summaryrefslogtreecommitdiff
path: root/src/libstrongswan/plugins/openssl/openssl_plugin.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/plugins/openssl/openssl_plugin.c')
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_plugin.c28
1 files changed, 20 insertions, 8 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index fb34a6858..ff2508609 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -298,9 +298,6 @@ METHOD(plugin_t, get_features, int,
PLUGIN_PROVIDE(CRYPTER, ENCR_NULL, 0),
/* hashers */
PLUGIN_REGISTER(HASHER, openssl_hasher_create),
-#ifndef OPENSSL_NO_SHA1
- PLUGIN_PROVIDE(HASHER, HASH_SHA1),
-#endif
#ifndef OPENSSL_NO_MD2
PLUGIN_PROVIDE(HASHER, HASH_MD2),
#endif
@@ -310,6 +307,9 @@ METHOD(plugin_t, get_features, int,
#ifndef OPENSSL_NO_MD5
PLUGIN_PROVIDE(HASHER, HASH_MD5),
#endif
+#ifndef OPENSSL_NO_SHA1
+ PLUGIN_PROVIDE(HASHER, HASH_SHA1),
+#endif
#ifndef OPENSSL_NO_SHA256
PLUGIN_PROVIDE(HASHER, HASH_SHA224),
PLUGIN_PROVIDE(HASHER, HASH_SHA256),
@@ -452,6 +452,10 @@ METHOD(plugin_t, get_features, int,
PLUGIN_PROVIDE(DH, ECP_521_BIT),
PLUGIN_PROVIDE(DH, ECP_224_BIT),
PLUGIN_PROVIDE(DH, ECP_192_BIT),
+ PLUGIN_PROVIDE(DH, ECP_224_BP),
+ PLUGIN_PROVIDE(DH, ECP_256_BP),
+ PLUGIN_PROVIDE(DH, ECP_384_BP),
+ PLUGIN_PROVIDE(DH, ECP_512_BP),
#endif
#ifndef OPENSSL_NO_ECDSA
/* EC private/public key loading */
@@ -520,13 +524,14 @@ plugin_t *openssl_plugin_create()
fips_mode = lib->settings->get_int(lib->settings,
"libstrongswan.plugins.openssl.fips_mode", FIPS_MODE);
#ifdef OPENSSL_FIPS
- if (!FIPS_mode_set(fips_mode))
+ if (fips_mode)
{
- DBG1(DBG_LIB, "unable to set openssl FIPS mode(%d)", fips_mode);
- return NULL;
+ if (!FIPS_mode_set(fips_mode))
+ {
+ DBG1(DBG_LIB, "unable to set openssl FIPS mode(%d)", fips_mode);
+ return NULL;
+ }
}
- DBG1(DBG_LIB, "openssl FIPS mode(%d) - %sabled ",fips_mode,
- fips_mode ? "en" : "dis");
#else
if (fips_mode)
{
@@ -550,6 +555,13 @@ plugin_t *openssl_plugin_create()
OPENSSL_config(NULL);
OpenSSL_add_all_algorithms();
+#ifdef OPENSSL_FIPS
+ /* we do this here as it may have been enabled via openssl.conf */
+ fips_mode = FIPS_mode();
+ DBG1(DBG_LIB, "openssl FIPS mode(%d) - %sabled ", fips_mode,
+ fips_mode ? "en" : "dis");
+#endif /* OPENSSL_FIPS */
+
#ifndef OPENSSL_NO_ENGINE
/* activate support for hardware accelerators */
ENGINE_load_builtin_engines();
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 04:13:13 +0000