remove FIPS mode support. people who require FIPS can buy something that

meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
author: tedu <> 2014-04-15 20:06:10 +0000
committer: tedu <> 2014-04-15 20:06:10 +0000
commit: f88d9acb16e601adf96b4de4b1041d52d0d846da (patch)
tree: 11be20c8110348001494179db4f9b0b67ce149ba /src/lib/libcrypto/dsa/dsa_lib.c
parent: e3275129dc02b842088cee9974244d4933cd72c6 (diff)
download: openbsd-f88d9acb16e601adf96b4de4b1041d52d0d846da.tar.gz
openbsd-f88d9acb16e601adf96b4de4b1041d52d0d846da.tar.bz2
openbsd-f88d9acb16e601adf96b4de4b1041d52d0d846da.zip
1 files changed, 0 insertions, 11 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
index 96d8d0c4b4..897c085968 100644
--- a/src/lib/libcrypto/dsa/dsa_lib.c
+++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -70,10 +70,6 @@
 #include <openssl/dh.h>
 #endif
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
 static const DSA_METHOD *default_DSA_method = NULL;
@@ -87,14 +83,7 @@ const DSA_METHOD *DSA_get_default_method(void)
        {
        if(!default_DSA_method)
                {
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        return FIPS_dsa_openssl();
-                else
-                        return DSA_OpenSSL();
-#else
                default_DSA_method = DSA_OpenSSL();
-#endif
                }
        return default_DSA_method;
        }
author	tedu <>	2014-04-15 20:06:10 +0000
committer	tedu <>	2014-04-15 20:06:10 +0000
commit	f88d9acb16e601adf96b4de4b1041d52d0d846da (patch)
tree	11be20c8110348001494179db4f9b0b67ce149ba /src/lib/libcrypto/dsa/dsa_lib.c
parent	e3275129dc02b842088cee9974244d4933cd72c6 (diff)
download	openbsd-f88d9acb16e601adf96b4de4b1041d52d0d846da.tar.gz openbsd-f88d9acb16e601adf96b4de4b1041d52d0d846da.tar.bz2 openbsd-f88d9acb16e601adf96b4de4b1041d52d0d846da.zip