1 files changed, 69 insertions, 8 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index f63163f26c..cdd8dde128 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -68,7 +68,9 @@
 #define SSL_ENC_IDEA_IDX        4
 #define SSL_ENC_eFZA_IDX        5
 #define SSL_ENC_NULL_IDX        6
-#define SSL_ENC_NUM_IDX         7
+#define SSL_ENC_AES128_IDX      7
+#define SSL_ENC_AES256_IDX      8
+#define SSL_ENC_NUM_IDX         9
 static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
        NULL,NULL,NULL,NULL,NULL,NULL,
@@ -98,8 +100,10 @@ typedef struct cipher_order_st
        } CIPHER_ORDER;
 static const SSL_CIPHER cipher_aliases[]={
-        /* Don't include eNULL unless specifically enabled */
+        /* Don't include eNULL unless specifically enabled.
-        {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
+         * Similarly, don't include AES in ALL because these ciphers are not yet official. */
+        {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_AES, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
+        {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0},  /* VRS Kerberos5 */
        {0,SSL_TXT_kRSA,0,SSL_kRSA,  0,0,0,0,SSL_MKEY_MASK,0},
        {0,SSL_TXT_kDHr,0,SSL_kDHr,  0,0,0,0,SSL_MKEY_MASK,0},
        {0,SSL_TXT_kDHd,0,SSL_kDHd,  0,0,0,0,SSL_MKEY_MASK,0},
@@ -108,6 +112,7 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_DH,  0,SSL_DH,    0,0,0,0,SSL_MKEY_MASK,0},
        {0,SSL_TXT_EDH, 0,SSL_EDH,   0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0},
+        {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0},  /* VRS Kerberos5 */
        {0,SSL_TXT_aRSA,0,SSL_aRSA,  0,0,0,0,SSL_AUTH_MASK,0},
        {0,SSL_TXT_aDSS,0,SSL_aDSS,  0,0,0,0,SSL_AUTH_MASK,0},
        {0,SSL_TXT_aFZA,0,SSL_aFZA,  0,0,0,0,SSL_AUTH_MASK,0},
@@ -122,12 +127,14 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_IDEA,0,SSL_IDEA,  0,0,0,0,SSL_ENC_MASK,0},
        {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
        {0,SSL_TXT_eFZA,0,SSL_eFZA,  0,0,0,0,SSL_ENC_MASK,0},
+        {0,SSL_TXT_AES, 0,SSL_AES,   0,0,0,0,SSL_ENC_MASK,0},
        {0,SSL_TXT_MD5, 0,SSL_MD5,   0,0,0,0,SSL_MAC_MASK,0},
        {0,SSL_TXT_SHA1,0,SSL_SHA1,  0,0,0,0,SSL_MAC_MASK,0},
        {0,SSL_TXT_SHA, 0,SSL_SHA,   0,0,0,0,SSL_MAC_MASK,0},
        {0,SSL_TXT_NULL,0,SSL_NULL,  0,0,0,0,SSL_ENC_MASK,0},
+        {0,SSL_TXT_KRB5,0,SSL_KRB5,  0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
        {0,SSL_TXT_RSA, 0,SSL_RSA,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
        {0,SSL_TXT_ADH, 0,SSL_ADH,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
        {0,SSL_TXT_FZA, 0,SSL_FZA,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK,0},
@@ -160,6 +167,10 @@ static void load_ciphers(void)
                EVP_get_cipherbyname(SN_rc2_cbc);
        ssl_cipher_methods[SSL_ENC_IDEA_IDX]= 
                EVP_get_cipherbyname(SN_idea_cbc);
+        ssl_cipher_methods[SSL_ENC_AES128_IDX]=
+          EVP_get_cipherbyname(SN_aes_128_cbc);
+        ssl_cipher_methods[SSL_ENC_AES256_IDX]=
+          EVP_get_cipherbyname(SN_aes_256_cbc);
        ssl_digest_methods[SSL_MD_MD5_IDX]=
                EVP_get_digestbyname(SN_md5);
@@ -220,6 +231,14 @@ int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc,
        case SSL_eNULL:
                i=SSL_ENC_NULL_IDX;
                break;
+        case SSL_AES:
+                switch(c->alg_bits)
+                        {
+                case 128: i=SSL_ENC_AES128_IDX; break;
+                case 256: i=SSL_ENC_AES256_IDX; break;
+                default: i=-1; break;
+                        }
+                break;
        default:
                i= -1;
                break;
@@ -282,15 +301,18 @@ static unsigned long ssl_cipher_get_disabled(void)
        unsigned long mask;
        mask = SSL_kFZA;
-#ifdef NO_RSA
+#ifdef OPENSSL_NO_RSA
        mask |= SSL_aRSA|SSL_kRSA;
 #endif
-#ifdef NO_DSA
+#ifdef OPENSSL_NO_DSA
        mask |= SSL_aDSS;
 #endif
-#ifdef NO_DH
+#ifdef OPENSSL_NO_DH
        mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH;
 #endif
+#ifdef OPENSSL_NO_KRB5
+        mask |= SSL_kKRB5|SSL_aKRB5;
+#endif
 #ifdef SSL_FORBID_ENULL
        mask |= SSL_eNULL;
@@ -302,6 +324,7 @@ static unsigned long ssl_cipher_get_disabled(void)
        mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
        mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
        mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
+        mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
        mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
        mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
