Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
compat-openssl098.2467
openssl-enable-ecdh.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-enable-ecdh.patch of Package compat-openssl098.2467
Index: ssl/ssl_ciph.c =================================================================== --- ssl/ssl_ciph.c.orig 2015-04-16 14:49:47.596075527 +0200 +++ ssl/ssl_ciph.c 2015-04-16 17:30:58.710934036 +0200 @@ -169,8 +169,9 @@ typedef struct cipher_order_st static const SSL_CIPHER cipher_aliases[]={ /* Don't include eNULL unless specifically enabled. */ - /* Don't include ECC in ALL because these ciphers are not yet official. */ - {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */ + /* Enable ECDH, as they are official now. */ + {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */ + /*{0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL},*/ /* must be first */ /* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */ {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */ {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0}, @@ -179,10 +180,13 @@ static const SSL_CIPHER cipher_aliases[] {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,0,0,0,SSL_MKEY_MASK,0}, + {0,SSL_TXT_kECDH,0,SSL_kECDH|SSL_kECDHE,0,0,0,0,SSL_MKEY_MASK,0}, + {0,SSL_TXT_kECDHE,0,SSL_kECDHE,0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_ECC, 0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0}, + {0,SSL_TXT_ECDH,0,SSL_ECDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0}, {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, /* VRS Kerberos5 */ {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0}, {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0}, @@ -673,22 +677,8 @@ static void ssl_cipher_apply_rule(unsign { if (!curr->active) { - int add_this_cipher = 1; - - if (((cp->algorithms & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0)) - { - /* Make sure "ECCdraft" ciphersuites are activated only if - * *explicitly* requested, but not implicitly (such as - * as part of the "AES" alias). */ - - add_this_cipher = (mask & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0 || cipher_id != 0; - } - - if (add_this_cipher) - { ll_append_tail(&head, curr, &tail); curr->active = 1; - } } } /* Move the added cipher to this location */ Index: ssl/ssl.h =================================================================== --- ssl/ssl.h.orig 2015-04-16 14:49:47.815078755 +0200 +++ ssl/ssl.h 2015-04-16 17:21:22.095076693 +0200 @@ -270,12 +270,15 @@ extern "C" { #define SSL_TXT_kDHr "kDHr" #define SSL_TXT_kDHd "kDHd" #define SSL_TXT_kEDH "kEDH" +#define SSL_TXT_kECDH "kECDH" +#define SSL_TXT_kECDHE "kECDHE" #define SSL_TXT_aRSA "aRSA" #define SSL_TXT_aDSS "aDSS" #define SSL_TXT_aDH "aDH" #define SSL_TXT_DSS "DSS" #define SSL_TXT_DH "DH" #define SSL_TXT_EDH "EDH" +#define SSL_TXT_ECDH "ECDH" #define SSL_TXT_ADH "ADH" #define SSL_TXT_RSA "RSA" #define SSL_TXT_DES "DES"
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor