diff options
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 193 |
1 files changed, 155 insertions, 38 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index cc0aeef511..d04096016c 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -514,6 +514,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 514 | SSL_ALL_STRENGTHS, | 514 | SSL_ALL_STRENGTHS, |
| 515 | }, | 515 | }, |
| 516 | 516 | ||
| 517 | #if 0 | ||
| 517 | /* Cipher 1E */ | 518 | /* Cipher 1E */ |
| 518 | { | 519 | { |
| 519 | 0, | 520 | 0, |
| @@ -527,55 +528,70 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 527 | SSL_ALL_CIPHERS, | 528 | SSL_ALL_CIPHERS, |
| 528 | SSL_ALL_STRENGTHS, | 529 | SSL_ALL_STRENGTHS, |
| 529 | }, | 530 | }, |
| 531 | #endif | ||
| 530 | 532 | ||
| 531 | #ifndef OPENSSL_NO_KRB5 | 533 | #ifndef OPENSSL_NO_KRB5 |
| 532 | /* The Kerberos ciphers | 534 | /* The Kerberos ciphers |
| 533 | ** 20000107 VRS: And the first shall be last, | 535 | ** 20000107 VRS: And the first shall be last, |
| 534 | ** in hopes of avoiding the lynx ssl renegotiation problem. | 536 | ** in hopes of avoiding the lynx ssl renegotiation problem. |
| 535 | */ | 537 | */ |
| 536 | /* Cipher 21 VRS */ | 538 | /* Cipher 1E VRS */ |
| 537 | { | 539 | { |
| 538 | 1, | 540 | 1, |
| 539 | SSL3_TXT_KRB5_DES_40_CBC_SHA, | 541 | SSL3_TXT_KRB5_DES_64_CBC_SHA, |
| 540 | SSL3_CK_KRB5_DES_40_CBC_SHA, | 542 | SSL3_CK_KRB5_DES_64_CBC_SHA, |
| 541 | SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, | 543 | SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, |
| 542 | SSL_EXPORT|SSL_EXP40, | 544 | SSL_NOT_EXP|SSL_LOW, |
| 543 | 0, | 545 | 0, |
| 544 | 40, | 546 | 56, |
| 545 | 56, | 547 | 56, |
| 546 | SSL_ALL_CIPHERS, | 548 | SSL_ALL_CIPHERS, |
| 547 | SSL_ALL_STRENGTHS, | 549 | SSL_ALL_STRENGTHS, |
| 548 | }, | 550 | }, |
| 549 | 551 | ||
| 550 | /* Cipher 22 VRS */ | 552 | /* Cipher 1F VRS */ |
| 551 | { | 553 | { |
| 552 | 1, | 554 | 1, |
| 553 | SSL3_TXT_KRB5_DES_40_CBC_MD5, | 555 | SSL3_TXT_KRB5_DES_192_CBC3_SHA, |
| 554 | SSL3_CK_KRB5_DES_40_CBC_MD5, | 556 | SSL3_CK_KRB5_DES_192_CBC3_SHA, |
| 555 | SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3, | 557 | SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3, |
| 556 | SSL_EXPORT|SSL_EXP40, | 558 | SSL_NOT_EXP|SSL_HIGH, |
| 557 | 0, | 559 | 0, |
| 558 | 40, | 560 | 112, |
| 559 | 56, | 561 | 168, |
| 560 | SSL_ALL_CIPHERS, | 562 | SSL_ALL_CIPHERS, |
| 561 | SSL_ALL_STRENGTHS, | 563 | SSL_ALL_STRENGTHS, |
| 562 | }, | 564 | }, |
| 563 | 565 | ||
| 564 | /* Cipher 23 VRS */ | 566 | /* Cipher 20 VRS */ |
| 565 | { | 567 | { |
| 566 | 1, | 568 | 1, |
| 567 | SSL3_TXT_KRB5_DES_64_CBC_SHA, | 569 | SSL3_TXT_KRB5_RC4_128_SHA, |
| 568 | SSL3_CK_KRB5_DES_64_CBC_SHA, | 570 | SSL3_CK_KRB5_RC4_128_SHA, |
| 569 | SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, | 571 | SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3, |
| 570 | SSL_NOT_EXP|SSL_LOW, | 572 | SSL_NOT_EXP|SSL_MEDIUM, |
| 571 | 0, | 573 | 0, |
| 572 | 56, | 574 | 128, |
| 573 | 56, | 575 | 128, |
| 574 | SSL_ALL_CIPHERS, | 576 | SSL_ALL_CIPHERS, |
| 575 | SSL_ALL_STRENGTHS, | 577 | SSL_ALL_STRENGTHS, |
| 576 | }, | 578 | }, |
| 577 | 579 | ||
| 578 | /* Cipher 24 VRS */ | 580 | /* Cipher 21 VRS */ |
| 581 | { | ||
| 582 | 1, | ||
| 583 | SSL3_TXT_KRB5_IDEA_128_CBC_SHA, | ||
