From 1af109d6d0cb0b1b795e9e264216eddfb5c7a6c3 Mon Sep 17 00:00:00 2001 From: jsing Date: Thu, 8 May 2014 15:29:00 +0000 Subject: [PATCH] Nuke OPENSSL_FIPS - having #ifdefs inside a #ifndef for the same thing is amusing. ok deraadt@ --- lib/libcrypto/evp/e_aes.c | 16 ---------------- lib/libcrypto/evp/e_des3.c | 2 -- lib/libssl/src/crypto/evp/e_aes.c | 16 ---------------- lib/libssl/src/crypto/evp/e_des3.c | 2 -- 4 files changed, 36 deletions(-) diff --git a/lib/libcrypto/evp/e_aes.c b/lib/libcrypto/evp/e_aes.c index db0fdf85c86..fd1c34526f4 100644 --- a/lib/libcrypto/evp/e_aes.c +++ b/lib/libcrypto/evp/e_aes.c @@ -56,7 +56,6 @@ #include #include #include "evp_locl.h" -#ifndef OPENSSL_FIPS #include "modes_lcl.h" #include @@ -692,11 +691,6 @@ aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_GCM_SET_IVLEN: if (arg <= 0) return 0; -#ifdef OPENSSL_FIPS - if (FIPS_module_mode() && - !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) && arg < 12) - return 0; -#endif /* Allocate memory for IV if needed */ if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { if (gctx->iv != c->iv) @@ -1098,15 +1092,6 @@ aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (!out || !in || len < AES_BLOCK_SIZE) return 0; -#ifdef OPENSSL_FIPS - /* Requirement of SP800-38E */ - if (FIPS_module_mode() && - !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) && - (len > (1UL << 20) * 16)) { - EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE); - return 0; - } -#endif if (xctx->stream) (*xctx->stream)(in, out, len, xctx->xts.key1, xctx->xts.key2, ctx->iv); @@ -1279,4 +1264,3 @@ BLOCK_CIPHER_custom(NID_aes, 256, 1,12, ccm, CCM, EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) #endif -#endif diff --git a/lib/libcrypto/evp/e_des3.c b/lib/libcrypto/evp/e_des3.c index ddb069dda57..6463326a786 100644 --- a/lib/libcrypto/evp/e_des3.c +++ b/lib/libcrypto/evp/e_des3.c @@ -65,7 +65,6 @@ #include #include -#ifndef OPENSSL_FIPS static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); @@ -315,4 +314,3 @@ EVP_des_ede3(void) return &des_ede3_ecb; } #endif -#endif diff --git a/lib/libssl/src/crypto/evp/e_aes.c b/lib/libssl/src/crypto/evp/e_aes.c index db0fdf85c86..fd1c34526f4 100644 --- a/lib/libssl/src/crypto/evp/e_aes.c +++ b/lib/libssl/src/crypto/evp/e_aes.c @@ -56,7 +56,6 @@ #include #include #include "evp_locl.h" -#ifndef OPENSSL_FIPS #include "modes_lcl.h" #include @@ -692,11 +691,6 @@ aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_GCM_SET_IVLEN: if (arg <= 0) return 0; -#ifdef OPENSSL_FIPS - if (FIPS_module_mode() && - !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) && arg < 12) - return 0; -#endif /* Allocate memory for IV if needed */ if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { if (gctx->iv != c->iv) @@ -1098,15 +1092,6 @@ aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (!out || !in || len < AES_BLOCK_SIZE) return 0; -#ifdef OPENSSL_FIPS - /* Requirement of SP800-38E */ - if (FIPS_module_mode() && - !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) && - (len > (1UL << 20) * 16)) { - EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE); - return 0; - } -#endif if (xctx->stream) (*xctx->stream)(in, out, len, xctx->xts.key1, xctx->xts.key2, ctx->iv); @@ -1279,4 +1264,3 @@ BLOCK_CIPHER_custom(NID_aes, 256, 1,12, ccm, CCM, EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) #endif -#endif diff --git a/lib/libssl/src/crypto/evp/e_des3.c b/lib/libssl/src/crypto/evp/e_des3.c index ddb069dda57..6463326a786 100644 --- a/lib/libssl/src/crypto/evp/e_des3.c +++ b/lib/libssl/src/crypto/evp/e_des3.c @@ -65,7 +65,6 @@ #include #include -#ifndef OPENSSL_FIPS static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); @@ -315,4 +314,3 @@ EVP_des_ede3(void) return &des_ede3_ecb; } #endif -#endif -- 2.20.1