OpenSSL: Allow server/client random to be fetched in FIPS mode
tls_connection_get_keys() used to return TLS master secret, but that
part was removed in commit 94f1fe6f63
('Remove master key extraction from tls_connection_get_keys()'). Since
then, there is no real need for preventing this function from being used
in FIPS mode.
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
f413eb03d9
commit
d0eb8a0b4e
1 changed files with 0 additions and 6 deletions
|
|
@ -2642,11 +2642,6 @@ static int tls_global_dh(SSL_CTX *ssl_ctx, const char *dh_file)
|
||||||
int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn,
|
int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn,
|
||||||
struct tls_keys *keys)
|
struct tls_keys *keys)
|
||||||
{
|
{
|
||||||
#ifdef CONFIG_FIPS
|
|
||||||
wpa_printf(MSG_ERROR, "OpenSSL: TLS keys cannot be exported in FIPS "
|
|
||||||
"mode");
|
|
||||||
return -1;
|
|
||||||
#else /* CONFIG_FIPS */
|
|
||||||
SSL *ssl;
|
SSL *ssl;
|
||||||
|
|
||||||
if (conn == NULL || keys == NULL)
|
if (conn == NULL || keys == NULL)
|
||||||
|
|
@ -2675,7 +2670,6 @@ int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn,
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
#endif /* CONFIG_FIPS */
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue