0,0,0,0,0,0
};
-static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
+static const int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,
SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
SSL_HANDSHAKE_MAC_SHA384
{0,SSL_TXT_SHA384,0, 0,0,0,SSL_SHA384, 0,0,0,0,0},
/* protocol version aliases */
- {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0},
{0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0},
{0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0},
{0,SSL_TXT_TLSV1_2,0, 0,0,0,0,SSL_TLSV1_2, 0,0,0,0},
s->ssl_version < TLS1_VERSION)
return 1;
-#ifdef OPENSSL_FIPS
if (FIPS_mode())
return 1;
-#endif
if (c->algorithm_enc == SSL_RC4 &&
c->algorithm_mac == SSL_MD5 &&
/*
* We have num_of_ciphers descriptions compiled in, depending on the
- * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
+ * method selected (SSLv3, TLSv1 etc).
* These will later be sorted in a linked list with at most num
* entries.
*/
c = ssl_method->get_cipher(i);
/* drop those that use any of that is not available */
if ((c != NULL) && c->valid &&
-#ifdef OPENSSL_FIPS
(!FIPS_mode() || (c->algo_strength & SSL_FIPS)) &&
-#endif
!(c->algorithm_mkey & disabled_mkey) &&
!(c->algorithm_auth & disabled_auth) &&
!(c->algorithm_enc & disabled_enc) &&
*/
for (curr = head; curr != NULL; curr = curr->next)
{
-#ifdef OPENSSL_FIPS
if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
-#else
- if (curr->active)
-#endif
{
- sk_SSL_CIPHER_push(cipherstack, curr->cipher);
+ if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher))
+ {
+ OPENSSL_free(co_list);
+ sk_SSL_CIPHER_free(cipherstack);
+ return NULL;
+ }
#ifdef CIPHER_DEBUG
printf("<%s>\n",curr->cipher->name);
#endif
int is_export,pkl,kl;
const char *ver,*exp_str;
const char *kx,*au,*enc,*mac;
- unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2;
+ unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl;
#ifdef KSSL_DEBUG
static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
#else
alg_mac = cipher->algorithm_mac;
alg_ssl = cipher->algorithm_ssl;
- alg2=cipher->algorithm2;
-
is_export=SSL_C_IS_EXPORT(cipher);
pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
kl=SSL_C_EXPORT_KEYLENGTH(cipher);
exp_str=is_export?" export":"";
- if (alg_ssl & SSL_SSLV2)
- ver="SSLv2";
- else if (alg_ssl & SSL_SSLV3)
+ if (alg_ssl & SSL_SSLV3)
ver="SSLv3";
else if (alg_ssl & SSL_TLSV1_2)
ver="TLSv1.2";
kx="SRP";
break;
case SSL_kGOST:
- kx="VKO";
+ kx="GOST";
break;
default:
kx="unknown";
enc="3DES(168)";
break;
case SSL_RC4:
- enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
- :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
+ enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)"):"RC4(128)";
break;
case SSL_RC2:
enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
i=(int)(c->id>>24L);
if (i == 3)
return("TLSv1/SSLv3");
- else if (i == 2)
- return("SSLv2");
else
return("unknown");
}