diff options
| author |   tedu <tedu@openbsd.org> | 2014-04-15 19:42:56 +0000 |
|---|---|---|
| committer | tedu <tedu@openbsd.org> | 2014-04-15 19:42:56 +0000 |
| commit | 9aa350fda47654255da340793da9ac9b2422db9c (patch) | |
| tree | 35c7560d24ab5b1ee73cc180f2bb87940d0584f5 /lib/libssl/src/ssl/s3_enc.c | |
| parent | In EC_POINT_invert(), actually check the correct function pointer for NULL (diff) | |
| download | wireguard-openbsd-9aa350fda47654255da340793da9ac9b2422db9c.tar.xz wireguard-openbsd-9aa350fda47654255da340793da9ac9b2422db9c.zip | |
remove FIPS mode support. people who require FIPS can buy something that
meets their needs, but dumping it in here only penalizes the rest of us.
ok miod
Diffstat (limited to 'lib/libssl/src/ssl/s3_enc.c')
| -rw-r--r-- | lib/libssl/src/ssl/s3_enc.c | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/lib/libssl/src/ssl/s3_enc.c b/lib/libssl/src/ssl/s3_enc.c index 9ed5850e73e..bfd40b3d11e 100644 --- a/lib/libssl/src/ssl/s3_enc.c +++ b/lib/libssl/src/ssl/s3_enc.c @@ -591,12 +591,6 @@ ssl3_digest_cached_records(SSL *s) for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) { if ((mask & ssl_get_algorithm2(s)) && md) { s->s3->handshake_dgst[i] = EVP_MD_CTX_create(); -#ifdef OPENSSL_FIPS - if (EVP_MD_nid(md) == NID_md5) { - EVP_MD_CTX_set_flags(s->s3->handshake_dgst[i], - EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - } -#endif EVP_DigestInit_ex(s->s3->handshake_dgst[i], md, NULL); EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata, hdatalen); } else { |