From 3c7d2178681a2741a8cc8a042cb2ea6ee28528b8 Mon Sep 17 00:00:00 2001
From: tedu <>
Date: Tue, 15 Apr 2014 20:06:10 +0000
Subject: remove FIPS mode support. people who require FIPS can buy something
 that meets their needs, but dumping it in here only penalizes the rest of us.
 ok beck deraadt

---
 src/lib/libcrypto/hmac/hmac.c | 37 -------------------------------------
 1 file changed, 37 deletions(-)

(limited to 'src/lib/libcrypto/hmac/hmac.c')

diff --git a/src/lib/libcrypto/hmac/hmac.c b/src/lib/libcrypto/hmac/hmac.c
index ba27cbf56f..6c98fc43a3 100644
--- a/src/lib/libcrypto/hmac/hmac.c
+++ b/src/lib/libcrypto/hmac/hmac.c
@@ -61,34 +61,12 @@
 #include "cryptlib.h"
 #include <openssl/hmac.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
 		  const EVP_MD *md, ENGINE *impl)
 	{
 	int i,j,reset=0;
 	unsigned char pad[HMAC_MAX_MD_CBLOCK];
 
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode())
-		{
-		/* If we have an ENGINE need to allow non FIPS */
-		if ((impl || ctx->i_ctx.engine)
-			&&  !(ctx->i_ctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
-			{
-			EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS);
-			return 0;
-			}
-		/* Other algorithm blocking will be done in FIPS_cmac_init,
-		 * via FIPS_hmac_init_ex().
-		 */
-		if (!impl && !ctx->i_ctx.engine)
-			return FIPS_hmac_init_ex(ctx, key, len, md, NULL);
-		}
-#endif
-
 	if (md != NULL)
 		{
 		reset=1;
@@ -155,10 +133,6 @@ int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
 
 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
 	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !ctx->i_ctx.engine)
-		return FIPS_hmac_update(ctx, data, len);
-#endif
 	return EVP_DigestUpdate(&ctx->md_ctx,data,len);
 	}
 
@@ -166,10 +140,6 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
 	{
 	unsigned int i;
 	unsigned char buf[EVP_MAX_MD_SIZE];
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !ctx->i_ctx.engine)
-		return FIPS_hmac_final(ctx, md, len);
-#endif
 
 	if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i))
 		goto err;
@@ -209,13 +179,6 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
 
 void HMAC_CTX_cleanup(HMAC_CTX *ctx)
 	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !ctx->i_ctx.engine)
-		{
-		FIPS_hmac_ctx_cleanup(ctx);
-		return;
-		}
-#endif
 	EVP_MD_CTX_cleanup(&ctx->i_ctx);
 	EVP_MD_CTX_cleanup(&ctx->o_ctx);
 	EVP_MD_CTX_cleanup(&ctx->md_ctx);
-- 
cgit v1.2.3-55-g6feb