OpenSSL: Allow server/client random to be fetched in FIPS mode
tls_connection_get_keys() used to return TLS master secret, but that
part was removed in commit 94f1fe6f63
('Remove master key extraction from tls_connection_get_keys()'). Since
then, there is no real need for preventing this function from being used
in FIPS mode.
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
f413eb03d9
commit
d0eb8a0b4e
1 changed files with 0 additions and 6 deletions
|
|
@ -2642,11 +2642,6 @@ static int tls_global_dh(SSL_CTX *ssl_ctx, const char *dh_file)
|
|||
int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn,
|
||||
struct tls_keys *keys)
|
||||
{
|
||||
#ifdef CONFIG_FIPS
|
||||
wpa_printf(MSG_ERROR, "OpenSSL: TLS keys cannot be exported in FIPS "
|
||||
"mode");
|
||||
return -1;
|
||||
#else /* CONFIG_FIPS */
|
||||
SSL *ssl;
|
||||
|
||||
if (conn == NULL || keys == NULL)
|
||||
|
|
@ -2675,7 +2670,6 @@ int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn,
|
|||
#endif
|
||||
|
||||
return 0;
|
||||
#endif /* CONFIG_FIPS */
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue