List Info

Thread: OpenSSL: openssl/ssl/ d1_lib.c ssl_locl.h
OpenSSL: openssl/ssl/ d1_lib.c ssl_locl.h
country flaguser name
Germany		 2007-10-05 16:04:57 
  OpenSSL CVS Repository
  http://cvs.openssl.org/
 
____________________________________________________________
________________

  Server: cvs.openssl.org                  Name:   Andy
Polyakov
  Root:   /v/openssl/cvs                   Email:  approopenssl.org
  Module: openssl                          Date:  
05-Oct-2007 23:04:56
  Branch: HEAD                             Handle:
2007100522045600

  Modified files:
    openssl/ssl             d1_lib.c ssl_locl.h

  Log:
    Prohibit RC4 in DTLS.

  Summary:
    Revision    Changes     Path
    1.7         +20 -0      openssl/ssl/d1_lib.c
    1.88        +2  -1      openssl/ssl/ssl_locl.h
 
____________________________________________________________
________________

  patch -p0 <<' .'
  Index: openssl/ssl/d1_lib.c
 
============================================================
================
  $ cvs diff -u -r1.6 -r1.7 d1_lib.c
  --- openssl/ssl/d1_lib.c	21 Jan 2007 16:06:05 -0000	1.6
  +++ openssl/ssl/d1_lib.c	5 Oct 2007 21:04:56 -0000	1.7
   -167,3 +167,23 
   	ssl3_clear(s);
   	s->version=DTLS1_VERSION;
   	}
  +
  +/*
  + * As it's impossible to use stream ciphers in
"datagram" mode, this
  + * simple filter is designed to disengage them in DTLS.
Unfortunately
  + * there is no universal way to identify stream
SSL_CIPHER, so we have
  + * to explicitly list their SSL_* codes. Currently RC4 is
the only one
  + * available, but if new ones emerge, they will have to
be added...
  + */
  +SSL_CIPHER *dtls1_get_cipher(unsigned int u)
  +	{
  +	SSL_CIPHER *ciph = ssl3_get_cipher(u);
  +
  +	if (ciph != NULL)
  +		{
  +		if (ciph->algorithm_enc == SSL_RC4)
  +			return NULL;
  +		}
  +
  +	return ciph;
  +	}
   .
  patch -p0 <<' .'
  Index: openssl/ssl/ssl_locl.h
 
============================================================
================
  $ cvs diff -u -r1.87 -r1.88 ssl_locl.h
  --- openssl/ssl/ssl_locl.h	26 Sep 2007 21:56:59
-0000	1.87
  +++ openssl/ssl/ssl_locl.h	5 Oct 2007 21:04:56 -0000	1.88
   -746,7 +746,7 
   		ssl3_put_cipher_by_char, 
   		ssl3_pending, 
   		ssl3_num_ciphers, 
  -		ssl3_get_cipher, 
  +		dtls1_get_cipher, 
   		s_get_meth, 
   		dtls1_default_timeout, 
   		&DTLSv1_enc_data, 
   -915,6 +915,7 
   void dtls1_get_ccs_header(unsigned char *data, struct
ccs_header_st *ccs_hdr);
   void dtls1_reset_seq_numbers(SSL *s, int rw);
   long dtls1_default_timeout(void);
  +SSL_CIPHER *dtls1_get_cipher(unsigned int u);
   
   
   /* some client-only functions */
   .
____________________________________________________________
__________
OpenSSL Project                                 http://www.openssl.org
CVS Repository Commit List                    
openssl-cvsopenssl.org
Automated List Manager                          
majordomoopenssl.org
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )