*ca_curr = NULL; /* end of list */
}
-static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
+static void ssl_cipher_apply_rule(unsigned long cipher_id,
+ unsigned long algorithms, unsigned long mask,
unsigned long algo_strength, unsigned long mask_strength,
int rule, int strength_bits, CIPHER_ORDER *co_list,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
cp = curr->cipher;
+ /* If explicit cipher suite match that one only */
+
+ if (cipher_id)
+ {
+ if (cp->id != cipher_id)
+ continue;
+ }
+
/*
* Selection criteria is either the number of strength_bits
* or the algorithm used.
*/
- if (strength_bits == -1)
+ else if (strength_bits == -1)
{
ma = mask & cp->algorithms;
ma_s = mask_strength & cp->algo_strength;
*/
for (i = max_strength_bits; i >= 0; i--)
if (number_uses[i] > 0)
- ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
+ ssl_cipher_apply_rule(0, 0, 0, 0, 0, CIPHER_ORD, i,
co_list, head_p, tail_p);
OPENSSL_free(number_uses);
unsigned long algorithms, mask, algo_strength, mask_strength;
const char *l, *start, *buf;
int j, multi, found, rule, retval, ok, buflen;
+ unsigned long cipher_id;
char ch;
retval = 1;
* use strcmp(), because buf is not '\0' terminated.)
*/
j = found = 0;
+ cipher_id = 0;
while (ca_list[j])
{
if (!strncmp(buf, ca_list[j]->name, buflen) &&
if (!found)
break; /* ignore this entry */
+ if (ca_list[j]->valid)
+ {
+ cipher_id = ca_list[j]->id;
+ break;
+ }
+
/* New algorithms:
* 1 - any old restrictions apply outside new mask
* 2 - any new restrictions apply outside old mask
}
else if (found)
{
- ssl_cipher_apply_rule(algorithms, mask,
+ ssl_cipher_apply_rule(cipher_id, algorithms, mask,
algo_strength, mask_strength, rule, -1,
co_list, head_p, tail_p);
}
projects / oweals / openssl.git / commitdiff