提交 063a8905 编写于 作者: L Lutz Jänicke

Ciphers with NULL encryption were not properly handled because they were

not covered by the strength bit mask.
Submitted by:
Reviewed by:
PR: 130
上级 cd756209
......@@ -99,7 +99,7 @@
EC_GROUP_get_nid()
[Nils Larsch <nla@trustcenter.de, Bodo Moeller]
Changes between 0.9.6d and 0.9.7 [XX xxx 2002]
Changes between 0.9.6e and 0.9.7 [XX xxx 2002]
*) Make sure any ENGINE control commands make local copies of string
pointers passed to them whenever necessary. Otherwise it is possible
......@@ -1732,6 +1732,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
Changes between 0.9.6d and 0.9.6e [XX xxx XXXX]
*) Fix cipher selection routines: ciphers without encryption had no flags
for the cipher strength set and where therefore not handled correctly
by the selection routines (PR #130).
[Lutz Jaenicke]
*) Fix EVP_dsa_sha macro.
[Nils Larsch]
......
......@@ -77,7 +77,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
SSL2_TXT_NULL_WITH_MD5,
SSL2_CK_NULL_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,
SSL_EXPORT|SSL_EXP40,
SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE,
0,
0,
0,
SSL_ALL_CIPHERS,
......@@ -197,6 +198,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
SSL2_TXT_NULL,
SSL2_CK_NULL,
0,
SSL_STRONG_NONE,
0,
0,
0,
......
......@@ -129,7 +129,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL3_TXT_RSA_NULL_MD5,
SSL3_CK_RSA_NULL_MD5,
SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
SSL_NOT_EXP,
SSL_NOT_EXP|SSL_STRONG_NONE,
0,
0,
0,
......@@ -142,7 +142,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL3_TXT_RSA_NULL_SHA,
SSL3_CK_RSA_NULL_SHA,
SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
SSL_NOT_EXP,
SSL_NOT_EXP|SSL_STRONG_NONE,
0,
0,
0,
......@@ -490,7 +490,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL3_TXT_FZA_DMS_NULL_SHA,
SSL3_CK_FZA_DMS_NULL_SHA,
SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
SSL_NOT_EXP,
SSL_NOT_EXP|SSL_STRONG_NONE,
0,
0,
0,
......@@ -504,7 +504,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL3_TXT_FZA_DMS_FZA_SHA,
SSL3_CK_FZA_DMS_FZA_SHA,
SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
SSL_NOT_EXP,
SSL_NOT_EXP|SSL_STRONG_NONE,
0,
0,
0,
......
......@@ -293,16 +293,17 @@
#define SSL_NOT_EXP 0x00000001L
#define SSL_EXPORT 0x00000002L
#define SSL_STRONG_MASK 0x0000007cL
#define SSL_EXP40 0x00000004L
#define SSL_STRONG_MASK 0x000000fcL
#define SSL_STRONG_NONE 0x00000004L
#define SSL_EXP40 0x00000008L
#define SSL_MICRO (SSL_EXP40)
#define SSL_EXP56 0x00000008L
#define SSL_EXP56 0x00000010L
#define SSL_MINI (SSL_EXP56)
#define SSL_LOW 0x00000010L
#define SSL_MEDIUM 0x00000020L
#define SSL_HIGH 0x00000040L
#define SSL_LOW 0x00000020L
#define SSL_MEDIUM 0x00000040L
#define SSL_HIGH 0x00000080L
/* we have used 0000007f - 25 bits left to go */
/* we have used 000000ff - 24 bits left to go */
/*
* Macros to check the export status and cipher strength for export ciphers.
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册