File fips_not_available.patch of Package libest

diff -Naur a/example/client/estclient.c b/example/client/estclient.c
--- a/example/client/estclient.c	2024-09-19 16:04:24.682309317 -0300
+++ b/example/client/estclient.c	2024-09-19 16:05:58.169867676 -0300
@@ -1105,7 +1105,6 @@
 #else
     THREAD_CTX *tctx;
 #endif    
-    int set_fips_return = 0;
     char file_name[MAX_FILENAME_LEN];
     BIO *certin;
     static struct option long_options[] = {
@@ -1280,17 +1279,11 @@
                 est_port = atoi(optarg);
                 break;
             case 'f':
-                /* Turn FIPS on if requested and exit if failure */
-                set_fips_return = EVP_default_properties_enable_fips(NULL, 1);
-                if (!set_fips_return) {
-                    printf("\nERROR setting FIPS MODE ON ...\n");
-                    ERR_load_crypto_strings();
-                    ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
-                    exit(1);
-                } else {
-                    printf("\nRunning EST Sample Client with FIPS MODE = ON\n");
-                };
-                break;
+                /* FIPS is not available, exit with failure */
+                printf("\nERROR setting FIPS MODE ON: FIPS is not available ...\n");
+                ERR_load_crypto_strings();
+                ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+                exit(1);
             case 't':
                 num_threads = atoi(optarg);
                 if (num_threads > MAX_THREADS) {
diff -Naur a/example/proxy/estproxy.c b/example/proxy/estproxy.c
--- a/example/proxy/estproxy.c	2024-09-19 16:04:24.682309317 -0300
+++ b/example/proxy/estproxy.c	2024-09-19 16:20:56.737416880 -0300
@@ -87,8 +87,6 @@
 static int set_enhcd_cert_truststore = 0;
 static int set_cert_auth_mfg_nid = 0;
 static int set_path_seg = 0;
-static int set_fips_return = 0;
-static unsigned long set_fips_error = 0;
 static int server_set = 0;
 static int read_timeout = EST_SSL_READ_TIMEOUT_DEF;
 static int perf_timers_on = 0;
@@ -591,18 +589,8 @@
             listen_port = atoi(optarg);
             break;
         case 'f':
-            /*
-             * Turn FIPS on if user requested it and exit if failure
-             */
-            set_fips_return = EVP_default_properties_enable_fips(NULL, 1);
-            if (set_fips_return != 1) {
-                set_fips_error = ERR_get_error();
-                printf("\nERROR WHILE SETTING FIPS MODE ON exiting ....\n");
-                exit(1);
-            } else {
-                printf("\nRunning EST Sample Proxy with FIPS MODE = ON !\n");
-            }
-            break;
+            printf("\nERROR WHILE SETTING UNAVAILABLE FIPS MODE ON exiting ....\n");
+            exit(1);
         default:
             show_usage_and_exit();
             break;
diff -Naur a/example/server/estserver.c b/example/server/estserver.c
--- a/example/server/estserver.c	2024-09-19 16:04:24.682309317 -0300
+++ b/example/server/estserver.c	2024-09-19 16:19:07.483141432 -0300
@@ -102,8 +102,6 @@
 static int set_cert_auth_mfg_name = 0;
 static int set_enhcd_cert_truststore = 0;
 static int set_cert_auth_mfg_nid = 0;
-static int set_fips_return = 0;
-static unsigned long set_fips_error = 0;
 static int test_app_data = 0xDEADBEEF;
 static char priv_key_pwd[MAX_PWD_LEN];
 #if ENABLE_BRSKI
@@ -2283,19 +2281,8 @@
             strncpy(realm, optarg, MAX_REALM_LEN);
             break;
         case 'f':
-            /* turn FIPS on if user requested it
-             * and exit if failure.
-             */
-            set_fips_return = EVP_default_properties_enable_fips(NULL, 1);
-            if (set_fips_return != 1) {
-                set_fips_error = ERR_get_error();
-                printf("\nERROR WHILE SETTING FIPS MODE ON exiting ....\n");
-                exit(1);
-            } else {
-                printf("\nRunning EST Sample Server with FIPS MODE = ON !\n");
-            }
-            ;
-            break;
+            printf("\nERROR WHILE SETTING UNAVAILABLE FIPS MODE ON exiting ....\n");
+            exit(1);
         default:
             show_usage_and_exit();
             break;
diff -Naur a/src/est/est_client.c b/src/est/est_client.c
--- a/src/est/est_client.c	2024-09-19 16:04:24.668975856 -0300
+++ b/src/est/est_client.c	2024-09-19 16:15:43.978053246 -0300
@@ -3179,16 +3179,6 @@
          ctx->auth_mode == AUTH_BASIC  ||
          ctx->auth_mode == AUTH_TOKEN)) {
 
