From 31b069ecea2c567de22b3874c8e71cc37c921ec9 Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Thu, 7 May 2020 16:08:18 +1000 Subject: [PATCH] Remove legacy FIPS_mode functions Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11680) --- CHANGES.md | 7 +++++++ crypto/build.info | 2 +- crypto/o_fips.c | 24 ------------------------ include/openssl/crypto.h | 3 --- util/libcrypto.num | 4 ++-- 5 files changed, 10 insertions(+), 30 deletions(-) delete mode 100644 crypto/o_fips.c diff --git a/CHANGES.md b/CHANGES.md index b11ca85c65..6da7bcde72 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -24,6 +24,13 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] ### +* Removed FIPS_mode() and FIPS_mode_set(). These functions are legacy API's + that are not applicable to the new provider model. Applications should + instead use EVP_default_properties_is_fips_enabled() and + EVP_default_properties_enable_fips(). + + *Shane Lontis* + * Deprecated EC_POINT_set_Jprojective_coordinates_GFp() and EC_POINT_get_Jprojective_coordinates_GFp(). These functions are not widely used and applications should instead use the diff --git a/crypto/build.info b/crypto/build.info index 860b8bb823..3537bbcc26 100644 --- a/crypto/build.info +++ b/crypto/build.info @@ -77,7 +77,7 @@ $UTIL_DEFINE=$CPUIDDEF SOURCE[../libcrypto]=$UTIL_COMMON \ mem.c mem_sec.c \ cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \ - o_fopen.c getenv.c o_init.c o_fips.c init.c trace.c provider.c \ + o_fopen.c getenv.c o_init.c init.c trace.c provider.c \ $UPLINKSRC SOURCE[../providers/libfips.a]=$UTIL_COMMON SOURCE[../providers/liblegacy.a]=$UTIL_COMMON diff --git a/crypto/o_fips.c b/crypto/o_fips.c deleted file mode 100644 index ac768e5aa3..0000000000 --- a/crypto/o_fips.c +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" - -int FIPS_mode(void) -{ - /* This version of the library does not support FIPS mode. */ - return 0; -} - -int FIPS_mode_set(int r) -{ - if (r == 0) - return 1; - CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED); - return 0; -} diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index 0b3a20dfd2..3cca316cd4 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -377,9 +377,6 @@ ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line int OPENSSL_isservice(void); -int FIPS_mode(void); -int FIPS_mode_set(int r); - void OPENSSL_init(void); # ifdef OPENSSL_SYS_UNIX void OPENSSL_fork_prepare(void); diff --git a/util/libcrypto.num b/util/libcrypto.num index 32942a53de..e91c265e20 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -490,7 +490,7 @@ X509_CRL_print 499 3_0_0 EXIST::FUNCTION: WHIRLPOOL_Update 500 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,WHIRLPOOL DSA_get_ex_data 501 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA BN_copy 502 3_0_0 EXIST::FUNCTION: -FIPS_mode_set 503 3_0_0 EXIST::FUNCTION: +FIPS_mode_set 503 3_0_0 NOEXIST::FUNCTION: X509_VERIFY_PARAM_add0_policy 504 3_0_0 EXIST::FUNCTION: PKCS7_cert_from_signer_info 505 3_0_0 EXIST::FUNCTION: X509_TRUST_get_trust 506 3_0_0 EXIST::FUNCTION: @@ -2534,7 +2534,7 @@ OPENSSL_strnlen 2587 3_0_0 EXIST::FUNCTION: IDEA_ecb_encrypt 2588 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA ASN1_STRING_set_default_mask 2589 3_0_0 EXIST::FUNCTION: TS_VERIFY_CTX_add_flags 2590 3_0_0 EXIST::FUNCTION:TS -FIPS_mode 2591 3_0_0 EXIST::FUNCTION: +FIPS_mode 2591 3_0_0 NOEXIST::FUNCTION: d2i_ASN1_UNIVERSALSTRING 2592 3_0_0 EXIST::FUNCTION: NAME_CONSTRAINTS_free 2593 3_0_0 EXIST::FUNCTION: EC_GROUP_get_order 2594 3_0_0 EXIST::FUNCTION:EC -- 2.25.1