summaryrefslogtreecommitdiff
path: root/src/lib/libssl
diff options
context:
space:
mode:
authormarkus <>2004-04-07 20:42:07 +0000
committermarkus <>2004-04-07 20:42:07 +0000
commit58c08aa241f168c84ce7cc3052454ea59a44eada (patch)
tree1806747a3fda66041a998ca63c763fdcf722450e /src/lib/libssl
parent9c1aa44a1eacea897c0432e796b205b8484ff4d2 (diff)
downloadopenbsd-58c08aa241f168c84ce7cc3052454ea59a44eada.tar.gz
openbsd-58c08aa241f168c84ce7cc3052454ea59a44eada.tar.bz2
openbsd-58c08aa241f168c84ce7cc3052454ea59a44eada.zip
import openssl-0.9.7d
Diffstat (limited to 'src/lib/libssl')
-rw-r--r--src/lib/libssl/LICENSE2
-rw-r--r--src/lib/libssl/doc/openssl.cnf5
-rw-r--r--src/lib/libssl/s3_clnt.c5
-rw-r--r--src/lib/libssl/s3_lib.c2
-rw-r--r--src/lib/libssl/s3_pkt.c8
-rw-r--r--src/lib/libssl/s3_srvr.c19
-rw-r--r--src/lib/libssl/ssl.h4
-rw-r--r--src/lib/libssl/ssl_asn1.c1
-rw-r--r--src/lib/libssl/ssl_cert.c12
-rw-r--r--src/lib/libssl/ssl_ciph.c85
-rw-r--r--src/lib/libssl/ssl_lib.c1
-rw-r--r--src/lib/libssl/ssl_sess.c1
12 files changed, 90 insertions, 55 deletions
diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE
index dddb07842b..40277883a5 100644
--- a/src/lib/libssl/LICENSE
+++ b/src/lib/libssl/LICENSE
@@ -12,7 +12,7 @@
12 --------------- 12 ---------------
13 13
14/* ==================================================================== 14/* ====================================================================
15 * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. 15 * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
16 * 16 *
17 * Redistribution and use in source and binary forms, with or without 17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions 18 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libssl/doc/openssl.cnf b/src/lib/libssl/doc/openssl.cnf
index eca51c3322..854d1f164e 100644
--- a/src/lib/libssl/doc/openssl.cnf
+++ b/src/lib/libssl/doc/openssl.cnf
@@ -38,10 +38,14 @@ dir = ./demoCA # Where everything is kept
38certs = $dir/certs # Where the issued certs are kept 38certs = $dir/certs # Where the issued certs are kept
39crl_dir = $dir/crl # Where the issued crl are kept 39crl_dir = $dir/crl # Where the issued crl are kept
40database = $dir/index.txt # database index file. 40database = $dir/index.txt # database index file.
41#unique_subject = no # Set to 'no' to allow creation of
42 # several ctificates with same subject.
41new_certs_dir = $dir/newcerts # default place for new certs. 43new_certs_dir = $dir/newcerts # default place for new certs.
42 44
43certificate = $dir/cacert.pem # The CA certificate 45certificate = $dir/cacert.pem # The CA certificate
44serial = $dir/serial # The current serial number 46serial = $dir/serial # The current serial number
47#crlnumber = $dir/crlnumber # the current crl number
48 # must be commented out to leave a V1 CRL
45crl = $dir/crl.pem # The current CRL 49crl = $dir/crl.pem # The current CRL
46private_key = $dir/private/cakey.pem# The private key 50private_key = $dir/private/cakey.pem# The private key
47RANDFILE = $dir/private/.rand # private random number file 51RANDFILE = $dir/private/.rand # private random number file
@@ -58,6 +62,7 @@ cert_opt = ca_default # Certificate field options
58 62
59# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs 63# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
60# so this is commented out by default to leave a V1 CRL. 64# so this is commented out by default to leave a V1 CRL.
65# crlnumber must also be commented out to leave a V1 CRL.
