diff options
| author | itojun <> | 2002-06-07 19:55:34 +0000 |
|---|---|---|
| committer | itojun <> | 2002-06-07 19:55:34 +0000 |
| commit | aeb88e094684c8cbe20ea2e6e932587da062b6d3 (patch) | |
| tree | 96af09b1ea111c2c17858cddac37302d0c8d5aa9 /src | |
| parent | 935b3b5aa10e83786ce15468a8f84ab3a7d12f77 (diff) | |
| download | openbsd-aeb88e094684c8cbe20ea2e6e932587da062b6d3.tar.gz openbsd-aeb88e094684c8cbe20ea2e6e932587da062b6d3.tar.bz2 openbsd-aeb88e094684c8cbe20ea2e6e932587da062b6d3.zip | |
do not propose IDEA cipher on SSL connection. tested by beck
noticed by Sverre Froyen <sverre@viewmark.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 2 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s2_lib.c | 2 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_lib.c | 2 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_ciph.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_ciph.c | 6 |
5 files changed, 18 insertions, 0 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 686992406c..838071b16b 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -271,6 +271,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 271 | SSL_ALL_STRENGTHS, | 271 | SSL_ALL_STRENGTHS, |
| 272 | }, | 272 | }, |
| 273 | /* Cipher 07 */ | 273 | /* Cipher 07 */ |
| 274 | #ifndef OPENSSL_NO_IDEA | ||
| 274 | { | 275 | { |
| 275 | 1, | 276 | 1, |
| 276 | SSL3_TXT_RSA_IDEA_128_SHA, | 277 | SSL3_TXT_RSA_IDEA_128_SHA, |
| @@ -283,6 +284,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 283 | SSL_ALL_CIPHERS, | 284 | SSL_ALL_CIPHERS, |
| 284 | SSL_ALL_STRENGTHS, | 285 | SSL_ALL_STRENGTHS, |
| 285 | }, | 286 | }, |
| 287 | #endif | ||
| 286 | /* Cipher 08 */ | 288 | /* Cipher 08 */ |
| 287 | { | 289 | { |
| 288 | 1, | 290 | 1, |
diff --git a/src/lib/libssl/src/ssl/s2_lib.c b/src/lib/libssl/src/ssl/s2_lib.c index bce2b4e83f..eb315bcf07 100644 --- a/src/lib/libssl/src/ssl/s2_lib.c +++ b/src/lib/libssl/src/ssl/s2_lib.c | |||
| @@ -137,6 +137,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ | |||
| 137 | SSL_ALL_STRENGTHS, | 137 | SSL_ALL_STRENGTHS, |
| 138 | }, | 138 | }, |
| 139 | /* IDEA_128_CBC_WITH_MD5 */ | 139 | /* IDEA_128_CBC_WITH_MD5 */ |
| 140 | #ifndef OPENSSL_NO_IDEA | ||
| 140 | { | 141 | { |
| 141 | 1, | 142 | 1, |
| 142 | SSL2_TXT_IDEA_128_CBC_WITH_MD5, | 143 | SSL2_TXT_IDEA_128_CBC_WITH_MD5, |
| @@ -149,6 +150,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ | |||
| 149 | SSL_ALL_CIPHERS, | 150 | SSL_ALL_CIPHERS, |
| 150 | SSL_ALL_STRENGTHS, | 151 | SSL_ALL_STRENGTHS, |
| 151 | }, | 152 | }, |
| 153 | #endif | ||
| 152 | /* DES_64_CBC_WITH_MD5 */ | 154 | /* DES_64_CBC_WITH_MD5 */ |
| 153 | { | 155 | { |
| 154 | 1, | 156 | 1, |
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c index 686992406c..838071b16b 100644 --- a/src/lib/libssl/src/ssl/s3_lib.c +++ b/src/lib/libssl/src/ssl/s3_lib.c | |||
| @@ -271,6 +271,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 271 | SSL_ALL_STRENGTHS, | 271 | SSL_ALL_STRENGTHS, |
| 272 | }, | 272 | }, |
| 273 | /* Cipher 07 */ | 273 | /* Cipher 07 */ |
| 274 | #ifndef OPENSSL_NO_IDEA | ||
| 274 | { | 275 | { |
| 275 | 1, | 276 | 1, |
| 276 | SSL3_TXT_RSA_IDEA_128_SHA, | 277 | SSL3_TXT_RSA_IDEA_128_SHA, |
| @@ -283,6 +284,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 283 | SSL_ALL_CIPHERS, | 284 | SSL_ALL_CIPHERS, |
| 284 | SSL_ALL_STRENGTHS, | 285 | SSL_ALL_STRENGTHS, |
| 285 | }, | 286 | }, |
| 287 | #endif | ||
| 286 | /* Cipher 08 */ | 288 | /* Cipher 08 */ |
| 287 | { | 289 | { |
| 288 | 1, | 290 | 1, |
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c index cdd8dde128..57bbde5f27 100644 --- a/src/lib/libssl/src/ssl/ssl_ciph.c +++ b/src/lib/libssl/src/ssl/ssl_ciph.c | |||
| @@ -124,7 +124,9 @@ static const SSL_CIPHER cipher_aliases[]={ | |||
| 124 | {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0}, | 124 | {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0}, |
