diff options
| author | jsing <> | 2014-05-30 14:31:03 +0000 |
|---|---|---|
| committer | jsing <> | 2014-05-30 14:31:03 +0000 |
| commit | 17938312efedd4defb69e414f2365dc589753dd0 (patch) | |
| tree | 832a4b59300046ef89b87f9785a6e6a88d3054bf /src | |
| parent | d970fd597dc43c71716f5ce1db8f102515a73ad8 (diff) | |
| download | openbsd-17938312efedd4defb69e414f2365dc589753dd0.tar.gz openbsd-17938312efedd4defb69e414f2365dc589753dd0.tar.bz2 openbsd-17938312efedd4defb69e414f2365dc589753dd0.zip | |
More KNF.
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_ciph.c | 129 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_ciph.c | 129 |
2 files changed, 146 insertions, 112 deletions
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c index 72061035aa..456a7536b7 100644 --- a/src/lib/libssl/src/ssl/ssl_ciph.c +++ b/src/lib/libssl/src/ssl/ssl_ciph.c | |||
| @@ -1038,14 +1038,14 @@ ssl_cipher_strength_sort(CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | |||
| 1038 | } | 1038 | } |
| 1039 | 1039 | ||
| 1040 | static int | 1040 | static int |
| 1041 | ssl_cipher_process_rulestr(const char *rule_str, | 1041 | ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p, |
| 1042 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p, | 1042 | CIPHER_ORDER **tail_p, const SSL_CIPHER **ca_list) |
| 1043 | const SSL_CIPHER **ca_list) | ||
| 1044 | { | 1043 | { |
| 1045 | unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; | 1044 | unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl; |
| 1046 | const char *l, *buf; | 1045 | unsigned long algo_strength; |
| 1047 | int j, multi, found, rule, retval, ok, buflen; | 1046 | int j, multi, found, rule, retval, ok, buflen; |
| 1048 | unsigned long cipher_id = 0; | 1047 | unsigned long cipher_id = 0; |
| 1048 | const char *l, *buf; | ||
| 1049 | char ch; | 1049 | char ch; |
| 1050 | 1050 | ||
| 1051 | retval = 1; | 1051 | retval = 1; |
| @@ -1055,21 +1055,21 @@ const SSL_CIPHER **ca_list) | |||
| 1055 | 1055 | ||
| 1056 | if (ch == '\0') | 1056 | if (ch == '\0') |
| 1057 | break; | 1057 | break; |
| 1058 | /* done */ | 1058 | |
| 1059 | if (ch == '-') | 1059 | if (ch == '-') { |
| 1060 | { rule = CIPHER_DEL; | 1060 | rule = CIPHER_DEL; |
| 1061 | l++; | 1061 | l++; |
| 1062 | } else if (ch == '+') | 1062 | } else if (ch == '+') { |
| 1063 | { rule = CIPHER_ORD; | 1063 | rule = CIPHER_ORD; |
| 1064 | l++; | 1064 | l++; |
| 1065 | } else if (ch == '!') | 1065 | } else if (ch == '!') { |
| 1066 | { rule = CIPHER_KILL; | 1066 | rule = CIPHER_KILL; |
| 1067 | l++; | 1067 | l++; |
| 1068 | } else if (ch == '@') | 1068 | } else if (ch == '@') { |
| 1069 | { rule = CIPHER_SPECIAL; | 1069 | rule = CIPHER_SPECIAL; |
| 1070 | l++; | 1070 | l++; |
| 1071 | } else | 1071 | } else { |
| 1072 | { rule = CIPHER_ADD; | 1072 | rule = CIPHER_ADD; |
| 1073 | } | 1073 | } |
| 1074 | 1074 | ||
| 1075 | if (ITEM_SEP(ch)) { | 1075 | if (ITEM_SEP(ch)) { |
| @@ -1091,8 +1091,7 @@ const SSL_CIPHER **ca_list) | |||
| 1091 | while (((ch >= 'A') && (ch <= 'Z')) || | 1091 | while (((ch >= 'A') && (ch <= 'Z')) || |
