remove FIPS mode support. people who require FIPS can buy something that

meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
author: tedu <> 2014-04-15 20:06:10 +0000
committer: tedu <> 2014-04-15 20:06:10 +0000
commit: f88d9acb16e601adf96b4de4b1041d52d0d846da (patch)
tree: 11be20c8110348001494179db4f9b0b67ce149ba /src/lib/libcrypto/dh/dh_key.c
parent: e3275129dc02b842088cee9974244d4933cd72c6 (diff)
download: openbsd-f88d9acb16e601adf96b4de4b1041d52d0d846da.tar.gz
openbsd-f88d9acb16e601adf96b4de4b1041d52d0d846da.tar.bz2
openbsd-f88d9acb16e601adf96b4de4b1041d52d0d846da.zip
1 files changed, 0 insertions, 16 deletions
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c
index 89a74db4e6..9596270f7d 100644
--- a/src/lib/libcrypto/dh/dh_key.c
+++ b/src/lib/libcrypto/dh/dh_key.c
@@ -73,27 +73,11 @@ static int dh_finish(DH *dh);
 int DH_generate_key(DH *dh)
        {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
-                        && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
-                {
-                DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD);
-                return 0;
-                }
-#endif
        return dh->meth->generate_key(dh);
        }
 int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
        {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
-                        && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
-                {
-                DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD);
-                return 0;
-                }
-#endif
        return dh->meth->compute_key(key, pub_key, dh);
        }
author	tedu <>	2014-04-15 20:06:10 +0000
committer	tedu <>	2014-04-15 20:06:10 +0000
commit	f88d9acb16e601adf96b4de4b1041d52d0d846da (patch)
tree	11be20c8110348001494179db4f9b0b67ce149ba /src/lib/libcrypto/dh/dh_key.c
parent	e3275129dc02b842088cee9974244d4933cd72c6 (diff)
download	openbsd-f88d9acb16e601adf96b4de4b1041d52d0d846da.tar.gz openbsd-f88d9acb16e601adf96b4de4b1041d52d0d846da.tar.bz2 openbsd-f88d9acb16e601adf96b4de4b1041d52d0d846da.zip

diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c index 89a74db4e6..9596270f7d 100644 --- a/src/lib/libcrypto/dh/dh_key.c +++ b/src/lib/libcrypto/dh/dh_key.c
@@ -73,27 +73,11 @@ static int dh_finish(DH *dh);
73		73
74	int DH_generate_key(DH *dh)	74	int DH_generate_key(DH *dh)
75	{	75	{
76	#ifdef OPENSSL_FIPS
77	if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
78	&& !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
79	{
80	DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD);
81	return 0;
82	}
83	#endif
84	return dh->meth->generate_key(dh);	76	return dh->meth->generate_key(dh);
85	}	77	}
86		78
87	int DH_compute_key(unsigned char key, const BIGNUM pub_key, DH *dh)	79	int DH_compute_key(unsigned char key, const BIGNUM pub_key, DH *dh)
88	{	80	{
89	#ifdef OPENSSL_FIPS
90	if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
91	&& !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
92	{
93	DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD);
94	return 0;
95	}
96	#endif
97	return dh->meth->compute_key(key, pub_key, dh);	81	return dh->meth->compute_key(key, pub_key, dh);
98	}	82	}
99		83