diff options
| author | djm <> | 2009-01-05 21:36:39 +0000 |
|---|---|---|
| committer | djm <> | 2009-01-05 21:36:39 +0000 |
| commit | 3be551b5922b665fd4e18cd65b857b9f92a0b6c8 (patch) | |
| tree | e0d2d687fbd4e4e9eb6bc4b178ea069817f0aba4 /src/lib/libssl/ssl_ciph.c | |
| parent | 822633f8798a6b4646a8b092e7c67f511cdbdba2 (diff) | |
| download | openbsd-3be551b5922b665fd4e18cd65b857b9f92a0b6c8.tar.gz openbsd-3be551b5922b665fd4e18cd65b857b9f92a0b6c8.tar.bz2 openbsd-3be551b5922b665fd4e18cd65b857b9f92a0b6c8.zip | |
update to openssl-0.9.8i; tested by several, especially krw@
Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')
| -rw-r--r-- | src/lib/libssl/ssl_ciph.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 71b645da14..514292a03e 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -222,6 +222,7 @@ static const SSL_CIPHER cipher_aliases[]={ | |||
| 222 | {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK}, | 222 | {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK}, |
| 223 | {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK}, | 223 | {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK}, |
| 224 | {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK}, | 224 | {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK}, |
| 225 | {0,SSL_TXT_FIPS, 0, 0, SSL_FIPS, 0,0,0,0,SSL_FIPS|SSL_STRONG_NONE}, | ||
| 225 | }; | 226 | }; |
| 226 | 227 | ||
| 227 | void ssl_load_ciphers(void) | 228 | void ssl_load_ciphers(void) |
| @@ -515,7 +516,12 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, | |||
| 515 | c = ssl_method->get_cipher(i); | 516 | c = ssl_method->get_cipher(i); |
| 516 | #define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask)) | 517 | #define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask)) |
| 517 | /* drop those that use any of that is not available */ | 518 | /* drop those that use any of that is not available */ |
| 519 | #ifdef OPENSSL_FIPS | ||
| 520 | if ((c != NULL) && c->valid && !IS_MASKED(c) | ||
| 521 | && (!FIPS_mode() || (c->algo_strength & SSL_FIPS))) | ||
| 522 | #else | ||
| 518 | if ((c != NULL) && c->valid && !IS_MASKED(c)) | 523 | if ((c != NULL) && c->valid && !IS_MASKED(c)) |
| 524 | #endif | ||
| 519 | { | 525 | { |
| 520 | co_list[co_list_num].cipher = c; | 526 | co_list[co_list_num].cipher = c; |
| 521 | co_list[co_list_num].next = NULL; | 527 | co_list[co_list_num].next = NULL; |
| @@ -1054,7 +1060,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1054 | */ | 1060 | */ |
| 1055 | for (curr = head; curr != NULL; curr = curr->next) | 1061 | for (curr = head; curr != NULL; curr = curr->next) |
| 1056 | { | 1062 | { |
| 1063 | #ifdef OPENSSL_FIPS | ||
| 1064 | if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) | ||
| 1065 | #else | ||
| 1057 | if (curr->active) | 1066 | if (curr->active) |
| 1067 | #endif | ||
| 1058 | { | 1068 | { |
| 1059 | sk_SSL_CIPHER_push(cipherstack, curr->cipher); | 1069 | sk_SSL_CIPHER_push(cipherstack, curr->cipher); |
| 1060 | #ifdef CIPHER_DEBUG | 1070 | #ifdef CIPHER_DEBUG |