| 584 | SSL3_CK_KRB5_IDEA_128_CBC_SHA, | ||
| 585 | SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_SHA1 |SSL_SSLV3, | ||
| 586 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 587 | 0, | ||
| 588 | 128, | ||
| 589 | 128, | ||
| 590 | SSL_ALL_CIPHERS, | ||
| 591 | SSL_ALL_STRENGTHS, | ||
| 592 | }, | ||
| 593 | |||
| 594 | /* Cipher 22 VRS */ | ||
| 579 | { | 595 | { |
| 580 | 1, | 596 | 1, |
| 581 | SSL3_TXT_KRB5_DES_64_CBC_MD5, | 597 | SSL3_TXT_KRB5_DES_64_CBC_MD5, |
| @@ -589,12 +605,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 589 | SSL_ALL_STRENGTHS, | 605 | SSL_ALL_STRENGTHS, |
| 590 | }, | 606 | }, |
| 591 | 607 | ||
| 592 | /* Cipher 25 VRS */ | 608 | /* Cipher 23 VRS */ |
| 593 | { | 609 | { |
| 594 | 1, | 610 | 1, |
| 595 | SSL3_TXT_KRB5_DES_192_CBC3_SHA, | 611 | SSL3_TXT_KRB5_DES_192_CBC3_MD5, |
| 596 | SSL3_CK_KRB5_DES_192_CBC3_SHA, | 612 | SSL3_CK_KRB5_DES_192_CBC3_MD5, |
| 597 | SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3, | 613 | SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3, |
| 598 | SSL_NOT_EXP|SSL_HIGH, | 614 | SSL_NOT_EXP|SSL_HIGH, |
| 599 | 0, | 615 | 0, |
| 600 | 112, | 616 | 112, |
| @@ -603,16 +619,114 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 603 | SSL_ALL_STRENGTHS, | 619 | SSL_ALL_STRENGTHS, |
| 604 | }, | 620 | }, |
| 605 | 621 | ||
| 622 | /* Cipher 24 VRS */ | ||
| 623 | { | ||
| 624 | 1, | ||
| 625 | SSL3_TXT_KRB5_RC4_128_MD5, | ||
| 626 | SSL3_CK_KRB5_RC4_128_MD5, | ||
| 627 | SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3, | ||
| 628 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 629 | 0, | ||
| 630 | 128, | ||
| 631 | 128, | ||
| 632 | SSL_ALL_CIPHERS, | ||
| 633 | SSL_ALL_STRENGTHS, | ||
| 634 | }, | ||
| 635 | |||
| 636 | /* Cipher 25 VRS */ | ||
| 637 | { | ||
| 638 | 1, | ||
| 639 | SSL3_TXT_KRB5_IDEA_128_CBC_MD5, | ||
| 640 | SSL3_CK_KRB5_IDEA_128_CBC_MD5, | ||
| 641 | SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_MD5 |SSL_SSLV3, | ||
| 642 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 643 | 0, | ||
| 644 | 128, | ||
| 645 | 128, | ||
| 646 | SSL_ALL_CIPHERS, | ||
| 647 | SSL_ALL_STRENGTHS, | ||
| 648 | }, | ||
| 649 | |||
| 606 | /* Cipher 26 VRS */ | 650 | /* Cipher 26 VRS */ |
| 607 | { | 651 | { |
| 608 | 1, | 652 | 1, |
| 609 | SSL3_TXT_KRB5_DES_192_CBC3_MD5, | 653 | SSL3_TXT_KRB5_DES_40_CBC_SHA, |
| 610 | SSL3_CK_KRB5_DES_192_CBC3_MD5, | 654 | SSL3_CK_KRB5_DES_40_CBC_SHA, |
| 611 | SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3, | 655 | SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, |
| 612 | SSL_NOT_EXP|SSL_HIGH, | 656 | SSL_EXPORT|SSL_EXP40, |
| 613 | 0, | 657 | 0, |
| 614 | 112, | 658 | 40, |
| 615 | 168, | 659 | 56, |
| 660 | SSL_ALL_CIPHERS, | ||
| 661 | SSL_ALL_STRENGTHS, | ||
| 662 | }, | ||
| 663 | |||
| 664 | /* Cipher 27 VRS */ | ||
| 665 | { | ||
| 666 | 1, | ||
| 667 | SSL3_TXT_KRB5_RC2_40_CBC_SHA, | ||
| 668 | SSL3_CK_KRB5_RC2_40_CBC_SHA, | ||
| 669 | SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_SHA1 |SSL_SSLV3, | ||
| 670 | SSL_EXPORT|SSL_EXP40, | ||
| 671 | 0, | ||
| 672 | 40, | ||
| 673 | 128, | ||
| 674 | SSL_ALL_CIPHERS, | ||
| 675 | SSL_ALL_STRENGTHS, | ||
| 676 | }, | ||
| 677 | |||
| 678 | /* Cipher 28 VRS */ | ||
| 679 | { | ||
| 680 | 1, | ||
| 681 | SSL3_TXT_KRB5_RC4_40_SHA, | ||
| 682 | SSL3_CK_KRB5_RC4_40_SHA, | ||
