Ciphers with NULL encryption were not properly handled because they were (d2cbe66e) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+5 −0

Original line number	Diff line number	Diff line
		@@ -4,6 +4,11 @@

		Changes between 0.9.6d and 0.9.6e [XX xxx XXXX]

		*) Fix cipher selection routines: ciphers without encryption had no flags
		for the cipher strength set and where therefore not handled correctly
		by the selection routines (PR #130).
		[Lutz Jaenicke]

		*) Fix EVP_dsa_sha macro.
		[Nils Larsch]

+3 −1

Original line number	Diff line number	Diff line
		@@ -76,7 +76,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
		SSL2_TXT_NULL_WITH_MD5,
		SSL2_CK_NULL_WITH_MD5,
		SSL_kRSA\|SSL_aRSA\|SSL_eNULL\|SSL_MD5\|SSL_SSLV2,
		SSL_EXPORT\|SSL_EXP40,
		SSL_EXPORT\|SSL_EXP40\|SSL_STRONG_NONE,
		0,
		0,
		0,
		SSL_ALL_CIPHERS,
		@@ -196,6 +197,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
		SSL2_TXT_NULL,
		SSL2_CK_NULL,
		0,
		SSL_STRONG_NONE,
		0,
		0,
		0,

+4 −4

Original line number	Diff line number	Diff line
		@@ -129,7 +129,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
		SSL3_TXT_RSA_NULL_MD5,
		SSL3_CK_RSA_NULL_MD5,
		SSL_kRSA\|SSL_aRSA\|SSL_eNULL \|SSL_MD5\|SSL_SSLV3,
		SSL_NOT_EXP,
		SSL_NOT_EXP\|SSL_STRONG_NONE,
		0,
		0,
		0,
		@@ -142,7 +142,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
		SSL3_TXT_RSA_NULL_SHA,
		SSL3_CK_RSA_NULL_SHA,
		SSL_kRSA\|SSL_aRSA\|SSL_eNULL \|SSL_SHA1\|SSL_SSLV3,
		SSL_NOT_EXP,
		SSL_NOT_EXP\|SSL_STRONG_NONE,
		0,
		0,
		0,
		@@ -490,7 +490,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
		SSL3_TXT_FZA_DMS_NULL_SHA,
		SSL3_CK_FZA_DMS_NULL_SHA,
		SSL_kFZA\|SSL_aFZA \|SSL_eNULL \|SSL_SHA1\|SSL_SSLV3,
		SSL_NOT_EXP,
		SSL_NOT_EXP\|SSL_STRONG_NONE,
		0,
		0,
		0,
		@@ -504,7 +504,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
		SSL3_TXT_FZA_DMS_FZA_SHA,
		SSL3_CK_FZA_DMS_FZA_SHA,
		SSL_kFZA\|SSL_aFZA \|SSL_eFZA \|SSL_SHA1\|SSL_SSLV3,
		SSL_NOT_EXP,
		SSL_NOT_EXP\|SSL_STRONG_NONE,
		0,
		0,
		0,

+8 −7

Original line number	Diff line number	Diff line
		@@ -283,16 +283,17 @@
		#define SSL_NOT_EXP 0x00000001L
		#define SSL_EXPORT 0x00000002L

		#define SSL_STRONG_MASK 0x0000007cL
		#define SSL_EXP40 0x00000004L
		#define SSL_STRONG_MASK 0x000000fcL
		#define SSL_STRONG_NONE 0x00000004L
		#define SSL_EXP40 0x00000008L
		#define SSL_MICRO (SSL_EXP40)
		#define SSL_EXP56 0x00000008L
		#define SSL_EXP56 0x00000010L
		#define SSL_MINI (SSL_EXP56)
		#define SSL_LOW 0x00000010L
		#define SSL_MEDIUM 0x00000020L
		#define SSL_HIGH 0x00000040L
		#define SSL_LOW 0x00000020L
		#define SSL_MEDIUM 0x00000040L
		#define SSL_HIGH 0x00000080L

		/* we have used 0000007f - 25 bits left to go */
		/* we have used 000000ff - 24 bits left to go */

		/*
		* Macros to check the export status and cipher strength for export ciphers.