[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Sat May 8 10:45:15 UTC 2021
The branch master has been updated
via 839261592ca447aa083403cee7b0ced97cef6159 (commit)
from 0d40ca47bd86e74a95c3a2f5fb6c67cdbee93c79 (commit)
- Log -----------------------------------------------------------------
commit 839261592ca447aa083403cee7b0ced97cef6159
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Thu May 6 14:03:20 2021 +1000
Remove unused code from the fips module
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15167)
-----------------------------------------------------------------------
Summary of changes:
Configurations/unix-Makefile.tmpl | 1 -
crypto/ec/build.info | 11 ++++++-----
crypto/evp/build.info | 7 ++++---
crypto/md5/build.info | 3 +--
providers/fips-sources.checksums | 11 +----------
providers/fips.checksum | 2 +-
providers/fips.module.sources | 9 ---------
ssl/s3_cbc.c | 16 +++++++++++-----
8 files changed, 24 insertions(+), 36 deletions(-)
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index d98c42c85e..c2a0de3a97 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -1167,7 +1167,6 @@ $(SRCDIR)/providers/fips.module.sources: \
for x in crypto/bn/asm/*.pl crypto/bn/asm/*.S \
crypto/aes/asm/*.pl crypto/aes/asm/*.S \
crypto/ec/asm/*.pl \
- crypto/md5/asm/*.pl \
crypto/modes/asm/*.pl \
crypto/sha/asm/*.pl; do \
echo "$$x"; \
diff --git a/crypto/ec/build.info b/crypto/ec/build.info
index 4b6556acc0..dbe3a52572 100644
--- a/crypto/ec/build.info
+++ b/crypto/ec/build.info
@@ -44,9 +44,9 @@ IF[{- !$disabled{asm} -}]
ENDIF
$COMMON=ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \
- ec_curve.c ec_check.c ec_print.c ec_key.c ecx_key.c ec_asn1.c \
- ec2_smpl.c ec_deprecated.c \
- ecp_oct.c ec2_oct.c ec_oct.c ec_kmeth.c ecdh_ossl.c \
+ ec_curve.c ec_check.c ec_key.c ec_kmeth.c ecx_key.c ec_asn1.c \
+ ec2_smpl.c \
+ ecp_oct.c ec2_oct.c ec_oct.c ecdh_ossl.c \
ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c \
curve448/f_generic.c curve448/scalar.c \
curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \
@@ -57,8 +57,9 @@ IF[{- !$disabled{'ec_nistp_64_gcc_128'} -}]
$COMMON=$COMMON ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c
ENDIF
-SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c ecx_meth.c ecx_key.c \
- ec_err.c eck_prn.c
+SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c ecx_meth.c \
+ ec_err.c eck_prn.c \
+ ec_deprecated.c ec_print.c
SOURCE[../../providers/libfips.a]=$COMMON
# Implementations are now spread across several libraries, so the defines
diff --git a/crypto/evp/build.info b/crypto/evp/build.info
index 34551df4a3..95fea31226 100644
--- a/crypto/evp/build.info
+++ b/crypto/evp/build.info
@@ -1,8 +1,8 @@
LIBS=../../libcrypto
-$COMMON=digest.c evp_enc.c evp_lib.c evp_fetch.c cmeth_lib.c evp_utils.c \
+$COMMON=digest.c evp_enc.c evp_lib.c evp_fetch.c evp_utils.c \
mac_lib.c mac_meth.c keymgmt_meth.c keymgmt_lib.c kdf_lib.c kdf_meth.c \
m_sigver.c pmeth_lib.c signature.c p_lib.c pmeth_gn.c exchange.c \
- pmeth_check.c evp_rand.c asymcipher.c kem.c dh_support.c ec_support.c
+ evp_rand.c asymcipher.c kem.c dh_support.c ec_support.c pmeth_check.c
SOURCE[../../libcrypto]=$COMMON\
encode.c evp_key.c evp_cnf.c \
@@ -15,7 +15,8 @@ SOURCE[../../libcrypto]=$COMMON\
evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c pbe_scrypt.c \
e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \
e_chacha20_poly1305.c \
- legacy_sha.c ctrl_params_translate.c
+ legacy_sha.c ctrl_params_translate.c \
+ cmeth_lib.c
# Diverse type specific ctrl functions. They are kinda sorta legacy, kinda
# sorta not.
diff --git a/crypto/md5/build.info b/crypto/md5/build.info
index c35177bd50..080411cc2c 100644
--- a/crypto/md5/build.info
+++ b/crypto/md5/build.info
@@ -15,7 +15,7 @@ IF[{- !$disabled{asm} -}]
