[openssl] master update
shane.lontis at oracle.com
shane.lontis at oracle.com
Thu May 7 06:09:32 UTC 2020
The branch master has been updated
via 31b069ecea2c567de22b3874c8e71cc37c921ec9 (commit)
from 45c236ad1f1c881281017941a0e7126735a190e8 (commit)
- Log -----------------------------------------------------------------
commit 31b069ecea2c567de22b3874c8e71cc37c921ec9
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Thu May 7 16:08:18 2020 +1000
Remove legacy FIPS_mode functions
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11680)
-----------------------------------------------------------------------
Summary of changes:
CHANGES.md | 7 +++++++
crypto/build.info | 2 +-
crypto/o_fips.c | 24 ------------------------
include/openssl/crypto.h | 3 ---
util/libcrypto.num | 4 ++--
5 files changed, 10 insertions(+), 30 deletions(-)
delete mode 100644 crypto/o_fips.c
diff --git a/CHANGES.md b/CHANGES.md
index b11ca85c65..6da7bcde72 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -24,6 +24,13 @@ OpenSSL 3.0
### Changes between 1.1.1 and 3.0 [xx XXX xxxx] ###
+* Removed FIPS_mode() and FIPS_mode_set(). These functions are legacy API's
+ that are not applicable to the new provider model. Applications should
+ instead use EVP_default_properties_is_fips_enabled() and
+ EVP_default_properties_enable_fips().
+
+ *Shane Lontis*
+
* Deprecated EC_POINT_set_Jprojective_coordinates_GFp() and
EC_POINT_get_Jprojective_coordinates_GFp(). These functions are not widely
used and applications should instead use the
diff --git a/crypto/build.info b/crypto/build.info
index 860b8bb823..3537bbcc26 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -77,7 +77,7 @@ $UTIL_DEFINE=$CPUIDDEF
SOURCE[../libcrypto]=$UTIL_COMMON \
mem.c mem_sec.c \
cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \
- o_fopen.c getenv.c o_init.c o_fips.c init.c trace.c provider.c \
+ o_fopen.c getenv.c o_init.c init.c trace.c provider.c \
$UPLINKSRC
SOURCE[../providers/libfips.a]=$UTIL_COMMON
SOURCE[../providers/liblegacy.a]=$UTIL_COMMON
diff --git a/crypto/o_fips.c b/crypto/o_fips.c
deleted file mode 100644
index ac768e5aa3..0000000000
--- a/crypto/o_fips.c
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include "internal/cryptlib.h"
-
-int FIPS_mode(void)
-{
- /* This version of the library does not support FIPS mode. */
- return 0;
-}
-
-int FIPS_mode_set(int r)
-{
- if (r == 0)
- return 1;
- CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED);
- return 0;
-}
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index 0b3a20dfd2..3cca316cd4 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -377,9 +377,6 @@ ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line
int OPENSSL_isservice(void);
-int FIPS_mode(void);
-int FIPS_mode_set(int r);
-
void OPENSSL_init(void);
# ifdef OPENSSL_SYS_UNIX
void OPENSSL_fork_prepare(void);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 32942a53de..e91c265e20 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -490,7 +490,7 @@ X509_CRL_print 499 3_0_0 EXIST::FUNCTION:
WHIRLPOOL_Update 500 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,WHIRLPOOL
DSA_get_ex_data 501 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
BN_copy 502 3_0_0 EXIST::FUNCTION:
-FIPS_mode_set 503 3_0_0 EXIST::FUNCTION:
+FIPS_mode_set 503 3_0_0 NOEXIST::FUNCTION:
X509_VERIFY_PARAM_add0_policy 504 3_0_0 EXIST::FUNCTION:
PKCS7_cert_from_signer_info 505 3_0_0 EXIST::FUNCTION:
X509_TRUST_get_trust 506 3_0_0 EXIST::FUNCTION:
@@ -2534,7 +2534,7 @@ OPENSSL_strnlen 2587 3_0_0 EXIST::FUNCTION:
IDEA_ecb_encrypt 2588 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA
ASN1_STRING_set_default_mask 2589 3_0_0 EXIST::FUNCTION:
TS_VERIFY_CTX_add_flags 2590 3_0_0 EXIST::FUNCTION:TS
-FIPS_mode 2591 3_0_0 EXIST::FUNCTION:
+FIPS_mode 2591 3_0_0 NOEXIST::FUNCTION:
d2i_ASN1_UNIVERSALSTRING 2592 3_0_0 EXIST::FUNCTION:
NAME_CONSTRAINTS_free 2593 3_0_0 EXIST::FUNCTION:
EC_GROUP_get_order 2594 3_0_0 EXIST::FUNCTION:EC
More information about the openssl-commits
mailing list