summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
-rw-r--r--src/lib/libssl/s3_lib.c195
1 files changed, 40 insertions, 155 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 896b12fc4f..cc0aeef511 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -271,6 +271,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
271 SSL_ALL_STRENGTHS, 271 SSL_ALL_STRENGTHS,
272 }, 272 },
273/* Cipher 07 */ 273/* Cipher 07 */
274#ifndef OPENSSL_NO_IDEA
274 { 275 {
275 1, 276 1,
276 SSL3_TXT_RSA_IDEA_128_SHA, 277 SSL3_TXT_RSA_IDEA_128_SHA,
@@ -283,6 +284,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
283 SSL_ALL_CIPHERS, 284 SSL_ALL_CIPHERS,
284 SSL_ALL_STRENGTHS, 285 SSL_ALL_STRENGTHS,
285 }, 286 },
287#endif
286/* Cipher 08 */ 288/* Cipher 08 */
287 { 289 {
288 1, 290 1,
@@ -512,7 +514,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
512 SSL_ALL_STRENGTHS, 514 SSL_ALL_STRENGTHS,
513 }, 515 },
514 516
515#if 0
516/* Cipher 1E */ 517/* Cipher 1E */
517 { 518 {
518 0, 519 0,
@@ -526,70 +527,55 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
526 SSL_ALL_CIPHERS, 527 SSL_ALL_CIPHERS,
527 SSL_ALL_STRENGTHS, 528 SSL_ALL_STRENGTHS,
528 }, 529 },
529#endif
530 530
531#ifndef OPENSSL_NO_KRB5 531#ifndef OPENSSL_NO_KRB5
532/* The Kerberos ciphers 532/* The Kerberos ciphers
533** 20000107 VRS: And the first shall be last, 533** 20000107 VRS: And the first shall be last,
534** in hopes of avoiding the lynx ssl renegotiation problem. 534** in hopes of avoiding the lynx ssl renegotiation problem.
535*/ 535*/
536/* Cipher 1E VRS */ 536/* Cipher 21 VRS */
537 { 537 {
538 1, 538 1,
539 SSL3_TXT_KRB5_DES_64_CBC_SHA, 539 SSL3_TXT_KRB5_DES_40_CBC_SHA,
540 SSL3_CK_KRB5_DES_64_CBC_SHA, 540 SSL3_CK_KRB5_DES_40_CBC_SHA,
541 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, 541 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
542 SSL_NOT_EXP|SSL_LOW, 542 SSL_EXPORT|SSL_EXP40,
543 0, 543 0,
544 56, 544 40,
545 56, 545 56,
546 SSL_ALL_CIPHERS, 546 SSL_ALL_CIPHERS,
547 SSL_ALL_STRENGTHS, 547 SSL_ALL_STRENGTHS,
548 }, 548 },
549 549
550/* Cipher 1F VRS */ 550/* Cipher 22 VRS */
551 {
552 1,
553 SSL3_TXT_KRB5_DES_192_CBC3_SHA,
554 SSL3_CK_KRB5_DES_192_CBC3_SHA,
555 SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3,
556 SSL_NOT_EXP|SSL_HIGH,
557 0,
558 112,
559 168,
560 SSL_ALL_CIPHERS,
561 SSL_ALL_STRENGTHS,
562 },
563
564/* Cipher 20 VRS */
565 { 551 {
566 1, 552 1,
567 SSL3_TXT_KRB5_RC4_128_SHA, 553 SSL3_TXT_KRB5_DES_40_CBC_MD5,
568 SSL3_CK_KRB5_RC4_128_SHA, 554 SSL3_CK_KRB5_DES_40_CBC_MD5,
569 SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3, 555 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3,
570 SSL_NOT_EXP|SSL_MEDIUM, 556 SSL_EXPORT|SSL_EXP40,
571 0, 557 0,
572 128, 558 40,