@@ -336,6 +359,9 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
                        list[list_num].prev = NULL;
                        list[list_num].active = 0;
                        list_num++;
+#ifdef KSSL_DEBUG
+                        printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms);
+#endif  /* KSSL_DEBUG */
                        /*
                        if (!sk_push(ca_list,(char *)c)) goto err;
                        */
@@ -738,6 +764,9 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
         * it is used for allocation.
         */
        num_of_ciphers = ssl_method->num_ciphers();
+#ifdef KSSL_DEBUG
+        printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
+#endif    /* KSSL_DEBUG */
        list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
        if (list == NULL)
                {
@@ -872,8 +901,12 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
        char *ver,*exp;
        char *kx,*au,*enc,*mac;
        unsigned long alg,alg2,alg_s;
+#ifdef KSSL_DEBUG
+        static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n";
+#else
        static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
-        
+#endif /* KSSL_DEBUG */
        alg=cipher->algorithms;
        alg_s=cipher->algo_strength;
        alg2=cipher->algorithm2;
@@ -901,6 +934,10 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
        case SSL_kDHd:
                kx="DH/DSS";
                break;
+        case SSL_kKRB5:         /* VRS */
+        case SSL_KRB5:          /* VRS */
+            kx="KRB5";
+            break;
        case SSL_kFZA:
                kx="Fortezza";
                break;
@@ -922,6 +959,10 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
        case SSL_aDH:
                au="DH";
                break;
+        case SSL_aKRB5:         /* VRS */
+        case SSL_KRB5:          /* VRS */
+            au="KRB5";
+            break;
        case SSL_aFZA:
        case SSL_aNULL:
                au="None";
@@ -955,6 +996,15 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
        case SSL_eNULL:
                enc="None";
                break;
+        case SSL_AES:
+                switch(cipher->strength_bits)
+                        {
+                case 128: enc="AESdraft(128)"; break;
+                case 192: enc="AESdraft(192)"; break;
+                case 256: enc="AESdraft(256)"; break;
+                default: enc="AESdraft(?""?""?)"; break;
+                        }
+                break;
        default:
                enc="unknown";
                break;
@@ -982,7 +1032,11 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
        else if (len < 128)
                return("Buffer too small");
+#ifdef KSSL_DEBUG
+        BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp,alg);
+#else
        BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp);
+#endif /* KSSL_DEBUG */
        return(buf);
        }
@@ -1053,6 +1107,10 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
        SSL_COMP *comp;
        STACK_OF(SSL_COMP) *sk;
+        if (cm == NULL || cm->type == NID_undef)
+                return 1;
+        MemCheck_off();
        comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
        comp->id=id;
        comp->method=cm;
@@ -1062,10 +1120,13 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
                sk=ssl_comp_methods;
        if ((sk == NULL) || !sk_SSL_COMP_push(sk,comp))
                {
+                MemCheck_on();
                SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
                return(0);
                }
        else
+                {
+                MemCheck_on();
                return(1);
+                }
        }

diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index f63163f26c..cdd8dde128 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c
@@ -68,7 +68,9 @@
68	#define SSL_ENC_IDEA_IDX 4	68	#define SSL_ENC_IDEA_IDX 4
69	#define SSL_ENC_eFZA_IDX 5	69	#define SSL_ENC_eFZA_IDX 5
70	#define SSL_ENC_NULL_IDX 6	70	#define SSL_ENC_NULL_IDX 6
71	#define SSL_ENC_NUM_IDX 7	71	#define SSL_ENC_AES128_IDX 7
		72	#define SSL_ENC_AES256_IDX 8
		73	#define SSL_ENC_NUM_IDX 9
72		74
73	static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={	75	static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
74	NULL,NULL,NULL,NULL,NULL,NULL,	76	NULL,NULL,NULL,NULL,NULL,NULL,
@@ -98,8 +100,10 @@ typedef struct cipher_order_st
98	} CIPHER_ORDER;	100	} CIPHER_ORDER;
99		101
100	static const SSL_CIPHER cipher_aliases[]={	102	static const SSL_CIPHER cipher_aliases[]={
101	/* Don't include eNULL unless specifically enabled */	103	/* Don't include eNULL unless specifically enabled.
