[openssl] master update

shane.lontis at oracle.com shane.lontis at oracle.com
Thu May 7 06:09:32 UTC 2020


The branch master has been updated
       via  31b069ecea2c567de22b3874c8e71cc37c921ec9 (commit)
      from  45c236ad1f1c881281017941a0e7126735a190e8 (commit)


- Log -----------------------------------------------------------------
commit 31b069ecea2c567de22b3874c8e71cc37c921ec9
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Thu May 7 16:08:18 2020 +1000

    Remove legacy FIPS_mode functions
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/11680)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md               |  7 +++++++
 crypto/build.info        |  2 +-
 crypto/o_fips.c          | 24 ------------------------
 include/openssl/crypto.h |  3 ---
 util/libcrypto.num       |  4 ++--
 5 files changed, 10 insertions(+), 30 deletions(-)
 delete mode 100644 crypto/o_fips.c

diff --git a/CHANGES.md b/CHANGES.md
index b11ca85c65..6da7bcde72 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -24,6 +24,13 @@ OpenSSL 3.0
 
 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] ###
 
+*  Removed FIPS_mode() and FIPS_mode_set(). These functions are legacy API's
+   that are not applicable to the new provider model. Applications should
+   instead use EVP_default_properties_is_fips_enabled() and
+   EVP_default_properties_enable_fips().
+
+   *Shane Lontis*
+
  * Deprecated EC_POINT_set_Jprojective_coordinates_GFp() and
    EC_POINT_get_Jprojective_coordinates_GFp(). These functions are not widely
    used and applications should instead use the
diff --git a/crypto/build.info b/crypto/build.info
index 860b8bb823..3537bbcc26 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -77,7 +77,7 @@ $UTIL_DEFINE=$CPUIDDEF
 SOURCE[../libcrypto]=$UTIL_COMMON \
         mem.c mem_sec.c \
         cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \
-        o_fopen.c getenv.c o_init.c o_fips.c init.c trace.c provider.c \
+        o_fopen.c getenv.c o_init.c init.c trace.c provider.c \
         $UPLINKSRC
 SOURCE[../providers/libfips.a]=$UTIL_COMMON
 SOURCE[../providers/liblegacy.a]=$UTIL_COMMON
diff --git a/crypto/o_fips.c b/crypto/o_fips.c
deleted file mode 100644
index ac768e5aa3..0000000000
--- a/crypto/o_fips.c
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include "internal/cryptlib.h"
-
-int FIPS_mode(void)
-{
-    /* This version of the library does not support FIPS mode. */
-    return 0;
-}
-
-int FIPS_mode_set(int r)
-{
-    if (r == 0)
-        return 1;
-    CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED);
-    return 0;
-}
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index 0b3a20dfd2..3cca316cd4 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -377,9 +377,6 @@ ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line
 
 int OPENSSL_isservice(void);
 
-int FIPS_mode(void);
-int FIPS_mode_set(int r);
-
 void OPENSSL_init(void);
 # ifdef OPENSSL_SYS_UNIX
 void OPENSSL_fork_prepare(void);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 32942a53de..e91c265e20 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -490,7 +490,7 @@ X509_CRL_print                          499	3_0_0	EXIST::FUNCTION:
 WHIRLPOOL_Update                        500	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,WHIRLPOOL
 DSA_get_ex_data                         501	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
 BN_copy                                 502	3_0_0	EXIST::FUNCTION:
-FIPS_mode_set                           503	3_0_0	EXIST::FUNCTION:
+FIPS_mode_set                           503	3_0_0	NOEXIST::FUNCTION:
 X509_VERIFY_PARAM_add0_policy           504	3_0_0	EXIST::FUNCTION:
 PKCS7_cert_from_signer_info             505	3_0_0	EXIST::FUNCTION:
 X509_TRUST_get_trust                    506	3_0_0	EXIST::FUNCTION:
@@ -2534,7 +2534,7 @@ OPENSSL_strnlen                         2587	3_0_0	EXIST::FUNCTION:
 IDEA_ecb_encrypt                        2588	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA
 ASN1_STRING_set_default_mask            2589	3_0_0	EXIST::FUNCTION:
 TS_VERIFY_CTX_add_flags                 2590	3_0_0	EXIST::FUNCTION:TS
-FIPS_mode                               2591	3_0_0	EXIST::FUNCTION:
+FIPS_mode                               2591	3_0_0	NOEXIST::FUNCTION:
 d2i_ASN1_UNIVERSALSTRING                2592	3_0_0	EXIST::FUNCTION:
 NAME_CONSTRAINTS_free                   2593	3_0_0	EXIST::FUNCTION:
 EC_GROUP_get_order                      2594	3_0_0	EXIST::FUNCTION:EC


More information about the openssl-commits mailing list