summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_ciph.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')
-rw-r--r--src/lib/libssl/ssl_ciph.c27
1 files changed, 8 insertions, 19 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index b68ed81e52..2d6eab20c3 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -59,7 +59,6 @@
59#include <stdio.h> 59#include <stdio.h>
60#include <openssl/objects.h> 60#include <openssl/objects.h>
61#include <openssl/comp.h> 61#include <openssl/comp.h>
62#include <openssl/fips.h>
63#include "ssl_locl.h" 62#include "ssl_locl.h"
64 63
65#define SSL_ENC_DES_IDX 0 64#define SSL_ENC_DES_IDX 0
@@ -74,7 +73,7 @@
74#define SSL_ENC_NUM_IDX 9 73#define SSL_ENC_NUM_IDX 9
75 74
76static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ 75static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
77 NULL,NULL,NULL,NULL,NULL,NULL, 76 NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
78 }; 77 };
79 78
80static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; 79static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
@@ -154,13 +153,13 @@ static const SSL_CIPHER cipher_aliases[]={
154 {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK}, 153 {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK},
155 {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK}, 154 {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK},
156 {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK}, 155 {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK},
157 {0,SSL_TXT_FIPS, 0, 0, SSL_FIPS, 0,0,0,0,SSL_FIPS|SSL_STRONG_NONE},
158 }; 156 };
159 157
160static int init_ciphers=1; 158static int init_ciphers=1;
161 159
162static void load_ciphers(void) 160static void load_ciphers(void)
163 { 161 {
162 init_ciphers=0;
164 ssl_cipher_methods[SSL_ENC_DES_IDX]= 163 ssl_cipher_methods[SSL_ENC_DES_IDX]=
165 EVP_get_cipherbyname(SN_des_cbc); 164 EVP_get_cipherbyname(SN_des_cbc);
166 ssl_cipher_methods[SSL_ENC_3DES_IDX]= 165 ssl_cipher_methods[SSL_ENC_3DES_IDX]=
@@ -184,10 +183,9 @@ static void load_ciphers(void)
184 EVP_get_digestbyname(SN_md5); 183 EVP_get_digestbyname(SN_md5);
185 ssl_digest_methods[SSL_MD_SHA1_IDX]= 184 ssl_digest_methods[SSL_MD_SHA1_IDX]=
186 EVP_get_digestbyname(SN_sha1); 185 EVP_get_digestbyname(SN_sha1);
187 init_ciphers=0;
188 } 186 }
189 187
190int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, 188int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc,
191 const EVP_MD **md, SSL_COMP **comp) 189 const EVP_MD **md, SSL_COMP **comp)
192 { 190 {
193 int i; 191 int i;
@@ -253,7 +251,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
253 break; 251 break;
254 } 252 }
255 253
256 if ((i < 0) || (i > SSL_ENC_NUM_IDX)) 254 if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
257 *enc=NULL; 255 *enc=NULL;
258 else 256 else
259 { 257 {
@@ -275,7 +273,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
275 i= -1; 273 i= -1;
276 break; 274 break;
277 } 275 }
278 if ((i < 0) || (i > SSL_MD_NUM_IDX)) 276 if ((i < 0) || (i >= SSL_MD_NUM_IDX))
279 *md=NULL; 277 *md=NULL;
280 else 278 else
281 *md=ssl_digest_methods[i]; 279 *md=ssl_digest_methods[i];
@@ -361,12 +359,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
361 { 359 {
362 c = ssl_method->get_cipher(i); 360 c = ssl_method->get_cipher(i);
363 /* drop those that use any of that is not available */ 361 /* drop those that use any of that is not available */
364#ifdef OPENSSL_FIPS
365 if ((c != NULL) && c->valid && !(c->algorithms & mask)
366 && (!FIPS_mode() || (c->algo_strength & SSL_FIPS)))
367#else
368 if ((c != NULL) && c->valid && !(c->algorithms & mask)) 362 if ((c != NULL) && c->valid && !(c->algorithms & mask))
369#endif
370 { 363 {
371 co_list[co_list_num].cipher = c; 364 co_list[co_list_num].cipher = c;
372 co_list[co_list_num].next = NULL; 365 co_list[co_list_num].next = NULL;
@@ -861,11 +854,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
861 */ 854 */
862 for (curr = head; curr != NULL; curr = curr->next) 855 for (curr = head; curr != NULL; curr = curr->next)
863 { 856 {
864#ifdef OPENSSL_FIPS
865 if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
866#else
867 if (curr->active) 857 if (curr->active)
868#endif
869 { 858 {
870 sk_SSL_CIPHER_push(cipherstack, curr->cipher); 859 sk_SSL_CIPHER_push(cipherstack, curr->cipher);
871#ifdef CIPHER_DEBUG 860#ifdef CIPHER_DEBUG
@@ -1065,7 +1054,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
1065 return(buf); 1054 return(buf);
1066 } 1055 }
1067 1056
1068char *SSL_CIPHER_get_version(const SSL_CIPHER *c) 1057char *SSL_CIPHER_get_version(SSL_CIPHER *c)
1069 { 1058 {
1070 int i; 1059 int i;
1071 1060
@@ -1080,7 +1069,7 @@ char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
1080 } 1069 }
1081 1070
1082/* return the actual cipher being used */ 1071/* return the actual cipher being used */
1083const char *SSL_CIPHER_get_name(const SSL_CIPHER *c) 1072const char *SSL_CIPHER_get_name(SSL_CIPHER *c)
1084 { 1073 {
1085 if (c != NULL) 1074 if (c != NULL)
1086 return(c->name); 1075 return(c->name);
@@ -1088,7 +1077,7 @@ const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
1088 } 1077 }
1089 1078
1090/* number of bits for symmetric cipher */ 1079/* number of bits for symmetric cipher */
1091int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) 1080int SSL_CIPHER_get_bits(SSL_CIPHER *c, int *alg_bits)
1092 { 1081 {
1093 int ret=0; 1082 int ret=0;
1094 1083
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-27 13:30:00 +0000