| 1092 | ((ch >= '0') && (ch <= '9')) || | 1092 | ((ch >= '0') && (ch <= '9')) || |
| 1093 | ((ch >= 'a') && (ch <= 'z')) || | 1093 | ((ch >= 'a') && (ch <= 'z')) || |
| 1094 | (ch == '-') || (ch == '.')) | 1094 | (ch == '-') || (ch == '.')) { |
| 1095 | { | ||
| 1096 | ch = *(++l); | 1095 | ch = *(++l); |
| 1097 | buflen++; | 1096 | buflen++; |
| 1098 | } | 1097 | } |
| @@ -1104,15 +1103,17 @@ const SSL_CIPHER **ca_list) | |||
| 1104 | * alphanumeric, so we call this an error. | 1103 | * alphanumeric, so we call this an error. |
| 1105 | */ | 1104 | */ |
| 1106 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, | 1105 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, |
| 1107 | SSL_R_INVALID_COMMAND); | 1106 | SSL_R_INVALID_COMMAND); |
| 1108 | retval = found = 0; | 1107 | retval = found = 0; |
| 1109 | l++; | 1108 | l++; |
| 1110 | break; | 1109 | break; |
| 1111 | } | 1110 | } |
| 1112 | 1111 | ||
| 1113 | if (rule == CIPHER_SPECIAL) { | 1112 | if (rule == CIPHER_SPECIAL) { |
| 1114 | found = 0; /* unused -- avoid compiler warning */ | 1113 | /* unused -- avoid compiler warning */ |
| 1115 | break; /* special treatment */ | 1114 | found = 0; |
| 1115 | /* special treatment */ | ||
| 1116 | break; | ||
| 1116 | } | 1117 | } |
| 1117 | 1118 | ||
| 1118 | /* check for multi-part specification */ | 1119 | /* check for multi-part specification */ |
| @@ -1123,15 +1124,16 @@ const SSL_CIPHER **ca_list) | |||
| 1123 | multi = 0; | 1124 | multi = 0; |
| 1124 | 1125 | ||
| 1125 | /* | 1126 | /* |
| 1126 | * Now search for the cipher alias in the ca_list. Be careful | 1127 | * Now search for the cipher alias in the ca_list. |
| 1127 | * with the strncmp, because the "buflen" limitation | 1128 | * Be careful with the strncmp, because the "buflen" |
| 1128 | * will make the rule "ADH:SOME" and the cipher | 1129 | * limitation will make the rule "ADH:SOME" and the |
| 1129 | * "ADH-MY-CIPHER" look like a match for buflen=3. | 1130 | * cipher "ADH-MY-CIPHER" look like a match for |
| 1130 | * So additionally check whether the cipher name found | 1131 | * buflen=3. So additionally check whether the cipher |
| 1131 | * has the correct length. We can save a strlen() call: | 1132 | * name found has the correct length. We can save a |
| 1132 | * just checking for the '\0' at the right place is | 1133 | * strlen() call: just checking for the '\0' at the |
| 1133 | * sufficient, we have to strncmp() anyway. (We cannot | 1134 | * right place is sufficient, we have to strncmp() |
| 1134 | * use strcmp(), because buf is not '\0' terminated.) | 1135 | * anyway (we cannot use strcmp(), because buf is not |
| 1136 | * '\0' terminated.) | ||
| 1135 | */ | 1137 | */ |
| 1136 | j = found = 0; | 1138 | j = found = 0; |
| 1137 | cipher_id = 0; | 1139 | cipher_id = 0; |
| @@ -1193,44 +1195,59 @@ const SSL_CIPHER **ca_list) | |||
| 1193 | 1195 | ||
| 1194 | if (ca_list[j]->algo_strength & SSL_EXP_MASK) { | 1196 | if (ca_list[j]->algo_strength & SSL_EXP_MASK) { |
| 1195 | if (algo_strength & SSL_EXP_MASK) { | 1197 | if (algo_strength & SSL_EXP_MASK) { |
