Elimination of some sources not needed in the FIPS_MODULE

Unfortunately in terms of fips.sources this does not mean much
given the way how the .h files are added via the dependency
information from the compiler.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15622)

diff --git a/crypto/rand/build.info b/crypto/rand/build.info
index 500667c332f05f7293372f8fb3b988906653cde4..a74282516f24675f388418947106ece06675238d 100644 (file)
--- a/crypto/rand/build.info
+++ b/crypto/rand/build.info
@@ -7,7 +7,7 @@ IF[{- !$disabled{'egd'} -}]
   $CRYPTO=$CRYPTO rand_egd.c
 ENDIF
 IF[{- !$disabled{'deprecated-3.0'} -}]
-  $COMMON=$COMMON  rand_meth.c
+  $CRYPTO=$CRYPTO rand_meth.c
 ENDIF
 
 SOURCE[../../libcrypto]=$COMMON $CRYPTO

diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index a3305b76b4e4a7b9ccfac7499c092af433405412..62bd1d67967069c7661ab9bbfbed845f33991a57 100644 (file)
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -10,25 +10,25 @@
 /* We need to use some engine deprecated APIs */
 #define OPENSSL_SUPPRESS_DEPRECATED
 
-#include <stdio.h>
-#include <time.h>
-#include <limits.h>
-#include <openssl/trace.h>
 #include <openssl/err.h>
-#include <openssl/conf.h>
-#include "internal/cryptlib.h"
 #include <openssl/opensslconf.h>
-#include "crypto/rand.h"
-#include "crypto/cryptlib.h"
-#include <openssl/engine.h>
 #include <openssl/core_names.h>
+#include "internal/cryptlib.h"
 #include "internal/thread_once.h"
+#include "crypto/rand.h"
+#include "crypto/cryptlib.h"
 #include "rand_local.h"
-#include "e_os.h"
 
 #ifndef FIPS_MODULE
+# include <stdio.h>
+# include <time.h>
+# include <limits.h>
+# include <openssl/conf.h>
+# include <openssl/trace.h>
+# include <openssl/engine.h>
 # include "crypto/rand_pool.h"
 # include "prov/seeding.h"
+# include "e_os.h"
 
 # ifndef OPENSSL_NO_ENGINE
 /* non-NULL if default_RAND_meth is ENGINE-provided */
@@ -319,7 +319,7 @@ int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num,
                        unsigned int strength)
 {
     EVP_RAND_CTX *rand;
-#ifndef OPENSSL_NO_DEPRECATED_3_0
+#if !defined(OPENSSL_NO_DEPRECATED_3_0) && !defined(FIPS_MODULE)
     const RAND_METHOD *meth = RAND_get_rand_method();
 
     if (meth != NULL && meth != RAND_OpenSSL()) {
@@ -348,7 +348,7 @@ int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num,
                   unsigned int strength)
 {
     EVP_RAND_CTX *rand;
-#ifndef OPENSSL_NO_DEPRECATED_3_0
+#if !defined(OPENSSL_NO_DEPRECATED_3_0) && !defined(FIPS_MODULE)
     const RAND_METHOD *meth = RAND_get_rand_method();
 
     if (meth != NULL && meth != RAND_OpenSSL()) {

diff --git a/crypto/rand/rand_local.h b/crypto/rand/rand_local.h
index 3b4ad8ca65f85131d4aefea6a9087b00b1b90316..31428f20c85e40c5a6611267496fda2f9097c2cd 100644 (file)
--- a/crypto/rand/rand_local.h
+++ b/crypto/rand/rand_local.h
@@ -25,7 +25,9 @@
 # define PRIMARY_RESEED_TIME_INTERVAL            (60 * 60) /* 1 hour */
 # define SECONDARY_RESEED_TIME_INTERVAL          (7 * 60)  /* 7 minutes */
 
+# ifndef FIPS_MODULE
 /* The global RAND method, and the global buffer and DRBG instance. */
 extern RAND_METHOD ossl_rand_meth;
+# endif
 
 #endif

diff --git a/crypto/rand/rand_meth.c b/crypto/rand/rand_meth.c
index 49bf0acdf500926bf88abd0320822bd023183600..276763057db268975c144d93f463e5b8bcd26f59 100644 (file)
--- a/crypto/rand/rand_meth.c
+++ b/crypto/rand/rand_meth.c
@@ -61,9 +61,5 @@ RAND_METHOD ossl_rand_meth = {
 
 RAND_METHOD *RAND_OpenSSL(void)
 {
-#ifndef FIPS_MODULE
     return &ossl_rand_meth;
-#else
-    return NULL;
-#endif
 }

diff --git a/include/crypto/sm2.h b/include/crypto/sm2.h
index e3278a31e6c6ab2093e421863c212142ce1853a7..165c01810f8cc20d73d6d19c92a9fc54554dc948 100644 (file)
--- a/include/crypto/sm2.h
+++ b/include/crypto/sm2.h
@@ -15,7 +15,7 @@
 
 # include <openssl/opensslconf.h>
 
-# ifndef OPENSSL_NO_SM2
+# if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
 
 #  include <openssl/ec.h>
 #  include "crypto/types.h"