remove FIPS mode support. people who require FIPS can buy something that

meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
author: tedu <> 2014-04-15 20:06:10 +0000
committer: tedu <> 2014-04-15 20:06:10 +0000
commit: 3c7d2178681a2741a8cc8a042cb2ea6ee28528b8 (patch)
tree: 11be20c8110348001494179db4f9b0b67ce149ba /src/lib/libcrypto/evp
parent: 4c8a9a73429ac4a1d79f4bab6a397df643934861 (diff)
download: openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.gz
openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.bz2
openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.zip
10 files changed, 2 insertions, 213 deletions
diff --git a/src/lib/libcrypto/evp/Makefile b/src/lib/libcrypto/evp/Makefile
index 3982f49f81..f94a28d383 100644
--- a/src/lib/libcrypto/evp/Makefile
+++ b/src/lib/libcrypto/evp/Makefile
@@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
        bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
        c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
        evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
-        e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c evp_fips.c \
+        e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
        e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c
 LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
@@ -41,7 +41,7 @@ LIBOBJ=	encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
        bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
        c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
        evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
-        e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o evp_fips.o \
+        e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o \
        e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o
 SRC= $(LIBSRC)
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index d14e8e48d5..782d3199a5 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -117,10 +117,6 @@
 #include <openssl/engine.h>
 #endif
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
        {
        memset(ctx,'\0',sizeof *ctx);
@@ -229,26 +225,12 @@ skip_to_init:
                }
        if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
                return 1;
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-                {
-                if (FIPS_digestinit(ctx, type))
-                        return 1;
-                OPENSSL_free(ctx->md_data);
-                ctx->md_data = NULL;
-                return 0;
-                }
-#endif
        return ctx->digest->init(ctx);
        }
 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
        {
-#ifdef OPENSSL_FIPS
-        return FIPS_digestupdate(ctx, data, count);
-#else
        return ctx->update(ctx,data,count);
-#endif
        }
 /* The caller can assume that this removes any secret data from the context */
@@ -263,9 +245,6 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 /* The caller can assume that this removes any secret data from the context */
 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
        {
-#ifdef OPENSSL_FIPS
-        return FIPS_digestfinal(ctx, md, size);
-#else
        int ret;
        OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
@@ -279,7 +258,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
                }
        memset(ctx->md_data,0,ctx->digest->ctx_size);
        return ret;
-#endif
        }
 int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
@@ -376,7 +354,6 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
 /* This call frees resources associated with the context */
 int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
        {
-#ifndef OPENSSL_FIPS
        /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
         * because sometimes only copies of the context are ever finalised.
         */
@@ -389,7 +366,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
                OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
                OPENSSL_free(ctx->md_data);
                }
-#endif
        if (ctx->pctx)
                EVP_PKEY_CTX_free(ctx->pctx);
 #ifndef OPENSSL_NO_ENGINE
@@ -398,9 +374,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
                 * functional reference we held for this reason. */
                ENGINE_finish(ctx->engine);
 #endif
-#ifdef OPENSSL_FIPS
-        FIPS_md_ctx_cleanup(ctx);
-#endif
        memset(ctx,'\0',sizeof *ctx);
        return 1;
diff --git a/src/lib/libcrypto/evp/e_null.c b/src/lib/libcrypto/evp/e_null.c
index f0c1f78b5f..98a78499f9 100644
--- a/src/lib/libcrypto/evp/e_null.c
+++ b/src/lib/libcrypto/evp/e_null.c
@@ -61,8 +61,6 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#ifndef OPENSSL_FIPS
 static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        const unsigned char *iv,int enc);
 static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
