[openssl] master update

Wed Mar 3 11:22:37 UTC 2021

The branch master has been updated
       via  87994aa847f7c650cd3c06a2a4abdeee2ef71574 (commit)
      from  fb67126ea8a1a9fadb9b60641d84808fc123cd9d (commit)


- Log -----------------------------------------------------------------
commit 87994aa847f7c650cd3c06a2a4abdeee2ef71574
Author: Pauli <ppzgs1 at gmail.com>
Date:   Tue Mar 2 07:38:00 2021 +1000

    rand: remove FIPS mode conditional code.
    
    The FIPS provider no longer has seeding sources inside the boundary, the
    related conditional code can therefore be removed.
    
    Fixes #14358
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14382)

-----------------------------------------------------------------------

Summary of changes:
 .../implementations/rands/seeding/rand_unix.c      | 36 +---------------------
 1 file changed, 1 insertion(+), 35 deletions(-)

diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c
index 81fd50c430..3e99fce70a 100644
--- a/providers/implementations/rands/seeding/rand_unix.c
+++ b/providers/implementations/rands/seeding/rand_unix.c
@@ -40,35 +40,6 @@
 # include <sys/param.h>
 # include <sys/random.h>
 #endif
-/*
- * Provide a compile time error if the FIPS module is being built and none
- * of the supported entropy sources are available.
- */
-#if defined(FIPS_MODULE)
-# if !defined(OPENSSL_RAND_SEED_GETRANDOM) \
-     && !defined(OPENSSL_RAND_SEED_DEVRANDOM) \
-     && !defined(OPENSSL_RAND_SEED_RDCPU) \
-     && !defined(OPENSSL_RAND_SEED_OS)
-#  error FIPS mode without supported randomness source
-# endif
-/* Remove the sources that are not permitted in FIPS */
-# ifdef OPENSSL_RAND_SEED_LIBRANDOM
-#  undef OPENSSL_RAND_SEED_LIBRANDOM
-#  warning FIPS mode does not support the _librandom_ randomness source
-# endif
-# ifdef OPENSSL_RAND_SEED_RDTSC
-#  undef OPENSSL_RAND_SEED_RDTSC
-#  warning FIPS mode does not support the _RDTSC_ randomness source
-# endif
-# ifdef OPENSSL_RAND_SEED_EGD
-#  undef OPENSSL_RAND_SEED_EGD
-#  warning FIPS mode does not support the _EGD_ randomness source
-# endif
-# ifdef OPENSSL_RAND_SEED_NONE
-#  undef OPENSSL_RAND_SEED_NONE
-#  warning FIPS mode does not support the _none_ randomness source
-# endif
-#endif
 
 #if (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) \
      || defined(__DJGPP__)
@@ -393,7 +364,7 @@ static ssize_t syscall_random(void *buf, size_t buflen)
         if (errno != ENOSYS)
             return -1;
     }
-#    elif !defined(FIPS_MODULE)
+#    else
     union {
         void *p;
         int (*f)(void *buffer, size_t length);
@@ -441,12 +412,10 @@ static int keep_random_devices_open = 1;
        && defined(OPENSSL_RAND_SEED_GETRANDOM)
 static void *shm_addr;
 
-#    if !defined(FIPS_MODULE)
 static void cleanup_shm(void)
 {
     shmdt(shm_addr);
 }
-#    endif
 
 /*
  * Ensure that the system randomness source has been adequately seeded.
@@ -512,11 +481,8 @@ static int wait_random_seeded(void)
              * If this call fails, it isn't a big problem.
              */
             shm_addr = shmat(shm_id, NULL, SHM_RDONLY);
-#    ifndef FIPS_MODULE
-            /* TODO 3.0: The FIPS provider doesn't have OPENSSL_atexit */
             if (shm_addr != (void *)-1)
                 OPENSSL_atexit(&cleanup_shm);
-#    endif
         }
     }
     return seeded;
