Fix checks for openssl version numbers around fips changes, they were using an incorrect version matching 1.1.0 and not 1.0.1

Simplify the logic to enable openssl fips mode

winpr/libwinpr/crypto/cipher.c

@@ -65,8 +65,8 @@ WINPR_RC4_CTX* winpr_RC4_New_Internal(const BYTE* key, size_t keylen, BOOL overr
 	EVP_CIPHER_CTX_init((EVP_CIPHER_CTX *) ctx);
 	EVP_EncryptInit_ex((EVP_CIPHER_CTX *) ctx, evp, NULL, NULL, NULL);
 
-	/* EVP_CIPH_FLAG_NON_FIPS_ALLOW does not exist in openssl 1.0.0 */
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+	/* EVP_CIPH_FLAG_NON_FIPS_ALLOW does not exist before openssl 1.0.1 */
+#if !(OPENSSL_VERSION_NUMBER < 0x10001000L)
 	if (override_fips == TRUE)
 		EVP_CIPHER_CTX_set_flags((EVP_CIPHER_CTX *) ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
 #endif

winpr/libwinpr/utils/ssl.c

@@ -239,7 +239,6 @@ static BOOL _winpr_openssl_cleanup_locking(void)
 static BOOL CALLBACK _winpr_openssl_initialize(PINIT_ONCE once, PVOID param, PVOID* context)
 {
 	DWORD flags = param ? *(PDWORD)param : WINPR_SSL_INIT_DEFAULT;
-	int ret = 0;
 
 	if (flags & WINPR_SSL_INIT_ALREADY_INITIALIZED)
 	{
@@ -274,18 +273,17 @@ static BOOL CALLBACK _winpr_openssl_initialize(PINIT_ONCE once, PVOID param, PVO
 
 	if (flags & WINPR_SSL_INIT_ENABLE_FIPS)
 	{
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#if (OPENSSL_VERSION_NUMBER < 0x10001000L)
+		WLog_ERR(TAG, "Openssl fips mode ENable not available on openssl versions less than 1.0.1!");
+#else
 		WLog_DBG(TAG, "Ensuring openssl fips mode is ENabled");
 		if (FIPS_mode() != 1)
 		{
-			ret = FIPS_mode_set(1);
-			if (ret != 1)
-				WLog_ERR(TAG, "Openssl fips mode ENable failed!");
+			if (FIPS_mode_set(1))
+				 WLog_INFO(TAG, "Openssl fips mode ENabled!");
 			else
-				WLog_INFO(TAG, "Openssl fips mode ENabled!");
+				WLog_ERR(TAG, "Openssl fips mode ENable failed!");
 		}
-#else
-		WLog_ERR(TAG, "Openssl fips mode ENable not available on openssl versions less than 1.0.1!");
 #endif
 	}
 	return TRUE;