61# crl_extensions = crl_ext 66# crl_extensions = crl_ext
62 67
63default_days = 365 # how long to certify for 68default_days = 365 # how long to certify for
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index eb7daebfdf..26ce0cb963 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -117,7 +117,6 @@
117#include <openssl/objects.h> 117#include <openssl/objects.h>
118#include <openssl/evp.h> 118#include <openssl/evp.h>
119#include <openssl/md5.h> 119#include <openssl/md5.h>
120#include "cryptlib.h"
121 120
122static SSL_METHOD *ssl3_get_client_method(int ver); 121static SSL_METHOD *ssl3_get_client_method(int ver);
123static int ssl3_client_hello(SSL *s); 122static int ssl3_client_hello(SSL *s);
@@ -1947,7 +1946,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
1947 if (algs & SSL_kRSA) 1946 if (algs & SSL_kRSA)
1948 { 1947 {
1949 if (rsa == NULL 1948 if (rsa == NULL
1950 || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) 1949 || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
1951 { 1950 {
1952 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY); 1951 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
1953 goto f_err; 1952 goto f_err;
@@ -1959,7 +1958,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
1959 if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 1958 if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
1960 { 1959 {
1961 if (dh == NULL 1960 if (dh == NULL
1962 || DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) 1961 || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
1963 { 1962 {
1964 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY); 1963 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
1965 goto f_err; 1964 goto f_err;
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 896b12fc4f..d04096016c 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -271,6 +271,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
271 SSL_ALL_STRENGTHS, 271 SSL_ALL_STRENGTHS,
272 }, 272 },
273/* Cipher 07 */ 273/* Cipher 07 */
274#ifndef OPENSSL_NO_IDEA
274 { 275 {
275 1, 276 1,
276 SSL3_TXT_RSA_IDEA_128_SHA, 277 SSL3_TXT_RSA_IDEA_128_SHA,
@@ -283,6 +284,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
283 SSL_ALL_CIPHERS, 284 SSL_ALL_CIPHERS,
284 SSL_ALL_STRENGTHS, 285 SSL_ALL_STRENGTHS,
285 }, 286 },
287#endif
286/* Cipher 08 */ 288/* Cipher 08 */
287 { 289 {
288 1, 290 1,
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 3f88429e79..9f3e5139ad 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -1085,6 +1085,14 @@ start:
1085 goto err; 1085 goto err;
1086 } 1086 }
1087 1087
1088 /* Check we have a cipher to change to */
1089 if (s->s3->tmp.new_cipher == NULL)
1090 {
1091 i=SSL_AD_UNEXPECTED_MESSAGE;
1092 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
1093 goto err;
1094 }
1095
1088 rr->length=0; 1096 rr->length=0;
1089 1097
1090 if (s->msg_callback) 1098 if (s->msg_callback)
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 881f68b998..deb3cffabe 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -121,9 +121,10 @@
121#include <openssl/objects.h> 121#include <openssl/objects.h>
122#include <openssl/evp.h> 122#include <openssl/evp.h>
123#include <openssl/x509.h> 123#include <openssl/x509.h>
124#ifndef OPENSSL_NO_KRB5
124#include <openssl/krb5_asn.h> 125#include <openssl/krb5_asn.h>
126#endif
125#include <openssl/md5.h> 127#include <openssl/md5.h>
126#include "cryptlib.h"
127 128
128static SSL_METHOD *ssl3_get_server_method(int ver); 129static SSL_METHOD *ssl3_get_server_method(int ver);
129static int ssl3_get_client_hello(SSL *s); 130static int ssl3_get_client_hello(SSL *s);
@@ -1587,11 +1588,27 @@ static int ssl3_get_client_key_exchange(SSL *s)
1587 1588
1588 n2s(p,i); 1589 n2s(p,i);
1589 enc_ticket.length = i; 1590 enc_ticket.length = i;
1591
1592 if (n < enc_ticket.length + 6)
1593 {
1594 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1595 SSL_R_DATA_LENGTH_TOO_LONG);
1596 goto err;
1597 }
1598
1590 enc_ticket.data = (char *)p; 1599 enc_ticket.data = (char *)p;
1591 p+=enc_ticket.length; 1600 p+=enc_ticket.length;
1592 1601
1593 n2s(p,i); 1602 n2s(p,i);
1594 authenticator.length = i; 1603 authenticator.length = i;
