import 0.9.7b (without idea and rc5)

author: markus <> 2003-05-11 21:36:58 +0000
committer: markus <> 2003-05-11 21:36:58 +0000
commit: 1c98a87f0daac81245653c227eb2f2508a22a965 (patch)
tree: 3de6d603296ec563b936da4e6a8a1e33d48f8884 /src/lib/libssl/s3_lib.c
parent: 31392c89d1135cf2a416f97295f6d21681b3fbc4 (diff)
download: openbsd-1c98a87f0daac81245653c227eb2f2508a22a965.tar.gz
openbsd-1c98a87f0daac81245653c227eb2f2508a22a965.tar.bz2
openbsd-1c98a87f0daac81245653c227eb2f2508a22a965.zip
1 files changed, 155 insertions, 38 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 14b2f13ae2..896b12fc4f 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -512,6 +512,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
+#if 0
 /* Cipher 1E */
        {
        0,
@@ -525,55 +526,70 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_CIPHERS,
        SSL_ALL_STRENGTHS,
        },
+#endif
 #ifndef OPENSSL_NO_KRB5
 /* The Kerberos ciphers
 ** 20000107 VRS: And the first shall be last,
 ** in hopes of avoiding the lynx ssl renegotiation problem.
 */
-/* Cipher 21 VRS */
+/* Cipher 1E VRS */
        {
        1,
-        SSL3_TXT_KRB5_DES_40_CBC_SHA,
+        SSL3_TXT_KRB5_DES_64_CBC_SHA,
-        SSL3_CK_KRB5_DES_40_CBC_SHA,
+        SSL3_CK_KRB5_DES_64_CBC_SHA,
        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40,
+        SSL_NOT_EXP|SSL_LOW,
        0,
-        40,
+        56,
        56,
        SSL_ALL_CIPHERS,
        SSL_ALL_STRENGTHS,
        },
-/* Cipher 22 VRS */
+/* Cipher 1F VRS */
        {
        1,
-        SSL3_TXT_KRB5_DES_40_CBC_MD5,
+        SSL3_TXT_KRB5_DES_192_CBC3_SHA,
-        SSL3_CK_KRB5_DES_40_CBC_MD5,
+        SSL3_CK_KRB5_DES_192_CBC3_SHA,
-        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_MD5    |SSL_SSLV3,
+        SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_SHA1  |SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40,
+        SSL_NOT_EXP|SSL_HIGH,
        0,
-        40,
+        112,
-        56,
+        168,
        SSL_ALL_CIPHERS,
        SSL_ALL_STRENGTHS,
        },
-/* Cipher 23 VRS */
+/* Cipher 20 VRS */
        {
        1,
-        SSL3_TXT_KRB5_DES_64_CBC_SHA,
+        SSL3_TXT_KRB5_RC4_128_SHA,
-        SSL3_CK_KRB5_DES_64_CBC_SHA,
+        SSL3_CK_KRB5_RC4_128_SHA,
-        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
+        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1  |SSL_SSLV3,
-        SSL_NOT_EXP|SSL_LOW,
+        SSL_NOT_EXP|SSL_MEDIUM,
        0,
-        56,
+        128,
-        56,
+        128,
        SSL_ALL_CIPHERS,
        SSL_ALL_STRENGTHS,
        },
-/* Cipher 24 VRS */
+/* Cipher 21 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
+        SSL3_CK_KRB5_IDEA_128_CBC_SHA,
+        SSL_kKRB5|SSL_aKRB5|  SSL_IDEA|SSL_SHA1  |SSL_SSLV3,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 22 VRS */
        {
        1,
        SSL3_TXT_KRB5_DES_64_CBC_MD5,
@@ -587,12 +603,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
-/* Cipher 25 VRS */
+/* Cipher 23 VRS */
        {
        1,
-        SSL3_TXT_KRB5_DES_192_CBC3_SHA,
+        SSL3_TXT_KRB5_DES_192_CBC3_MD5,
-        SSL3_CK_KRB5_DES_192_CBC3_SHA,
+        SSL3_CK_KRB5_DES_192_CBC3_MD5,
-        SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_SHA1  |SSL_SSLV3,
+        SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_MD5   |SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        112,
@@ -601,16 +617,114 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
+/* Cipher 24 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_RC4_128_MD5,
+        SSL3_CK_KRB5_RC4_128_MD5,
+        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5  |SSL_SSLV3,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 25 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
+        SSL3_CK_KRB5_IDEA_128_CBC_MD5,
+        SSL_kKRB5|SSL_aKRB5|  SSL_IDEA|SSL_MD5  |SSL_SSLV3,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
 /* Cipher 26 VRS */
        {
        1,
-        SSL3_TXT_KRB5_DES_192_CBC3_MD5,
+        SSL3_TXT_KRB5_DES_40_CBC_SHA,
-        SSL3_CK_KRB5_DES_192_CBC3_MD5,
+        SSL3_CK_KRB5_DES_40_CBC_SHA,
-        SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_MD5   |SSL_SSLV3,
+        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
-        SSL_NOT_EXP|SSL_HIGH,