@@ -101,4 +99,3 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                memcpy((char *)out,(const char *)in,inl);
        return 1;
        }
-#endif
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index 0c54f05e6e..50403a7578 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -64,17 +64,9 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #include "evp_locl.h"
-#ifdef OPENSSL_FIPS
-#define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl)
-#else
 #define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
-#endif
 const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
@@ -169,10 +161,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                        ctx->engine = NULL;
 #endif
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-#endif
                ctx->cipher=cipher;
                if (ctx->cipher->ctx_size)
                        {
@@ -206,10 +194,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
 #ifndef OPENSSL_NO_ENGINE
 skip_to_init:
 #endif
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-                return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-#endif
        /* we assume block size is a power of 2 in *cryptUpdate */
        OPENSSL_assert(ctx->cipher->block_size == 1
            || ctx->cipher->block_size == 8
@@ -568,7 +552,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
 int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
        {
-#ifndef OPENSSL_FIPS
        if (c->cipher != NULL)
                {
                if(c->cipher->cleanup && !c->cipher->cleanup(c))
@@ -579,16 +562,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
                }
        if (c->cipher_data)
                OPENSSL_free(c->cipher_data);
-#endif
 #ifndef OPENSSL_NO_ENGINE
        if (c->engine)
                /* The EVP_CIPHER we used belongs to an ENGINE, release the
                 * functional reference we held for this reason. */
                ENGINE_finish(c->engine);
 #endif
-#ifdef OPENSSL_FIPS
-        FIPS_cipher_ctx_cleanup(c);
-#endif
        memset(c,0,sizeof(EVP_CIPHER_CTX));
        return 1;
        }
diff --git a/src/lib/libcrypto/evp/evp_fips.c b/src/lib/libcrypto/evp/evp_fips.c
deleted file mode 100644
index cb7f4fc0fa..0000000000
--- a/src/lib/libcrypto/evp/evp_fips.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/* crypto/evp/evp_fips.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-#include <openssl/evp.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-const EVP_CIPHER *EVP_aes_128_cbc(void)  { return FIPS_evp_aes_128_cbc(); }
-const EVP_CIPHER *EVP_aes_128_ccm(void)  { return FIPS_evp_aes_128_ccm(); }
-const EVP_CIPHER *EVP_aes_128_cfb1(void)  { return FIPS_evp_aes_128_cfb1(); }
-const EVP_CIPHER *EVP_aes_128_cfb128(void)  { return FIPS_evp_aes_128_cfb128(); }
-const EVP_CIPHER *EVP_aes_128_cfb8(void)  { return FIPS_evp_aes_128_cfb8(); }
-const EVP_CIPHER *EVP_aes_128_ctr(void)  { return FIPS_evp_aes_128_ctr(); }
-const EVP_CIPHER *EVP_aes_128_ecb(void)  { return FIPS_evp_aes_128_ecb(); }
-const EVP_CIPHER *EVP_aes_128_gcm(void)  { return FIPS_evp_aes_128_gcm(); }
-const EVP_CIPHER *EVP_aes_128_ofb(void)  { return FIPS_evp_aes_128_ofb(); }
-const EVP_CIPHER *EVP_aes_128_xts(void)  { return FIPS_evp_aes_128_xts(); }
-const EVP_CIPHER *EVP_aes_192_cbc(void)  { return FIPS_evp_aes_192_cbc(); }
-const EVP_CIPHER *EVP_aes_192_ccm(void)  { return FIPS_evp_aes_192_ccm(); }
-const EVP_CIPHER *EVP_aes_192_cfb1(void)  { return FIPS_evp_aes_192_cfb1(); }
-const EVP_CIPHER *EVP_aes_192_cfb128(void)  { return FIPS_evp_aes_192_cfb128(); }
-const EVP_CIPHER *EVP_aes_192_cfb8(void)  { return FIPS_evp_aes_192_cfb8(); }
-const EVP_CIPHER *EVP_aes_192_ctr(void)  { return FIPS_evp_aes_192_ctr(); }
-const EVP_CIPHER *EVP_aes_192_ecb(void)  { return FIPS_evp_aes_192_ecb(); }
-const EVP_CIPHER *EVP_aes_192_gcm(void)  { return FIPS_evp_aes_192_gcm(); }
-const EVP_CIPHER *EVP_aes_192_ofb(void)  { return FIPS_evp_aes_192_ofb(); }
-const EVP_CIPHER *EVP_aes_256_cbc(void)  { return FIPS_evp_aes_256_cbc(); }
-const EVP_CIPHER *EVP_aes_256_ccm(void)  { return FIPS_evp_aes_256_ccm(); }
-const EVP_CIPHER *EVP_aes_256_cfb1(void)  { return FIPS_evp_aes_256_cfb1(); }
-const EVP_CIPHER *EVP_aes_256_cfb128(void)  { return FIPS_evp_aes_256_cfb128(); }
-const EVP_CIPHER *EVP_aes_256_cfb8(void)  { return FIPS_evp_aes_256_cfb8(); }
-const EVP_CIPHER *EVP_aes_256_ctr(void)  { return FIPS_evp_aes_256_ctr(); }
-const EVP_CIPHER *EVP_aes_256_ecb(void)  { return FIPS_evp_aes_256_ecb(); }
-const EVP_CIPHER *EVP_aes_256_gcm(void)  { return FIPS_evp_aes_256_gcm(); }
-const EVP_CIPHER *EVP_aes_256_ofb(void)  { return FIPS_evp_aes_256_ofb(); }
-const EVP_CIPHER *EVP_aes_256_xts(void)  { return FIPS_evp_aes_256_xts(); }
-const EVP_CIPHER *EVP_des_ede(void)  { return FIPS_evp_des_ede(); }
-const EVP_CIPHER *EVP_des_ede3(void)  { return FIPS_evp_des_ede3(); }
-const EVP_CIPHER *EVP_des_ede3_cbc(void)  { return FIPS_evp_des_ede3_cbc(); }
-const EVP_CIPHER *EVP_des_ede3_cfb1(void)  { return FIPS_evp_des_ede3_cfb1(); }
