From 4064a852058d4217b8de8cfbc5c529c2bebfdfc5 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Lutz=20J=C3=A4nicke?= Date: Wed, 10 Jul 2002 06:40:18 +0000 Subject: [PATCH] Ciphers with NULL encryption were not properly handled because they were not covered by the strength bit mask. Submitted by: Reviewed by: PR: 130 --- CHANGES | 7 ++++++- ssl/s2_lib.c | 4 +++- ssl/s3_lib.c | 8 ++++---- ssl/ssl_locl.h | 15 ++++++++------- 4 files changed, 21 insertions(+), 13 deletions(-) diff --git a/CHANGES b/CHANGES index 97a522cc30..3ea4aa3a6d 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,7 @@ OpenSSL CHANGES _______________ - Changes between 0.9.6d and 0.9.7 [XX xxx 2002] + Changes between 0.9.6e and 0.9.7 [XX xxx 2002] *) Make sure any ENGINE control commands make local copies of string pointers passed to them whenever necessary. Otherwise it is possible @@ -1635,6 +1635,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6d and 0.9.6e [XX xxx XXXX] + *) Fix cipher selection routines: ciphers without encryption had no flags + for the cipher strength set and where therefore not handled correctly + by the selection routines (PR #130). + [Lutz Jaenicke] + *) Fix EVP_dsa_sha macro. [Nils Larsch] diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index bce2b4e83f..25823d46e5 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -77,7 +77,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL2_TXT_NULL_WITH_MD5, SSL2_CK_NULL_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2, - SSL_EXPORT|SSL_EXP40, + SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE, + 0, 0, 0, SSL_ALL_CIPHERS, @@ -197,6 +198,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL2_TXT_NULL, SSL2_CK_NULL, 0, + SSL_STRONG_NONE, 0, 0, 0, diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 686992406c..14b2f13ae2 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -129,7 +129,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_RSA_NULL_MD5, SSL3_CK_RSA_NULL_MD5, SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_STRONG_NONE, 0, 0, 0, @@ -142,7 +142,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_RSA_NULL_SHA, SSL3_CK_RSA_NULL_SHA, SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_STRONG_NONE, 0, 0, 0, @@ -490,7 +490,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_FZA_DMS_NULL_SHA, SSL3_CK_FZA_DMS_NULL_SHA, SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_STRONG_NONE, 0, 0, 0, @@ -504,7 +504,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_FZA_DMS_FZA_SHA, SSL3_CK_FZA_DMS_FZA_SHA, SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_STRONG_NONE, 0, 0, 0, diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 17e9bef832..fe4ac839cf 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -293,16 +293,17 @@ #define SSL_NOT_EXP 0x00000001L #define SSL_EXPORT 0x00000002L -#define SSL_STRONG_MASK 0x0000007cL -#define SSL_EXP40 0x00000004L +#define SSL_STRONG_MASK 0x000000fcL +#define SSL_STRONG_NONE 0x00000004L +#define SSL_EXP40 0x00000008L #define SSL_MICRO (SSL_EXP40) -#define SSL_EXP56 0x00000008L +#define SSL_EXP56 0x00000010L #define SSL_MINI (SSL_EXP56) -#define SSL_LOW 0x00000010L -#define SSL_MEDIUM 0x00000020L -#define SSL_HIGH 0x00000040L +#define SSL_LOW 0x00000020L +#define SSL_MEDIUM 0x00000040L +#define SSL_HIGH 0x00000080L -/* we have used 0000007f - 25 bits left to go */ +/* we have used 000000ff - 24 bits left to go */ /* * Macros to check the export status and cipher strength for export ciphers. -- 2.40.0