diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2013-11-01 13:32:07 +0100 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2013-11-01 13:32:07 +0100 |
| commit | 5313d2d78ca150515f7f5eb39801c100690b6b29 (patch) | |
| tree | c78e420367283bb1b16f14210b12687cdfbd26eb /src/libstrongswan/plugins/openssl/openssl_plugin.c | |
| parent | 6b99c8d9cff7b3e8ae8f3204b99e7ea40f791349 (diff) | |
| download | vyos-strongswan-5313d2d78ca150515f7f5eb39801c100690b6b29.tar.gz vyos-strongswan-5313d2d78ca150515f7f5eb39801c100690b6b29.zip | |
Imported Upstream version 5.1.1
Diffstat (limited to 'src/libstrongswan/plugins/openssl/openssl_plugin.c')
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_plugin.c | 28 |
1 files changed, 20 insertions, 8 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index fb34a6858..ff2508609 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -298,9 +298,6 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(CRYPTER, ENCR_NULL, 0), /* hashers */ PLUGIN_REGISTER(HASHER, openssl_hasher_create), -#ifndef OPENSSL_NO_SHA1 - PLUGIN_PROVIDE(HASHER, HASH_SHA1), -#endif #ifndef OPENSSL_NO_MD2 PLUGIN_PROVIDE(HASHER, HASH_MD2), #endif @@ -310,6 +307,9 @@ METHOD(plugin_t, get_features, int, #ifndef OPENSSL_NO_MD5 PLUGIN_PROVIDE(HASHER, HASH_MD5), #endif +#ifndef OPENSSL_NO_SHA1 + PLUGIN_PROVIDE(HASHER, HASH_SHA1), +#endif #ifndef OPENSSL_NO_SHA256 PLUGIN_PROVIDE(HASHER, HASH_SHA224), PLUGIN_PROVIDE(HASHER, HASH_SHA256), @@ -452,6 +452,10 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(DH, ECP_521_BIT), PLUGIN_PROVIDE(DH, ECP_224_BIT), PLUGIN_PROVIDE(DH, ECP_192_BIT), + PLUGIN_PROVIDE(DH, ECP_224_BP), + PLUGIN_PROVIDE(DH, ECP_256_BP), + PLUGIN_PROVIDE(DH, ECP_384_BP), + PLUGIN_PROVIDE(DH, ECP_512_BP), #endif #ifndef OPENSSL_NO_ECDSA /* EC private/public key loading */ @@ -520,13 +524,14 @@ plugin_t *openssl_plugin_create() fips_mode = lib->settings->get_int(lib->settings, "libstrongswan.plugins.openssl.fips_mode", FIPS_MODE); #ifdef OPENSSL_FIPS - if (!FIPS_mode_set(fips_mode)) + if (fips_mode) { - DBG1(DBG_LIB, "unable to set openssl FIPS mode(%d)", fips_mode); - return NULL; + if (!FIPS_mode_set(fips_mode)) + { + DBG1(DBG_LIB, "unable to set openssl FIPS mode(%d)", fips_mode); + return NULL; + } } - DBG1(DBG_LIB, "openssl FIPS mode(%d) - %sabled ",fips_mode, - fips_mode ? "en" : "dis"); #else if (fips_mode) { @@ -550,6 +555,13 @@ plugin_t *openssl_plugin_create() OPENSSL_config(NULL); OpenSSL_add_all_algorithms(); +#ifdef OPENSSL_FIPS + /* we do this here as it may have been enabled via openssl.conf */ + fips_mode = FIPS_mode(); + DBG1(DBG_LIB, "openssl FIPS mode(%d) - %sabled ", fips_mode, + fips_mode ? "en" : "dis"); +#endif /* OPENSSL_FIPS */ + #ifndef OPENSSL_NO_ENGINE /* activate support for hardware accelerators */ ENGINE_load_builtin_engines(); |