-const EVP_CIPHER *EVP_des_ede3_cfb64(void)  { return FIPS_evp_des_ede3_cfb64(); }
-const EVP_CIPHER *EVP_des_ede3_cfb8(void)  { return FIPS_evp_des_ede3_cfb8(); }
-const EVP_CIPHER *EVP_des_ede3_ecb(void)  { return FIPS_evp_des_ede3_ecb(); }
-const EVP_CIPHER *EVP_des_ede3_ofb(void)  { return FIPS_evp_des_ede3_ofb(); }
-const EVP_CIPHER *EVP_des_ede_cbc(void)  { return FIPS_evp_des_ede_cbc(); }
-const EVP_CIPHER *EVP_des_ede_cfb64(void)  { return FIPS_evp_des_ede_cfb64(); }
-const EVP_CIPHER *EVP_des_ede_ecb(void)  { return FIPS_evp_des_ede_ecb(); }
-const EVP_CIPHER *EVP_des_ede_ofb(void)  { return FIPS_evp_des_ede_ofb(); }
-const EVP_CIPHER *EVP_enc_null(void)  { return FIPS_evp_enc_null(); }
-const EVP_MD *EVP_sha1(void)  { return FIPS_evp_sha1(); }
-const EVP_MD *EVP_sha224(void)  { return FIPS_evp_sha224(); }
-const EVP_MD *EVP_sha256(void)  { return FIPS_evp_sha256(); }
-const EVP_MD *EVP_sha384(void)  { return FIPS_evp_sha384(); }
-const EVP_MD *EVP_sha512(void)  { return FIPS_evp_sha512(); }
-const EVP_MD *EVP_dss(void)  { return FIPS_evp_dss(); }
-const EVP_MD *EVP_dss1(void)  { return FIPS_evp_dss1(); }
-const EVP_MD *EVP_ecdsa(void)  { return FIPS_evp_ecdsa(); }
-#endif
diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h
index 08c0a66d39..9e71f39a47 100644
--- a/src/lib/libcrypto/evp/evp_locl.h
+++ b/src/lib/libcrypto/evp/evp_locl.h
@@ -347,39 +347,3 @@ void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
 int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                             ASN1_TYPE *param,
                             const EVP_CIPHER *c, const EVP_MD *md, int en_de);
-#ifdef OPENSSL_FIPS
-#ifdef OPENSSL_DOING_MAKEDEPEND
-#undef SHA1_Init
-#undef SHA1_Update
-#undef SHA224_Init
-#undef SHA256_Init
-#undef SHA384_Init
-#undef SHA512_Init
-#undef DES_set_key_unchecked
-#endif
-#define RIPEMD160_Init  private_RIPEMD160_Init
-#define WHIRLPOOL_Init  private_WHIRLPOOL_Init
-#define MD5_Init        private_MD5_Init
-#define MD4_Init        private_MD4_Init
-#define MD2_Init        private_MD2_Init
-#define MDC2_Init       private_MDC2_Init
-#define SHA_Init        private_SHA_Init
-#define SHA1_Init       private_SHA1_Init
-#define SHA224_Init     private_SHA224_Init
-#define SHA256_Init     private_SHA256_Init
-#define SHA384_Init     private_SHA384_Init
-#define SHA512_Init     private_SHA512_Init
-#define BF_set_key      private_BF_set_key
-#define CAST_set_key    private_CAST_set_key
-#define idea_set_encrypt_key    private_idea_set_encrypt_key
-#define SEED_set_key    private_SEED_set_key
-#define RC2_set_key     private_RC2_set_key
-#define RC4_set_key     private_RC4_set_key
-#define DES_set_key_unchecked   private_DES_set_key_unchecked
-#define Camellia_set_key        private_Camellia_set_key
-#endif
diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c
index 6fb7e9a861..89ea5b7a6d 100644
--- a/src/lib/libcrypto/evp/m_dss.c
+++ b/src/lib/libcrypto/evp/m_dss.c
@@ -66,7 +66,6 @@
 #endif
 #ifndef OPENSSL_NO_SHA
-#ifndef OPENSSL_FIPS
 static int init(EVP_MD_CTX *ctx)
        { return SHA1_Init(ctx->md_data); }
@@ -98,4 +97,3 @@ const EVP_MD *EVP_dss(void)
        return(&dsa_md);
        }
 #endif
-#endif
diff --git a/src/lib/libcrypto/evp/m_dss1.c b/src/lib/libcrypto/evp/m_dss1.c
index 2df362a670..a010103b7a 100644
--- a/src/lib/libcrypto/evp/m_dss1.c
+++ b/src/lib/libcrypto/evp/m_dss1.c
@@ -68,8 +68,6 @@
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_FIPS 
 static int init(EVP_MD_CTX *ctx)
        { return SHA1_Init(ctx->md_data); }
@@ -100,4 +98,3 @@ const EVP_MD *EVP_dss1(void)
        return(&dss1_md);
        }
 #endif
-#endif
diff --git a/src/lib/libcrypto/evp/m_ecdsa.c b/src/lib/libcrypto/evp/m_ecdsa.c
index 4b15fb0f6c..a6ed24b0b6 100644
--- a/src/lib/libcrypto/evp/m_ecdsa.c
+++ b/src/lib/libcrypto/evp/m_ecdsa.c
@@ -116,7 +116,6 @@
 #include <openssl/x509.h>
 #ifndef OPENSSL_NO_SHA
-#ifndef OPENSSL_FIPS
 static int init(EVP_MD_CTX *ctx)
        { return SHA1_Init(ctx->md_data); }
@@ -148,4 +147,3 @@ const EVP_MD *EVP_ecdsa(void)
        return(&ecdsa_md);
        }
 #endif
-#endif
diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c
index bd0c01ad3c..f39ae77925 100644
--- a/src/lib/libcrypto/evp/m_sha1.c
+++ b/src/lib/libcrypto/evp/m_sha1.c
@@ -59,8 +59,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
-#ifndef OPENSSL_FIPS
 #ifndef OPENSSL_NO_SHA
 #include <openssl/evp.h>
@@ -205,5 +203,3 @@ static const EVP_MD sha512_md=
 const EVP_MD *EVP_sha512(void)
        { return(&sha512_md); }
 #endif  /* ifndef OPENSSL_NO_SHA512 */
-#endif
author	tedu <>	2014-04-15 20:06:10 +0000
committer	tedu <>	2014-04-15 20:06:10 +0000
commit	3c7d2178681a2741a8cc8a042cb2ea6ee28528b8 (patch)
tree	11be20c8110348001494179db4f9b0b67ce149ba /src/lib/libcrypto/evp
parent	4c8a9a73429ac4a1d79f4bab6a397df643934861 (diff)
download	openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.gz openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.bz2 openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.zip

