use HEAD for FIPS build

corretto · Aug 23, 2024 · 3963ea6 · 3963ea6
1 parent 97e7b7f
commit 3963ea6
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 22 deletions.
diff --git a/build.gradle b/build.gradle
@@ -16,7 +16,8 @@ group = 'software.amazon.cryptools'
 version = '2.4.1'
 ext.isFips = Boolean.getBoolean('FIPS')
 if (ext.isFips) {
-    ext.awsLcGitVersionId = 'AWS-LC-FIPS-2.0.13'
+    // TODO: replace with tags once stable
+    ext.awsLcGitVersionId = '72c276e9c709a2d9b94e41b06da6abf2b3805a4a'
 } else {
     ext.awsLcGitVersionId = '72c276e9c709a2d9b94e41b06da6abf2b3805a4a'
 }

diff --git a/csrc/keyutils.cpp b/csrc/keyutils.cpp
@@ -170,34 +170,13 @@ const EVP_MD* digestFromJstring(raii_env& env, jstring digestName)
 
 RSA* new_private_RSA_key_with_no_e(BIGNUM const* n, BIGNUM const* d)
 {
-#ifdef FIPS_BUILD
-    // AWS-LC-FIPS doesn't have RSA_new_private_key_no_e method yet.
-    // The following implementation has been copied from AWS-LC:
-    // https://github.com/aws/aws-lc/blob/v1.30.1/crypto/fipsmodule/rsa/rsa.c#L147
-    RSA_auto rsa = RSA_auto::from(RSA_new());
-    if (rsa.get() == nullptr) {
-        throw_openssl("RSA_new failed");
-    }
-
-    // RSA struct is not opaque in FIPS mode.
-    rsa->flags |= RSA_FLAG_NO_BLINDING;
-
-    bn_dup_into(&rsa->n, n);
-    bn_dup_into(&rsa->d, d);
-
-    return rsa.take();
-
-#else
-
     RSA* result = RSA_new_private_key_no_e(n, d);
 
     if (result == nullptr) {
         throw_openssl("RSA_new_private_key_no_e failed.");
     }
 
     return result;
-
-#endif
 }
 
 }