Enable PSK in FIPS mode.

[oweals/openssl.git] / ssl / t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index f671d1d9c321e8b5edc542ca8e82cd744926e9c7..33afdeba33e5def24274e8d0ca39c5e18809bfc6 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -342,19 +342,11 @@ static unsigned char tls12_sigalgs[] = {
 #ifndef OPENSSL_NO_SHA
        tlsext_sigalg(TLSEXT_hash_sha1)
 #endif
-#ifndef OPENSSL_NO_MD5
-       tlsext_sigalg_rsa(TLSEXT_hash_md5)
-#endif
 };
 
 int tls12_get_req_sig_algs(SSL *s, unsigned char *p)
        {
        size_t slen = sizeof(tls12_sigalgs);
-#ifdef OPENSSL_FIPS
-       /* If FIPS mode don't include MD5 which is last */
-       if (FIPS_mode())
-               slen -= 2;
-#endif
        if (p)
                memcpy(p, tls12_sigalgs, slen);
        return (int)slen;
@@ -947,7 +939,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, const unsign
 
        s->s3->is_probably_safari = 1;
 }
-#endif /* OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_EC */
 
 int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
        {
@@ -972,7 +964,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 #ifndef OPENSSL_NO_EC
        if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
                ssl_check_for_safari(s, data, d, n);
-#endif /* OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_EC */
 
        if (data >= (d+n-2))
                goto ri_check;
@@ -2452,14 +2444,6 @@ const EVP_MD *tls12_get_hash(unsigned char hash_alg)
        {
        switch(hash_alg)
                {
-#ifndef OPENSSL_NO_MD5
-               case TLSEXT_hash_md5:
-#ifdef OPENSSL_FIPS
-               if (FIPS_mode())
-                       return NULL;
-#endif
-               return EVP_md5();
-#endif
 #ifndef OPENSSL_NO_SHA
                case TLSEXT_hash_sha1:
                return EVP_sha1();