OpenSSL: OpenSSL_0_9_8-stable: openssl/ssl/ d1_lib.c ssl_locl.h

  OpenSSL CVS Repository
  http://cvs.openssl.org/
 
____________________________________________________________
________________

  Server: cvs.openssl.org                  Name:   Andy
Polyakov
  Root:   /v/openssl/cvs                   Email:  approopenssl.org
  Module: openssl                          Date:  
05-Oct-2007 23:05:27
  Branch: OpenSSL_0_9_8-stable             Handle:
2007100522052700

  Modified files:           (Branch: OpenSSL_0_9_8-stable)
    openssl/ssl             d1_lib.c ssl_locl.h

  Log:
    Prohibit RC4 in DTLS [from HEAD].

  Summary:
    Revision    Changes     Path
    1.1.2.5     +20 -0      openssl/ssl/d1_lib.c
    1.63.2.8    +3  -1      openssl/ssl/ssl_locl.h
 
____________________________________________________________
________________

  patch -p0 <<' .'
  Index: openssl/ssl/d1_lib.c
 
============================================================
================
  $ cvs diff -u -r1.1.2.4 -r1.1.2.5 d1_lib.c
  --- openssl/ssl/d1_lib.c	21 Jan 2007 16:07:25
-0000	1.1.2.4
  +++ openssl/ssl/d1_lib.c	5 Oct 2007 21:05:27
-0000	1.1.2.5
   -188,3 +188,23 
   	ssl3_clear(s);
   	s->version=DTLS1_VERSION;
   	}
  +
  +/*
  + * As it's impossible to use stream ciphers in
"datagram" mode, this
  + * simple filter is designed to disengage them in DTLS.
Unfortunately
  + * there is no universal way to identify stream
SSL_CIPHER, so we have
  + * to explicitly list their SSL_* codes. Currently RC4 is
the only one
  + * available, but if new ones emerge, they will have to
be added...
  + */
  +SSL_CIPHER *dtls1_get_cipher(unsigned int u)
  +	{
  +	SSL_CIPHER *ciph = ssl3_get_cipher(u);
  +
  +	if (ciph != NULL)
  +		{
  +		if ((ciph->algorithms&SSL_ENC_MASK) == SSL_RC4)
  +			return NULL;
  +		}
  +
  +	return ciph;
  +	}
   .
  patch -p0 <<' .'
  Index: openssl/ssl/ssl_locl.h
 
============================================================
================
  $ cvs diff -u -r1.63.2.7 -r1.63.2.8 ssl_locl.h
  --- openssl/ssl/ssl_locl.h	20 Aug 2007 12:44:22
-0000	1.63.2.7
  +++ openssl/ssl/ssl_locl.h	5 Oct 2007 21:05:27
-0000	1.63.2.8
   -695,7 +695,7 
   		ssl3_put_cipher_by_char, 
   		ssl3_pending, 
   		ssl3_num_ciphers, 
  -		ssl3_get_cipher, 
  +		dtls1_get_cipher, 
   		s_get_meth, 
   		dtls1_default_timeout, 
   		&DTLSv1_enc_data, 
   -861,6 +861,8 
   void dtls1_get_ccs_header(unsigned char *data, struct
ccs_header_st *ccs_hdr);
   void dtls1_reset_seq_numbers(SSL *s, int rw);
   long dtls1_default_timeout(void);
  +SSL_CIPHER *dtls1_get_cipher(unsigned int u);
  +
   
   
   /* some client-only functions */
   .
____________________________________________________________
__________
OpenSSL Project                                 http://www.openssl.org
CVS Repository Commit List                    
openssl-cvsopenssl.org
Automated List Manager                          
majordomoopenssl.org