+        SSL_EXPORT|SSL_EXP40,
        0,
-        112,
+        40,
-        168,
+        56,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 27 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_RC2_40_CBC_SHA,
+        SSL3_CK_KRB5_RC2_40_CBC_SHA,
+        SSL_kKRB5|SSL_aKRB5|  SSL_RC2|SSL_SHA1   |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        40,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 28 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_RC4_40_SHA,
+        SSL3_CK_KRB5_RC4_40_SHA,
+        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1   |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 29 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_DES_40_CBC_MD5,
+        SSL3_CK_KRB5_DES_40_CBC_MD5,
+        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_MD5    |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        40,
+        56,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 2A VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_RC2_40_CBC_MD5,
+        SSL3_CK_KRB5_RC2_40_CBC_MD5,
+        SSL_kKRB5|SSL_aKRB5|  SSL_RC2|SSL_MD5    |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        40,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 2B VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_RC4_40_MD5,
+        SSL3_CK_KRB5_RC4_40_MD5,
+        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5    |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        128,
+        128,
        SSL_ALL_CIPHERS,
        SSL_ALL_STRENGTHS,
        },
@@ -986,7 +1100,7 @@ void ssl3_free(SSL *s)
                sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
        EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
        EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
-        memset(s->s3,0,sizeof *s->s3);
+        OPENSSL_cleanse(s->s3,sizeof *s->s3);
        OPENSSL_free(s->s3);
        s->s3=NULL;
        }
@@ -1341,16 +1455,19 @@ SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
                {
                CRYPTO_w_lock(CRYPTO_LOCK_SSL);
-                for (i=0; i<SSL3_NUM_CIPHERS; i++)
+                if (init)
-                        sorted[i]= &(ssl3_ciphers[i]);
+                        {
+                        for (i=0; i<SSL3_NUM_CIPHERS; i++)
+                                sorted[i]= &(ssl3_ciphers[i]);
-                qsort(  (char *)sorted,
+                        qsort(sorted,
-                        SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+                                SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
-                        FP_ICC ssl_cipher_ptr_id_cmp);
+                                FP_ICC ssl_cipher_ptr_id_cmp);
+                        init=0;
+                        }
+                
                CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-                init=0;
                }
        id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
author	markus <>	2003-05-11 21:36:58 +0000
committer	markus <>	2003-05-11 21:36:58 +0000
commit	1c98a87f0daac81245653c227eb2f2508a22a965 (patch)
tree	3de6d603296ec563b936da4e6a8a1e33d48f8884 /src/lib/libssl/s3_lib.c
parent	31392c89d1135cf2a416f97295f6d21681b3fbc4 (diff)
download	openbsd-1c98a87f0daac81245653c227eb2f2508a22a965.tar.gz openbsd-1c98a87f0daac81245653c227eb2f2508a22a965.tar.bz2 openbsd-1c98a87f0daac81245653c227eb2f2508a22a965.zip

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 14b2f13ae2..896b12fc4f 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -512,6 +512,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
512	SSL_ALL_STRENGTHS,	512	SSL_ALL_STRENGTHS,
513	},	513	},
514		514
		515	#if 0
515	/* Cipher 1E */	516	/* Cipher 1E */
516	{	517	{
517	0,	518	0,
@@ -525,55 +526,70 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
525	SSL_ALL_CIPHERS,	526	SSL_ALL_CIPHERS,
526	SSL_ALL_STRENGTHS,	527	SSL_ALL_STRENGTHS,
527	},	528	},
		529	#endif
528		530
529	#ifndef OPENSSL_NO_KRB5	531	#ifndef OPENSSL_NO_KRB5
530	/* The Kerberos ciphers	532	/* The Kerberos ciphers
531	** 20000107 VRS: And the first shall be last,	533	** 20000107 VRS: And the first shall be last,
532	** in hopes of avoiding the lynx ssl renegotiation problem.	534	** in hopes of avoiding the lynx ssl renegotiation problem.
