl/src/crypto/aes/aes_misc.c
@@ -71,9 +71,6 @@ int
 AES_set_encrypt_key(const unsigned char *userKey, const int bits,
     AES_KEY *key)
 {
-#ifdef OPENSSL_FIPS
-       fips_cipher_abort(AES);
-#endif
        return private_AES_set_encrypt_key(userKey, bits, key);
 }
 
@@ -81,8 +78,5 @@ int
 AES_set_decrypt_key(const unsigned char *userKey, const int bits,
     AES_KEY *key)
 {
-#ifdef OPENSSL_FIPS
-       fips_cipher_abort(AES);
-#endif
        return private_AES_set_decrypt_key(userKey, bits, key);
 }

diff --git a/lib/libssl/src/crypto/bf/bf_skey.c b/lib/libssl/src/crypto/bf/bf_skey.c
index 3b0bca4..d8e6287 100644 (file)
--- a/lib/libssl/src/crypto/bf/bf_skey.c
+++ b/lib/libssl/src/crypto/bf/bf_skey.c
@@ -64,13 +64,6 @@
 #include "bf_pi.h"
 
 void BF_set_key(BF_KEY *key, int len, const unsigned char *data)
-#ifdef OPENSSL_FIPS
-       {
-       fips_cipher_abort(BLOWFISH);
-       private_BF_set_key(key, len, data);
-       }
-void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data)
-#endif
        {
        int i;
        BF_LONG *p,ri,in[2];

diff --git a/lib/libssl/src/crypto/bf/blowfish.h b/lib/libssl/src/crypto/bf/blowfish.h
index 4b6c892..65685f4 100644 (file)
--- a/lib/libssl/src/crypto/bf/blowfish.h
+++ b/lib/libssl/src/crypto/bf/blowfish.h
@@ -104,9 +104,6 @@ typedef struct bf_key_st
        BF_LONG S[4*256];
        } BF_KEY;
 
-#ifdef OPENSSL_FIPS 
-void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data);
-#endif
 void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
 
 void BF_encrypt(BF_LONG *data,const BF_KEY *key);

diff --git a/lib/libssl/src/crypto/bn/bn_lcl.h b/lib/libssl/src/crypto/bn/bn_lcl.h
index 817c773..9194e86 100644 (file)
--- a/lib/libssl/src/crypto/bn/bn_lcl.h
+++ b/lib/libssl/src/crypto/bn/bn_lcl.h
@@ -479,10 +479,6 @@ extern "C" {
        }
 #endif /* !BN_LLONG */
 
-#if defined(OPENSSL_DOING_MAKEDEPEND) && defined(OPENSSL_FIPS)
-#undef bn_div_words
-#endif
-
 void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb);
 void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
 void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);

diff --git a/lib/libssl/src/crypto/camellia/camellia.h b/lib/libssl/src/crypto/camellia/camellia.h
index 67911e0..cf0457d 100644 (file)
--- a/lib/libssl/src/crypto/camellia/camellia.h
+++ b/lib/libssl/src/crypto/camellia/camellia.h
@@ -88,10 +88,6 @@ struct camellia_key_st
        };
 typedef struct camellia_key_st CAMELLIA_KEY;
 
-#ifdef OPENSSL_FIPS
-int private_Camellia_set_key(const unsigned char *userKey, const int bits,
-       CAMELLIA_KEY *key);
-#endif
 int Camellia_set_key(const unsigned char *userKey, const int bits,
        CAMELLIA_KEY *key);
 

diff --git a/lib/libssl/src/crypto/camellia/cmll_utl.c b/lib/libssl/src/crypto/camellia/cmll_utl.c
index 7a35711..b88a996 100644 (file)
--- a/lib/libssl/src/crypto/camellia/cmll_utl.c
+++ b/lib/libssl/src/crypto/camellia/cmll_utl.c
@@ -57,8 +57,5 @@
 int Camellia_set_key(const unsigned char *userKey, const int bits,
        CAMELLIA_KEY *key)
        {
-#ifdef OPENSSL_FIPS
-       fips_cipher_abort(Camellia);
-#endif
        return private_Camellia_set_key(userKey, bits, key);
        }

diff --git a/lib/libssl/src/crypto/cast/c_skey.c b/lib/libssl/src/crypto/cast/c_skey.c
index cb6bf9f..54ea98c 100644 (file)
--- a/lib/libssl/src/crypto/cast/c_skey.c
+++ b/lib/libssl/src/crypto/cast/c_skey.c
@@ -73,13 +73,6 @@
 #define S6 CAST_S_table6
 #define S7 CAST_S_table7
 void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
-#ifdef OPENSSL_FIPS
-       {
-       fips_cipher_abort(CAST);
-       private_CAST_set_key(key, len, data);
-       }
-void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
-#endif
        {
        CAST_LONG x[16];
        CAST_LONG z[16];

diff --git a/lib/libssl/src/crypto/cast/cast.h b/lib/libssl/src/crypto/cast/cast.h
index 203922e..8741532 100644 (file)
--- a/lib/libssl/src/crypto/cast/cast.h
+++ b/lib/libssl/src/crypto/cast/cast.h
@@ -83,9 +83,6 @@ typedef struct cast_key_st
        int short_key;  /* Use reduced rounds for short key */
        } CAST_KEY;
 
-#ifdef OPENSSL_FIPS 
-void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
-#endif
 void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
 void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key,
                      int enc);

diff --git a/lib/libssl/src/crypto/cmac/cmac.c b/lib/libssl/src/crypto/cmac/cmac.c
index 8b72b09..f92a7bb 100644 (file)
--- a/lib/libssl/src/crypto/cmac/cmac.c
+++ b/lib/libssl/src/crypto/cmac/cmac.c
@@ -57,10 +57,6 @@
 #include "cryptlib.h"
 #include <openssl/cmac.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 struct CMAC_CTX_st
        {
        /* Cipher context to use */
@@ -107,13 +103,6 @@ CMAC_CTX *CMAC_CTX_new(void)
 
 void CMAC_CTX_cleanup(CMAC_CTX *ctx)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !ctx->cctx.engine)
-               {
-               FIPS_cmac_ctx_cleanup(ctx);
-               return;
-               }
-#endif
        EVP_CIPHER_CTX_cleanup(&ctx->cctx);
        OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH);
        OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH);
@@ -153,24 +142,6 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
                        const EVP_CIPHER *cipher, ENGINE *impl)
        {
        static unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH];
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode())
-               {
-               /* If we have an ENGINE need to allow non FIPS */
-               if ((impl || ctx->cctx.engine)
-                       && !(ctx->cctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
-
-                       {
-                       EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS);
-                       return 0;
-                       }
-               /* Other algorithm blocking will be done in FIPS_cmac_init,
-                * via FIPS_cipherinit().
-                */
-               if (!impl && !ctx->cctx.engine)
-                       return FIPS_cmac_init(ctx, key, keylen, cipher, NULL);
-               }
-#endif
        /* All zeros means restart */
        if (!key && !cipher && !impl && keylen == 0)
                {
@@ -216,10 +187,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
        {
        const unsigned char *data = in;
        size_t bl;
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !ctx->cctx.engine)
-               return FIPS_cmac_update(ctx, in, dlen);
-#endif
+
        if (ctx->nlast_block == -1)
                return 0;
        if (dlen == 0)
@@ -261,10 +229,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
 int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
        {
        int i, bl, lb;
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !ctx->cctx.engine)
-               return FIPS_cmac_final(ctx, out, poutlen);
-#endif
+
        if (ctx->nlast_block == -1)
                return 0;
        bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);

diff --git a/lib/libssl/src/crypto/crypto.h b/lib/libssl/src/crypto/crypto.h
index 351ccfd..56c5dfa 100644 (file)
--- a/lib/libssl/src/crypto/crypto.h
+++ b/lib/libssl/src/crypto/crypto.h
@@ -538,25 +538,9 @@ void OPENSSL_init(void);
 
 #define fips_md_init(alg) fips_md_init_ctx(alg, alg)
 
-#ifdef OPENSSL_FIPS
-#define fips_md_init_ctx(alg, cx) \
-       int alg##_Init(cx##_CTX *c) \
-       { \
-       if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
-               "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
-       return private_##alg##_Init(c); \
-       } \
-       int private_##alg##_Init(cx##_CTX *c)
-
-#define fips_cipher_abort(alg) \
-       if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
-               "Low level API call to cipher " #alg " forbidden in FIPS mode!")
-
-#else
 #define fips_md_init_ctx(alg, cx) \
        int alg##_Init(cx##_CTX *c)
 #define fips_cipher_abort(alg) while(0)
-#endif
 
 /* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
  * takes an amount of time dependent on |len|, but independent of the contents

diff --git a/lib/libssl/src/crypto/des/des.h b/lib/libssl/src/crypto/des/des.h
index 1eaedcb..92b6663 100644 (file)
--- a/lib/libssl/src/crypto/des/des.h
+++ b/lib/libssl/src/crypto/des/des.h
@@ -224,9 +224,6 @@ int DES_set_key(const_DES_cblock *key,DES_key_schedule *schedule);
 int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);
 int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);
 void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
-#ifdef OPENSSL_FIPS
-void private_DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
-#endif
 void DES_string_to_key(const char *str,DES_cblock *key);
 void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2);
 void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,

diff --git a/lib/libssl/src/crypto/des/set_key.c b/lib/libssl/src/crypto/des/set_key.c
index 99e3555..e8dea50 100644 (file)
--- a/lib/libssl/src/crypto/des/set_key.c
+++ b/lib/libssl/src/crypto/des/set_key.c
@@ -336,13 +336,6 @@ int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
        }
 
 void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
-#ifdef OPENSSL_FIPS
-       {
-       fips_cipher_abort(DES);
-       private_DES_set_key_unchecked(key, schedule);
-       }
-void private_DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
-#endif
        {
        static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
        register DES_LONG c,d,t,s,t2;

diff --git a/lib/libssl/src/crypto/dh/dh_gen.c b/lib/libssl/src/crypto/dh/dh_gen.c
index 7b1fe9c..cfd5b11 100644 (file)
--- a/lib/libssl/src/crypto/dh/dh_gen.c
+++ b/lib/libssl/src/crypto/dh/dh_gen.c
@@ -66,29 +66,12 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
 
 int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD)
-                       && !(ret->flags & DH_FLAG_NON_FIPS_ALLOW))
-               {
-               DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD);
-               return 0;
-               }
-#endif
        if(ret->meth->generate_params)
                return ret->meth->generate_params(ret, prime_len, generator, cb);
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode())
-               return FIPS_dh_generate_parameters_ex(ret, prime_len,
-                                                       generator, cb);
-#endif
        return dh_builtin_genparams(ret, prime_len, generator, cb);
        }
 

diff --git a/lib/libssl/src/crypto/dh/dh_key.c b/lib/libssl/src/crypto/dh/dh_key.c
index 89a74db..9596270 100644 (file)
--- a/lib/libssl/src/crypto/dh/dh_key.c
+++ b/lib/libssl/src/crypto/dh/dh_key.c
@@ -73,27 +73,11 @@ static int dh_finish(DH *dh);
 
 int DH_generate_key(DH *dh)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
-                       && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
-               {
-               DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD);
-               return 0;
-               }
-#endif
        return dh->meth->generate_key(dh);
        }
 
 int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
-                       && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
-               {
-               DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD);
-               return 0;
-               }
-#endif
        return dh->meth->compute_key(key, pub_key, dh);
        }
 

diff --git a/lib/libssl/src/crypto/dh/dh_lib.c b/lib/libssl/src/crypto/dh/dh_lib.c
index 00218f2..a40caaf 100644 (file)
--- a/lib/libssl/src/crypto/dh/dh_lib.c
+++ b/lib/libssl/src/crypto/dh/dh_lib.c
@@ -64,10 +64,6 @@
 #include <openssl/engine.h>
 #endif
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
 
 static const DH_METHOD *default_DH_method = NULL;
@@ -81,14 +77,7 @@ const DH_METHOD *DH_get_default_method(void)
        {
        if(!default_DH_method)
                {
-#ifdef OPENSSL_FIPS
-               if (FIPS_mode())
-                       return FIPS_dh_openssl();
-               else
-                       return DH_OpenSSL();
-#else
                default_DH_method = DH_OpenSSL();
-#endif
                }
        return default_DH_method;
        }

diff --git a/lib/libssl/src/crypto/dsa/dsa_gen.c b/lib/libssl/src/crypto/dsa/dsa_gen.c
index c398761..e6a5452 100644 (file)
--- a/lib/libssl/src/crypto/dsa/dsa_gen.c
+++ b/lib/libssl/src/crypto/dsa/dsa_gen.c
@@ -81,33 +81,13 @@
 #include <openssl/sha.h>
 #include "dsa_locl.h"
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 int DSA_generate_parameters_ex(DSA *ret, int bits,
                const unsigned char *seed_in, int seed_len,
                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)
-                       && !(ret->flags & DSA_FLAG_NON_FIPS_ALLOW))
-               {
-               DSAerr(DSA_F_DSA_GENERATE_PARAMETERS_EX, DSA_R_NON_FIPS_DSA_METHOD);
-               return 0;
-               }
-#endif
        if(ret->meth->dsa_paramgen)
                return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
                                counter_ret, h_ret, cb);
-#ifdef OPENSSL_FIPS
-       else if (FIPS_mode())
-               {
-               return FIPS_dsa_generate_parameters_ex(ret, bits, 
-                                                       seed_in, seed_len,
-                                                       counter_ret, h_ret, cb);
-               }
-#endif
        else
                {
                const EVP_MD *evpmd;

diff --git a/lib/libssl/src/crypto/dsa/dsa_key.c b/lib/libssl/src/crypto/dsa/dsa_key.c
index 9cf669b..c4aa86b 100644 (file)
--- a/lib/libssl/src/crypto/dsa/dsa_key.c
+++ b/lib/libssl/src/crypto/dsa/dsa_key.c
@@ -64,28 +64,12 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 static int dsa_builtin_keygen(DSA *dsa);
 
 int DSA_generate_key(DSA *dsa)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-                       && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-               {
-               DSAerr(DSA_F_DSA_GENERATE_KEY, DSA_R_NON_FIPS_DSA_METHOD);
-               return 0;
-               }
-#endif
        if(dsa->meth->dsa_keygen)
                return dsa->meth->dsa_keygen(dsa);
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode())
-               return FIPS_dsa_generate_key(dsa);
-#endif
        return dsa_builtin_keygen(dsa);
        }
 

diff --git a/lib/libssl/src/crypto/dsa/dsa_lib.c b/lib/libssl/src/crypto/dsa/dsa_lib.c
index 96d8d0c..897c085 100644 (file)
--- a/lib/libssl/src/crypto/dsa/dsa_lib.c
+++ b/lib/libssl/src/crypto/dsa/dsa_lib.c
@@ -70,10 +70,6 @@
 #include <openssl/dh.h>
 #endif
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
 
 static const DSA_METHOD *default_DSA_method = NULL;
@@ -87,14 +83,7 @@ const DSA_METHOD *DSA_get_default_method(void)
        {
        if(!default_DSA_method)
                {
-#ifdef OPENSSL_FIPS
-               if (FIPS_mode())
-                       return FIPS_dsa_openssl();
-               else
-                       return DSA_OpenSSL();
-#else
                default_DSA_method = DSA_OpenSSL();
-#endif
                }
        return default_DSA_method;
        }

diff --git a/lib/libssl/src/crypto/dsa/dsa_sign.c b/lib/libssl/src/crypto/dsa/dsa_sign.c
index c3cc364..e02365a 100644 (file)
--- a/lib/libssl/src/crypto/dsa/dsa_sign.c
+++ b/lib/libssl/src/crypto/dsa/dsa_sign.c
@@ -65,27 +65,11 @@
 
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-                       && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-               {
-               DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_NON_FIPS_DSA_METHOD);
-               return NULL;
-               }
-#endif
        return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
        }
 
 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-                       && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-               {
-               DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_NON_FIPS_DSA_METHOD);
-               return 0;
-               }
-#endif
        return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
        }
 

diff --git a/lib/libssl/src/crypto/dsa/dsa_vrf.c b/lib/libssl/src/crypto/dsa/dsa_vrf.c
index 674cb5f..286ed28 100644 (file)
--- a/lib/libssl/src/crypto/dsa/dsa_vrf.c
+++ b/lib/libssl/src/crypto/dsa/dsa_vrf.c
@@ -64,13 +64,5 @@
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                  DSA *dsa)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-                       && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-               {
-               DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_NON_FIPS_DSA_METHOD);
-               return -1;
-               }
-#endif
        return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
        }

diff --git a/lib/libssl/src/crypto/ec/ec2_smpl.c b/lib/libssl/src/crypto/ec/ec2_smpl.c
index e0e59c7..0cf681f 100644 (file)
--- a/lib/libssl/src/crypto/ec/ec2_smpl.c
+++ b/lib/libssl/src/crypto/ec/ec2_smpl.c
@@ -73,16 +73,8 @@
 
