diff options
| author | djm <> | 2009-01-09 12:14:11 +0000 |
|---|---|---|
| committer | djm <> | 2009-01-09 12:14:11 +0000 |
| commit | a0fdc9ec41594852f67ec77dfad9cb06bacc4186 (patch) | |
| tree | c43f6b3a4d93ad2cb3dcf93275295679d895a033 /src/lib/libssl/ssl_ciph.c | |
| parent | 5a3c0a05c7f2c5d3c584b7c8d6aec836dd724c80 (diff) | |
| download | openbsd-a0fdc9ec41594852f67ec77dfad9cb06bacc4186.tar.gz openbsd-a0fdc9ec41594852f67ec77dfad9cb06bacc4186.tar.bz2 openbsd-a0fdc9ec41594852f67ec77dfad9cb06bacc4186.zip | |
import openssl-0.9.8j
Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')
| -rw-r--r-- | src/lib/libssl/ssl_ciph.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 725f7f3c1f..0c2aa249b4 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -115,7 +115,10 @@ | |||
| 115 | */ | 115 | */ |
| 116 | #include <stdio.h> | 116 | #include <stdio.h> |
| 117 | #include <openssl/objects.h> | 117 | #include <openssl/objects.h> |
| 118 | #ifndef OPENSSL_NO_COMP | ||
| 118 | #include <openssl/comp.h> | 119 | #include <openssl/comp.h> |
| 120 | #endif | ||
| 121 | |||
| 119 | #include "ssl_locl.h" | 122 | #include "ssl_locl.h" |
| 120 | 123 | ||
| 121 | #define SSL_ENC_DES_IDX 0 | 124 | #define SSL_ENC_DES_IDX 0 |
| @@ -222,6 +225,7 @@ static const SSL_CIPHER cipher_aliases[]={ | |||
| 222 | {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK}, | 225 | {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK}, |
| 223 | {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK}, | 226 | {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK}, |
| 224 | {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK}, | 227 | {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK}, |
| 228 | {0,SSL_TXT_FIPS, 0, 0, SSL_FIPS, 0,0,0,0,SSL_FIPS|SSL_STRONG_NONE}, | ||
| 225 | }; | 229 | }; |
| 226 | 230 | ||
| 227 | void ssl_load_ciphers(void) | 231 | void ssl_load_ciphers(void) |
| @@ -515,7 +519,12 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, | |||
| 515 | c = ssl_method->get_cipher(i); | 519 | c = ssl_method->get_cipher(i); |
| 516 | #define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask)) | 520 | #define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask)) |
| 517 | /* drop those that use any of that is not available */ | 521 | /* drop those that use any of that is not available */ |
| 522 | #ifdef OPENSSL_FIPS | ||
| 523 | if ((c != NULL) && c->valid && !IS_MASKED(c) | ||
| 524 | && (!FIPS_mode() || (c->algo_strength & SSL_FIPS))) | ||
| 525 | #else | ||
| 518 | if ((c != NULL) && c->valid && !IS_MASKED(c)) | 526 | if ((c != NULL) && c->valid && !IS_MASKED(c)) |
| 527 | #endif | ||
| 519 | { | 528 | { |
| 520 | co_list[co_list_num].cipher = c; | 529 | co_list[co_list_num].cipher = c; |
| 521 | co_list[co_list_num].next = NULL; | 530 | co_list[co_list_num].next = NULL; |
| @@ -1054,7 +1063,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1054 | */ | 1063 | */ |
| 1055 | for (curr = head; curr != NULL; curr = curr->next) | 1064 | for (curr = head; curr != NULL; curr = curr->next) |
| 1056 | { | 1065 | { |
| 1066 | #ifdef OPENSSL_FIPS | ||
| 1067 | if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) | ||
| 1068 | #else | ||
| 1057 | if (curr->active) | 1069 | if (curr->active) |
| 1070 | #endif | ||
| 1058 | { | 1071 | { |
| 1059 | sk_SSL_CIPHER_push(cipherstack, curr->cipher); | 1072 | sk_SSL_CIPHER_push(cipherstack, curr->cipher); |
| 1060 | #ifdef CIPHER_DEBUG | 1073 | #ifdef CIPHER_DEBUG |