1604
1605 if (n < enc_ticket.length + authenticator.length + 6)
1606 {
1607 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1608 SSL_R_DATA_LENGTH_TOO_LONG);
1609 goto err;
1610 }
1611
1595 authenticator.data = (char *)p; 1612 authenticator.data = (char *)p;
1596 p+=authenticator.length; 1613 p+=authenticator.length;
1597 1614
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 4ae8458259..913bd40eea 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1357,8 +1357,8 @@ const char *SSL_alert_type_string(int value);
1357const char *SSL_alert_desc_string_long(int value); 1357const char *SSL_alert_desc_string_long(int value);
1358const char *SSL_alert_desc_string(int value); 1358const char *SSL_alert_desc_string(int value);
1359 1359
1360void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); 1360void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
1361void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); 1361void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
1362STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s); 1362STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s);
1363STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s); 1363STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s);
1364int SSL_add_client_CA(SSL *ssl,X509 *x); 1364int SSL_add_client_CA(SSL *ssl,X509 *x);
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
index 16bc11b559..d8ff8fc4a3 100644
--- a/src/lib/libssl/ssl_asn1.c
+++ b/src/lib/libssl/ssl_asn1.c
@@ -62,7 +62,6 @@
62#include <openssl/asn1_mac.h> 62#include <openssl/asn1_mac.h>
63#include <openssl/objects.h> 63#include <openssl/objects.h>
64#include <openssl/x509.h> 64#include <openssl/x509.h>
65#include "cryptlib.h"
66 65
67typedef struct ssl_session_asn1_st 66typedef struct ssl_session_asn1_st
68 { 67 {
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index da90078a37..2cfb615878 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -505,12 +505,12 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
505 return(i); 505 return(i);
506 } 506 }
507 507
508static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *list) 508static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list)
509 { 509 {
510 if (*ca_list != NULL) 510 if (*ca_list != NULL)
511 sk_X509_NAME_pop_free(*ca_list,X509_NAME_free); 511 sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
512 512
513 *ca_list=list; 513 *ca_list=name_list;
514 } 514 }
515 515
516STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) 516STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
@@ -532,14 +532,14 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
532 return(ret); 532 return(ret);
533 } 533 }
534 534
535void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *list) 535void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list)
536 { 536 {
537 set_client_CA_list(&(s->client_CA),list); 537 set_client_CA_list(&(s->client_CA),name_list);
538 } 538 }
539 539
540void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *list) 540void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list)
541 { 541 {
542 set_client_CA_list(&(ctx->client_CA),list); 542 set_client_CA_list(&(ctx->client_CA),name_list);
543 } 543 }
544 544
545STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx) 545STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx)
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 888b667fa1..44c503eb04 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -125,7 +125,9 @@ static const SSL_CIPHER cipher_aliases[]={
125 {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0}, 125 {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0},
126 {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0}, 126 {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0},
127 {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0}, 127 {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0},
128#ifndef OPENSSL_NO_IDEA
128 {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, 129 {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0},
130#endif
129 {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, 131 {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