533	*/	535	*/
534	/* Cipher 21 VRS */	536	/* Cipher 1E VRS */
535	{	537	{
536	1,	538	1,
537	SSL3_TXT_KRB5_DES_40_CBC_SHA,	539	SSL3_TXT_KRB5_DES_64_CBC_SHA,
538	SSL3_CK_KRB5_DES_40_CBC_SHA,	540	SSL3_CK_KRB5_DES_64_CBC_SHA,
539	SSL_kKRB5\|SSL_aKRB5\| SSL_DES\|SSL_SHA1 \|SSL_SSLV3,	541	SSL_kKRB5\|SSL_aKRB5\| SSL_DES\|SSL_SHA1 \|SSL_SSLV3,
540	SSL_EXPORT\|SSL_EXP40,	542	SSL_NOT_EXP\|SSL_LOW,
541	0,	543	0,
542	40,	544	56,
543	56,	545	56,
544	SSL_ALL_CIPHERS,	546	SSL_ALL_CIPHERS,
545	SSL_ALL_STRENGTHS,	547	SSL_ALL_STRENGTHS,
546	},	548	},
547		549
548	/* Cipher 22 VRS */	550	/* Cipher 1F VRS */
549	{	551	{
550	1,	552	1,
551	SSL3_TXT_KRB5_DES_40_CBC_MD5,	553	SSL3_TXT_KRB5_DES_192_CBC3_SHA,
552	SSL3_CK_KRB5_DES_40_CBC_MD5,	554	SSL3_CK_KRB5_DES_192_CBC3_SHA,
553	SSL_kKRB5\|SSL_aKRB5\| SSL_DES\|SSL_MD5 \|SSL_SSLV3,	555	SSL_kKRB5\|SSL_aKRB5\| SSL_3DES\|SSL_SHA1 \|SSL_SSLV3,
554	SSL_EXPORT\|SSL_EXP40,	556	SSL_NOT_EXP\|SSL_HIGH,
555	0,	557	0,
556	40,	558	112,
557	56,	559	168,
558	SSL_ALL_CIPHERS,	560	SSL_ALL_CIPHERS,
559	SSL_ALL_STRENGTHS,	561	SSL_ALL_STRENGTHS,
560	},	562	},
561		563
562	/* Cipher 23 VRS */	564	/* Cipher 20 VRS */
563	{	565	{
564	1,	566	1,
565	SSL3_TXT_KRB5_DES_64_CBC_SHA,	567	SSL3_TXT_KRB5_RC4_128_SHA,
566	SSL3_CK_KRB5_DES_64_CBC_SHA,	568	SSL3_CK_KRB5_RC4_128_SHA,
567	SSL_kKRB5\|SSL_aKRB5\| SSL_DES\|SSL_SHA1 \|SSL_SSLV3,	569	SSL_kKRB5\|SSL_aKRB5\| SSL_RC4\|SSL_SHA1 \|SSL_SSLV3,
568	SSL_NOT_EXP\|SSL_LOW,	570	SSL_NOT_EXP\|SSL_MEDIUM,
569	0,	571	0,
570	56,	572	128,
571	56,	573	128,
572	SSL_ALL_CIPHERS,	574	SSL_ALL_CIPHERS,
573	SSL_ALL_STRENGTHS,	575	SSL_ALL_STRENGTHS,
574	},	576	},
575		577
576	/* Cipher 24 VRS */	578	/* Cipher 21 VRS */
		579	{
		580	1,
		581	SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
		582	SSL3_CK_KRB5_IDEA_128_CBC_SHA,
		583	SSL_kKRB5\|SSL_aKRB5\| SSL_IDEA\|SSL_SHA1 \|SSL_SSLV3,
		584	SSL_NOT_EXP\|SSL_MEDIUM,
		585	0,
		586	128,
		587	128,
		588	SSL_ALL_CIPHERS,
		589	SSL_ALL_STRENGTHS,
		590	},
		591
		592	/* Cipher 22 VRS */
577	{	593	{
578	1,	594	1,
579	SSL3_TXT_KRB5_DES_64_CBC_MD5,	595	SSL3_TXT_KRB5_DES_64_CBC_MD5,
@@ -587,12 +603,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
587	SSL_ALL_STRENGTHS,	603	SSL_ALL_STRENGTHS,
588	},	604	},
589		605
590	/* Cipher 25 VRS */	606	/* Cipher 23 VRS */
591	{	607	{
592	1,	608	1,
