1
1
Fork 0

openssl.c: guards around calling FIPS_mode() #596 (#603)

Notes:
FIPS_mode() is not implemented in LibreSSL and this API is removed in OpenSSL 3.0 and was introduced in 0.9.7. Added guards around making this call.

Credit:
Will Cosgrove
This commit is contained in:
Will Cosgrove 2021-05-26 16:43:32 -07:00 committed by GitHub
parent 35ac220a44
commit 6f68e8d064
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions

View File

@ -2230,8 +2230,14 @@ _libssh2_md5_init(libssh2_md5_ctx *ctx)
* "digital envelope routines:FIPS_DIGESTINIT:disabled for fips"
* So, just return 0 in FIPS mode
*/
#if OPENSSL_VERSION_NUMBER >= 0x000907000L && \
defined(OPENSSL_VERSION_MAJOR) && \
OPENSSL_VERSION_MAJOR < 3 && \
!defined(LIBRESSL_VERSION_NUMBER)
if(FIPS_mode() != 0)
return 0;
#endif
#ifdef HAVE_OPAQUE_STRUCTS
*ctx = EVP_MD_CTX_new();