102	{0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */	104	* Similarly, don't include AES in ALL because these ciphers are not yet official. */
		105	{0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_AES, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
		106	{0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */
103	{0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0},	107	{0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0},
104	{0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0},	108	{0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0},
105	{0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0},	109	{0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0},
@@ -108,6 +112,7 @@ static const SSL_CIPHER cipher_aliases[]={
108	{0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0},	112	{0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0},
109	{0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK\|SSL_AUTH_MASK,0},	113	{0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK\|SSL_AUTH_MASK,0},
110		114
		115	{0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, /* VRS Kerberos5 */
111	{0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0},	116	{0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0},
112	{0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0},	117	{0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0},
113	{0,SSL_TXT_aFZA,0,SSL_aFZA, 0,0,0,0,SSL_AUTH_MASK,0},	118	{0,SSL_TXT_aFZA,0,SSL_aFZA, 0,0,0,0,SSL_AUTH_MASK,0},
@@ -122,12 +127,14 @@ static const SSL_CIPHER cipher_aliases[]={
122	{0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0},	127	{0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0},
123	{0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},	128	{0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
124	{0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0},	129	{0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0},
		130	{0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0},
125		131
126	{0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0},	132	{0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0},
127	{0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0},	133	{0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0},
128	{0,SSL_TXT_SHA, 0,SSL_SHA, 0,0,0,0,SSL_MAC_MASK,0},	134	{0,SSL_TXT_SHA, 0,SSL_SHA, 0,0,0,0,SSL_MAC_MASK,0},
129		135
130	{0,SSL_TXT_NULL,0,SSL_NULL, 0,0,0,0,SSL_ENC_MASK,0},	136	{0,SSL_TXT_NULL,0,SSL_NULL, 0,0,0,0,SSL_ENC_MASK,0},
		137	{0,SSL_TXT_KRB5,0,SSL_KRB5, 0,0,0,0,SSL_AUTH_MASK\|SSL_MKEY_MASK,0},
131	{0,SSL_TXT_RSA, 0,SSL_RSA, 0,0,0,0,SSL_AUTH_MASK\|SSL_MKEY_MASK,0},	138	{0,SSL_TXT_RSA, 0,SSL_RSA, 0,0,0,0,SSL_AUTH_MASK\|SSL_MKEY_MASK,0},
132	{0,SSL_TXT_ADH, 0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK\|SSL_MKEY_MASK,0},	139	{0,SSL_TXT_ADH, 0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK\|SSL_MKEY_MASK,0},
133	{0,SSL_TXT_FZA, 0,SSL_FZA, 0,0,0,0,SSL_AUTH_MASK\|SSL_MKEY_MASK\|SSL_ENC_MASK,0},	140	{0,SSL_TXT_FZA, 0,SSL_FZA, 0,0,0,0,SSL_AUTH_MASK\|SSL_MKEY_MASK\|SSL_ENC_MASK,0},
@@ -160,6 +167,10 @@ static void load_ciphers(void)
160	EVP_get_cipherbyname(SN_rc2_cbc);	167	EVP_get_cipherbyname(SN_rc2_cbc);