130 {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, 132 {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0},
131 {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, 133 {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0},
@@ -166,8 +168,12 @@ static void load_ciphers(void)
166 EVP_get_cipherbyname(SN_rc4); 168 EVP_get_cipherbyname(SN_rc4);
167 ssl_cipher_methods[SSL_ENC_RC2_IDX]= 169 ssl_cipher_methods[SSL_ENC_RC2_IDX]=
168 EVP_get_cipherbyname(SN_rc2_cbc); 170 EVP_get_cipherbyname(SN_rc2_cbc);
171#ifndef OPENSSL_NO_IDEA
169 ssl_cipher_methods[SSL_ENC_IDEA_IDX]= 172 ssl_cipher_methods[SSL_ENC_IDEA_IDX]=
170 EVP_get_cipherbyname(SN_idea_cbc); 173 EVP_get_cipherbyname(SN_idea_cbc);
174#else
175 ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL;
176#endif
171 ssl_cipher_methods[SSL_ENC_AES128_IDX]= 177 ssl_cipher_methods[SSL_ENC_AES128_IDX]=
172 EVP_get_cipherbyname(SN_aes_128_cbc); 178 EVP_get_cipherbyname(SN_aes_128_cbc);
173 ssl_cipher_methods[SSL_ENC_AES256_IDX]= 179 ssl_cipher_methods[SSL_ENC_AES256_IDX]=
@@ -334,10 +340,10 @@ static unsigned long ssl_cipher_get_disabled(void)
334 } 340 }
335 341
336static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, 342static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
337 int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list, 343 int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list,
338 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) 344 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
339 { 345 {
340 int i, list_num; 346 int i, co_list_num;
341 SSL_CIPHER *c; 347 SSL_CIPHER *c;
342 348
343 /* 349 /*
@@ -348,18 +354,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
348 */ 354 */
349 355
350 /* Get the initial list of ciphers */ 356 /* Get the initial list of ciphers */
351 list_num = 0; /* actual count of ciphers */ 357 co_list_num = 0; /* actual count of ciphers */
352 for (i = 0; i < num_of_ciphers; i++) 358 for (i = 0; i < num_of_ciphers; i++)
353 { 359 {
354 c = ssl_method->get_cipher(i); 360 c = ssl_method->get_cipher(i);
355 /* drop those that use any of that is not available */ 361 /* drop those that use any of that is not available */
356 if ((c != NULL) && c->valid && !(c->algorithms & mask)) 362 if ((c != NULL) && c->valid && !(c->algorithms & mask))
357 { 363 {
358 list[list_num].cipher = c; 364 co_list[co_list_num].cipher = c;
359 list[list_num].next = NULL; 365 co_list[co_list_num].next = NULL;
360 list[list_num].prev = NULL; 366 co_list[co_list_num].prev = NULL;
361 list[list_num].active = 0; 367 co_list[co_list_num].active = 0;
362 list_num++; 368 co_list_num++;
363#ifdef KSSL_DEBUG 369#ifdef KSSL_DEBUG
364 printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms); 370 printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms);
365#endif /* KSSL_DEBUG */ 371#endif /* KSSL_DEBUG */
@@ -372,18 +378,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
372 /* 378 /*
373 * Prepare linked list from list entries 379 * Prepare linked list from list entries
374 */ 380 */
375 for (i = 1; i < list_num - 1; i++) 381 for (i = 1; i < co_list_num - 1; i++)
376 { 382 {
377 list[i].prev = &(list[i-1]); 383 co_list[i].prev = &(co_list[i-1]);
378 list[i].next = &(list[i+1]); 384 co_list[i].next = &(co_list[i+1]);
379 } 385 }
380 if (list_num > 0) 386 if (co_list_num > 0)
381 { 387 {
382 (*head_p) = &(list[0]); 388 (*head_p) = &(co_list[0]);
383 (*head_p)->prev = NULL; 389 (*head_p)->prev = NULL;
384 (*head_p)->next = &(list[1]); 390 (*head_p)->next = &(co_list[1]);
385 (*tail_p) = &(list[list_num - 1]); 391 (*tail_p) = &(co_list[co_list_num - 1]);
386 (*tail_p)->prev = &(list[list_num - 2]); 392 (*tail_p)->prev = &(co_list[co_list_num - 2]);
387 (*tail_p)->next = NULL; 393 (*tail_p)->next = NULL;
388 } 394 }
389 } 395 }
@@ -429,7 +435,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
429 435
430static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, 436static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
431 unsigned long algo_strength, unsigned long mask_strength, 437 unsigned long algo_strength, unsigned long mask_strength,