 #ifndef OPENSSL_NO_EC2M
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-
 const EC_METHOD *EC_GF2m_simple_method(void)
        {
-#ifdef OPENSSL_FIPS
-       return fips_ec_gf2m_simple_method();
-#else
        static const EC_METHOD ret = {
                EC_FLAGS_DEFAULT_OCT,
                NID_X9_62_characteristic_two_field,
@@ -126,7 +118,6 @@ const EC_METHOD *EC_GF2m_simple_method(void)
                0 /* field_set_to_one */ };
 
        return &ret;
-#endif
        }
 
 

diff --git a/lib/libssl/src/crypto/ec/ec_key.c b/lib/libssl/src/crypto/ec/ec_key.c
index 7fa2475..d528601 100644 (file)
--- a/lib/libssl/src/crypto/ec/ec_key.c
+++ b/lib/libssl/src/crypto/ec/ec_key.c
@@ -64,9 +64,6 @@
 #include <string.h>
 #include "ec_lcl.h"
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 EC_KEY *EC_KEY_new(void)
        {
@@ -241,11 +238,6 @@ int EC_KEY_generate_key(EC_KEY *eckey)
        BIGNUM  *priv_key = NULL, *order = NULL;
        EC_POINT *pub_key = NULL;
 
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode())
-               return FIPS_ec_key_generate_key(eckey);
-#endif
-
        if (!eckey || !eckey->group)
                {
                ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);

diff --git a/lib/libssl/src/crypto/ec/ecp_mont.c b/lib/libssl/src/crypto/ec/ecp_mont.c
index f04f132..cee0fee 100644 (file)
--- a/lib/libssl/src/crypto/ec/ecp_mont.c
+++ b/lib/libssl/src/crypto/ec/ecp_mont.c
@@ -63,18 +63,11 @@
 
 #include <openssl/err.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 #include "ec_lcl.h"
 
 
 const EC_METHOD *EC_GFp_mont_method(void)
        {
-#ifdef OPENSSL_FIPS
-       return fips_ec_gfp_mont_method();
-#else
        static const EC_METHOD ret = {
                EC_FLAGS_DEFAULT_OCT,
                NID_X9_62_prime_field,
@@ -115,7 +108,6 @@ const EC_METHOD *EC_GFp_mont_method(void)
                ec_GFp_mont_field_set_to_one };
 
        return &ret;
-#endif
        }
 
 

diff --git a/lib/libssl/src/crypto/ec/ecp_nist.c b/lib/libssl/src/crypto/ec/ecp_nist.c
index aad2d5f..ac5b814 100644 (file)
--- a/lib/libssl/src/crypto/ec/ecp_nist.c
+++ b/lib/libssl/src/crypto/ec/ecp_nist.c
@@ -67,15 +67,8 @@
 #include <openssl/obj_mac.h>
 #include "ec_lcl.h"
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 const EC_METHOD *EC_GFp_nist_method(void)
        {
-#ifdef OPENSSL_FIPS
-       return fips_ec_gfp_nist_method();
-#else
        static const EC_METHOD ret = {
                EC_FLAGS_DEFAULT_OCT,
                NID_X9_62_prime_field,
@@ -116,7 +109,6 @@ const EC_METHOD *EC_GFp_nist_method(void)
                0 /* field_set_to_one */ };
 
        return &ret;
-#endif
        }
 
 int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)

diff --git a/lib/libssl/src/crypto/ec/ecp_smpl.c b/lib/libssl/src/crypto/ec/ecp_smpl.c
index cd05fd1..bf0ad99 100644 (file)
--- a/lib/libssl/src/crypto/ec/ecp_smpl.c
+++ b/lib/libssl/src/crypto/ec/ecp_smpl.c
@@ -64,17 +64,10 @@
 
 #include <openssl/err.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 #include "ec_lcl.h"
 
 const EC_METHOD *EC_GFp_simple_method(void)
        {
-#ifdef OPENSSL_FIPS
-       return fips_ec_gfp_simple_method();
-#else
        static const EC_METHOD ret = {
                EC_FLAGS_DEFAULT_OCT,
                NID_X9_62_prime_field,
@@ -115,7 +108,6 @@ const EC_METHOD *EC_GFp_simple_method(void)
                0 /* field_set_to_one */ };
 
        return &ret;
-#endif
        }
 
 

diff --git a/lib/libssl/src/crypto/ecdh/ech_lib.c b/lib/libssl/src/crypto/ecdh/ech_lib.c
index 0644431..ddf226b 100644 (file)
--- a/lib/libssl/src/crypto/ecdh/ech_lib.c
+++ b/lib/libssl/src/crypto/ecdh/ech_lib.c
@@ -73,9 +73,6 @@
 #include <openssl/engine.h>
 #endif
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT;
 
@@ -94,14 +91,7 @@ const ECDH_METHOD *ECDH_get_default_method(void)
        {
        if(!default_ECDH_method) 
                {
-#ifdef OPENSSL_FIPS
-               if (FIPS_mode())
-                       return FIPS_ecdh_openssl();
-               else
-                       return ECDH_OpenSSL();
-#else
                default_ECDH_method = ECDH_OpenSSL();
-#endif
                }
        return default_ECDH_method;
        }
@@ -234,15 +224,6 @@ ECDH_DATA *ecdh_check(EC_KEY *key)
        }
        else
                ecdh_data = (ECDH_DATA *)data;
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD)
-                       && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW))
-               {
-               ECDHerr(ECDH_F_ECDH_CHECK, ECDH_R_NON_FIPS_METHOD);
-               return NULL;
-               }
-#endif
-       
 
        return ecdh_data;
        }

diff --git a/lib/libssl/src/crypto/ecdsa/ecs_lib.c b/lib/libssl/src/crypto/ecdsa/ecs_lib.c
index 814a6bf..7b53969 100644 (file)
--- a/lib/libssl/src/crypto/ecdsa/ecs_lib.c
+++ b/lib/libssl/src/crypto/ecdsa/ecs_lib.c
@@ -60,9 +60,6 @@
 #endif
 #include <openssl/err.h>
 #include <openssl/bn.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 const char ECDSA_version[]="ECDSA" OPENSSL_VERSION_PTEXT;
 
@@ -81,14 +78,7 @@ const ECDSA_METHOD *ECDSA_get_default_method(void)
 {
        if(!default_ECDSA_method) 
                {
-#ifdef OPENSSL_FIPS
-               if (FIPS_mode())
-                       return FIPS_ecdsa_openssl();
-               else
-                       return ECDSA_OpenSSL();
-#else
                default_ECDSA_method = ECDSA_OpenSSL();
-#endif
                }
        return default_ECDSA_method;
 }
@@ -212,14 +202,6 @@ ECDSA_DATA *ecdsa_check(EC_KEY *key)
        }
        else
                ecdsa_data = (ECDSA_DATA *)data;
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(ecdsa_data->flags & ECDSA_FLAG_FIPS_METHOD)
-                       && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW))
-               {
-               ECDSAerr(ECDSA_F_ECDSA_CHECK, ECDSA_R_NON_FIPS_METHOD);
-               return NULL;
-               }
-#endif
 
        return ecdsa_data;
 }

diff --git a/lib/libssl/src/crypto/err/err_all.c b/lib/libssl/src/crypto/err/err_all.c
index 8eb547d..1c4eccd 100644 (file)
--- a/lib/libssl/src/crypto/err/err_all.c
+++ b/lib/libssl/src/crypto/err/err_all.c
@@ -97,9 +97,6 @@
 #include <openssl/ui.h>
 #include <openssl/ocsp.h>
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #include <openssl/ts.h>
 #ifndef OPENSSL_NO_CMS
 #include <openssl/cms.h>
@@ -155,9 +152,6 @@ void ERR_load_crypto_strings(void)
 #endif
        ERR_load_OCSP_strings();
        ERR_load_UI_strings();
-#ifdef OPENSSL_FIPS
-       ERR_load_FIPS_strings();
-#endif
 #ifndef OPENSSL_NO_CMS
        ERR_load_CMS_strings();
 #endif

diff --git a/lib/libssl/src/crypto/evp/Makefile b/lib/libssl/src/crypto/evp/Makefile
index 3982f49..f94a28d 100644 (file)
--- a/lib/libssl/src/crypto/evp/Makefile
+++ b/lib/libssl/src/crypto/evp/Makefile
@@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
        bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
        c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
        evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
-       e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c evp_fips.c \
+       e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
        e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c
 
 LIBOBJ=        encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
@@ -41,7 +41,7 @@ LIBOBJ=       encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
        bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
        c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
        evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
-       e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o evp_fips.o \
+       e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o \
        e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o
 
 SRC= $(LIBSRC)

diff --git a/lib/libssl/src/crypto/evp/digest.c b/lib/libssl/src/crypto/evp/digest.c
index d14e8e4..782d319 100644 (file)
--- a/lib/libssl/src/crypto/evp/digest.c
+++ b/lib/libssl/src/crypto/evp/digest.c
@@ -117,10 +117,6 @@
 #include <openssl/engine.h>
 #endif
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
        {
        memset(ctx,'\0',sizeof *ctx);
@@ -229,26 +225,12 @@ skip_to_init:
                }
        if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
                return 1;
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode())
-               {
-               if (FIPS_digestinit(ctx, type))
-                       return 1;
-               OPENSSL_free(ctx->md_data);
-               ctx->md_data = NULL;
-               return 0;
-               }
-#endif
        return ctx->digest->init(ctx);
        }
 
