remove FIPS mode support. people who require FIPS can buy something that

meets their needs, but dumping it in here only penalizes the rest of us.
ok beck deraadt

1 files changed, 0 insertions, 11 deletions

diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c
index c95ceafc82..9e3f7dafcd 100644
--- a/src/lib/libcrypto/rsa/rsa_lib.c
+++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -67,10 +67,6 @@
 #include <openssl/engine.h>
 #endif
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
 
 static const RSA_METHOD *default_RSA_meth=NULL;
@@ -91,18 +87,11 @@ const RSA_METHOD *RSA_get_default_method(void)
         {
         if (default_RSA_meth == NULL)
                 {
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        return FIPS_rsa_pkcs1_ssleay();
-                else
-                        return RSA_PKCS1_SSLeay();
-#else
 #ifdef RSA_NULL
                 default_RSA_meth=RSA_null_method();
 #else
                 default_RSA_meth=RSA_PKCS1_SSLeay();
 #endif
-#endif
                 }
 
         return default_RSA_meth;