Workaround for missing EVP_CIPH_FLAG_FIPS_NON_ALLOW flag in openssl 1.0.0.

2017-04-10 11:08:40 -05:00 · 2017-04-10 11:08:40 -05:00 · 497ba442be
commit 497ba442be
parent d98b88642b
1 changed files with 5 additions and 0 deletions
--- a/winpr/libwinpr/crypto/cipher.c
+++ b/winpr/libwinpr/crypto/cipher.c
@ -61,8 +61,13 @@ WINPR_RC4_CTX* winpr_RC4_New_Internal(const BYTE* key, size_t keylen, BOOL overr

 	EVP_CIPHER_CTX_init((EVP_CIPHER_CTX *) ctx);
 	EVP_EncryptInit_ex((EVP_CIPHER_CTX *) ctx, evp, NULL, NULL, NULL);
+
+	/* EVP_CIPH_FLAG_NON_FIPS_ALLOW does not exist in openssl 1.0.0 */
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
 	if (override_fips == TRUE)
 		EVP_CIPHER_CTX_set_flags((EVP_CIPHER_CTX *) ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
+#endif
+
 	EVP_CIPHER_CTX_set_key_length((EVP_CIPHER_CTX *) ctx, keylen);
 	EVP_EncryptInit_ex((EVP_CIPHER_CTX *) ctx, NULL, NULL, key, NULL);