 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
        {
-#ifdef OPENSSL_FIPS
-       return FIPS_digestupdate(ctx, data, count);
-#else
        return ctx->update(ctx,data,count);
-#endif
        }
 
 /* The caller can assume that this removes any secret data from the context */
@@ -263,9 +245,6 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 /* The caller can assume that this removes any secret data from the context */
 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
        {
-#ifdef OPENSSL_FIPS
-       return FIPS_digestfinal(ctx, md, size);
-#else
        int ret;
 
        OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
@@ -279,7 +258,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
                }
        memset(ctx->md_data,0,ctx->digest->ctx_size);
        return ret;
-#endif
        }
 
 int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
@@ -376,7 +354,6 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
 /* This call frees resources associated with the context */
 int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
        {
-#ifndef OPENSSL_FIPS
        /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
         * because sometimes only copies of the context are ever finalised.
         */
@@ -389,7 +366,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
                OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
                OPENSSL_free(ctx->md_data);
                }
-#endif
        if (ctx->pctx)
                EVP_PKEY_CTX_free(ctx->pctx);
 #ifndef OPENSSL_NO_ENGINE
@@ -397,9 +373,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
                /* The EVP_MD we used belongs to an ENGINE, release the
                 * functional reference we held for this reason. */
                ENGINE_finish(ctx->engine);
-#endif
-#ifdef OPENSSL_FIPS
-       FIPS_md_ctx_cleanup(ctx);
 #endif
        memset(ctx,'\0',sizeof *ctx);
 

diff --git a/lib/libssl/src/crypto/evp/e_null.c b/lib/libssl/src/crypto/evp/e_null.c
index f0c1f78..98a7849 100644 (file)
--- a/lib/libssl/src/crypto/evp/e_null.c
+++ b/lib/libssl/src/crypto/evp/e_null.c
@@ -61,8 +61,6 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 
-#ifndef OPENSSL_FIPS
-
 static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        const unsigned char *iv,int enc);
 static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
@@ -101,4 +99,3 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                memcpy((char *)out,(const char *)in,inl);
        return 1;
        }
-#endif

diff --git a/lib/libssl/src/crypto/evp/evp_enc.c b/lib/libssl/src/crypto/evp/evp_enc.c
index 0c54f05..50403a7 100644 (file)
--- a/lib/libssl/src/crypto/evp/evp_enc.c
+++ b/lib/libssl/src/crypto/evp/evp_enc.c
@@ -64,17 +64,9 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #include "evp_locl.h"
 
-#ifdef OPENSSL_FIPS
-#define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl)
-#else
 #define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
-#endif
-
 
 const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
 
@@ -169,10 +161,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                        ctx->engine = NULL;
 #endif
 
-#ifdef OPENSSL_FIPS
-               if (FIPS_mode())
-                       return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-#endif
                ctx->cipher=cipher;
                if (ctx->cipher->ctx_size)
                        {
@@ -205,10 +193,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                }
 #ifndef OPENSSL_NO_ENGINE
 skip_to_init:
-#endif
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode())
-               return FIPS_cipherinit(ctx, cipher, key, iv, enc);
 #endif
        /* we assume block size is a power of 2 in *cryptUpdate */
        OPENSSL_assert(ctx->cipher->block_size == 1
@@ -568,7 +552,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
 
 int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
        {
-#ifndef OPENSSL_FIPS
        if (c->cipher != NULL)
                {
                if(c->cipher->cleanup && !c->cipher->cleanup(c))
@@ -579,15 +562,11 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
                }
        if (c->cipher_data)
                OPENSSL_free(c->cipher_data);
-#endif
 #ifndef OPENSSL_NO_ENGINE
        if (c->engine)
                /* The EVP_CIPHER we used belongs to an ENGINE, release the
                 * functional reference we held for this reason. */
                ENGINE_finish(c->engine);
-#endif
-#ifdef OPENSSL_FIPS
-       FIPS_cipher_ctx_cleanup(c);
 #endif
        memset(c,0,sizeof(EVP_CIPHER_CTX));
        return 1;

diff --git a/lib/libssl/src/crypto/evp/evp_fips.c b/lib/libssl/src/crypto/evp/evp_fips.c
deleted file mode 100644 (file)
index cb7f4fc..0000000
--- a/lib/libssl/src/crypto/evp/evp_fips.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/* crypto/evp/evp_fips.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-
-#include <openssl/evp.h>
-
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-
-const EVP_CIPHER *EVP_aes_128_cbc(void)  { return FIPS_evp_aes_128_cbc(); }
-const EVP_CIPHER *EVP_aes_128_ccm(void)  { return FIPS_evp_aes_128_ccm(); }
-const EVP_CIPHER *EVP_aes_128_cfb1(void)  { return FIPS_evp_aes_128_cfb1(); }
-const EVP_CIPHER *EVP_aes_128_cfb128(void)  { return FIPS_evp_aes_128_cfb128(); }
-const EVP_CIPHER *EVP_aes_128_cfb8(void)  { return FIPS_evp_aes_128_cfb8(); }
-const EVP_CIPHER *EVP_aes_128_ctr(void)  { return FIPS_evp_aes_128_ctr(); }
-const EVP_CIPHER *EVP_aes_128_ecb(void)  { return FIPS_evp_aes_128_ecb(); }
-const EVP_CIPHER *EVP_aes_128_gcm(void)  { return FIPS_evp_aes_128_gcm(); }
-const EVP_CIPHER *EVP_aes_128_ofb(void)  { return FIPS_evp_aes_128_ofb(); }
-const EVP_CIPHER *EVP_aes_128_xts(void)  { return FIPS_evp_aes_128_xts(); }
-const EVP_CIPHER *EVP_aes_192_cbc(void)  { return FIPS_evp_aes_192_cbc(); }
-const EVP_CIPHER *EVP_aes_192_ccm(void)  { return FIPS_evp_aes_192_ccm(); }
-const EVP_CIPHER *EVP_aes_192_cfb1(void)  { return FIPS_evp_aes_192_cfb1(); }
-const EVP_CIPHER *EVP_aes_192_cfb128(void)  { return FIPS_evp_aes_192_cfb128(); }
-const EVP_CIPHER *EVP_aes_192_cfb8(void)  { return FIPS_evp_aes_192_cfb8(); }
-const EVP_CIPHER *EVP_aes_192_ctr(void)  { return FIPS_evp_aes_192_ctr(); }
-const EVP_CIPHER *EVP_aes_192_ecb(void)  { return FIPS_evp_aes_192_ecb(); }
-const EVP_CIPHER *EVP_aes_192_gcm(void)  { return FIPS_evp_aes_192_gcm(); }
-const EVP_CIPHER *EVP_aes_192_ofb(void)  { return FIPS_evp_aes_192_ofb(); }
-const EVP_CIPHER *EVP_aes_256_cbc(void)  { return FIPS_evp_aes_256_cbc(); }
-const EVP_CIPHER *EVP_aes_256_ccm(void)  { return FIPS_evp_aes_256_ccm(); }
-const EVP_CIPHER *EVP_aes_256_cfb1(void)  { return FIPS_evp_aes_256_cfb1(); }
-const EVP_CIPHER *EVP_aes_256_cfb128(void)  { return FIPS_evp_aes_256_cfb128(); }
-const EVP_CIPHER *EVP_aes_256_cfb8(void)  { return FIPS_evp_aes_256_cfb8(); }
-const EVP_CIPHER *EVP_aes_256_ctr(void)  { return FIPS_evp_aes_256_ctr(); }
-const EVP_CIPHER *EVP_aes_256_ecb(void)  { return FIPS_evp_aes_256_ecb(); }
-const EVP_CIPHER *EVP_aes_256_gcm(void)  { return FIPS_evp_aes_256_gcm(); }
-const EVP_CIPHER *EVP_aes_256_ofb(void)  { return FIPS_evp_aes_256_ofb(); }
-const EVP_CIPHER *EVP_aes_256_xts(void)  { return FIPS_evp_aes_256_xts(); }
-const EVP_CIPHER *EVP_des_ede(void)  { return FIPS_evp_des_ede(); }
-const EVP_CIPHER *EVP_des_ede3(void)  { return FIPS_evp_des_ede3(); }
-const EVP_CIPHER *EVP_des_ede3_cbc(void)  { return FIPS_evp_des_ede3_cbc(); }
-const EVP_CIPHER *EVP_des_ede3_cfb1(void)  { return FIPS_evp_des_ede3_cfb1(); }
-const EVP_CIPHER *EVP_des_ede3_cfb64(void)  { return FIPS_evp_des_ede3_cfb64(); }
-const EVP_CIPHER *EVP_des_ede3_cfb8(void)  { return FIPS_evp_des_ede3_cfb8(); }
-const EVP_CIPHER *EVP_des_ede3_ecb(void)  { return FIPS_evp_des_ede3_ecb(); }
-const EVP_CIPHER *EVP_des_ede3_ofb(void)  { return FIPS_evp_des_ede3_ofb(); }
-const EVP_CIPHER *EVP_des_ede_cbc(void)  { return FIPS_evp_des_ede_cbc(); }
-const EVP_CIPHER *EVP_des_ede_cfb64(void)  { return FIPS_evp_des_ede_cfb64(); }
-const EVP_CIPHER *EVP_des_ede_ecb(void)  { return FIPS_evp_des_ede_ecb(); }
-const EVP_CIPHER *EVP_des_ede_ofb(void)  { return FIPS_evp_des_ede_ofb(); }
-const EVP_CIPHER *EVP_enc_null(void)  { return FIPS_evp_enc_null(); }
-
-const EVP_MD *EVP_sha1(void)  { return FIPS_evp_sha1(); }
-const EVP_MD *EVP_sha224(void)  { return FIPS_evp_sha224(); }
-const EVP_MD *EVP_sha256(void)  { return FIPS_evp_sha256(); }
-const EVP_MD *EVP_sha384(void)  { return FIPS_evp_sha384(); }
-const EVP_MD *EVP_sha512(void)  { return FIPS_evp_sha512(); }
-
-const EVP_MD *EVP_dss(void)  { return FIPS_evp_dss(); }
-const EVP_MD *EVP_dss1(void)  { return FIPS_evp_dss1(); }
-const EVP_MD *EVP_ecdsa(void)  { return FIPS_evp_ecdsa(); }
-
-#endif

