mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

If cipher list contains a match for an explicit ciphersuite only match that

Browse Source 
one suite.
This commit is contained in:
Dr. Stephen Henson 2006-04-15 00:22:05 +00:00
parent 51aa7bd321
commit ba1ba5f0fb
2 changed files with 25 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@ -206,6 +206,10 @@
Changes between 0.9.8a and 0.9.8b [XX xxx XXXX] Changes between 0.9.8a and 0.9.8b [XX xxx XXXX]
*) When applying a cipher rule check to see if string match is an explicit
cipher suite and only match that one cipher suite if it is.
[Steve Henson]
*) Link in manifests for VC++ if needed. *) Link in manifests for VC++ if needed.
[Austin Ziegler <halostatue@gmail.com>] [Austin Ziegler <halostatue@gmail.com>]

25
ssl/ssl_ciph.c
View File

@ -515,7 +515,8 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
*ca_curr = NULL; /* end of list */ *ca_curr = NULL; /* end of list */
} }
static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, static void ssl_cipher_apply_rule(unsigned long cipher_id,
unsigned long algorithms, unsigned long mask,
unsigned long algo_strength, unsigned long mask_strength, unsigned long algo_strength, unsigned long mask_strength,
int rule, int strength_bits, CIPHER_ORDER *co_list, int rule, int strength_bits, CIPHER_ORDER *co_list,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
@ -541,11 +542,19 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
cp = curr->cipher; cp = curr->cipher;
/* If explicit cipher suite match that one only */
if (cipher_id)
{
if (cp->id != cipher_id)
continue;
}
/* /*
* Selection criteria is either the number of strength_bits * Selection criteria is either the number of strength_bits
* or the algorithm used. * or the algorithm used.
*/ */
if (strength_bits == -1) else if (strength_bits == -1)
{ {
ma = mask & cp->algorithms; ma = mask & cp->algorithms;
ma_s = mask_strength & cp->algo_strength; ma_s = mask_strength & cp->algo_strength;
@ -658,7 +667,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
*/ */
for (i = max_strength_bits; i >= 0; i--) for (i = max_strength_bits; i >= 0; i--)
if (number_uses[i] > 0) if (number_uses[i] > 0)
ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i, ssl_cipher_apply_rule(0, 0, 0, 0, 0, CIPHER_ORD, i,
co_list, head_p, tail_p); co_list, head_p, tail_p);
OPENSSL_free(number_uses); OPENSSL_free(number_uses);
@ -672,6 +681,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
unsigned long algorithms, mask, algo_strength, mask_strength; unsigned long algorithms, mask, algo_strength, mask_strength;
const char *l, *start, *buf; const char *l, *start, *buf;
int j, multi, found, rule, retval, ok, buflen; int j, multi, found, rule, retval, ok, buflen;
unsigned long cipher_id;
char ch; char ch;
retval = 1; retval = 1;
@ -761,6 +771,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
* use strcmp(), because buf is not '\0' terminated.) * use strcmp(), because buf is not '\0' terminated.)
*/ */
j = found = 0; j = found = 0;
cipher_id = 0;
while (ca_list[j]) while (ca_list[j])
{ {
if (!strncmp(buf, ca_list[j]->name, buflen) && if (!strncmp(buf, ca_list[j]->name, buflen) &&
@ -775,6 +786,12 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
if (!found) if (!found)
break; /* ignore this entry */ break; /* ignore this entry */
if (ca_list[j]->valid)
{
cipher_id = ca_list[j]->id;
break;
}
/* New algorithms: /* New algorithms:
* 1 - any old restrictions apply outside new mask * 1 - any old restrictions apply outside new mask
* 2 - any new restrictions apply outside old mask * 2 - any new restrictions apply outside old mask
@ -818,7 +835,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
} }
else if (found) else if (found)
{ {
ssl_cipher_apply_rule(algorithms, mask, ssl_cipher_apply_rule(cipher_id, algorithms, mask,
algo_strength, mask_strength, rule, -1, algo_strength, mask_strength, rule, -1,
co_list, head_p, tail_p); co_list, head_p, tail_p);
} }