summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2014-06-11 15:44:10 +0000
committerjsing <>2014-06-11 15:44:10 +0000
commitad76fc8ee191ac27c7614f9a37b6a8c1cc615aca (patch)
tree23c29a9b227b6cf2aa9a0d1c5ed3ac92301238aa
parentc4fc3df7be0ef90c4545231ed4e9038d207bf0ed (diff)
downloadopenbsd-ad76fc8ee191ac27c7614f9a37b6a8c1cc615aca.tar.gz
openbsd-ad76fc8ee191ac27c7614f9a37b6a8c1cc615aca.tar.bz2
openbsd-ad76fc8ee191ac27c7614f9a37b6a8c1cc615aca.zip
Stop setting the EVP_MD_CTX_FLAG_NON_FIPS_ALLOW - it has been ignored since
OpenSSL 1.0.0. ok miod@ (a little while back)
Diffstat
-rw-r--r--src/lib/libcrypto/x509/x509_cmp.c1
-rw-r--r--src/lib/libssl/s3_clnt.c2
-rw-r--r--src/lib/libssl/s3_srvr.c2
-rw-r--r--src/lib/libssl/src/crypto/x509/x509_cmp.c1
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c2
-rw-r--r--src/lib/libssl/src/ssl/s3_enc.c3
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c2
-rw-r--r--src/lib/libssl/src/ssl/t1_enc.c2
-rw-r--r--src/lib/libssl/t1_enc.c2
9 files changed, 0 insertions, 17 deletions
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
index b6b3423e3f..8877c6e284 100644
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -258,7 +258,6 @@ X509_NAME_hash_old(X509_NAME *x)
258 /* Make sure X509_NAME structure contains valid cached encoding */ 258 /* Make sure X509_NAME structure contains valid cached encoding */
259 i2d_X509_NAME(x, NULL); 259 i2d_X509_NAME(x, NULL);
260 EVP_MD_CTX_init(&md_ctx); 260 EVP_MD_CTX_init(&md_ctx);
261 EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
262 if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) && 261 if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) &&
263 EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) && 262 EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) &&
264 EVP_DigestFinal_ex(&md_ctx, md, NULL)) 263 EVP_DigestFinal_ex(&md_ctx, md, NULL))
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 45dfb64f92..e86d58c671 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1603,8 +1603,6 @@ ssl3_get_key_exchange(SSL *s)
1603 j = 0; 1603 j = 0;
1604 q = md_buf; 1604 q = md_buf;
1605 for (num = 2; num > 0; num--) { 1605 for (num = 2; num > 0; num--) {
1606 EVP_MD_CTX_set_flags(&md_ctx,
1607 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
1608 EVP_DigestInit_ex(&md_ctx, 1606 EVP_DigestInit_ex(&md_ctx,
1609 (num == 2) ? s->ctx->md5 : s->ctx->sha1, 1607 (num == 2) ? s->ctx->md5 : s->ctx->sha1,
1610 NULL); 1608 NULL);
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 9dc944706f..6bf4def27d 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1793,8 +1793,6 @@ ssl3_send_server_key_exchange(SSL *s)
1793 q = md_buf; 1793 q = md_buf;
1794 j = 0; 1794 j = 0;
1795 for (num = 2; num > 0; num--) { 1795 for (num = 2; num > 0; num--) {
1796 EVP_MD_CTX_set_flags(&md_ctx,
1797 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
1798 EVP_DigestInit_ex(&md_ctx, 1796 EVP_DigestInit_ex(&md_ctx,
1799 (num == 2) ? s->ctx->md5 : 1797 (num == 2) ? s->ctx->md5 :
1800 s->ctx->sha1, NULL); 1798 s->ctx->sha1, NULL);
diff --git a/src/lib/libssl/src/crypto/x509/x509_cmp.c b/src/lib/libssl/src/crypto/x509/x509_cmp.c
index b6b3423e3f..8877c6e284 100644
--- a/src/lib/libssl/src/crypto/x509/x509_cmp.c
+++ b/src/lib/libssl/src/crypto/x509/x509_cmp.c
@@ -258,7 +258,6 @@ X509_NAME_hash_old(X509_NAME *x)
258 /* Make sure X509_NAME structure contains valid cached encoding */ 258 /* Make sure X509_NAME structure contains valid cached encoding */
259 i2d_X509_NAME(x, NULL); 259 i2d_X509_NAME(x, NULL);
260 EVP_MD_CTX_init(&md_ctx); 260 EVP_MD_CTX_init(&md_ctx);
261 EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
262 if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) && 261 if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) &&
