diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2014-10-19 01:08:28 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2014-12-08 13:25:38 +0000 |
| commit | 1bfffe9bd013e73436fcaed0a8bf91f4e7f09560 (patch) | |
| tree | 6934f9a7f45333a87ec0ee3330df98b3839d1d36 | |
| parent | fce8311caeb792d01855b9eb828dedf46a4d04d9 (diff) | |
Remove FIPS module code from crypto/dh
Reviewed-by: Tim Hudson <tjh@openssl.org>
| -rw-r--r-- | crypto/dh/dh.h | 5 | ||||
| -rw-r--r-- | crypto/dh/dh_gen.c | 18 | ||||
| -rw-r--r-- | crypto/dh/dh_key.c | 26 |
3 files changed, 0 insertions, 49 deletions
diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 8e8f87dfdc..beaeac9212 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -188,11 +188,6 @@ DH *DHparams_dup(DH *); const DH_METHOD *DH_OpenSSL(void); -#ifdef OPENSSL_FIPS -DH * FIPS_dh_new(void); -void FIPS_dh_free(DH *dh); -#endif - void DH_set_default_method(const DH_METHOD *meth); const DH_METHOD *DH_get_default_method(void); int DH_set_method(DH *dh, const DH_METHOD *meth); diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 23d6ead3ca..c397c53bce 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -68,10 +68,6 @@ #include <openssl/bn.h> #include <openssl/dh.h> -#ifdef OPENSSL_FIPS -#include <openssl/fips.h> -#endif - static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) @@ -112,20 +108,6 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB int g,ok= -1; BN_CTX *ctx=NULL; -#ifdef OPENSSL_FIPS - if(FIPS_selftest_failed()) - { - FIPSerr(FIPS_F_DH_BUILTIN_GENPARAMS,FIPS_R_FIPS_SELFTEST_FAILED); - return 0; - } - - if (FIPS_module_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) - { - DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL); - goto err; - } -#endif - ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index e296f453bb..cfe365c6ea 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -63,9 +63,6 @@ #include <openssl/bn.h> #include <openssl/rand.h> #include <openssl/dh.h> -#ifdef OPENSSL_FIPS -#include <openssl/fips.h> -#endif static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); @@ -127,14 +124,6 @@ static int generate_key(DH *dh) BN_MONT_CTX *mont=NULL; BIGNUM *pub_key=NULL,*priv_key=NULL; -#ifdef OPENSSL_FIPS - if (FIPS_module_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) - { - DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL); - return 0; - } -#endif - ctx = BN_CTX_new(); if (ctx == NULL) goto err; @@ -226,14 +215,6 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) goto err; } -#ifdef OPENSSL_FIPS - if (FIPS_module_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) - { - DHerr(DH_F_COMPUTE_KEY, DH_R_KEY_SIZE_TOO_SMALL); - goto err; - } -#endif - ctx = BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); @@ -300,13 +281,6 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, static int dh_init(DH *dh) { -#ifdef OPENSSL_FIPS - if(FIPS_selftest_failed()) - { - FIPSerr(FIPS_F_DH_INIT,FIPS_R_FIPS_SELFTEST_FAILED); - return 0; - } -#endif dh->flags |= DH_FLAG_CACHE_MONT_P; return(1); } |