summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2014-05-08 15:29:00 +0000
committerjsing <>2014-05-08 15:29:00 +0000
commit1a5256f53dfa946a979facbb0d9d4775fa9d6bfe (patch)
treea84efdd1e8722781bc1f88c0ac708e9e14e1a11e
parentafa026a20fd107fc700f84f9b2db8b5320e934f1 (diff)
downloadopenbsd-1a5256f53dfa946a979facbb0d9d4775fa9d6bfe.tar.gz
openbsd-1a5256f53dfa946a979facbb0d9d4775fa9d6bfe.tar.bz2
openbsd-1a5256f53dfa946a979facbb0d9d4775fa9d6bfe.zip
Nuke OPENSSL_FIPS - having #ifdefs inside a #ifndef for the same thing
is amusing. ok deraadt@
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/evp/e_aes.c16
-rw-r--r--src/lib/libcrypto/evp/e_des3.c2
-rw-r--r--src/lib/libssl/src/crypto/evp/e_aes.c16
-rw-r--r--src/lib/libssl/src/crypto/evp/e_des3.c2
4 files changed, 0 insertions, 36 deletions
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index db0fdf85c8..fd1c34526f 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -56,7 +56,6 @@
56#include <assert.h> 56#include <assert.h>
57#include <openssl/aes.h> 57#include <openssl/aes.h>
58#include "evp_locl.h" 58#include "evp_locl.h"
59#ifndef OPENSSL_FIPS
60#include "modes_lcl.h" 59#include "modes_lcl.h"
61#include <openssl/rand.h> 60#include <openssl/rand.h>
62 61
@@ -692,11 +691,6 @@ aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
692 case EVP_CTRL_GCM_SET_IVLEN: 691 case EVP_CTRL_GCM_SET_IVLEN:
693 if (arg <= 0) 692 if (arg <= 0)
694 return 0; 693 return 0;
695#ifdef OPENSSL_FIPS
696 if (FIPS_module_mode() &&
697 !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) && arg < 12)
698 return 0;
699#endif
700 /* Allocate memory for IV if needed */ 694 /* Allocate memory for IV if needed */
701 if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { 695 if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
702 if (gctx->iv != c->iv) 696 if (gctx->iv != c->iv)
@@ -1098,15 +1092,6 @@ aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1098 if (!out || !in || len < AES_BLOCK_SIZE) 1092 if (!out || !in || len < AES_BLOCK_SIZE)
1099 return 0; 1093 return 0;
1100 1094
1101#ifdef OPENSSL_FIPS
1102 /* Requirement of SP800-38E */
1103 if (FIPS_module_mode() &&
1104 !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) &&
1105 (len > (1UL << 20) * 16)) {
1106 EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE);
1107 return 0;
1108 }
1109#endif
1110 if (xctx->stream) 1095 if (xctx->stream)
1111 (*xctx->stream)(in, out, len, xctx->xts.key1, xctx->xts.key2, 1096 (*xctx->stream)(in, out, len, xctx->xts.key1, xctx->xts.key2,
1112 ctx->iv); 1097 ctx->iv);
@@ -1279,4 +1264,3 @@ BLOCK_CIPHER_custom(NID_aes, 256, 1,12, ccm, CCM,
1279 EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) 1264 EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
1280 1265
1281#endif 1266#endif
1282#endif
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c
index ddb069dda5..6463326a78 100644
--- a/src/lib/libcrypto/evp/e_des3.c
+++ b/src/lib/libcrypto/evp/e_des3.c
@@ -65,7 +65,6 @@
65#include <openssl/des.h> 65#include <openssl/des.h>
66#include <openssl/rand.h> 66#include <openssl/rand.h>
67 67
68#ifndef OPENSSL_FIPS
69 68
70static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 69static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
71 const unsigned char *iv, int enc); 70 const unsigned char *iv, int enc);
@@ -315,4 +314,3 @@ EVP_des_ede3(void)
315 return &des_ede3_ecb; 314 return &des_ede3_ecb;
316} 315}
317#endif 316#endif
318#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_aes.c b/src/lib/libssl/src/crypto/evp/e_aes.c
index db0fdf85c8..fd1c34526f 100644
--- a/src/lib/libssl/src/crypto/evp/e_aes.c
+++ b/src/lib/libssl/src/crypto/evp/e_aes.c
@@ -56,7 +56,6 @@
56#include <assert.h> 56#include <assert.h>
57#include <openssl/aes.h> 57#include <openssl/aes.h>
58#include "evp_locl.h" 58#include "evp_locl.h"
59#ifndef OPENSSL_FIPS
60#include "modes_lcl.h" 59#include "modes_lcl.h"
61#include <openssl/rand.h> 60#include <openssl/rand.h>
62 61
@@ -692,11 +691,6 @@ aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
692 case EVP_CTRL_GCM_SET_IVLEN: 691 case EVP_CTRL_GCM_SET_IVLEN:
693 if (arg <= 0) 692 if (arg <= 0)
694 return 0; 693 return 0;
695#ifdef OPENSSL_FIPS
696 if (FIPS_module_mode() &&
697 !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) && arg < 12)
698 return 0;
699#endif
700 /* Allocate memory for IV if needed */ 694 /* Allocate memory for IV if needed */
701 if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { 695 if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
702 if (gctx->iv != c->iv) 696 if (gctx->iv != c->iv)
@@ -1098,15 +1092,6 @@ aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1098 if (!out || !in || len < AES_BLOCK_SIZE) 1092 if (!out || !in || len < AES_BLOCK_SIZE)
1099 return 0; 1093 return 0;
1100 1094
1101#ifdef OPENSSL_FIPS
1102 /* Requirement of SP800-38E */
1103 if (FIPS_module_mode() &&
1104 !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) &&
1105 (len > (1UL << 20) * 16)) {
1106 EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE);
1107 return 0;
1108 }
1109#endif
1110 if (xctx->stream) 1095 if (xctx->stream)
1111 (*xctx->stream)(in, out, len, xctx->xts.key1, xctx->xts.key2, 1096 (*xctx->stream)(in, out, len, xctx->xts.key1, xctx->xts.key2,
1112 ctx->iv); 1097 ctx->iv);
@@ -1279,4 +1264,3 @@ BLOCK_CIPHER_custom(NID_aes, 256, 1,12, ccm, CCM,
1279 EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) 1264 EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
1280 1265
1281#endif 1266#endif
1282#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_des3.c b/src/lib/libssl/src/crypto/evp/e_des3.c
index ddb069dda5..6463326a78 100644
--- a/src/lib/libssl/src/crypto/evp/e_des3.c
+++ b/src/lib/libssl/src/crypto/evp/e_des3.c
@@ -65,7 +65,6 @@
65#include <openssl/des.h> 65#include <openssl/des.h>
66#include <openssl/rand.h> 66#include <openssl/rand.h>
67 67
68#ifndef OPENSSL_FIPS
69 68
70static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 69static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
71 const unsigned char *iv, int enc); 70 const unsigned char *iv, int enc);
@@ -315,4 +314,3 @@ EVP_des_ede3(void)
315 return &des_ede3_ecb; 314 return &des_ede3_ecb;
316} 315}
317#endif 316#endif
318#endif