[openssl] master update

tomas at openssl.org tomas at openssl.org
Mon Jun 7 06:37:26 UTC 2021 

The branch master has been updated
       via  dce7272d08601929a494b9367f4e70163c524cb3 (commit)
      from  97cf9b05fa1cdb8e4e7f60016aa95ae0e976e8c3 (commit)


- Log -----------------------------------------------------------------
commit dce7272d08601929a494b9367f4e70163c524cb3
Author: Tomas Mraz <tomas at openssl.org>
Date:   Fri Jun 4 17:01:24 2021 +0200

    Elimination of some sources not needed in the FIPS_MODULE
    
    Unfortunately in terms of fips.sources this does not mean much
    given the way how the .h files are added via the dependency
    information from the compiler.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15622)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rand/build.info   |  2 +-
 crypto/rand/rand_lib.c   | 24 ++++++++++++------------
 crypto/rand/rand_local.h |  2 ++
 crypto/rand/rand_meth.c  |  4 ----
 include/crypto/sm2.h     |  2 +-
 5 files changed, 16 insertions(+), 18 deletions(-)

diff --git a/crypto/rand/build.info b/crypto/rand/build.info
index 500667c332..a74282516f 100644
--- a/crypto/rand/build.info
+++ b/crypto/rand/build.info
@@ -7,7 +7,7 @@ IF[{- !$disabled{'egd'} -}]
   $CRYPTO=$CRYPTO rand_egd.c
 ENDIF
 IF[{- !$disabled{'deprecated-3.0'} -}]
-  $COMMON=$COMMON  rand_meth.c
+  $CRYPTO=$CRYPTO rand_meth.c
 ENDIF
 
 SOURCE[../../libcrypto]=$COMMON $CRYPTO
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index a3305b76b4..62bd1d6796 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -10,25 +10,25 @@
 /* We need to use some engine deprecated APIs */
 #define OPENSSL_SUPPRESS_DEPRECATED
 
-#include <stdio.h>
-#include <time.h>
-#include <limits.h>
-#include <openssl/trace.h>
 #include <openssl/err.h>
-#include <openssl/conf.h>
-#include "internal/cryptlib.h"
 #include <openssl/opensslconf.h>
-#include "crypto/rand.h"
-#include "crypto/cryptlib.h"
-#include <openssl/engine.h>
 #include <openssl/core_names.h>
+#include "internal/cryptlib.h"
 #include "internal/thread_once.h"
+#include "crypto/rand.h"
+#include "crypto/cryptlib.h"
 #include "rand_local.h"
-#include "e_os.h"
 
 #ifndef FIPS_MODULE
+# include <stdio.h>
+# include <time.h>
+# include <limits.h>
+# include <openssl/conf.h>
+# include <openssl/trace.h>
+# include <openssl/engine.h>
 # include "crypto/rand_pool.h"
 # include "prov/seeding.h"
+# include "e_os.h"
 
 # ifndef OPENSSL_NO_ENGINE
 /* non-NULL if default_RAND_meth is ENGINE-provided */
@@ -319,7 +319,7 @@ int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num,
                        unsigned int strength)
 {
     EVP_RAND_CTX *rand;
-#ifndef OPENSSL_NO_DEPRECATED_3_0
+#if !defined(OPENSSL_NO_DEPRECATED_3_0) && !defined(FIPS_MODULE)
     const RAND_METHOD *meth = RAND_get_rand_method();
 
     if (meth != NULL && meth != RAND_OpenSSL()) {
@@ -348,7 +348,7 @@ int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num,
                   unsigned int strength)
 {
     EVP_RAND_CTX *rand;
-#ifndef OPENSSL_NO_DEPRECATED_3_0
+#if !defined(OPENSSL_NO_DEPRECATED_3_0) && !defined(FIPS_MODULE)
     const RAND_METHOD *meth = RAND_get_rand_method();
 
     if (meth != NULL && meth != RAND_OpenSSL()) {
diff --git a/crypto/rand/rand_local.h b/crypto/rand/rand_local.h
index 3b4ad8ca65..31428f20c8 100644
--- a/crypto/rand/rand_local.h
+++ b/crypto/rand/rand_local.h
@@ -25,7 +25,9 @@
 # define PRIMARY_RESEED_TIME_INTERVAL            (60 * 60) /* 1 hour */
 # define SECONDARY_RESEED_TIME_INTERVAL          (7 * 60)  /* 7 minutes */
 
+# ifndef FIPS_MODULE
 /* The global RAND method, and the global buffer and DRBG instance. */
 extern RAND_METHOD ossl_rand_meth;
+# endif
 
 #endif
diff --git a/crypto/rand/rand_meth.c b/crypto/rand/rand_meth.c
index 49bf0acdf5..276763057d 100644
--- a/crypto/rand/rand_meth.c
+++ b/crypto/rand/rand_meth.c
@@ -61,9 +61,5 @@ RAND_METHOD ossl_rand_meth = {
 
 RAND_METHOD *RAND_OpenSSL(void)
 {
-#ifndef FIPS_MODULE
     return &ossl_rand_meth;
-#else
-    return NULL;
-#endif
 }
diff --git a/include/crypto/sm2.h b/include/crypto/sm2.h
index e3278a31e6..165c01810f 100644
--- a/include/crypto/sm2.h
+++ b/include/crypto/sm2.h
@@ -15,7 +15,7 @@
 
 # include <openssl/opensslconf.h>
 
-# ifndef OPENSSL_NO_SM2
+# if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
 
 #  include <openssl/ec.h>
 #  include "crypto/types.h"

More information about the openssl-commits mailing list