OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________
________________
Server: cvs.openssl.org Name: Dr.
Stephen Henson
Root: /v/openssl/cvs Email: steve openssl.org
Module: openssl Date:
15-Apr-2006 02:22:05
Branch: HEAD Handle:
2006041501220401
Modified files:
openssl CHANGES
openssl/ssl ssl_ciph.c
Log:
If cipher list contains a match for an explicit
ciphersuite only match that
one suite.
Summary:
Revision Changes Path
1.1305 +4 -0 openssl/CHANGES
1.56 +21 -4 openssl/ssl/ssl_ciph.c
____________________________________________________________
________________
patch -p0 <<' .'
Index: openssl/CHANGES
============================================================
================
$ cvs diff -u -r1.1304 -r1.1305 CHANGES
--- openssl/CHANGES 13 Apr 2006 20:16:49 -0000 1.1304
+++ openssl/CHANGES 15 Apr 2006 00:22:04 -0000 1.1305
-206,6 +206,10
Changes between 0.9.8a and 0.9.8b [XX xxx XXXX]
+ *) When applying a cipher rule check to see if string
match is an explicit
+ cipher suite and only match that one cipher suite if
it is.
+ [Steve Henson]
+
*) Link in manifests for VC++ if needed.
[Austin Ziegler <halostatuegmail.com>]
.
patch -p0 <<' .'
Index: openssl/ssl/ssl_ciph.c
============================================================
================
$ cvs diff -u -r1.55 -r1.56 ssl_ciph.c
--- openssl/ssl/ssl_ciph.c 10 Mar 2006 23:06:20 -0000 1.55
+++ openssl/ssl/ssl_ciph.c 15 Apr 2006 00:22:05 -0000 1.56
-515,7 +515,8
*ca_curr = NULL; /* end of list */
}
-static void ssl_cipher_apply_rule(unsigned long
algorithms, unsigned long mask,
+static void ssl_cipher_apply_rule(unsigned long
cipher_id,
+ unsigned long algorithms, unsigned long mask,
unsigned long algo_strength, unsigned long
mask_strength,
int rule, int strength_bits, CIPHER_ORDER *co_list,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
-541,11 +542,19
cp = curr->cipher;
+ /* If explicit cipher suite match that one only */
+
+ if (cipher_id)
+ {
+ if (cp->id != cipher_id)
+ continue;
+ }
+
/*
* Selection criteria is either the number of
strength_bits
* or the algorithm used.
*/
- if (strength_bits == -1)
+ else if (strength_bits == -1)
{
ma = mask & cp->algorithms;
ma_s = mask_strength & cp->algo_strength;
-658,7 +667,7
*/
for (i = max_strength_bits; i >= 0; i--)
if (number_uses[i] > 0)
- ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
+ ssl_cipher_apply_rule(0, 0, 0, 0, 0, CIPHER_ORD, i,
co_list, head_p, tail_p);
OPENSSL_free(number_uses);
-672,6 +681,7
unsigned long algorithms, mask, algo_strength,
mask_strength;
const char *l, *start, *buf;
int j, multi, found, rule, retval, ok, buflen;
+ unsigned long cipher_id;
char ch;
retval = 1;
-761,6 +771,7
* use strcmp(), because buf is not '\0'
terminated.)
*/
j = found = 0;
+ cipher_id = 0;
while (ca_list[j])
{
if (!strncmp(buf, ca_list[j]->name, buflen)
&&
-775,6 +786,12
if (!found)
break; /* ignore this entry */
+ if (ca_list[j]->valid)
+ {
+ cipher_id = ca_list[j]->id;
+ break;
+ }
+
/* New algorithms:
* 1 - any old restrictions apply outside new mask
* 2 - any new restrictions apply outside old mask
-818,7 +835,7
}
else if (found)
{
- ssl_cipher_apply_rule(algorithms, mask,
+ ssl_cipher_apply_rule(cipher_id, algorithms, mask,
algo_strength, mask_strength, rule, -1,
co_list, head_p, tail_p);
}
.
____________________________________________________________
__________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List
openssl-cvsopenssl.org
Automated List Manager
majordomoopenssl.org
|