| 1196 | algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK; | 1198 | algo_strength &= |
| 1199 | (ca_list[j]->algo_strength & | ||
| 1200 | SSL_EXP_MASK) | ~SSL_EXP_MASK; | ||
| 1197 | if (!(algo_strength & SSL_EXP_MASK)) { | 1201 | if (!(algo_strength & SSL_EXP_MASK)) { |
| 1198 | found = 0; | 1202 | found = 0; |
| 1199 | break; | 1203 | break; |
| 1200 | } | 1204 | } |
| 1201 | } else | 1205 | } else |
| 1202 | algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK; | 1206 | algo_strength |= |
| 1207 | ca_list[j]->algo_strength & | ||
| 1208 | SSL_EXP_MASK; | ||
| 1203 | } | 1209 | } |
| 1204 | 1210 | ||
| 1205 | if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { | 1211 | if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { |
| 1206 | if (algo_strength & SSL_STRONG_MASK) { | 1212 | if (algo_strength & SSL_STRONG_MASK) { |
| 1207 | algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK; | 1213 | algo_strength &= |
| 1208 | if (!(algo_strength & SSL_STRONG_MASK)) { | 1214 | (ca_list[j]->algo_strength & |
| 1215 | SSL_STRONG_MASK) | ~SSL_STRONG_MASK; | ||
| 1216 | if (!(algo_strength & | ||
| 1217 | SSL_STRONG_MASK)) { | ||
| 1209 | found = 0; | 1218 | found = 0; |
| 1210 | break; | 1219 | break; |
| 1211 | } | 1220 | } |
| 1212 | } else | 1221 | } else |
| 1213 | algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK; | 1222 | algo_strength |= |
| 1223 | ca_list[j]->algo_strength & | ||
| 1224 | SSL_STRONG_MASK; | ||
| 1214 | } | 1225 | } |
| 1215 | 1226 | ||
| 1216 | if (ca_list[j]->valid) { | 1227 | if (ca_list[j]->valid) { |
| 1217 | /* explicit ciphersuite found; its protocol version | 1228 | /* |
| 1218 | * does not become part of the search pattern!*/ | 1229 | * explicit ciphersuite found; its protocol |
| 1219 | 1230 | * version does not become part of the search | |
| 1231 | * pattern! | ||
| 1232 | */ | ||
| 1220 | cipher_id = ca_list[j]->id; | 1233 | cipher_id = ca_list[j]->id; |
| 1221 | } else { | 1234 | } else { |
| 1222 | /* not an explicit ciphersuite; only in this case, the | 1235 | /* |
| 1223 | * protocol version is considered part of the search pattern */ | 1236 | * not an explicit ciphersuite; only in this |
| 1224 | 1237 | * case, the protocol version is considered | |
| 1238 | * part of the search pattern | ||
| 1239 | */ | ||
| 1225 | if (ca_list[j]->algorithm_ssl) { | 1240 | if (ca_list[j]->algorithm_ssl) { |
| 1226 | if (alg_ssl) { | 1241 | if (alg_ssl) { |
| 1227 | alg_ssl &= ca_list[j]->algorithm_ssl; | 1242 | alg_ssl &= |
| 1243 | ca_list[j]->algorithm_ssl; | ||
| 1228 | if (!alg_ssl) { | 1244 | if (!alg_ssl) { |
| 1229 | found = 0; | 1245 | found = 0; |
| 1230 | break; | 1246 | break; |
| 1231 | } | 1247 | } |
| 1232 | } else | 1248 | } else |
| 1233 | alg_ssl = ca_list[j]->algorithm_ssl; | 1249 | alg_ssl = |
| 1250 | ca_list[j]->algorithm_ssl; | ||
| 1234 | } | 1251 | } |
| 1235 | } | 1252 | } |
| 1236 | 1253 | ||
| @@ -1241,15 +1258,14 @@ const SSL_CIPHER **ca_list) | |||
| 1241 | /* | 1258 | /* |
| 1242 | * Ok, we have the rule, now apply it | 1259 | * Ok, we have the rule, now apply it |
| 1243 | */ | 1260 | */ |
| 1244 | if (rule == CIPHER_SPECIAL) | 1261 | if (rule == CIPHER_SPECIAL) { |
| 1245 | { /* special command */ | 1262 | /* special command */ |
| 1246 | ok = 0; | 1263 | ok = 0; |
| 1247 | if ((buflen == 8) && | 1264 | if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8)) |
| 1248 | !strncmp(buf, "STRENGTH", 8)) | 1265 | ok = ssl_cipher_strength_sort(head_p, tail_p); |
| 1249 | ok = ssl_cipher_strength_sort(head_p, tail_p); | ||
| 1250 | else | 1266 | else |
| 1251 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, | 1267 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, |
| 1252 | SSL_R_INVALID_COMMAND); | 1268 | SSL_R_INVALID_COMMAND); |
| 1253 | if (ok == 0) | 1269 | if (ok == 0) |
| 1254 | retval = 0; | 1270 | retval = 0; |
| 1255 | /* | 1271 | /* |
| @@ -1259,17 +1275,18 @@ const SSL_CIPHER **ca_list) | |||
| 1259 | * end or ':' is found. | 1275 | * end or ':' is found. |
| 1260 | */ | 1276 | */ |
| 1261 | while ((*l != '\0') && !ITEM_SEP(*l)) | 1277 | while ((*l != '\0') && !ITEM_SEP(*l)) |
| 1262 | l++; | 1278 | l++; |
| 1263 | } else if (found) { | 1279 | } else if (found) { |
| 1264 | ssl_cipher_apply_rule(cipher_id, | 1280 | ssl_cipher_apply_rule(cipher_id, alg_mkey, alg_auth, |
| 1265 | alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, | 1281 | alg_enc, alg_mac, alg_ssl, algo_strength, rule, |
| 1266 | rule, -1, head_p, tail_p); | 1282 | -1, head_p, tail_p); |
| 1267 | } else { | 1283 | } else { |
| 1268 | while ((*l != '\0') && !ITEM_SEP(*l)) | 1284 | while ((*l != '\0') && !ITEM_SEP(*l)) |
| 1269 | l++; | 1285 | l++; |
| 1270 | } | ||
| 1271 | if (*l == '\0') break; /* done */ | ||
| 1272 | } | 1286 | } |
| 1287 | if (*l == '\0') | ||
| 1288 | break; /* done */ | ||
| 1289 | } | ||
| 1273 | 1290 | ||
| 1274 | return (retval); | 1291 | return (retval); |
| 1275 | } | 1292 | } |
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 72061035aa..456a7536b7 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -1038,14 +1038,14 @@ ssl_cipher_strength_sort(CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | |||
| 1038 | } | 1038 | } |
| 1039 | 1039 | ||
| 1040 | static int | 1040 | static int |
| 1041 | ssl_cipher_process_rulestr(const char *rule_str, | 1041 | ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p, |
| 1042 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p, | 1042 | CIPHER_ORDER **tail_p, const SSL_CIPHER **ca_list) |
| 1043 | const SSL_CIPHER **ca_list) | ||
| 1044 | { | 1043 | { |
| 1045 | unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; | 1044 | unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl; |
| 1046 | const char *l, *buf; | 1045 | unsigned long algo_strength; |
| 1047 | int j, multi, found, rule, retval, ok, buflen; | 1046 | int j, multi, found, rule, retval, ok, buflen; |
| 1048 | unsigned long cipher_id = 0; | 1047 | unsigned long cipher_id = 0; |
| 1048 | const char *l, *buf; | ||
| 1049 | char ch; | 1049 | char ch; |
| 1050 | 1050 | ||
| 1051 | retval = 1; | 1051 | retval = 1; |
| @@ -1055,21 +1055,21 @@ const SSL_CIPHER **ca_list) | |||
| 1055 | 1055 | ||
| 1056 | if (ch == '\0') | 1056 | if (ch == '\0') |
| 1057 | break; | 1057 | break; |
| 1058 | /* done */ | 1058 | |
| 1059 | if (ch == '-') | 1059 | if (ch == '-') { |
| 1060 | { rule = CIPHER_DEL; | 1060 | rule = CIPHER_DEL; |
| 1061 | l++; | 1061 | l++; |
| 1062 | } else if (ch == '+') | 1062 | } else if (ch == '+') { |
| 1063 | { rule = CIPHER_ORD; | 1063 | rule = CIPHER_ORD; |
| 1064 | l++; | 1064 | l++; |
| 1065 | } else if (ch == '!') | 1065 | } else if (ch == '!') { |
| 1066 | { rule = CIPHER_KILL; | 1066 | rule = CIPHER_KILL; |
| 1067 | l++; | 1067 | l++; |
| 1068 | } else if (ch == '@') | 1068 | } else if (ch == '@') { |
| 1069 | { rule = CIPHER_SPECIAL; | 1069 | rule = CIPHER_SPECIAL; |
| 1070 | l++; | 1070 | l++; |
| 1071 | } else | 1071 | } else { |
| 1072 | { rule = CIPHER_ADD; | 1072 | rule = CIPHER_ADD; |
| 1073 | } | 1073 | } |
| 1074 | 1074 | ||
| 1075 | if (ITEM_SEP(ch)) { | 1075 | if (ITEM_SEP(ch)) { |
| @@ -1091,8 +1091,7 @@ const SSL_CIPHER **ca_list) | |||
| 1091 | while (((ch >= 'A') && (ch <= 'Z')) || | 1091 | while (((ch >= 'A') && (ch <= 'Z')) || |
| 1092 | ((ch >= '0') && (ch <= '9')) || | 1092 | ((ch >= '0') && (ch <= '9')) || |
| 1093 | ((ch >= 'a') && (ch <= 'z')) || | 1093 | ((ch >= 'a') && (ch <= 'z')) || |
| 1094 | (ch == '-') || (ch == '.')) | 1094 | (ch == '-') || (ch == '.')) { |
| 1095 | { | ||
| 1096 | ch = *(++l); | 1095 | ch = *(++l); |
| 1097 | buflen++; | 1096 | buflen++; |
| 1098 | } | 1097 | } |
| @@ -1104,15 +1103,17 @@ const SSL_CIPHER **ca_list) | |||
| 1104 | * alphanumeric, so we call this an error. | 1103 | * alphanumeric, so we call this an error. |
| 1105 | */ | 1104 | */ |
| 1106 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, | 1105 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, |
| 1107 | SSL_R_INVALID_COMMAND); | 1106 | SSL_R_INVALID_COMMAND); |
| 1108 | retval = found = 0; | 1107 | retval = found = 0; |
| 1109 | l++; | 1108 | l++; |
| 1110 | break; | 1109 | break; |
| 1111 | } | 1110 | } |
| 1112 | 1111 | ||
| 1113 | if (rule == CIPHER_SPECIAL) { | 1112 | if (rule == CIPHER_SPECIAL) { |
| 1114 | found = 0; /* unused -- avoid compiler warning */ | 1113 | /* unused -- avoid compiler warning */ |
| 1115 | break; /* special treatment */ | 1114 | found = 0; |
| 1115 | /* special treatment */ | ||
| 1116 | break; | ||
| 1116 | } | 1117 | } |
| 1117 | 1118 | ||
| 1118 | /* check for multi-part specification */ | 1119 | /* check for multi-part specification */ |
| @@ -1123,15 +1124,16 @@ const SSL_CIPHER **ca_list) | |||
| 1123 | multi = 0; | 1124 | multi = 0; |
| 1124 | 1125 | ||
| 1125 | /* | 1126 | /* |
| 1126 | * Now search for the cipher alias in the ca_list. Be careful | 1127 | * Now search for the cipher alias in the ca_list. |
| 1127 | * with the strncmp, because the "buflen" limitation | 1128 | * Be careful with the strncmp, because the "buflen" |
| 1128 | * will make the rule "ADH:SOME" and the cipher | 1129 | * limitation will make the rule "ADH:SOME" and the |