| 125 | {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0}, | 125 | {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0}, |
| 126 | {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0}, | 126 | {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0}, |
| 127 | #ifndef OPENSSL_NO_IDEA | ||
| 127 | {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, | 128 | {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, |
| 129 | #endif | ||
| 128 | {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, | 130 | {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, |
| 129 | {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, | 131 | {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, |
| 130 | {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, | 132 | {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, |
| @@ -165,8 +167,12 @@ static void load_ciphers(void) | |||
| 165 | EVP_get_cipherbyname(SN_rc4); | 167 | EVP_get_cipherbyname(SN_rc4); |
| 166 | ssl_cipher_methods[SSL_ENC_RC2_IDX]= | 168 | ssl_cipher_methods[SSL_ENC_RC2_IDX]= |
| 167 | EVP_get_cipherbyname(SN_rc2_cbc); | 169 | EVP_get_cipherbyname(SN_rc2_cbc); |
| 170 | #ifndef OPENSSL_NO_IDEA | ||
| 168 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= | 171 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= |
| 169 | EVP_get_cipherbyname(SN_idea_cbc); | 172 | EVP_get_cipherbyname(SN_idea_cbc); |
| 173 | #else | ||
| 174 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL; | ||
| 175 | #endif | ||
| 170 | ssl_cipher_methods[SSL_ENC_AES128_IDX]= | 176 | ssl_cipher_methods[SSL_ENC_AES128_IDX]= |
| 171 | EVP_get_cipherbyname(SN_aes_128_cbc); | 177 | EVP_get_cipherbyname(SN_aes_128_cbc); |
| 172 | ssl_cipher_methods[SSL_ENC_AES256_IDX]= | 178 | ssl_cipher_methods[SSL_ENC_AES256_IDX]= |
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index cdd8dde128..57bbde5f27 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -124,7 +124,9 @@ static const SSL_CIPHER cipher_aliases[]={ | |||
| 124 | {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0}, | 124 | {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0}, |
| 125 | {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0}, | 125 | {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0}, |
| 126 | {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0}, | 126 | {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0}, |
| 127 | #ifndef OPENSSL_NO_IDEA | ||
| 127 | {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, | 128 | {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, |
| 129 | #endif | ||
| 128 | {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, | 130 | {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, |
| 129 | {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, | 131 | {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, |
| 130 | {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, | 132 | {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, |
| @@ -165,8 +167,12 @@ static void load_ciphers(void) | |||
| 165 | EVP_get_cipherbyname(SN_rc4); | 167 | EVP_get_cipherbyname(SN_rc4); |
| 166 | ssl_cipher_methods[SSL_ENC_RC2_IDX]= | 168 | ssl_cipher_methods[SSL_ENC_RC2_IDX]= |
| 167 | EVP_get_cipherbyname(SN_rc2_cbc); | 169 | EVP_get_cipherbyname(SN_rc2_cbc); |
| 170 | #ifndef OPENSSL_NO_IDEA | ||
| 168 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= | 171 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= |
| 169 | EVP_get_cipherbyname(SN_idea_cbc); | 172 | EVP_get_cipherbyname(SN_idea_cbc); |
| 173 | #else | ||
| 174 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL; | ||
| 175 | #endif | ||
| 170 | ssl_cipher_methods[SSL_ENC_AES128_IDX]= | 176 | ssl_cipher_methods[SSL_ENC_AES128_IDX]= |
| 171 | EVP_get_cipherbyname(SN_aes_128_cbc); | 177 | EVP_get_cipherbyname(SN_aes_128_cbc); |
| 172 | ssl_cipher_methods[SSL_ENC_AES256_IDX]= | 178 | ssl_cipher_methods[SSL_ENC_AES256_IDX]= |