remove FIPS mode support. people who require FIPS can buy something that

meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
author: tedu <tedu@openbsd.org> 2014-04-15 20:06:09 +0000
committer: tedu <tedu@openbsd.org> 2014-04-15 20:06:09 +0000
commit: 68c0184592b044f3976f88a8512516f3a3780200 (patch)
tree: 91f93963a9f8d67c5ab9bcc88fe6c0dfdbb5f400 /lib/libcrypto/dh/dh_key.c
parent: Q: How would you like your lies, sir? (diff)
download: wireguard-openbsd-68c0184592b044f3976f88a8512516f3a3780200.tar.xz
wireguard-openbsd-68c0184592b044f3976f88a8512516f3a3780200.zip
1 files changed, 0 insertions, 16 deletions
diff --git a/lib/libcrypto/dh/dh_key.c b/lib/libcrypto/dh/dh_key.c
index 89a74db4e69..9596270f7d4 100644
--- a/lib/libcrypto/dh/dh_key.c
+++ b/lib/libcrypto/dh/dh_key.c
@@ -73,27 +73,11 @@ static int dh_finish(DH *dh);
 
 int DH_generate_key(DH *dh)
 	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
-			&& !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
-		{
-		DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD);
-		return 0;
-		}
-#endif
 	return dh->meth->generate_key(dh);
 	}
 
 int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
-			&& !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
-		{
-		DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD);
-		return 0;
-		}
-#endif
 	return dh->meth->compute_key(key, pub_key, dh);
 	}
author	tedu <tedu@openbsd.org>	2014-04-15 20:06:09 +0000
committer	tedu <tedu@openbsd.org>	2014-04-15 20:06:09 +0000
commit	68c0184592b044f3976f88a8512516f3a3780200 (patch)
tree	91f93963a9f8d67c5ab9bcc88fe6c0dfdbb5f400 /lib/libcrypto/dh/dh_key.c
parent	Q: How would you like your lies, sir? (diff)
download	wireguard-openbsd-68c0184592b044f3976f88a8512516f3a3780200.tar.xz wireguard-openbsd-68c0184592b044f3976f88a8512516f3a3780200.zip