0,0,0,0,0,0
};
-static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
+static const int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,
SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
SSL_HANDSHAKE_MAC_SHA384
{0,SSL_TXT_SHA384,0, 0,0,0,SSL_SHA384, 0,0,0,0,0},
/* protocol version aliases */
- {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0},
{0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0},
{0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0},
{0,SSL_TXT_TLSV1_2,0, 0,0,0,0,SSL_TLSV1_2, 0,0,0,0},
break;
}
- if ((i < 0) || (i > SSL_ENC_NUM_IDX))
+ if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
*enc=NULL;
else
{
i= -1;
break;
}
- if ((i < 0) || (i > SSL_MD_NUM_IDX))
+ if ((i < 0) || (i >= SSL_MD_NUM_IDX))
{
*md=NULL;
if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
s->ssl_version < TLS1_VERSION)
return 1;
-#ifdef OPENSSL_FIPS
if (FIPS_mode())
return 1;
-#endif
if (c->algorithm_enc == SSL_RC4 &&
c->algorithm_mac == SSL_MD5 &&
/*
* We have num_of_ciphers descriptions compiled in, depending on the
- * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
+ * method selected (SSLv3, TLSv1 etc).
* These will later be sorted in a linked list with at most num
* entries.
*/
c = ssl_method->get_cipher(i);
/* drop those that use any of that is not available */
if ((c != NULL) && c->valid &&
-#ifdef OPENSSL_FIPS
(!FIPS_mode() || (c->algo_strength & SSL_FIPS)) &&
-#endif
!(c->algorithm_mkey & disabled_mkey) &&
!(c->algorithm_auth & disabled_auth) &&
!(c->algorithm_enc & disabled_enc) &&
int rule, int strength_bits,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
{
- CIPHER_ORDER *head, *tail, *curr, *curr2, *last;
+ CIPHER_ORDER *head, *tail, *curr, *next, *last;
const SSL_CIPHER *cp;
int reverse = 0;
if (reverse)
{
- curr = tail;
+ next = tail;
last = head;
}
else
{
- curr = head;
+ next = head;
last = tail;
}
- curr2 = curr;
+ curr = NULL;
for (;;)
{
- if ((curr == NULL) || (curr == last)) break;
- curr = curr2;
- curr2 = reverse ? curr->prev : curr->next;
+ if (curr == last) break;
+
+ curr = next;
+
+ if (curr == NULL) break;
+
+ next = reverse ? curr->prev : curr->next;
cp = curr->cipher;
*/
for (curr = head; curr != NULL; curr = curr->next)
{
-#ifdef OPENSSL_FIPS
if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
-#else
- if (curr->active)
-#endif
{
- sk_SSL_CIPHER_push(cipherstack, curr->cipher);
+ if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher))
+ {
+ OPENSSL_free(co_list);
+ sk_SSL_CIPHER_free(cipherstack);
+ return NULL;
+ }
#ifdef CIPHER_DEBUG
printf("<%s>\n",curr->cipher->name);
#endif
int is_export,pkl,kl;
const char *ver,*exp_str;
const char *kx,*au,*enc,*mac;
- unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2;
+ unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl;
#ifdef KSSL_DEBUG
static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
#else
alg_mac = cipher->algorithm_mac;
alg_ssl = cipher->algorithm_ssl;
- alg2=cipher->algorithm2;
-
is_export=SSL_C_IS_EXPORT(cipher);
pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
kl=SSL_C_EXPORT_KEYLENGTH(cipher);
exp_str=is_export?" export":"";
- if (alg_ssl & SSL_SSLV2)
- ver="SSLv2";
- else if (alg_ssl & SSL_SSLV3)
+ if (alg_ssl & SSL_SSLV3)
ver="SSLv3";
else if (alg_ssl & SSL_TLSV1_2)
ver="TLSv1.2";
case SSL_kSRP:
kx="SRP";
break;
+ case SSL_kGOST:
+ kx="GOST";
+ break;
default:
kx="unknown";
}
case SSL_aSRP:
au="SRP";
break;
+ case SSL_aGOST94:
+ au="GOST94";
+ break;
+ case SSL_aGOST01:
+ au="GOST01";
+ break;
default:
au="unknown";
break;
enc="3DES(168)";
break;
case SSL_RC4:
- enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
- :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
+ enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)"):"RC4(128)";
break;
case SSL_RC2:
enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
case SSL_SEED:
enc="SEED(128)";
break;
+ case SSL_eGOST2814789CNT:
+ enc="GOST89(256)";
+ break;
default:
enc="unknown";
break;
case SSL_AEAD:
mac="AEAD";
break;
+ case SSL_GOST89MAC:
+ mac="GOST89";
+ break;
+ case SSL_GOST94:
+ mac="GOST94";
+ break;
default:
mac="unknown";
break;
i=(int)(c->id>>24L);
if (i == 3)
return("TLSv1/SSLv3");
- else if (i == 2)
- return("SSLv2");
else
return("unknown");
}
projects / openssl.git / blobdiff