161	ssl_cipher_methods[SSL_ENC_IDEA_IDX]=	168	ssl_cipher_methods[SSL_ENC_IDEA_IDX]=
162	EVP_get_cipherbyname(SN_idea_cbc);	169	EVP_get_cipherbyname(SN_idea_cbc);
		170	ssl_cipher_methods[SSL_ENC_AES128_IDX]=
		171	EVP_get_cipherbyname(SN_aes_128_cbc);
		172	ssl_cipher_methods[SSL_ENC_AES256_IDX]=
		173	EVP_get_cipherbyname(SN_aes_256_cbc);
163		174
164	ssl_digest_methods[SSL_MD_MD5_IDX]=	175	ssl_digest_methods[SSL_MD_MD5_IDX]=
165	EVP_get_digestbyname(SN_md5);	176	EVP_get_digestbyname(SN_md5);
@@ -220,6 +231,14 @@ int ssl_cipher_get_evp(SSL_SESSION s, const EVP_CIPHER *enc,
220	case SSL_eNULL:	231	case SSL_eNULL:
221	i=SSL_ENC_NULL_IDX;	232	i=SSL_ENC_NULL_IDX;
222	break;	233	break;
		234	case SSL_AES:
		235	switch(c->alg_bits)
		236	{
		237	case 128: i=SSL_ENC_AES128_IDX; break;
		238	case 256: i=SSL_ENC_AES256_IDX; break;
		239	default: i=-1; break;
		240	}
		241	break;
223	default:	242	default:
224	i= -1;	243	i= -1;
225	break;	244	break;
@@ -282,15 +301,18 @@ static unsigned long ssl_cipher_get_disabled(void)
282	unsigned long mask;	301	unsigned long mask;
283		302
284	mask = SSL_kFZA;	303	mask = SSL_kFZA;
285	#ifdef NO_RSA	304	#ifdef OPENSSL_NO_RSA
286	mask \|= SSL_aRSA\|SSL_kRSA;	305	mask \|= SSL_aRSA\|SSL_kRSA;
287	#endif	306	#endif
288	#ifdef NO_DSA	307	#ifdef OPENSSL_NO_DSA
289	mask \|= SSL_aDSS;	308	mask \|= SSL_aDSS;
290	#endif	309	#endif
291	#ifdef NO_DH	310	#ifdef OPENSSL_NO_DH
292	mask \|= SSL_kDHr\|SSL_kDHd\|SSL_kEDH\|SSL_aDH;	311	mask \|= SSL_kDHr\|SSL_kDHd\|SSL_kEDH\|SSL_aDH;
293	#endif	312	#endif
		313	#ifdef OPENSSL_NO_KRB5
		314	mask \|= SSL_kKRB5\|SSL_aKRB5;
		315	#endif
294		316
295	#ifdef SSL_FORBID_ENULL	317	#ifdef SSL_FORBID_ENULL
296	mask \|= SSL_eNULL;	318	mask \|= SSL_eNULL;
@@ -302,6 +324,7 @@ static unsigned long ssl_cipher_get_disabled(void)
302	mask \|= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;	324	mask \|= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
303	mask \|= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;	325	mask \|= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
304	mask \|= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;	326	mask \|= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
		327	mask \|= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
305		328
306	mask \|= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;	329	mask \|= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
307	mask \|= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;	330	mask \|= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
@@ -336,6 +359,9 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
336	list[list_num].prev = NULL;	359	list[list_num].prev = NULL;
337	list[list_num].active = 0;	360	list[list_num].active = 0;
338	list_num++;	361	list_num++;
		362	#ifdef KSSL_DEBUG
		363	printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms);
		364	#endif /* KSSL_DEBUG */
339	/*	365	/*
340	if (!sk_push(ca_list,(char *)c)) goto err;	366	if (!sk_push(ca_list,(char *)c)) goto err;
341	*/	367	*/
@@ -738,6 +764,9 @@ STACK_OF(SSL_CIPHER) ssl_create_cipher_list(const SSL_METHOD ssl_method,
738	* it is used for allocation.	764	* it is used for allocation.
