This commit was manufactured by cvs2svn to create branch

[oweals/openssl.git] / ssl / t1_enc.c

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index ac224ddfa18142a6eaa901537d5c6a20c912604a..2c6246abf5403be200f2092dde4aa74a7dba9c32 100644 (file)
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -132,6 +132,8 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
 
        HMAC_CTX_init(&ctx);
        HMAC_CTX_init(&ctx_tmp);
+       HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+       HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
        HMAC_Init_ex(&ctx,sec,sec_len,md, NULL);
        HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL);
        HMAC_Update(&ctx,seed,seed_len);
@@ -178,13 +180,7 @@ static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
        S2= &(sec[len]);
        len+=(slen&1); /* add for odd, make longer */
 
-#ifdef OPENSSL_FIPS
-       FIPS_allow_md5(1);
-#endif
        tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
-#ifdef OPENSSL_FIPS
-       FIPS_allow_md5(0);
-#endif
        tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
 
        for (i=0; i<olen; i++)
@@ -662,13 +658,7 @@ int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
 
        EVP_MD_CTX_init(&ctx);
        EVP_MD_CTX_copy_ex(&ctx,in_ctx);
-#ifdef OPENSSL_FIPS
-       FIPS_allow_md5(1);
-#endif
        EVP_DigestFinal_ex(&ctx,out,&ret);
-#ifdef OPENSSL_FIPS
-       FIPS_allow_md5(0);
-#endif
        EVP_MD_CTX_cleanup(&ctx);
        return((int)ret);
        }
@@ -687,13 +677,7 @@ int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
 
        EVP_MD_CTX_init(&ctx);
        EVP_MD_CTX_copy_ex(&ctx,in1_ctx);
-#ifdef OPENSSL_FIPS
-       FIPS_allow_md5(1);
-#endif
        EVP_DigestFinal_ex(&ctx,q,&i);
-#ifdef OPENSSL_FIPS
-       FIPS_allow_md5(0);
-#endif
        q+=i;
        EVP_MD_CTX_copy_ex(&ctx,in2_ctx);
        EVP_DigestFinal_ex(&ctx,q,&i);