merge 0.9.7b with local changes; crank majors for libssl/libcrypto

author: markus <> 2003-05-12 02:18:40 +0000
committer: markus <> 2003-05-12 02:18:40 +0000
commit: d4fcd82bb7f6d603bd61e19a81ba97337b89dfca (patch)
tree: d52e3a0f1f08f65ad283027e560e17ed0d720462 /src/lib/libssl/s3_lib.c
parent: 582bbd139cd2afd58d10dc051c5b0b989b441074 (diff)
download: openbsd-d4fcd82bb7f6d603bd61e19a81ba97337b89dfca.tar.gz
openbsd-d4fcd82bb7f6d603bd61e19a81ba97337b89dfca.tar.bz2
openbsd-d4fcd82bb7f6d603bd61e19a81ba97337b89dfca.zip
1 files changed, 155 insertions, 38 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index cc0aeef511..d04096016c 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -514,6 +514,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
+#if 0
 /* Cipher 1E */
        {
        0,
@@ -527,55 +528,70 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_CIPHERS,
        SSL_ALL_STRENGTHS,
        },
+#endif
 #ifndef OPENSSL_NO_KRB5
 /* The Kerberos ciphers
 ** 20000107 VRS: And the first shall be last,
 ** in hopes of avoiding the lynx ssl renegotiation problem.
 */
-/* Cipher 21 VRS */
+/* Cipher 1E VRS */
        {
        1,
-        SSL3_TXT_KRB5_DES_40_CBC_SHA,
+        SSL3_TXT_KRB5_DES_64_CBC_SHA,
-        SSL3_CK_KRB5_DES_40_CBC_SHA,
+        SSL3_CK_KRB5_DES_64_CBC_SHA,
        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40,
+        SSL_NOT_EXP|SSL_LOW,
        0,
-        40,
+        56,
        56,
        SSL_ALL_CIPHERS,
        SSL_ALL_STRENGTHS,
        },
-/* Cipher 22 VRS */
+/* Cipher 1F VRS */
        {
        1,
-        SSL3_TXT_KRB5_DES_40_CBC_MD5,
+        SSL3_TXT_KRB5_DES_192_CBC3_SHA,
-        SSL3_CK_KRB5_DES_40_CBC_MD5,
+        SSL3_CK_KRB5_DES_192_CBC3_SHA,
-        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_MD5    |SSL_SSLV3,
+        SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_SHA1  |SSL_SSLV3,
-        SSL_EXPORT|SSL_EXP40,
+        SSL_NOT_EXP|SSL_HIGH,
        0,
-        40,
+        112,
-        56,
+        168,
        SSL_ALL_CIPHERS,
        SSL_ALL_STRENGTHS,
        },
-/* Cipher 23 VRS */
+/* Cipher 20 VRS */
        {
        1,
-        SSL3_TXT_KRB5_DES_64_CBC_SHA,
+        SSL3_TXT_KRB5_RC4_128_SHA,
-        SSL3_CK_KRB5_DES_64_CBC_SHA,
+        SSL3_CK_KRB5_RC4_128_SHA,
-        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
+        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1  |SSL_SSLV3,
-        SSL_NOT_EXP|SSL_LOW,
+        SSL_NOT_EXP|SSL_MEDIUM,
        0,
-        56,
+        128,
-        56,
+        128,
        SSL_ALL_CIPHERS,
        SSL_ALL_STRENGTHS,
        },
-/* Cipher 24 VRS */
+/* Cipher 21 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
+        SSL3_CK_KRB5_IDEA_128_CBC_SHA,
+        SSL_kKRB5|SSL_aKRB5|  SSL_IDEA|SSL_SHA1  |SSL_SSLV3,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 22 VRS */
        {
        1,
        SSL3_TXT_KRB5_DES_64_CBC_MD5,
@@ -589,12 +605,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
-/* Cipher 25 VRS */
+/* Cipher 23 VRS */
        {
        1,
-        SSL3_TXT_KRB5_DES_192_CBC3_SHA,
+        SSL3_TXT_KRB5_DES_192_CBC3_MD5,
-        SSL3_CK_KRB5_DES_192_CBC3_SHA,
+        SSL3_CK_KRB5_DES_192_CBC3_MD5,
-        SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_SHA1  |SSL_SSLV3,
+        SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_MD5   |SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH,
        0,
        112,
@@ -603,16 +619,114 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
+/* Cipher 24 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_RC4_128_MD5,
+        SSL3_CK_KRB5_RC4_128_MD5,
+        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5  |SSL_SSLV3,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 25 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
+        SSL3_CK_KRB5_IDEA_128_CBC_MD5,
+        SSL_kKRB5|SSL_aKRB5|  SSL_IDEA|SSL_MD5  |SSL_SSLV3,
+        SSL_NOT_EXP|SSL_MEDIUM,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
 /* Cipher 26 VRS */
        {
        1,
-        SSL3_TXT_KRB5_DES_192_CBC3_MD5,
+        SSL3_TXT_KRB5_DES_40_CBC_SHA,
-        SSL3_CK_KRB5_DES_192_CBC3_MD5,
+        SSL3_CK_KRB5_DES_40_CBC_SHA,
-        SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_MD5   |SSL_SSLV3,
+        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
-        SSL_NOT_EXP|SSL_HIGH,
