From 839261592ca447aa083403cee7b0ced97cef6159 Mon Sep 17 00:00:00 2001
From: Shane Lontis <shane.lontis@oracle.com>
Date: Thu, 6 May 2021 14:03:20 +1000
Subject: [PATCH] Remove unused code from the fips module

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15167)
---
 Configurations/unix-Makefile.tmpl |  1 -
 crypto/ec/build.info              | 11 ++++++-----
 crypto/evp/build.info             |  7 ++++---
 crypto/md5/build.info             |  3 +--
 providers/fips-sources.checksums  | 11 +----------
 providers/fips.checksum           |  2 +-
 providers/fips.module.sources     |  9 ---------
 ssl/s3_cbc.c                      | 16 +++++++++++-----
 8 files changed, 24 insertions(+), 36 deletions(-)

diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index d98c42c85e..c2a0de3a97 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -1167,7 +1167,6 @@ $(SRCDIR)/providers/fips.module.sources: \
 	  for x in crypto/bn/asm/*.pl crypto/bn/asm/*.S \
 		   crypto/aes/asm/*.pl crypto/aes/asm/*.S \
 		   crypto/ec/asm/*.pl \
-		   crypto/md5/asm/*.pl \
 		   crypto/modes/asm/*.pl \
 		   crypto/sha/asm/*.pl; do \
 	    echo "$$x"; \
diff --git a/crypto/ec/build.info b/crypto/ec/build.info
index 4b6556acc0..dbe3a52572 100644
--- a/crypto/ec/build.info
+++ b/crypto/ec/build.info
@@ -44,9 +44,9 @@ IF[{- !$disabled{asm} -}]
 ENDIF
 
 $COMMON=ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \
-        ec_curve.c ec_check.c ec_print.c ec_key.c ecx_key.c ec_asn1.c \
-        ec2_smpl.c ec_deprecated.c \
-        ecp_oct.c ec2_oct.c ec_oct.c ec_kmeth.c ecdh_ossl.c \
+        ec_curve.c ec_check.c ec_key.c ec_kmeth.c ecx_key.c ec_asn1.c \
+        ec2_smpl.c \
+        ecp_oct.c ec2_oct.c ec_oct.c ecdh_ossl.c \
         ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c \
         curve448/f_generic.c curve448/scalar.c \
         curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \
@@ -57,8 +57,9 @@ IF[{- !$disabled{'ec_nistp_64_gcc_128'} -}]
   $COMMON=$COMMON ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c
 ENDIF
 
-SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c ecx_meth.c ecx_key.c \
-                        ec_err.c eck_prn.c
+SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c ecx_meth.c \
+                        ec_err.c eck_prn.c \
+                        ec_deprecated.c ec_print.c
 SOURCE[../../providers/libfips.a]=$COMMON
 
 # Implementations are now spread across several libraries, so the defines
diff --git a/crypto/evp/build.info b/crypto/evp/build.info
index 34551df4a3..95fea31226 100644
--- a/crypto/evp/build.info
+++ b/crypto/evp/build.info
@@ -1,8 +1,8 @@
 LIBS=../../libcrypto
-$COMMON=digest.c evp_enc.c evp_lib.c evp_fetch.c cmeth_lib.c evp_utils.c \
+$COMMON=digest.c evp_enc.c evp_lib.c evp_fetch.c evp_utils.c \
         mac_lib.c mac_meth.c keymgmt_meth.c keymgmt_lib.c kdf_lib.c kdf_meth.c \
         m_sigver.c pmeth_lib.c signature.c p_lib.c pmeth_gn.c exchange.c \
-        pmeth_check.c evp_rand.c asymcipher.c kem.c dh_support.c ec_support.c
+        evp_rand.c asymcipher.c kem.c dh_support.c ec_support.c pmeth_check.c
 
