diff options
| author |   jsing <jsing@openbsd.org> | 2014-06-11 15:44:10 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2014-06-11 15:44:10 +0000 |
| commit | 69fce12f1e732d267df2130b70d1e11c27c3c731 (patch) | |
| tree | 94e2a053e69b580e76cf6b2503b6470b23c0e4a2 /lib | |
| parent | Tsk. Tsk. Someone forgot to compile test the other half. (diff) | |
| download | wireguard-openbsd-69fce12f1e732d267df2130b70d1e11c27c3c731.tar.xz wireguard-openbsd-69fce12f1e732d267df2130b70d1e11c27c3c731.zip | |
Stop setting the EVP_MD_CTX_FLAG_NON_FIPS_ALLOW - it has been ignored since
OpenSSL 1.0.0.
ok miod@ (a little while back)
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libcrypto/x509/x509_cmp.c | 1 | ||||
| -rw-r--r-- | lib/libssl/s3_clnt.c | 2 | ||||
| -rw-r--r-- | lib/libssl/s3_srvr.c | 2 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/x509/x509_cmp.c | 1 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/s3_clnt.c | 2 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/s3_enc.c | 3 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/s3_srvr.c | 2 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/t1_enc.c | 2 | ||||
| -rw-r--r-- | lib/libssl/t1_enc.c | 2 |
9 files changed, 0 insertions, 17 deletions
diff --git a/lib/libcrypto/x509/x509_cmp.c b/lib/libcrypto/x509/x509_cmp.c index b6b3423e3fd..8877c6e2842 100644 --- a/lib/libcrypto/x509/x509_cmp.c +++ b/lib/libcrypto/x509/x509_cmp.c @@ -258,7 +258,6 @@ X509_NAME_hash_old(X509_NAME *x) /* Make sure X509_NAME structure contains valid cached encoding */ i2d_X509_NAME(x, NULL); EVP_MD_CTX_init(&md_ctx); - EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) && EVP_DigestFinal_ex(&md_ctx, md, NULL)) diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c index 45dfb64f927..e86d58c6718 100644 --- a/lib/libssl/s3_clnt.c +++ b/lib/libssl/s3_clnt.c @@ -1603,8 +1603,6 @@ ssl3_get_key_exchange(SSL *s) j = 0; q = md_buf; for (num = 2; num > 0; num--) { - EVP_MD_CTX_set_flags(&md_ctx, - EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_DigestInit_ex(&md_ctx, (num == 2) ? s->ctx->md5 : s->ctx->sha1, NULL); diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index 9dc944706f5..6bf4def27d0 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -1793,8 +1793,6 @@ ssl3_send_server_key_exchange(SSL *s) q = md_buf; j = 0; for (num = 2; num > 0; num--) { - EVP_MD_CTX_set_flags(&md_ctx, - EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_DigestInit_ex(&md_ctx, (num == 2) ? s->ctx->md5 : s->ctx->sha1, NULL); diff --git a/lib/libssl/src/crypto/x509/x509_cmp.c b/lib/libssl/src/crypto/x509/x509_cmp.c index b6b3423e3fd..8877c6e2842 100644 --- a/lib/libssl/src/crypto/x509/x509_cmp.c +++ b/lib/libssl/src/crypto/x509/x509_cmp.c @@ -258,7 +258,6 @@ X509_NAME_hash_old(X509_NAME *x) /* Make sure X509_NAME structure contains valid cached encoding */ i2d_X509_NAME(x, NULL); EVP_MD_CTX_init(&md_ctx); - EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) && EVP_DigestFinal_ex(&md_ctx, md, NULL)) diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c index 45dfb64f927..e86d58c6718 100644 --- a/lib/libssl/src/ssl/s3_clnt.c +++ b/lib/libssl/src/ssl/s3_clnt.c @@ -1603,8 +1603,6 @@ ssl3_get_key_exchange(SSL *s) j = 0; q = md_buf; for (num = 2; num > 0; num--) { - EVP_MD_CTX_set_flags(&md_ctx, - EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_DigestInit_ex(&md_ctx, (num == 2) ? s->ctx->md5 : s->ctx->sha1, NULL); diff --git a/lib/libssl/src/ssl/s3_enc.c b/lib/libssl/src/ssl/s3_enc.c index 71a3155c604..1f7c592a64b 100644 --- a/lib/libssl/src/ssl/s3_enc.c +++ b/lib/libssl/src/ssl/s3_enc.c @@ -172,7 +172,6 @@ ssl3_generate_key_block(SSL *s, unsigned char *km, int num) k = 0; EVP_MD_CTX_init(&m5); - EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_MD_CTX_init(&s1); for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) { k++; @@ -667,8 +666,6 @@ ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, int len, return 0; } EVP_MD_CTX_init(&ctx); - EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - if (!EVP_MD_CTX_copy_ex(&ctx, d)) return 0; n = EVP_MD_CTX_size(&ctx); diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c index 9dc944706f5..6bf4def27d0 100644 --- a/lib/libssl/src/ssl/s3_srvr.c +++ b/lib/libssl/src/ssl/s3_srvr.c @@ -1793,8 +1793,6 @@ ssl3_send_server_key_exchange(SSL *s) q = md_buf; j = 0; for (num = 2; num > 0; num--) { - EVP_MD_CTX_set_flags(&md_ctx, - EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_DigestInit_ex(&md_ctx, (num == 2) ? s->ctx->md5 : s->ctx->sha1, NULL); diff --git a/lib/libssl/src/ssl/t1_enc.c b/lib/libssl/src/ssl/t1_enc.c index 922d44ad4e8..eaf53b48cc6 100644 --- a/lib/libssl/src/ssl/t1_enc.c +++ b/lib/libssl/src/ssl/t1_enc.c @@ -165,8 +165,6 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len, EVP_MD_CTX_init(&ctx); EVP_MD_CTX_init(&ctx_tmp); - EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_MD_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len); if (!mac_key) goto err; diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index 922d44ad4e8..eaf53b48cc6 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -165,8 +165,6 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len, EVP_MD_CTX_init(&ctx); EVP_MD_CTX_init(&ctx_tmp); - EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_MD_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len); if (!mac_key) goto err; |