+        SSL_EXPORT|SSL_EXP40,
        0,
-        112,
+        40,
-        168,
+        56,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 27 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_RC2_40_CBC_SHA,
+        SSL3_CK_KRB5_RC2_40_CBC_SHA,
+        SSL_kKRB5|SSL_aKRB5|  SSL_RC2|SSL_SHA1   |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        40,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 28 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_RC4_40_SHA,
+        SSL3_CK_KRB5_RC4_40_SHA,
+        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1   |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        128,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 29 VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_DES_40_CBC_MD5,
+        SSL3_CK_KRB5_DES_40_CBC_MD5,
+        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_MD5    |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        40,
+        56,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 2A VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_RC2_40_CBC_MD5,
+        SSL3_CK_KRB5_RC2_40_CBC_MD5,
+        SSL_kKRB5|SSL_aKRB5|  SSL_RC2|SSL_MD5    |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        40,
+        128,
+        SSL_ALL_CIPHERS,
+        SSL_ALL_STRENGTHS,
+        },
+/* Cipher 2B VRS */
+        {
+        1,
+        SSL3_TXT_KRB5_RC4_40_MD5,
+        SSL3_CK_KRB5_RC4_40_MD5,
+        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5    |SSL_SSLV3,
+        SSL_EXPORT|SSL_EXP40,
+        0,
+        128,
+        128,
        SSL_ALL_CIPHERS,
        SSL_ALL_STRENGTHS,
        },
@@ -988,7 +1102,7 @@ void ssl3_free(SSL *s)
                sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
        EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
        EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
-        memset(s->s3,0,sizeof *s->s3);
+        OPENSSL_cleanse(s->s3,sizeof *s->s3);
        OPENSSL_free(s->s3);
        s->s3=NULL;
        }
@@ -1343,16 +1457,19 @@ SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
                {
                CRYPTO_w_lock(CRYPTO_LOCK_SSL);
-                for (i=0; i<SSL3_NUM_CIPHERS; i++)
+                if (init)
-                        sorted[i]= &(ssl3_ciphers[i]);
+                        {
+                        for (i=0; i<SSL3_NUM_CIPHERS; i++)
+                                sorted[i]= &(ssl3_ciphers[i]);
-                qsort(  (char *)sorted,
+                        qsort(sorted,
-                        SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+                                SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
-                        FP_ICC ssl_cipher_ptr_id_cmp);
+                                FP_ICC ssl_cipher_ptr_id_cmp);
+                        init=0;
+                        }
+                
                CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-                init=0;
                }
        id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
author	markus <>	2003-05-12 02:18:40 +0000
committer	markus <>	2003-05-12 02:18:40 +0000
commit	d4fcd82bb7f6d603bd61e19a81ba97337b89dfca (patch)
tree	d52e3a0f1f08f65ad283027e560e17ed0d720462 /src/lib/libssl/s3_lib.c
parent	582bbd139cd2afd58d10dc051c5b0b989b441074 (diff)
download	openbsd-d4fcd82bb7f6d603bd61e19a81ba97337b89dfca.tar.gz openbsd-d4fcd82bb7f6d603bd61e19a81ba97337b89dfca.tar.bz2 openbsd-d4fcd82bb7f6d603bd61e19a81ba97337b89dfca.zip

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index cc0aeef511..d04096016c 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -514,6 +514,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
514	SSL_ALL_STRENGTHS,	514	SSL_ALL_STRENGTHS,
515	},	515	},
516		516
		517	#if 0
517	/* Cipher 1E */	518	/* Cipher 1E */
518	{	519	{
519	0,	520	0,
@@ -527,55 +528,70 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
527	SSL_ALL_CIPHERS,	528	SSL_ALL_CIPHERS,
528	SSL_ALL_STRENGTHS,	529	SSL_ALL_STRENGTHS,
529	},	530	},
		531	#endif
530		532
531	#ifndef OPENSSL_NO_KRB5	533	#ifndef OPENSSL_NO_KRB5
532	/* The Kerberos ciphers	534	/* The Kerberos ciphers
533	** 20000107 VRS: And the first shall be last,	535	** 20000107 VRS: And the first shall be last,
534	** in hopes of avoiding the lynx ssl renegotiation problem.	536	** in hopes of avoiding the lynx ssl renegotiation problem.