573 128, 559 56,
574 SSL_ALL_CIPHERS, 560 SSL_ALL_CIPHERS,
575 SSL_ALL_STRENGTHS, 561 SSL_ALL_STRENGTHS,
576 }, 562 },
577 563
578/* Cipher 21 VRS */ 564/* Cipher 23 VRS */
579 { 565 {
580 1, 566 1,
581 SSL3_TXT_KRB5_IDEA_128_CBC_SHA, 567 SSL3_TXT_KRB5_DES_64_CBC_SHA,
582 SSL3_CK_KRB5_IDEA_128_CBC_SHA, 568 SSL3_CK_KRB5_DES_64_CBC_SHA,
583 SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_SHA1 |SSL_SSLV3, 569 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
584 SSL_NOT_EXP|SSL_MEDIUM, 570 SSL_NOT_EXP|SSL_LOW,
585 0, 571 0,
586 128, 572 56,
587 128, 573 56,
588 SSL_ALL_CIPHERS, 574 SSL_ALL_CIPHERS,
589 SSL_ALL_STRENGTHS, 575 SSL_ALL_STRENGTHS,
590 }, 576 },
591 577
592/* Cipher 22 VRS */ 578/* Cipher 24 VRS */
593 { 579 {
594 1, 580 1,
595 SSL3_TXT_KRB5_DES_64_CBC_MD5, 581 SSL3_TXT_KRB5_DES_64_CBC_MD5,
@@ -603,12 +589,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
603 SSL_ALL_STRENGTHS, 589 SSL_ALL_STRENGTHS,
604 }, 590 },
605 591
606/* Cipher 23 VRS */ 592/* Cipher 25 VRS */
607 { 593 {
608 1, 594 1,
609 SSL3_TXT_KRB5_DES_192_CBC3_MD5, 595 SSL3_TXT_KRB5_DES_192_CBC3_SHA,
610 SSL3_CK_KRB5_DES_192_CBC3_MD5, 596 SSL3_CK_KRB5_DES_192_CBC3_SHA,
611 SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3, 597 SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3,
612 SSL_NOT_EXP|SSL_HIGH, 598 SSL_NOT_EXP|SSL_HIGH,
613 0, 599 0,
614 112, 600 112,
@@ -617,114 +603,16 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
617 SSL_ALL_STRENGTHS, 603 SSL_ALL_STRENGTHS,
618 }, 604 },
619 605
620/* Cipher 24 VRS */
621 {
622 1,
623 SSL3_TXT_KRB5_RC4_128_MD5,
624 SSL3_CK_KRB5_RC4_128_MD5,
625 SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3,
626 SSL_NOT_EXP|SSL_MEDIUM,
627 0,
628 128,
629 128,
630 SSL_ALL_CIPHERS,
631 SSL_ALL_STRENGTHS,
632 },
633
634/* Cipher 25 VRS */
635 {
636 1,
637 SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
638 SSL3_CK_KRB5_IDEA_128_CBC_MD5,
639 SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_MD5 |SSL_SSLV3,
640 SSL_NOT_EXP|SSL_MEDIUM,
641 0,
642 128,
643 128,
644 SSL_ALL_CIPHERS,
645 SSL_ALL_STRENGTHS,
646 },
647
648/* Cipher 26 VRS */ 606/* Cipher 26 VRS */
649 { 607 {
650 1, 608 1,
651 SSL3_TXT_KRB5_DES_40_CBC_SHA, 609 SSL3_TXT_KRB5_DES_192_CBC3_MD5,
652 SSL3_CK_KRB5_DES_40_CBC_SHA, 610 SSL3_CK_KRB5_DES_192_CBC3_MD5,
653 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, 611 SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3,
654 SSL_EXPORT|SSL_EXP40, 612 SSL_NOT_EXP|SSL_HIGH,
655 0,
656 40,
657 56,
658 SSL_ALL_CIPHERS,
659 SSL_ALL_STRENGTHS,
660 },
661
662/* Cipher 27 VRS */
663 {
664 1,
665 SSL3_TXT_KRB5_RC2_40_CBC_SHA,
666 SSL3_CK_KRB5_RC2_40_CBC_SHA,
667 SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_SHA1 |SSL_SSLV3,
668 SSL_EXPORT|SSL_EXP40,
