From: Dr. Stephen Henson Date: Sun, 19 Oct 2014 00:08:28 +0000 (+0100) Subject: Remove FIPS module code from crypto/dh X-Git-Tag: master-pre-reformat~150 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1bfffe9bd013e73436fcaed0a8bf91f4e7f09560;p=openssl Remove FIPS module code from crypto/dh Reviewed-by: Tim Hudson --- diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 8e8f87dfdc..beaeac9212 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -188,11 +188,6 @@ DH *DHparams_dup(DH *); const DH_METHOD *DH_OpenSSL(void); -#ifdef OPENSSL_FIPS -DH * FIPS_dh_new(void); -void FIPS_dh_free(DH *dh); -#endif - void DH_set_default_method(const DH_METHOD *meth); const DH_METHOD *DH_get_default_method(void); int DH_set_method(DH *dh, const DH_METHOD *meth); diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 23d6ead3ca..c397c53bce 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -68,10 +68,6 @@ #include #include -#ifdef OPENSSL_FIPS -#include -#endif - static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) @@ -112,20 +108,6 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB int g,ok= -1; BN_CTX *ctx=NULL; -#ifdef OPENSSL_FIPS - if(FIPS_selftest_failed()) - { - FIPSerr(FIPS_F_DH_BUILTIN_GENPARAMS,FIPS_R_FIPS_SELFTEST_FAILED); - return 0; - } - - if (FIPS_module_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) - { - DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL); - goto err; - } -#endif - ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index e296f453bb..cfe365c6ea 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -63,9 +63,6 @@ #include #include #include -#ifdef OPENSSL_FIPS -#include -#endif static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); @@ -127,14 +124,6 @@ static int generate_key(DH *dh) BN_MONT_CTX *mont=NULL; BIGNUM *pub_key=NULL,*priv_key=NULL; -#ifdef OPENSSL_FIPS - if (FIPS_module_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) - { - DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL); - return 0; - } -#endif - ctx = BN_CTX_new(); if (ctx == NULL) goto err; @@ -226,14 +215,6 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) goto err; } -#ifdef OPENSSL_FIPS - if (FIPS_module_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) - { - DHerr(DH_F_COMPUTE_KEY, DH_R_KEY_SIZE_TOO_SMALL); - goto err; - } -#endif - ctx = BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); @@ -300,13 +281,6 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, static int dh_init(DH *dh) { -#ifdef OPENSSL_FIPS - if(FIPS_selftest_failed()) - { - FIPSerr(FIPS_F_DH_INIT,FIPS_R_FIPS_SELFTEST_FAILED); - return 0; - } -#endif dh->flags |= DH_FLAG_CACHE_MONT_P; return(1); }