remove FIPS mode support. people who require FIPS can buy something that

meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
author: tedu <> 2014-04-15 20:06:10 +0000
committer: tedu <> 2014-04-15 20:06:10 +0000
commit: 3c7d2178681a2741a8cc8a042cb2ea6ee28528b8 (patch)
tree: 11be20c8110348001494179db4f9b0b67ce149ba /src/lib/libcrypto/dsa/dsa_gen.c
parent: 4c8a9a73429ac4a1d79f4bab6a397df643934861 (diff)
download: openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.gz
openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.bz2
openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.zip
1 files changed, 0 insertions, 20 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
index c398761d0d..e6a5452016 100644
--- a/src/lib/libcrypto/dsa/dsa_gen.c
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -81,33 +81,13 @@
 #include <openssl/sha.h>
 #include "dsa_locl.h"
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 int DSA_generate_parameters_ex(DSA *ret, int bits,
                const unsigned char *seed_in, int seed_len,
                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
        {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)
-                        && !(ret->flags & DSA_FLAG_NON_FIPS_ALLOW))
-                {
-                DSAerr(DSA_F_DSA_GENERATE_PARAMETERS_EX, DSA_R_NON_FIPS_DSA_METHOD);
-                return 0;
-                }
-#endif
        if(ret->meth->dsa_paramgen)
                return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
                                counter_ret, h_ret, cb);
-#ifdef OPENSSL_FIPS
-        else if (FIPS_mode())
-                {
-                return FIPS_dsa_generate_parameters_ex(ret, bits, 
-                                                        seed_in, seed_len,
-                                                        counter_ret, h_ret, cb);
-                }
-#endif
        else
                {
                const EVP_MD *evpmd;
author	tedu <>	2014-04-15 20:06:10 +0000
committer	tedu <>	2014-04-15 20:06:10 +0000
commit	3c7d2178681a2741a8cc8a042cb2ea6ee28528b8 (patch)
tree	11be20c8110348001494179db4f9b0b67ce149ba /src/lib/libcrypto/dsa/dsa_gen.c
parent	4c8a9a73429ac4a1d79f4bab6a397df643934861 (diff)
download	openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.gz openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.bz2 openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.zip

diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c index c398761d0d..e6a5452016 100644 --- a/src/lib/libcrypto/dsa/dsa_gen.c +++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -81,33 +81,13 @@
81	#include <openssl/sha.h>	81	#include <openssl/sha.h>
82	#include "dsa_locl.h"	82	#include "dsa_locl.h"
83		83
84	#ifdef OPENSSL_FIPS
85	#include <openssl/fips.h>
86	#endif
87
88	int DSA_generate_parameters_ex(DSA *ret, int bits,	84	int DSA_generate_parameters_ex(DSA *ret, int bits,
89	const unsigned char *seed_in, int seed_len,	85	const unsigned char *seed_in, int seed_len,
90	int counter_ret, unsigned long h_ret, BN_GENCB *cb)	86	int counter_ret, unsigned long h_ret, BN_GENCB *cb)
91	{	87	{
92	#ifdef OPENSSL_FIPS
93	if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)
94	&& !(ret->flags & DSA_FLAG_NON_FIPS_ALLOW))
95	{
96	DSAerr(DSA_F_DSA_GENERATE_PARAMETERS_EX, DSA_R_NON_FIPS_DSA_METHOD);
97	return 0;
98	}
99	#endif
100	if(ret->meth->dsa_paramgen)	88	if(ret->meth->dsa_paramgen)
101	return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,	89	return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
102	counter_ret, h_ret, cb);	90	counter_ret, h_ret, cb);
103	#ifdef OPENSSL_FIPS
104	else if (FIPS_mode())
105	{
106	return FIPS_dsa_generate_parameters_ex(ret, bits,
107	seed_in, seed_len,
108	counter_ret, h_ret, cb);
109	}
110	#endif
111	else	91	else
112	{	92	{
113	const EVP_MD *evpmd;	93	const EVP_MD *evpmd;