#include <stdio.h>
#include <openssl/objects.h>
-#ifndef OPENSSL_NO_COMP
-# include <openssl/comp.h>
-#endif
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
+#include <openssl/comp.h>
+#include <openssl/engine.h>
#include "internal/threads.h"
#include "ssl_locl.h"
static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
+#ifndef OPENSSL_NO_COMP
static CRYPTO_ONCE ssl_load_builtin_comp_once = CRYPTO_ONCE_STATIC_INIT;
+#endif
/*
* Constant SSL_MAX_DIGEST equal to size of digests array should be defined
{
size_t i;
const ssl_cipher_table *t;
+
disabled_enc_mask = 0;
+ ssl_sort_cipher_list();
for (i = 0, t = ssl_cipher_table_cipher; i < SSL_ENC_NUM_IDX; i++, t++) {
if (t->nid == NID_undef) {
ssl_cipher_methods[i] = NULL;
#ifndef OPENSSL_NO_COMP
load_builtin_compressions();
#endif
-
*comp = NULL;
ctmp.id = s->compress_meth;
if (ssl_comp_methods != NULL) {
continue;
if (min_tls && (min_tls != cp->min_tls))
continue;
- if (algo_strength && !(algo_strength & cp->algo_strength))
+ if ((algo_strength & SSL_STRONG_MASK)
+ && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
continue;
if ((algo_strength & SSL_DEFAULT_MASK)
&& !(algo_strength & SSL_DEFAULT_MASK & cp->algo_strength))
alg_mac = ca_list[j]->algorithm_mac;
}
- if (ca_list[j]->algo_strength) {
- if (algo_strength) {
- algo_strength &= ca_list[j]->algo_strength;
- if (!algo_strength) {
+ if (ca_list[j]->algo_strength & SSL_STRONG_MASK) {
+ if (algo_strength & SSL_STRONG_MASK) {
+ algo_strength &=
+ (ca_list[j]->algo_strength & SSL_STRONG_MASK) |
+ ~SSL_STRONG_MASK;
+ if (!(algo_strength & SSL_STRONG_MASK)) {
found = 0;
break;
}
} else
- algo_strength = ca_list[j]->algo_strength;
+ algo_strength = ca_list[j]->algo_strength & SSL_STRONG_MASK;
}
if (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) {
{
if (c == NULL)
return "(NONE)";
+
+ /*
+ * Backwards-compatibility crutch. In almost all contexts we report TLS
+ * 1.0 as "TLSv1", but for ciphers we report "TLSv1.0".
+ */
+ if (c->min_tls == TLS1_VERSION)
+ return "TLSv1.0";
return ssl_protocol_to_string(c->min_tls);
}
{
return meths;
}
-void SSL_COMP_free_compression_methods(void)
-{
-}
int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
{
return 1;
OPENSSL_free(cm);
}
-void SSL_COMP_free_compression_methods(void)
+void ssl_comp_free_compression_methods_intern(void)
{
STACK_OF(SSL_COMP) *old_meths = ssl_comp_methods;
ssl_comp_methods = NULL;