Implement a blacklist for problem OpenSSL ciphers.
Since OpenSSL v1.0.0 was released, a number of ciphers have caused
problems for SXEmacs' ossl, up to and including data corruption. This
changeset prevents these ciphers from being used.
See: `ossl-cipher-blacklist'
The blacklisted ciphers can still be used if they are first removed from
`ossl-cipher-blacklist', but obviously this is not recommended.
* src/openssl.c (ossl_check_cipher): New. Returns 0 if cipher is
NOT on our blacklist.
(Fossl_available_ciphers): Check cipher with ossl_check_cipher().
(ossl_cipher_fun): Ditto.
(Fossl_bytes_to_key): Ditto.
(Fossl_encrypt): Ditto.
(Fossl_encrypt_file): Ditto.
(Fossl_decrypt): Ditto.
(Fossl_decrypt_file): Ditto.
(Fossl_seal): Ditto.
(Fossl_open): Ditto.
(Fossl_pem_write_key): Ditto.
(Fossl_pem_key): Ditto.
(Fossl_digest_size): Typo fix "cipher" -> "digest".
(vars_of_openssl): New var, Vossl_cipher_blacklist. A list of
ciphers we don't want to use.
(syms_of_openssl): Define all of the blacklisted cipher names.
* tests/automated/openssl-tests.el: Run tests on all available
ciphers and digests.
Make sure use of blacklisted ciphers results in an error.
Signed-off-by: Steve Youngs <steve@sxemacs.org>
projects / sxemacs / commit