From 5496cd3e5d9a0ab4c1235bdda9872eeb5ec130bb Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 3 Feb 2015 22:53:15 +0000 Subject: [PATCH] More unused FIPS module code. Remove fips_algvs.c Remove unused fips module build code from Configure and Makefile.org Reviewed-by: Tim Hudson --- Configure | 34 +---- Makefile.org | 84 ------------- test/Makefile | 2 +- test/fips_algvs.c | 312 ---------------------------------------------- 4 files changed, 2 insertions(+), 430 deletions(-) delete mode 100644 test/fips_algvs.c diff --git a/Configure b/Configure index d56c3d98d3..c9d3aebb3e 100755 --- a/Configure +++ b/Configure @@ -1124,24 +1124,7 @@ my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds; $exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/); $exe_ext=".nlm" if ($target =~ /netware/); $exe_ext=".pm" if ($target =~ /vos/); -if ($openssldir eq "" and $prefix eq "") - { - if ($fips) - { - if (exists $ENV{FIPSDIR}) - { - $openssldir="$ENV{FIPSDIR}"; - } - else - { - $openssldir="/usr/local/ssl/fips-2.0"; - } - } - else - { - $openssldir="/usr/local/ssl"; - } - } +$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq ""); $prefix=$openssldir if $prefix eq ""; $default_ranlib= &which("ranlib") or $default_ranlib="true"; @@ -1149,10 +1132,6 @@ $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl") or $perl="perl"; my $make = $ENV{'MAKE'} || "make"; -my $fips_auth_key = $ENV{'FIPS_AUTH_KEY'}; -my $fips_auth_officer = $ENV{'FIPS_AUTH_OFFICER'}; -my $fips_auth_user = $ENV{'FIPS_AUTH_USER'}; - $cross_compile_prefix=$ENV{'CROSS_COMPILE'} if $cross_compile_prefix eq ""; chop $openssldir if $openssldir =~ /\/$/; @@ -2027,16 +2006,9 @@ BEGIN BEGIN BLOCK "040904b0" BEGIN -#if defined(FIPS) - VALUE "Comments", "WARNING: TEST VERSION ONLY ***NOT*** FIPS 140-2 VALIDATED.\\0" -#endif // Required: VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0" -#if defined(FIPS) - VALUE "FileDescription", "TEST UNVALIDATED FIPS140-2 DLL\\0" -#else VALUE "FileDescription", "OpenSSL Shared Library\\0" -#endif VALUE "FileVersion", "$version\\0" #if defined(CRYPTO) VALUE "InternalName", "libeay32\\0" @@ -2044,10 +2016,6 @@ BEGIN #elif defined(SSL) VALUE "InternalName", "ssleay32\\0" VALUE "OriginalFilename", "ssleay32.dll\\0" -#elif defined(FIPS) - VALUE "InternalName", "libosslfips\\0" - VALUE "OriginalFilename", "libosslfips.dll\\0" -#endif VALUE "ProductName", "The OpenSSL Toolkit\\0" VALUE "ProductVersion", "$version\\0" // Optional: diff --git a/Makefile.org b/Makefile.org index 2e4c76ee82..3fa129c709 100644 --- a/Makefile.org +++ b/Makefile.org @@ -245,7 +245,6 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \ PERLASM_SCHEME='$(PERLASM_SCHEME)' \ FIPSLIBDIR='${FIPSLIBDIR}' \ FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \ - FIPS_EX_OBJ='${FIPS_EX_OBJ}' \ THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. @@ -277,89 +276,6 @@ BUILD_ONE_CMD=\ reflect: @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) -FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \ - ../crypto/aes/aes_ecb.o \ - ../crypto/aes/aes_ofb.o \ - ../crypto/bn/bn_add.o \ - ../crypto/bn/bn_blind.o \ - ../crypto/bn/bn_ctx.o \ - ../crypto/bn/bn_div.o \ - ../crypto/bn/bn_exp2.o \ - ../crypto/bn/bn_exp.o \ - ../crypto/bn/bn_gcd.o \ - ../crypto/bn/bn_gf2m.o \ - ../crypto/bn/bn_lib.o \ - ../crypto/bn/bn_mod.o \ - ../crypto/bn/bn_mont.o \ - ../crypto/bn/bn_mul.o \ - ../crypto/bn/bn_nist.o \ - ../crypto/bn/bn_prime.o \ - ../crypto/bn/bn_rand.o \ - ../crypto/bn/bn_recp.o \ - ../crypto/bn/bn_shift.o \ - ../crypto/bn/bn_sqr.o \ - ../crypto/bn/bn_word.o \ - ../crypto/bn/bn_x931p.o \ - ../crypto/buffer/buf_str.o \ - ../crypto/cmac/cmac.o \ - ../crypto/cryptlib.o \ - ../crypto/des/cfb64ede.o \ - ../crypto/des/cfb64enc.o \ - ../crypto/des/cfb_enc.o \ - ../crypto/des/ecb3_enc.o \ - ../crypto/des/ofb64ede.o \ - ../crypto/des/fcrypt.o \ - ../crypto/des/set_key.o \ - ../crypto/dh/dh_check.o \ - ../crypto/dh/dh_gen.o \ - ../crypto/dh/dh_key.o \ - ../crypto/dsa/dsa_gen.o \ - ../crypto/dsa/dsa_key.o \ - ../crypto/dsa/dsa_ossl.o \ - ../crypto/ec/ec_curve.o \ - ../crypto/ec/ec_cvt.o \ - ../crypto/ec/ec_key.o \ - ../crypto/ec/ec_lib.o \ - ../crypto/ec/ecp_mont.o \ - ../crypto/ec/ec_mult.o \ - ../crypto/ec/ecp_nist.o \ - ../crypto/ec/ecp_smpl.o \ - ../crypto/ec/ec2_mult.o \ - ../crypto/ec/ec2_smpl.o \ - ../crypto/ecdh/ech_key.o \ - ../crypto/ecdh/ech_ossl.o \ - ../crypto/ecdsa/ecs_ossl.o \ - ../crypto/evp/e_aes.o \ - ../crypto/evp/e_des3.o \ - ../crypto/evp/e_null.o \ - ../crypto/evp/m_sha1.o \ - ../crypto/evp/m_dss1.o \ - ../crypto/evp/m_dss.o \ - ../crypto/evp/m_ecdsa.o \ - ../crypto/hmac/hmac.o \ - ../crypto/modes/cbc128.o \ - ../crypto/modes/ccm128.o \ - ../crypto/modes/cfb128.o \ - ../crypto/modes/ctr128.o \ - ../crypto/modes/gcm128.o \ - ../crypto/modes/ofb128.o \ - ../crypto/modes/xts128.o \ - ../crypto/rsa/rsa_eay.o \ - ../crypto/rsa/rsa_gen.o \ - ../crypto/rsa/rsa_crpt.o \ - ../crypto/rsa/rsa_none.o \ - ../crypto/rsa/rsa_oaep.o \ - ../crypto/rsa/rsa_pk1.o \ - ../crypto/rsa/rsa_pss.o \ - ../crypto/rsa/rsa_ssl.o \ - ../crypto/rsa/rsa_x931.o \ - ../crypto/rsa/rsa_x931g.o \ - ../crypto/sha/sha1dgst.o \ - ../crypto/sha/sha256.o \ - ../crypto/sha/sha512.o \ - ../crypto/thr_id.o \ - ../crypto/uid.o - sub_all: build_all build_all: build_libs build_apps build_tests build_tools diff --git a/test/Makefile b/test/Makefile index f0eb183b56..fa5bd9f9e9 100644 --- a/test/Makefile +++ b/test/Makefile @@ -12,7 +12,7 @@ PERL= perl # KRB5 stuff KRB5_INCLUDES= LIBKRB5= -TEST= fips_algvs.c igetest.c +TEST= igetest.c PEX_LIBS= EX_LIBS= #-lnsl -lsocket diff --git a/test/fips_algvs.c b/test/fips_algvs.c deleted file mode 100644 index 18a5babb74..0000000000 --- a/test/fips_algvs.c +++ /dev/null @@ -1,312 +0,0 @@ -/* test/fips_algvs.c */ -/* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 2011 - */ -/* ==================================================================== - * Copyright (c) 2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include - -#ifndef OPENSSL_FIPS -# include - -int main(int argc, char **argv) -{ - printf("No FIPS ALGVS support\n"); - return 0; -} -#else - -# define FIPS_ALGVS - -extern int fips_aesavs_main(int argc, char **argv); -extern int fips_cmactest_main(int argc, char **argv); -extern int fips_desmovs_main(int argc, char **argv); -extern int fips_dhvs_main(int argc, char **argv); -extern int fips_drbgvs_main(int argc, char **argv); -extern int fips_dssvs_main(int argc, char **argv); -extern int fips_ecdhvs_main(int argc, char **argv); -extern int fips_ecdsavs_main(int argc, char **argv); -extern int fips_gcmtest_main(int argc, char **argv); -extern int fips_hmactest_main(int argc, char **argv); -extern int fips_rngvs_main(int argc, char **argv); -extern int fips_rsagtest_main(int argc, char **argv); -extern int fips_rsastest_main(int argc, char **argv); -extern int fips_rsavtest_main(int argc, char **argv); -extern int fips_shatest_main(int argc, char **argv); -extern int fips_test_suite_main(int argc, char **argv); - -# include "fips_aesavs.c" -# include "fips_cmactest.c" -# include "fips_desmovs.c" -# include "fips_dhvs.c" -# include "fips_drbgvs.c" -# include "fips_dssvs.c" -# include "fips_ecdhvs.c" -# include "fips_ecdsavs.c" -# include "fips_gcmtest.c" -# include "fips_hmactest.c" -# include "fips_rngvs.c" -# include "fips_rsagtest.c" -# include "fips_rsastest.c" -# include "fips_rsavtest.c" -# include "fips_shatest.c" -# include "fips_test_suite.c" - -typedef struct { - const char *name; - int (*func) (int argc, char **argv); -} ALGVS_FUNCTION; - -static ALGVS_FUNCTION