Merge pull request #4540 from mrezai/openssl-1.0.2h

Update OpenSSL to 1.0.2h
author: Rémi Verschelde <remi@verschelde.fr> 2016-05-04 08:35:35 +0200
committer: Rémi Verschelde <remi@verschelde.fr> 2016-05-04 08:35:35 +0200
commit: 3279ad79c3dcecbb2c5c001775d7a28f982e0955 (patch)
tree: 2511b58f7b1b50fc0b9b84efa1c29fe25bd7876b /drivers/builtin_openssl2/ssl/ssl_ciph.c
parent: 6a4b62e72069f7c96f8b7cb9b7855da0bbd84b63 (diff)
parent: ab623c923d4e2c950342aec5da371cb92b1fbbc6 (diff)
1 files changed, 8 insertions, 8 deletions
diff --git a/drivers/builtin_openssl2/ssl/ssl_ciph.c b/drivers/builtin_openssl2/ssl/ssl_ciph.c
index 6957bda785..302464e643 100644
--- a/drivers/builtin_openssl2/ssl/ssl_ciph.c
+++ b/drivers/builtin_openssl2/ssl/ssl_ciph.c
@@ -235,8 +235,7 @@ static const SSL_CIPHER cipher_aliases[] = {
      * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in
      * ALL!)
      */
-    {0, SSL_TXT_CMPDEF, 0, 0, SSL_aNULL, ~SSL_eNULL, 0, ~SSL_SSLV2,
-     SSL_EXP_MASK, 0, 0, 0},
+    {0, SSL_TXT_CMPDEF, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT, 0, 0, 0},
 
     /*
      * key exchange aliases (some of those using only a single bit here
@@ -1030,10 +1029,6 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
             if (cipher_id && cipher_id != cp->id)
                 continue;
 #endif
-            if (algo_strength == SSL_EXP_MASK && SSL_C_IS_EXPORT(cp))
-                goto ok;
-            if (alg_ssl == ~SSL_SSLV2 && cp->algorithm_ssl == SSL_SSLV2)
-                goto ok;
             if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
                 continue;
             if (alg_auth && !(alg_auth & cp->algorithm_auth))
@@ -1050,10 +1045,11 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
             if ((algo_strength & SSL_STRONG_MASK)
                 && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
                 continue;
+            if ((algo_strength & SSL_NOT_DEFAULT)
+                && !(cp->algo_strength & SSL_NOT_DEFAULT))
+                continue;
         }
 
-    ok:
-
 #ifdef CIPHER_DEBUG
         fprintf(stderr, "Action = %d\n", rule);
 #endif
@@ -1337,6 +1333,10 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                         ca_list[j]->algo_strength & SSL_STRONG_MASK;
             }
 
+            if (ca_list[j]->algo_strength & SSL_NOT_DEFAULT) {
+                algo_strength |= SSL_NOT_DEFAULT;
+            }
+
             if (ca_list[j]->valid) {
                 /*
                  * explicit ciphersuite found; its protocol version does not
author	Rémi Verschelde <remi@verschelde.fr>	2016-05-04 08:35:35 +0200
committer	Rémi Verschelde <remi@verschelde.fr>	2016-05-04 08:35:35 +0200
commit	3279ad79c3dcecbb2c5c001775d7a28f982e0955 (patch)
tree	2511b58f7b1b50fc0b9b84efa1c29fe25bd7876b /drivers/builtin_openssl2/ssl/ssl_ciph.c
parent	6a4b62e72069f7c96f8b7cb9b7855da0bbd84b63 (diff)
parent	ab623c923d4e2c950342aec5da371cb92b1fbbc6 (diff)