[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Wed May 5 23:55:23 UTC 2021
The branch master has been updated
via 08a337fac6d56a3b9419f4fbf9a19af958c9c2a1 (commit)
from a07b0bfb99169d23d2801b8aee210d98a0d12cac (commit)
- Log -----------------------------------------------------------------
commit 08a337fac6d56a3b9419f4fbf9a19af958c9c2a1
Author: Rich Salz <rsalz at akamai.com>
Date: Tue May 4 12:05:54 2021 -0400
Remove all trace of FIPS_mode functions
Removed error codes, and the mention of the functions.
This removal is already documented in the CHANGES doc.
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15140)
-----------------------------------------------------------------------
Summary of changes:
crypto/cpt_err.c | 2 --
crypto/err/openssl.txt | 6 ------
crypto/evp/evp_cnf.c | 6 +++---
crypto/evp/evp_err.c | 5 -----
include/openssl/cryptoerr.h | 1 -
include/openssl/cryptoerr_legacy.h | 1 -
include/openssl/evperr.h | 3 ---
include/openssl/sslerr.h | 1 -
ssl/ssl_err.c | 2 --
util/libcrypto.num | 2 --
util/missingcrypto.txt | 2 --
11 files changed, 3 insertions(+), 28 deletions(-)
diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c
index 65fb429c58..bad3ca3cee 100644
--- a/crypto/cpt_err.c
+++ b/crypto/cpt_err.c
@@ -19,8 +19,6 @@ static const ERR_STRING_DATA CRYPTO_str_reasons[] = {
"bad algorithm name"},
{ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_CONFLICTING_NAMES),
"conflicting names"},
- {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED),
- "fips mode not supported"},
{ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_HEX_STRING_TOO_SHORT),
"hex string too short"},
{ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ILLEGAL_HEX_DIGIT),
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 728356148f..1391c00a17 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -427,7 +427,6 @@ CRMF_R_UNSUPPORTED_METHOD_FOR_CREATING_POPO:115:\
CRMF_R_UNSUPPORTED_POPO_METHOD:116:unsupported popo method
CRYPTO_R_BAD_ALGORITHM_NAME:117:bad algorithm name
CRYPTO_R_CONFLICTING_NAMES:118:conflicting names
-CRYPTO_R_FIPS_MODE_NOT_SUPPORTED:101:fips mode not supported
CRYPTO_R_HEX_STRING_TOO_SHORT:121:hex string too short
CRYPTO_R_ILLEGAL_HEX_DIGIT:102:illegal hex digit
CRYPTO_R_INSUFFICIENT_DATA_SPACE:106:insufficient data space
@@ -664,7 +663,6 @@ EVP_R_DEFAULT_QUERY_PARSE_ERROR:210:default query parse error
EVP_R_DIFFERENT_KEY_TYPES:101:different key types
EVP_R_DIFFERENT_PARAMETERS:153:different parameters
EVP_R_ERROR_LOADING_SECTION:165:error loading section
-EVP_R_ERROR_SETTING_FIPS_MODE:166:error setting fips mode
EVP_R_EXPECTING_AN_HMAC_KEY:174:expecting an hmac key
EVP_R_EXPECTING_AN_RSA_KEY:127:expecting an rsa key
EVP_R_EXPECTING_A_DH_KEY:128:expecting a dh key
@@ -674,7 +672,6 @@ EVP_R_EXPECTING_A_EC_KEY:142:expecting an ec key
EVP_R_EXPECTING_A_POLY1305_KEY:164:expecting a poly1305 key
EVP_R_EXPECTING_A_SIPHASH_KEY:175:expecting a siphash key
EVP_R_FINAL_ERROR:188:final error
-EVP_R_FIPS_MODE_NOT_SUPPORTED:167:fips mode not supported
EVP_R_GENERATE_ERROR:214:generate error
EVP_R_GET_RAW_KEY_FAILED:182:get raw key failed
EVP_R_ILLEGAL_SCRYPT_PARAMETERS:171:illegal scrypt parameters
@@ -684,7 +681,6 @@ EVP_R_INITIALIZATION_ERROR:134:initialization error
EVP_R_INPUT_NOT_INITIALIZED:111:input not initialized
EVP_R_INVALID_CUSTOM_LENGTH:185:invalid custom length
EVP_R_INVALID_DIGEST:152:invalid digest
-EVP_R_INVALID_FIPS_MODE:168:invalid fips mode
EVP_R_INVALID_IV_LENGTH:194:invalid iv length
EVP_R_INVALID_KEY:163:invalid key
EVP_R_INVALID_KEY_LENGTH:130:invalid key length