diff --git a/lib/libssl/src/crypto/evp/evp_locl.h b/lib/libssl/src/crypto/evp/evp_locl.h
index 08c0a66..9e71f39 100644 (file)
--- a/lib/libssl/src/crypto/evp/evp_locl.h
+++ b/lib/libssl/src/crypto/evp/evp_locl.h
@@ -347,39 +347,3 @@ void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
 int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                             ASN1_TYPE *param,
                             const EVP_CIPHER *c, const EVP_MD *md, int en_de);
-
-#ifdef OPENSSL_FIPS
-
-#ifdef OPENSSL_DOING_MAKEDEPEND
-#undef SHA1_Init
-#undef SHA1_Update
-#undef SHA224_Init
-#undef SHA256_Init
-#undef SHA384_Init
-#undef SHA512_Init
-#undef DES_set_key_unchecked
-#endif
-
-#define RIPEMD160_Init private_RIPEMD160_Init
-#define WHIRLPOOL_Init private_WHIRLPOOL_Init
-#define MD5_Init       private_MD5_Init
-#define MD4_Init       private_MD4_Init
-#define MD2_Init       private_MD2_Init
-#define MDC2_Init      private_MDC2_Init
-#define SHA_Init       private_SHA_Init
-#define SHA1_Init      private_SHA1_Init
-#define SHA224_Init    private_SHA224_Init
-#define SHA256_Init    private_SHA256_Init
-#define SHA384_Init    private_SHA384_Init
-#define SHA512_Init    private_SHA512_Init
-
-#define BF_set_key     private_BF_set_key
-#define CAST_set_key   private_CAST_set_key
-#define idea_set_encrypt_key   private_idea_set_encrypt_key
-#define SEED_set_key   private_SEED_set_key
-#define RC2_set_key    private_RC2_set_key
-#define RC4_set_key    private_RC4_set_key
-#define DES_set_key_unchecked  private_DES_set_key_unchecked
-#define Camellia_set_key       private_Camellia_set_key
-
-#endif

diff --git a/lib/libssl/src/crypto/evp/m_dss.c b/lib/libssl/src/crypto/evp/m_dss.c
index 6fb7e9a..89ea5b7 100644 (file)
--- a/lib/libssl/src/crypto/evp/m_dss.c
+++ b/lib/libssl/src/crypto/evp/m_dss.c
@@ -66,7 +66,6 @@
 #endif
 
 #ifndef OPENSSL_NO_SHA
-#ifndef OPENSSL_FIPS
 
 static int init(EVP_MD_CTX *ctx)
        { return SHA1_Init(ctx->md_data); }
@@ -98,4 +97,3 @@ const EVP_MD *EVP_dss(void)
        return(&dsa_md);
        }
 #endif
-#endif

diff --git a/lib/libssl/src/crypto/evp/m_dss1.c b/lib/libssl/src/crypto/evp/m_dss1.c
index 2df362a..a010103 100644 (file)
--- a/lib/libssl/src/crypto/evp/m_dss1.c
+++ b/lib/libssl/src/crypto/evp/m_dss1.c
@@ -68,8 +68,6 @@
 #include <openssl/dsa.h>
 #endif
 
-#ifndef OPENSSL_FIPS 
-
 static int init(EVP_MD_CTX *ctx)
        { return SHA1_Init(ctx->md_data); }
 
@@ -100,4 +98,3 @@ const EVP_MD *EVP_dss1(void)
        return(&dss1_md);
        }
 #endif
-#endif

diff --git a/lib/libssl/src/crypto/evp/m_ecdsa.c b/lib/libssl/src/crypto/evp/m_ecdsa.c
index 4b15fb0..a6ed24b 100644 (file)
--- a/lib/libssl/src/crypto/evp/m_ecdsa.c
+++ b/lib/libssl/src/crypto/evp/m_ecdsa.c
@@ -116,7 +116,6 @@
 #include <openssl/x509.h>
 
 #ifndef OPENSSL_NO_SHA
-#ifndef OPENSSL_FIPS
 
 static int init(EVP_MD_CTX *ctx)
        { return SHA1_Init(ctx->md_data); }
@@ -148,4 +147,3 @@ const EVP_MD *EVP_ecdsa(void)
        return(&ecdsa_md);
        }
 #endif
-#endif

diff --git a/lib/libssl/src/crypto/evp/m_sha1.c b/lib/libssl/src/crypto/evp/m_sha1.c
index bd0c01a..f39ae77 100644 (file)
--- a/lib/libssl/src/crypto/evp/m_sha1.c
+++ b/lib/libssl/src/crypto/evp/m_sha1.c
@@ -59,8 +59,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
 
-#ifndef OPENSSL_FIPS
-
 #ifndef OPENSSL_NO_SHA
 
 #include <openssl/evp.h>
@@ -205,5 +203,3 @@ static const EVP_MD sha512_md=
 const EVP_MD *EVP_sha512(void)
        { return(&sha512_md); }
 #endif /* ifndef OPENSSL_NO_SHA512 */
-
-#endif

diff --git a/lib/libssl/src/crypto/fips_ers.c b/lib/libssl/src/crypto/fips_ers.c
deleted file mode 100644 (file)
index 1788ed2..0000000
--- a/lib/libssl/src/crypto/fips_ers.c
+++ /dev/null
@@ -1,7 +0,0 @@
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_FIPS
-# include "fips_err.h"
-#else
-static void *dummy = &dummy;
-#endif

diff --git a/lib/libssl/src/crypto/hmac/hmac.c b/lib/libssl/src/crypto/hmac/hmac.c
index ba27cbf..6c98fc4 100644 (file)
--- a/lib/libssl/src/crypto/hmac/hmac.c
+++ b/lib/libssl/src/crypto/hmac/hmac.c
@@ -61,34 +61,12 @@
 #include "cryptlib.h"
 #include <openssl/hmac.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                  const EVP_MD *md, ENGINE *impl)
        {
        int i,j,reset=0;
        unsigned char pad[HMAC_MAX_MD_CBLOCK];
 
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode())
-               {
-               /* If we have an ENGINE need to allow non FIPS */
-               if ((impl || ctx->i_ctx.engine)
-                       &&  !(ctx->i_ctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
-                       {
-                       EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS);
-                       return 0;
-                       }
-               /* Other algorithm blocking will be done in FIPS_cmac_init,
-                * via FIPS_hmac_init_ex().
-                */
-               if (!impl && !ctx->i_ctx.engine)
-                       return FIPS_hmac_init_ex(ctx, key, len, md, NULL);
-               }
-#endif
-
        if (md != NULL)
                {
                reset=1;
@@ -155,10 +133,6 @@ int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
 
 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !ctx->i_ctx.engine)
-               return FIPS_hmac_update(ctx, data, len);
-#endif
        return EVP_DigestUpdate(&ctx->md_ctx,data,len);
        }
 