algvs[] = { - {"fips_aesavs", fips_aesavs_main}, - {"fips_cmactest", fips_cmactest_main}, - {"fips_desmovs", fips_desmovs_main}, - {"fips_dhvs", fips_dhvs_main}, - {"fips_drbgvs", fips_drbgvs_main}, - {"fips_dssvs", fips_dssvs_main}, - {"fips_ecdhvs", fips_ecdhvs_main}, - {"fips_ecdsavs", fips_ecdsavs_main}, - {"fips_gcmtest", fips_gcmtest_main}, - {"fips_hmactest", fips_hmactest_main}, - {"fips_rngvs", fips_rngvs_main}, - {"fips_rsagtest", fips_rsagtest_main}, - {"fips_rsastest", fips_rsastest_main}, - {"fips_rsavtest", fips_rsavtest_main}, - {"fips_shatest", fips_shatest_main}, - {"fips_test_suite", fips_test_suite_main}, - {NULL, 0} -}; - -/* Argument parsing taken from apps/apps.c */ - -typedef struct args_st { - char **data; - int count; -} ARGS; - -static int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]) -{ - int num, i; - char *p; - - *argc = 0; - *argv = NULL; - - i = 0; - if (arg->count == 0) { - arg->count = 20; - arg->data = (char **)OPENSSL_malloc(sizeof(char *) * arg->count); - } - for (i = 0; i < arg->count; i++) - arg->data[i] = NULL; - - num = 0; - p = buf; - for (;;) { - /* first scan over white space */ - if (!*p) - break; - while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n'))) - p++; - if (!*p) - break; - - /* The start of something good :-) */ - if (num >= arg->count) { - fprintf(stderr, "Too many arguments!!\n"); - return 0; - } - arg->data[num++] = p; - - /* now look for the end of this */ - if ((*p == '\'') || (*p == '\"')) { /* scan for closing quote */ - i = *(p++); - arg->data[num - 1]++; /* jump over quote */ - while (*p && (*p != i)) - p++; - *p = '\0'; - } else { - while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n'))) - p++; - - if (*p == '\0') - p--; - else - *p = '\0'; - } - p++; - } - *argc = num; - *argv = arg->data; - return (1); -} - -static int run_prg(int argc, char **argv) -{ - ALGVS_FUNCTION *t; - const char *prg_name; - prg_name = strrchr(argv[0], '/'); - if (prg_name) - prg_name++; - else - prg_name = argv[0]; - for (t = algvs; t->name; t++) { - if (!strcmp(prg_name, t->name)) - return t->func(argc, argv); - } - return -100; -} - -int main(int argc, char **argv) -{ - char buf[1024]; - char **args = argv + 1; - const char *sname = "fipstests.sh"; - ARGS arg; - int xargc; - char **xargv; - int lineno = 0, badarg = 0; - int nerr = 0, quiet = 0, verbose = 0; - int rv; - FILE *in = NULL; -# ifdef FIPS_ALGVS_MEMCHECK - CRYPTO_malloc_debug_init(); - OPENSSL_init(); - CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); -# endif - - if (*args && *args[0] != '-') { - rv = run_prg(argc - 1, args); -# ifdef FIPS_ALGVS_MEMCHECK - CRYPTO_mem_leaks_fp(stderr); -# endif - return rv; - } - while (!badarg && *args && *args[0] == '-') { - if (!strcmp(*args, "-script")) { - if (args[1]) { - args++; - sname = *args; - } else - badarg = 1; - } else if (!strcmp(*args, "-quiet")) - quiet = 1; - else if (!strcmp(*args, "-verbose")) - verbose = 1; - else - badarg = 1; - args++; - } - - if (badarg) { - fprintf(stderr, "Error processing arguments\n"); - return 1; - } - - in = fopen(sname, "r"); - if (!in) { - fprintf(stderr, "Error opening script file \"%s\"\n", sname); - return 1; - } - - arg.data = NULL; - arg.count = 0; - - while (fgets(buf, sizeof(buf), in)) { - lineno++; - if (!chopup_args(&arg, buf, &xargc, &xargv)) - fprintf(stderr, "Error processing line %d\n", lineno); - else { - if (!quiet) { - int i; - int narg = verbose ? xargc : xargc - 2; - printf("Running command line:"); - for (i = 0; i < narg; i++) - printf(" %s", xargv[i]); - printf("\n"); - } - rv = run_prg(xargc, xargv); - if (FIPS_module_mode()) - FIPS_module_mode_set(0, NULL); - if (rv != 0) - nerr++; - if (rv == -100) - fprintf(stderr, "ERROR: Command not found\n"); - else if (rv != 0) - fprintf(stderr, "ERROR: returned %d\n", rv); - else if (verbose) - printf("\tCommand run successfully\n"); - } - } - - if (!quiet) - printf("Completed with %d errors\n", nerr); - - if (arg.data) - OPENSSL_free(arg.data); - - fclose(in); -# ifdef FIPS_ALGVS_MEMCHECK - CRYPTO_mem_leaks_fp(stderr); -# endif - if (nerr == 0) - return 0; - return 1; -} -#endif -- 2.25.1