summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authorjsing <>2014-05-19 12:18:23 +0000
committerjsing <>2014-05-19 12:18:23 +0000
commitf1127aae68b9eeaf7ade9b949ea67eb53863e42c (patch)
tree73eb7d96efdcfa1e17d236a0bc09c6019cfd1917 /src/lib
parentd85856c6fb29e490c7a72fac8fef7a96bc2f4bca (diff)
downloadopenbsd-f1127aae68b9eeaf7ade9b949ea67eb53863e42c.tar.gz
openbsd-f1127aae68b9eeaf7ade9b949ea67eb53863e42c.tar.bz2
openbsd-f1127aae68b9eeaf7ade9b949ea67eb53863e42c.zip
More whack-a-mole^Wfips.
ok miod@
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libssl/src/apps/dgst.c10
-rw-r--r--src/lib/libssl/src/apps/enc.c9
2 files changed, 1 insertions, 18 deletions
diff --git a/src/lib/libssl/src/apps/dgst.c b/src/lib/libssl/src/apps/dgst.c
index 1017a362f5..ce0d643f64 100644
--- a/src/lib/libssl/src/apps/dgst.c
+++ b/src/lib/libssl/src/apps/dgst.c
@@ -127,7 +127,6 @@ dgst_main(int argc, char **argv)
127#endif 127#endif
128 char *hmac_key = NULL; 128 char *hmac_key = NULL;
129 char *mac_name = NULL; 129 char *mac_name = NULL;
130 int non_fips_allow = 0;
131 STACK_OF(OPENSSL_STRING) * sigopts = NULL, *macopts = NULL; 130 STACK_OF(OPENSSL_STRING) * sigopts = NULL, *macopts = NULL;
132 131
133 signal(SIGPIPE, SIG_IGN); 132 signal(SIGPIPE, SIG_IGN);
@@ -204,10 +203,6 @@ dgst_main(int argc, char **argv)
204 out_bin = 1; 203 out_bin = 1;
205 else if (strcmp(*argv, "-d") == 0) 204 else if (strcmp(*argv, "-d") == 0)
206 debug = 1; 205 debug = 1;
207 else if (!strcmp(*argv, "-fips-fingerprint"))
208 hmac_key = "etaonrishdlcupfm";
209 else if (strcmp(*argv, "-non-fips-allow") == 0)
210 non_fips_allow = 1;
211 else if (!strcmp(*argv, "-hmac")) { 206 else if (!strcmp(*argv, "-hmac")) {
212 if (--argc < 1) 207 if (--argc < 1)
213 break; 208 break;
@@ -354,11 +349,6 @@ mac_end:
354 if (r == 0) 349 if (r == 0)
355 goto end; 350 goto end;
356 } 351 }
357 if (non_fips_allow) {
358 EVP_MD_CTX *md_ctx;
359 BIO_get_md_ctx(bmd, &md_ctx);
360 EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
361 }
362 if (hmac_key) { 352 if (hmac_key) {
363 sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e, 353 sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e,
364 (unsigned char *) hmac_key, -1); 354 (unsigned char *) hmac_key, -1);
diff --git a/src/lib/libssl/src/apps/enc.c b/src/lib/libssl/src/apps/enc.c
index 394995f02b..5410dc52a2 100644
--- a/src/lib/libssl/src/apps/enc.c
+++ b/src/lib/libssl/src/apps/enc.c
@@ -129,7 +129,6 @@ enc_main(int argc, char **argv)
129 char *engine = NULL; 129 char *engine = NULL;
130#endif 130#endif
131 const EVP_MD *dgst = NULL; 131 const EVP_MD *dgst = NULL;
132 int non_fips_allow = 0;
133 132
134 signal(SIGPIPE, SIG_IGN); 133 signal(SIGPIPE, SIG_IGN);
135 134
@@ -264,9 +263,7 @@ enc_main(int argc, char **argv)
264 if (--argc < 1) 263 if (--argc < 1)
265 goto bad; 264 goto bad;
266 md = *(++argv); 265 md = *(++argv);
267 } else if (strcmp(*argv, "-non-fips-allow") == 0) 266 } else if ((argv[0][0] == '-') &&
268 non_fips_allow = 1;
269 else if ((argv[0][0] == '-') &&
270 ((c = EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) { 267 ((c = EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) {
271 cipher = c; 268 cipher = c;
272 } else if (strcmp(*argv, "-none") == 0) 269 } else if (strcmp(*argv, "-none") == 0)
@@ -537,10 +534,6 @@ enc_main(int argc, char **argv)
537 534
538 BIO_get_cipher_ctx(benc, &ctx); 535 BIO_get_cipher_ctx(benc, &ctx);
539 536
540 if (non_fips_allow)
541 EVP_CIPHER_CTX_set_flags(ctx,
542 EVP_CIPH_FLAG_NON_FIPS_ALLOW);
543
544 if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) { 537 if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) {
545 BIO_printf(bio_err, "Error setting cipher %s\n", 538 BIO_printf(bio_err, "Error setting cipher %s\n",
546 EVP_CIPHER_name(cipher)); 539 EVP_CIPHER_name(cipher));
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 07:47:28 +0000