739	*/	765	*/
740	num_of_ciphers = ssl_method->num_ciphers();	766	num_of_ciphers = ssl_method->num_ciphers();
		767	#ifdef KSSL_DEBUG
		768	printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
		769	#endif /* KSSL_DEBUG */
741	list = (CIPHER_ORDER )OPENSSL_malloc(sizeof(CIPHER_ORDER) num_of_ciphers);	770	list = (CIPHER_ORDER )OPENSSL_malloc(sizeof(CIPHER_ORDER) num_of_ciphers);
742	if (list == NULL)	771	if (list == NULL)
743	{	772	{
@@ -872,8 +901,12 @@ char SSL_CIPHER_description(SSL_CIPHER cipher, char *buf, int len)
872	char ver,exp;	901	char ver,exp;
873	char kx,au,enc,mac;	902	char kx,au,enc,mac;
874	unsigned long alg,alg2,alg_s;	903	unsigned long alg,alg2,alg_s;
		904	#ifdef KSSL_DEBUG
		905	static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n";
		906	#else
875	static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";	907	static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
876		908	#endif /* KSSL_DEBUG */
		909
877	alg=cipher->algorithms;	910	alg=cipher->algorithms;
878	alg_s=cipher->algo_strength;	911	alg_s=cipher->algo_strength;
879	alg2=cipher->algorithm2;	912	alg2=cipher->algorithm2;
@@ -901,6 +934,10 @@ char SSL_CIPHER_description(SSL_CIPHER cipher, char *buf, int len)
901	case SSL_kDHd:	934	case SSL_kDHd:
902	kx="DH/DSS";	935	kx="DH/DSS";
903	break;	936	break;
		937	case SSL_kKRB5: /* VRS */
		938	case SSL_KRB5: /* VRS */
		939	kx="KRB5";
		940	break;
904	case SSL_kFZA:	941	case SSL_kFZA:
905	kx="Fortezza";	942	kx="Fortezza";
906	break;	943	break;
@@ -922,6 +959,10 @@ char SSL_CIPHER_description(SSL_CIPHER cipher, char *buf, int len)
922	case SSL_aDH:	959	case SSL_aDH:
923	au="DH";	960	au="DH";
924	break;	961	break;
		962	case SSL_aKRB5: /* VRS */
		963	case SSL_KRB5: /* VRS */
		964	au="KRB5";
		965	break;
925	case SSL_aFZA:	966	case SSL_aFZA:
926	case SSL_aNULL:	967	case SSL_aNULL:
927	au="None";	968	au="None";
@@ -955,6 +996,15 @@ char SSL_CIPHER_description(SSL_CIPHER cipher, char *buf, int len)
955	case SSL_eNULL:	996	case SSL_eNULL:
956	enc="None";	997	enc="None";
957	break;	998	break;
		999	case SSL_AES:
		1000	switch(cipher->strength_bits)
		1001	{
		1002	case 128: enc="AESdraft(128)"; break;
		1003	case 192: enc="AESdraft(192)"; break;
		1004	case 256: enc="AESdraft(256)"; break;
		1005	default: enc="AESdraft(?""?""?)"; break;
		1006	}
		1007	break;
958	default:	1008	default:
959	enc="unknown";	1009	enc="unknown";
960	break;	1010	break;
@@ -982,7 +1032,11 @@ char SSL_CIPHER_description(SSL_CIPHER cipher, char *buf, int len)
982	else if (len < 128)	1032	else if (len < 128)
983	return("Buffer too small");	1033	return("Buffer too small");
984		1034
		1035	#ifdef KSSL_DEBUG
		1036	BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp,alg);
		1037	#else
985	BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp);	1038	BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp);
		1039	#endif /* KSSL_DEBUG */
986	return(buf);	1040	return(buf);
987	}	1041	}
988		1042
@@ -1053,6 +1107,10 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
1053	SSL_COMP *comp;	1107	SSL_COMP *comp;
1054	STACK_OF(SSL_COMP) *sk;	1108	STACK_OF(SSL_COMP) *sk;
1055		1109
		1110	if (cm == NULL \|\| cm->type == NID_undef)
		1111	return 1;
		1112
		1113	MemCheck_off();
1056	comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));	1114	comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
1057	comp->id=id;	1115	comp->id=id;
1058	comp->method=cm;	1116	comp->method=cm;
@@ -1062,10 +1120,13 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
1062	sk=ssl_comp_methods;	1120	sk=ssl_comp_methods;
1063	if ((sk == NULL) \|\| !sk_SSL_COMP_push(sk,comp))	1121	if ((sk == NULL) \|\| !sk_SSL_COMP_push(sk,comp))
1064	{	1122	{
		1123	MemCheck_on();
1065	SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);	1124	SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
1066	return(0);	1125	return(0);
1067	}	1126	}
1068	else	1127	else
		1128	{
		1129	MemCheck_on();
1069	return(1);	1130	return(1);
		1131	}
1070	}	1132	}
1071