projects / archaic-openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fce8311)
Remove FIPS module code from crypto/dh
authorDr. Stephen Henson <steve@openssl.org>
Sun, 19 Oct 2014 00:08:28 +0000 (01:08 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 8 Dec 2014 13:25:38 +0000 (13:25 +0000)
Reviewed-by: Tim Hudson <tjh@openssl.org>
crypto/dh/dh.h patch | blob | history
crypto/dh/dh_gen.c patch | blob | history
crypto/dh/dh_key.c patch | blob | history

diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
index 8e8f87dfdceceed10ad9a733074b658a73dbe1fc..beaeac9212c1eecdbf6145c6025d55bee3603eaa 100644 (file)
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -188,11 +188,6 @@ DH *DHparams_dup(DH *);
 
 const DH_METHOD *DH_OpenSSL(void);
 
-#ifdef OPENSSL_FIPS
-DH *   FIPS_dh_new(void);
-void   FIPS_dh_free(DH *dh);
-#endif
-
 void DH_set_default_method(const DH_METHOD *meth);
 const DH_METHOD *DH_get_default_method(void);
 int DH_set_method(DH *dh, const DH_METHOD *meth);
diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
index 23d6ead3ca81467e2431e3e313125d4592fd8c43..c397c53bce0d56dd0a5186cd47be51aad591d4f3 100644 (file)
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -68,10 +68,6 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
 
 int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
@@ -112,20 +108,6 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB
        int g,ok= -1;
        BN_CTX *ctx=NULL;
 
-#ifdef OPENSSL_FIPS
-       if(FIPS_selftest_failed())
-               {
-               FIPSerr(FIPS_F_DH_BUILTIN_GENPARAMS,FIPS_R_FIPS_SELFTEST_FAILED);
-               return 0;
-               }
-
-       if (FIPS_module_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
-               {
-               DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL);
-               goto err;
-               }
-#endif
-
        ctx=BN_CTX_new();
        if (ctx == NULL) goto err;
        BN_CTX_start(ctx);
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index e296f453bb346cb12773e8d173f8402d74009c8d..cfe365c6ea89c9af1ebc3568957333989ae3d1f1 100644 (file)
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -63,9 +63,6 @@
 #include <openssl/bn.h>
 #include <openssl/rand.h>
 #include <openssl/dh.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 static int generate_key(DH *dh);
 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
@@ -127,14 +124,6 @@ static int generate_key(DH *dh)
        BN_MONT_CTX *mont=NULL;
        BIGNUM *pub_key=NULL,*priv_key=NULL;
 
-#ifdef OPENSSL_FIPS
-       if (FIPS_module_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
-               {
-               DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
-               return 0;
-               }
-#endif
-
        ctx = BN_CTX_new();
        if (ctx == NULL) goto err;
 
@@ -226,14 +215,6 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
                goto err;
                }
 
-#ifdef OPENSSL_FIPS
-       if (FIPS_module_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
-               {
-               DHerr(DH_F_COMPUTE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
-               goto err;
-               }
-#endif
-
        ctx = BN_CTX_new();
        if (ctx == NULL) goto err;
        BN_CTX_start(ctx);
@@ -300,13 +281,6 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
 
 static int dh_init(DH *dh)
        {
-#ifdef OPENSSL_FIPS
-       if(FIPS_selftest_failed())
-               {
-               FIPSerr(FIPS_F_DH_INIT,FIPS_R_FIPS_SELFTEST_FAILED);
-               return 0;
-               }
-#endif
        dh->flags |= DH_FLAG_CACHE_MONT_P;
        return(1);
        }
Unnamed repository; edit this file 'description' to name the repository.