diff options
author | tedu <> | 2014-04-15 20:06:10 +0000 |
---|---|---|
committer | tedu <> | 2014-04-15 20:06:10 +0000 |
commit | 3c7d2178681a2741a8cc8a042cb2ea6ee28528b8 (patch) | |
tree | 11be20c8110348001494179db4f9b0b67ce149ba /src/lib/libcrypto/rsa/rsa_sign.c | |
parent | 4c8a9a73429ac4a1d79f4bab6a397df643934861 (diff) | |
download | openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.gz openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.tar.bz2 openbsd-3c7d2178681a2741a8cc8a042cb2ea6ee28528b8.zip |
remove FIPS mode support. people who require FIPS can buy something that
meets their needs, but dumping it in here only penalizes the rest of us.
ok beck deraadt
Diffstat (limited to 'src/lib/libcrypto/rsa/rsa_sign.c')
-rw-r--r-- | src/lib/libcrypto/rsa/rsa_sign.c | 17 |
1 files changed, 0 insertions, 17 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c index b6f6037ae0..fa3239ab30 100644 --- a/src/lib/libcrypto/rsa/rsa_sign.c +++ b/src/lib/libcrypto/rsa/rsa_sign.c | |||
@@ -77,14 +77,6 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, | |||
77 | const unsigned char *s = NULL; | 77 | const unsigned char *s = NULL; |
78 | X509_ALGOR algor; | 78 | X509_ALGOR algor; |
79 | ASN1_OCTET_STRING digest; | 79 | ASN1_OCTET_STRING digest; |
80 | #ifdef OPENSSL_FIPS | ||
81 | if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) | ||
82 | && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) | ||
83 | { | ||
84 | RSAerr(RSA_F_RSA_SIGN, RSA_R_NON_FIPS_RSA_METHOD); | ||
85 | return 0; | ||
86 | } | ||
87 | #endif | ||
88 | if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) | 80 | if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) |
89 | { | 81 | { |
90 | return rsa->meth->rsa_sign(type, m, m_len, | 82 | return rsa->meth->rsa_sign(type, m, m_len, |
@@ -161,15 +153,6 @@ int int_rsa_verify(int dtype, const unsigned char *m, | |||
161 | unsigned char *s; | 153 | unsigned char *s; |
162 | X509_SIG *sig=NULL; | 154 | X509_SIG *sig=NULL; |
163 | 155 | ||
164 | #ifdef OPENSSL_FIPS | ||
165 | if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) | ||
166 | && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) | ||
167 | { | ||
168 | RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_NON_FIPS_RSA_METHOD); | ||
169 | return 0; | ||
170 | } | ||
171 | #endif | ||
172 | |||
173 | if (siglen != (unsigned int)RSA_size(rsa)) | 156 | if (siglen != (unsigned int)RSA_size(rsa)) |
174 | { | 157 | { |
175 | RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH); | 158 | RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH); |