static void load_ciphers(void)
{
- init_ciphers=0;
ssl_cipher_methods[SSL_ENC_DES_IDX]=
EVP_get_cipherbyname(SN_des_cbc);
ssl_cipher_methods[SSL_ENC_3DES_IDX]=
EVP_get_digestbyname(SN_md5);
ssl_digest_methods[SSL_MD_SHA1_IDX]=
EVP_get_digestbyname(SN_sha1);
+ init_ciphers=0;
}
static int sk_comp_cmp(const SSL_COMP * const *a,
CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
}
-int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc,
+int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
const EVP_MD **md, SSL_COMP **comp)
{
int i;
if (!found)
break; /* ignore this entry */
- algorithms |= ca_list[j]->algorithms;
+ algorithms = (ca_list[j]->algorithms & ~mask) |
+ (ca_list[j]->algorithms & algorithms & mask);
mask |= ca_list[j]->mask;
- algo_strength |= ca_list[j]->algo_strength;
+ algo_strength = (ca_list[j]->algo_strength & ~mask_strength) |
+ (ca_list[j]->algo_strength & algo_strength & mask_strength);
mask_strength |= ca_list[j]->mask_strength;
if (!multi) break;
}
}
OPENSSL_free(co_list); /* Not needed any longer */
+ /* if no ciphers where selected let's return NULL */
+ if (sk_SSL_CIPHER_num(cipherstack) == 0)
+ {
+ SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
+ sk_SSL_CIPHER_free(cipherstack);
+ return NULL;
+ }
/*
* The following passage is a little bit odd. If pointer variables
char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
{
int is_export,pkl,kl;
- char *ver,*exp_str;
- char *kx,*au,*enc,*mac;
+ const char *ver,*exp_str;
+ const char *kx,*au,*enc,*mac;
unsigned long alg,alg2,alg_s;
#ifdef KSSL_DEBUG
- static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n";
+ static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n";
#else
- static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
+ static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
#endif /* KSSL_DEBUG */
alg=cipher->algorithms;
return(buf);
}
-char *SSL_CIPHER_get_version(SSL_CIPHER *c)
+char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
{
int i;
}
/* return the actual cipher being used */
-const char *SSL_CIPHER_get_name(SSL_CIPHER *c)
+const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
{
if (c != NULL)
return(c->name);
}
/* number of bits for symmetric cipher */
-int SSL_CIPHER_get_bits(SSL_CIPHER *c, int *alg_bits)
+int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
{
int ret=0;