diff options
| author |   tedu <tedu@openbsd.org> | 2014-04-15 20:06:09 +0000 |
|---|---|---|
| committer | tedu <tedu@openbsd.org> | 2014-04-15 20:06:09 +0000 |
| commit | 68c0184592b044f3976f88a8512516f3a3780200 (patch) | |
| tree | 91f93963a9f8d67c5ab9bcc88fe6c0dfdbb5f400 /lib/libcrypto/ecdsa/ecs_lib.c | |
| parent | Q: How would you like your lies, sir? (diff) | |
| download | wireguard-openbsd-68c0184592b044f3976f88a8512516f3a3780200.tar.xz wireguard-openbsd-68c0184592b044f3976f88a8512516f3a3780200.zip | |
remove FIPS mode support. people who require FIPS can buy something that
meets their needs, but dumping it in here only penalizes the rest of us.
ok beck deraadt
Diffstat (limited to 'lib/libcrypto/ecdsa/ecs_lib.c')
| -rw-r--r-- | lib/libcrypto/ecdsa/ecs_lib.c | 18 |
1 files changed, 0 insertions, 18 deletions
diff --git a/lib/libcrypto/ecdsa/ecs_lib.c b/lib/libcrypto/ecdsa/ecs_lib.c index 814a6bf4046..7b53969ffd8 100644 --- a/lib/libcrypto/ecdsa/ecs_lib.c +++ b/lib/libcrypto/ecdsa/ecs_lib.c @@ -60,9 +60,6 @@ #endif #include <openssl/err.h> #include <openssl/bn.h> -#ifdef OPENSSL_FIPS -#include <openssl/fips.h> -#endif const char ECDSA_version[]="ECDSA" OPENSSL_VERSION_PTEXT; @@ -81,14 +78,7 @@ const ECDSA_METHOD *ECDSA_get_default_method(void) { if(!default_ECDSA_method) { -#ifdef OPENSSL_FIPS - if (FIPS_mode()) - return FIPS_ecdsa_openssl(); - else - return ECDSA_OpenSSL(); -#else default_ECDSA_method = ECDSA_OpenSSL(); -#endif } return default_ECDSA_method; } @@ -212,14 +202,6 @@ ECDSA_DATA *ecdsa_check(EC_KEY *key) } else ecdsa_data = (ECDSA_DATA *)data; -#ifdef OPENSSL_FIPS - if (FIPS_mode() && !(ecdsa_data->flags & ECDSA_FLAG_FIPS_METHOD) - && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) - { - ECDSAerr(ECDSA_F_ECDSA_CHECK, ECDSA_R_NON_FIPS_METHOD); - return NULL; - } -#endif return ecdsa_data; } |