535	*/	537	*/
536	/* Cipher 21 VRS */	538	/* Cipher 1E VRS */
537	{	539	{
538	1,	540	1,
539	SSL3_TXT_KRB5_DES_40_CBC_SHA,	541	SSL3_TXT_KRB5_DES_64_CBC_SHA,
540	SSL3_CK_KRB5_DES_40_CBC_SHA,	542	SSL3_CK_KRB5_DES_64_CBC_SHA,
541	SSL_kKRB5\|SSL_aKRB5\| SSL_DES\|SSL_SHA1 \|SSL_SSLV3,	543	SSL_kKRB5\|SSL_aKRB5\| SSL_DES\|SSL_SHA1 \|SSL_SSLV3,
542	SSL_EXPORT\|SSL_EXP40,	544	SSL_NOT_EXP\|SSL_LOW,
543	0,	545	0,
544	40,	546	56,
545	56,	547	56,
546	SSL_ALL_CIPHERS,	548	SSL_ALL_CIPHERS,
547	SSL_ALL_STRENGTHS,	549	SSL_ALL_STRENGTHS,
548	},	550	},
549		551
550	/* Cipher 22 VRS */	552	/* Cipher 1F VRS */
551	{	553	{
552	1,	554	1,
553	SSL3_TXT_KRB5_DES_40_CBC_MD5,	555	SSL3_TXT_KRB5_DES_192_CBC3_SHA,
554	SSL3_CK_KRB5_DES_40_CBC_MD5,	556	SSL3_CK_KRB5_DES_192_CBC3_SHA,
555	SSL_kKRB5\|SSL_aKRB5\| SSL_DES\|SSL_MD5 \|SSL_SSLV3,	557	SSL_kKRB5\|SSL_aKRB5\| SSL_3DES\|SSL_SHA1 \|SSL_SSLV3,
556	SSL_EXPORT\|SSL_EXP40,	558	SSL_NOT_EXP\|SSL_HIGH,
557	0,	559	0,
558	40,	560	112,
559	56,	561	168,
560	SSL_ALL_CIPHERS,	562	SSL_ALL_CIPHERS,
561	SSL_ALL_STRENGTHS,	563	SSL_ALL_STRENGTHS,
562	},	564	},
563		565
564	/* Cipher 23 VRS */	566	/* Cipher 20 VRS */
565	{	567	{
566	1,	568	1,
567	SSL3_TXT_KRB5_DES_64_CBC_SHA,	569	SSL3_TXT_KRB5_RC4_128_SHA,
568	SSL3_CK_KRB5_DES_64_CBC_SHA,	570	SSL3_CK_KRB5_RC4_128_SHA,
569	SSL_kKRB5\|SSL_aKRB5\| SSL_DES\|SSL_SHA1 \|SSL_SSLV3,	571	SSL_kKRB5\|SSL_aKRB5\| SSL_RC4\|SSL_SHA1 \|SSL_SSLV3,
570	SSL_NOT_EXP\|SSL_LOW,	572	SSL_NOT_EXP\|SSL_MEDIUM,
571	0,	573	0,
572	56,	574	128,
573	56,	575	128,
574	SSL_ALL_CIPHERS,	576	SSL_ALL_CIPHERS,
575	SSL_ALL_STRENGTHS,	577	SSL_ALL_STRENGTHS,
576	},	578	},
577		579
578	/* Cipher 24 VRS */	580	/* Cipher 21 VRS */
		581	{
		582	1,
		583	SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
		584	SSL3_CK_KRB5_IDEA_128_CBC_SHA,
		585	SSL_kKRB5\|SSL_aKRB5\| SSL_IDEA\|SSL_SHA1 \|SSL_SSLV3,
		586	SSL_NOT_EXP\|SSL_MEDIUM,
		587	0,
		588	128,
		589	128,
		590	SSL_ALL_CIPHERS,
		591	SSL_ALL_STRENGTHS,
		592	},
		593
		594	/* Cipher 22 VRS */
579	{	595	{
580	1,	596	1,
581	SSL3_TXT_KRB5_DES_64_CBC_MD5,	597	SSL3_TXT_KRB5_DES_64_CBC_MD5,
@@ -589,12 +605,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
589	SSL_ALL_STRENGTHS,	605	SSL_ALL_STRENGTHS,
590	},	606	},
591		607
592	/* Cipher 25 VRS */	608	/* Cipher 23 VRS */
593	{	609	{
594	1,	610	1,
