remove FIPS mode support. people who require FIPS can buy something that

meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
author: tedu <> 2014-04-15 20:06:10 +0000
committer: tedu <> 2014-04-15 20:06:10 +0000
commit: 3c7d2178681a2741a8cc8a042cb2ea6ee28528b8 (patch)
tree: 11be20c8110348001494179db4f9b0b67ce149ba /src/lib/libcrypto/rsa/rsa_gen.c
parent: 4c8a9a73429ac4a1d79f4bab6a397df643934861 (diff)
download: openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.gz
openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.bz2
openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.zip
1 files changed, 0 insertions, 15 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_gen.c b/src/lib/libcrypto/rsa/rsa_gen.c
index 42290cce66..767f7ab682 100644
--- a/src/lib/libcrypto/rsa/rsa_gen.c
+++ b/src/lib/libcrypto/rsa/rsa_gen.c
@@ -67,9 +67,6 @@
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
@@ -80,20 +77,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
 * now just because key-generation is part of RSA_METHOD. */
 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
        {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-                {
-                RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
-                return 0;
-                }
-#endif
        if(rsa->meth->rsa_keygen)
                return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-                return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
-#endif
        return rsa_builtin_keygen(rsa, bits, e_value, cb);
        }
author	tedu <>	2014-04-15 20:06:10 +0000
committer	tedu <>	2014-04-15 20:06:10 +0000
commit	3c7d2178681a2741a8cc8a042cb2ea6ee28528b8 (patch)
tree	11be20c8110348001494179db4f9b0b67ce149ba /src/lib/libcrypto/rsa/rsa_gen.c
parent	4c8a9a73429ac4a1d79f4bab6a397df643934861 (diff)
download	openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.gz openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.bz2 openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.zip

diff --git a/src/lib/libcrypto/rsa/rsa_gen.c b/src/lib/libcrypto/rsa/rsa_gen.c index 42290cce66..767f7ab682 100644 --- a/src/lib/libcrypto/rsa/rsa_gen.c +++ b/src/lib/libcrypto/rsa/rsa_gen.c
@@ -67,9 +67,6 @@
67	#include "cryptlib.h"	67	#include "cryptlib.h"
68	#include <openssl/bn.h>	68	#include <openssl/bn.h>
69	#include <openssl/rsa.h>	69	#include <openssl/rsa.h>
70	#ifdef OPENSSL_FIPS
71	#include <openssl/fips.h>
72	#endif
73		70
74	static int rsa_builtin_keygen(RSA rsa, int bits, BIGNUM e_value, BN_GENCB *cb);	71	static int rsa_builtin_keygen(RSA rsa, int bits, BIGNUM e_value, BN_GENCB *cb);
75		72
@@ -80,20 +77,8 @@ static int rsa_builtin_keygen(RSA rsa, int bits, BIGNUM e_value, BN_GENCB *cb)
80	* now just because key-generation is part of RSA_METHOD. */	77	* now just because key-generation is part of RSA_METHOD. */
81	int RSA_generate_key_ex(RSA rsa, int bits, BIGNUM e_value, BN_GENCB *cb)	78	int RSA_generate_key_ex(RSA rsa, int bits, BIGNUM e_value, BN_GENCB *cb)
82	{	79	{
83	#ifdef OPENSSL_FIPS
84	if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
85	&& !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
86	{
87	RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
88	return 0;
89	}
90	#endif
91	if(rsa->meth->rsa_keygen)	80	if(rsa->meth->rsa_keygen)
92	return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);	81	return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
93	#ifdef OPENSSL_FIPS
94	if (FIPS_mode())
95	return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
96	#endif
97	return rsa_builtin_keygen(rsa, bits, e_value, cb);	82	return rsa_builtin_keygen(rsa, bits, e_value, cb);
98	}	83	}
99		84