Fix checks for openssl version numbers around fips changes, they were using an incorrect version matching 1.1.0 and not 1.0.1
Simplify the logic to enable openssl fips mode
This commit is contained in:
parent
e47123f05a
commit
922a0fa495
@ -65,8 +65,8 @@ WINPR_RC4_CTX* winpr_RC4_New_Internal(const BYTE* key, size_t keylen, BOOL overr
|
||||
EVP_CIPHER_CTX_init((EVP_CIPHER_CTX *) ctx);
|
||||
EVP_EncryptInit_ex((EVP_CIPHER_CTX *) ctx, evp, NULL, NULL, NULL);
|
||||
|
||||
/* EVP_CIPH_FLAG_NON_FIPS_ALLOW does not exist in openssl 1.0.0 */
|
||||
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
||||
/* EVP_CIPH_FLAG_NON_FIPS_ALLOW does not exist before openssl 1.0.1 */
|
||||
#if !(OPENSSL_VERSION_NUMBER < 0x10001000L)
|
||||
if (override_fips == TRUE)
|
||||
EVP_CIPHER_CTX_set_flags((EVP_CIPHER_CTX *) ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
|
||||
#endif
|
||||
|
@ -239,7 +239,6 @@ static BOOL _winpr_openssl_cleanup_locking(void)
|
||||
static BOOL CALLBACK _winpr_openssl_initialize(PINIT_ONCE once, PVOID param, PVOID* context)
|
||||
{
|
||||
DWORD flags = param ? *(PDWORD)param : WINPR_SSL_INIT_DEFAULT;
|
||||
int ret = 0;
|
||||
|
||||
if (flags & WINPR_SSL_INIT_ALREADY_INITIALIZED)
|
||||
{
|
||||
@ -274,18 +273,17 @@ static BOOL CALLBACK _winpr_openssl_initialize(PINIT_ONCE once, PVOID param, PVO
|
||||
|
||||
if (flags & WINPR_SSL_INIT_ENABLE_FIPS)
|
||||
{
|
||||
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
||||
#if (OPENSSL_VERSION_NUMBER < 0x10001000L)
|
||||
WLog_ERR(TAG, "Openssl fips mode ENable not available on openssl versions less than 1.0.1!");
|
||||
#else
|
||||
WLog_DBG(TAG, "Ensuring openssl fips mode is ENabled");
|
||||
if (FIPS_mode() != 1)
|
||||
{
|
||||
ret = FIPS_mode_set(1);
|
||||
if (ret != 1)
|
||||
WLog_ERR(TAG, "Openssl fips mode ENable failed!");
|
||||
else
|
||||
if (FIPS_mode_set(1))
|
||||
WLog_INFO(TAG, "Openssl fips mode ENabled!");
|
||||
else
|
||||
WLog_ERR(TAG, "Openssl fips mode ENable failed!");
|
||||
}
|
||||
#else
|
||||
WLog_ERR(TAG, "Openssl fips mode ENable not available on openssl versions less than 1.0.1!");
|
||||
#endif
|
||||
}
|
||||
return TRUE;
|
||||
|
Loading…
Reference in New Issue
Block a user