From 700b4a4ae7c2a89ca99bfe64baef1eabfa316136 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Mon, 14 Dec 2015 15:24:27 -0500 Subject: Remove more (rest?) of FIPS build stuff. Reviewed-by: Dr. Stephen Henson --- apps/dgst.c | 15 ++------------- apps/dsaparam.c | 12 ++---------- apps/enc.c | 11 ++--------- apps/genrsa.c | 11 ++--------- 4 files changed, 8 insertions(+), 41 deletions(-) (limited to 'apps') diff --git a/apps/dgst.c b/apps/dgst.c index fb09a45cd0..09396e6fa0 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -80,7 +80,7 @@ typedef enum OPTION_choice { OPT_C, OPT_R, OPT_RAND, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY, OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL, OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT, - OPT_NON_FIPS_ALLOW, OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT, + OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT, OPT_DIGEST } OPTION_CHOICE; @@ -106,7 +106,6 @@ OPTIONS dgst_options[] = { {"d", OPT_DEBUG, '-', "Print debug info"}, {"debug", OPT_DEBUG, '-'}, {"fips-fingerprint", OPT_FIPS_FINGERPRINT, '-'}, - {"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'}, {"hmac", OPT_HMAC, 's', "Create hashed MAC with key"}, {"mac", OPT_MAC, 's', "Create MAC (not neccessarily HMAC)"}, {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, @@ -133,8 +132,7 @@ int dgst_main(int argc, char **argv) const char *sigfile = NULL, *randfile = NULL; OPTION_CHOICE o; int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0; - int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = - 0, non_fips_allow = 0; + int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0; unsigned char *buf = NULL, *sigbuf = NULL; int engine_impl = 0; @@ -205,9 +203,6 @@ int dgst_main(int argc, char **argv) case OPT_FIPS_FINGERPRINT: hmac_key = "etaonrishdlcupfm"; break; - case OPT_NON_FIPS_ALLOW: - non_fips_allow = 1; - break; case OPT_HMAC: hmac_key = opt_arg(); break; @@ -323,12 +318,6 @@ int dgst_main(int argc, char **argv) goto end; } - if (non_fips_allow) { - EVP_MD_CTX *md_ctx; - BIO_get_md_ctx(bmd, &md_ctx); - EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - } - if (hmac_key) { sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl, (unsigned char *)hmac_key, -1); diff --git a/apps/dsaparam.c b/apps/dsaparam.c index c591b5db53..1689350331 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -86,7 +86,7 @@ static int dsa_cb(int p, int n, BN_GENCB *cb); typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C, - OPT_NOOUT, OPT_GENKEY, OPT_RAND, OPT_NON_FIPS_ALLOW, OPT_ENGINE, + OPT_NOOUT, OPT_GENKEY, OPT_RAND, OPT_ENGINE, OPT_TIMEBOMB } OPTION_CHOICE; @@ -101,7 +101,6 @@ OPTIONS dsaparam_options[] = { {"noout", OPT_NOOUT, '-', "No output"}, {"genkey", OPT_GENKEY, '-', "Generate a DSA key"}, {"rand", OPT_RAND, 's', "Files to use for random number input"}, - {"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'}, # ifdef GENCB_TEST {"timebomb", OPT_TIMEBOMB, 'p', "Interrupt keygen after 'pnum' seconds"}, # endif @@ -116,7 +115,7 @@ int dsaparam_main(int argc, char **argv) DSA *dsa = NULL; BIO *in = NULL, *out = NULL; BN_GENCB *cb = NULL; - int numbits = -1, num = 0, genkey = 0, need_rand = 0, non_fips_allow = 0; + int numbits = -1, num = 0, genkey = 0, need_rand = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0; int ret = 1, i, text = 0, private = 0; # ifdef GENCB_TEST @@ -175,9 +174,6 @@ int dsaparam_main(int argc, char **argv) case OPT_NOOUT: noout = 1; break; - case OPT_NON_FIPS_ALLOW: - non_fips_allow = 1; - break; } } argc = opt_num_rest(); @@ -219,8 +215,6 @@ int dsaparam_main(int argc, char **argv) BIO_printf(bio_err, "Error allocating DSA object\n"); goto end; } - if (non_fips_allow) - dsa->flags |= DSA_FLAG_NON_FIPS_ALLOW; BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n", num); BIO_printf(bio_err, "This could take some time\n"); @@ -309,8 +303,6 @@ int dsaparam_main(int argc, char **argv) assert(need_rand); if ((dsakey = DSAparams_dup(dsa)) == NULL) goto end; - if (non_fips_allow) - dsakey->flags |= DSA_FLAG_NON_FIPS_ALLOW; if (!DSA_generate_key(dsakey)) { ERR_print_errors(bio_err); DSA_free(dsakey); diff --git a/apps/enc.c b/apps/enc.c index cf021856e1..58d2550d21 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -84,7 +84,7 @@ typedef enum OPTION_choice { OPT_E, OPT_IN, OPT_OUT, OPT_PASS, OPT_ENGINE, OPT_D, OPT_P, OPT_V, OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A, OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE, - OPT_UPPER_S, OPT_IV, OPT_MD, OPT_NON_FIPS_ALLOW, OPT_CIPHER + OPT_UPPER_S, OPT_IV, OPT_MD, OPT_CIPHER } OPTION_CHOICE; OPTIONS enc_options[] = { @@ -111,7 +111,6 @@ OPTIONS enc_options[] = { {"S", OPT_UPPER_S, 's', "Salt, in hex"}, {"iv", OPT_IV, 's', "IV in hex"}, {"md", OPT_MD, 's', "Use specified digest to create key from passphrase"}, - {"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'}, {"none", OPT_NONE, '-', "Don't encrypt"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, #ifdef ZLIB @@ -140,7 +139,7 @@ int enc_main(int argc, char **argv) int bsize = BSIZE, verbose = 0, debug = 0, olb64 = 0, nosalt = 0; int enc = 1, printkey = 0, i, k; int base64 = 0, informat = FORMAT_BINARY, outformat = FORMAT_BINARY; - int ret = 1, inl, nopad = 0, non_fips_allow = 0; + int ret = 1, inl, nopad = 0; unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; unsigned char *buff = NULL, salt[PKCS5_SALT_LEN]; unsigned long n; @@ -279,9 +278,6 @@ int enc_main(int argc, char **argv) if (!opt_md(opt_arg(), &dgst)) goto opthelp; break; - case OPT_NON_FIPS_ALLOW: - non_fips_allow = 1; - break; case OPT_CIPHER: if (!opt_cipher(opt_unknown(), &c)) goto opthelp; @@ -501,9 +497,6 @@ int enc_main(int argc, char **argv) BIO_get_cipher_ctx(benc, &ctx); - if (non_fips_allow) - EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW); - if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) { BIO_printf(bio_err, "Error setting cipher %s\n", EVP_CIPHER_name(cipher)); diff --git a/apps/genrsa.c b/apps/genrsa.c index 89211971fa..33a1567711 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -78,7 +78,7 @@ static int genrsa_cb(int p, int n, BN_GENCB *cb); typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, - OPT_3, OPT_F4, OPT_NON_FIPS_ALLOW, OPT_ENGINE, + OPT_3, OPT_F4, OPT_ENGINE, OPT_OUT, OPT_RAND, OPT_PASSOUT, OPT_CIPHER } OPTION_CHOICE; @@ -87,7 +87,6 @@ OPTIONS genrsa_options[] = { {"3", OPT_3, '-', "Use 3 for the E value"}, {"F4", OPT_F4, '-', "Use F4 (0x10001) for the E value"}, {"f4", OPT_F4, '-', "Use F4 (0x10001) for the E value"}, - {"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'}, {"out", OPT_OUT, 's', "Output the key to specified file"}, {"rand", OPT_RAND, 's', "Load the file(s) into the random number generator"}, @@ -108,7 +107,7 @@ int genrsa_main(int argc, char **argv) BIO *out = NULL; RSA *rsa = NULL; const EVP_CIPHER *enc = NULL; - int ret = 1, non_fips_allow = 0, num = DEFBITS, private = 0; + int ret = 1, num = DEFBITS, private = 0; unsigned long f4 = RSA_F4; char *outfile = NULL, *passoutarg = NULL, *passout = NULL; char *inrand = NULL, *prog, *hexe, *dece; @@ -136,9 +135,6 @@ int genrsa_main(int argc, char **argv) case OPT_F4: f4 = RSA_F4; break; - case OPT_NON_FIPS_ALLOW: - non_fips_allow = 1; - break; case OPT_OUT: outfile = opt_arg(); break; @@ -188,9 +184,6 @@ int genrsa_main(int argc, char **argv) if (rsa == NULL) goto end; - if (non_fips_allow) - rsa->flags |= RSA_FLAG_NON_FIPS_ALLOW; - if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, cb)) goto end; -- cgit v1.2.3