diff options
| author |   tedu <tedu@openbsd.org> | 2014-04-15 20:06:09 +0000 |
|---|---|---|
| committer | tedu <tedu@openbsd.org> | 2014-04-15 20:06:09 +0000 |
| commit | 68c0184592b044f3976f88a8512516f3a3780200 (patch) | |
| tree | 91f93963a9f8d67c5ab9bcc88fe6c0dfdbb5f400 /lib/libcrypto/rsa/rsa_sign.c | |
| parent | Q: How would you like your lies, sir? (diff) | |
| download | wireguard-openbsd-68c0184592b044f3976f88a8512516f3a3780200.tar.xz wireguard-openbsd-68c0184592b044f3976f88a8512516f3a3780200.zip | |
remove FIPS mode support. people who require FIPS can buy something that
meets their needs, but dumping it in here only penalizes the rest of us.
ok beck deraadt
Diffstat (limited to 'lib/libcrypto/rsa/rsa_sign.c')
| -rw-r--r-- | lib/libcrypto/rsa/rsa_sign.c | 17 |
1 files changed, 0 insertions, 17 deletions
diff --git a/lib/libcrypto/rsa/rsa_sign.c b/lib/libcrypto/rsa/rsa_sign.c index b6f6037ae00..fa3239ab30a 100644 --- a/lib/libcrypto/rsa/rsa_sign.c +++ b/lib/libcrypto/rsa/rsa_sign.c @@ -77,14 +77,6 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, const unsigned char *s = NULL; X509_ALGOR algor; ASN1_OCTET_STRING digest; -#ifdef OPENSSL_FIPS - if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) - && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) - { - RSAerr(RSA_F_RSA_SIGN, RSA_R_NON_FIPS_RSA_METHOD); - return 0; - } -#endif if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) { return rsa->meth->rsa_sign(type, m, m_len, @@ -161,15 +153,6 @@ int int_rsa_verify(int dtype, const unsigned char *m, unsigned char *s; X509_SIG *sig=NULL; -#ifdef OPENSSL_FIPS - if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) - && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) - { - RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_NON_FIPS_RSA_METHOD); - return 0; - } -#endif - if (siglen != (unsigned int)RSA_size(rsa)) { RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH); |