595	SSL3_TXT_KRB5_DES_192_CBC3_SHA,	611	SSL3_TXT_KRB5_DES_192_CBC3_MD5,
596	SSL3_CK_KRB5_DES_192_CBC3_SHA,	612	SSL3_CK_KRB5_DES_192_CBC3_MD5,
597	SSL_kKRB5\|SSL_aKRB5\| SSL_3DES\|SSL_SHA1 \|SSL_SSLV3,	613	SSL_kKRB5\|SSL_aKRB5\| SSL_3DES\|SSL_MD5 \|SSL_SSLV3,
598	SSL_NOT_EXP\|SSL_HIGH,	614	SSL_NOT_EXP\|SSL_HIGH,
599	0,	615	0,
600	112,	616	112,
@@ -603,16 +619,114 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
603	SSL_ALL_STRENGTHS,	619	SSL_ALL_STRENGTHS,
604	},	620	},
605		621
		622	/* Cipher 24 VRS */
		623	{
		624	1,
		625	SSL3_TXT_KRB5_RC4_128_MD5,
		626	SSL3_CK_KRB5_RC4_128_MD5,
		627	SSL_kKRB5\|SSL_aKRB5\| SSL_RC4\|SSL_MD5 \|SSL_SSLV3,
		628	SSL_NOT_EXP\|SSL_MEDIUM,
		629	0,
		630	128,
		631	128,
		632	SSL_ALL_CIPHERS,
		633	SSL_ALL_STRENGTHS,
		634	},
		635
		636	/* Cipher 25 VRS */
		637	{
		638	1,
		639	SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
		640	SSL3_CK_KRB5_IDEA_128_CBC_MD5,
		641	SSL_kKRB5\|SSL_aKRB5\| SSL_IDEA\|SSL_MD5 \|SSL_SSLV3,
		642	SSL_NOT_EXP\|SSL_MEDIUM,
		643	0,
		644	128,
		645	128,
		646	SSL_ALL_CIPHERS,
		647	SSL_ALL_STRENGTHS,
		648	},
		649
606	/* Cipher 26 VRS */	650	/* Cipher 26 VRS */
607	{	651	{
608	1,	652	1,
609	SSL3_TXT_KRB5_DES_192_CBC3_MD5,	653	SSL3_TXT_KRB5_DES_40_CBC_SHA,
610	SSL3_CK_KRB5_DES_192_CBC3_MD5,	654	SSL3_CK_KRB5_DES_40_CBC_SHA,
611	SSL_kKRB5\|SSL_aKRB5\| SSL_3DES\|SSL_MD5 \|SSL_SSLV3,	655	SSL_kKRB5\|SSL_aKRB5\| SSL_DES\|SSL_SHA1 \|SSL_SSLV3,
612	SSL_NOT_EXP\|SSL_HIGH,	656	SSL_EXPORT\|SSL_EXP40,
613	0,	657	0,
614	112,	658	40,
615	168,	659	56,
		660	SSL_ALL_CIPHERS,
		661	SSL_ALL_STRENGTHS,
		662	},
		663
		664	/* Cipher 27 VRS */
		665	{
		666	1,
		667	SSL3_TXT_KRB5_RC2_40_CBC_SHA,
		668	SSL3_CK_KRB5_RC2_40_CBC_SHA,
		669	SSL_kKRB5\|SSL_aKRB5\| SSL_RC2\|SSL_SHA1 \|SSL_SSLV3,
		670	SSL_EXPORT\|SSL_EXP40,
		671	0,
		672	40,
		673	128,
		674	SSL_ALL_CIPHERS,
		675	SSL_ALL_STRENGTHS,
		676	},
		677
		678	/* Cipher 28 VRS */
		679	{
		680	1,
		681	SSL3_TXT_KRB5_RC4_40_SHA,
		682	SSL3_CK_KRB5_RC4_40_SHA,
		683	SSL_kKRB5\|SSL_aKRB5\| SSL_RC4\|SSL_SHA1 \|SSL_SSLV3,
		684	SSL_EXPORT\|SSL_EXP40,
		685	0,
		686	128,
		687	128,
		688	SSL_ALL_CIPHERS,
		689	SSL_ALL_STRENGTHS,
		690	},
		691
		692	/* Cipher 29 VRS */
		693	{
		694	1,
		695	SSL3_TXT_KRB5_DES_40_CBC_MD5,
		696	SSL3_CK_KRB5_DES_40_CBC_MD5,