-        /*
-         * HTTPS digest mode requires the use of MD5.  Make sure we're not
-         * in FIPS mode and can use MD5
-         */
-        if (ctx->auth_mode == AUTH_DIGEST && (EVP_default_properties_is_fips_enabled(NULL))){
-            EST_LOG_ERR("HTTP digest auth not allowed while in FIPS mode");
-            rv = EST_ERR_BAD_MODE;
-            goto err;
-        }
-
         /* Try one more time if we're doing HTTP auth */
         EST_LOG_INFO("HTTP Auth failed, trying again with HTTP Auth credentials");
         rv = est_client_connect(ctx, &ssl);
@@ -3590,16 +3580,6 @@
          ctx->auth_mode == AUTH_BASIC  ||
          ctx->auth_mode == AUTH_TOKEN)) {
 
-        /*
-         * HTTPS digest mode requires the use of MD5.  Make sure we're not
-         * in FIPS mode and can use MD5
-         */
-        if (ctx->auth_mode == AUTH_DIGEST && (EVP_default_properties_is_fips_enabled(NULL))){
-	    EST_LOG_ERR("HTTP digest auth not allowed while in FIPS mode");
-	    rv = EST_ERR_BAD_MODE;
-            goto err;
-        }
-        
         /* Try one more time if we're doing Digest auth */
         EST_LOG_INFO("HTTP Auth failed, trying again with HTTP Auth credentials");
         rv = est_client_connect(ctx, &ssl);
@@ -3676,16 +3656,6 @@
          ctx->auth_mode == AUTH_BASIC  ||
          ctx->auth_mode == AUTH_TOKEN)) {
 
-        /*
-         * HTTPS digest mode requires the use of MD5.  Make sure we're not
-         * in FIPS mode and can use MD5
-         */
-        if (ctx->auth_mode == AUTH_DIGEST && (EVP_default_properties_is_fips_enabled(NULL))){
-            EST_LOG_ERR("HTTP digest auth not allowed while in FIPS mode");
-            rv = EST_ERR_BAD_MODE;
-            goto err;
-        }
-
         /* Try one more time if we're doing Digest auth */
         EST_LOG_INFO("HTTP Auth failed, trying again with HTTP Auth credentials");
         rv = est_client_connect(ctx, &ssl);
@@ -5868,16 +5838,6 @@
          ctx->auth_mode == AUTH_BASIC  ||
          ctx->auth_mode == AUTH_TOKEN)) {
 
-        /*
-         * HTTPS digest mode requires the use of MD5.  Make sure we're not
-         * in FIPS mode and can use MD5
-         */
-        if (ctx->auth_mode == AUTH_DIGEST && (EVP_default_properties_is_fips_enabled(NULL))){
-            EST_LOG_ERR("HTTP digest auth not allowed while in FIPS mode");
-            rv = EST_ERR_BAD_MODE;
-            goto err;
-        }
-        
         /* Try one more time if we're doing Digest auth */
         EST_LOG_INFO("HTTP Auth failed, trying again with HTTP Auth credentials");
         rv = est_client_connect(ctx, &ssl);
@@ -6362,16 +6322,6 @@
          ctx->auth_mode == AUTH_BASIC  ||
          ctx->auth_mode == AUTH_TOKEN)) {
 
-        /*
-         * HTTPS digest mode requires the use of MD5.  Make sure we're not
-         * in FIPS mode and can use MD5
-         */
-        if (ctx->auth_mode == AUTH_DIGEST && (EVP_default_properties_is_fips_enabled(NULL))){
-            EST_LOG_ERR("HTTP digest auth not allowed while in FIPS mode");
-            rv = EST_ERR_BAD_MODE;
-            goto err;
-        }
-        
         /* Try one more time if we're doing Digest auth */
         EST_LOG_INFO("HTTP Auth failed, trying again with HTTP Auth credentials");
         rv = est_client_connect(ctx, &ssl);
@@ -6531,16 +6481,6 @@
          ctx->auth_mode == AUTH_BASIC  ||
          ctx->auth_mode == AUTH_TOKEN)) {
 
-        /*
-         * HTTPS digest mode requires the use of MD5.  Make sure we're not
-         * in FIPS mode and can use MD5
-         */
-        if (ctx->auth_mode == AUTH_DIGEST && (EVP_default_properties_is_fips_enabled(NULL))){
-            EST_LOG_ERR("HTTP digest auth not allowed while in FIPS mode");
-            rv = EST_ERR_BAD_MODE;
-            goto err;
-        }
-        
         /* Try one more time if we're doing Digest auth */
         EST_LOG_INFO("HTTP Auth failed, trying again with HTTP Auth credentials");
         rv = est_client_connect(ctx, &ssl);
diff -Naur a/src/est/est_server.c b/src/est/est_server.c
--- a/src/est/est_server.c	2024-09-19 16:04:24.668975856 -0300
+++ b/src/est/est_server.c	2024-09-19 16:16:25.315076368 -0300
@@ -3353,14 +3353,6 @@
 
     switch (amode) {
     case AUTH_DIGEST:
-        /*
-         * Since HTTP digest auth uses MD5, make sure we're not in FIPS mode.
-         */
-	if (EVP_default_properties_is_fips_enabled(NULL)) {
-	    EST_LOG_ERR("HTTP digest auth not allowed while in FIPS mode");
-	    return (EST_ERR_BAD_MODE);
-	}
-        /* fallthrough */
     case AUTH_BASIC:        
     case AUTH_TOKEN:        
 	ctx->auth_mode = amode;
openSUSE Build Service is sponsored by