432 int rule, int strength_bits, CIPHER_ORDER *list, 438 int rule, int strength_bits, CIPHER_ORDER *co_list,
433 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) 439 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
434 { 440 {
435 CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2; 441 CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
@@ -524,8 +530,9 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
524 *tail_p = tail; 530 *tail_p = tail;
525 } 531 }
526 532
527static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p, 533static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
528 CIPHER_ORDER **tail_p) 534 CIPHER_ORDER **head_p,
535 CIPHER_ORDER **tail_p)
529 { 536 {
530 int max_strength_bits, i, *number_uses; 537 int max_strength_bits, i, *number_uses;
531 CIPHER_ORDER *curr; 538 CIPHER_ORDER *curr;
@@ -570,14 +577,14 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
570 for (i = max_strength_bits; i >= 0; i--) 577 for (i = max_strength_bits; i >= 0; i--)
571 if (number_uses[i] > 0) 578 if (number_uses[i] > 0)
572 ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i, 579 ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
573 list, head_p, tail_p); 580 co_list, head_p, tail_p);
574 581
575 OPENSSL_free(number_uses); 582 OPENSSL_free(number_uses);
576 return(1); 583 return(1);
577 } 584 }
578 585
579static int ssl_cipher_process_rulestr(const char *rule_str, 586static int ssl_cipher_process_rulestr(const char *rule_str,
580 CIPHER_ORDER *list, CIPHER_ORDER **head_p, 587 CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
581 CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list) 588 CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
582 { 589 {
583 unsigned long algorithms, mask, algo_strength, mask_strength; 590 unsigned long algorithms, mask, algo_strength, mask_strength;
@@ -702,7 +709,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
702 ok = 0; 709 ok = 0;
703 if ((buflen == 8) && 710 if ((buflen == 8) &&
704 !strncmp(buf, "STRENGTH", 8)) 711 !strncmp(buf, "STRENGTH", 8))
705 ok = ssl_cipher_strength_sort(list, 712 ok = ssl_cipher_strength_sort(co_list,
706 head_p, tail_p); 713 head_p, tail_p);
707 else 714 else
708 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, 715 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
@@ -722,7 +729,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
722 { 729 {
723 ssl_cipher_apply_rule(algorithms, mask, 730 ssl_cipher_apply_rule(algorithms, mask,
724 algo_strength, mask_strength, rule, -1, 731 algo_strength, mask_strength, rule, -1,
725 list, head_p, tail_p); 732 co_list, head_p, tail_p);
726 } 733 }
727 else 734 else
728 { 735 {
@@ -744,7 +751,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
744 unsigned long disabled_mask; 751 unsigned long disabled_mask;
745 STACK_OF(SSL_CIPHER) *cipherstack; 752 STACK_OF(SSL_CIPHER) *cipherstack;
746 const char *rule_p; 753 const char *rule_p;
747 CIPHER_ORDER *list = NULL, *head = NULL, *tail = NULL, *curr; 754 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
748 SSL_CIPHER **ca_list = NULL; 755 SSL_CIPHER **ca_list = NULL;
749 756
750 /* 757 /*
@@ -774,15 +781,15 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
774#ifdef KSSL_DEBUG 781#ifdef KSSL_DEBUG
775 printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); 782 printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
776#endif /* KSSL_DEBUG */ 783#endif /* KSSL_DEBUG */
777 list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); 784 co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
778 if (list == NULL) 785 if (co_list == NULL)
779 { 786 {
780 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); 787 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
781 return(NULL); /* Failure */ 788 return(NULL); /* Failure */
782 } 789 }
783 790
784 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask, 791 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
785 list, &head, &tail); 792 co_list, &head, &tail);
786 793
787 /* 794 /*
788 * We also need cipher aliases for selecting based on the rule_str. 795 * We also need cipher aliases for selecting based on the rule_str.
