diff options
| author | Bodo Möller <bodo@openssl.org> | 2006-09-11 09:48:46 +0000 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 2006-09-11 09:48:46 +0000 |
| commit | 879b30aaa35c786519d3936c2f0e02e9260a6be1 (patch) | |
| tree | 00776c36eebee4642a8b96d4e9626d477689f2e2 /ssl/ssl_ciph.c | |
| parent | 40ddcb717afc64e64d97e713b220410f738eedb7 (diff) | |
ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0
ciphersuite as well
Diffstat (limited to 'ssl/ssl_ciph.c')
| -rw-r--r-- | ssl/ssl_ciph.c | 28 |
1 files changed, 16 insertions, 12 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 496b0d245b..933d487ca0 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -565,7 +565,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list, *ca_curr = NULL; /* end of list */ } -static void ssl_cipher_apply_rule(unsigned long cipher_id, +static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_version, unsigned long algorithms, unsigned long mask, unsigned long algo_strength, unsigned long mask_strength, int rule, int strength_bits, CIPHER_ORDER *co_list, @@ -592,9 +592,10 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, cp = curr->cipher; - /* If explicit cipher suite match that one only */ + /* If explicit cipher suite, match only that one for its own protocol version. + * Usual selection criteria will be used for similar ciphersuites from other version! */ - if (cipher_id) + if (cipher_id && (cp->algorithms & SSL_SSL_MASK) == ssl_version) { if (cp->id != cipher_id) continue; @@ -731,7 +732,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list, */ for (i = max_strength_bits; i >= 0; i--) if (number_uses[i] > 0) - ssl_cipher_apply_rule(0, 0, 0, 0, 0, CIPHER_ORD, i, + ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i, co_list, head_p, tail_p); OPENSSL_free(number_uses); @@ -745,7 +746,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, unsigned long algorithms, mask, algo_strength, mask_strength; const char *l, *start, *buf; int j, multi, found, rule, retval, ok, buflen; - unsigned long cipher_id = 0; + unsigned long cipher_id = 0, ssl_version = 0; char ch; retval = 1; @@ -836,6 +837,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, */ j = found = 0; cipher_id = 0; + ssl_version = 0; while (ca_list[j]) { if (!strncmp(buf, ca_list[j]->name, buflen) && @@ -850,12 +852,6 @@ static int ssl_cipher_process_rulestr(const char *rule_str, if (!found) break; /* ignore this entry */ - if (ca_list[j]->valid) - { - cipher_id = ca_list[j]->id; - break; - } - /* New algorithms: * 1 - any old restrictions apply outside new mask * 2 - any new restrictions apply outside old mask @@ -870,6 +866,14 @@ static int ssl_cipher_process_rulestr(const char *rule_str, (algo_strength & ca_list[j]->algo_strength); mask_strength |= ca_list[j]->mask_strength; + /* explicit ciphersuite found */ + if (ca_list[j]->valid) + { + cipher_id = ca_list[j]->id; + ssl_version = ca_list[j]->algorithms & SSL_SSL_MASK; + break; + } + if (!multi) break; } @@ -899,7 +903,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, } else if (found) { - ssl_cipher_apply_rule(cipher_id, algorithms, mask, + ssl_cipher_apply_rule(cipher_id, ssl_version, algorithms, mask, algo_strength, mask_strength, rule, -1, co_list, head_p, tail_p); } |