*/
#include <stdio.h>
#include <openssl/objects.h>
+#ifndef OPENSSL_NO_COMP
#include <openssl/comp.h>
+#endif
+
#include "ssl_locl.h"
#define SSL_ENC_DES_IDX 0
{0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK},
{0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK},
{0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK},
+ {0,SSL_TXT_FIPS, 0, 0, SSL_FIPS, 0,0,0,0,SSL_FIPS|SSL_STRONG_NONE},
};
void ssl_load_ciphers(void)
c = ssl_method->get_cipher(i);
#define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask))
/* drop those that use any of that is not available */
+#ifdef OPENSSL_FIPS
+ if ((c != NULL) && c->valid && !IS_MASKED(c)
+ && (!FIPS_mode() || (c->algo_strength & SSL_FIPS)))
+#else
if ((c != NULL) && c->valid && !IS_MASKED(c))
+#endif
{
co_list[co_list_num].cipher = c;
co_list[co_list_num].next = NULL;
*/
for (curr = head; curr != NULL; curr = curr->next)
{
+#ifdef OPENSSL_FIPS
+ if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
+#else
if (curr->active)
+#endif
{
sk_SSL_CIPHER_push(cipherstack, curr->cipher);
#ifdef CIPHER_DEBUG
*cipher_list_by_id = tmp_cipher_list;
(void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
+ sk_SSL_CIPHER_sort(*cipher_list_by_id);
return(cipherstack);
}
comp->method=cm;
load_builtin_compressions();
if (ssl_comp_methods
- && !sk_SSL_COMP_find(ssl_comp_methods,comp))
+ && sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0)
{
OPENSSL_free(comp);
MemCheck_on();