From b4152bd2f4db6ae7e3efaa16a8611302a45b64eb Mon Sep 17 00:00:00 2001 From: tedu Date: Thu, 17 Apr 2014 16:17:41 +0000 Subject: [PATCH] Fully kill FIPS API. Forcible certification conflicts with the goals of a free software project. ok beck deraadt Ports calling FIPS_mode_set(1): mongodb --- lib/libcrypto/crypto.h | 3 -- lib/libcrypto/crypto/Makefile | 4 +- lib/libcrypto/o_fips.c | 75 ---------------------------------- lib/libssl/src/crypto/crypto.h | 3 -- lib/libssl/src/crypto/o_fips.c | 75 ---------------------------------- 5 files changed, 2 insertions(+), 158 deletions(-) delete mode 100644 lib/libcrypto/o_fips.c delete mode 100644 lib/libssl/src/crypto/o_fips.c diff --git a/lib/libcrypto/crypto.h b/lib/libcrypto/crypto.h index 56c5dfadb8c..2609b18b5f3 100644 --- a/lib/libcrypto/crypto.h +++ b/lib/libcrypto/crypto.h @@ -531,9 +531,6 @@ unsigned long *OPENSSL_ia32cap_loc(void); #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) int OPENSSL_isservice(void); -int FIPS_mode(void); -int FIPS_mode_set(int r); - void OPENSSL_init(void); #define fips_md_init(alg) fips_md_init_ctx(alg, alg) diff --git a/lib/libcrypto/crypto/Makefile b/lib/libcrypto/crypto/Makefile index df7304c76b5..3a7c04c8169 100644 --- a/lib/libcrypto/crypto/Makefile +++ b/lib/libcrypto/crypto/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.17 2014/04/16 19:13:01 miod Exp $ +# $OpenBSD: Makefile,v 1.18 2014/04/17 16:17:41 tedu Exp $ LIB= crypto @@ -34,7 +34,7 @@ CFLAGS+= -I${LCRYPTO_SRC}/modes -I${LCRYPTO_SRC}/asn1 -I${LCRYPTO_SRC}/evp # crypto/ SRCS+= cryptlib.c malloc-wrapper.c mem_dbg.c cversion.c ex_data.c cpt_err.c -SRCS+= uid.c o_time.c o_str.c o_fips.c o_init.c +SRCS+= uid.c o_time.c o_str.c o_init.c # aes/ SRCS+= aes_misc.c aes_ecb.c aes_cfb.c aes_ofb.c diff --git a/lib/libcrypto/o_fips.c b/lib/libcrypto/o_fips.c deleted file mode 100644 index 43312ae23f0..00000000000 --- a/lib/libcrypto/o_fips.c +++ /dev/null @@ -1,75 +0,0 @@ -/* Written by Stephen henson (steve@openssl.org) for the OpenSSL - * project 2011. - */ -/* ==================================================================== - * Copyright (c) 2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include "cryptlib.h" - -int -FIPS_mode(void) -{ - OPENSSL_init(); - return 0; -} - -int -FIPS_mode_set(int r) -{ - OPENSSL_init(); - if (r == 0) - return 1; - CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED); - return 0; -} diff --git a/lib/libssl/src/crypto/crypto.h b/lib/libssl/src/crypto/crypto.h index 56c5dfadb8c..2609b18b5f3 100644 --- a/lib/libssl/src/crypto/crypto.h +++ b/lib/libssl/src/crypto/crypto.h @@ -531,9 +531,6 @@ unsigned long *OPENSSL_ia32cap_loc(void); #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) int OPENSSL_isservice(void); -int FIPS_mode(void); -int FIPS_mode_set(int r); - void OPENSSL_init(void); #define fips_md_init(alg) fips_md_init_ctx(alg, alg) diff --git a/lib/libssl/src/crypto/o_fips.c b/lib/libssl/src/crypto/o_fips.c deleted file mode 100644 index 43312ae23f0..00000000000 --- a/lib/libssl/src/crypto/o_fips.c +++ /dev/null @@ -1,75 +0,0 @@ -/* Written by Stephen henson (steve@openssl.org) for the OpenSSL - * project 2011. - */ -/* ==================================================================== - * Copyright (c) 2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include "cryptlib.h" - -int -FIPS_mode(void) -{ - OPENSSL_init(); - return 0; -} - -int -FIPS_mode_set(int r) -{ - OPENSSL_init(); - if (r == 0) - return 1; - CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED); - return 0; -} -- 2.20.1