use "=" instead of "|=", fix typo

[openssl.git] / ssl / ssl_ciph.c

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index c31927706a52ac6f9a2135fc2c8dfecdea266e1c..b071a6309fdf21217d8924cb16428409a984160d 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -169,7 +169,6 @@ static int init_ciphers=1;
 
 static void load_ciphers(void)
        {
-       init_ciphers=0;
        ssl_cipher_methods[SSL_ENC_DES_IDX]= 
                EVP_get_cipherbyname(SN_des_cbc);
        ssl_cipher_methods[SSL_ENC_3DES_IDX]=
@@ -193,6 +192,7 @@ static void load_ciphers(void)
                EVP_get_digestbyname(SN_md5);
        ssl_digest_methods[SSL_MD_SHA1_IDX]=
                EVP_get_digestbyname(SN_sha1);
+       init_ciphers=0;
        }
 
 static int sk_comp_cmp(const SSL_COMP * const *a,
@@ -235,7 +235,7 @@ static void load_builtin_compressions(void)
        CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
        }
 
-int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc,
+int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
             const EVP_MD **md, SSL_COMP **comp)
        {
        int i;
@@ -740,9 +740,11 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                        if (!found)
                                break;  /* ignore this entry */
 
-                       algorithms |= ca_list[j]->algorithms;
+                       algorithms = (ca_list[j]->algorithms & ~mask) |
+                                    (ca_list[j]->algorithms &  algorithms & mask);
                        mask |= ca_list[j]->mask;
-                       algo_strength |= ca_list[j]->algo_strength;
+                       algo_strength = (ca_list[j]->algo_strength & ~mask_strength) |
+                                       (ca_list[j]->algo_strength & algo_strength & mask_strength);
                        mask_strength |= ca_list[j]->mask_strength;
 
                        if (!multi) break;
@@ -910,6 +912,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
                        }
                }
        OPENSSL_free(co_list);  /* Not needed any longer */
+       /* if no ciphers where selected let's return NULL */
+       if (sk_SSL_CIPHER_num(cipherstack) == 0)
+               {
+               SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
+               sk_SSL_CIPHER_free(cipherstack);
+               return NULL;
+               }
 
        /*
         * The following passage is a little bit odd. If pointer variables
@@ -959,13 +968,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
        {
        int is_export,pkl,kl;
-       char *ver,*exp_str;
-       char *kx,*au,*enc,*mac;
+       const char *ver,*exp_str;
+       const char *kx,*au,*enc,*mac;
        unsigned long alg,alg2,alg_s;
 #ifdef KSSL_DEBUG
-       static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n";
+       static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n";
 #else
-       static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
+       static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
 #endif /* KSSL_DEBUG */
 
        alg=cipher->algorithms;
@@ -1108,7 +1117,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
        return(buf);
        }
 
-char *SSL_CIPHER_get_version(SSL_CIPHER *c)
+char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
        {
        int i;
 
@@ -1123,7 +1132,7 @@ char *SSL_CIPHER_get_version(SSL_CIPHER *c)
        }
 
 /* return the actual cipher being used */
-const char *SSL_CIPHER_get_name(SSL_CIPHER *c)
+const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
        {
        if (c != NULL)
                return(c->name);
@@ -1131,7 +1140,7 @@ const char *SSL_CIPHER_get_name(SSL_CIPHER *c)
        }
 
 /* number of bits for symmetric cipher */
-int SSL_CIPHER_get_bits(SSL_CIPHER *c, int *alg_bits)
+int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
        {
        int ret=0;