diff options
| author | beck <> | 2000-04-15 06:18:51 +0000 |
|---|---|---|
| committer | beck <> | 2000-04-15 06:18:51 +0000 |
| commit | b608c7f2b175e121f2c22d53341a317153afdc8e (patch) | |
| tree | e94b160b3fcd8180df79e4251d68d24d665f0195 /src/lib/libssl/ssl_ciph.c | |
| parent | c8d6701c396cebdcd0d45eac73b762e9498f6b01 (diff) | |
| download | openbsd-b608c7f2b175e121f2c22d53341a317153afdc8e.tar.gz openbsd-b608c7f2b175e121f2c22d53341a317153afdc8e.tar.bz2 openbsd-b608c7f2b175e121f2c22d53341a317153afdc8e.zip | |
OpenSSL 0.9.5a merge
Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')
| -rw-r--r-- | src/lib/libssl/ssl_ciph.c | 77 |
1 files changed, 39 insertions, 38 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 1cbc2886e9..7436a50ad1 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -607,7 +607,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 607 | if (buflen == 0) | 607 | if (buflen == 0) |
| 608 | { | 608 | { |
| 609 | /* | 609 | /* |
| 610 | * We hit something, we cannot deal with, | 610 | * We hit something we cannot deal with, |
| 611 | * it is no command or separator nor | 611 | * it is no command or separator nor |
| 612 | * alphanumeric, so we call this an error. | 612 | * alphanumeric, so we call this an error. |
| 613 | */ | 613 | */ |
| @@ -620,6 +620,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 620 | 620 | ||
| 621 | if (rule == CIPHER_SPECIAL) | 621 | if (rule == CIPHER_SPECIAL) |
| 622 | { | 622 | { |
| 623 | found = 0; /* unused -- avoid compiler warning */ | ||
| 623 | break; /* special treatment */ | 624 | break; /* special treatment */ |
| 624 | } | 625 | } |
| 625 | 626 | ||
| @@ -633,12 +634,12 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 633 | multi=0; | 634 | multi=0; |
| 634 | 635 | ||
| 635 | /* | 636 | /* |
| 636 | * Now search for the name in the ca_list. Be careful | 637 | * Now search for the cipher alias in the ca_list. Be careful |
| 637 | * with the strncmp, because the "buflen" limitation | 638 | * with the strncmp, because the "buflen" limitation |
| 638 | * will make the rule "ADH:SOME" and the cipher | 639 | * will make the rule "ADH:SOME" and the cipher |
| 639 | * "ADH-MY-CIPHER" look like a match for buflen=3. | 640 | * "ADH-MY-CIPHER" look like a match for buflen=3. |
| 640 | * So additionally check, whether the cipher name found | 641 | * So additionally check whether the cipher name found |
| 641 | * has the correct length. We can save a strlen() call, | 642 | * has the correct length. We can save a strlen() call: |
| 642 | * just checking for the '\0' at the right place is | 643 | * just checking for the '\0' at the right place is |
| 643 | * sufficient, we have to strncmp() anyway. | 644 | * sufficient, we have to strncmp() anyway. |
| 644 | */ | 645 | */ |
| @@ -665,42 +666,42 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 665 | if (!multi) break; | 666 | if (!multi) break; |
| 666 | } | 667 | } |
| 667 | 668 | ||
| 669 | /* | ||
| 670 | * Ok, we have the rule, now apply it | ||
| 671 | */ | ||
| 672 | if (rule == CIPHER_SPECIAL) | ||
| 673 | { /* special command */ | ||
| 674 | ok = 0; | ||
| 675 | if ((buflen == 8) && | ||
| 676 | !strncmp(buf, "STRENGTH", 8)) | ||
| 677 | ok = ssl_cipher_strength_sort(list, | ||
| 678 | head_p, tail_p); | ||
| 679 | else | ||
| 680 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, | ||
| 681 | SSL_R_INVALID_COMMAND); | ||
| 682 | if (ok == 0) | ||
| 683 | retval = 0; | ||
| 668 | /* | 684 | /* |
| 669 | * Ok, we have the rule, now apply it | 685 | * We do not support any "multi" options |
| 686 | * together with "@", so throw away the | ||
| 687 | * rest of the command, if any left, until | ||
| 688 | * end or ':' is found. | ||
| 670 | */ | 689 | */ |
| 671 | if (rule == CIPHER_SPECIAL) | 690 | while ((*l != '\0') && ITEM_SEP(*l)) |
| 672 | { /* special command */ | 691 | l++; |
| 673 | ok = 0; | 692 | } |
| 674 | if ((buflen == 8) && | 693 | else if (found) |
| 675 | !strncmp(buf, "STRENGTH", 8)) | 694 | { |
| 676 | ok = ssl_cipher_strength_sort(list, | 695 | ssl_cipher_apply_rule(algorithms, mask, |
| 677 | head_p, tail_p); | 696 | algo_strength, mask_strength, rule, -1, |
| 678 | else | 697 | list, head_p, tail_p); |
| 679 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, | 698 | } |
| 680 | SSL_R_INVALID_COMMAND); | 699 | else |
| 681 | if (ok == 0) | 700 | { |
| 682 | retval = 0; | 701 | while ((*l != '\0') && ITEM_SEP(*l)) |
| 683 | /* | 702 | l++; |
| 684 | * We do not support any "multi" options | 703 | } |
| 685 | * together with "@", so throw away the | 704 | if (*l == '\0') break; /* done */ |
| 686 | * rest of the command, if any left, until | ||
| 687 | * end or ':' is found. | ||
| 688 | */ | ||
| 689 | while ((*l != '\0') && ITEM_SEP(*l)) | ||
| 690 | l++; | ||
| 691 | } | ||
| 692 | else if (found) | ||
| 693 | { | ||
| 694 | ssl_cipher_apply_rule(algorithms, mask, | ||
| 695 | algo_strength, mask_strength, rule, -1, | ||
| 696 | list, head_p, tail_p); | ||
| 697 | } | ||
| 698 | else | ||
| 699 | { | ||
| 700 | while ((*l != '\0') && ITEM_SEP(*l)) | ||
| 701 | l++; | ||
| 702 | } | ||
| 703 | if (*l == '\0') break; /* done */ | ||
| 704 | } | 705 | } |
| 705 | 706 | ||
| 706 | return(retval); | 707 | return(retval); |