diff options
| author | Kurt Roeckx <kurt@roeckx.be> | 2016-02-21 18:02:36 +0100 |
|---|---|---|
| committer | Kurt Roeckx <kurt@roeckx.be> | 2016-03-22 22:00:12 +0100 |
| commit | 88a9614ba30e2d1f5b1b14df5814b824190d46f8 (patch) | |
| tree | a02d744463e16f80ca1f44dd8c58989b4da59add /ssl/ssl_ciph.c | |
| parent | d577a69a0f3a56146f644fda010e7efb2c0e693d (diff) | |
| download | openssl-88a9614ba30e2d1f5b1b14df5814b824190d46f8.tar.gz | |
Check algo_strength using SSL_STRONG_MASK
algo_strength contains 2 parts that need to be checked by their own.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #2082
Diffstat (limited to 'ssl/ssl_ciph.c')
| -rw-r--r-- | ssl/ssl_ciph.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 938baaca43..46fa3e89c6 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -970,7 +970,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, continue; if (min_tls && (min_tls != cp->min_tls)) continue; - if (algo_strength && !(algo_strength & cp->algo_strength)) + if ((algo_strength & SSL_STRONG_MASK) + && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) continue; if ((algo_strength & SSL_DEFAULT_MASK) && !(algo_strength & SSL_DEFAULT_MASK & cp->algo_strength)) @@ -1237,15 +1238,17 @@ static int ssl_cipher_process_rulestr(const char *rule_str, alg_mac = ca_list[j]->algorithm_mac; } - if (ca_list[j]->algo_strength) { - if (algo_strength) { - algo_strength &= ca_list[j]->algo_strength; - if (!algo_strength) { + if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { + if (algo_strength & SSL_STRONG_MASK) { + algo_strength &= + (ca_list[j]->algo_strength & SSL_STRONG_MASK) | + ~SSL_STRONG_MASK; + if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; } } else - algo_strength = ca_list[j]->algo_strength; + algo_strength = ca_list[j]->algo_strength & SSL_STRONG_MASK; } if (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) { |