resolve conflicts

author: djm <djm@openbsd.org> 2012-10-13 21:25:05 +0000
committer: djm <djm@openbsd.org> 2012-10-13 21:25:05 +0000
commit: 5cdd308e23c573f20580c33373ebbd6aaf46ca93 (patch)
tree: 8c9c6577606b3e2a4f852b80db635caddf559533 /lib/libcrypto/dh/dh_lib.c
parent: import OpenSSL-1.0.1c (diff)
download: wireguard-openbsd-5cdd308e23c573f20580c33373ebbd6aaf46ca93.tar.xz
wireguard-openbsd-5cdd308e23c573f20580c33373ebbd6aaf46ca93.zip
1 files changed, 14 insertions, 1 deletions
diff --git a/lib/libcrypto/dh/dh_lib.c b/lib/libcrypto/dh/dh_lib.c
index 7aef080e7ab..00218f2b92b 100644
--- a/lib/libcrypto/dh/dh_lib.c
+++ b/lib/libcrypto/dh/dh_lib.c
@@ -64,6 +64,10 @@
 #include <openssl/engine.h>
 #endif
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
 
 static const DH_METHOD *default_DH_method = NULL;
@@ -76,7 +80,16 @@ void DH_set_default_method(const DH_METHOD *meth)
 const DH_METHOD *DH_get_default_method(void)
 	{
 	if(!default_DH_method)
+		{
+#ifdef OPENSSL_FIPS
+		if (FIPS_mode())
+			return FIPS_dh_openssl();
+		else
+			return DH_OpenSSL();
+#else
 		default_DH_method = DH_OpenSSL();
+#endif
+		}
 	return default_DH_method;
 	}
 
@@ -156,7 +169,7 @@ DH *DH_new_method(ENGINE *engine)
 	ret->counter = NULL;
 	ret->method_mont_p=NULL;
 	ret->references = 1;
-	ret->flags=ret->meth->flags;
+	ret->flags=ret->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW;
 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
 	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
author	djm <djm@openbsd.org>	2012-10-13 21:25:05 +0000
committer	djm <djm@openbsd.org>	2012-10-13 21:25:05 +0000
commit	5cdd308e23c573f20580c33373ebbd6aaf46ca93 (patch)
tree	8c9c6577606b3e2a4f852b80db635caddf559533 /lib/libcrypto/dh/dh_lib.c
parent	import OpenSSL-1.0.1c (diff)
download	wireguard-openbsd-5cdd308e23c573f20580c33373ebbd6aaf46ca93.tar.xz wireguard-openbsd-5cdd308e23c573f20580c33373ebbd6aaf46ca93.zip