diff --git a/src/lib/libcrypto/evp/Makefile b/src/lib/libcrypto/evp/Makefile index 3982f49f81..f94a28d383 100644 --- a/src/lib/libcrypto/evp/Makefile +++ b/src/lib/libcrypto/evp/Makefile
@@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
28	bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \	28	bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
29	c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \	29	c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
30	evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \	30	evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
31	e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c evp_fips.c \	31	e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
32	e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c	32	e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c
33		33
34	LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \	34	LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
@@ -41,7 +41,7 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
41	bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \	41	bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
42	c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \	42	c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
43	evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \	43	evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
44	e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o evp_fips.o \	44	e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o \
45	e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o	45	e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o
46		46
47	SRC= $(LIBSRC)	47	SRC= $(LIBSRC)


diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c index d14e8e48d5..782d3199a5 100644 --- a/src/lib/libcrypto/evp/digest.c +++ b/src/lib/libcrypto/evp/digest.c
@@ -117,10 +117,6 @@
117	#include <openssl/engine.h>	117	#include <openssl/engine.h>
118	#endif	118	#endif
119		119
120	#ifdef OPENSSL_FIPS
121	#include <openssl/fips.h>
122	#endif
123
124	void EVP_MD_CTX_init(EVP_MD_CTX *ctx)	120	void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
125	{	121	{
126	memset(ctx,'\0',sizeof *ctx);	122	memset(ctx,'\0',sizeof *ctx);
@@ -229,26 +225,12 @@ skip_to_init:
229	}	225	}
230	if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)	226	if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
231	return 1;	227	return 1;
232	#ifdef OPENSSL_FIPS
233	if (FIPS_mode())
234	{
235	if (FIPS_digestinit(ctx, type))
236	return 1;
237	OPENSSL_free(ctx->md_data);
238	ctx->md_data = NULL;
239	return 0;
240	}
241	#endif
242	return ctx->digest->init(ctx);	228	return ctx->digest->init(ctx);
243	}	229	}
244		230
245	int EVP_DigestUpdate(EVP_MD_CTX ctx, const void data, size_t count)	231	int EVP_DigestUpdate(EVP_MD_CTX ctx, const void data, size_t count)
246	{	232	{
247	#ifdef OPENSSL_FIPS
248	return FIPS_digestupdate(ctx, data, count);
249	#else
250	return ctx->update(ctx,data,count);	233	return ctx->update(ctx,data,count);
251	#endif
252	}	234	}
253		235
254	/* The caller can assume that this removes any secret data from the context */	236	/* The caller can assume that this removes any secret data from the context */
@@ -263,9 +245,6 @@ int EVP_DigestFinal(EVP_MD_CTX ctx, unsigned char md, unsigned int *size)
263	/* The caller can assume that this removes any secret data from the context */	245	/* The caller can assume that this removes any secret data from the context */
264	int EVP_DigestFinal_ex(EVP_MD_CTX ctx, unsigned char md, unsigned int *size)	246	int EVP_DigestFinal_ex(EVP_MD_CTX ctx, unsigned char md, unsigned int *size)
265	{	247	{
266	#ifdef OPENSSL_FIPS
267	return FIPS_digestfinal(ctx, md, size);
268	#else
269	int ret;	248	int ret;
270		249
271	OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);	250	OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
@@ -279,7 +258,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX ctx, unsigned char md, unsigned int *size)
279	}	258	}
280	memset(ctx->md_data,0,ctx->digest->ctx_size);	259	memset(ctx->md_data,0,ctx->digest->ctx_size);
281	return ret;	260	return ret;
282	#endif
283	}	261	}
284		262
285	int EVP_MD_CTX_copy(EVP_MD_CTX out, const EVP_MD_CTX in)	263	int EVP_MD_CTX_copy(EVP_MD_CTX out, const EVP_MD_CTX in)
@@ -376,7 +354,6 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
376	/* This call frees resources associated with the context */	354	/* This call frees resources associated with the context */
377	int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)	355	int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
378	{	356	{
379	#ifndef OPENSSL_FIPS
380	/* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,	357	/* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
381	* because sometimes only copies of the context are ever finalised.	358	* because sometimes only copies of the context are ever finalised.
