More Kerberos SSL changes from Jeffrey Altman <jaltman@columbia.edu>

[openssl.git] / ssl / s3_lib.c

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 1c572962973c847278851285c348ee318dd24a89..8fbb2c2501629e38ba854b5cd51f661dfd23e53e 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -112,6 +112,8 @@
 #include <stdio.h>
 #include <openssl/objects.h>
 #include "ssl_locl.h"
+#include "kssl_lcl.h"
+#include <openssl/md5.h>
 
 const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
 
@@ -950,6 +952,8 @@ int ssl3_new(SSL *s)
 
        if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
        memset(s3,0,sizeof *s3);
+       EVP_MD_CTX_init(&s3->finish_dgst1);
+       EVP_MD_CTX_init(&s3->finish_dgst2);
 
        s->s3=s3;
 
@@ -977,6 +981,8 @@ void ssl3_free(SSL *s)
 #endif
        if (s->s3->tmp.ca_names != NULL)
                sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+       EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
+       EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
        memset(s->s3,0,sizeof *s->s3);
        OPENSSL_free(s->s3);
        s->s3=NULL;
@@ -1423,6 +1429,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 #endif    /* KSSL_DEBUG */
 
                alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
+#ifndef OPENSSL_NO_KRB5
+                if (alg & SSL_KRB5) 
+                        {
+                        if ( !kssl_keytab_is_available(s->kssl_ctx) )
+                            continue;
+                        }
+#endif /* OPENSSL_NO_KRB5 */
                if (SSL_C_IS_EXPORT(c))
                        {
                        ok=((alg & emask) == alg)?1:0;