Add missing strength entries.

[openssl.git] / ssl / s3_lib.c

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 52e2e35a86372cc5f80625c3a4de311a2140f1fb..31994985c9f0603f4d410e02a64aa1ec1f36a5c6 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -113,6 +113,7 @@
 #include <openssl/objects.h>
 #include "ssl_locl.h"
 #include "kssl_lcl.h"
+#include <openssl/md5.h>
 
 const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
 
@@ -169,7 +170,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL3_TXT_ADH_RC4_128_MD5,
        SSL3_CK_ADH_RC4_128_MD5,
        SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
-       SSL_NOT_EXP,
+       SSL_NOT_EXP|SSL_MEDIUM,
        0,
        128,
        128,
@@ -195,7 +196,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL3_TXT_ADH_DES_64_CBC_SHA,
        SSL3_CK_ADH_DES_64_CBC_SHA,
        SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_SSLV3,
-       SSL_NOT_EXP,
+       SSL_NOT_EXP|SSL_LOW,
        0,
        56,
        56,
@@ -208,7 +209,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL3_TXT_ADH_DES_192_CBC_SHA,
        SSL3_CK_ADH_DES_192_CBC_SHA,
        SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
-       SSL_NOT_EXP,
+       SSL_NOT_EXP|SSL_HIGH,
        0,
        168,
        168,
@@ -517,7 +518,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL3_TXT_FZA_DMS_RC4_SHA,
        SSL3_CK_FZA_DMS_RC4_SHA,
        SSL_kFZA|SSL_aFZA |SSL_RC4  |SSL_SHA1|SSL_SSLV3,
-       SSL_NOT_EXP,
+       SSL_NOT_EXP|SSL_MEDIUM,
        0,
        128,
        128,
@@ -702,7 +703,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
            TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
            TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
            SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
-           SSL_NOT_EXP,
+           SSL_NOT_EXP|SSL_MEDIUM,
            0,
            128,
            128,
@@ -951,6 +952,8 @@ int ssl3_new(SSL *s)
 
        if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
        memset(s3,0,sizeof *s3);
+       EVP_MD_CTX_init(&s3->finish_dgst1);
+       EVP_MD_CTX_init(&s3->finish_dgst2);
 
        s->s3=s3;
 
@@ -978,6 +981,8 @@ void ssl3_free(SSL *s)
 #endif
        if (s->s3->tmp.ca_names != NULL)
                sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+       EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
+       EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
        memset(s->s3,0,sizeof *s->s3);
        OPENSSL_free(s->s3);
        s->s3=NULL;
@@ -1004,6 +1009,9 @@ void ssl3_clear(SSL *s)
        rp=s->s3->rbuf.buf;
        wp=s->s3->wbuf.buf;
 
+       EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
+       EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
+
        memset(s->s3,0,sizeof *s->s3);
        if (rp != NULL) s->s3->rbuf.buf=rp;
        if (wp != NULL) s->s3->wbuf.buf=wp;
@@ -1018,7 +1026,7 @@ void ssl3_clear(SSL *s)
        s->version=SSL3_VERSION;
        }
 
-long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg)
+long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
        {
        int ret=0;
 
@@ -1181,7 +1189,7 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)())
        return(ret);
        }
 
-long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
+long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
        {
        CERT *cert;