Ciphers with NULL encryption were not properly handled because they were
not covered by the strength bit mask. Submitted by: Reviewed by: PR: 130
This commit is contained in:
Lutz Jänicke
parent
7d0e1c1188
commit
d2cbe66ee1
4 changed files with 20 additions and 12 deletions
5
CHANGES
5
CHANGES
|
|
@ -4,6 +4,11 @@
|
|||
|
||||
Changes between 0.9.6d and 0.9.6e [XX xxx XXXX]
|
||||
|
||||
*) Fix cipher selection routines: ciphers without encryption had no flags
|
||||
for the cipher strength set and where therefore not handled correctly
|
||||
by the selection routines (PR #130).
|
||||
[Lutz Jaenicke]
|
||||
|
||||
*) Fix EVP_dsa_sha macro.
|
||||
[Nils Larsch]
|
||||
|
||||
|
|
|
|||
|
|
@ -76,7 +76,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
|
|||
SSL2_TXT_NULL_WITH_MD5,
|
||||
SSL2_CK_NULL_WITH_MD5,
|
||||
SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,
|
||||
SSL_EXPORT|SSL_EXP40,
|
||||
SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
|
|
@ -196,6 +197,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
|
|||
SSL2_TXT_NULL,
|
||||
SSL2_CK_NULL,
|
||||
0,
|
||||
SSL_STRONG_NONE,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
|
|
|
|||
|
|
@ -129,7 +129,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
|||
SSL3_TXT_RSA_NULL_MD5,
|
||||
SSL3_CK_RSA_NULL_MD5,
|
||||
SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
|
||||
SSL_NOT_EXP,
|
||||
SSL_NOT_EXP|SSL_STRONG_NONE,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
|
|
@ -142,7 +142,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
|||
SSL3_TXT_RSA_NULL_SHA,
|
||||
SSL3_CK_RSA_NULL_SHA,
|
||||
SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
|
||||
SSL_NOT_EXP,
|
||||
SSL_NOT_EXP|SSL_STRONG_NONE,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
|
|
@ -490,7 +490,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
|||
SSL3_TXT_FZA_DMS_NULL_SHA,
|
||||
SSL3_CK_FZA_DMS_NULL_SHA,
|
||||
SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
|
||||
SSL_NOT_EXP,
|
||||
SSL_NOT_EXP|SSL_STRONG_NONE,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
|
|
@ -504,7 +504,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
|||
SSL3_TXT_FZA_DMS_FZA_SHA,
|
||||
SSL3_CK_FZA_DMS_FZA_SHA,
|
||||
SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
|
||||
SSL_NOT_EXP,
|
||||
SSL_NOT_EXP|SSL_STRONG_NONE,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
|
|
|
|||
|
|
@ -283,16 +283,17 @@
|
|||
#define SSL_NOT_EXP 0x00000001L
|
||||
#define SSL_EXPORT 0x00000002L
|
||||
|
||||
#define SSL_STRONG_MASK 0x0000007cL
|
||||
#define SSL_EXP40 0x00000004L
|
||||
#define SSL_STRONG_MASK 0x000000fcL
|
||||
#define SSL_STRONG_NONE 0x00000004L
|
||||
#define SSL_EXP40 0x00000008L
|
||||
#define SSL_MICRO (SSL_EXP40)
|
||||
#define SSL_EXP56 0x00000008L
|
||||
#define SSL_EXP56 0x00000010L
|
||||
#define SSL_MINI (SSL_EXP56)
|
||||
#define SSL_LOW 0x00000010L
|
||||
#define SSL_MEDIUM 0x00000020L
|
||||
#define SSL_HIGH 0x00000040L
|
||||
#define SSL_LOW 0x00000020L
|
||||
#define SSL_MEDIUM 0x00000040L
|
||||
#define SSL_HIGH 0x00000080L
|
||||
|
||||
/* we have used 0000007f - 25 bits left to go */
|
||||
/* we have used 000000ff - 24 bits left to go */
|
||||
|
||||
/*
|
||||
* Macros to check the export status and cipher strength for export ciphers.
|
||||
|
|
|
|||
Loading…
Reference in a new issue