From: jsing <jsing@openbsd.org>
Date: Mon, 19 May 2014 12:18:23 +0000 (+0000)
Subject: More whack-a-mole^Wfips.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=f2245ce3ad535d15027f81e188675d4e34341d2e;p=openbsd

More whack-a-mole^Wfips.

ok miod@
---

diff --git a/lib/libssl/src/apps/dgst.c b/lib/libssl/src/apps/dgst.c
index 1017a362f58..ce0d643f649 100644
--- a/lib/libssl/src/apps/dgst.c
+++ b/lib/libssl/src/apps/dgst.c
@@ -127,7 +127,6 @@ dgst_main(int argc, char **argv)
 #endif
 	char *hmac_key = NULL;
 	char *mac_name = NULL;
-	int non_fips_allow = 0;
 	STACK_OF(OPENSSL_STRING) * sigopts = NULL, *macopts = NULL;
 
 	signal(SIGPIPE, SIG_IGN);
@@ -204,10 +203,6 @@ dgst_main(int argc, char **argv)
 			out_bin = 1;
 		else if (strcmp(*argv, "-d") == 0)
 			debug = 1;
-		else if (!strcmp(*argv, "-fips-fingerprint"))
-			hmac_key = "etaonrishdlcupfm";
-		else if (strcmp(*argv, "-non-fips-allow") == 0)
-			non_fips_allow = 1;
 		else if (!strcmp(*argv, "-hmac")) {
 			if (--argc < 1)
 				break;
@@ -354,11 +349,6 @@ mac_end:
 		if (r == 0)
 			goto end;
 	}
-	if (non_fips_allow) {
-		EVP_MD_CTX *md_ctx;
-		BIO_get_md_ctx(bmd, &md_ctx);
-		EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-	}
 	if (hmac_key) {
 		sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e,
 		    (unsigned char *) hmac_key, -1);
diff --git a/lib/libssl/src/apps/enc.c b/lib/libssl/src/apps/enc.c
index 394995f02b8..5410dc52a20 100644
--- a/lib/libssl/src/apps/enc.c
+++ b/lib/libssl/src/apps/enc.c
@@ -129,7 +129,6 @@ enc_main(int argc, char **argv)
 	char *engine = NULL;
 #endif
 	const EVP_MD *dgst = NULL;
-	int non_fips_allow = 0;
 
 	signal(SIGPIPE, SIG_IGN);
 
@@ -264,9 +263,7 @@ enc_main(int argc, char **argv)
 			if (--argc < 1)
 				goto bad;
 			md = *(++argv);
-		} else if (strcmp(*argv, "-non-fips-allow") == 0)
-			non_fips_allow = 1;
-		else if ((argv[0][0] == '-') &&
+		} else if ((argv[0][0] == '-') &&
 		    ((c = EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) {
 			cipher = c;
 		} else if (strcmp(*argv, "-none") == 0)
@@ -537,10 +534,6 @@ enc_main(int argc, char **argv)
 
 		BIO_get_cipher_ctx(benc, &ctx);
 
-		if (non_fips_allow)
-			EVP_CIPHER_CTX_set_flags(ctx,
-			    EVP_CIPH_FLAG_NON_FIPS_ALLOW);
-
 		if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) {
 			BIO_printf(bio_err, "Error setting cipher %s\n",
 			    EVP_CIPHER_name(cipher));