remove FIPS mode support. people who require FIPS can buy something that

meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
author: tedu <tedu@openbsd.org> 2014-04-15 20:06:09 +0000
committer: tedu <tedu@openbsd.org> 2014-04-15 20:06:09 +0000
commit: 68c0184592b044f3976f88a8512516f3a3780200 (patch)
tree: 91f93963a9f8d67c5ab9bcc88fe6c0dfdbb5f400 /lib/libcrypto/dsa/dsa_key.c
parent: Q: How would you like your lies, sir? (diff)
download: wireguard-openbsd-68c0184592b044f3976f88a8512516f3a3780200.tar.xz
wireguard-openbsd-68c0184592b044f3976f88a8512516f3a3780200.zip
1 files changed, 0 insertions, 16 deletions
diff --git a/lib/libcrypto/dsa/dsa_key.c b/lib/libcrypto/dsa/dsa_key.c
index 9cf669b921a..c4aa86bc6dc 100644
--- a/lib/libcrypto/dsa/dsa_key.c
+++ b/lib/libcrypto/dsa/dsa_key.c
@@ -64,28 +64,12 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 static int dsa_builtin_keygen(DSA *dsa);
 
 int DSA_generate_key(DSA *dsa)
 	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-			&& !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-		{
-		DSAerr(DSA_F_DSA_GENERATE_KEY, DSA_R_NON_FIPS_DSA_METHOD);
-		return 0;
-		}
-#endif
 	if(dsa->meth->dsa_keygen)
 		return dsa->meth->dsa_keygen(dsa);
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode())
-		return FIPS_dsa_generate_key(dsa);
-#endif
 	return dsa_builtin_keygen(dsa);
 	}
author	tedu <tedu@openbsd.org>	2014-04-15 20:06:09 +0000
committer	tedu <tedu@openbsd.org>	2014-04-15 20:06:09 +0000
commit	68c0184592b044f3976f88a8512516f3a3780200 (patch)
tree	91f93963a9f8d67c5ab9bcc88fe6c0dfdbb5f400 /lib/libcrypto/dsa/dsa_key.c
parent	Q: How would you like your lies, sir? (diff)
download	wireguard-openbsd-68c0184592b044f3976f88a8512516f3a3780200.tar.xz wireguard-openbsd-68c0184592b044f3976f88a8512516f3a3780200.zip