remove FIPS mode support. people who require FIPS can buy something that

meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
author: tedu <> 2014-04-15 20:06:10 +0000
committer: tedu <> 2014-04-15 20:06:10 +0000
commit: 3c7d2178681a2741a8cc8a042cb2ea6ee28528b8 (patch)
tree: 11be20c8110348001494179db4f9b0b67ce149ba /src/lib/libcrypto/o_fips.c
parent: 4c8a9a73429ac4a1d79f4bab6a397df643934861 (diff)
download: openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.gz
openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.bz2
openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.zip
1 files changed, 0 insertions, 22 deletions
diff --git a/src/lib/libcrypto/o_fips.c b/src/lib/libcrypto/o_fips.c
index 9c185cfb18..43312ae23f 100644
--- a/src/lib/libcrypto/o_fips.c
+++ b/src/lib/libcrypto/o_fips.c
@@ -56,42 +56,20 @@
 */
 #include "cryptlib.h"
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-#include <openssl/rand.h>
-#endif
 int
 FIPS_mode(void)
 {
        OPENSSL_init();
-#ifdef OPENSSL_FIPS
-        return FIPS_module_mode();
-#else
        return 0;
-#endif
 }
 int
 FIPS_mode_set(int r)
 {
        OPENSSL_init();
-#ifdef OPENSSL_FIPS
-#ifndef FIPS_AUTH_USER_PASS
-#define FIPS_AUTH_USER_PASS     "Default FIPS Crypto User Password"
-#endif
-        if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS))
-                return 0;
-        if (r)
-                RAND_set_rand_method(FIPS_rand_get_method());
-        else
-                RAND_set_rand_method(NULL);
-        return 1;
-#else
        if (r == 0)
                return 1;
        CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED);
        return 0;
-#endif
 }
author	tedu <>	2014-04-15 20:06:10 +0000
committer	tedu <>	2014-04-15 20:06:10 +0000
commit	3c7d2178681a2741a8cc8a042cb2ea6ee28528b8 (patch)
tree	11be20c8110348001494179db4f9b0b67ce149ba /src/lib/libcrypto/o_fips.c
parent	4c8a9a73429ac4a1d79f4bab6a397df643934861 (diff)
download	openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.gz openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.bz2 openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.zip

diff --git a/src/lib/libcrypto/o_fips.c b/src/lib/libcrypto/o_fips.c index 9c185cfb18..43312ae23f 100644 --- a/src/lib/libcrypto/o_fips.c +++ b/src/lib/libcrypto/o_fips.c
@@ -56,42 +56,20 @@
56	*/	56	*/
57		57
58	#include "cryptlib.h"	58	#include "cryptlib.h"
59	#ifdef OPENSSL_FIPS
60	#include <openssl/fips.h>
61	#include <openssl/fips_rand.h>
62	#include <openssl/rand.h>
63	#endif
64		59
65	int	60	int
66	FIPS_mode(void)	61	FIPS_mode(void)
67	{	62	{
68	OPENSSL_init();	63	OPENSSL_init();
69	#ifdef OPENSSL_FIPS
70	return FIPS_module_mode();
71	#else
72	return 0;	64	return 0;
73	#endif
74	}	65	}
75		66
76	int	67	int
77	FIPS_mode_set(int r)	68	FIPS_mode_set(int r)
78	{	69	{
79	OPENSSL_init();	70	OPENSSL_init();
80	#ifdef OPENSSL_FIPS
81	#ifndef FIPS_AUTH_USER_PASS
82	#define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password"
83	#endif
84	if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS))
85	return 0;
86	if (r)
87	RAND_set_rand_method(FIPS_rand_get_method());
88	else
89	RAND_set_rand_method(NULL);
90	return 1;
91	#else
92	if (r == 0)	71	if (r == 0)
93	return 1;	72	return 1;
94	CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED);	73	CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED);
95	return 0;	74	return 0;
96	#endif
97	}	75	}