diff options
| author | Lutz Jänicke <jaenicke@openssl.org> | 2002-07-10 06:41:55 +0000 |
|---|---|---|
| committer | Lutz Jänicke <jaenicke@openssl.org> | 2002-07-10 06:41:55 +0000 |
| commit | 063a8905bfd53f3cc12a01789efc23c0ea6af053 (patch) | |
| tree | bc512eec6ab325475c80c7b56fa8b698de9f920f /ssl | |
| parent | cd7562091d0fcad3768e6696411cedde51caba1f (diff) | |
Ciphers with NULL encryption were not properly handled because they were
not covered by the strength bit mask.
Submitted by:
Reviewed by:
PR: 130
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/s2_lib.c | 4 | ||||
| -rw-r--r-- | ssl/s3_lib.c | 8 | ||||
| -rw-r--r-- | ssl/ssl_locl.h | 15 |
3 files changed, 15 insertions, 12 deletions
diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index bce2b4e83f..25823d46e5 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -77,7 +77,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL2_TXT_NULL_WITH_MD5, SSL2_CK_NULL_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2, - SSL_EXPORT|SSL_EXP40, + SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE, + 0, 0, 0, SSL_ALL_CIPHERS, @@ -197,6 +198,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL2_TXT_NULL, SSL2_CK_NULL, 0, + SSL_STRONG_NONE, 0, 0, 0, diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 686992406c..14b2f13ae2 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -129,7 +129,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_RSA_NULL_MD5, SSL3_CK_RSA_NULL_MD5, SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_STRONG_NONE, 0, 0, 0, @@ -142,7 +142,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_RSA_NULL_SHA, SSL3_CK_RSA_NULL_SHA, SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_STRONG_NONE, 0, 0, 0, @@ -490,7 +490,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_FZA_DMS_NULL_SHA, SSL3_CK_FZA_DMS_NULL_SHA, SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_STRONG_NONE, 0, 0, 0, @@ -504,7 +504,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_FZA_DMS_FZA_SHA, SSL3_CK_FZA_DMS_FZA_SHA, SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_STRONG_NONE, 0, 0, 0, diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 17e9bef832..fe4ac839cf 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -293,16 +293,17 @@ #define SSL_NOT_EXP 0x00000001L #define SSL_EXPORT 0x00000002L -#define SSL_STRONG_MASK 0x0000007cL -#define SSL_EXP40 0x00000004L +#define SSL_STRONG_MASK 0x000000fcL +#define SSL_STRONG_NONE 0x00000004L +#define SSL_EXP40 0x00000008L #define SSL_MICRO (SSL_EXP40) -#define SSL_EXP56 0x00000008L +#define SSL_EXP56 0x00000010L #define SSL_MINI (SSL_EXP56) -#define SSL_LOW 0x00000010L -#define SSL_MEDIUM 0x00000020L -#define SSL_HIGH 0x00000040L +#define SSL_LOW 0x00000020L +#define SSL_MEDIUM 0x00000040L +#define SSL_HIGH 0x00000080L -/* we have used 0000007f - 25 bits left to go */ +/* we have used 000000ff - 24 bits left to go */ /* * Macros to check the export status and cipher strength for export ciphers. |