382	*/	359	*/
@@ -389,7 +366,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
389	OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);	366	OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
390	OPENSSL_free(ctx->md_data);	367	OPENSSL_free(ctx->md_data);
391	}	368	}
392	#endif
393	if (ctx->pctx)	369	if (ctx->pctx)
394	EVP_PKEY_CTX_free(ctx->pctx);	370	EVP_PKEY_CTX_free(ctx->pctx);
395	#ifndef OPENSSL_NO_ENGINE	371	#ifndef OPENSSL_NO_ENGINE
@@ -398,9 +374,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
398	* functional reference we held for this reason. */	374	* functional reference we held for this reason. */
399	ENGINE_finish(ctx->engine);	375	ENGINE_finish(ctx->engine);
400	#endif	376	#endif
401	#ifdef OPENSSL_FIPS
402	FIPS_md_ctx_cleanup(ctx);
403	#endif
404	memset(ctx,'\0',sizeof *ctx);	377	memset(ctx,'\0',sizeof *ctx);
405		378
406	return 1;	379	return 1;


diff --git a/src/lib/libcrypto/evp/e_null.c b/src/lib/libcrypto/evp/e_null.c index f0c1f78b5f..98a78499f9 100644 --- a/src/lib/libcrypto/evp/e_null.c +++ b/src/lib/libcrypto/evp/e_null.c
@@ -61,8 +61,6 @@
61	#include <openssl/evp.h>	61	#include <openssl/evp.h>
62	#include <openssl/objects.h>	62	#include <openssl/objects.h>
63		63
64	#ifndef OPENSSL_FIPS
65
66	static int null_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,	64	static int null_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
67	const unsigned char *iv,int enc);	65	const unsigned char *iv,int enc);
68	static int null_cipher(EVP_CIPHER_CTX ctx, unsigned char out,	66	static int null_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
@@ -101,4 +99,3 @@ static int null_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
101	memcpy((char )out,(const char )in,inl);	99	memcpy((char )out,(const char )in,inl);
102	return 1;	100	return 1;
103	}	101	}
104	#endif


diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c index 0c54f05e6e..50403a7578 100644 --- a/src/lib/libcrypto/evp/evp_enc.c +++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -64,17 +64,9 @@
64	#ifndef OPENSSL_NO_ENGINE	64	#ifndef OPENSSL_NO_ENGINE
65	#include <openssl/engine.h>	65	#include <openssl/engine.h>
66	#endif	66	#endif
67	#ifdef OPENSSL_FIPS
68	#include <openssl/fips.h>
69	#endif
70	#include "evp_locl.h"	67	#include "evp_locl.h"
71		68
72	#ifdef OPENSSL_FIPS
73	#define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl)
74	#else
75	#define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)	69	#define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
76	#endif
77
78		70
79	const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;	71	const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
80		72
@@ -169,10 +161,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher, ENGINE *imp
169	ctx->engine = NULL;	161	ctx->engine = NULL;
170	#endif	162	#endif
171		163
172	#ifdef OPENSSL_FIPS
173	if (FIPS_mode())
174	return FIPS_cipherinit(ctx, cipher, key, iv, enc);
175	#endif
176	ctx->cipher=cipher;	164	ctx->cipher=cipher;
177	if (ctx->cipher->ctx_size)	165	if (ctx->cipher->ctx_size)
178	{	166	{
@@ -206,10 +194,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher, ENGINE *imp
206	#ifndef OPENSSL_NO_ENGINE	194	#ifndef OPENSSL_NO_ENGINE
207	skip_to_init:	195	skip_to_init:
208	#endif	196	#endif
209	#ifdef OPENSSL_FIPS
210	if (FIPS_mode())
211	return FIPS_cipherinit(ctx, cipher, key, iv, enc);
212	#endif
213	/* we assume block size is a power of 2 in cryptUpdate /	197	/* we assume block size is a power of 2 in cryptUpdate /
214	OPENSSL_assert(ctx->cipher->block_size == 1	198	OPENSSL_assert(ctx->cipher->block_size == 1
215	\|\| ctx->cipher->block_size == 8	199	\|\| ctx->cipher->block_size == 8