@@ -166,10 +140,6 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
        {
        unsigned int i;
        unsigned char buf[EVP_MAX_MD_SIZE];
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !ctx->i_ctx.engine)
-               return FIPS_hmac_final(ctx, md, len);
-#endif
 
        if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i))
                goto err;
@@ -209,13 +179,6 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
 
 void HMAC_CTX_cleanup(HMAC_CTX *ctx)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !ctx->i_ctx.engine)
-               {
-               FIPS_hmac_ctx_cleanup(ctx);
-               return;
-               }
-#endif
        EVP_MD_CTX_cleanup(&ctx->i_ctx);
        EVP_MD_CTX_cleanup(&ctx->o_ctx);
        EVP_MD_CTX_cleanup(&ctx->md_ctx);

diff --git a/lib/libssl/src/crypto/idea/i_skey.c b/lib/libssl/src/crypto/idea/i_skey.c
index afb8309..244562e 100644 (file)
--- a/lib/libssl/src/crypto/idea/i_skey.c
+++ b/lib/libssl/src/crypto/idea/i_skey.c
@@ -62,13 +62,6 @@
 
 static IDEA_INT inverse(unsigned int xin);
 void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
-#ifdef OPENSSL_FIPS
-       {
-       fips_cipher_abort(IDEA);
-       private_idea_set_encrypt_key(key, ks);
-       }
-void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
-#endif
        {
        int i;
        register IDEA_INT *kt,*kf,r0,r1,r2;

diff --git a/lib/libssl/src/crypto/idea/idea.h b/lib/libssl/src/crypto/idea/idea.h
index e9a1e7f..5782e54 100644 (file)
--- a/lib/libssl/src/crypto/idea/idea.h
+++ b/lib/libssl/src/crypto/idea/idea.h
@@ -83,9 +83,6 @@ typedef struct idea_key_st
 const char *idea_options(void);
 void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
        IDEA_KEY_SCHEDULE *ks);
-#ifdef OPENSSL_FIPS
-void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
-#endif
 void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
 void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
 void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,

diff --git a/lib/libssl/src/crypto/md2/md2.h b/lib/libssl/src/crypto/md2/md2.h
index d59c9f2..a46120e 100644 (file)
--- a/lib/libssl/src/crypto/md2/md2.h
+++ b/lib/libssl/src/crypto/md2/md2.h
@@ -81,9 +81,6 @@ typedef struct MD2state_st
        } MD2_CTX;
 
 const char *MD2_options(void);
-#ifdef OPENSSL_FIPS
-int private_MD2_Init(MD2_CTX *c);
-#endif
 int MD2_Init(MD2_CTX *c);
 int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len);
 int MD2_Final(unsigned char *md, MD2_CTX *c);

diff --git a/lib/libssl/src/crypto/md4/md4.h b/lib/libssl/src/crypto/md4/md4.h
index a55368a..c3ed9b3 100644 (file)
--- a/lib/libssl/src/crypto/md4/md4.h
+++ b/lib/libssl/src/crypto/md4/md4.h
@@ -105,9 +105,6 @@ typedef struct MD4state_st
        unsigned int num;
        } MD4_CTX;
 
-#ifdef OPENSSL_FIPS
-int private_MD4_Init(MD4_CTX *c);
-#endif
 int MD4_Init(MD4_CTX *c);
 int MD4_Update(MD4_CTX *c, const void *data, size_t len);
 int MD4_Final(unsigned char *md, MD4_CTX *c);

diff --git a/lib/libssl/src/crypto/md5/md5.h b/lib/libssl/src/crypto/md5/md5.h
index 541cc92..4cbf843 100644 (file)
--- a/lib/libssl/src/crypto/md5/md5.h
+++ b/lib/libssl/src/crypto/md5/md5.h
@@ -105,9 +105,6 @@ typedef struct MD5state_st
        unsigned int num;
        } MD5_CTX;
 
-#ifdef OPENSSL_FIPS
-int private_MD5_Init(MD5_CTX *c);
-#endif
 int MD5_Init(MD5_CTX *c);
 int MD5_Update(MD5_CTX *c, const void *data, size_t len);
 int MD5_Final(unsigned char *md, MD5_CTX *c);

diff --git a/lib/libssl/src/crypto/mdc2/mdc2.h b/lib/libssl/src/crypto/mdc2/mdc2.h
index f3e8e57..72778a5 100644 (file)
--- a/lib/libssl/src/crypto/mdc2/mdc2.h
+++ b/lib/libssl/src/crypto/mdc2/mdc2.h
@@ -81,9 +81,6 @@ typedef struct mdc2_ctx_st
        } MDC2_CTX;
 
 
-#ifdef OPENSSL_FIPS
-int private_MDC2_Init(MDC2_CTX *c);
-#endif
 int MDC2_Init(MDC2_CTX *c);
 int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
 int MDC2_Final(unsigned char *md, MDC2_CTX *c);

diff --git a/lib/libssl/src/crypto/o_fips.c b/lib/libssl/src/crypto/o_fips.c
index 9c185cf..43312ae 100644 (file)
--- a/lib/libssl/src/crypto/o_fips.c
+++ b/lib/libssl/src/crypto/o_fips.c
@@ -56,42 +56,20 @@
  */
 
 #include "cryptlib.h"
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-#include <openssl/rand.h>
-#endif
 
 int
 FIPS_mode(void)
 {
        OPENSSL_init();
-#ifdef OPENSSL_FIPS
-       return FIPS_module_mode();
-#else
        return 0;
-#endif
 }
 
 int
 FIPS_mode_set(int r)
 {
        OPENSSL_init();
-#ifdef OPENSSL_FIPS
-#ifndef FIPS_AUTH_USER_PASS
-#define FIPS_AUTH_USER_PASS    "Default FIPS Crypto User Password"
-#endif
-       if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS))
-               return 0;
-       if (r)
-               RAND_set_rand_method(FIPS_rand_get_method());
-       else
-               RAND_set_rand_method(NULL);
-       return 1;
-#else
        if (r == 0)
                return 1;
        CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED);
        return 0;
-#endif
 }

diff --git a/lib/libssl/src/crypto/o_init.c b/lib/libssl/src/crypto/o_init.c
index 07c8e0d..5e905d9 100644 (file)
--- a/lib/libssl/src/crypto/o_init.c
+++ b/lib/libssl/src/crypto/o_init.c
@@ -54,10 +54,6 @@
 
 #include <e_os.h>
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#include <openssl/rand.h>
-#endif
 
 /* Perform any essential OpenSSL initialization operations.
  * Currently only sets FIPS callbacks
@@ -70,12 +66,6 @@ OPENSSL_init(void)
        if (done)
                return;
        done = 1;
-#ifdef OPENSSL_FIPS
-       FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock);
-       FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
-       FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);
-       RAND_init_fips();
-#endif
 #if 0
        fprintf(stderr, "Called OPENSSL_init\n");
 #endif

diff --git a/lib/libssl/src/crypto/opensslv.h b/lib/libssl/src/crypto/opensslv.h
index ebe7180..7ba6281 100644 (file)
--- a/lib/libssl/src/crypto/opensslv.h
+++ b/lib/libssl/src/crypto/opensslv.h
@@ -26,11 +26,7 @@
  *  major minor fix final patch/beta)
  */
 #define OPENSSL_VERSION_NUMBER 0x1000107fL
-#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.1g-fips 7 Apr 2014"
-#else
 #define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.1g 7 Apr 2014"
-#endif
 #define OPENSSL_VERSION_PTEXT  " part of " OPENSSL_VERSION_TEXT
 
 

diff --git a/lib/libssl/src/crypto/pem/pem_all.c b/lib/libssl/src/crypto/pem/pem_all.c
index eac0460..6ff6be7 100644 (file)
--- a/lib/libssl/src/crypto/pem/pem_all.c
+++ b/lib/libssl/src/crypto/pem/pem_all.c
@@ -193,61 +193,8 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
 
 #endif
 
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-       if (FIPS_mode())
-               {
-               EVP_PKEY *k;
-               int ret;
-               k = EVP_PKEY_new();
-               if (!k)
-                       return 0;
-               EVP_PKEY_set1_RSA(k, x);
-
-               ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-               EVP_PKEY_free(k);
-               return ret;
-               }
-       else
-               return PEM_ASN1_write_bio((i2d_of_void *)i2d_RSAPrivateKey,
-                                       PEM_STRING_RSA,bp,x,enc,kstr,klen,cb,u);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-       if (FIPS_mode())
-               {
-               EVP_PKEY *k;
-               int ret;
-               k = EVP_PKEY_new();
-               if (!k)
-                       return 0;
-
-               EVP_PKEY_set1_RSA(k, x);
-
-               ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-               EVP_PKEY_free(k);
-               return ret;
-               }
-       else
-               return PEM_ASN1_write((i2d_of_void *)i2d_RSAPrivateKey,
-                                       PEM_STRING_RSA,fp,x,enc,kstr,klen,cb,u);
-}
-#endif
-
-#else
-
 IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
 
-#endif
-
 IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
 IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
 
@@ -277,59 +224,8 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
        return pkey_get_dsa(pktmp, dsa);        /* will free pktmp */
 }
 
