From 00b4ee7664051a0dc589b1d81ba56582576a6ca4 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sat, 18 Oct 2014 20:14:36 +0100
Subject: Remove some unnecessary OPENSSL_FIPS references

FIPS_mode() exists in all versions of OpenSSL but always returns 0 if OpenSSL is not FIPS
capable.
Reviewed-by: Tim Hudson <tjh@openssl.org>
---
 ssl/s23_clnt.c | 4 ----
 1 file changed, 4 deletions(-)

(limited to 'ssl/s23_clnt.c')

diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 37b3e23784..80dd2cab7d 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -356,14 +356,12 @@ static int ssl23_client_hello(SSL *s)
 			version_major = TLS1_VERSION_MAJOR;
 			version_minor = TLS1_VERSION_MINOR;
 			}
-#ifdef OPENSSL_FIPS
 		else if(FIPS_mode())
 			{
 			SSLerr(SSL_F_SSL23_CLIENT_HELLO,
 					SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
 			return -1;
 			}
-#endif
 		else if (version == SSL3_VERSION)
 			{
 			version_major = SSL3_VERSION_MAJOR;
@@ -519,14 +517,12 @@ static int ssl23_get_server_hello(SSL *s)
 		if ((p[2] == SSL3_VERSION_MINOR) &&
 			!(s->options & SSL_OP_NO_SSLv3))
 			{
-#ifdef OPENSSL_FIPS
 			if(FIPS_mode())
 				{
 				SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
 					SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
 				goto err;
 				}
-#endif
 			s->version=SSL3_VERSION;
 			s->method=SSLv3_client_method();
 			}
-- 
cgit v1.2.3