| 1129 | * "ADH-MY-CIPHER" look like a match for buflen=3. | 1130 | * cipher "ADH-MY-CIPHER" look like a match for |
| 1130 | * So additionally check whether the cipher name found | 1131 | * buflen=3. So additionally check whether the cipher |
| 1131 | * has the correct length. We can save a strlen() call: | 1132 | * name found has the correct length. We can save a |
| 1132 | * just checking for the '\0' at the right place is | 1133 | * strlen() call: just checking for the '\0' at the |
| 1133 | * sufficient, we have to strncmp() anyway. (We cannot | 1134 | * right place is sufficient, we have to strncmp() |
| 1134 | * use strcmp(), because buf is not '\0' terminated.) | 1135 | * anyway (we cannot use strcmp(), because buf is not |
| 1136 | * '\0' terminated.) | ||
| 1135 | */ | 1137 | */ |
| 1136 | j = found = 0; | 1138 | j = found = 0; |
| 1137 | cipher_id = 0; | 1139 | cipher_id = 0; |
| @@ -1193,44 +1195,59 @@ const SSL_CIPHER **ca_list) | |||
| 1193 | 1195 | ||
| 1194 | if (ca_list[j]->algo_strength & SSL_EXP_MASK) { | 1196 | if (ca_list[j]->algo_strength & SSL_EXP_MASK) { |
| 1195 | if (algo_strength & SSL_EXP_MASK) { | 1197 | if (algo_strength & SSL_EXP_MASK) { |
| 1196 | algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK; | 1198 | algo_strength &= |
| 1199 | (ca_list[j]->algo_strength & | ||
| 1200 | SSL_EXP_MASK) | ~SSL_EXP_MASK; | ||
| 1197 | if (!(algo_strength & SSL_EXP_MASK)) { | 1201 | if (!(algo_strength & SSL_EXP_MASK)) { |
| 1198 | found = 0; | 1202 | found = 0; |
| 1199 | break; | 1203 | break; |
| 1200 | } | 1204 | } |
| 1201 | } else | 1205 | } else |
| 1202 | algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK; | 1206 | algo_strength |= |
| 1207 | ca_list[j]->algo_strength & | ||
| 1208 | SSL_EXP_MASK; | ||
| 1203 | } | 1209 | } |
| 1204 | 1210 | ||
| 1205 | if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { | 1211 | if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { |
| 1206 | if (algo_strength & SSL_STRONG_MASK) { | 1212 | if (algo_strength & SSL_STRONG_MASK) { |
| 1207 | algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK; | 1213 | algo_strength &= |
| 1208 | if (!(algo_strength & SSL_STRONG_MASK)) { | 1214 | (ca_list[j]->algo_strength & |
| 1215 | SSL_STRONG_MASK) | ~SSL_STRONG_MASK; | ||
| 1216 | if (!(algo_strength & | ||
| 1217 | SSL_STRONG_MASK)) { | ||
| 1209 | found = 0; | 1218 | found = 0; |
| 1210 | break; | 1219 | break; |
| 1211 | } | 1220 | } |
| 1212 | } else | 1221 | } else |
| 1213 | algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK; | 1222 | algo_strength |= |
| 1223 | ca_list[j]->algo_strength & | ||
| 1224 | SSL_STRONG_MASK; | ||
| 1214 | } | 1225 | } |
| 1215 | 1226 | ||
| 1216 | if (ca_list[j]->valid) { | 1227 | if (ca_list[j]->valid) { |
| 1217 | /* explicit ciphersuite found; its protocol version | 1228 | /* |
| 1218 | * does not become part of the search pattern!*/ | 1229 | * explicit ciphersuite found; its protocol |
| 1219 | 1230 | * version does not become part of the search | |
| 1231 | * pattern! | ||
| 1232 | */ | ||