@@ -568,7 +552,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
568		552
569	int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)	553	int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
570	{	554	{
571	#ifndef OPENSSL_FIPS
572	if (c->cipher != NULL)	555	if (c->cipher != NULL)
573	{	556	{
574	if(c->cipher->cleanup && !c->cipher->cleanup(c))	557	if(c->cipher->cleanup && !c->cipher->cleanup(c))
@@ -579,16 +562,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
579	}	562	}
580	if (c->cipher_data)	563	if (c->cipher_data)
581	OPENSSL_free(c->cipher_data);	564	OPENSSL_free(c->cipher_data);
582	#endif
583	#ifndef OPENSSL_NO_ENGINE	565	#ifndef OPENSSL_NO_ENGINE
584	if (c->engine)	566	if (c->engine)
585	/* The EVP_CIPHER we used belongs to an ENGINE, release the	567	/* The EVP_CIPHER we used belongs to an ENGINE, release the
586	* functional reference we held for this reason. */	568	* functional reference we held for this reason. */
587	ENGINE_finish(c->engine);	569	ENGINE_finish(c->engine);
588	#endif	570	#endif
589	#ifdef OPENSSL_FIPS
590	FIPS_cipher_ctx_cleanup(c);
591	#endif
592	memset(c,0,sizeof(EVP_CIPHER_CTX));	571	memset(c,0,sizeof(EVP_CIPHER_CTX));
593	return 1;	572	return 1;
594	}	573	}


diff --git a/src/lib/libcrypto/evp/evp_fips.c b/src/lib/libcrypto/evp/evp_fips.c deleted file mode 100644 index cb7f4fc0fa..0000000000 --- a/src/lib/libcrypto/evp/evp_fips.c +++ /dev/null
@@ -1,113 +0,0 @@
1	/* crypto/evp/evp_fips.c */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project.
4	*/
5	/* ====================================================================
6	* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in
17	* the documentation and/or other materials provided with the
18	* distribution.
19	*
20	* 3. All advertising materials mentioning features or use of this
21	* software must display the following acknowledgment:
22	* "This product includes software developed by the OpenSSL Project
23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24	*
25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26	* endorse or promote products derived from this software without
27	* prior written permission. For written permission, please contact
28	* licensing@OpenSSL.org.
29	*
30	* 5. Products derived from this software may not be called "OpenSSL"
31	* nor may "OpenSSL" appear in their names without prior written
32	* permission of the OpenSSL Project.
33	*
34	* 6. Redistributions of any form whatsoever must retain the following
35	* acknowledgment:
36	* "This product includes software developed by the OpenSSL Project
37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38	*
39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	* OF THE POSSIBILITY OF SUCH DAMAGE.
51	* ====================================================================
52	*/
53
54
55	#include <openssl/evp.h>
56
57	#ifdef OPENSSL_FIPS
58	#include <openssl/fips.h>
59
60	const EVP_CIPHER *EVP_aes_128_cbc(void) { return FIPS_evp_aes_128_cbc(); }
61	const EVP_CIPHER *EVP_aes_128_ccm(void) { return FIPS_evp_aes_128_ccm(); }
62	const EVP_CIPHER *EVP_aes_128_cfb1(void) { return FIPS_evp_aes_128_cfb1(); }
63	const EVP_CIPHER *EVP_aes_128_cfb128(void) { return FIPS_evp_aes_128_cfb128(); }
64	const EVP_CIPHER *EVP_aes_128_cfb8(void) { return FIPS_evp_aes_128_cfb8(); }
65	const EVP_CIPHER *EVP_aes_128_ctr(void) { return FIPS_evp_aes_128_ctr(); }
66	const EVP_CIPHER *EVP_aes_128_ecb(void) { return FIPS_evp_aes_128_ecb(); }
67	const EVP_CIPHER *EVP_aes_128_gcm(void) { return FIPS_evp_aes_128_gcm(); }
68	const EVP_CIPHER *EVP_aes_128_ofb(void) { return FIPS_evp_aes_128_ofb(); }
69	const EVP_CIPHER *EVP_aes_128_xts(void) { return FIPS_evp_aes_128_xts(); }