ENDIF
$COMMON=md5_dgst.c md5_one.c md5_sha1.c $MD5ASM
-SOURCE[../../libcrypto ../../providers/libfips.a]=$COMMON
+SOURCE[../../libcrypto]=$COMMON
# A no-deprecated no-shared build ends up with double function definitions
# without conditioning this on dso. The issue is MD5 which is needed in the
@@ -30,7 +30,6 @@ ENDIF
# Implementations are now spread across several libraries, so the defines
# need to be applied to all affected libraries and modules.
DEFINE[../../libcrypto]=$MD5DEF
-DEFINE[../../providers/libfips.a]=$MD5DEF
DEFINE[../../providers/liblegacy.a]=$MD5DEF
GENERATE[md5-586.s]=asm/md5-586.pl
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index b1ec8f2339..e6d798648a 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -147,13 +147,11 @@ ed003170c5eaaaa4a33f4ef37b43465f2ba7a5fa5fec2d7d17c1e0897ea818d7 crypto/ec/ec2_
86e2becf9b3870979e2abefa1bd318e1a31820d275e2b50e03b17fc287abb20a crypto/ec/ec_check.c
845a5e6ad6921aed63a18084d6b64a1907e4cb093639153ba32138e0b29ff0e5 crypto/ec/ec_curve.c
8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f crypto/ec/ec_cvt.c
-06fa7c8f23374ab9c1006d6fd65ee95dac3a3fae036ea6f14399c1a5cc0c7d00 crypto/ec/ec_deprecated.c
2103bb62699b1a0ca4e3f75bd1697d856a9afd7f0051d49e433cf69d62d53e2a crypto/ec/ec_key.c
7b34605e017eb81037344538f917c32d3ab85c744a819617e012bab73c27dd68 crypto/ec/ec_kmeth.c
90f070e5a7ea950e6fe88ed81c72161c58a4896efb4608076061e1fe12908908 crypto/ec/ec_lib.c
58aa89c186c9bb6a5075a1d961723fe1fc97c6e290756ae682fe494c4f2435a0 crypto/ec/ec_mult.c
129c6b42417bfcf582f4a959cfd65433e6f85b158274f4fa38f9c62615ac9166 crypto/ec/ec_oct.c
-ccbf1f7dcba81cb40c07619120e9c330e06e1e7c788ca8912f0f4b1d25bd3f7c crypto/ec/ec_print.c
4341615ac00e3e42c41acd3b36af10250995fb919febc5289122b785c5eccf73 crypto/ec/ecdh_kdf.c
b2cf8f052a5716137da7b0e857ed7a5df5fb513b6d14534199a05e32f2b5a866 crypto/ec/ecdh_ossl.c
49bf1a4dd3d53a5c0e4e05d71be0f6fcbeb5d013c70084ad8111e2d46b7e0f58 crypto/ec/ecdsa_ossl.c
@@ -167,7 +165,6 @@ fa39906519062932adafb63cbf05b5dfa7563673576d421c80ec6b889d024e84 crypto/ec/ecp_
4d9e693c64709a9359ac724a767a85566849373231e314b8d8127b707dd5e83d crypto/ec/ecx_backend.c
22c44f561ab42d1bd7fd3a3c538ebaba375a704f98056b035e7949d73963c580 crypto/ec/ecx_key.c
7c7f3e2a19a95d62942790e525f00cccc87e46da099a0c96d101787d68c75128 crypto/evp/asymcipher.c
-2aacf20d2b9ff0d11b0b4869c530685558ad8898da11391978322b606a0133ba crypto/evp/cmeth_lib.c
0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b crypto/evp/dh_support.c
4433d40517d9550f6a1db90dfb912e32ee10b95497ddfc2a7edb2116f87ee531 crypto/evp/digest.c
87599335b61f97362799170d7b19cbbf775bfecc0fab570b267c7622241cfad8 crypto/evp/ec_support.c
@@ -201,12 +198,6 @@ a87945698684673832fbedb4d01e2f11df58f43f79605a9e6d7136bb15b02e52 crypto/ffc/ffc
84d8ae0141a79548ad65b31fe4673e8603930f942f21f3a7623e23f539799764 crypto/hmac/hmac.c
7000ba81f54c1d516a536bc6e96ad3729e3b5b15740006c2e22f0b76606042d6 crypto/initthread.c
c6c83f826eb6465f2a1b186ea692ff6fe32dbfb821d18d254625b69083d68fb0 crypto/lhash/lhash.c
-b0662fd0dddbac0379be51cee8ccb0384d819f52780a5c7b0b3fcdde145fa7bf crypto/md5/asm/md5-586.pl
-2a31a7f88d948192d6b7c10822c72cf40f215f32909014a2babc3955dafa1593 crypto/md5/asm/md5-sparcv9.pl
-33a402414b3f08e2325bbcb07edff42c553a4400da4ec89d583b29360a3483ed crypto/md5/asm/md5-x86_64.pl
-6926a95504413b5b29b2fa89a6c8cec5406ae7044cefe28c577279c8bb56291b crypto/md5/md5_dgst.c
-5d07872812807c385daea71df1d4569dcba03fabce646878f9f338947528fe1f crypto/md5/md5_one.c
-8641fbe434f769a9d70981963870ceb4dcc3aadbe4f4fa2e7a8bf70e1c47fba0 crypto/md5/md5_sha1.c
f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0 crypto/mem_clr.c
183bdca6f855182d7d2c78a5c961b34283f85ea69ac828b700605ee82546397d crypto/modes/asm/aes-gcm-armv8_64.pl
1d686af304f94743038f916125effcb51790c025f3165d8d37b526bbeee781f0 crypto/modes/asm/aesni-gcm-x86_64.pl
@@ -403,4 +394,4 @@ a7f16a6480f5051d1197b992e042a73535d0922bdd3c962d2a96af780994e858 providers/impl
1cb6ec2efb7b2bb131622aa95e245273f5967065eb0018392ed4ced50d0813b7 providers/implementations/signature/mac_legacy_sig.c
25fe1a61578d54c3e67b60646f3fd3d0a47ff1d4cd620ef1f1fca3341f2662a2 providers/implementations/signature/rsa_sig.c
53a1e913fcc4a4e8e84009229cba60b9e29c7dc6536182fd290478331fad44b4 ssl/record/tls_pad.c
-0143753184c1bddf47af3bd5b5e0d788fc757dac4b77f291627fc25d46eba05c ssl/s3_cbc.c
+85a9701b05ab8dfea42550fbc5e4d9f4011d08ccc64829648fc12091cc1133f5 ssl/s3_cbc.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index e9adf327b3..4ee2135be1 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-4fcfc6375eef7bed6219191cce24513be04a6ebb8b2d5da8e404150a2ecc0eba providers/fips-sources.checksums
+a1ce185646a78b5eb88229b77aec1455e6e361f7428bb884aebe45cb8fdc3703 providers/fips-sources.checksums
diff --git a/providers/fips.module.sources b/providers/fips.module.sources
index 416a2b97f7..7be12dc42e 100644
--- a/providers/fips.module.sources
+++ b/providers/fips.module.sources
@@ -147,13 +147,11 @@ crypto/ec/ec_backend.c
crypto/ec/ec_check.c
crypto/ec/ec_curve.c
crypto/ec/ec_cvt.c
-crypto/ec/ec_deprecated.c
crypto/ec/ec_key.c
crypto/ec/ec_kmeth.c
crypto/ec/ec_lib.c
crypto/ec/ec_mult.c
crypto/ec/ec_oct.c
-crypto/ec/ec_print.c
crypto/ec/ecdh_kdf.c
crypto/ec/ecdh_ossl.c
crypto/ec/ecdsa_ossl.c
@@ -167,7 +165,6 @@ crypto/ec/ecp_smpl.c
crypto/ec/ecx_backend.c
crypto/ec/ecx_key.c
crypto/evp/asymcipher.c
-crypto/evp/cmeth_lib.c
crypto/evp/dh_support.c
crypto/evp/digest.c
crypto/evp/ec_support.c
@@ -201,12 +198,6 @@ crypto/ffc/ffc_params_validate.c
crypto/hmac/hmac.c
crypto/initthread.c
crypto/lhash/lhash.c
-crypto/md5/asm/md5-586.pl
-crypto/md5/asm/md5-sparcv9.pl
-crypto/md5/asm/md5-x86_64.pl
-crypto/md5/md5_dgst.c
-crypto/md5/md5_one.c
-crypto/md5/md5_sha1.c
crypto/mem_clr.c
crypto/modes/asm/aes-gcm-armv8_64.pl
crypto/modes/asm/aesni-gcm-x86_64.pl
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index 26f12654e4..2b4b16cb58 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -75,15 +75,16 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
*/
#define MAX_HASH_BLOCK_SIZE 128
+#ifndef FIPS_MODULE
/*
* u32toLE serializes an unsigned, 32-bit number (n) as four bytes at (p) in
* little-endian order. The value of p is advanced by four.
*/
-#define u32toLE(n, p) \
- (*((p)++)=(unsigned char)(n), \
- *((p)++)=(unsigned char)(n>>8), \
- *((p)++)=(unsigned char)(n>>16), \
- *((p)++)=(unsigned char)(n>>24))
+# define u32toLE(n, p) \
+ (*((p)++)=(unsigned char)(n), \
+ *((p)++)=(unsigned char)(n>>8), \
+ *((p)++)=(unsigned char)(n>>16), \
+ *((p)++)=(unsigned char)(n>>24))
/*
* These functions serialize the state of a hash and thus perform the
@@ -98,6 +99,7 @@ static void tls1_md5_final_raw(void *ctx, unsigned char *md_out)
u32toLE(md5->C, md_out);
u32toLE(md5->D, md_out);
}
+#endif /* FIPS_MODULE */
static void tls1_sha1_final_raw(void *ctx, unsigned char *md_out)
{
@@ -196,6 +198,9 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
return 0;
if (EVP_MD_is_a(md, "MD5")) {
+#ifdef FIPS_MODULE
+ return 0;
+#else
if (MD5_Init((MD5_CTX *)md_state.c) <= 0)
return 0;
md_final_raw = tls1_md5_final_raw;
@@ -204,6 +209,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
md_size = 16;
sslv3_pad_length = 48;
length_is_big_endian = 0;
+#endif
} else if (EVP_MD_is_a(md, "SHA1")) {
if (SHA1_Init((SHA_CTX *)md_state.c) <= 0)
return 0;
More information about the openssl-commits
mailing list