@@ -1226,8 +1222,6 @@ SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY:291:\
SSL_R_APP_DATA_IN_HANDSHAKE:100:app data in handshake
SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT:272:\
attempt to reuse session in different context
-SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE:143:\
- at least TLS 1.0 needed in FIPS mode
SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE:158:\
at least (D)TLS 1.2 needed in Suite B mode
SSL_R_BAD_CHANGE_CIPHER_SPEC:103:bad change cipher spec
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
index 7c2301d26c..aee79712cd 100644
--- a/crypto/evp/evp_cnf.c
+++ b/crypto/evp/evp_cnf.c
@@ -38,10 +38,10 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
if (strcmp(oval->name, "fips_mode") == 0) {
int m;
- if (!X509V3_get_value_bool(oval, &m)) {
- ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_FIPS_MODE);
+ /* Detailed error already reported. */
+ if (!X509V3_get_value_bool(oval, &m))
return 0;
- }
+
/*
* fips_mode is deprecated and should not be used in new
* configurations.
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index ad95f5ef02..cd36b09fb5 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -55,8 +55,6 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
"different parameters"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION),
"error loading section"},
- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_SETTING_FIPS_MODE),
- "error setting fips mode"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_HMAC_KEY),
"expecting an hmac key"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_RSA_KEY),
@@ -72,8 +70,6 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_SIPHASH_KEY),
"expecting a siphash key"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_FINAL_ERROR), "final error"},
- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_FIPS_MODE_NOT_SUPPORTED),
- "fips mode not supported"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_GENERATE_ERROR), "generate error"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_GET_RAW_KEY_FAILED), "get raw key failed"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ILLEGAL_SCRYPT_PARAMETERS),
@@ -88,7 +84,6 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_CUSTOM_LENGTH),
"invalid custom length"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_DIGEST), "invalid digest"},
- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_IV_LENGTH), "invalid iv length"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY), "invalid key"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY_LENGTH), "invalid key length"},
diff --git a/include/openssl/cryptoerr.h b/include/openssl/cryptoerr.h
index 8db3064ce2..6799668089 100644
--- a/include/openssl/cryptoerr.h
+++ b/include/openssl/cryptoerr.h
@@ -23,7 +23,6 @@
*/
# define CRYPTO_R_BAD_ALGORITHM_NAME 117
# define CRYPTO_R_CONFLICTING_NAMES 118
-# define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101
# define CRYPTO_R_HEX_STRING_TOO_SHORT 121
# define CRYPTO_R_ILLEGAL_HEX_DIGIT 102
# define CRYPTO_R_INSUFFICIENT_DATA_SPACE 106
diff --git a/include/openssl/cryptoerr_legacy.h b/include/openssl/cryptoerr_legacy.h
index 6b78c5624c..ccab33a5d4 100644
--- a/include/openssl/cryptoerr_legacy.h
+++ b/include/openssl/cryptoerr_legacy.h
@@ -463,7 +463,6 @@ OSSL_DEPRECATEDIN_3_0 int ERR_load_X509V3_strings(void);
# define CRYPTO_F_CRYPTO_OCB128_COPY_CTX 0
# define CRYPTO_F_CRYPTO_OCB128_INIT 0
# define CRYPTO_F_CRYPTO_SET_EX_DATA 0
-# define CRYPTO_F_FIPS_MODE_SET 0
# define CRYPTO_F_GET_AND_LOCK 0
# define CRYPTO_F_OPENSSL_ATEXIT 0
# define CRYPTO_F_OPENSSL_BUF2HEXSTR 0
diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h