70	const EVP_CIPHER *EVP_aes_192_cbc(void) { return FIPS_evp_aes_192_cbc(); }
71	const EVP_CIPHER *EVP_aes_192_ccm(void) { return FIPS_evp_aes_192_ccm(); }
72	const EVP_CIPHER *EVP_aes_192_cfb1(void) { return FIPS_evp_aes_192_cfb1(); }
73	const EVP_CIPHER *EVP_aes_192_cfb128(void) { return FIPS_evp_aes_192_cfb128(); }
74	const EVP_CIPHER *EVP_aes_192_cfb8(void) { return FIPS_evp_aes_192_cfb8(); }
75	const EVP_CIPHER *EVP_aes_192_ctr(void) { return FIPS_evp_aes_192_ctr(); }
76	const EVP_CIPHER *EVP_aes_192_ecb(void) { return FIPS_evp_aes_192_ecb(); }
77	const EVP_CIPHER *EVP_aes_192_gcm(void) { return FIPS_evp_aes_192_gcm(); }
78	const EVP_CIPHER *EVP_aes_192_ofb(void) { return FIPS_evp_aes_192_ofb(); }
79	const EVP_CIPHER *EVP_aes_256_cbc(void) { return FIPS_evp_aes_256_cbc(); }
80	const EVP_CIPHER *EVP_aes_256_ccm(void) { return FIPS_evp_aes_256_ccm(); }
81	const EVP_CIPHER *EVP_aes_256_cfb1(void) { return FIPS_evp_aes_256_cfb1(); }
82	const EVP_CIPHER *EVP_aes_256_cfb128(void) { return FIPS_evp_aes_256_cfb128(); }
83	const EVP_CIPHER *EVP_aes_256_cfb8(void) { return FIPS_evp_aes_256_cfb8(); }
84	const EVP_CIPHER *EVP_aes_256_ctr(void) { return FIPS_evp_aes_256_ctr(); }
85	const EVP_CIPHER *EVP_aes_256_ecb(void) { return FIPS_evp_aes_256_ecb(); }
86	const EVP_CIPHER *EVP_aes_256_gcm(void) { return FIPS_evp_aes_256_gcm(); }
87	const EVP_CIPHER *EVP_aes_256_ofb(void) { return FIPS_evp_aes_256_ofb(); }
88	const EVP_CIPHER *EVP_aes_256_xts(void) { return FIPS_evp_aes_256_xts(); }
89	const EVP_CIPHER *EVP_des_ede(void) { return FIPS_evp_des_ede(); }
90	const EVP_CIPHER *EVP_des_ede3(void) { return FIPS_evp_des_ede3(); }
91	const EVP_CIPHER *EVP_des_ede3_cbc(void) { return FIPS_evp_des_ede3_cbc(); }
92	const EVP_CIPHER *EVP_des_ede3_cfb1(void) { return FIPS_evp_des_ede3_cfb1(); }
93	const EVP_CIPHER *EVP_des_ede3_cfb64(void) { return FIPS_evp_des_ede3_cfb64(); }
94	const EVP_CIPHER *EVP_des_ede3_cfb8(void) { return FIPS_evp_des_ede3_cfb8(); }
95	const EVP_CIPHER *EVP_des_ede3_ecb(void) { return FIPS_evp_des_ede3_ecb(); }
96	const EVP_CIPHER *EVP_des_ede3_ofb(void) { return FIPS_evp_des_ede3_ofb(); }
97	const EVP_CIPHER *EVP_des_ede_cbc(void) { return FIPS_evp_des_ede_cbc(); }
98	const EVP_CIPHER *EVP_des_ede_cfb64(void) { return FIPS_evp_des_ede_cfb64(); }
99	const EVP_CIPHER *EVP_des_ede_ecb(void) { return FIPS_evp_des_ede_ecb(); }
100	const EVP_CIPHER *EVP_des_ede_ofb(void) { return FIPS_evp_des_ede_ofb(); }
101	const EVP_CIPHER *EVP_enc_null(void) { return FIPS_evp_enc_null(); }
102
103	const EVP_MD *EVP_sha1(void) { return FIPS_evp_sha1(); }
104	const EVP_MD *EVP_sha224(void) { return FIPS_evp_sha224(); }
105	const EVP_MD *EVP_sha256(void) { return FIPS_evp_sha256(); }
106	const EVP_MD *EVP_sha384(void) { return FIPS_evp_sha384(); }
107	const EVP_MD *EVP_sha512(void) { return FIPS_evp_sha512(); }
108
109	const EVP_MD *EVP_dss(void) { return FIPS_evp_dss(); }
110	const EVP_MD *EVP_dss1(void) { return FIPS_evp_dss1(); }
111	const EVP_MD *EVP_ecdsa(void) { return FIPS_evp_ecdsa(); }
112
113	#endif


diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h index 08c0a66d39..9e71f39a47 100644 --- a/src/lib/libcrypto/evp/evp_locl.h +++ b/src/lib/libcrypto/evp/evp_locl.h
@@ -347,39 +347,3 @@ void evp_pkey_set_cb_translate(BN_GENCB cb, EVP_PKEY_CTX ctx);
347	int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX ctx, const char pass, int passlen,	347	int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX ctx, const char pass, int passlen,
348	ASN1_TYPE *param,	348	ASN1_TYPE *param,
349	const EVP_CIPHER c, const EVP_MD md, int en_de);	349	const EVP_CIPHER c, const EVP_MD md, int en_de);
350
351	#ifdef OPENSSL_FIPS
352