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-       if (FIPS_mode())
-               {
-               EVP_PKEY *k;
-               int ret;
-               k = EVP_PKEY_new();
-               if (!k)
-                       return 0;
-               EVP_PKEY_set1_DSA(k, x);
-
-               ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-               EVP_PKEY_free(k);
-               return ret;
-               }
-       else
-               return PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPrivateKey,
-                                       PEM_STRING_DSA,bp,x,enc,kstr,klen,cb,u);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-       if (FIPS_mode())
-               {
-               EVP_PKEY *k;
-               int ret;
-               k = EVP_PKEY_new();
-               if (!k)
-                       return 0;
-               EVP_PKEY_set1_DSA(k, x);
-               ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-               EVP_PKEY_free(k);
-               return ret;
-               }
-       else
-               return PEM_ASN1_write((i2d_of_void *)i2d_DSAPrivateKey,
-                                       PEM_STRING_DSA,fp,x,enc,kstr,klen,cb,u);
-}
-#endif
-
-#else
-
 IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
 
-#endif
-
 IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
 
 #ifndef OPENSSL_NO_FP_API
@@ -377,61 +273,8 @@ IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKPa
 
 
 
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-       if (FIPS_mode())
-               {
-               EVP_PKEY *k;
-               int ret;
-               k = EVP_PKEY_new();
-               if (!k)
-                       return 0;
-               EVP_PKEY_set1_EC_KEY(k, x);
-
-               ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-               EVP_PKEY_free(k);
-               return ret;
-               }
-       else
-               return PEM_ASN1_write_bio((i2d_of_void *)i2d_ECPrivateKey,
-                                               PEM_STRING_ECPRIVATEKEY,
-                                               bp,x,enc,kstr,klen,cb,u);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-       if (FIPS_mode())
-               {
-               EVP_PKEY *k;
-               int ret;
-               k = EVP_PKEY_new();
-               if (!k)
-                       return 0;
-               EVP_PKEY_set1_EC_KEY(k, x);
-               ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-               EVP_PKEY_free(k);
-               return ret;
-               }
-       else
-               return PEM_ASN1_write((i2d_of_void *)i2d_ECPrivateKey,
-                                               PEM_STRING_ECPRIVATEKEY,
-                                               fp,x,enc,kstr,klen,cb,u);
-}
-#endif
-
-#else
-
 IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
 
-#endif
-
 IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
 
 #ifndef OPENSSL_NO_FP_API

diff --git a/lib/libssl/src/crypto/pkcs12/p12_crt.c b/lib/libssl/src/crypto/pkcs12/p12_crt.c
index a34915d..0c5e8dc 100644 (file)
--- a/lib/libssl/src/crypto/pkcs12/p12_crt.c
+++ b/lib/libssl/src/crypto/pkcs12/p12_crt.c
@@ -91,11 +91,6 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
        /* Set defaults */
        if (!nid_cert)
                {
-#ifdef OPENSSL_FIPS
-               if (FIPS_mode())
-                       nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-               else
-#endif
                nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
                }
        if (!nid_key)

diff --git a/lib/libssl/src/crypto/rc2/rc2.h b/lib/libssl/src/crypto/rc2/rc2.h
index e542ec9..4c737f5 100644 (file)
--- a/lib/libssl/src/crypto/rc2/rc2.h
+++ b/lib/libssl/src/crypto/rc2/rc2.h
@@ -79,9 +79,6 @@ typedef struct rc2_key_st
        RC2_INT data[64];
        } RC2_KEY;
 
-#ifdef OPENSSL_FIPS 
-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
-#endif
 void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
 void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,
                     int enc);

diff --git a/lib/libssl/src/crypto/rc2/rc2_skey.c b/lib/libssl/src/crypto/rc2/rc2_skey.c
index 6668ac0..26b8dd6 100644 (file)
--- a/lib/libssl/src/crypto/rc2/rc2_skey.c
+++ b/lib/libssl/src/crypto/rc2/rc2_skey.c
@@ -96,13 +96,6 @@ static const unsigned char key_table[256]={
  * the same as specifying 1024 for the 'bits' parameter.  Bsafe uses
  * a version where the bits parameter is the same as len*8 */
 void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
-#ifdef OPENSSL_FIPS
-       {
-       fips_cipher_abort(RC2);
-       private_RC2_set_key(key, len, data, bits);
-       }
-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
-#endif
        {
        int i,j;
        unsigned char *k;

diff --git a/lib/libssl/src/crypto/rc4/rc4_utl.c b/lib/libssl/src/crypto/rc4/rc4_utl.c
index ab3f02f..bd39a76 100644 (file)
--- a/lib/libssl/src/crypto/rc4/rc4_utl.c
+++ b/lib/libssl/src/crypto/rc4/rc4_utl.c
@@ -55,8 +55,5 @@
 
 void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
        {
-#ifdef OPENSSL_FIPS
-       fips_cipher_abort(RC4);
-#endif
        private_RC4_set_key(key, len, data);
        }

diff --git a/lib/libssl/src/crypto/ripemd/ripemd.h b/lib/libssl/src/crypto/ripemd/ripemd.h
index 189bd8c..5942eb6 100644 (file)
--- a/lib/libssl/src/crypto/ripemd/ripemd.h
+++ b/lib/libssl/src/crypto/ripemd/ripemd.h
@@ -91,9 +91,6 @@ typedef struct RIPEMD160state_st
        unsigned int   num;
        } RIPEMD160_CTX;
 
-#ifdef OPENSSL_FIPS
-int private_RIPEMD160_Init(RIPEMD160_CTX *c);
-#endif
 int RIPEMD160_Init(RIPEMD160_CTX *c);
 int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
 int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);

diff --git a/lib/libssl/src/crypto/rsa/rsa_crpt.c b/lib/libssl/src/crypto/rsa/rsa_crpt.c
index d3e4478..7750366 100644 (file)
--- a/lib/libssl/src/crypto/rsa/rsa_crpt.c
+++ b/lib/libssl/src/crypto/rsa/rsa_crpt.c
@@ -75,56 +75,24 @@ int RSA_size(const RSA *r)
 int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
             RSA *rsa, int padding)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                       && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-               {
-               RSAerr(RSA_F_RSA_PUBLIC_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-               return -1;
-               }
-#endif
        return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
        }
 
 int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
             RSA *rsa, int padding)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                       && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-               {
-               RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-               return -1;
-               }
-#endif
        return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
        }
 
 int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
             RSA *rsa, int padding)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                       && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-               {
-               RSAerr(RSA_F_RSA_PRIVATE_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-               return -1;
-               }
-#endif
        return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
        }
 
 int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
             RSA *rsa, int padding)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                       && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-               {
-               RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-               return -1;
-               }
-#endif
        return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
        }
 

diff --git a/lib/libssl/src/crypto/rsa/rsa_gen.c b/lib/libssl/src/crypto/rsa/rsa_gen.c
index 42290cc..767f7ab 100644 (file)
--- a/lib/libssl/src/crypto/rsa/rsa_gen.c
+++ b/lib/libssl/src/crypto/rsa/rsa_gen.c
@@ -67,9 +67,6 @@
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
 
@@ -80,20 +77,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
  * now just because key-generation is part of RSA_METHOD. */
 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
        {
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                       && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-               {
-               RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
-               return 0;
-               }
-#endif
        if(rsa->meth->rsa_keygen)
                return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode())
-               return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
-#endif
        return rsa_builtin_keygen(rsa, bits, e_value, cb);
        }
 

diff --git a/lib/libssl/src/crypto/rsa/rsa_lib.c b/lib/libssl/src/crypto/rsa/rsa_lib.c
index c95ceaf..9e3f7da 100644 (file)
--- a/lib/libssl/src/crypto/rsa/rsa_lib.c
+++ b/lib/libssl/src/crypto/rsa/rsa_lib.c
@@ -67,10 +67,6 @@
 #include <openssl/engine.h>
 #endif
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
 
 static const RSA_METHOD *default_RSA_meth=NULL;
@@ -91,17 +87,10 @@ const RSA_METHOD *RSA_get_default_method(void)
        {
        if (default_RSA_meth == NULL)
                {
-#ifdef OPENSSL_FIPS
-               if (FIPS_mode())
-                       return FIPS_rsa_pkcs1_ssleay();
-               else
-                       return RSA_PKCS1_SSLeay();
-#else
 #ifdef RSA_NULL
                default_RSA_meth=RSA_null_method();
 #else
                default_RSA_meth=RSA_PKCS1_SSLeay();
-#endif
 #endif
                }
 

diff --git a/lib/libssl/src/crypto/rsa/rsa_pmeth.c b/lib/libssl/src/crypto/rsa/rsa_pmeth.c
index 157aa5c..d706d35 100644 (file)
--- a/lib/libssl/src/crypto/rsa/rsa_pmeth.c
+++ b/lib/libssl/src/crypto/rsa/rsa_pmeth.c
@@ -66,9 +66,6 @@
 #ifndef OPENSSL_NO_CMS
 #include <openssl/cms.h>
 #endif
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #include "evp_locl.h"
 #include "rsa_locl.h"
 