@@ -798,7 +805,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
798 (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); 805 (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
799 if (ca_list == NULL) 806 if (ca_list == NULL)
800 { 807 {
801 OPENSSL_free(list); 808 OPENSSL_free(co_list);
802 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); 809 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
803 return(NULL); /* Failure */ 810 return(NULL); /* Failure */
804 } 811 }
@@ -814,21 +821,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
814 if (strncmp(rule_str,"DEFAULT",7) == 0) 821 if (strncmp(rule_str,"DEFAULT",7) == 0)
815 { 822 {
816 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, 823 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
817 list, &head, &tail, ca_list); 824 co_list, &head, &tail, ca_list);
818 rule_p += 7; 825 rule_p += 7;
819 if (*rule_p == ':') 826 if (*rule_p == ':')
820 rule_p++; 827 rule_p++;
821 } 828 }
822 829
823 if (ok && (strlen(rule_p) > 0)) 830 if (ok && (strlen(rule_p) > 0))
824 ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail, 831 ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail,
825 ca_list); 832 ca_list);
826 833
827 OPENSSL_free(ca_list); /* Not needed anymore */ 834 OPENSSL_free(ca_list); /* Not needed anymore */
828 835
829 if (!ok) 836 if (!ok)
830 { /* Rule processing failure */ 837 { /* Rule processing failure */
831 OPENSSL_free(list); 838 OPENSSL_free(co_list);
832 return(NULL); 839 return(NULL);
833 } 840 }
834 /* 841 /*
@@ -837,7 +844,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
837 */ 844 */
838 if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) 845 if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
839 { 846 {
840 OPENSSL_free(list); 847 OPENSSL_free(co_list);
841 return(NULL); 848 return(NULL);
842 } 849 }
843 850
@@ -855,7 +862,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
855#endif 862#endif
856 } 863 }
857 } 864 }
858 OPENSSL_free(list); /* Not needed any longer */ 865 OPENSSL_free(co_list); /* Not needed any longer */
859 866
860 /* 867 /*
861 * The following passage is a little bit odd. If pointer variables 868 * The following passage is a little bit odd. If pointer variables
@@ -905,7 +912,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
905char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) 912char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
906 { 913 {
907 int is_export,pkl,kl; 914 int is_export,pkl,kl;
908 char *ver,*exp; 915 char *ver,*exp_str;
909 char *kx,*au,*enc,*mac; 916 char *kx,*au,*enc,*mac;
910 unsigned long alg,alg2,alg_s; 917 unsigned long alg,alg2,alg_s;
911#ifdef KSSL_DEBUG 918#ifdef KSSL_DEBUG
@@ -921,7 +928,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
921 is_export=SSL_C_IS_EXPORT(cipher); 928 is_export=SSL_C_IS_EXPORT(cipher);
922 pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); 929 pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
923 kl=SSL_C_EXPORT_KEYLENGTH(cipher); 930 kl=SSL_C_EXPORT_KEYLENGTH(cipher);
924 exp=is_export?" export":""; 931 exp_str=is_export?" export":"";
925 932
926 if (alg & SSL_SSLV2) 933 if (alg & SSL_SSLV2)
927 ver="SSLv2"; 934 ver="SSLv2";
@@ -1040,9 +1047,9 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
1040 return("Buffer too small"); 1047 return("Buffer too small");
1041 1048
1042#ifdef KSSL_DEBUG 1049#ifdef KSSL_DEBUG
1043 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp,alg); 1050 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg);
1044#else 1051#else
1045 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp); 1052 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
1046#endif /* KSSL_DEBUG */ 1053#endif /* KSSL_DEBUG */
1047 return(buf); 1054 return(buf);
1048 } 1055 }
@@ -1129,11 +1136,11 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
1129 { 1136 {
1130 MemCheck_on(); 1137 MemCheck_on();
1131 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); 1138 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
1132 return(0); 1139 return(1);
1133 } 1140 }
1134 else 1141 else
1135 { 1142 {
1136 MemCheck_on(); 1143 MemCheck_on();
1137 return(1); 1144 return(0);
1138 } 1145 }
1139 } 1146 }
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 6d69890688..ee9a82d586 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -121,7 +121,6 @@
121#include <openssl/objects.h> 121#include <openssl/objects.h>
122#include <openssl/lhash.h> 122#include <openssl/lhash.h>
123#include <openssl/x509v3.h> 123#include <openssl/x509v3.h>
124#include "cryptlib.h"
125 124
126const char *SSL_version_str=OPENSSL_VERSION_TEXT; 125const char *SSL_version_str=OPENSSL_VERSION_TEXT;
127 126
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index fabcdefa6e..7016c87d3b 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -60,7 +60,6 @@
60#include <openssl/lhash.h> 60#include <openssl/lhash.h>
61#include <openssl/rand.h> 61#include <openssl/rand.h>
62#include "ssl_locl.h" 62#include "ssl_locl.h"
63#include "cryptlib.h"
64 63
65static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); 64static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
66static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); 65static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-16 03:09:36 +0000