263 EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) && 262 EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) &&
264 EVP_DigestFinal_ex(&md_ctx, md, NULL)) 263 EVP_DigestFinal_ex(&md_ctx, md, NULL))
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 45dfb64f92..e86d58c671 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1603,8 +1603,6 @@ ssl3_get_key_exchange(SSL *s)
1603 j = 0; 1603 j = 0;
1604 q = md_buf; 1604 q = md_buf;
1605 for (num = 2; num > 0; num--) { 1605 for (num = 2; num > 0; num--) {
1606 EVP_MD_CTX_set_flags(&md_ctx,
1607 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
1608 EVP_DigestInit_ex(&md_ctx, 1606 EVP_DigestInit_ex(&md_ctx,
1609 (num == 2) ? s->ctx->md5 : s->ctx->sha1, 1607 (num == 2) ? s->ctx->md5 : s->ctx->sha1,
1610 NULL); 1608 NULL);
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index 71a3155c60..1f7c592a64 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -172,7 +172,6 @@ ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
172 172
173 k = 0; 173 k = 0;
174 EVP_MD_CTX_init(&m5); 174 EVP_MD_CTX_init(&m5);
175 EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
176 EVP_MD_CTX_init(&s1); 175 EVP_MD_CTX_init(&s1);
177 for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) { 176 for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) {
178 k++; 177 k++;
@@ -667,8 +666,6 @@ ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, int len,
667 return 0; 666 return 0;
668 } 667 }
669 EVP_MD_CTX_init(&ctx); 668 EVP_MD_CTX_init(&ctx);
670 EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
671
672 if (!EVP_MD_CTX_copy_ex(&ctx, d)) 669 if (!EVP_MD_CTX_copy_ex(&ctx, d))
673 return 0; 670 return 0;
674 n = EVP_MD_CTX_size(&ctx); 671 n = EVP_MD_CTX_size(&ctx);
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 9dc944706f..6bf4def27d 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1793,8 +1793,6 @@ ssl3_send_server_key_exchange(SSL *s)
1793 q = md_buf; 1793 q = md_buf;
1794 j = 0; 1794 j = 0;
1795 for (num = 2; num > 0; num--) { 1795 for (num = 2; num > 0; num--) {
1796 EVP_MD_CTX_set_flags(&md_ctx,
1797 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
1798 EVP_DigestInit_ex(&md_ctx, 1796 EVP_DigestInit_ex(&md_ctx,
1799 (num == 2) ? s->ctx->md5 : 1797 (num == 2) ? s->ctx->md5 :
1800 s->ctx->sha1, NULL); 1798 s->ctx->sha1, NULL);
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c
index 922d44ad4e..eaf53b48cc 100644
--- a/src/lib/libssl/src/ssl/t1_enc.c
+++ b/src/lib/libssl/src/ssl/t1_enc.c
@@ -165,8 +165,6 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len,
165 165
166 EVP_MD_CTX_init(&ctx); 166 EVP_MD_CTX_init(&ctx);
167 EVP_MD_CTX_init(&ctx_tmp); 167 EVP_MD_CTX_init(&ctx_tmp);
168 EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
169 EVP_MD_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
170 mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len); 168 mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
171 if (!mac_key) 169 if (!mac_key)
172 goto err; 170 goto err;
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 922d44ad4e..eaf53b48cc 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -165,8 +165,6 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len,
165 165
166 EVP_MD_CTX_init(&ctx); 166 EVP_MD_CTX_init(&ctx);
167 EVP_MD_CTX_init(&ctx_tmp); 167 EVP_MD_CTX_init(&ctx_tmp);
168 EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
169 EVP_MD_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
170 mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len); 168 mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
171 if (!mac_key) 169 if (!mac_key)
172 goto err; 170 goto err;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 22:11:05 +0000