diff options
| author | tedu <> | 2014-04-15 20:06:10 +0000 |
|---|---|---|
| committer | tedu <> | 2014-04-15 20:06:10 +0000 |
| commit | 3c7d2178681a2741a8cc8a042cb2ea6ee28528b8 (patch) | |
| tree | 11be20c8110348001494179db4f9b0b67ce149ba /src/lib/libcrypto/ecdh/ech_lib.c | |
| parent | 4c8a9a73429ac4a1d79f4bab6a397df643934861 (diff) | |
| download | openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.gz openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.bz2 openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.zip | |
remove FIPS mode support. people who require FIPS can buy something that
meets their needs, but dumping it in here only penalizes the rest of us.
ok beck deraadt
Diffstat (limited to 'src/lib/libcrypto/ecdh/ech_lib.c')
| -rw-r--r-- | src/lib/libcrypto/ecdh/ech_lib.c | 19 |
1 files changed, 0 insertions, 19 deletions
diff --git a/src/lib/libcrypto/ecdh/ech_lib.c b/src/lib/libcrypto/ecdh/ech_lib.c index 0644431b75..ddf226b166 100644 --- a/src/lib/libcrypto/ecdh/ech_lib.c +++ b/src/lib/libcrypto/ecdh/ech_lib.c | |||
| @@ -73,9 +73,6 @@ | |||
| 73 | #include <openssl/engine.h> | 73 | #include <openssl/engine.h> |
| 74 | #endif | 74 | #endif |
| 75 | #include <openssl/err.h> | 75 | #include <openssl/err.h> |
| 76 | #ifdef OPENSSL_FIPS | ||
| 77 | #include <openssl/fips.h> | ||
| 78 | #endif | ||
| 79 | 76 | ||
| 80 | const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT; | 77 | const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT; |
| 81 | 78 | ||
| @@ -94,14 +91,7 @@ const ECDH_METHOD *ECDH_get_default_method(void) | |||
| 94 | { | 91 | { |
| 95 | if(!default_ECDH_method) | 92 | if(!default_ECDH_method) |
| 96 | { | 93 | { |
| 97 | #ifdef OPENSSL_FIPS | ||
| 98 | if (FIPS_mode()) | ||
| 99 | return FIPS_ecdh_openssl(); | ||
| 100 | else | ||
| 101 | return ECDH_OpenSSL(); | ||
| 102 | #else | ||
| 103 | default_ECDH_method = ECDH_OpenSSL(); | 94 | default_ECDH_method = ECDH_OpenSSL(); |
| 104 | #endif | ||
| 105 | } | 95 | } |
| 106 | return default_ECDH_method; | 96 | return default_ECDH_method; |
| 107 | } | 97 | } |
| @@ -234,15 +224,6 @@ ECDH_DATA *ecdh_check(EC_KEY *key) | |||
| 234 | } | 224 | } |
| 235 | else | 225 | else |
| 236 | ecdh_data = (ECDH_DATA *)data; | 226 | ecdh_data = (ECDH_DATA *)data; |
| 237 | #ifdef OPENSSL_FIPS | ||
| 238 | if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD) | ||
| 239 | && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) | ||
| 240 | { | ||
| 241 | ECDHerr(ECDH_F_ECDH_CHECK, ECDH_R_NON_FIPS_METHOD); | ||
| 242 | return NULL; | ||
| 243 | } | ||
| 244 | #endif | ||
| 245 | |||
| 246 | 227 | ||
| 247 | return ecdh_data; | 228 | return ecdh_data; |
| 248 | } | 229 | } |