summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rsa/rsa_sign.c
diff options
context:
space:
mode:
authortedu <>2014-04-15 20:06:10 +0000
committertedu <>2014-04-15 20:06:10 +0000
commit3c7d2178681a2741a8cc8a042cb2ea6ee28528b8 (patch)
tree11be20c8110348001494179db4f9b0b67ce149ba /src/lib/libcrypto/rsa/rsa_sign.c
parent4c8a9a73429ac4a1d79f4bab6a397df643934861 (diff)
downloadopenbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.gz
openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.bz2
openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.zip
remove FIPS mode support. people who require FIPS can buy something that
meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
Diffstat (limited to 'src/lib/libcrypto/rsa/rsa_sign.c')
-rw-r--r--src/lib/libcrypto/rsa/rsa_sign.c17
1 files changed, 0 insertions, 17 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c
index b6f6037ae0..fa3239ab30 100644
--- a/src/lib/libcrypto/rsa/rsa_sign.c
+++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -77,14 +77,6 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
77 const unsigned char *s = NULL; 77 const unsigned char *s = NULL;
78 X509_ALGOR algor; 78 X509_ALGOR algor;
79 ASN1_OCTET_STRING digest; 79 ASN1_OCTET_STRING digest;
80#ifdef OPENSSL_FIPS
81 if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
82 && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
83 {
84 RSAerr(RSA_F_RSA_SIGN, RSA_R_NON_FIPS_RSA_METHOD);
85 return 0;
86 }
87#endif
88 if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) 80 if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
89 { 81 {
90 return rsa->meth->rsa_sign(type, m, m_len, 82 return rsa->meth->rsa_sign(type, m, m_len,
@@ -161,15 +153,6 @@ int int_rsa_verify(int dtype, const unsigned char *m,
161 unsigned char *s; 153 unsigned char *s;
162 X509_SIG *sig=NULL; 154 X509_SIG *sig=NULL;
163 155
164#ifdef OPENSSL_FIPS
165 if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
166 && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
167 {
168 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_NON_FIPS_RSA_METHOD);
169 return 0;
170 }
171#endif
172
173 if (siglen != (unsigned int)RSA_size(rsa)) 156 if (siglen != (unsigned int)RSA_size(rsa))
174 { 157 {
175 RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH); 158 RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);