remove FIPS mode support. people who require FIPS can buy something that

meets their needs, but dumping it in here only penalizes the rest of us.
ok beck deraadt

1 files changed, 0 insertions, 16 deletions

diff --git a/lib/libssl/src/crypto/dsa/dsa_sign.c b/lib/libssl/src/crypto/dsa/dsa_sign.c
index c3cc3642cea..e02365a8b13 100644
--- a/lib/libssl/src/crypto/dsa/dsa_sign.c
+++ b/lib/libssl/src/crypto/dsa/dsa_sign.c
@@ -65,27 +65,11 @@
 
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-			&& !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-		{
-		DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_NON_FIPS_DSA_METHOD);
-		return NULL;
-		}
-#endif
 	return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
 	}
 
 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-			&& !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-		{
-		DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_NON_FIPS_DSA_METHOD);
-		return 0;
-		}
-#endif
 	return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
 	}