diff options
| author | tedu <> | 2014-04-15 20:06:10 +0000 | 
|---|---|---|
| committer | tedu <> | 2014-04-15 20:06:10 +0000 | 
| commit | f88d9acb16e601adf96b4de4b1041d52d0d846da (patch) | |
| tree | 11be20c8110348001494179db4f9b0b67ce149ba /src/lib/libcrypto/evp/digest.c | |
| parent | e3275129dc02b842088cee9974244d4933cd72c6 (diff) | |
| download | openbsd-f88d9acb16e601adf96b4de4b1041d52d0d846da.tar.gz openbsd-f88d9acb16e601adf96b4de4b1041d52d0d846da.tar.bz2 openbsd-f88d9acb16e601adf96b4de4b1041d52d0d846da.zip | |
remove FIPS mode support. people who require FIPS can buy something that
meets their needs, but dumping it in here only penalizes the rest of us.
ok beck deraadt
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libcrypto/evp/digest.c | 27 | 
1 files changed, 0 insertions, 27 deletions
| diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c index d14e8e48d5..782d3199a5 100644 --- a/src/lib/libcrypto/evp/digest.c +++ b/src/lib/libcrypto/evp/digest.c | |||
| @@ -117,10 +117,6 @@ | |||
| 117 | #include <openssl/engine.h> | 117 | #include <openssl/engine.h> | 
| 118 | #endif | 118 | #endif | 
| 119 | 119 | ||
| 120 | #ifdef OPENSSL_FIPS | ||
| 121 | #include <openssl/fips.h> | ||
| 122 | #endif | ||
| 123 | |||
| 124 | void EVP_MD_CTX_init(EVP_MD_CTX *ctx) | 120 | void EVP_MD_CTX_init(EVP_MD_CTX *ctx) | 
| 125 | { | 121 | { | 
| 126 | memset(ctx,'\0',sizeof *ctx); | 122 | memset(ctx,'\0',sizeof *ctx); | 
| @@ -229,26 +225,12 @@ skip_to_init: | |||
| 229 | } | 225 | } | 
| 230 | if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) | 226 | if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) | 
| 231 | return 1; | 227 | return 1; | 
| 232 | #ifdef OPENSSL_FIPS | ||
| 233 | if (FIPS_mode()) | ||
| 234 | { | ||
| 235 | if (FIPS_digestinit(ctx, type)) | ||
| 236 | return 1; | ||
| 237 | OPENSSL_free(ctx->md_data); | ||
| 238 | ctx->md_data = NULL; | ||
| 239 | return 0; | ||
| 240 | } | ||
| 241 | #endif | ||
| 242 | return ctx->digest->init(ctx); | 228 | return ctx->digest->init(ctx); | 
| 243 | } | 229 | } | 
| 244 | 230 | ||
| 245 | int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) | 231 | int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) | 
| 246 | { | 232 | { | 
| 247 | #ifdef OPENSSL_FIPS | ||
| 248 | return FIPS_digestupdate(ctx, data, count); | ||
| 249 | #else | ||
| 250 | return ctx->update(ctx,data,count); | 233 | return ctx->update(ctx,data,count); | 
| 251 | #endif | ||
| 252 | } | 234 | } | 
| 253 | 235 | ||
| 254 | /* The caller can assume that this removes any secret data from the context */ | 236 | /* The caller can assume that this removes any secret data from the context */ | 
| @@ -263,9 +245,6 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) | |||
| 263 | /* The caller can assume that this removes any secret data from the context */ | 245 | /* The caller can assume that this removes any secret data from the context */ | 
| 264 | int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) | 246 | int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) | 
| 265 | { | 247 | { | 
| 266 | #ifdef OPENSSL_FIPS | ||
| 267 | return FIPS_digestfinal(ctx, md, size); | ||
| 268 | #else | ||
| 269 | int ret; | 248 | int ret; | 
| 270 | 249 | ||
| 271 | OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); | 250 | OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); | 
| @@ -279,7 +258,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) | |||
| 279 | } | 258 | } | 
| 280 | memset(ctx->md_data,0,ctx->digest->ctx_size); | 259 | memset(ctx->md_data,0,ctx->digest->ctx_size); | 
| 281 | return ret; | 260 | return ret; | 
| 282 | #endif | ||
| 283 | } | 261 | } | 
| 284 | 262 | ||
| 285 | int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) | 263 | int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) | 
| @@ -376,7 +354,6 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) | |||
| 376 | /* This call frees resources associated with the context */ | 354 | /* This call frees resources associated with the context */ | 
| 377 | int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) | 355 | int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) | 
| 378 | { | 356 | { | 
| 379 | #ifndef OPENSSL_FIPS | ||
| 380 | /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final, | 357 | /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final, | 
| 381 | * because sometimes only copies of the context are ever finalised. | 358 | * because sometimes only copies of the context are ever finalised. | 
| 382 | */ | 359 | */ | 
| @@ -389,7 +366,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) | |||
| 389 | OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); | 366 | OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); | 
| 390 | OPENSSL_free(ctx->md_data); | 367 | OPENSSL_free(ctx->md_data); | 
| 391 | } | 368 | } | 
| 392 | #endif | ||
| 393 | if (ctx->pctx) | 369 | if (ctx->pctx) | 
| 394 | EVP_PKEY_CTX_free(ctx->pctx); | 370 | EVP_PKEY_CTX_free(ctx->pctx); | 
| 395 | #ifndef OPENSSL_NO_ENGINE | 371 | #ifndef OPENSSL_NO_ENGINE | 
| @@ -398,9 +374,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) | |||
| 398 | * functional reference we held for this reason. */ | 374 | * functional reference we held for this reason. */ | 
| 399 | ENGINE_finish(ctx->engine); | 375 | ENGINE_finish(ctx->engine); | 
| 400 | #endif | 376 | #endif | 
| 401 | #ifdef OPENSSL_FIPS | ||
| 402 | FIPS_md_ctx_cleanup(ctx); | ||
| 403 | #endif | ||
| 404 | memset(ctx,'\0',sizeof *ctx); | 377 | memset(ctx,'\0',sizeof *ctx); | 
| 405 | 378 | ||
| 406 | return 1; | 379 | return 1; | 