 SOURCE[../../libcrypto]=$COMMON\
         encode.c evp_key.c evp_cnf.c \
@@ -15,7 +15,8 @@ SOURCE[../../libcrypto]=$COMMON\
         evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c pbe_scrypt.c \
         e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \
         e_chacha20_poly1305.c \
-        legacy_sha.c ctrl_params_translate.c
+        legacy_sha.c ctrl_params_translate.c \
+        cmeth_lib.c
 
 # Diverse type specific ctrl functions.  They are kinda sorta legacy, kinda
 # sorta not.
diff --git a/crypto/md5/build.info b/crypto/md5/build.info
index c35177bd50..080411cc2c 100644
--- a/crypto/md5/build.info
+++ b/crypto/md5/build.info
@@ -15,7 +15,7 @@ IF[{- !$disabled{asm} -}]
 ENDIF
 
 $COMMON=md5_dgst.c md5_one.c md5_sha1.c $MD5ASM
-SOURCE[../../libcrypto ../../providers/libfips.a]=$COMMON
+SOURCE[../../libcrypto]=$COMMON
 
 # A no-deprecated no-shared build ends up with double function definitions
 # without conditioning this on dso. The issue is MD5 which is needed in the
@@ -30,7 +30,6 @@ ENDIF
 # Implementations are now spread across several libraries, so the defines
 # need to be applied to all affected libraries and modules.
 DEFINE[../../libcrypto]=$MD5DEF
-DEFINE[../../providers/libfips.a]=$MD5DEF
 DEFINE[../../providers/liblegacy.a]=$MD5DEF
 