353	#ifdef OPENSSL_DOING_MAKEDEPEND
354	#undef SHA1_Init
355	#undef SHA1_Update
356	#undef SHA224_Init
357	#undef SHA256_Init
358	#undef SHA384_Init
359	#undef SHA512_Init
360	#undef DES_set_key_unchecked
361	#endif
362
363	#define RIPEMD160_Init private_RIPEMD160_Init
364	#define WHIRLPOOL_Init private_WHIRLPOOL_Init
365	#define MD5_Init private_MD5_Init
366	#define MD4_Init private_MD4_Init
367	#define MD2_Init private_MD2_Init
368	#define MDC2_Init private_MDC2_Init
369	#define SHA_Init private_SHA_Init
370	#define SHA1_Init private_SHA1_Init
371	#define SHA224_Init private_SHA224_Init
372	#define SHA256_Init private_SHA256_Init
373	#define SHA384_Init private_SHA384_Init
374	#define SHA512_Init private_SHA512_Init
375
376	#define BF_set_key private_BF_set_key
377	#define CAST_set_key private_CAST_set_key
378	#define idea_set_encrypt_key private_idea_set_encrypt_key
379	#define SEED_set_key private_SEED_set_key
380	#define RC2_set_key private_RC2_set_key
381	#define RC4_set_key private_RC4_set_key
382	#define DES_set_key_unchecked private_DES_set_key_unchecked
383	#define Camellia_set_key private_Camellia_set_key
384
385	#endif


diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c index 6fb7e9a861..89ea5b7a6d 100644 --- a/src/lib/libcrypto/evp/m_dss.c +++ b/src/lib/libcrypto/evp/m_dss.c
@@ -66,7 +66,6 @@
66	#endif	66	#endif
67		67
68	#ifndef OPENSSL_NO_SHA	68	#ifndef OPENSSL_NO_SHA
69	#ifndef OPENSSL_FIPS
70		69
71	static int init(EVP_MD_CTX *ctx)	70	static int init(EVP_MD_CTX *ctx)
72	{ return SHA1_Init(ctx->md_data); }	71	{ return SHA1_Init(ctx->md_data); }
@@ -98,4 +97,3 @@ const EVP_MD *EVP_dss(void)
98	return(&dsa_md);	97	return(&dsa_md);
99	}	98	}
100	#endif	99	#endif
101	#endif


diff --git a/src/lib/libcrypto/evp/m_dss1.c b/src/lib/libcrypto/evp/m_dss1.c index 2df362a670..a010103b7a 100644 --- a/src/lib/libcrypto/evp/m_dss1.c +++ b/src/lib/libcrypto/evp/m_dss1.c
@@ -68,8 +68,6 @@
68	#include <openssl/dsa.h>	68	#include <openssl/dsa.h>
69	#endif	69	#endif
70		70
71	#ifndef OPENSSL_FIPS
72
73	static int init(EVP_MD_CTX *ctx)	71	static int init(EVP_MD_CTX *ctx)
74	{ return SHA1_Init(ctx->md_data); }	72	{ return SHA1_Init(ctx->md_data); }
75		73
@@ -100,4 +98,3 @@ const EVP_MD *EVP_dss1(void)
100	return(&dss1_md);	98	return(&dss1_md);
101	}	99	}
102	#endif	100	#endif
103	#endif


diff --git a/src/lib/libcrypto/evp/m_ecdsa.c b/src/lib/libcrypto/evp/m_ecdsa.c index 4b15fb0f6c..a6ed24b0b6 100644 --- a/src/lib/libcrypto/evp/m_ecdsa.c +++ b/src/lib/libcrypto/evp/m_ecdsa.c
@@ -116,7 +116,6 @@
116	#include <openssl/x509.h>	116	#include <openssl/x509.h>
117		117
118	#ifndef OPENSSL_NO_SHA	118	#ifndef OPENSSL_NO_SHA
119	#ifndef OPENSSL_FIPS
120		119
121	static int init(EVP_MD_CTX *ctx)	120	static int init(EVP_MD_CTX *ctx)
122	{ return SHA1_Init(ctx->md_data); }	121	{ return SHA1_Init(ctx->md_data); }
@@ -148,4 +147,3 @@ const EVP_MD *EVP_ecdsa(void)
148	return(&ecdsa_md);	147	return(&ecdsa_md);
149	}	148	}
150	#endif	149	#endif
151	#endif


diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c index bd0c01ad3c..f39ae77925 100644 --- a/src/lib/libcrypto/evp/m_sha1.c +++ b/src/lib/libcrypto/evp/m_sha1.c
@@ -59,8 +59,6 @@
59	#include <stdio.h>	59	#include <stdio.h>
60	#include "cryptlib.h"	60	#include "cryptlib.h"
61		61
62	#ifndef OPENSSL_FIPS
63
64	#ifndef OPENSSL_NO_SHA	62	#ifndef OPENSSL_NO_SHA
65		63
66	#include <openssl/evp.h>	64	#include <openssl/evp.h>
@@ -205,5 +203,3 @@ static const EVP_MD sha512_md=
205	const EVP_MD *EVP_sha512(void)	203	const EVP_MD *EVP_sha512(void)
206	{ return(&sha512_md); }	204	{ return(&sha512_md); }
207	#endif /* ifndef OPENSSL_NO_SHA512 */	205	#endif /* ifndef OPENSSL_NO_SHA512 */
208
209	#endif