diff options
author | Emilia Kasper <emilia@openssl.org> | 2017-02-28 12:30:28 +0100 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2017-02-28 15:26:25 +0100 |
commit | b53338cbf8822dd774f9e4057307f347d2b63ff0 (patch) | |
tree | 762d5194d048f5ae4d156b769115ca8f3b5b4155 /ssl/ssl_ciph.c | |
parent | 223a90cc9a94d1f6abf04ef28dc30b03c3e5e0c1 (diff) |
Clean up references to FIPS
This removes the fips configure option. This option is broken as the
required FIPS code is not available.
FIPS_mode() and FIPS_mode_set() are retained for compatibility, but
FIPS_mode() always returns 0, and FIPS_mode_set() can only be used to
turn FIPS mode off.
Reviewed-by: Stephen Henson <steve@openssl.org>
Diffstat (limited to 'ssl/ssl_ciph.c')
-rw-r--r-- | ssl/ssl_ciph.c | 8 |
1 files changed, 1 insertions, 7 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index e64e3da32e..0b60debdd9 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -577,9 +577,6 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, s->ssl_version < TLS1_VERSION) return 1; - if (FIPS_mode()) - return 1; - if (c->algorithm_enc == SSL_RC4 && c->algorithm_mac == SSL_MD5 && (evp = EVP_get_cipherbyname("RC4-HMAC-MD5"))) @@ -687,8 +684,6 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, /* drop those that use any of that is not available */ if (c == NULL || !c->valid) continue; - if (FIPS_mode() && (c->algo_strength & SSL_FIPS)) - continue; if ((c->algorithm_mkey & disabled_mkey) || (c->algorithm_auth & disabled_auth) || (c->algorithm_enc & disabled_enc) || @@ -1495,8 +1490,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK * to the resulting precedence to the STACK_OF(SSL_CIPHER). */ for (curr = head; curr != NULL; curr = curr->next) { - if (curr->active - && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) { + if (curr->active) { if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) { OPENSSL_free(co_list); sk_SSL_CIPHER_free(cipherstack); |