 GENERATE[md5-586.s]=asm/md5-586.pl
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index b1ec8f2339..e6d798648a 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -147,13 +147,11 @@ ed003170c5eaaaa4a33f4ef37b43465f2ba7a5fa5fec2d7d17c1e0897ea818d7  crypto/ec/ec2_
 86e2becf9b3870979e2abefa1bd318e1a31820d275e2b50e03b17fc287abb20a  crypto/ec/ec_check.c
 845a5e6ad6921aed63a18084d6b64a1907e4cb093639153ba32138e0b29ff0e5  crypto/ec/ec_curve.c
 8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f  crypto/ec/ec_cvt.c
-06fa7c8f23374ab9c1006d6fd65ee95dac3a3fae036ea6f14399c1a5cc0c7d00  crypto/ec/ec_deprecated.c
 2103bb62699b1a0ca4e3f75bd1697d856a9afd7f0051d49e433cf69d62d53e2a  crypto/ec/ec_key.c
 7b34605e017eb81037344538f917c32d3ab85c744a819617e012bab73c27dd68  crypto/ec/ec_kmeth.c
 90f070e5a7ea950e6fe88ed81c72161c58a4896efb4608076061e1fe12908908  crypto/ec/ec_lib.c
 58aa89c186c9bb6a5075a1d961723fe1fc97c6e290756ae682fe494c4f2435a0  crypto/ec/ec_mult.c
 129c6b42417bfcf582f4a959cfd65433e6f85b158274f4fa38f9c62615ac9166  crypto/ec/ec_oct.c
-ccbf1f7dcba81cb40c07619120e9c330e06e1e7c788ca8912f0f4b1d25bd3f7c  crypto/ec/ec_print.c
 4341615ac00e3e42c41acd3b36af10250995fb919febc5289122b785c5eccf73  crypto/ec/ecdh_kdf.c
 b2cf8f052a5716137da7b0e857ed7a5df5fb513b6d14534199a05e32f2b5a866  crypto/ec/ecdh_ossl.c
 49bf1a4dd3d53a5c0e4e05d71be0f6fcbeb5d013c70084ad8111e2d46b7e0f58  crypto/ec/ecdsa_ossl.c
@@ -167,7 +165,6 @@ fa39906519062932adafb63cbf05b5dfa7563673576d421c80ec6b889d024e84  crypto/ec/ecp_
 4d9e693c64709a9359ac724a767a85566849373231e314b8d8127b707dd5e83d  crypto/ec/ecx_backend.c
 22c44f561ab42d1bd7fd3a3c538ebaba375a704f98056b035e7949d73963c580  crypto/ec/ecx_key.c
 7c7f3e2a19a95d62942790e525f00cccc87e46da099a0c96d101787d68c75128  crypto/evp/asymcipher.c
-2aacf20d2b9ff0d11b0b4869c530685558ad8898da11391978322b606a0133ba  crypto/evp/cmeth_lib.c
 0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b  crypto/evp/dh_support.c
 4433d40517d9550f6a1db90dfb912e32ee10b95497ddfc2a7edb2116f87ee531  crypto/evp/digest.c
 87599335b61f97362799170d7b19cbbf775bfecc0fab570b267c7622241cfad8  crypto/evp/ec_support.c
@@ -201,12 +198,6 @@ a87945698684673832fbedb4d01e2f11df58f43f79605a9e6d7136bb15b02e52  crypto/ffc/ffc
 84d8ae0141a79548ad65b31fe4673e8603930f942f21f3a7623e23f539799764  crypto/hmac/hmac.c
 7000ba81f54c1d516a536bc6e96ad3729e3b5b15740006c2e22f0b76606042d6  crypto/initthread.c
 c6c83f826eb6465f2a1b186ea692ff6fe32dbfb821d18d254625b69083d68fb0  crypto/lhash/lhash.c
-b0662fd0dddbac0379be51cee8ccb0384d819f52780a5c7b0b3fcdde145fa7bf  crypto/md5/asm/md5-586.pl
-2a31a7f88d948192d6b7c10822c72cf40f215f32909014a2babc3955dafa1593  crypto/md5/asm/md5-sparcv9.pl
-33a402414b3f08e2325bbcb07edff42c553a4400da4ec89d583b29360a3483ed  crypto/md5/asm/md5-x86_64.pl
-6926a95504413b5b29b2fa89a6c8cec5406ae7044cefe28c577279c8bb56291b  crypto/md5/md5_dgst.c
-5d07872812807c385daea71df1d4569dcba03fabce646878f9f338947528fe1f  crypto/md5/md5_one.c
-8641fbe434f769a9d70981963870ceb4dcc3aadbe4f4fa2e7a8bf70e1c47fba0  crypto/md5/md5_sha1.c
 f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0  crypto/mem_clr.c
 183bdca6f855182d7d2c78a5c961b34283f85ea69ac828b700605ee82546397d  crypto/modes/asm/aes-gcm-armv8_64.pl
 1d686af304f94743038f916125effcb51790c025f3165d8d37b526bbeee781f0  crypto/modes/asm/aesni-gcm-x86_64.pl
@@ -403,4 +394,4 @@ a7f16a6480f5051d1197b992e042a73535d0922bdd3c962d2a96af780994e858  providers/impl
 1cb6ec2efb7b2bb131622aa95e245273f5967065eb0018392ed4ced50d0813b7  providers/implementations/signature/mac_legacy_sig.c
 25fe1a61578d54c3e67b60646f3fd3d0a47ff1d4cd620ef1f1fca3341f2662a2  providers/implementations/signature/rsa_sig.c
 53a1e913fcc4a4e8e84009229cba60b9e29c7dc6536182fd290478331fad44b4  ssl/record/tls_pad.c
-0143753184c1bddf47af3bd5b5e0d788fc757dac4b77f291627fc25d46eba05c  ssl/s3_cbc.c
+85a9701b05ab8dfea42550fbc5e4d9f4011d08ccc64829648fc12091cc1133f5  ssl/s3_cbc.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index e9adf327b3..4ee2135be1 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-4fcfc6375eef7bed6219191cce24513be04a6ebb8b2d5da8e404150a2ecc0eba  providers/fips-sources.checksums
+a1ce185646a78b5eb88229b77aec1455e6e361f7428bb884aebe45cb8fdc3703  providers/fips-sources.checksums
diff --git a/providers/fips.module.sources b/providers/fips.module.sources
index 416a2b97f7..7be12dc42e 100644
--- a/providers/fips.module.sources
+++ b/providers/fips.module.sources
@@ -147,13 +147,11 @@ crypto/ec/ec_backend.c
 crypto/ec/ec_check.c
 crypto/ec/ec_curve.c
 crypto/ec/ec_cvt.c
-crypto/ec/ec_deprecated.c
 crypto/ec/ec_key.c
 crypto/ec/ec_kmeth.c
 crypto/ec/ec_lib.c
 crypto/ec/ec_mult.c
 crypto/ec/ec_oct.c
-crypto/ec/ec_print.c
 crypto/ec/ecdh_kdf.c
 crypto/ec/ecdh_ossl.c
 crypto/ec/ecdsa_ossl.c
@@ -167,7 +165,6 @@ crypto/ec/ecp_smpl.c
 crypto/ec/ecx_backend.c
 crypto/ec/ecx_key.c
 crypto/evp/asymcipher.c
-crypto/evp/cmeth_lib.c
 crypto/evp/dh_support.c
 crypto/evp/digest.c
 crypto/evp/ec_support.c
@@ -201,12 +198,6 @@ crypto/ffc/ffc_params_validate.c
 crypto/hmac/hmac.c
 crypto/initthread.c
 crypto/lhash/lhash.c
-crypto/md5/asm/md5-586.pl
-crypto/md5/asm/md5-sparcv9.pl
-crypto/md5/asm/md5-x86_64.pl
-crypto/md5/md5_dgst.c
-crypto/md5/md5_one.c
-crypto/md5/md5_sha1.c
 crypto/mem_clr.c
 crypto/modes/asm/aes-gcm-armv8_64.pl
 crypto/modes/asm/aesni-gcm-x86_64.pl
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index 26f12654e4..2b4b16cb58 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -75,15 +75,16 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
  */
 #define MAX_HASH_BLOCK_SIZE 128
 
