X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_lib.c;h=220533734ac0746b19352186bee0c8cf733af334;hp=68b1ada5bce1a493326616c357ae5f91c59e48eb;hb=44314cf64d1e51c7493799e77b14ae4e94a4c8cf;hpb=dece3209f299ebcd82414868ee39b2c6feb3be0a

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 68b1ada5bc..220533734a 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1678,7 +1678,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_3DES,
 	SSL_SHA1,
 	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
+	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 	168,
 	168,
@@ -1694,7 +1694,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_AES128,
 	SSL_SHA1,
 	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
+	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 	128,
 	128,
@@ -1710,7 +1710,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_AES256,
 	SSL_SHA1,
 	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
+	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 	256,
 	256,
@@ -3029,8 +3029,6 @@ void ssl3_free(SSL *s)
 	SSL_SRP_CTX_free(s);
 #endif
 #ifndef OPENSSL_NO_TLSEXT
-	if (s->s3->tlsext_authz_client_types != NULL)
-		OPENSSL_free(s->s3->tlsext_authz_client_types);
 	if (s->s3->tlsext_custom_types != NULL)
 		OPENSSL_free(s->s3->tlsext_custom_types);
 #endif
@@ -3078,11 +3076,6 @@ void ssl3_clear(SSL *s)
 		}
 #endif
 #ifndef OPENSSL_NO_TLSEXT
-	if (s->s3->tlsext_authz_client_types != NULL)
-		{
-		OPENSSL_free(s->s3->tlsext_authz_client_types);
-		s->s3->tlsext_authz_client_types = NULL;
-		}
 	if (s->s3->tlsext_custom_types != NULL)
 		{
 		OPENSSL_free(s->s3->tlsext_custom_types);
@@ -3091,8 +3084,8 @@ void ssl3_clear(SSL *s)
 	s->s3->tlsext_custom_types_count = 0;	
 #ifndef OPENSSL_NO_EC
 	s->s3->is_probably_safari = 0;
-#endif /* OPENSSL_NO_EC */
-#endif /* OPENSSL_NO_TLSEXT */
+#endif /* !OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_TLSEXT */
 
 	rp = s->s3->rbuf.buf;
 	wp = s->s3->wbuf.buf;
@@ -3892,10 +3885,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
 	case SSL_CTRL_SET_CHAIN_CERT_STORE:
 		return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
 
-	case SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB_ARG:
-		ctx->tlsext_authz_server_audit_proof_cb_arg = parg;
-		break;
-
 #endif /* !OPENSSL_NO_TLSEXT */
 
 	/* A Thawte special :-) */
@@ -4005,12 +3994,6 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
 		ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp;
 		break;
 #endif
-
-	case SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB:
-		ctx->tlsext_authz_server_audit_proof_cb =
-			(int (*)(SSL *, void *))fp;
-		break;
-
 #endif
 	case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
 		{
@@ -4173,15 +4156,15 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 		ii=sk_SSL_CIPHER_find(allow,c);
 		if (ii >= 0)
 			{
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
 			if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari)
 				{
 				if (!ret) ret=sk_SSL_CIPHER_value(allow,ii);
+				continue;
 				}
-			else
-				{
-				ret=sk_SSL_CIPHER_value(allow,ii);
-				break;
-				}
+#endif
+			ret=sk_SSL_CIPHER_value(allow,ii);
+			break;
 			}
 		}
 	return(ret);