← Back to branch summary

~ubuntu-branches/ubuntu/lucid/openssl/lucid-proposed

« back to all changes in this revision

Viewing changes to ssl/ssl_ciph.c

  • Committer: Bazaar Package Importer
  • Author(s): Kurt Roeckx
  • Date: 2009-06-13 18:15:46 UTC
  • mto: (11.1.5 squeeze)
  • mto: This revision was merged to the branch mainline in revision 34.
  • Revision ID: james.westby@ubuntu.com-20090613181546-vbfntai3b009dl1u
Tags: upstream-0.9.8k
ImportĀ upstreamĀ versionĀ 0.9.8k

Show diffs side-by-side

added added

removed removed

Lines of Context:
ssl/ssl_ciph.c
115
115
 */
116
116
#include <stdio.h>
117
117
#include <openssl/objects.h>
 
118
#ifndef OPENSSL_NO_COMP
118
119
#include <openssl/comp.h>
 
120
#endif
 
121
 
119
122
#include "ssl_locl.h"
120
123
 
121
124
#define SSL_ENC_DES_IDX         0
222
225
        {0,SSL_TXT_LOW,   0, 0,   SSL_LOW, 0,0,0,0,SSL_STRONG_MASK},
223
226
        {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK},
224
227
        {0,SSL_TXT_HIGH,  0, 0,  SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK},
 
228
        {0,SSL_TXT_FIPS,  0, 0,  SSL_FIPS, 0,0,0,0,SSL_FIPS|SSL_STRONG_NONE},
225
229
        };
226
230
 
227
231
void ssl_load_ciphers(void)
515
519
                c = ssl_method->get_cipher(i);
516
520
#define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask))
517
521
                /* drop those that use any of that is not available */
 
522
#ifdef OPENSSL_FIPS
 
523
                if ((c != NULL) && c->valid && !IS_MASKED(c)
 
524
                        && (!FIPS_mode() || (c->algo_strength & SSL_FIPS)))
 
525
#else
518
526
                if ((c != NULL) && c->valid && !IS_MASKED(c))
 
527
#endif
519
528
                        {
520
529
                        co_list[co_list_num].cipher = c;
521
530
                        co_list[co_list_num].next = NULL;
1054
1063
         */
1055
1064
        for (curr = head; curr != NULL; curr = curr->next)
1056
1065
                {
 
1066
#ifdef OPENSSL_FIPS
 
1067
                if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
 
1068
#else
1057
1069
                if (curr->active)
 
1070
#endif
1058
1071
                        {
1059
1072
                        sk_SSL_CIPHER_push(cipherstack, curr->cipher);
1060
1073
#ifdef CIPHER_DEBUG
1342
1355
        comp->method=cm;
1343
1356
        load_builtin_compressions();
1344
1357
        if (ssl_comp_methods
1345
 
                && !sk_SSL_COMP_find(ssl_comp_methods,comp))
 
1358
                && sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0)
1346
1359
                {
1347
1360
                OPENSSL_free(comp);
1348
1361
                MemCheck_on();