From: Dr. Stephen Henson Date: Fri, 12 Mar 1999 01:43:28 +0000 (+0000) Subject: Delete NULL ciphers from 'ALL' in the cipher list aliases. This means that X-Git-Tag: OpenSSL_0_9_2b~29 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=bc420ac592df14384ba4acf7104482123e8729ba;p=oweals%2Fopenssl.git Delete NULL ciphers from 'ALL' in the cipher list aliases. This means that NULL ciphers specifically have to be enabled with e.g. "DEFAULT:eNULL". This prevents cipher lists from inadvertantly having NULL ciphers at the top of their list (e.g. the default ones) because they didn't have to be taken into account before. --- diff --git a/CHANGES b/CHANGES index 277b540834..a1217540f2 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,12 @@ Changes between 0.9.1c and 0.9.2 + *) Change the meaning of 'ALL' in the cipher list. It now means "everything + except NULL ciphers". This means the default cipher list will no longer + enable NULL ciphers. They need to be specifically enabled e.g. with + the string "DEFAULT:eNULL". + [Steve Henson] + *) Fix to RSA private encryption routines: if p < q then it would occasionally produce an invalid result. This will only happen with externally generated keys because OpenSSL (and SSLeay) ensure p > q. diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index cb48f36e66..29058d7f15 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -111,7 +111,8 @@ typedef struct cipher_order_st } CIPHER_ORDER; static SSL_CIPHER cipher_aliases[]={ - {0,SSL_TXT_ALL, 0,SSL_ALL, 0,SSL_ALL}, /* must be first */ + /* Don't include eNULL unless specifically enabled */ + {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, 0,SSL_ALL}, /* must be first */ {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,SSL_MKEY_MASK}, {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,SSL_MKEY_MASK}, {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,SSL_MKEY_MASK}, @@ -403,7 +404,7 @@ char *str; } /* special case */ - cipher_aliases[0].algorithms= ~mask; + cipher_aliases[0].algorithms &= ~mask; /* get the aliases */ k=sizeof(cipher_aliases)/sizeof(SSL_CIPHER);