SSL3_TXT_RSA_NULL_MD5,
SSL3_CK_RSA_NULL_MD5,
SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
- SSL_NOT_EXP,
+ SSL_NOT_EXP|SSL_STRONG_NONE,
0,
0,
0,
SSL3_TXT_RSA_NULL_SHA,
SSL3_CK_RSA_NULL_SHA,
SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP,
+ SSL_NOT_EXP|SSL_STRONG_NONE,
0,
0,
0,
SSL3_TXT_FZA_DMS_NULL_SHA,
SSL3_CK_FZA_DMS_NULL_SHA,
SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP,
+ SSL_NOT_EXP|SSL_STRONG_NONE,
0,
0,
0,
SSL3_TXT_FZA_DMS_FZA_SHA,
SSL3_CK_FZA_DMS_FZA_SHA,
SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP,
+ SSL_NOT_EXP|SSL_STRONG_NONE,
0,
0,
0,
SSL_ALL_STRENGTHS,
},
+#if 0
/* Cipher 1E */
{
0,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
+#endif
#ifndef OPENSSL_NO_KRB5
/* The Kerberos ciphers
** 20000107 VRS: And the first shall be last,
** in hopes of avoiding the lynx ssl renegotiation problem.
*/
-/* Cipher 21 VRS */
+/* Cipher 1E VRS */
{
1,
- SSL3_TXT_KRB5_DES_40_CBC_SHA,
- SSL3_CK_KRB5_DES_40_CBC_SHA,
+ SSL3_TXT_KRB5_DES_64_CBC_SHA,
+ SSL3_CK_KRB5_DES_64_CBC_SHA,
SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
+ SSL_NOT_EXP|SSL_LOW,
0,
- 40,
+ 56,
56,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
-/* Cipher 22 VRS */
+/* Cipher 1F VRS */
{
1,
- SSL3_TXT_KRB5_DES_40_CBC_MD5,
- SSL3_CK_KRB5_DES_40_CBC_MD5,
- SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
+ SSL3_TXT_KRB5_DES_192_CBC3_SHA,
+ SSL3_CK_KRB5_DES_192_CBC3_SHA,
+ SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3,
+ SSL_NOT_EXP|SSL_HIGH,
0,
- 40,
- 56,
+ 112,
+ 168,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
-/* Cipher 23 VRS */
+/* Cipher 20 VRS */
{
1,
- SSL3_TXT_KRB5_DES_64_CBC_SHA,
- SSL3_CK_KRB5_DES_64_CBC_SHA,
- SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
+ SSL3_TXT_KRB5_RC4_128_SHA,
+ SSL3_CK_KRB5_RC4_128_SHA,
+ SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3,
+ SSL_NOT_EXP|SSL_MEDIUM,
0,
- 56,
- 56,
+ 128,
+ 128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
-/* Cipher 24 VRS */
+/* Cipher 21 VRS */
+ {
+ 1,
+ SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
+ SSL3_CK_KRB5_IDEA_128_CBC_SHA,
+ SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_SHA1 |SSL_SSLV3,
+ SSL_NOT_EXP|SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 22 VRS */
{
1,
SSL3_TXT_KRB5_DES_64_CBC_MD5,
SSL_ALL_STRENGTHS,
},
-/* Cipher 25 VRS */
+/* Cipher 23 VRS */
{
1,
- SSL3_TXT_KRB5_DES_192_CBC3_SHA,
- SSL3_CK_KRB5_DES_192_CBC3_SHA,
- SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3,
+ SSL3_TXT_KRB5_DES_192_CBC3_MD5,
+ SSL3_CK_KRB5_DES_192_CBC3_MD5,
+ SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH,
0,
112,
SSL_ALL_STRENGTHS,
},
+/* Cipher 24 VRS */
+ {
+ 1,
+ SSL3_TXT_KRB5_RC4_128_MD5,
+ SSL3_CK_KRB5_RC4_128_MD5,
+ SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3,
+ SSL_NOT_EXP|SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 25 VRS */
+ {
+ 1,
+ SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
+ SSL3_CK_KRB5_IDEA_128_CBC_MD5,
+ SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_MD5 |SSL_SSLV3,
+ SSL_NOT_EXP|SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
/* Cipher 26 VRS */
{
1,
- SSL3_TXT_KRB5_DES_192_CBC3_MD5,
- SSL3_CK_KRB5_DES_192_CBC3_MD5,
- SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH,
+ SSL3_TXT_KRB5_DES_40_CBC_SHA,
+ SSL3_CK_KRB5_DES_40_CBC_SHA,
+ SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
+ SSL_EXPORT|SSL_EXP40,
0,
- 112,
- 168,
+ 40,
+ 56,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 27 VRS */
+ {
+ 1,
+ SSL3_TXT_KRB5_RC2_40_CBC_SHA,
+ SSL3_CK_KRB5_RC2_40_CBC_SHA,
+ SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_SHA1 |SSL_SSLV3,
+ SSL_EXPORT|SSL_EXP40,
+ 0,
+ 40,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 28 VRS */
+ {
+ 1,
+ SSL3_TXT_KRB5_RC4_40_SHA,
+ SSL3_CK_KRB5_RC4_40_SHA,
+ SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3,
+ SSL_EXPORT|SSL_EXP40,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 29 VRS */
+ {
+ 1,
+ SSL3_TXT_KRB5_DES_40_CBC_MD5,
+ SSL3_CK_KRB5_DES_40_CBC_MD5,
+ SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3,
+ SSL_EXPORT|SSL_EXP40,
+ 0,
+ 40,
+ 56,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 2A VRS */
+ {
+ 1,
+ SSL3_TXT_KRB5_RC2_40_CBC_MD5,
+ SSL3_CK_KRB5_RC2_40_CBC_MD5,
+ SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_MD5 |SSL_SSLV3,
+ SSL_EXPORT|SSL_EXP40,
+ 0,
+ 40,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 2B VRS */
+ {
+ 1,
+ SSL3_TXT_KRB5_RC4_40_MD5,
+ SSL3_CK_KRB5_RC4_40_MD5,
+ SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3,
+ SSL_EXPORT|SSL_EXP40,
+ 0,
+ 128,
+ 128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
- memset(s->s3,0,sizeof *s->s3);
+ OPENSSL_cleanse(s->s3,sizeof *s->s3);
OPENSSL_free(s->s3);
s->s3=NULL;
}
void ssl3_clear(SSL *s)
{
unsigned char *rp,*wp;
+ size_t rlen, wlen;
ssl3_cleanup_key_block(s);
if (s->s3->tmp.ca_names != NULL)
DH_free(s->s3->tmp.dh);
#endif
- rp=s->s3->rbuf.buf;
- wp=s->s3->wbuf.buf;
+ rp = s->s3->rbuf.buf;
+ wp = s->s3->wbuf.buf;
+ rlen = s->s3->rbuf.len;
+ wlen = s->s3->wbuf.len;
EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
memset(s->s3,0,sizeof *s->s3);
- if (rp != NULL) s->s3->rbuf.buf=rp;
- if (wp != NULL) s->s3->wbuf.buf=wp;
+ s->s3->rbuf.buf = rp;
+ s->s3->wbuf.buf = wp;
+ s->s3->rbuf.len = rlen;
+ s->s3->wbuf.len = wlen;
ssl_free_wbio_buffer(s);
{
CRYPTO_w_lock(CRYPTO_LOCK_SSL);
- for (i=0; i<SSL3_NUM_CIPHERS; i++)
- sorted[i]= &(ssl3_ciphers[i]);
+ if (init)
+ {
+ for (i=0; i<SSL3_NUM_CIPHERS; i++)
+ sorted[i]= &(ssl3_ciphers[i]);
- qsort( (char *)sorted,
- SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
- FP_ICC ssl_cipher_ptr_id_cmp);
+ qsort(sorted,
+ SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+ FP_ICC ssl_cipher_ptr_id_cmp);
+ init=0;
+ }
+
CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-
- init=0;
}
id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
if (s->s3->renegotiate) ssl3_renegotiate_check(s);
s->s3->in_read_app_data=1;
ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
- if ((ret == -1) && (s->s3->in_read_app_data == 0))
+ if ((ret == -1) && (s->s3->in_read_app_data == 2))
{
/* ssl3_read_bytes decided to call s->handshake_func, which
* called ssl3_read_bytes to read handshake data.
* However, ssl3_read_bytes actually found application data
- * and thinks that application data makes sense here (signalled
- * by resetting 'in_read_app_data', strangely); so disable
+ * and thinks that application data makes sense here; so disable
* handshake processing and try to read application data again. */
s->in_handshake++;
ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);