The version that was actually submitted for FIPS testing.

author: Ben Laurie <ben@openssl.org> 2004-06-19 13:15:35 +0000
committer: Ben Laurie <ben@openssl.org> 2004-06-19 13:15:35 +0000
commit: b5e4469150f5df037695d0d57ef9af6ff85b4fdd (patch)
tree: d833644a9c77fc56eab337bda4281ba3ce94f025 /crypto/dh
parent: 3e00d6c4bb739f3175f0f8997f9142d769918b11 (diff)
5 files changed, 13 insertions, 11 deletions
diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
index 1f734dae24..05851f8429 100644
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -199,7 +199,6 @@ void ERR_load_DH_strings(void);
 
 /* Reason codes. */
 #define DH_R_BAD_GENERATOR				 101
-#define DH_R_NOT_PERMITTED_IN_FIPS_MODE			 102
 #define DH_R_NO_PRIVATE_VALUE				 100
 
 #ifdef  __cplusplus
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index f0373f7d68..a7e9920efb 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -70,6 +70,8 @@
  * should hold.
  */
 
+#ifndef OPENSSL_FIPS
+
 int DH_check(const DH *dh, int *ret)
 	{
 	int ok=0;
@@ -118,3 +120,5 @@ err:
 	if (q != NULL) BN_free(q);
 	return(ok);
 	}
+
+#endif
diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
index 17cf42d952..c2715044c9 100644
--- a/crypto/dh/dh_err.c
+++ b/crypto/dh/dh_err.c
@@ -78,7 +78,6 @@ static ERR_STRING_DATA DH_str_functs[]=
 static ERR_STRING_DATA DH_str_reasons[]=
 	{
 {DH_R_BAD_GENERATOR                      ,"bad generator"},
-{DH_R_NOT_PERMITTED_IN_FIPS_MODE         ,"not permitted in fips mode"},
 {DH_R_NO_PRIVATE_VALUE                   ,"no private value"},
 {0,NULL}
 	};
diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
index 38675f2688..a49b6f9adb 100644
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -60,7 +60,6 @@
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/dh.h>
-#include <openssl/fips.h>
 
 /* We generate DH parameters as follows
  * find a prime q which is prime_len/2 bits long.
@@ -87,6 +86,9 @@
  * It's just as OK (and in some sense better) to use a generator of the
  * order-q subgroup.
  */
+
+#ifndef OPENSSL_FIPS
+
 DH *DH_generate_parameters(int prime_len, int generator,
 	     void (*callback)(int,int,void *), void *cb_arg)
 	{
@@ -95,14 +97,6 @@ DH *DH_generate_parameters(int prime_len, int generator,
 	int g,ok= -1;
 	BN_CTX *ctx=NULL;
 
-#ifdef OPENSSL_FIPS
-	if(FIPS_mode)
-		{
-		DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_NOT_PERMITTED_IN_FIPS_MODE);
-		return NULL;
-		}
-#endif
-
 	ret=DH_new();
 	if (ret == NULL) goto err;
 	ctx=BN_CTX_new();
@@ -176,3 +170,5 @@ err:
 		}
 	return(ret);
 	}
+
+#endif
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 77f2f50b51..ff125c2296 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -62,6 +62,8 @@
 #include <openssl/rand.h>
 #include <openssl/dh.h>
 
+#ifndef OPENSSL_FIPS
+
 static int generate_key(DH *dh);
 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
 static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
@@ -220,3 +222,5 @@ static int dh_finish(DH *dh)
 		BN_MONT_CTX_free((BN_MONT_CTX *)dh->method_mont_p);
 	return(1);
 	}
+
+#endif
author	Ben Laurie <ben@openssl.org>	2004-06-19 13:15:35 +0000
committer	Ben Laurie <ben@openssl.org>	2004-06-19 13:15:35 +0000
commit	b5e4469150f5df037695d0d57ef9af6ff85b4fdd (patch)
tree	d833644a9c77fc56eab337bda4281ba3ce94f025 /crypto/dh
parent	3e00d6c4bb739f3175f0f8997f9142d769918b11 (diff)