| 1220 | cipher_id = ca_list[j]->id; | 1233 | cipher_id = ca_list[j]->id; |
| 1221 | } else { | 1234 | } else { |
| 1222 | /* not an explicit ciphersuite; only in this case, the | 1235 | /* |
| 1223 | * protocol version is considered part of the search pattern */ | 1236 | * not an explicit ciphersuite; only in this |
| 1224 | 1237 | * case, the protocol version is considered | |
| 1238 | * part of the search pattern | ||
| 1239 | */ | ||
| 1225 | if (ca_list[j]->algorithm_ssl) { | 1240 | if (ca_list[j]->algorithm_ssl) { |
| 1226 | if (alg_ssl) { | 1241 | if (alg_ssl) { |
| 1227 | alg_ssl &= ca_list[j]->algorithm_ssl; | 1242 | alg_ssl &= |
| 1243 | ca_list[j]->algorithm_ssl; | ||
| 1228 | if (!alg_ssl) { | 1244 | if (!alg_ssl) { |
| 1229 | found = 0; | 1245 | found = 0; |
| 1230 | break; | 1246 | break; |
| 1231 | } | 1247 | } |
| 1232 | } else | 1248 | } else |
| 1233 | alg_ssl = ca_list[j]->algorithm_ssl; | 1249 | alg_ssl = |
| 1250 | ca_list[j]->algorithm_ssl; | ||
| 1234 | } | 1251 | } |
| 1235 | } | 1252 | } |
| 1236 | 1253 | ||
| @@ -1241,15 +1258,14 @@ const SSL_CIPHER **ca_list) | |||
| 1241 | /* | 1258 | /* |
| 1242 | * Ok, we have the rule, now apply it | 1259 | * Ok, we have the rule, now apply it |
| 1243 | */ | 1260 | */ |
| 1244 | if (rule == CIPHER_SPECIAL) | 1261 | if (rule == CIPHER_SPECIAL) { |
| 1245 | { /* special command */ | 1262 | /* special command */ |
| 1246 | ok = 0; | 1263 | ok = 0; |
| 1247 | if ((buflen == 8) && | 1264 | if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8)) |
| 1248 | !strncmp(buf, "STRENGTH", 8)) | 1265 | ok = ssl_cipher_strength_sort(head_p, tail_p); |
| 1249 | ok = ssl_cipher_strength_sort(head_p, tail_p); | ||
| 1250 | else | 1266 | else |
| 1251 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, | 1267 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, |
| 1252 | SSL_R_INVALID_COMMAND); | 1268 | SSL_R_INVALID_COMMAND); |
| 1253 | if (ok == 0) | 1269 | if (ok == 0) |
| 1254 | retval = 0; | 1270 | retval = 0; |
| 1255 | /* | 1271 | /* |
| @@ -1259,17 +1275,18 @@ const SSL_CIPHER **ca_list) | |||
| 1259 | * end or ':' is found. | 1275 | * end or ':' is found. |
| 1260 | */ | 1276 | */ |
| 1261 | while ((*l != '\0') && !ITEM_SEP(*l)) | 1277 | while ((*l != '\0') && !ITEM_SEP(*l)) |
| 1262 | l++; | 1278 | l++; |
| 1263 | } else if (found) { | 1279 | } else if (found) { |
| 1264 | ssl_cipher_apply_rule(cipher_id, | 1280 | ssl_cipher_apply_rule(cipher_id, alg_mkey, alg_auth, |
| 1265 | alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, | 1281 | alg_enc, alg_mac, alg_ssl, algo_strength, rule, |
| 1266 | rule, -1, head_p, tail_p); | 1282 | -1, head_p, tail_p); |
| 1267 | } else { | 1283 | } else { |
| 1268 | while ((*l != '\0') && !ITEM_SEP(*l)) | 1284 | while ((*l != '\0') && !ITEM_SEP(*l)) |
| 1269 | l++; | 1285 | l++; |
| 1270 | } | ||
| 1271 | if (*l == '\0') break; /* done */ | ||
| 1272 | } | 1286 | } |
| 1287 | if (*l == '\0') | ||
| 1288 | break; /* done */ | ||
| 1289 | } | ||
| 1273 | 1290 | ||
| 1274 | return (retval); | 1291 | return (retval); |
| 1275 | } | 1292 | } |