diff options
| author | Bodo Möller <bodo@openssl.org> | 2006-06-15 17:17:06 +0000 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 2006-06-15 17:17:06 +0000 |
| commit | 09e20e0bd89b65d0d083df63bda4699780cf0028 (patch) | |
| tree | 827fc32cbe843cd672aab812a37327880fbda7a0 /ssl | |
| parent | a717831da4ac9650bde11dfe6be9b586f60b80be (diff) | |
Fix another new bug in the cipherstring logic.
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssl_ciph.c | 41 |
1 files changed, 27 insertions, 14 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 051442f381..4bee00cc6c 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -583,6 +583,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list, CIPHER_ORDER *ciph_curr; SSL_CIPHER **ca_curr; int i; + unsigned long enabled_mask = ~mask; /* * First, add the real ciphers as already collected @@ -598,28 +599,40 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list, /* * Now we add the available ones from the cipher_aliases[] table. - * They represent either an algorithm, that must be - * supported (not disabled through 'mask', i.e. all of the - * SSL_MKEY_MASK, SSL_AUTH_MASK, .. bits in the alias are set in 'mask') + * They represent either one or more algorithms, some of which + * in any affected category must be supported (set in enabled_mask), * or represent a cipher strength value (will be added in any case because algorithms=0). */ for (i = 0; i < num_of_group_aliases; i++) { int algorithms = cipher_aliases[i].algorithms; - if ((i == 0) /* always fetch "ALL" */ || - !(((SSL_MKEY_MASK & algorithms) && (SSL_MKEY_MASK & mask) - && ((algorithms & SSL_MKEY_MASK & mask) == (SSL_MKEY_MASK & mask))) || - ((SSL_AUTH_MASK & algorithms) && (SSL_AUTH_MASK & mask) - && ((algorithms & SSL_AUTH_MASK & mask) == (SSL_AUTH_MASK & mask))) || - ((SSL_ENC_MASK & algorithms) && (SSL_ENC_MASK & mask) - && ((algorithms & SSL_ENC_MASK & mask) == (SSL_ENC_MASK & mask))) || - ((SSL_MAC_MASK & algorithms) && (SSL_MAC_MASK & mask) - && ((algorithms & SSL_MAC_MASK & mask) == (SSL_MAC_MASK & mask))))) + if (SSL_MKEY_MASK & algorithms) { - *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); - ca_curr++; + if ((SSL_MKEY_MASK & algorithms & enabled_mask) == 0) + continue; + } + + if (SSL_AUTH_MASK & algorithms) + { + if ((SSL_AUTH_MASK & algorithms & enabled_mask) == 0) + continue; } + + if (SSL_ENC_MASK & algorithms) + { + if ((SSL_ENC_MASK & algorithms & enabled_mask) == 0) + continue; + } + + if (SSL_MAC_MASK & algorithms) + { + if ((SSL_MAC_MASK & algorithms & enabled_mask) == 0) + continue; + } + + *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); + ca_curr++; } *ca_curr = NULL; /* end of list */ |