diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2014-05-19 12:18:24 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2014-05-19 12:18:24 +0000 |
| commit | 42d0f6359f8b27ec7255df1e52cd9046607ebb1f (patch) | |
| tree | ba2f902b976d8fbceacbb62d7740b1e0dccf5035 | |
| parent | 3d8c3f277959dc36c3c530b096f05e9de747d1ab (diff) | |
More whack-a-mole^Wfips.
ok miod@
| -rw-r--r-- | lib/libssl/src/apps/dgst.c | 10 | ||||
| -rw-r--r-- | lib/libssl/src/apps/enc.c | 9 |
2 files changed, 1 insertions, 18 deletions
diff --git a/lib/libssl/src/apps/dgst.c b/lib/libssl/src/apps/dgst.c index 1017a362f58..ce0d643f649 100644 --- a/lib/libssl/src/apps/dgst.c +++ b/lib/libssl/src/apps/dgst.c @@ -127,7 +127,6 @@ dgst_main(int argc, char **argv) #endif char *hmac_key = NULL; char *mac_name = NULL; - int non_fips_allow = 0; STACK_OF(OPENSSL_STRING) * sigopts = NULL, *macopts = NULL; signal(SIGPIPE, SIG_IGN); @@ -204,10 +203,6 @@ dgst_main(int argc, char **argv) out_bin = 1; else if (strcmp(*argv, "-d") == 0) debug = 1; - else if (!strcmp(*argv, "-fips-fingerprint")) - hmac_key = "etaonrishdlcupfm"; - else if (strcmp(*argv, "-non-fips-allow") == 0) - non_fips_allow = 1; else if (!strcmp(*argv, "-hmac")) { if (--argc < 1) break; @@ -354,11 +349,6 @@ mac_end: if (r == 0) goto end; } - if (non_fips_allow) { - EVP_MD_CTX *md_ctx; - BIO_get_md_ctx(bmd, &md_ctx); - EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - } if (hmac_key) { sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e, (unsigned char *) hmac_key, -1); diff --git a/lib/libssl/src/apps/enc.c b/lib/libssl/src/apps/enc.c index 394995f02b8..5410dc52a20 100644 --- a/lib/libssl/src/apps/enc.c +++ b/lib/libssl/src/apps/enc.c @@ -129,7 +129,6 @@ enc_main(int argc, char **argv) char *engine = NULL; #endif const EVP_MD *dgst = NULL; - int non_fips_allow = 0; signal(SIGPIPE, SIG_IGN); @@ -264,9 +263,7 @@ enc_main(int argc, char **argv) if (--argc < 1) goto bad; md = *(++argv); - } else if (strcmp(*argv, "-non-fips-allow") == 0) - non_fips_allow = 1; - else if ((argv[0][0] == '-') && + } else if ((argv[0][0] == '-') && ((c = EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) { cipher = c; } else if (strcmp(*argv, "-none") == 0) @@ -537,10 +534,6 @@ enc_main(int argc, char **argv) BIO_get_cipher_ctx(benc, &ctx); - if (non_fips_allow) - EVP_CIPHER_CTX_set_flags(ctx, - EVP_CIPH_FLAG_NON_FIPS_ALLOW); - if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) { BIO_printf(bio_err, "Error setting cipher %s\n", EVP_CIPHER_name(cipher)); |