diff options
Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')
| -rw-r--r-- | src/lib/libssl/ssl_ciph.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 888b667fa1..df48245b2c 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -125,7 +125,9 @@ static const SSL_CIPHER cipher_aliases[]={ | |||
| 125 | {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0}, | 125 | {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0}, |
| 126 | {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0}, | 126 | {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0}, |
| 127 | {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0}, | 127 | {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0}, |
| 128 | #ifndef OPENSSL_NO_IDEA | ||
| 128 | {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, | 129 | {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, |
| 130 | #endif | ||
| 129 | {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, | 131 | {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, |
| 130 | {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, | 132 | {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, |
| 131 | {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, | 133 | {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, |
| @@ -166,8 +168,12 @@ static void load_ciphers(void) | |||
| 166 | EVP_get_cipherbyname(SN_rc4); | 168 | EVP_get_cipherbyname(SN_rc4); |
| 167 | ssl_cipher_methods[SSL_ENC_RC2_IDX]= | 169 | ssl_cipher_methods[SSL_ENC_RC2_IDX]= |
| 168 | EVP_get_cipherbyname(SN_rc2_cbc); | 170 | EVP_get_cipherbyname(SN_rc2_cbc); |
| 171 | #ifndef OPENSSL_NO_IDEA | ||
| 169 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= | 172 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= |
| 170 | EVP_get_cipherbyname(SN_idea_cbc); | 173 | EVP_get_cipherbyname(SN_idea_cbc); |
| 174 | #else | ||
| 175 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL; | ||
| 176 | #endif | ||
| 171 | ssl_cipher_methods[SSL_ENC_AES128_IDX]= | 177 | ssl_cipher_methods[SSL_ENC_AES128_IDX]= |
| 172 | EVP_get_cipherbyname(SN_aes_128_cbc); | 178 | EVP_get_cipherbyname(SN_aes_128_cbc); |
| 173 | ssl_cipher_methods[SSL_ENC_AES256_IDX]= | 179 | ssl_cipher_methods[SSL_ENC_AES256_IDX]= |
| @@ -668,14 +674,13 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 668 | * So additionally check whether the cipher name found | 674 | * So additionally check whether the cipher name found |
| 669 | * has the correct length. We can save a strlen() call: | 675 | * has the correct length. We can save a strlen() call: |
| 670 | * just checking for the '\0' at the right place is | 676 | * just checking for the '\0' at the right place is |
| 671 | * sufficient, we have to strncmp() anyway. (We cannot | 677 | * sufficient, we have to strncmp() anyway. |
| 672 | * use strcmp(), because buf is not '\0' terminated.) | ||
| 673 | */ | 678 | */ |
| 674 | j = found = 0; | 679 | j = found = 0; |
| 675 | while (ca_list[j]) | 680 | while (ca_list[j]) |
| 676 | { | 681 | { |
| 677 | if (!strncmp(buf, ca_list[j]->name, buflen) && | 682 | if ((ca_list[j]->name[buflen] == '\0') && |
| 678 | (ca_list[j]->name[buflen] == '\0')) | 683 | !strncmp(buf, ca_list[j]->name, buflen)) |
| 679 | { | 684 | { |
| 680 | found = 1; | 685 | found = 1; |
| 681 | break; | 686 | break; |
| @@ -752,12 +757,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 752 | */ | 757 | */ |
| 753 | if (rule_str == NULL) return(NULL); | 758 | if (rule_str == NULL) return(NULL); |
| 754 | 759 | ||
| 755 | if (init_ciphers) | 760 | if (init_ciphers) load_ciphers(); |
| 756 | { | ||
| 757 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); | ||
| 758 | if (init_ciphers) load_ciphers(); | ||
| 759 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | ||
| 760 | } | ||
| 761 | 761 | ||
| 762 | /* | 762 | /* |
| 763 | * To reduce the work to do we only want to process the compiled | 763 | * To reduce the work to do we only want to process the compiled |