Ciphers with NULL encryption were not properly handled because they were

author Lutz Jänicke <jaenicke@openssl.org>

Wed, 10 Jul 2002 06:41:55 +0000 (06:41 +0000)

committer Lutz Jänicke <jaenicke@openssl.org>

Wed, 10 Jul 2002 06:41:55 +0000 (06:41 +0000)
author Lutz Jänicke <jaenicke@openssl.org>
Wed, 10 Jul 2002 06:41:55 +0000 (06:41 +0000)
committer Lutz Jänicke <jaenicke@openssl.org>
Wed, 10 Jul 2002 06:41:55 +0000 (06:41 +0000)
diff --git a/CHANGES b/CHANGES

index c61871907aa88b78142834f244029691068e2cdf..6ed2f7163bcd95d6d5c2c61196fd3b019aec7702 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -99,7 +99,7 @@
           EC_GROUP_get_nid()
       [Nils Larsch <nla@trustcenter.de, Bodo Moeller]
   
- Changes between 0.9.6d and 0.9.7  [XX xxx 2002]
+ Changes between 0.9.6e and 0.9.7  [XX xxx 2002]
  
    *) Make sure any ENGINE control commands make local copies of string
       pointers passed to them whenever necessary. Otherwise it is possible
@@ -1732,6 +1732,11 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
  
   Changes between 0.9.6d and 0.9.6e  [XX xxx XXXX]
  
+  *) Fix cipher selection routines: ciphers without encryption had no flags
+     for the cipher strength set and where therefore not handled correctly
+     by the selection routines (PR #130).
+     [Lutz Jaenicke]
+
    *) Fix EVP_dsa_sha macro.
       [Nils Larsch]
  
diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c

index bce2b4e83f2e6b5c426219be6fed8c02580791d8..25823d46e546e4b845a61e0db5e9535e75cc80d2 100644 (file)
--- a/ssl/s2_lib.c
+++ b/ssl/s2_lib.c
@@ -77,7 +77,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
         SSL2_TXT_NULL_WITH_MD5,
         SSL2_CK_NULL_WITH_MD5,
         SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,
-       SSL_EXPORT|SSL_EXP40,
+       SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE,
+       0,
         0,
         0,
         SSL_ALL_CIPHERS,
@@ -197,6 +198,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
         SSL2_TXT_NULL,
         SSL2_CK_NULL,
         0,
+       SSL_STRONG_NONE,
         0,
         0,
         0,
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c

index 686992406c0b37a6a392b747d67b7055b7e7d4c7..14b2f13ae2e9d271f740bbdb10e3a8647894d3b8 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -129,7 +129,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL3_TXT_RSA_NULL_MD5,
         SSL3_CK_RSA_NULL_MD5,
         SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
-       SSL_NOT_EXP,
+       SSL_NOT_EXP|SSL_STRONG_NONE,
         0,
         0,
         0,
@@ -142,7 +142,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL3_TXT_RSA_NULL_SHA,
         SSL3_CK_RSA_NULL_SHA,
         SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
-       SSL_NOT_EXP,
+       SSL_NOT_EXP|SSL_STRONG_NONE,
         0,
         0,
         0,
@@ -490,7 +490,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL3_TXT_FZA_DMS_NULL_SHA,
         SSL3_CK_FZA_DMS_NULL_SHA,
         SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
-       SSL_NOT_EXP,
+       SSL_NOT_EXP|SSL_STRONG_NONE,
         0,
         0,
         0,
@@ -504,7 +504,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL3_TXT_FZA_DMS_FZA_SHA,
         SSL3_CK_FZA_DMS_FZA_SHA,
         SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
-       SSL_NOT_EXP,
+       SSL_NOT_EXP|SSL_STRONG_NONE,
         0,
         0,
         0,
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h

index 17e9bef832581c8e6e53469ba9f790ac796b7c3c..fe4ac839cf0149dbb2b6a2e6f155af2cd61fe84f 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -293,16 +293,17 @@
  #define SSL_NOT_EXP            0x00000001L
  #define SSL_EXPORT             0x00000002L
  
-#define SSL_STRONG_MASK                0x0000007cL
-#define SSL_EXP40              0x00000004L
+#define SSL_STRONG_MASK                0x000000fcL
+#define SSL_STRONG_NONE                0x00000004L
+#define SSL_EXP40              0x00000008L
  #define SSL_MICRO              (SSL_EXP40)
-#define SSL_EXP56              0x00000008L
+#define SSL_EXP56              0x00000010L
  #define SSL_MINI               (SSL_EXP56)
-#define SSL_LOW                        0x00000010L
-#define SSL_MEDIUM             0x00000020L
-#define SSL_HIGH               0x00000040L
+#define SSL_LOW                        0x00000020L
+#define SSL_MEDIUM             0x00000040L
+#define SSL_HIGH               0x00000080L
  
-/* we have used 0000007f - 25 bits left to go */
+/* we have used 000000ff - 24 bits left to go */
  
  /*
   * Macros to check the export status and cipher strength for export ciphers.
author	Lutz Jänicke <jaenicke@openssl.org>
	Wed, 10 Jul 2002 06:41:55 +0000 (06:41 +0000)
committer	Lutz Jänicke <jaenicke@openssl.org>
	Wed, 10 Jul 2002 06:41:55 +0000 (06:41 +0000)
CHANGES		patch \| blob \| history
ssl/s2_lib.c		patch \| blob \| history
ssl/s3_lib.c		patch \| blob \| history
ssl/ssl_locl.h		patch \| blob \| history