diff options
author | Ben Noordhuis <info@bnoordhuis.nl> | 2013-04-29 14:15:07 +0200 |
---|---|---|
committer | Ben Noordhuis <info@bnoordhuis.nl> | 2013-04-29 14:17:50 +0200 |
commit | 179784e31e72fcdd0a2b1a596f7aebb43dc87913 (patch) | |
tree | 2351f6f6bcd90b40d39e9630662a380e74a2c515 /deps/openssl/openssl/crypto/dh/dh_gen.c | |
parent | d3ddee61c2f83e2a3b7ebabfbefee060801d27f5 (diff) | |
download | android-node-v8-179784e31e72fcdd0a2b1a596f7aebb43dc87913.tar.gz android-node-v8-179784e31e72fcdd0a2b1a596f7aebb43dc87913.tar.bz2 android-node-v8-179784e31e72fcdd0a2b1a596f7aebb43dc87913.zip |
Revert "deps: downgrade openssl to v1.0.0f"
This commit undoes the downgrade from OpenSSL v1.0.1e to v1.0.0f,
effectively upgrading OpenSSL to v1.0.1e again. The reason for the
downgrade was to work around compatibility issues with certain TLS
servers in the stable branch. See the commit log of 4fdb8ac and the
linked issue for details. We're going to revisit that in the master
branch.
This reverts commit 4fdb8acdaef4c3cb1d855e992ada0e63fee520a6.
Diffstat (limited to 'deps/openssl/openssl/crypto/dh/dh_gen.c')
-rw-r--r-- | deps/openssl/openssl/crypto/dh/dh_gen.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/deps/openssl/openssl/crypto/dh/dh_gen.c b/deps/openssl/openssl/crypto/dh/dh_gen.c index cfd5b11868..7b1fe9c9cb 100644 --- a/deps/openssl/openssl/crypto/dh/dh_gen.c +++ b/deps/openssl/openssl/crypto/dh/dh_gen.c @@ -66,12 +66,29 @@ #include <openssl/bn.h> #include <openssl/dh.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) { +#ifdef OPENSSL_FIPS + if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD) + && !(ret->flags & DH_FLAG_NON_FIPS_ALLOW)) + { + DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD); + return 0; + } +#endif if(ret->meth->generate_params) return ret->meth->generate_params(ret, prime_len, generator, cb); +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + return FIPS_dh_generate_parameters_ex(ret, prime_len, + generator, cb); +#endif return dh_builtin_genparams(ret, prime_len, generator, cb); } |