remove FIPS mode support. people who require FIPS can buy something that

meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
author: tedu <> 2014-04-15 20:06:10 +0000
committer: tedu <> 2014-04-15 20:06:10 +0000
commit: 3c7d2178681a2741a8cc8a042cb2ea6ee28528b8 (patch)
tree: 11be20c8110348001494179db4f9b0b67ce149ba /src/lib/libcrypto/dsa/dsa_key.c
parent: 4c8a9a73429ac4a1d79f4bab6a397df643934861 (diff)
download: openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.gz
openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.bz2
openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.zip
1 files changed, 0 insertions, 16 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
index 9cf669b921..c4aa86bc6d 100644
--- a/src/lib/libcrypto/dsa/dsa_key.c
+++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -64,28 +64,12 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 static int dsa_builtin_keygen(DSA *dsa);
 int DSA_generate_key(DSA *dsa)
        {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-                        && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-                {
-                DSAerr(DSA_F_DSA_GENERATE_KEY, DSA_R_NON_FIPS_DSA_METHOD);
-                return 0;
-                }
-#endif
        if(dsa->meth->dsa_keygen)
                return dsa->meth->dsa_keygen(dsa);
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-                return FIPS_dsa_generate_key(dsa);
-#endif
        return dsa_builtin_keygen(dsa);
        }
author	tedu <>	2014-04-15 20:06:10 +0000
committer	tedu <>	2014-04-15 20:06:10 +0000
commit	3c7d2178681a2741a8cc8a042cb2ea6ee28528b8 (patch)
tree	11be20c8110348001494179db4f9b0b67ce149ba /src/lib/libcrypto/dsa/dsa_key.c
parent	4c8a9a73429ac4a1d79f4bab6a397df643934861 (diff)
download	openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.gz openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.bz2 openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.zip

diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c index 9cf669b921..c4aa86bc6d 100644 --- a/src/lib/libcrypto/dsa/dsa_key.c +++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -64,28 +64,12 @@
64	#include <openssl/dsa.h>	64	#include <openssl/dsa.h>
65	#include <openssl/rand.h>	65	#include <openssl/rand.h>
66		66
67	#ifdef OPENSSL_FIPS
68	#include <openssl/fips.h>
69	#endif
70
71	static int dsa_builtin_keygen(DSA *dsa);	67	static int dsa_builtin_keygen(DSA *dsa);
72		68
73	int DSA_generate_key(DSA *dsa)	69	int DSA_generate_key(DSA *dsa)
74	{	70	{
75	#ifdef OPENSSL_FIPS
76	if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
77	&& !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
78	{
79	DSAerr(DSA_F_DSA_GENERATE_KEY, DSA_R_NON_FIPS_DSA_METHOD);
80	return 0;
81	}
82	#endif
83	if(dsa->meth->dsa_keygen)	71	if(dsa->meth->dsa_keygen)
84	return dsa->meth->dsa_keygen(dsa);	72	return dsa->meth->dsa_keygen(dsa);
85	#ifdef OPENSSL_FIPS
86	if (FIPS_mode())
87	return FIPS_dsa_generate_key(dsa);
88	#endif
89	return dsa_builtin_keygen(dsa);	73	return dsa_builtin_keygen(dsa);
90	}	74	}
91		75