index ffa8bacd5b..a5053f6cd2 100644
--- a/include/openssl/evperr.h
+++ b/include/openssl/evperr.h
@@ -44,7 +44,6 @@
# define EVP_R_DIFFERENT_KEY_TYPES 101
# define EVP_R_DIFFERENT_PARAMETERS 153
# define EVP_R_ERROR_LOADING_SECTION 165
-# define EVP_R_ERROR_SETTING_FIPS_MODE 166
# define EVP_R_EXPECTING_AN_HMAC_KEY 174
# define EVP_R_EXPECTING_AN_RSA_KEY 127
# define EVP_R_EXPECTING_A_DH_KEY 128
@@ -54,7 +53,6 @@
# define EVP_R_EXPECTING_A_POLY1305_KEY 164
# define EVP_R_EXPECTING_A_SIPHASH_KEY 175
# define EVP_R_FINAL_ERROR 188
-# define EVP_R_FIPS_MODE_NOT_SUPPORTED 167
# define EVP_R_GENERATE_ERROR 214
# define EVP_R_GET_RAW_KEY_FAILED 182
# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171
@@ -64,7 +62,6 @@
# define EVP_R_INPUT_NOT_INITIALIZED 111
# define EVP_R_INVALID_CUSTOM_LENGTH 185
# define EVP_R_INVALID_DIGEST 152
-# define EVP_R_INVALID_FIPS_MODE 168
# define EVP_R_INVALID_IV_LENGTH 194
# define EVP_R_INVALID_KEY 163
# define EVP_R_INVALID_KEY_LENGTH 130
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index 30d843cf2d..87aa4f0d00 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -24,7 +24,6 @@
# define SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY 291
# define SSL_R_APP_DATA_IN_HANDSHAKE 100
# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
-# define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE 143
# define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE 158
# define SSL_R_BAD_CHANGE_CIPHER_SPEC 103
# define SSL_R_BAD_CIPHER 186
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 347b263d69..c15a24f65f 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -21,8 +21,6 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
"app data in handshake"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),
"attempt to reuse session in different context"},
- {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE),
- "at least TLS 1.0 needed in FIPS mode"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE),
"at least (D)TLS 1.2 needed in Suite B mode"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_CHANGE_CIPHER_SPEC),
diff --git a/util/libcrypto.num b/util/libcrypto.num
index da5936f1ab..13ec6e26f7 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -490,7 +490,6 @@ X509_CRL_print 499 3_0_0 EXIST::FUNCTION:
WHIRLPOOL_Update 500 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,WHIRLPOOL
DSA_get_ex_data 501 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
BN_copy 502 3_0_0 EXIST::FUNCTION:
-FIPS_mode_set 503 3_0_0 NOEXIST::FUNCTION:
X509_VERIFY_PARAM_add0_policy 504 3_0_0 EXIST::FUNCTION:
PKCS7_cert_from_signer_info 505 3_0_0 EXIST::FUNCTION:
X509_TRUST_get_trust 506 3_0_0 EXIST::FUNCTION:
@@ -2534,7 +2533,6 @@ OPENSSL_strnlen 2587 3_0_0 EXIST::FUNCTION:
IDEA_ecb_encrypt 2588 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA
ASN1_STRING_set_default_mask 2589 3_0_0 EXIST::FUNCTION:
TS_VERIFY_CTX_add_flags 2590 3_0_0 EXIST::FUNCTION:TS
-FIPS_mode 2591 3_0_0 NOEXIST::FUNCTION:
d2i_ASN1_UNIVERSALSTRING 2592 3_0_0 EXIST::FUNCTION:
NAME_CONSTRAINTS_free 2593 3_0_0 EXIST::FUNCTION:
EC_GROUP_get_order 2594 3_0_0 EXIST::FUNCTION:EC
diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt
index efd3c7516a..cb5a9eaa6f 100644
--- a/util/missingcrypto.txt
+++ b/util/missingcrypto.txt
@@ -685,8 +685,6 @@ EVP_read_pw_string_min(3)
EVP_set_pw_prompt(3)
EVP_str2ctrl(3)
EXTENDED_KEY_USAGE_it(3)
-FIPS_mode(3)
-FIPS_mode_set(3)
GENERAL_NAMES_it(3)
GENERAL_NAME_cmp(3)
GENERAL_NAME_get0_otherName(3)
More information about the openssl-commits
mailing list