From b53338cbf8822dd774f9e4057307f347d2b63ff0 Mon Sep 17 00:00:00 2001 From: Emilia Kasper Date: Tue, 28 Feb 2017 12:30:28 +0100 Subject: Clean up references to FIPS This removes the fips configure option. This option is broken as the required FIPS code is not available. FIPS_mode() and FIPS_mode_set() are retained for compatibility, but FIPS_mode() always returns 0, and FIPS_mode_set() can only be used to turn FIPS mode off. Reviewed-by: Stephen Henson --- ssl/ssl_ciph.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'ssl/ssl_ciph.c') diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index e64e3da32e..0b60debdd9 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -577,9 +577,6 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, s->ssl_version < TLS1_VERSION) return 1; - if (FIPS_mode()) - return 1; - if (c->algorithm_enc == SSL_RC4 && c->algorithm_mac == SSL_MD5 && (evp = EVP_get_cipherbyname("RC4-HMAC-MD5"))) @@ -687,8 +684,6 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, /* drop those that use any of that is not available */ if (c == NULL || !c->valid) continue; - if (FIPS_mode() && (c->algo_strength & SSL_FIPS)) - continue; if ((c->algorithm_mkey & disabled_mkey) || (c->algorithm_auth & disabled_auth) || (c->algorithm_enc & disabled_enc) || @@ -1495,8 +1490,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK * to the resulting precedence to the STACK_OF(SSL_CIPHER). */ for (curr = head; curr != NULL; curr = curr->next) { - if (curr->active - && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) { + if (curr->active) { if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) { OPENSSL_free(co_list); sk_SSL_CIPHER_free(cipherstack); -- cgit v1.2.3