593	SSL3_TXT_KRB5_DES_192_CBC3_SHA,	609	SSL3_TXT_KRB5_DES_192_CBC3_MD5,
594	SSL3_CK_KRB5_DES_192_CBC3_SHA,	610	SSL3_CK_KRB5_DES_192_CBC3_MD5,
595	SSL_kKRB5\|SSL_aKRB5\| SSL_3DES\|SSL_SHA1 \|SSL_SSLV3,	611	SSL_kKRB5\|SSL_aKRB5\| SSL_3DES\|SSL_MD5 \|SSL_SSLV3,
596	SSL_NOT_EXP\|SSL_HIGH,	612	SSL_NOT_EXP\|SSL_HIGH,
597	0,	613	0,
598	112,	614	112,
@@ -601,16 +617,114 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
601	SSL_ALL_STRENGTHS,	617	SSL_ALL_STRENGTHS,
602	},	618	},
603		619
		620	/* Cipher 24 VRS */
		621	{
		622	1,
		623	SSL3_TXT_KRB5_RC4_128_MD5,
		624	SSL3_CK_KRB5_RC4_128_MD5,
		625	SSL_kKRB5\|SSL_aKRB5\| SSL_RC4\|SSL_MD5 \|SSL_SSLV3,
		626	SSL_NOT_EXP\|SSL_MEDIUM,
		627	0,
		628	128,
		629	128,
		630	SSL_ALL_CIPHERS,
		631	SSL_ALL_STRENGTHS,
		632	},
		633
		634	/* Cipher 25 VRS */
		635	{
		636	1,
		637	SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
		638	SSL3_CK_KRB5_IDEA_128_CBC_MD5,
		639	SSL_kKRB5\|SSL_aKRB5\| SSL_IDEA\|SSL_MD5 \|SSL_SSLV3,
		640	SSL_NOT_EXP\|SSL_MEDIUM,
		641	0,
		642	128,
		643	128,
		644	SSL_ALL_CIPHERS,
		645	SSL_ALL_STRENGTHS,
		646	},
		647
604	/* Cipher 26 VRS */	648	/* Cipher 26 VRS */
605	{	649	{
606	1,	650	1,
607	SSL3_TXT_KRB5_DES_192_CBC3_MD5,	651	SSL3_TXT_KRB5_DES_40_CBC_SHA,
608	SSL3_CK_KRB5_DES_192_CBC3_MD5,	652	SSL3_CK_KRB5_DES_40_CBC_SHA,
609	SSL_kKRB5\|SSL_aKRB5\| SSL_3DES\|SSL_MD5 \|SSL_SSLV3,	653	SSL_kKRB5\|SSL_aKRB5\| SSL_DES\|SSL_SHA1 \|SSL_SSLV3,
610	SSL_NOT_EXP\|SSL_HIGH,	654	SSL_EXPORT\|SSL_EXP40,
611	0,	655	0,
612	112,	656	40,
613	168,	657	56,
		658	SSL_ALL_CIPHERS,
		659	SSL_ALL_STRENGTHS,
		660	},
		661
		662	/* Cipher 27 VRS */
		663	{
		664	1,
		665	SSL3_TXT_KRB5_RC2_40_CBC_SHA,
		666	SSL3_CK_KRB5_RC2_40_CBC_SHA,
		667	SSL_kKRB5\|SSL_aKRB5\| SSL_RC2\|SSL_SHA1 \|SSL_SSLV3,
		668	SSL_EXPORT\|SSL_EXP40,
		669	0,
		670	40,
		671	128,
		672	SSL_ALL_CIPHERS,
		673	SSL_ALL_STRENGTHS,
		674	},
		675
		676	/* Cipher 28 VRS */
		677	{
		678	1,
		679	SSL3_TXT_KRB5_RC4_40_SHA,
		680	SSL3_CK_KRB5_RC4_40_SHA,
		681	SSL_kKRB5\|SSL_aKRB5\| SSL_RC4\|SSL_SHA1 \|SSL_SSLV3,
		682	SSL_EXPORT\|SSL_EXP40,
		683	0,
		684	128,
		685	128,
		686	SSL_ALL_CIPHERS,
		687	SSL_ALL_STRENGTHS,
		688	},
		689
		690	/* Cipher 29 VRS */
		691	{
		692	1,
		693	SSL3_TXT_KRB5_DES_40_CBC_MD5,
		694	SSL3_CK_KRB5_DES_40_CBC_MD5,
