diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2020-05-07 16:08:18 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2020-05-07 16:08:18 +1000 |
commit | 31b069ecea2c567de22b3874c8e71cc37c921ec9 (patch) | |
tree | dc488176c96d28c4146126545e108fe33bd66b34 | |
parent | 45c236ad1f1c881281017941a0e7126735a190e8 (diff) | |
download | openssl-31b069ecea2c567de22b3874c8e71cc37c921ec9.zip openssl-31b069ecea2c567de22b3874c8e71cc37c921ec9.tar.gz openssl-31b069ecea2c567de22b3874c8e71cc37c921ec9.tar.bz2 |
Remove legacy FIPS_mode functions
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11680)
-rw-r--r-- | CHANGES.md | 7 | ||||
-rw-r--r-- | crypto/build.info | 2 | ||||
-rw-r--r-- | crypto/o_fips.c | 24 | ||||
-rw-r--r-- | include/openssl/crypto.h | 3 | ||||
-rw-r--r-- | util/libcrypto.num | 4 |
5 files changed, 10 insertions, 30 deletions
@@ -24,6 +24,13 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] ### +* Removed FIPS_mode() and FIPS_mode_set(). These functions are legacy API's + that are not applicable to the new provider model. Applications should + instead use EVP_default_properties_is_fips_enabled() and + EVP_default_properties_enable_fips(). + + *Shane Lontis* + * Deprecated EC_POINT_set_Jprojective_coordinates_GFp() and EC_POINT_get_Jprojective_coordinates_GFp(). These functions are not widely used and applications should instead use the diff --git a/crypto/build.info b/crypto/build.info index 860b8bb..3537bbc 100644 --- a/crypto/build.info +++ b/crypto/build.info @@ -77,7 +77,7 @@ $UTIL_DEFINE=$CPUIDDEF SOURCE[../libcrypto]=$UTIL_COMMON \ mem.c mem_sec.c \ cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \ - o_fopen.c getenv.c o_init.c o_fips.c init.c trace.c provider.c \ + o_fopen.c getenv.c o_init.c init.c trace.c provider.c \ $UPLINKSRC SOURCE[../providers/libfips.a]=$UTIL_COMMON SOURCE[../providers/liblegacy.a]=$UTIL_COMMON diff --git a/crypto/o_fips.c b/crypto/o_fips.c deleted file mode 100644 index ac768e5..0000000 --- a/crypto/o_fips.c +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" - -int FIPS_mode(void) -{ - /* This version of the library does not support FIPS mode. */ - return 0; -} - -int FIPS_mode_set(int r) -{ - if (r == 0) - return 1; - CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED); - return 0; -} diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index 0b3a20d..3cca316 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -377,9 +377,6 @@ ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line int OPENSSL_isservice(void); -int FIPS_mode(void); -int FIPS_mode_set(int r); - void OPENSSL_init(void); # ifdef OPENSSL_SYS_UNIX void OPENSSL_fork_prepare(void); diff --git a/util/libcrypto.num b/util/libcrypto.num index 32942a5..e91c265 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -490,7 +490,7 @@ X509_CRL_print 499 3_0_0 EXIST::FUNCTION: WHIRLPOOL_Update 500 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,WHIRLPOOL DSA_get_ex_data 501 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA BN_copy 502 3_0_0 EXIST::FUNCTION: -FIPS_mode_set 503 3_0_0 EXIST::FUNCTION: +FIPS_mode_set 503 3_0_0 NOEXIST::FUNCTION: X509_VERIFY_PARAM_add0_policy 504 3_0_0 EXIST::FUNCTION: PKCS7_cert_from_signer_info 505 3_0_0 EXIST::FUNCTION: X509_TRUST_get_trust 506 3_0_0 EXIST::FUNCTION: @@ -2534,7 +2534,7 @@ OPENSSL_strnlen 2587 3_0_0 EXIST::FUNCTION: IDEA_ecb_encrypt 2588 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA ASN1_STRING_set_default_mask 2589 3_0_0 EXIST::FUNCTION: TS_VERIFY_CTX_add_flags 2590 3_0_0 EXIST::FUNCTION:TS -FIPS_mode 2591 3_0_0 EXIST::FUNCTION: +FIPS_mode 2591 3_0_0 NOEXIST::FUNCTION: d2i_ASN1_UNIVERSALSTRING 2592 3_0_0 EXIST::FUNCTION: NAME_CONSTRAINTS_free 2593 3_0_0 EXIST::FUNCTION: EC_GROUP_get_order 2594 3_0_0 EXIST::FUNCTION:EC |