diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2015-09-04 00:20:34 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2015-09-04 21:17:59 +0100 |
commit | 13e228d6845aff7e454eea7c9ddd392ebfbd2868 (patch) | |
tree | 12f94eee387cd42c5c7b5756383828dc43b9ac17 /ssl/ssl_ciph.c | |
parent | d4ab70f27cb7e518e6a9d6323c996cc3feb7496b (diff) | |
download | openssl-13e228d6845aff7e454eea7c9ddd392ebfbd2868.tar.gz |
Match SUITEB strings at start of cipher list.
PR#4009.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'ssl/ssl_ciph.c')
-rw-r--r-- | ssl/ssl_ciph.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 2dd2379819..12dac046a8 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1330,15 +1330,16 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, const char **prule_str) { unsigned int suiteb_flags = 0, suiteb_comb2 = 0; - if (strcmp(*prule_str, "SUITEB128") == 0) - suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; - else if (strcmp(*prule_str, "SUITEB128ONLY") == 0) + if (strncmp(*prule_str, "SUITEB128ONLY", 13) == 0) { suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY; - else if (strcmp(*prule_str, "SUITEB128C2") == 0) { + } else if (strncmp(*prule_str, "SUITEB128C2", 11) == 0) { suiteb_comb2 = 1; suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; - } else if (strcmp(*prule_str, "SUITEB192") == 0) + } else if (strncmp(*prule_str, "SUITEB128", 9) == 0) { + suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; + } else if (strncmp(*prule_str, "SUITEB192", 9) == 0) { suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS; + } if (suiteb_flags) { c->cert_flags &= ~SSL_CERT_FLAG_SUITEB_128_LOS; |