generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove some unnecessary OPENSSL_FIPS references

Browse Source 
FIPS_mode() exists in all versions of OpenSSL but always returns 0 if OpenSSL is not FIPS
capable.
Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
Dr. Stephen Henson
2014-10-18 20:14:36 +01:00
parent 0c1bd7f03f
commit 00b4ee7664
9 changed files with 0 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ssl/ssl_ciph.c
View File

@@ -643,10 +643,8 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
s->ssl_version < TLS1_VERSION)
return 1;
#ifdef OPENSSL_FIPS
if (FIPS_mode())
return 1;
#endif
if (c->algorithm_enc == SSL_RC4 &&
c->algorithm_mac == SSL_MD5 &&
@@ -826,9 +824,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
c = ssl_method->get_cipher(i);
/* drop those that use any of that is not available */
if ((c != NULL) && c->valid &&
#ifdef OPENSSL_FIPS
(!FIPS_mode() || (c->algo_strength & SSL_FIPS)) &&
#endif
!(c->algorithm_mkey & disabled_mkey) &&
!(c->algorithm_auth & disabled_auth) &&
!(c->algorithm_enc & disabled_enc) &&
@@ -1615,11 +1611,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
*/
for (curr = head; curr != NULL; curr = curr->next)
{
#ifdef OPENSSL_FIPS
if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
#else
if (curr->active)
#endif
{
if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher))
{