From f09b7627a63defb1c55e9965fb05e0bbddb90247 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Tue, 6 Oct 2020 11:54:21 +0200
Subject: fips: use larger prime for DH self-tests

According to FIPS140-2 IG 7.5, the minimum key size of FFC through
2030 is defined as 2048 bits.  This updates the relevant self-test
using ffdhe3072 defined in RFC 7919.

Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
 lib/dh-primes.c | 4 ----
 1 file changed, 4 deletions(-)

(limited to 'lib/dh-primes.c')

diff --git a/lib/dh-primes.c b/lib/dh-primes.c
index a440b5b98a..94b69e3450 100644
--- a/lib/dh-primes.c
+++ b/lib/dh-primes.c
@@ -23,8 +23,6 @@
 #include "gnutls_int.h"
 #include <gnutls/gnutls.h>
 
-#if defined(ENABLE_DHE) || defined(ENABLE_ANON)
-
 #include "dh.h"
 
 static const unsigned char ffdhe_generator = 0x02;
@@ -1934,5 +1932,3 @@ _gnutls_dh_prime_match_fips_approved(const uint8_t *prime,
 
 	return 0;
 }
-
-#endif
-- 
cgit v1.2.1