projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix unit tests when no-bf configured
[openssl.git]
/
ssl
/
ssl_ciph.c
diff --git
a/ssl/ssl_ciph.c
b/ssl/ssl_ciph.c
index 93da3dc19c96c5a60921247e0c868fc627bad2fd..be33ff328160c7b332238fdd4ab5150ce2d1bf35 100644
(file)
--- a/
ssl/ssl_ciph.c
+++ b/
ssl/ssl_ciph.c
@@
-101,10
+101,7
@@
static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
{SSL_CHACHA20POLY1305, NID_chacha20_poly1305},
};
{SSL_CHACHA20POLY1305, NID_chacha20_poly1305},
};
-static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
- NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
- NULL, NULL
-};
+static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX];
#define SSL_COMP_NULL_IDX 0
#define SSL_COMP_ZLIB_IDX 1
#define SSL_COMP_NULL_IDX 0
#define SSL_COMP_ZLIB_IDX 1
@@
-391,9
+388,6
@@
void ssl_load_ciphers(void)
disabled_enc_mask |= t->mask;
}
}
disabled_enc_mask |= t->mask;
}
}
-#ifdef SSL_FORBID_ENULL
- disabled_enc_mask |= SSL_eNULL;
-#endif
disabled_mac_mask = 0;
for (i = 0, t = ssl_cipher_table_mac; i < SSL_MD_NUM_IDX; i++, t++) {
const EVP_MD *md = EVP_get_digestbynid(t->nid);
disabled_mac_mask = 0;
for (i = 0, t = ssl_cipher_table_mac; i < SSL_MD_NUM_IDX; i++, t++) {
const EVP_MD *md = EVP_get_digestbynid(t->nid);
@@
-580,9
+574,6
@@
int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
s->ssl_version < TLS1_VERSION)
return 1;
s->ssl_version < TLS1_VERSION)
return 1;
- if (FIPS_mode())
- return 1;
-
if (c->algorithm_enc == SSL_RC4 &&
c->algorithm_mac == SSL_MD5 &&
(evp = EVP_get_cipherbyname("RC4-HMAC-MD5")))
if (c->algorithm_enc == SSL_RC4 &&
c->algorithm_mac == SSL_MD5 &&
(evp = EVP_get_cipherbyname("RC4-HMAC-MD5")))
@@
-690,8
+681,6
@@
static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
/* drop those that use any of that is not available */
if (c == NULL || !c->valid)
continue;
/* drop those that use any of that is not available */
if (c == NULL || !c->valid)
continue;
- if (FIPS_mode() && (c->algo_strength & SSL_FIPS))
- continue;
if ((c->algorithm_mkey & disabled_mkey) ||
(c->algorithm_auth & disabled_auth) ||
(c->algorithm_enc & disabled_enc) ||
if ((c->algorithm_mkey & disabled_mkey) ||
(c->algorithm_auth & disabled_auth) ||
(c->algorithm_enc & disabled_enc) ||
@@
-709,9
+698,6
@@
static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
co_list[co_list_num].prev = NULL;
co_list[co_list_num].active = 0;
co_list_num++;
co_list[co_list_num].prev = NULL;
co_list[co_list_num].active = 0;
co_list_num++;
- /*
- * if (!sk_push(ca_list,(char *)c)) goto err;
- */
}
/*
}
/*
@@
-1498,8
+1484,7
@@
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
* to the resulting precedence to the STACK_OF(SSL_CIPHER).
*/
for (curr = head; curr != NULL; curr = curr->next) {
* to the resulting precedence to the STACK_OF(SSL_CIPHER).
*/
for (curr = head; curr != NULL; curr = curr->next) {
- if (curr->active
- && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) {
+ if (curr->active) {
if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
OPENSSL_free(co_list);
sk_SSL_CIPHER_free(cipherstack);
if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
OPENSSL_free(co_list);
sk_SSL_CIPHER_free(cipherstack);
@@
-1918,11
+1903,12
@@
int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
return -1;
}
return -1;
}
-const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr)
+const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr,
+ int all)
{
const SSL_CIPHER *c = ssl->method->get_cipher_by_char(ptr);
{
const SSL_CIPHER *c = ssl->method->get_cipher_by_char(ptr);
- if (c == NULL ||
c->valid == 0
)
+ if (c == NULL ||
(!all && c->valid == 0)
)
return NULL;
return c;
}
return NULL;
return c;
}