remove FIPS mode support. people who require FIPS can buy something that

meets their needs, but dumping it in here only penalizes the rest of us. ok miod
author: tedu <tedu@openbsd.org> 2014-04-15 19:42:56 +0000
committer: tedu <tedu@openbsd.org> 2014-04-15 19:42:56 +0000
commit: 9aa350fda47654255da340793da9ac9b2422db9c (patch)
tree: 35c7560d24ab5b1ee73cc180f2bb87940d0584f5 /lib/libssl/src/ssl/s23_srvr.c
parent: In EC_POINT_invert(), actually check the correct function pointer for NULL (diff)
download: wireguard-openbsd-9aa350fda47654255da340793da9ac9b2422db9c.tar.xz
wireguard-openbsd-9aa350fda47654255da340793da9ac9b2422db9c.zip
1 files changed, 0 insertions, 11 deletions
diff --git a/lib/libssl/src/ssl/s23_srvr.c b/lib/libssl/src/ssl/s23_srvr.c
index 2aad21e93ca..ca95d4e6362 100644
--- a/lib/libssl/src/ssl/s23_srvr.c
+++ b/lib/libssl/src/ssl/s23_srvr.c
@@ -115,9 +115,6 @@
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 static const SSL_METHOD *ssl23_get_server_method(int ver);
 int ssl23_get_client_hello(SSL *s);
@@ -388,14 +385,6 @@ ssl23_get_client_hello(SSL *s)
 		}
 	}
 
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && (s->version < TLS1_VERSION)) {
-		SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
-		    SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-		goto err;
-	}
-#endif
-
 	if (s->state == SSL23_ST_SR_CLNT_HELLO_B) {
 		/* we have SSLv3/TLSv1 in an SSLv2 header
 		 * (other cases skip this state) */
author	tedu <tedu@openbsd.org>	2014-04-15 19:42:56 +0000
committer	tedu <tedu@openbsd.org>	2014-04-15 19:42:56 +0000
commit	9aa350fda47654255da340793da9ac9b2422db9c (patch)
tree	35c7560d24ab5b1ee73cc180f2bb87940d0584f5 /lib/libssl/src/ssl/s23_srvr.c
parent	In EC_POINT_invert(), actually check the correct function pointer for NULL (diff)
download	wireguard-openbsd-9aa350fda47654255da340793da9ac9b2422db9c.tar.xz wireguard-openbsd-9aa350fda47654255da340793da9ac9b2422db9c.zip