From 68c0184592b044f3976f88a8512516f3a3780200 Mon Sep 17 00:00:00 2001 From: tedu Date: Tue, 15 Apr 2014 20:06:09 +0000 Subject: remove FIPS mode support. people who require FIPS can buy something that meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt --- lib/libssl/src/crypto/dsa/dsa_gen.c | 20 -------------------- 1 file changed, 20 deletions(-) (limited to 'lib/libssl/src/crypto/dsa/dsa_gen.c') diff --git a/lib/libssl/src/crypto/dsa/dsa_gen.c b/lib/libssl/src/crypto/dsa/dsa_gen.c index c398761d0dd..e6a54520161 100644 --- a/lib/libssl/src/crypto/dsa/dsa_gen.c +++ b/lib/libssl/src/crypto/dsa/dsa_gen.c @@ -81,33 +81,13 @@ #include #include "dsa_locl.h" -#ifdef OPENSSL_FIPS -#include -#endif - int DSA_generate_parameters_ex(DSA *ret, int bits, const unsigned char *seed_in, int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) { -#ifdef OPENSSL_FIPS - if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD) - && !(ret->flags & DSA_FLAG_NON_FIPS_ALLOW)) - { - DSAerr(DSA_F_DSA_GENERATE_PARAMETERS_EX, DSA_R_NON_FIPS_DSA_METHOD); - return 0; - } -#endif if(ret->meth->dsa_paramgen) return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, counter_ret, h_ret, cb); -#ifdef OPENSSL_FIPS - else if (FIPS_mode()) - { - return FIPS_dsa_generate_parameters_ex(ret, bits, - seed_in, seed_len, - counter_ret, h_ret, cb); - } -#endif else { const EVP_MD *evpmd; -- cgit v1.2.3-59-g8ed1b