+#ifndef FIPS_MODULE
 /*
  * u32toLE serializes an unsigned, 32-bit number (n) as four bytes at (p) in
  * little-endian order. The value of p is advanced by four.
  */
-#define u32toLE(n, p) \
-        (*((p)++)=(unsigned char)(n), \
-         *((p)++)=(unsigned char)(n>>8), \
-         *((p)++)=(unsigned char)(n>>16), \
-         *((p)++)=(unsigned char)(n>>24))
+# define u32toLE(n, p) \
+         (*((p)++)=(unsigned char)(n), \
+          *((p)++)=(unsigned char)(n>>8), \
+          *((p)++)=(unsigned char)(n>>16), \
+          *((p)++)=(unsigned char)(n>>24))
 
 /*
  * These functions serialize the state of a hash and thus perform the
@@ -98,6 +99,7 @@ static void tls1_md5_final_raw(void *ctx, unsigned char *md_out)
     u32toLE(md5->C, md_out);
     u32toLE(md5->D, md_out);
 }
+#endif /* FIPS_MODULE */
 
 static void tls1_sha1_final_raw(void *ctx, unsigned char *md_out)
 {
@@ -196,6 +198,9 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
         return 0;
 
     if (EVP_MD_is_a(md, "MD5")) {
+#ifdef FIPS_MODULE
+        return 0;
+#else
         if (MD5_Init((MD5_CTX *)md_state.c) <= 0)
             return 0;
         md_final_raw = tls1_md5_final_raw;
@@ -204,6 +209,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
         md_size = 16;
         sslv3_pad_length = 48;
         length_is_big_endian = 0;
+#endif
     } else if (EVP_MD_is_a(md, "SHA1")) {
         if (SHA1_Init((SHA_CTX *)md_state.c) <= 0)
             return 0;
-- 
2.39.2