diff options
| author | djm <> | 2006-06-27 05:07:03 +0000 |
|---|---|---|
| committer | djm <> | 2006-06-27 05:07:03 +0000 |
| commit | 7fe7e1ed6bcd0e342aed7c0f890962dda616aa0d (patch) | |
| tree | 224c33f66b0b932c84dda315d9ba4236bf125b1c /src/lib/libssl/ssl_ciph.c | |
| parent | 3f764f48d2626a43b6eeef7652c28303269d1204 (diff) | |
| download | openbsd-7fe7e1ed6bcd0e342aed7c0f890962dda616aa0d.tar.gz openbsd-7fe7e1ed6bcd0e342aed7c0f890962dda616aa0d.tar.bz2 openbsd-7fe7e1ed6bcd0e342aed7c0f890962dda616aa0d.zip | |
resolve conflicts
Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')
| -rw-r--r-- | src/lib/libssl/ssl_ciph.c | 64 |
1 files changed, 23 insertions, 41 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index a7ccefa30c..f622180c69 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -700,9 +700,18 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 700 | if (!found) | 700 | if (!found) |
| 701 | break; /* ignore this entry */ | 701 | break; /* ignore this entry */ |
| 702 | 702 | ||
| 703 | algorithms |= ca_list[j]->algorithms; | 703 | /* New algorithms: |
| 704 | * 1 - any old restrictions apply outside new mask | ||
| 705 | * 2 - any new restrictions apply outside old mask | ||
| 706 | * 3 - enforce old & new where masks intersect | ||
| 707 | */ | ||
| 708 | algorithms = (algorithms & ~ca_list[j]->mask) | /* 1 */ | ||
| 709 | (ca_list[j]->algorithms & ~mask) | /* 2 */ | ||
| 710 | (algorithms & ca_list[j]->algorithms); /* 3 */ | ||
| 704 | mask |= ca_list[j]->mask; | 711 | mask |= ca_list[j]->mask; |
| 705 | algo_strength |= ca_list[j]->algo_strength; | 712 | algo_strength = (algo_strength & ~ca_list[j]->mask_strength) | |
| 713 | (ca_list[j]->algo_strength & ~mask_strength) | | ||
| 714 | (algo_strength & ca_list[j]->algo_strength); | ||
| 706 | mask_strength |= ca_list[j]->mask_strength; | 715 | mask_strength |= ca_list[j]->mask_strength; |
| 707 | 716 | ||
| 708 | if (!multi) break; | 717 | if (!multi) break; |
| @@ -756,7 +765,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 756 | { | 765 | { |
| 757 | int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; | 766 | int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; |
| 758 | unsigned long disabled_mask; | 767 | unsigned long disabled_mask; |
| 759 | STACK_OF(SSL_CIPHER) *cipherstack; | 768 | STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; |
| 760 | const char *rule_p; | 769 | const char *rule_p; |
| 761 | CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; | 770 | CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; |
| 762 | SSL_CIPHER **ca_list = NULL; | 771 | SSL_CIPHER **ca_list = NULL; |
| @@ -764,7 +773,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 764 | /* | 773 | /* |
| 765 | * Return with error if nothing to do. | 774 | * Return with error if nothing to do. |
| 766 | */ | 775 | */ |
| 767 | if (rule_str == NULL) return(NULL); | 776 | if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) |
| 777 | return NULL; | ||
| 768 | 778 | ||
| 769 | if (init_ciphers) | 779 | if (init_ciphers) |
| 770 | { | 780 | { |
| @@ -875,46 +885,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 875 | } | 885 | } |
| 876 | OPENSSL_free(co_list); /* Not needed any longer */ | 886 | OPENSSL_free(co_list); /* Not needed any longer */ |
| 877 | 887 | ||
| 878 | /* | 888 | tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); |
| 879 | * The following passage is a little bit odd. If pointer variables | 889 | if (tmp_cipher_list == NULL) |
| 880 | * were supplied to hold STACK_OF(SSL_CIPHER) return information, | ||
| 881 | * the old memory pointed to is free()ed. Then, however, the | ||
| 882 | * cipher_list entry will be assigned just a copy of the returned | ||
| 883 | * cipher stack. For cipher_list_by_id a copy of the cipher stack | ||
| 884 | * will be created. See next comment... | ||
| 885 | */ | ||
| 886 | if (cipher_list != NULL) | ||
| 887 | { | ||
| 888 | if (*cipher_list != NULL) | ||
| 889 | sk_SSL_CIPHER_free(*cipher_list); | ||
| 890 | *cipher_list = cipherstack; | ||
| 891 | } | ||
| 892 | |||
| 893 | if (cipher_list_by_id != NULL) | ||
| 894 | { | ||
| 895 | if (*cipher_list_by_id != NULL) | ||
| 896 | sk_SSL_CIPHER_free(*cipher_list_by_id); | ||
| 897 | *cipher_list_by_id = sk_SSL_CIPHER_dup(cipherstack); | ||
| 898 | } | ||
| 899 | |||
| 900 | /* | ||
| 901 | * Now it is getting really strange. If something failed during | ||
| 902 | * the previous pointer assignment or if one of the pointers was | ||
| 903 | * not requested, the error condition is met. That might be | ||
| 904 | * discussable. The strange thing is however that in this case | ||
| 905 | * the memory "ret" pointed to is "free()ed" and hence the pointer | ||
| 906 | * cipher_list becomes wild. The memory reserved for | ||
| 907 | * cipher_list_by_id however is not "free()ed" and stays intact. | ||
| 908 | */ | ||
| 909 | if ( (cipher_list_by_id == NULL) || | ||
| 910 | (*cipher_list_by_id == NULL) || | ||
| 911 | (cipher_list == NULL) || | ||
| 912 | (*cipher_list == NULL)) | ||
| 913 | { | 890 | { |
| 914 | sk_SSL_CIPHER_free(cipherstack); | 891 | sk_SSL_CIPHER_free(cipherstack); |
| 915 | return(NULL); | 892 | return NULL; |
| 916 | } | 893 | } |
| 917 | 894 | if (*cipher_list != NULL) | |
| 895 | sk_SSL_CIPHER_free(*cipher_list); | ||
| 896 | *cipher_list = cipherstack; | ||
| 897 | if (*cipher_list_by_id != NULL) | ||
| 898 | sk_SSL_CIPHER_free(*cipher_list_by_id); | ||
| 899 | *cipher_list_by_id = tmp_cipher_list; | ||
| 918 | sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); | 900 | sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); |
| 919 | 901 | ||
| 920 | return(cipherstack); | 902 | return(cipherstack); |