Ciphers with NULL encryption were not properly handled because they were

not covered by the strength bit mask. Submitted by: Reviewed by: PR: 130
2002-07-10 06:40:18 +00:00 · 2002-07-10 06:40:18 +00:00 · 4064a85205
commit 4064a85205
parent 3a9fef60a1
4 changed files with 21 additions and 13 deletions
--- a/7
+++ b/7
@ -2,7 +2,7 @@
 OpenSSL CHANGES
 _______________
- Changes between 0.9.6d and 0.9.7  [XX xxx 2002]
+ Changes between 0.9.6e and 0.9.7  [XX xxx 2002]
  *) Make sure any ENGINE control commands make local copies of string
     pointers passed to them whenever necessary. Otherwise it is possible
@ -1635,6 +1635,11 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
 Changes between 0.9.6d and 0.9.6e  [XX xxx XXXX]
  *) Fix cipher selection routines: ciphers without encryption had no flags
     for the cipher strength set and where therefore not handled correctly
     by the selection routines (PR #130).
     [Lutz Jaenicke]
  *) Fix EVP_dsa_sha macro.
     [Nils Larsch]
--- a/ssl/s2_lib.c
+++ b/ssl/s2_lib.c
@ -77,7 +77,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
 	SSL2_TXT_NULL_WITH_MD5,
 	SSL2_CK_NULL_WITH_MD5,
 	SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,
-	SSL_EXPORT|SSL_EXP40,
+	SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE,
 	0,
 	0,
 	0,
 	SSL_ALL_CIPHERS,
@ -197,6 +198,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
 	SSL2_TXT_NULL,
 	SSL2_CK_NULL,
 	0,
 	SSL_STRONG_NONE,
 	0,
 	0,
 	0,
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@ -129,7 +129,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL3_TXT_RSA_NULL_MD5,
 	SSL3_CK_RSA_NULL_MD5,
 	SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
-	SSL_NOT_EXP,
+	SSL_NOT_EXP|SSL_STRONG_NONE,
 	0,
 	0,
 	0,
@ -142,7 +142,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL3_TXT_RSA_NULL_SHA,
 	SSL3_CK_RSA_NULL_SHA,
 	SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
-	SSL_NOT_EXP,
+	SSL_NOT_EXP|SSL_STRONG_NONE,
 	0,
 	0,
 	0,
@ -490,7 +490,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL3_TXT_FZA_DMS_NULL_SHA,
 	SSL3_CK_FZA_DMS_NULL_SHA,
 	SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
-	SSL_NOT_EXP,
+	SSL_NOT_EXP|SSL_STRONG_NONE,
 	0,
 	0,
 	0,
@ -504,7 +504,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL3_TXT_FZA_DMS_FZA_SHA,
 	SSL3_CK_FZA_DMS_FZA_SHA,
 	SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
-	SSL_NOT_EXP,
+	SSL_NOT_EXP|SSL_STRONG_NONE,
 	0,
 	0,
 	0,
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@ -293,16 +293,17 @@
 #define SSL_NOT_EXP		0x00000001L
 #define SSL_EXPORT		0x00000002L
-#define SSL_STRONG_MASK		0x0000007cL
+#define SSL_STRONG_MASK		0x000000fcL
-#define SSL_EXP40		0x00000004L
+#define SSL_STRONG_NONE		0x00000004L
 #define SSL_EXP40		0x00000008L
 #define SSL_MICRO		(SSL_EXP40)
-#define SSL_EXP56		0x00000008L
+#define SSL_EXP56		0x00000010L
 #define SSL_MINI		(SSL_EXP56)
-#define SSL_LOW			0x00000010L
+#define SSL_LOW			0x00000020L
-#define SSL_MEDIUM		0x00000020L
+#define SSL_MEDIUM		0x00000040L
-#define SSL_HIGH		0x00000040L
+#define SSL_HIGH		0x00000080L
-/* we have used 0000007f - 25 bits left to go */
+/* we have used 000000ff - 24 bits left to go */
 /*
 * Macros to check the export status and cipher strength for export ciphers.