diff options
author | Emilia Kasper <emilia@openssl.org> | 2017-02-28 12:30:28 +0100 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2017-02-28 15:26:25 +0100 |
commit | b53338cbf8822dd774f9e4057307f347d2b63ff0 (patch) | |
tree | 762d5194d048f5ae4d156b769115ca8f3b5b4155 /ssl | |
parent | 223a90cc9a94d1f6abf04ef28dc30b03c3e5e0c1 (diff) | |
download | openssl-b53338cbf8822dd774f9e4057307f347d2b63ff0.tar.gz |
Clean up references to FIPS
This removes the fips configure option. This option is broken as the
required FIPS code is not available.
FIPS_mode() and FIPS_mode_set() are retained for compatibility, but
FIPS_mode() always returns 0, and FIPS_mode_set() can only be used to
turn FIPS mode off.
Reviewed-by: Stephen Henson <steve@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/record/ssl3_record.c | 7 | ||||
-rw-r--r-- | ssl/s3_cbc.c | 48 | ||||
-rw-r--r-- | ssl/ssl_ciph.c | 8 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 5 | ||||
-rw-r--r-- | ssl/ssl_locl.h | 4 | ||||
-rw-r--r-- | ssl/statem/statem_lib.c | 4 |
6 files changed, 2 insertions, 74 deletions
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index df7d012049..84f54cbabd 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1119,13 +1119,6 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) EVP_MD_CTX_free(hmac); return 0; } - if (!send && !SSL_READ_ETM(ssl) && FIPS_mode()) - if (!tls_fips_digest_extra(ssl->enc_read_ctx, - mac_ctx, rec->input, - rec->length, rec->orig_len)) { - EVP_MD_CTX_free(hmac); - return 0; - } } EVP_MD_CTX_free(hmac); diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index 3a757455b0..186ab174ba 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -89,8 +89,6 @@ static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out) */ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) { - if (FIPS_mode()) - return 0; switch (EVP_MD_CTX_type(ctx)) { case NID_md5: case NID_sha1: @@ -483,49 +481,3 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, EVP_MD_CTX_free(md_ctx); return 0; } - -/* - * Due to the need to use EVP in FIPS mode we can't reimplement digests but - * we can ensure the number of blocks processed is equal for all cases by - * digesting additional data. - */ - -int tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx, - EVP_MD_CTX *mac_ctx, const unsigned char *data, - size_t data_len, size_t orig_len) -{ - size_t block_size, digest_pad, blocks_data, blocks_orig; - if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE) - return 1; - block_size = EVP_MD_CTX_block_size(mac_ctx); - /*- - * We are in FIPS mode if we get this far so we know we have only SHA* - * digests and TLS to deal with. - * Minimum digest padding length is 17 for SHA384/SHA512 and 9 - * otherwise. - * Additional header is 13 bytes. To get the number of digest blocks - * processed round up the amount of data plus padding to the nearest - * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise. - * So we have: - * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size - * equivalently: - * blocks = (payload_len + digest_pad + 12)/block_size + 1 - * HMAC adds a constant overhead. - * We're ultimately only interested in differences so this becomes - * blocks = (payload_len + 29)/128 - * for SHA384/SHA512 and - * blocks = (payload_len + 21)/64 - * otherwise. - */ - digest_pad = block_size == 64 ? 21 : 29; - blocks_orig = (orig_len + digest_pad) / block_size; - blocks_data = (data_len + digest_pad) / block_size; - /* - * MAC enough blocks to make up the difference between the original and - * actual lengths plus one extra block to ensure this is never a no op. - * The "data" pointer should always have enough space to perform this - * operation as it is large enough for a maximum length TLS buffer. - */ - return EVP_DigestSignUpdate(mac_ctx, data, - (blocks_orig - blocks_data + 1) * block_size); -} diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index e64e3da32e..0b60debdd9 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -577,9 +577,6 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, s->ssl_version < TLS1_VERSION) return 1; - if (FIPS_mode()) - return 1; - if (c->algorithm_enc == SSL_RC4 && c->algorithm_mac == SSL_MD5 && (evp = EVP_get_cipherbyname("RC4-HMAC-MD5"))) @@ -687,8 +684,6 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, /* drop those that use any of that is not available */ if (c == NULL || !c->valid) continue; - if (FIPS_mode() && (c->algo_strength & SSL_FIPS)) - continue; if ((c->algorithm_mkey & disabled_mkey) || (c->algorithm_auth & disabled_auth) || (c->algorithm_enc & disabled_enc) || @@ -1495,8 +1490,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK * to the resulting precedence to the STACK_OF(SSL_CIPHER). */ for (curr = head; curr != NULL; curr = curr->next) { - if (curr->active - && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) { + if (curr->active) { if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) { OPENSSL_free(co_list); sk_SSL_CIPHER_free(cipherstack); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 9382c2ed1d..39254f16f9 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2504,11 +2504,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL)) return NULL; - if (FIPS_mode() && (meth->version < TLS1_VERSION)) { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE); - return NULL; - } - if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); goto err; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index ac8c826a0a..565fa36f9b 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -2358,10 +2358,6 @@ __owur int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, const unsigned char *mac_secret, size_t mac_secret_length, char is_sslv3); -__owur int tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx, - EVP_MD_CTX *mac_ctx, const unsigned char *data, - size_t data_len, size_t orig_len); - __owur int srp_generate_server_master_secret(SSL *s); __owur int srp_generate_client_master_secret(SSL *s); __owur int srp_verify_server_param(SSL *s, int *al); diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index c871c00c0c..ed1ecce160 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1321,8 +1321,6 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method) return SSL_R_UNSUPPORTED_PROTOCOL; if ((method->flags & SSL_METHOD_NO_SUITEB) != 0 && tls1_suiteb(s)) return SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE; - else if ((method->flags & SSL_METHOD_NO_FIPS) != 0 && FIPS_mode()) - return SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE; return 0; } @@ -1680,7 +1678,7 @@ int ssl_choose_client_version(SSL *s, int version) * Work out what version we should be using for the initial ClientHello if the * version is initially (D)TLS_ANY_VERSION. We apply any explicit SSL_OP_NO_xxx * options, the MinProtocol and MaxProtocol configuration commands, any Suite B - * or FIPS_mode() constraints and any floor imposed by the security level here, + * constraints and any floor imposed by the security level here, * so we don't advertise the wrong protocol version to only reject the outcome later. * * Computing the right floor matters. If, e.g., TLS 1.0 and 1.2 are enabled, |