From 3c7d2178681a2741a8cc8a042cb2ea6ee28528b8 Mon Sep 17 00:00:00 2001
From: tedu <>
Date: Tue, 15 Apr 2014 20:06:10 +0000
Subject: remove FIPS mode support. people who require FIPS can buy something
 that meets their needs, but dumping it in here only penalizes the rest of us.
 ok beck deraadt

---
 src/lib/libcrypto/ecdsa/ecs_lib.c | 18 ------------------
 1 file changed, 18 deletions(-)

(limited to 'src/lib/libcrypto/ecdsa')

diff --git a/src/lib/libcrypto/ecdsa/ecs_lib.c b/src/lib/libcrypto/ecdsa/ecs_lib.c
index 814a6bf404..7b53969ffd 100644
--- a/src/lib/libcrypto/ecdsa/ecs_lib.c
+++ b/src/lib/libcrypto/ecdsa/ecs_lib.c
@@ -60,9 +60,6 @@
 #endif
 #include <openssl/err.h>
 #include <openssl/bn.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 const char ECDSA_version[]="ECDSA" OPENSSL_VERSION_PTEXT;
 
@@ -81,14 +78,7 @@ const ECDSA_METHOD *ECDSA_get_default_method(void)
 {
 	if(!default_ECDSA_method) 
 		{
-#ifdef OPENSSL_FIPS
-		if (FIPS_mode())
-			return FIPS_ecdsa_openssl();
-		else
-			return ECDSA_OpenSSL();
-#else
 		default_ECDSA_method = ECDSA_OpenSSL();
-#endif
 		}
 	return default_ECDSA_method;
 }
@@ -212,14 +202,6 @@ ECDSA_DATA *ecdsa_check(EC_KEY *key)
 	}
 	else
 		ecdsa_data = (ECDSA_DATA *)data;
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(ecdsa_data->flags & ECDSA_FLAG_FIPS_METHOD)
-			&& !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW))
-		{
-		ECDSAerr(ECDSA_F_ECDSA_CHECK, ECDSA_R_NON_FIPS_METHOD);
-		return NULL;
-		}
-#endif
 
 	return ecdsa_data;
 }
-- 
cgit v1.2.3-55-g6feb