generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove FIPS module code from crypto/dh

Browse Source 
Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2014-10-19 01:08:28 +01:00
parent fce8311cae
commit 1bfffe9bd0
3 changed files with 0 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
crypto/dh/dh.h
View File

@ -188,11 +188,6 @@ DH *DHparams_dup(DH *);
const DH_METHOD *DH_OpenSSL(void); const DH_METHOD *DH_OpenSSL(void);
#ifdef OPENSSL_FIPS
DH * FIPS_dh_new(void);
void FIPS_dh_free(DH *dh);
#endif
void DH_set_default_method(const DH_METHOD *meth); void DH_set_default_method(const DH_METHOD *meth);
const DH_METHOD *DH_get_default_method(void); const DH_METHOD *DH_get_default_method(void);
int DH_set_method(DH *dh, const DH_METHOD *meth); int DH_set_method(DH *dh, const DH_METHOD *meth);

18
crypto/dh/dh_gen.c
View File

@ -68,10 +68,6 @@
#include <openssl/bn.h> #include <openssl/bn.h>
#include <openssl/dh.h> #include <openssl/dh.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
@ -112,20 +108,6 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB
int g,ok= -1; int g,ok= -1;
BN_CTX *ctx=NULL; BN_CTX *ctx=NULL;
#ifdef OPENSSL_FIPS
if(FIPS_selftest_failed())
{
FIPSerr(FIPS_F_DH_BUILTIN_GENPARAMS,FIPS_R_FIPS_SELFTEST_FAILED);
return 0;
}
if (FIPS_module_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
{
DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL);
goto err;
}
#endif
ctx=BN_CTX_new(); ctx=BN_CTX_new();
if (ctx == NULL) goto err; if (ctx == NULL) goto err;
BN_CTX_start(ctx); BN_CTX_start(ctx);

26
crypto/dh/dh_key.c
View File

@ -63,9 +63,6 @@
#include <openssl/bn.h> #include <openssl/bn.h>
#include <openssl/rand.h> #include <openssl/rand.h>
#include <openssl/dh.h> #include <openssl/dh.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
static int generate_key(DH *dh); static int generate_key(DH *dh);
static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
@ -127,14 +124,6 @@ static int generate_key(DH *dh)
BN_MONT_CTX *mont=NULL; BN_MONT_CTX *mont=NULL;
BIGNUM *pub_key=NULL,*priv_key=NULL; BIGNUM *pub_key=NULL,*priv_key=NULL;
#ifdef OPENSSL_FIPS
if (FIPS_module_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
{
DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
return 0;
}
#endif
ctx = BN_CTX_new(); ctx = BN_CTX_new();
if (ctx == NULL) goto err; if (ctx == NULL) goto err;
@ -226,14 +215,6 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
goto err; goto err;
} }
#ifdef OPENSSL_FIPS
if (FIPS_module_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
{
DHerr(DH_F_COMPUTE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
goto err;
}
#endif
ctx = BN_CTX_new(); ctx = BN_CTX_new();
if (ctx == NULL) goto err; if (ctx == NULL) goto err;
BN_CTX_start(ctx); BN_CTX_start(ctx);
@ -300,13 +281,6 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
static int dh_init(DH *dh) static int dh_init(DH *dh)
{ {
#ifdef OPENSSL_FIPS
if(FIPS_selftest_failed())
{
FIPSerr(FIPS_F_DH_INIT,FIPS_R_FIPS_SELFTEST_FAILED);
return 0;
}
#endif
dh->flags |= DH_FLAG_CACHE_MONT_P; dh->flags |= DH_FLAG_CACHE_MONT_P;
return(1); return(1);
} }