@@ -156,32 +153,6 @@ static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
                OPENSSL_free(rctx);
                }
        }
-#ifdef OPENSSL_FIPS
-/* FIP checker. Return value indicates status of context parameters:
- * 1  : redirect to FIPS.
- * 0  : don't redirect to FIPS.
- * -1 : illegal operation in FIPS mode.
- */
-
-static int pkey_fips_check_ctx(EVP_PKEY_CTX *ctx)
-       {
-       RSA_PKEY_CTX *rctx = ctx->data;
-       RSA *rsa = ctx->pkey->pkey.rsa;
-       int rv = -1;
-       if (!FIPS_mode())
-               return 0;
-       if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
-               rv = 0;
-       if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv)
-               return -1;
-       if (rctx->md && !(rctx->md->flags & EVP_MD_FLAG_FIPS))
-               return rv;
-       if (rctx->mgf1md && !(rctx->mgf1md->flags & EVP_MD_FLAG_FIPS))
-               return rv;
-       return 1;
-       }
-#endif
-
 static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                                        const unsigned char *tbs, size_t tbslen)
        {
@@ -189,15 +160,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
        RSA_PKEY_CTX *rctx = ctx->data;
        RSA *rsa = ctx->pkey->pkey.rsa;
 
-#ifdef OPENSSL_FIPS
-       ret = pkey_fips_check_ctx(ctx);
-       if (ret < 0)
-               {
-               RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-               return -1;
-               }
-#endif
-
        if (rctx->md)
                {
                if (tbslen != (size_t)EVP_MD_size(rctx->md))
@@ -206,22 +168,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                                        RSA_R_INVALID_DIGEST_LENGTH);
                        return -1;
                        }
-#ifdef OPENSSL_FIPS
-               if (ret > 0)
-                       {
-                       unsigned int slen;
-                       ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md,
-                                                       rctx->pad_mode,
-                                                       rctx->saltlen,
-                                                       rctx->mgf1md,
-                                                       sig, &slen);
-                       if (ret > 0)
-                               *siglen = slen;
-                       else
-                               *siglen = 0;
-                       return ret;
-                       }
-#endif
 
                if (EVP_MD_type(rctx->md) == NID_mdc2)
                        {
@@ -343,30 +289,8 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
        RSA_PKEY_CTX *rctx = ctx->data;
        RSA *rsa = ctx->pkey->pkey.rsa;
        size_t rslen;
-#ifdef OPENSSL_FIPS
-       int rv;
-       rv = pkey_fips_check_ctx(ctx);
-       if (rv < 0)
-               {
-               RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-               return -1;
-               }
-#endif
        if (rctx->md)
                {
-#ifdef OPENSSL_FIPS
-               if (rv > 0)
-                       {
-                       return FIPS_rsa_verify_digest(rsa,
-                                                       tbs, tbslen,
-                                                       rctx->md,
-                                                       rctx->pad_mode,
-                                                       rctx->saltlen,
-                                                       rctx->mgf1md,
-                                                       sig, siglen);
-                                                       
-                       }
-#endif
                if (rctx->pad_mode == RSA_PKCS1_PADDING)
                        return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
                                        sig, siglen, rsa);

diff --git a/lib/libssl/src/crypto/rsa/rsa_sign.c b/lib/libssl/src/crypto/rsa/rsa_sign.c
index b6f6037..fa3239a 100644 (file)
--- a/lib/libssl/src/crypto/rsa/rsa_sign.c
+++ b/lib/libssl/src/crypto/rsa/rsa_sign.c
@@ -77,14 +77,6 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
        const unsigned char *s = NULL;
        X509_ALGOR algor;
        ASN1_OCTET_STRING digest;
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                       && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-               {
-               RSAerr(RSA_F_RSA_SIGN, RSA_R_NON_FIPS_RSA_METHOD);
-               return 0;
-               }
-#endif
        if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
                {
                return rsa->meth->rsa_sign(type, m, m_len,
@@ -161,15 +153,6 @@ int int_rsa_verify(int dtype, const unsigned char *m,
        unsigned char *s;
        X509_SIG *sig=NULL;
 
-#ifdef OPENSSL_FIPS
-       if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                       && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-               {
-               RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_NON_FIPS_RSA_METHOD);
-               return 0;
-               }
-#endif
-
        if (siglen != (unsigned int)RSA_size(rsa))
                {
                RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);

diff --git a/lib/libssl/src/crypto/seed/seed.c b/lib/libssl/src/crypto/seed/seed.c
index 3e675a8..934664d 100644 (file)
--- a/lib/libssl/src/crypto/seed/seed.c
+++ b/lib/libssl/src/crypto/seed/seed.c
@@ -198,13 +198,6 @@ static const seed_word KC[] = {
        KC8,    KC9,    KC10,   KC11,   KC12,   KC13,   KC14,   KC15    };
 #endif
 void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks)
-#ifdef OPENSSL_FIPS
-       {
-       fips_cipher_abort(SEED);
-       private_SEED_set_key(rawkey, ks);
-       }
-void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks)
-#endif
 {
        seed_word x1, x2, x3, x4;
        seed_word t0, t1;

diff --git a/lib/libssl/src/crypto/seed/seed.h b/lib/libssl/src/crypto/seed/seed.h
index c50fdd3..6e2ade3 100644 (file)
--- a/lib/libssl/src/crypto/seed/seed.h
+++ b/lib/libssl/src/crypto/seed/seed.h
@@ -116,9 +116,6 @@ typedef struct seed_key_st {
 #endif
 } SEED_KEY_SCHEDULE;
 
-#ifdef OPENSSL_FIPS
-void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks);
-#endif
 void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks);
 
 void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks);

diff --git a/lib/libssl/src/crypto/sha/sha.h b/lib/libssl/src/crypto/sha/sha.h
index 8a6bf4b..7cbca26 100644 (file)
--- a/lib/libssl/src/crypto/sha/sha.h
+++ b/lib/libssl/src/crypto/sha/sha.h
@@ -70,10 +70,6 @@ extern "C" {
 #error SHA is disabled.
 #endif
 
-#if defined(OPENSSL_FIPS)
-#define FIPS_SHA_SIZE_T size_t
-#endif
-
 /*
  * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !
@@ -106,9 +102,6 @@ typedef struct SHAstate_st
        } SHA_CTX;
 
 #ifndef OPENSSL_NO_SHA0
-#ifdef OPENSSL_FIPS
-int private_SHA_Init(SHA_CTX *c);
-#endif
 int SHA_Init(SHA_CTX *c);
 int SHA_Update(SHA_CTX *c, const void *data, size_t len);
 int SHA_Final(unsigned char *md, SHA_CTX *c);
@@ -116,9 +109,6 @@ unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md);
 void SHA_Transform(SHA_CTX *c, const unsigned char *data);
 #endif
 #ifndef OPENSSL_NO_SHA1
-#ifdef OPENSSL_FIPS
-int private_SHA1_Init(SHA_CTX *c);
-#endif
 int SHA1_Init(SHA_CTX *c);
 int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
 int SHA1_Final(unsigned char *md, SHA_CTX *c);
@@ -141,10 +131,6 @@ typedef struct SHA256state_st
        } SHA256_CTX;
 
 #ifndef OPENSSL_NO_SHA256
-#ifdef OPENSSL_FIPS
-int private_SHA224_Init(SHA256_CTX *c);
-int private_SHA256_Init(SHA256_CTX *c);
-#endif
 int SHA224_Init(SHA256_CTX *c);
 int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
 int SHA224_Final(unsigned char *md, SHA256_CTX *c);
@@ -192,10 +178,6 @@ typedef struct SHA512state_st
 #endif
 
 #ifndef OPENSSL_NO_SHA512
-#ifdef OPENSSL_FIPS
-int private_SHA384_Init(SHA512_CTX *c);
-int private_SHA512_Init(SHA512_CTX *c);
-#endif
 int SHA384_Init(SHA512_CTX *c);
 int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
 int SHA384_Final(unsigned char *md, SHA512_CTX *c);

diff --git a/lib/libssl/src/crypto/whrlpool/whrlpool.h b/lib/libssl/src/crypto/whrlpool/whrlpool.h
index 9e01f5b..03c91da 100644 (file)
--- a/lib/libssl/src/crypto/whrlpool/whrlpool.h
+++ b/lib/libssl/src/crypto/whrlpool/whrlpool.h
@@ -24,9 +24,6 @@ typedef struct        {
        } WHIRLPOOL_CTX;
 
 #ifndef OPENSSL_NO_WHIRLPOOL
-#ifdef OPENSSL_FIPS
-int private_WHIRLPOOL_Init(WHIRLPOOL_CTX *c);
-#endif
 int WHIRLPOOL_Init     (WHIRLPOOL_CTX *c);
 int WHIRLPOOL_Update   (WHIRLPOOL_CTX *c,const void *inp,size_t bytes);
 void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits);