]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3acf8e9)
Remove remnant SSL_FIPS flag
authorPauli <paul.dale@oracle.com>
Thu, 26 Feb 2026 22:33:48 +0000 (09:33 +1100)
committerDmitry Belyavskiy <beldmit@gmail.com>
Sat, 28 Feb 2026 10:47:39 +0000 (11:47 +0100)
This flag was used to support the old FIPS canister and isn't used or
needed anymore.  It's only set in the data structures and never queried
so it's removal is low impact.

Fixes #30156

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/30200)

ssl/s3_lib.c patch | blob | blame | history
ssl/ssl_ciph.c patch | blob | blame | history
ssl/ssl_local.h patch | blob | blame | history

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index de28d02bd13350ecabcca7a5775635aa7419c4ee..ec658829b71b391c732f20d097957df68fb4794f 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -247,7 +247,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_STRONG_NONE | SSL_FIPS,
+        SSL_STRONG_NONE,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         0,
         0,
@@ -340,7 +340,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         128,
         128,
@@ -358,7 +358,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+        SSL_NOT_DEFAULT | SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         128,
         128,
@@ -376,7 +376,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         128,
         128,
@@ -394,7 +394,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+        SSL_NOT_DEFAULT | SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         128,
         128,
@@ -412,7 +412,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         256,
         256,
@@ -430,7 +430,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+        SSL_NOT_DEFAULT | SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         256,
         256,
@@ -448,7 +448,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         256,
         256,
@@ -466,7 +466,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+        SSL_NOT_DEFAULT | SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         256,
         256,
@@ -485,7 +485,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_STRONG_NONE | SSL_FIPS,
+        SSL_STRONG_NONE,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         0,
         0,
@@ -504,7 +504,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         128,
         128,
@@ -522,7 +522,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         256,
         256,
@@ -540,7 +540,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+        SSL_NOT_DEFAULT | SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         128,
         128,
@@ -558,7 +558,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         128,
         128,
@@ -576,7 +576,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+        SSL_NOT_DEFAULT | SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         256,
         256,
@@ -594,7 +594,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         256,
         256,
@@ -612,7 +612,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+        SSL_NOT_DEFAULT | SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         128,
         128,
@@ -630,7 +630,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+        SSL_NOT_DEFAULT | SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         256,
         256,
@@ -648,7 +648,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
         128,
         128,
@@ -666,7 +666,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
         256,
         256,
@@ -684,7 +684,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
         128,
         128,
@@ -702,7 +702,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
         256,
         256,
@@ -720,7 +720,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+        SSL_NOT_DEFAULT | SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
         128,
         128,
@@ -738,7 +738,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+        SSL_NOT_DEFAULT | SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
         256,
         256,
@@ -756,7 +756,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+        SSL_NOT_DEFAULT | SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
         128,
         128,
@@ -774,7 +774,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+        SSL_NOT_DEFAULT | SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
         256,
         256,
@@ -1153,7 +1153,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_STRONG_NONE | SSL_FIPS,
+        SSL_STRONG_NONE,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         0,
         0,
@@ -1192,7 +1192,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         128,
         128,
@@ -1210,7 +1210,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         256,
         256,
@@ -1229,7 +1229,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_STRONG_NONE | SSL_FIPS,
+        SSL_STRONG_NONE,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         0,
         0,
@@ -1268,7 +1268,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         128,
         128,
@@ -1286,7 +1286,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         256,
         256,
@@ -1305,7 +1305,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_STRONG_NONE | SSL_FIPS,
+        SSL_STRONG_NONE,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         0,
         0,
@@ -1344,7 +1344,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+        SSL_NOT_DEFAULT | SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         128,
         128,
@@ -1362,7 +1362,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+        SSL_NOT_DEFAULT | SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         256,
         256,
@@ -1380,7 +1380,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
         128,
         128,
@@ -1398,7 +1398,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
         256,
         256,
@@ -1416,7 +1416,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
         128,
         128,
@@ -1434,7 +1434,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
         256,
         256,
@@ -1452,7 +1452,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
         128,
         128,
@@ -1470,7 +1470,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
         256,
         256,
@@ -1488,7 +1488,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
         128,
         128,
@@ -1506,7 +1506,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
         256,
         256,
@@ -1525,7 +1525,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_STRONG_NONE | SSL_FIPS,
+        SSL_STRONG_NONE,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         0,
         0,
@@ -1543,7 +1543,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_STRONG_NONE | SSL_FIPS,
+        SSL_STRONG_NONE,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         0,
         0,
@@ -1561,7 +1561,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_STRONG_NONE | SSL_FIPS,
+        SSL_STRONG_NONE,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         0,
         0,
@@ -1600,7 +1600,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         128,
         128,
@@ -1618,7 +1618,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         256,
         256,
@@ -1656,7 +1656,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         128,
         128,
@@ -1674,7 +1674,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         256,
         256,
@@ -1712,7 +1712,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         128,
         128,
@@ -1730,7 +1730,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         256,
         256,
@@ -1748,7 +1748,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
         128,
         128,
@@ -1766,7 +1766,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
         256,
         256,
@@ -1784,7 +1784,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
         128,
         128,
@@ -1802,7 +1802,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
         256,
         256,
@@ -1820,7 +1820,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
         128,
         128,
@@ -1838,7 +1838,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_2_VERSION,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
         256,
         256,
@@ -1856,7 +1856,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         128,
         128,
@@ -1874,7 +1874,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
         256,
         256,
@@ -1893,7 +1893,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_STRONG_NONE | SSL_FIPS,
+        SSL_STRONG_NONE,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         0,
         0,
@@ -1911,7 +1911,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_STRONG_NONE | SSL_FIPS,
+        SSL_STRONG_NONE,
         SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
         0,
         0,
@@ -1930,7 +1930,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         128,
         128,
@@ -1948,7 +1948,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
         256,
         256,
@@ -1967,7 +1967,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_STRONG_NONE | SSL_FIPS,
+        SSL_STRONG_NONE,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         0,
         0,
@@ -1985,7 +1985,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_STRONG_NONE | SSL_FIPS,
+        SSL_STRONG_NONE,
         SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
         0,
         0,
@@ -2004,7 +2004,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         128,
         128,
@@ -2022,7 +2022,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
         256,
         256,
@@ -2041,7 +2041,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_STRONG_NONE | SSL_FIPS,
+        SSL_STRONG_NONE,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         0,
         0,
@@ -2059,7 +2059,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_STRONG_NONE | SSL_FIPS,
+        SSL_STRONG_NONE,
         SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
         0,
         0,
@@ -2098,7 +2098,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         128,
         128,
@@ -2116,7 +2116,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         256,
         256,
@@ -2134,7 +2134,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         128,
         128,
@@ -2152,7 +2152,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_HIGH | SSL_FIPS,
+        SSL_HIGH,
         SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
         256,
         256,
@@ -2171,7 +2171,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_STRONG_NONE | SSL_FIPS,
+        SSL_STRONG_NONE,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         0,
         0,
@@ -2189,7 +2189,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_STRONG_NONE | SSL_FIPS,
+        SSL_STRONG_NONE,
         SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
         0,
         0,
@@ -2207,7 +2207,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
         TLS1_2_VERSION,
         DTLS1_BAD_VER,
         DTLS1_2_VERSION,
-        SSL_STRONG_NONE | SSL_FIPS,
+        SSL_STRONG_NONE,
         SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
         0,
         0,
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 2a192776ddf109fd1c95d6b33f873e5175b1b76f..5622ff1ada8e563203b7c4da74be78469fd69627 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -266,13 +266,13 @@ static const SSL_CIPHER cipher_aliases[] = {
     { 0, SSL_TXT_MEDIUM, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_MEDIUM },
     { 0, SSL_TXT_HIGH, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_HIGH },
     /* FIPS 140-2 approved ciphersuite */
-    { 0, SSL_TXT_FIPS, NULL, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, SSL_FIPS },
+    { 0, SSL_TXT_FIPS, NULL, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, 0 },
 
     /* "EDH-" aliases to "DHE-" labels (for backward compatibility) */
     { 0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, NULL, 0,
-        SSL_kDHE, SSL_aDSS, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS },
+        SSL_kDHE, SSL_aDSS, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH },
     { 0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, NULL, 0,
-        SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS },
+        SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH },
 
 };
 
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index c3dc7b5686cd44377676d671ddead45c0e4b0907..e91e910b1d150a3b2ee1240e00ae39de3b614dcd 100644 (file)
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -253,7 +253,7 @@
 #define SSL_LOW 0x00000002U
 #define SSL_MEDIUM 0x00000004U
 #define SSL_HIGH 0x00000008U
-#define SSL_FIPS 0x00000010U
+/* #define SSL_FIPS 0x00000010U obsolete FIPS canister remnant */
 #define SSL_NOT_DEFAULT 0x00000020U
 
 /* we have used 0000003f - 26 bits left to go */
Mirror of https://github.com/openssl/openssl.git