File openssl-fips-dont-fall-back-to-default-digest.patch of Package openssl.2018

Index: openssl-1.0.1i/apps/dgst.c
===================================================================
--- openssl-1.0.1i.orig/apps/dgst.c
+++ openssl-1.0.1i/apps/dgst.c
@@ -99,6 +99,26 @@ static void list_md_fn(const EVP_MD *m,
 			mname, mname);
 	}
 
+static const EVP_MD *EVP_get_digestbyname_fips_disabled(const char *name)
+	{
+	int saved_fips_mode = FIPS_mode();
+	EVP_MD *md;
+
+	if (saved_fips_mode)
+		FIPS_mode_set(0);
+
+	OpenSSL_add_all_digests();
+	md=EVP_get_digestbyname(name);
+
+	if (saved_fips_mode && !FIPS_mode_set(saved_fips_mode)) {
+		ERR_load_crypto_strings();
+		ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+		EXIT(1);
+	}
+
+	return md;
+	}
+
 int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
@@ -147,7 +167,7 @@ int MAIN(int argc, char **argv)
 	/* first check the program name */
 	program_name(argv[0],pname,sizeof pname);
 
-	md=EVP_get_digestbyname(pname);
+	md=EVP_get_digestbyname_fips_disabled(pname);
 
 	argc--;
 	argv++;
@@ -250,7 +270,7 @@ int MAIN(int argc, char **argv)
 			if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++argv)))
 				break;
 			}
-		else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
+		else if ((m=EVP_get_digestbyname_fips_disabled(&((*argv)[1]))) != NULL)
 			md=m;
 		else
 			break;