669 0,
670 40,
671 128,
672 SSL_ALL_CIPHERS,
673 SSL_ALL_STRENGTHS,
674 },
675
676/* Cipher 28 VRS */
677 {
678 1,
679 SSL3_TXT_KRB5_RC4_40_SHA,
680 SSL3_CK_KRB5_RC4_40_SHA,
681 SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3,
682 SSL_EXPORT|SSL_EXP40,
683 0,
684 128,
685 128,
686 SSL_ALL_CIPHERS,
687 SSL_ALL_STRENGTHS,
688 },
689
690/* Cipher 29 VRS */
691 {
692 1,
693 SSL3_TXT_KRB5_DES_40_CBC_MD5,
694 SSL3_CK_KRB5_DES_40_CBC_MD5,
695 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3,
696 SSL_EXPORT|SSL_EXP40,
697 0,
698 40,
699 56,
700 SSL_ALL_CIPHERS,
701 SSL_ALL_STRENGTHS,
702 },
703
704/* Cipher 2A VRS */
705 {
706 1,
707 SSL3_TXT_KRB5_RC2_40_CBC_MD5,
708 SSL3_CK_KRB5_RC2_40_CBC_MD5,
709 SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_MD5 |SSL_SSLV3,
710 SSL_EXPORT|SSL_EXP40,
711 0,
712 40,
713 128,
714 SSL_ALL_CIPHERS,
715 SSL_ALL_STRENGTHS,
716 },
717
718/* Cipher 2B VRS */
719 {
720 1,
721 SSL3_TXT_KRB5_RC4_40_MD5,
722 SSL3_CK_KRB5_RC4_40_MD5,
723 SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3,
724 SSL_EXPORT|SSL_EXP40,
725 0, 613 0,
726 128, 614 112,
727 128, 615 168,
728 SSL_ALL_CIPHERS, 616 SSL_ALL_CIPHERS,
729 SSL_ALL_STRENGTHS, 617 SSL_ALL_STRENGTHS,
730 }, 618 },
@@ -1100,7 +988,7 @@ void ssl3_free(SSL *s)
1100 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 988 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
1101 EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); 989 EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
1102 EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); 990 EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
1103 OPENSSL_cleanse(s->s3,sizeof *s->s3); 991 memset(s->s3,0,sizeof *s->s3);
1104 OPENSSL_free(s->s3); 992 OPENSSL_free(s->s3);
1105 s->s3=NULL; 993 s->s3=NULL;
1106 } 994 }
@@ -1455,19 +1343,16 @@ SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
1455 { 1343 {
1456 CRYPTO_w_lock(CRYPTO_LOCK_SSL); 1344 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
1457 1345
1458 if (init) 1346 for (i=0; i<SSL3_NUM_CIPHERS; i++)
1459 { 1347 sorted[i]= &(ssl3_ciphers[i]);
1460 for (i=0; i<SSL3_NUM_CIPHERS; i++)
1461 sorted[i]= &(ssl3_ciphers[i]);
1462 1348
1463 qsort(sorted, 1349 qsort( (char *)sorted,
1464 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *), 1350 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
1465 FP_ICC ssl_cipher_ptr_id_cmp); 1351 FP_ICC ssl_cipher_ptr_id_cmp);
1466 1352
1467 init=0;
1468 }
1469
1470 CRYPTO_w_unlock(CRYPTO_LOCK_SSL); 1353 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
1354
1355 init=0;
1471 } 1356 }
1472 1357
1473 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; 1358 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-29 07:03:41 +0000