diff options
| author | djm <> | 2005-04-29 05:39:33 +0000 |
|---|---|---|
| committer | djm <> | 2005-04-29 05:39:33 +0000 |
| commit | 68edd00d9258df93b1366c71ac124e0cadf7bc08 (patch) | |
| tree | 3ce4ae2a9747bbc11aed1f95f9bbea92c41f8683 /src/lib/libssl/ssl_ciph.c | |
| parent | f396ed0f5ce0af56bfde2e75e15cf1f52924c779 (diff) | |
| download | openbsd-68edd00d9258df93b1366c71ac124e0cadf7bc08.tar.gz openbsd-68edd00d9258df93b1366c71ac124e0cadf7bc08.tar.bz2 openbsd-68edd00d9258df93b1366c71ac124e0cadf7bc08.zip | |
resolve conflicts
Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')
| -rw-r--r-- | src/lib/libssl/ssl_ciph.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 2d6eab20c3..a7ccefa30c 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -59,6 +59,7 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <openssl/objects.h> | 60 | #include <openssl/objects.h> |
| 61 | #include <openssl/comp.h> | 61 | #include <openssl/comp.h> |
| 62 | #include <openssl/fips.h> | ||
| 62 | #include "ssl_locl.h" | 63 | #include "ssl_locl.h" |
| 63 | 64 | ||
| 64 | #define SSL_ENC_DES_IDX 0 | 65 | #define SSL_ENC_DES_IDX 0 |
| @@ -153,13 +154,13 @@ static const SSL_CIPHER cipher_aliases[]={ | |||
| 153 | {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK}, | 154 | {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK}, |
| 154 | {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK}, | 155 | {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK}, |
| 155 | {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK}, | 156 | {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK}, |
| 157 | {0,SSL_TXT_FIPS, 0, 0, SSL_FIPS, 0,0,0,0,SSL_FIPS|SSL_STRONG_NONE}, | ||
| 156 | }; | 158 | }; |
| 157 | 159 | ||
| 158 | static int init_ciphers=1; | 160 | static int init_ciphers=1; |
| 159 | 161 | ||
| 160 | static void load_ciphers(void) | 162 | static void load_ciphers(void) |
| 161 | { | 163 | { |
| 162 | init_ciphers=0; | ||
| 163 | ssl_cipher_methods[SSL_ENC_DES_IDX]= | 164 | ssl_cipher_methods[SSL_ENC_DES_IDX]= |
| 164 | EVP_get_cipherbyname(SN_des_cbc); | 165 | EVP_get_cipherbyname(SN_des_cbc); |
| 165 | ssl_cipher_methods[SSL_ENC_3DES_IDX]= | 166 | ssl_cipher_methods[SSL_ENC_3DES_IDX]= |
| @@ -183,9 +184,10 @@ static void load_ciphers(void) | |||
| 183 | EVP_get_digestbyname(SN_md5); | 184 | EVP_get_digestbyname(SN_md5); |
| 184 | ssl_digest_methods[SSL_MD_SHA1_IDX]= | 185 | ssl_digest_methods[SSL_MD_SHA1_IDX]= |
| 185 | EVP_get_digestbyname(SN_sha1); | 186 | EVP_get_digestbyname(SN_sha1); |
| 187 | init_ciphers=0; | ||
| 186 | } | 188 | } |
| 187 | 189 | ||
| 188 | int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc, | 190 | int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, |
| 189 | const EVP_MD **md, SSL_COMP **comp) | 191 | const EVP_MD **md, SSL_COMP **comp) |
| 190 | { | 192 | { |
| 191 | int i; | 193 | int i; |
| @@ -359,7 +361,12 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, | |||
| 359 | { | 361 | { |
| 360 | c = ssl_method->get_cipher(i); | 362 | c = ssl_method->get_cipher(i); |
| 361 | /* drop those that use any of that is not available */ | 363 | /* drop those that use any of that is not available */ |
| 364 | #ifdef OPENSSL_FIPS | ||
| 365 | if ((c != NULL) && c->valid && !(c->algorithms & mask) | ||
| 366 | && (!FIPS_mode() || (c->algo_strength & SSL_FIPS))) | ||
| 367 | #else | ||
| 362 | if ((c != NULL) && c->valid && !(c->algorithms & mask)) | 368 | if ((c != NULL) && c->valid && !(c->algorithms & mask)) |
| 369 | #endif | ||
| 363 | { | 370 | { |
| 364 | co_list[co_list_num].cipher = c; | 371 | co_list[co_list_num].cipher = c; |
| 365 | co_list[co_list_num].next = NULL; | 372 | co_list[co_list_num].next = NULL; |
| @@ -854,7 +861,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 854 | */ | 861 | */ |
| 855 | for (curr = head; curr != NULL; curr = curr->next) | 862 | for (curr = head; curr != NULL; curr = curr->next) |
| 856 | { | 863 | { |
| 864 | #ifdef OPENSSL_FIPS | ||
| 865 | if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) | ||
| 866 | #else | ||
| 857 | if (curr->active) | 867 | if (curr->active) |
| 868 | #endif | ||
| 858 | { | 869 | { |
| 859 | sk_SSL_CIPHER_push(cipherstack, curr->cipher); | 870 | sk_SSL_CIPHER_push(cipherstack, curr->cipher); |
| 860 | #ifdef CIPHER_DEBUG | 871 | #ifdef CIPHER_DEBUG |
| @@ -1054,7 +1065,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) | |||
| 1054 | return(buf); | 1065 | return(buf); |
| 1055 | } | 1066 | } |
| 1056 | 1067 | ||
| 1057 | char *SSL_CIPHER_get_version(SSL_CIPHER *c) | 1068 | char *SSL_CIPHER_get_version(const SSL_CIPHER *c) |
| 1058 | { | 1069 | { |
| 1059 | int i; | 1070 | int i; |
| 1060 | 1071 | ||
| @@ -1069,7 +1080,7 @@ char *SSL_CIPHER_get_version(SSL_CIPHER *c) | |||
| 1069 | } | 1080 | } |
| 1070 | 1081 | ||
| 1071 | /* return the actual cipher being used */ | 1082 | /* return the actual cipher being used */ |
| 1072 | const char *SSL_CIPHER_get_name(SSL_CIPHER *c) | 1083 | const char *SSL_CIPHER_get_name(const SSL_CIPHER *c) |
| 1073 | { | 1084 | { |
| 1074 | if (c != NULL) | 1085 | if (c != NULL) |
| 1075 | return(c->name); | 1086 | return(c->name); |
| @@ -1077,7 +1088,7 @@ const char *SSL_CIPHER_get_name(SSL_CIPHER *c) | |||
| 1077 | } | 1088 | } |
| 1078 | 1089 | ||
| 1079 | /* number of bits for symmetric cipher */ | 1090 | /* number of bits for symmetric cipher */ |
| 1080 | int SSL_CIPHER_get_bits(SSL_CIPHER *c, int *alg_bits) | 1091 | int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) |
| 1081 | { | 1092 | { |
| 1082 | int ret=0; | 1093 | int ret=0; |
| 1083 | 1094 | ||