		695	SSL_kKRB5\|SSL_aKRB5\| SSL_DES\|SSL_MD5 \|SSL_SSLV3,
		696	SSL_EXPORT\|SSL_EXP40,
		697	0,
		698	40,
		699	56,
		700	SSL_ALL_CIPHERS,
		701	SSL_ALL_STRENGTHS,
		702	},
		703
		704	/* Cipher 2A VRS */
		705	{
		706	1,
		707	SSL3_TXT_KRB5_RC2_40_CBC_MD5,
		708	SSL3_CK_KRB5_RC2_40_CBC_MD5,
		709	SSL_kKRB5\|SSL_aKRB5\| SSL_RC2\|SSL_MD5 \|SSL_SSLV3,
		710	SSL_EXPORT\|SSL_EXP40,
		711	0,
		712	40,
		713	128,
		714	SSL_ALL_CIPHERS,
		715	SSL_ALL_STRENGTHS,
		716	},
		717
		718	/* Cipher 2B VRS */
		719	{
		720	1,
		721	SSL3_TXT_KRB5_RC4_40_MD5,
		722	SSL3_CK_KRB5_RC4_40_MD5,
		723	SSL_kKRB5\|SSL_aKRB5\| SSL_RC4\|SSL_MD5 \|SSL_SSLV3,
		724	SSL_EXPORT\|SSL_EXP40,
		725	0,
		726	128,
		727	128,
614	SSL_ALL_CIPHERS,	728	SSL_ALL_CIPHERS,
615	SSL_ALL_STRENGTHS,	729	SSL_ALL_STRENGTHS,
616	},	730	},
@@ -986,7 +1100,7 @@ void ssl3_free(SSL *s)
986	sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);	1100	sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
987	EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);	1101	EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
988	EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);	1102	EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
989	memset(s->s3,0,sizeof *s->s3);	1103	OPENSSL_cleanse(s->s3,sizeof *s->s3);
990	OPENSSL_free(s->s3);	1104	OPENSSL_free(s->s3);
991	s->s3=NULL;	1105	s->s3=NULL;
992	}	1106	}
@@ -1341,16 +1455,19 @@ SSL_CIPHER ssl3_get_cipher_by_char(const unsigned char p)
1341	{	1455	{
1342	CRYPTO_w_lock(CRYPTO_LOCK_SSL);	1456	CRYPTO_w_lock(CRYPTO_LOCK_SSL);
1343		1457
1344	for (i=0; i<SSL3_NUM_CIPHERS; i++)	1458	if (init)
1345	sorted[i]= &(ssl3_ciphers[i]);	1459	{
		1460	for (i=0; i<SSL3_NUM_CIPHERS; i++)
		1461	sorted[i]= &(ssl3_ciphers[i]);
1346		1462
1347	qsort( (char *)sorted,	1463	qsort(sorted,
1348	SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),	1464	SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
1349	FP_ICC ssl_cipher_ptr_id_cmp);	1465	FP_ICC ssl_cipher_ptr_id_cmp);
1350		1466
		1467	init=0;
		1468	}
		1469
1351	CRYPTO_w_unlock(CRYPTO_LOCK_SSL);	1470	CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
1352
1353	init=0;
1354	}	1471	}
1355		1472
1356	id=0x03000000L\|((unsigned long)p[0]<<8L)\|(unsigned long)p[1];	1473	id=0x03000000L\|((unsigned long)p[0]<<8L)\|(unsigned long)p[1];