remove FIPS mode support. people who require FIPS can buy something that

meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
author: tedu <> 2014-04-15 20:06:10 +0000
committer: tedu <> 2014-04-15 20:06:10 +0000
commit: 3c7d2178681a2741a8cc8a042cb2ea6ee28528b8 (patch)
tree: 11be20c8110348001494179db4f9b0b67ce149ba /src/lib/libcrypto/evp/digest.c
parent: 4c8a9a73429ac4a1d79f4bab6a397df643934861 (diff)
download: openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.gz
openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.bz2
openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.zip
1 files changed, 0 insertions, 27 deletions
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index d14e8e48d5..782d3199a5 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -117,10 +117,6 @@
 #include <openssl/engine.h>
 #endif
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
        {
        memset(ctx,'\0',sizeof *ctx);
@@ -229,26 +225,12 @@ skip_to_init:
                }
        if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
                return 1;
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-                {
-                if (FIPS_digestinit(ctx, type))
-                        return 1;
-                OPENSSL_free(ctx->md_data);
-                ctx->md_data = NULL;
-                return 0;
-                }
-#endif
        return ctx->digest->init(ctx);
        }
 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
        {
-#ifdef OPENSSL_FIPS
-        return FIPS_digestupdate(ctx, data, count);
-#else
        return ctx->update(ctx,data,count);
-#endif
        }
 /* The caller can assume that this removes any secret data from the context */
@@ -263,9 +245,6 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 /* The caller can assume that this removes any secret data from the context */
 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
        {
-#ifdef OPENSSL_FIPS
-        return FIPS_digestfinal(ctx, md, size);
-#else
        int ret;
        OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
@@ -279,7 +258,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
                }
        memset(ctx->md_data,0,ctx->digest->ctx_size);
        return ret;
-#endif
        }
 int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
@@ -376,7 +354,6 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
 /* This call frees resources associated with the context */
 int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
        {
-#ifndef OPENSSL_FIPS
        /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
         * because sometimes only copies of the context are ever finalised.
         */
@@ -389,7 +366,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
                OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
                OPENSSL_free(ctx->md_data);
                }
-#endif
        if (ctx->pctx)
                EVP_PKEY_CTX_free(ctx->pctx);
 #ifndef OPENSSL_NO_ENGINE
@@ -398,9 +374,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
                 * functional reference we held for this reason. */
                ENGINE_finish(ctx->engine);
 #endif
-#ifdef OPENSSL_FIPS
-        FIPS_md_ctx_cleanup(ctx);
-#endif
        memset(ctx,'\0',sizeof *ctx);
        return 1;
author	tedu <>	2014-04-15 20:06:10 +0000
committer	tedu <>	2014-04-15 20:06:10 +0000
commit	3c7d2178681a2741a8cc8a042cb2ea6ee28528b8 (patch)
tree	11be20c8110348001494179db4f9b0b67ce149ba /src/lib/libcrypto/evp/digest.c
parent	4c8a9a73429ac4a1d79f4bab6a397df643934861 (diff)
download	openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.gz openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.bz2 openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.zip