Merge in the latest chanegs from 0.9.6-stable.

5 files changed, 31 insertions, 16 deletions

diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c
index a590dbfa5c..8bcd7f4903 100644
--- a/ssl/s2_lib.c
+++ b/ssl/s2_lib.c
@@ -76,7 +76,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
 	SSL2_TXT_NULL_WITH_MD5,
 	SSL2_CK_NULL_WITH_MD5,
 	SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,
-	SSL_EXPORT|SSL_EXP40,
+	SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE,
+	0,
 	0,
 	0,
 	SSL_ALL_CIPHERS,
@@ -196,6 +197,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
 	SSL2_TXT_NULL,
 	SSL2_CK_NULL,
 	0,
+	SSL_STRONG_NONE,
 	0,
 	0,
 	0,
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 1944814ca7..79fa4f97c2 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -368,10 +368,16 @@ int ssl3_setup_key_block(SSL *s)
 		 */
 		s->s3->need_empty_fragments = 1;
 
+ 		if (s->session->cipher != NULL)
+			{
+			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
+ 				s->s3->need_empty_fragments = 0;
+ 			
 #ifndef NO_RC4
-		if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4))
-			s->s3->need_empty_fragments = 0;
+ 			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
+ 				s->s3->need_empty_fragments = 0;
 #endif
+ 			}
  		}
 		
 	return(1);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 57a3fa4f81..9951ebb419 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -129,7 +129,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL3_TXT_RSA_NULL_MD5,
 	SSL3_CK_RSA_NULL_MD5,
 	SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
-	SSL_NOT_EXP,
+	SSL_NOT_EXP|SSL_STRONG_NONE,
 	0,
 	0,
 	0,
@@ -142,7 +142,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL3_TXT_RSA_NULL_SHA,
 	SSL3_CK_RSA_NULL_SHA,
 	SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
-	SSL_NOT_EXP,
+	SSL_NOT_EXP|SSL_STRONG_NONE,
 	0,
 	0,
 	0,
@@ -490,7 +490,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL3_TXT_FZA_DMS_NULL_SHA,
 	SSL3_CK_FZA_DMS_NULL_SHA,
 	SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
-	SSL_NOT_EXP,
+	SSL_NOT_EXP|SSL_STRONG_NONE,
 	0,
 	0,
 	0,
@@ -504,7 +504,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL3_TXT_FZA_DMS_FZA_SHA,
 	SSL3_CK_FZA_DMS_FZA_SHA,
 	SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
-	SSL_NOT_EXP,
+	SSL_NOT_EXP|SSL_STRONG_NONE,
 	0,
 	0,
 	0,
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 516d3cc5ae..9297cd2dc3 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -283,16 +283,17 @@
 #define SSL_NOT_EXP		0x00000001L
 #define SSL_EXPORT		0x00000002L
 
-#define SSL_STRONG_MASK		0x0000007cL
-#define SSL_EXP40		0x00000004L
+#define SSL_STRONG_MASK		0x000000fcL
+#define SSL_STRONG_NONE		0x00000004L
+#define SSL_EXP40		0x00000008L
 #define SSL_MICRO		(SSL_EXP40)
-#define SSL_EXP56		0x00000008L
+#define SSL_EXP56		0x00000010L
 #define SSL_MINI		(SSL_EXP56)
-#define SSL_LOW			0x00000010L
-#define SSL_MEDIUM		0x00000020L
-#define SSL_HIGH		0x00000040L
+#define SSL_LOW			0x00000020L
+#define SSL_MEDIUM		0x00000040L
+#define SSL_HIGH		0x00000080L
 
-/* we have used 0000007f - 25 bits left to go */
+/* we have used 000000ff - 24 bits left to go */
 
 /*
  * Macros to check the export status and cipher strength for export ciphers.
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 000bfa7248..f3ecc5f586 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -440,10 +440,16 @@ printf("\nkey block\n");
 		 */
 		s->s3->need_empty_fragments = 1;
 
+		if (s->session->cipher != NULL)
+			{
+			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
+				s->s3->need_empty_fragments = 0;
+			
 #ifndef NO_RC4
-		if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4))
-			s->s3->need_empty_fragments = 0;
+			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
+				s->s3->need_empty_fragments = 0;
 #endif
+			}
 		}
 		
 	return(1);