remove FIPS mode support. people who require FIPS can buy something that

meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
author: tedu <> 2014-04-15 20:06:10 +0000
committer: tedu <> 2014-04-15 20:06:10 +0000
commit: 3c7d2178681a2741a8cc8a042cb2ea6ee28528b8 (patch)
tree: 11be20c8110348001494179db4f9b0b67ce149ba /src/lib/libcrypto/dh
parent: 4c8a9a73429ac4a1d79f4bab6a397df643934861 (diff)
download: openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.gz
openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.bz2
openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.zip
3 files changed, 0 insertions, 44 deletions
diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c
index 7b1fe9c9cb..cfd5b11868 100644
--- a/src/lib/libcrypto/dh/dh_gen.c
+++ b/src/lib/libcrypto/dh/dh_gen.c
@@ -66,29 +66,12 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
 int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
        {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD)
-                        && !(ret->flags & DH_FLAG_NON_FIPS_ALLOW))
-                {
-                DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD);
-                return 0;
-                }
-#endif
        if(ret->meth->generate_params)
                return ret->meth->generate_params(ret, prime_len, generator, cb);
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-                return FIPS_dh_generate_parameters_ex(ret, prime_len,
-                                                        generator, cb);
-#endif
        return dh_builtin_genparams(ret, prime_len, generator, cb);
        }
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c
index 89a74db4e6..9596270f7d 100644
--- a/src/lib/libcrypto/dh/dh_key.c
+++ b/src/lib/libcrypto/dh/dh_key.c
@@ -73,27 +73,11 @@ static int dh_finish(DH *dh);
 int DH_generate_key(DH *dh)
        {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
-                        && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
-                {
-                DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD);
-                return 0;
-                }
-#endif
        return dh->meth->generate_key(dh);
        }
 int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
        {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
-                        && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
-                {
-                DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD);
-                return 0;
-                }
-#endif
        return dh->meth->compute_key(key, pub_key, dh);
        }
diff --git a/src/lib/libcrypto/dh/dh_lib.c b/src/lib/libcrypto/dh/dh_lib.c
index 00218f2b92..a40caaf75b 100644
--- a/src/lib/libcrypto/dh/dh_lib.c
+++ b/src/lib/libcrypto/dh/dh_lib.c
@@ -64,10 +64,6 @@
 #include <openssl/engine.h>
 #endif
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
 static const DH_METHOD *default_DH_method = NULL;
@@ -81,14 +77,7 @@ const DH_METHOD *DH_get_default_method(void)
        {
        if(!default_DH_method)
                {
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        return FIPS_dh_openssl();
-                else
-                        return DH_OpenSSL();
-#else
                default_DH_method = DH_OpenSSL();
-#endif
                }
        return default_DH_method;
        }
author	tedu <>	2014-04-15 20:06:10 +0000
committer	tedu <>	2014-04-15 20:06:10 +0000
commit	3c7d2178681a2741a8cc8a042cb2ea6ee28528b8 (patch)
tree	11be20c8110348001494179db4f9b0b67ce149ba /src/lib/libcrypto/dh
parent	4c8a9a73429ac4a1d79f4bab6a397df643934861 (diff)
download	openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.gz openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.bz2 openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.zip

diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c index 7b1fe9c9cb..cfd5b11868 100644 --- a/src/lib/libcrypto/dh/dh_gen.c +++ b/src/lib/libcrypto/dh/dh_gen.c
@@ -66,29 +66,12 @@
66	#include <openssl/bn.h>	66	#include <openssl/bn.h>
67	#include <openssl/dh.h>	67	#include <openssl/dh.h>
68		68
69	#ifdef OPENSSL_FIPS
70	#include <openssl/fips.h>
71	#endif
72
73	static int dh_builtin_genparams(DH ret, int prime_len, int generator, BN_GENCB cb);	69	static int dh_builtin_genparams(DH ret, int prime_len, int generator, BN_GENCB cb);
74		70
75	int DH_generate_parameters_ex(DH ret, int prime_len, int generator, BN_GENCB cb)	71	int DH_generate_parameters_ex(DH ret, int prime_len, int generator, BN_GENCB cb)
76	{	72	{
77	#ifdef OPENSSL_FIPS
78	if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD)
79	&& !(ret->flags & DH_FLAG_NON_FIPS_ALLOW))
80	{
81	DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD);
82	return 0;
83	}
84	#endif
85	if(ret->meth->generate_params)	73	if(ret->meth->generate_params)
86	return ret->meth->generate_params(ret, prime_len, generator, cb);	74	return ret->meth->generate_params(ret, prime_len, generator, cb);
87	#ifdef OPENSSL_FIPS
88	if (FIPS_mode())
89	return FIPS_dh_generate_parameters_ex(ret, prime_len,
90	generator, cb);
91	#endif
92	return dh_builtin_genparams(ret, prime_len, generator, cb);	75	return dh_builtin_genparams(ret, prime_len, generator, cb);
93	}	76	}
94		77


diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c index 89a74db4e6..9596270f7d 100644 --- a/src/lib/libcrypto/dh/dh_key.c +++ b/src/lib/libcrypto/dh/dh_key.c
@@ -73,27 +73,11 @@ static int dh_finish(DH *dh);
73		73
74	int DH_generate_key(DH *dh)	74	int DH_generate_key(DH *dh)
75	{	75	{
76	#ifdef OPENSSL_FIPS
77	if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
78	&& !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
79	{
80	DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD);
81	return 0;
82	}
83	#endif
84	return dh->meth->generate_key(dh);	76	return dh->meth->generate_key(dh);
85	}	77	}
86		78
87	int DH_compute_key(unsigned char key, const BIGNUM pub_key, DH *dh)	79	int DH_compute_key(unsigned char key, const BIGNUM pub_key, DH *dh)
88	{	80	{
89	#ifdef OPENSSL_FIPS
90	if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
91	&& !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
92	{
93	DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD);
94	return 0;
95	}
96	#endif
97	return dh->meth->compute_key(key, pub_key, dh);	81	return dh->meth->compute_key(key, pub_key, dh);
98	}	82	}
99		83


diff --git a/src/lib/libcrypto/dh/dh_lib.c b/src/lib/libcrypto/dh/dh_lib.c index 00218f2b92..a40caaf75b 100644 --- a/src/lib/libcrypto/dh/dh_lib.c +++ b/src/lib/libcrypto/dh/dh_lib.c
@@ -64,10 +64,6 @@
64	#include <openssl/engine.h>	64	#include <openssl/engine.h>
65	#endif	65	#endif
66		66
67	#ifdef OPENSSL_FIPS
68	#include <openssl/fips.h>
69	#endif
70
71	const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT;	67	const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
72		68
73	static const DH_METHOD *default_DH_method = NULL;	69	static const DH_METHOD *default_DH_method = NULL;
@@ -81,14 +77,7 @@ const DH_METHOD *DH_get_default_method(void)
81	{	77	{
82	if(!default_DH_method)	78	if(!default_DH_method)
83	{	79	{
84	#ifdef OPENSSL_FIPS
85	if (FIPS_mode())
86	return FIPS_dh_openssl();
87	else
88	return DH_OpenSSL();
89	#else
90	default_DH_method = DH_OpenSSL();	80	default_DH_method = DH_OpenSSL();
91	#endif
92	}	81	}
93	return default_DH_method;	82	return default_DH_method;
94	}	83	}