remove FIPS mode support. people who require FIPS can buy something that

meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
author: tedu <> 2014-04-15 20:06:10 +0000
committer: tedu <> 2014-04-15 20:06:10 +0000
commit: 3c7d2178681a2741a8cc8a042cb2ea6ee28528b8 (patch)
tree: 11be20c8110348001494179db4f9b0b67ce149ba /src/lib/libcrypto/hmac
parent: 4c8a9a73429ac4a1d79f4bab6a397df643934861 (diff)
download: openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.gz
openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.bz2
openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.zip
1 files changed, 0 insertions, 37 deletions
diff --git a/src/lib/libcrypto/hmac/hmac.c b/src/lib/libcrypto/hmac/hmac.c
index ba27cbf56f..6c98fc43a3 100644
--- a/src/lib/libcrypto/hmac/hmac.c
+++ b/src/lib/libcrypto/hmac/hmac.c
@@ -61,34 +61,12 @@
 #include "cryptlib.h"
 #include <openssl/hmac.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                  const EVP_MD *md, ENGINE *impl)
        {
        int i,j,reset=0;
        unsigned char pad[HMAC_MAX_MD_CBLOCK];
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-                {
-                /* If we have an ENGINE need to allow non FIPS */
-                if ((impl || ctx->i_ctx.engine)
-                        &&  !(ctx->i_ctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
-                        {
-                        EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS);
-                        return 0;
-                        }
-                /* Other algorithm blocking will be done in FIPS_cmac_init,
-                 * via FIPS_hmac_init_ex().
-                 */
-                if (!impl && !ctx->i_ctx.engine)
-                        return FIPS_hmac_init_ex(ctx, key, len, md, NULL);
-                }
-#endif
        if (md != NULL)
                {
                reset=1;
@@ -155,10 +133,6 @@ int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
        {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !ctx->i_ctx.engine)
-                return FIPS_hmac_update(ctx, data, len);
-#endif
        return EVP_DigestUpdate(&ctx->md_ctx,data,len);
        }
@@ -166,10 +140,6 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
        {
        unsigned int i;
        unsigned char buf[EVP_MAX_MD_SIZE];
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !ctx->i_ctx.engine)
-                return FIPS_hmac_final(ctx, md, len);
-#endif
        if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i))
                goto err;
@@ -209,13 +179,6 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
 void HMAC_CTX_cleanup(HMAC_CTX *ctx)
        {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !ctx->i_ctx.engine)
-                {
-                FIPS_hmac_ctx_cleanup(ctx);
-                return;
-                }
-#endif
        EVP_MD_CTX_cleanup(&ctx->i_ctx);
        EVP_MD_CTX_cleanup(&ctx->o_ctx);
        EVP_MD_CTX_cleanup(&ctx->md_ctx);
author	tedu <>	2014-04-15 20:06:10 +0000
committer	tedu <>	2014-04-15 20:06:10 +0000
commit	3c7d2178681a2741a8cc8a042cb2ea6ee28528b8 (patch)
tree	11be20c8110348001494179db4f9b0b67ce149ba /src/lib/libcrypto/hmac
parent	4c8a9a73429ac4a1d79f4bab6a397df643934861 (diff)
download	openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.gz openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.bz2 openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.zip

diff --git a/src/lib/libcrypto/hmac/hmac.c b/src/lib/libcrypto/hmac/hmac.c index ba27cbf56f..6c98fc43a3 100644 --- a/src/lib/libcrypto/hmac/hmac.c +++ b/src/lib/libcrypto/hmac/hmac.c
@@ -61,34 +61,12 @@
61	#include "cryptlib.h"	61	#include "cryptlib.h"
62	#include <openssl/hmac.h>	62	#include <openssl/hmac.h>
63		63
64	#ifdef OPENSSL_FIPS
65	#include <openssl/fips.h>
66	#endif
67
68	int HMAC_Init_ex(HMAC_CTX ctx, const void key, int len,	64	int HMAC_Init_ex(HMAC_CTX ctx, const void key, int len,
69	const EVP_MD md, ENGINE impl)	65	const EVP_MD md, ENGINE impl)
70	{	66	{
71	int i,j,reset=0;	67	int i,j,reset=0;
72	unsigned char pad[HMAC_MAX_MD_CBLOCK];	68	unsigned char pad[HMAC_MAX_MD_CBLOCK];
73		69
74	#ifdef OPENSSL_FIPS
75	if (FIPS_mode())
76	{
77	/* If we have an ENGINE need to allow non FIPS */
78	if ((impl \|\| ctx->i_ctx.engine)
79	&& !(ctx->i_ctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
80	{
81	EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS);
82	return 0;
83	}
84	/* Other algorithm blocking will be done in FIPS_cmac_init,
85	* via FIPS_hmac_init_ex().
86	*/
87	if (!impl && !ctx->i_ctx.engine)
88	return FIPS_hmac_init_ex(ctx, key, len, md, NULL);
89	}
90	#endif
91
92	if (md != NULL)	70	if (md != NULL)
93	{	71	{
94	reset=1;	72	reset=1;
@@ -155,10 +133,6 @@ int HMAC_Init(HMAC_CTX ctx, const void key, int len, const EVP_MD *md)
155		133
156	int HMAC_Update(HMAC_CTX ctx, const unsigned char data, size_t len)	134	int HMAC_Update(HMAC_CTX ctx, const unsigned char data, size_t len)
157	{	135	{
158	#ifdef OPENSSL_FIPS
159	if (FIPS_mode() && !ctx->i_ctx.engine)
160	return FIPS_hmac_update(ctx, data, len);
161	#endif
162	return EVP_DigestUpdate(&ctx->md_ctx,data,len);	136	return EVP_DigestUpdate(&ctx->md_ctx,data,len);
163	}	137	}
164		138
@@ -166,10 +140,6 @@ int HMAC_Final(HMAC_CTX ctx, unsigned char md, unsigned int *len)
166	{	140	{
167	unsigned int i;	141	unsigned int i;
168	unsigned char buf[EVP_MAX_MD_SIZE];	142	unsigned char buf[EVP_MAX_MD_SIZE];
169	#ifdef OPENSSL_FIPS
170	if (FIPS_mode() && !ctx->i_ctx.engine)
171	return FIPS_hmac_final(ctx, md, len);
172	#endif
173		143
174	if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i))	144	if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i))
175	goto err;	145	goto err;
@@ -209,13 +179,6 @@ int HMAC_CTX_copy(HMAC_CTX dctx, HMAC_CTX sctx)
209		179
210	void HMAC_CTX_cleanup(HMAC_CTX *ctx)	180	void HMAC_CTX_cleanup(HMAC_CTX *ctx)
211	{	181	{
212	#ifdef OPENSSL_FIPS
213	if (FIPS_mode() && !ctx->i_ctx.engine)
214	{
215	FIPS_hmac_ctx_cleanup(ctx);
216	return;
217	}
218	#endif
219	EVP_MD_CTX_cleanup(&ctx->i_ctx);	182	EVP_MD_CTX_cleanup(&ctx->i_ctx);
220	EVP_MD_CTX_cleanup(&ctx->o_ctx);	183	EVP_MD_CTX_cleanup(&ctx->o_ctx);
221	EVP_MD_CTX_cleanup(&ctx->md_ctx);	184	EVP_MD_CTX_cleanup(&ctx->md_ctx);