| 683 | SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3, | ||
| 684 | SSL_EXPORT|SSL_EXP40, | ||
| 685 | 0, | ||
| 686 | 128, | ||
| 687 | 128, | ||
| 688 | SSL_ALL_CIPHERS, | ||
| 689 | SSL_ALL_STRENGTHS, | ||
| 690 | }, | ||
| 691 | |||
| 692 | /* Cipher 29 VRS */ | ||
| 693 | { | ||
| 694 | 1, | ||
| 695 | SSL3_TXT_KRB5_DES_40_CBC_MD5, | ||
| 696 | SSL3_CK_KRB5_DES_40_CBC_MD5, | ||
| 697 | SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3, | ||
| 698 | SSL_EXPORT|SSL_EXP40, | ||
| 699 | 0, | ||
| 700 | 40, | ||
| 701 | 56, | ||
| 702 | SSL_ALL_CIPHERS, | ||
| 703 | SSL_ALL_STRENGTHS, | ||
| 704 | }, | ||
| 705 | |||
| 706 | /* Cipher 2A VRS */ | ||
| 707 | { | ||
| 708 | 1, | ||
| 709 | SSL3_TXT_KRB5_RC2_40_CBC_MD5, | ||
| 710 | SSL3_CK_KRB5_RC2_40_CBC_MD5, | ||
| 711 | SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_MD5 |SSL_SSLV3, | ||
| 712 | SSL_EXPORT|SSL_EXP40, | ||
| 713 | 0, | ||
| 714 | 40, | ||
| 715 | 128, | ||
| 716 | SSL_ALL_CIPHERS, | ||
| 717 | SSL_ALL_STRENGTHS, | ||
| 718 | }, | ||
| 719 | |||
| 720 | /* Cipher 2B VRS */ | ||
| 721 | { | ||
| 722 | 1, | ||
| 723 | SSL3_TXT_KRB5_RC4_40_MD5, | ||
| 724 | SSL3_CK_KRB5_RC4_40_MD5, | ||
| 725 | SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3, | ||
| 726 | SSL_EXPORT|SSL_EXP40, | ||
| 727 | 0, | ||
| 728 | 128, | ||
| 729 | 128, | ||
| 616 | SSL_ALL_CIPHERS, | 730 | SSL_ALL_CIPHERS, |
| 617 | SSL_ALL_STRENGTHS, | 731 | SSL_ALL_STRENGTHS, |
| 618 | }, | 732 | }, |
| @@ -988,7 +1102,7 @@ void ssl3_free(SSL *s) | |||
| 988 | sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); | 1102 | sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); |
| 989 | EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); | 1103 | EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); |
| 990 | EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); | 1104 | EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); |
| 991 | memset(s->s3,0,sizeof *s->s3); | 1105 | OPENSSL_cleanse(s->s3,sizeof *s->s3); |
| 992 | OPENSSL_free(s->s3); | 1106 | OPENSSL_free(s->s3); |
| 993 | s->s3=NULL; | 1107 | s->s3=NULL; |
| 994 | } | 1108 | } |
| @@ -1343,16 +1457,19 @@ SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) | |||
| 1343 | { | 1457 | { |
| 1344 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); | 1458 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); |
| 1345 | 1459 | ||
| 1346 | for (i=0; i<SSL3_NUM_CIPHERS; i++) | 1460 | if (init) |
| 1347 | sorted[i]= &(ssl3_ciphers[i]); | 1461 | { |
| 1462 | for (i=0; i<SSL3_NUM_CIPHERS; i++) | ||
| 1463 | sorted[i]= &(ssl3_ciphers[i]); | ||
| 1348 | 1464 | ||
| 1349 | qsort( (char *)sorted, | 1465 | qsort(sorted, |
| 1350 | SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *), | 1466 | SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *), |
| 1351 | FP_ICC ssl_cipher_ptr_id_cmp); | 1467 | FP_ICC ssl_cipher_ptr_id_cmp); |
| 1352 | 1468 | ||
| 1469 | init=0; | ||
| 1470 | } | ||
| 1471 | |||
| 1353 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | 1472 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); |
| 1354 | |||
| 1355 | init=0; | ||
| 1356 | } | 1473 | } |
| 1357 | 1474 | ||
| 1358 | id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; | 1475 | id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; |