More whack-a-mole^Wfips.

ok miod@
author: jsing <> 2014-05-19 12:18:23 +0000
committer: jsing <> 2014-05-19 12:18:23 +0000
commit: f1127aae68b9eeaf7ade9b949ea67eb53863e42c (patch)
tree: 73eb7d96efdcfa1e17d236a0bc09c6019cfd1917 /src
parent: d85856c6fb29e490c7a72fac8fef7a96bc2f4bca (diff)
download: openbsd-f1127aae68b9eeaf7ade9b949ea67eb53863e42c.tar.gz
openbsd-f1127aae68b9eeaf7ade9b949ea67eb53863e42c.tar.bz2
openbsd-f1127aae68b9eeaf7ade9b949ea67eb53863e42c.zip
2 files changed, 1 insertions, 18 deletions
diff --git a/src/lib/libssl/src/apps/dgst.c b/src/lib/libssl/src/apps/dgst.c
index 1017a362f5..ce0d643f64 100644
--- a/src/lib/libssl/src/apps/dgst.c
+++ b/src/lib/libssl/src/apps/dgst.c
@@ -127,7 +127,6 @@ dgst_main(int argc, char **argv)
 #endif
        char *hmac_key = NULL;
        char *mac_name = NULL;
-        int non_fips_allow = 0;
        STACK_OF(OPENSSL_STRING) * sigopts = NULL, *macopts = NULL;
        signal(SIGPIPE, SIG_IGN);
@@ -204,10 +203,6 @@ dgst_main(int argc, char **argv)
                        out_bin = 1;
                else if (strcmp(*argv, "-d") == 0)
                        debug = 1;
-                else if (!strcmp(*argv, "-fips-fingerprint"))
-                        hmac_key = "etaonrishdlcupfm";
-                else if (strcmp(*argv, "-non-fips-allow") == 0)
-                        non_fips_allow = 1;
                else if (!strcmp(*argv, "-hmac")) {
                        if (--argc < 1)
                                break;
@@ -354,11 +349,6 @@ mac_end:
                if (r == 0)
                        goto end;
        }
-        if (non_fips_allow) {
-                EVP_MD_CTX *md_ctx;
-                BIO_get_md_ctx(bmd, &md_ctx);
-                EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-        }
        if (hmac_key) {
                sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e,
                    (unsigned char *) hmac_key, -1);
diff --git a/src/lib/libssl/src/apps/enc.c b/src/lib/libssl/src/apps/enc.c
index 394995f02b..5410dc52a2 100644
--- a/src/lib/libssl/src/apps/enc.c
+++ b/src/lib/libssl/src/apps/enc.c
@@ -129,7 +129,6 @@ enc_main(int argc, char **argv)
        char *engine = NULL;
 #endif
        const EVP_MD *dgst = NULL;
-        int non_fips_allow = 0;
        signal(SIGPIPE, SIG_IGN);
@@ -264,9 +263,7 @@ enc_main(int argc, char **argv)
                        if (--argc < 1)
                                goto bad;
                        md = *(++argv);
-                } else if (strcmp(*argv, "-non-fips-allow") == 0)
+                } else if ((argv[0][0] == '-') &&
-                        non_fips_allow = 1;
-                else if ((argv[0][0] == '-') &&
                    ((c = EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) {
                        cipher = c;
                } else if (strcmp(*argv, "-none") == 0)
@@ -537,10 +534,6 @@ enc_main(int argc, char **argv)
                BIO_get_cipher_ctx(benc, &ctx);
-                if (non_fips_allow)
-                        EVP_CIPHER_CTX_set_flags(ctx,
-                            EVP_CIPH_FLAG_NON_FIPS_ALLOW);
                if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) {
                        BIO_printf(bio_err, "Error setting cipher %s\n",
                            EVP_CIPHER_name(cipher));
author	jsing <>	2014-05-19 12:18:23 +0000
committer	jsing <>	2014-05-19 12:18:23 +0000
commit	f1127aae68b9eeaf7ade9b949ea67eb53863e42c (patch)
tree	73eb7d96efdcfa1e17d236a0bc09c6019cfd1917 /src
parent	d85856c6fb29e490c7a72fac8fef7a96bc2f4bca (diff)
download	openbsd-f1127aae68b9eeaf7ade9b949ea67eb53863e42c.tar.gz openbsd-f1127aae68b9eeaf7ade9b949ea67eb53863e42c.tar.bz2 openbsd-f1127aae68b9eeaf7ade9b949ea67eb53863e42c.zip