		697	SSL_kKRB5\|SSL_aKRB5\| SSL_DES\|SSL_MD5 \|SSL_SSLV3,
		698	SSL_EXPORT\|SSL_EXP40,
		699	0,
		700	40,
		701	56,
		702	SSL_ALL_CIPHERS,
		703	SSL_ALL_STRENGTHS,
		704	},
		705
		706	/* Cipher 2A VRS */
		707	{
		708	1,
		709	SSL3_TXT_KRB5_RC2_40_CBC_MD5,
		710	SSL3_CK_KRB5_RC2_40_CBC_MD5,
		711	SSL_kKRB5\|SSL_aKRB5\| SSL_RC2\|SSL_MD5 \|SSL_SSLV3,
		712	SSL_EXPORT\|SSL_EXP40,
		713	0,
		714	40,
		715	128,
		716	SSL_ALL_CIPHERS,
		717	SSL_ALL_STRENGTHS,
		718	},
		719
		720	/* Cipher 2B VRS */
		721	{
		722	1,
		723	SSL3_TXT_KRB5_RC4_40_MD5,
		724	SSL3_CK_KRB5_RC4_40_MD5,
		725	SSL_kKRB5\|SSL_aKRB5\| SSL_RC4\|SSL_MD5 \|SSL_SSLV3,
		726	SSL_EXPORT\|SSL_EXP40,
		727	0,
		728	128,
		729	128,
616	SSL_ALL_CIPHERS,	730	SSL_ALL_CIPHERS,
617	SSL_ALL_STRENGTHS,	731	SSL_ALL_STRENGTHS,
618	},	732	},
@@ -988,7 +1102,7 @@ void ssl3_free(SSL *s)
988	sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);	1102	sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
989	EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);	1103	EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
990	EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);	1104	EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
991	memset(s->s3,0,sizeof *s->s3);	1105	OPENSSL_cleanse(s->s3,sizeof *s->s3);
992	OPENSSL_free(s->s3);	1106	OPENSSL_free(s->s3);
993	s->s3=NULL;	1107	s->s3=NULL;
994	}	1108	}
@@ -1343,16 +1457,19 @@ SSL_CIPHER ssl3_get_cipher_by_char(const unsigned char p)
1343	{	1457	{
1344	CRYPTO_w_lock(CRYPTO_LOCK_SSL);	1458	CRYPTO_w_lock(CRYPTO_LOCK_SSL);
1345		1459
1346	for (i=0; i<SSL3_NUM_CIPHERS; i++)	1460	if (init)
1347	sorted[i]= &(ssl3_ciphers[i]);	1461	{
		1462	for (i=0; i<SSL3_NUM_CIPHERS; i++)
		1463	sorted[i]= &(ssl3_ciphers[i]);
1348		1464
1349	qsort( (char *)sorted,	1465	qsort(sorted,
1350	SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),	1466	SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
1351	FP_ICC ssl_cipher_ptr_id_cmp);	1467	FP_ICC ssl_cipher_ptr_id_cmp);
1352		1468
		1469	init=0;
		1470	}
		1471
1353	CRYPTO_w_unlock(CRYPTO_LOCK_SSL);	1472	CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
1354
1355	init=0;
1356	}	1473	}
1357		1474
1358	id=0x03000000L\|((unsigned long)p[0]<<8L)\|(unsigned long)p[1];	1475	id=0x03000000L\|((unsigned long)p[0]<<8L)\|(unsigned long)p[1];