Update OpenSSL to 1.0.1g and statically link OpenVPN with it

author: Arne Schwabe <arne@rfc2549.org> 2014-04-23 09:56:37 +0200
committer: Arne Schwabe <arne@rfc2549.org> 2014-04-23 09:56:37 +0200
commit: e436c963f0976b885a7db04681344779e26dd3b5 (patch)
tree: 240663106f32e02e1c34080656f4ef21a2e1776e /main/openssl/crypto/dh/dh_gen.c
parent: 6a99715a9b072fa249e79c98cd9f03991f0f1219 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/main/openssl/crypto/dh/dh_gen.c b/main/openssl/crypto/dh/dh_gen.c
index cfd5b118..7b1fe9c9 100644
--- a/main/openssl/crypto/dh/dh_gen.c
+++ b/main/openssl/crypto/dh/dh_gen.c
@@ -66,12 +66,29 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
 
 int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
 	{
+#ifdef OPENSSL_FIPS
+	if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD)
+			&& !(ret->flags & DH_FLAG_NON_FIPS_ALLOW))
+		{
+		DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD);
+		return 0;
+		}
+#endif
 	if(ret->meth->generate_params)
 		return ret->meth->generate_params(ret, prime_len, generator, cb);
+#ifdef OPENSSL_FIPS
+	if (FIPS_mode())
+		return FIPS_dh_generate_parameters_ex(ret, prime_len,
+							generator, cb);
+#endif
 	return dh_builtin_genparams(ret, prime_len, generator, cb);
 	}
author	Arne Schwabe <arne@rfc2549.org>	2014-04-23 09:56:37 +0200
committer	Arne Schwabe <arne@rfc2549.org>	2014-04-23 09:56:37 +0200
commit	e436c963f0976b885a7db04681344779e26dd3b5 (patch)
tree	240663106f32e02e1c34080656f4ef21a2e1776e /main/openssl/crypto/dh/dh_gen.c
parent	6a99715a9b072fa249e79c98cd9f03991f0f1219 (diff)