ssl/ssl_ciph.c: interim solution for assertion in d1_pkt.c(444).

PR: 2778
author: Andy Polyakov <appro@openssl.org> 2012-04-04 20:45:51 +0000
committer: Andy Polyakov <appro@openssl.org> 2012-04-04 20:45:51 +0000
commit: a20152bdaf7a99b006ff5a0eef081502e0e11553 (patch)
tree: 36254b55b49eb8d2f7b9840f2d79a16ec8e54f3b /ssl
parent: fd2b65ce5385a09b99c9be5e8ebbb56fb0167226 (diff)
download: openssl-a20152bdaf7a99b006ff5a0eef081502e0e11553.tar.gz
1 files changed, 7 insertions, 6 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index c12a7a22d2..a96a5daaf5 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -616,18 +616,19 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
 		{
 		const EVP_CIPHER *evp;
 
-		if	(s->ssl_version >= TLS1_VERSION &&
-			 c->algorithm_enc == SSL_RC4 &&
+		if (s->ssl_version>>8 != TLS1_VERSION_MAJOR ||
+		    s->ssl_version < TLS1_VERSION)
+			return 1;
+
+		if	(c->algorithm_enc == SSL_RC4 &&
 			 c->algorithm_mac == SSL_MD5 &&
 			 (evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
 			*enc = evp, *md = NULL;
-		else if (s->ssl_version >= TLS1_VERSION &&
-			 c->algorithm_enc == SSL_AES128 &&
+		else if (c->algorithm_enc == SSL_AES128 &&
 			 c->algorithm_mac == SSL_SHA1 &&
 			 (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
 			*enc = evp, *md = NULL;
-		else if (s->ssl_version >= TLS1_VERSION &&
-			 c->algorithm_enc == SSL_AES256 &&
+		else if (c->algorithm_enc == SSL_AES256 &&
 			 c->algorithm_mac == SSL_SHA1 &&
 			 (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
 			*enc = evp, *md = NULL;
author	Andy Polyakov <appro@openssl.org>	2012-04-04 20:45:51 +0000
committer	Andy Polyakov <appro@openssl.org>	2012-04-04 20:45:51 +0000
commit	a20152bdaf7a99b006ff5a0eef081502e0e11553 (patch)
tree	36254b55b49eb8d2f7b9840f2d79a16ec8e54f3b /ssl
parent	fd2b65ce5385a09b99c9be5e8ebbb56fb0167226 (diff)
download	openssl-a20152bdaf7a99b006ff5a0eef081502e0e11553.tar.gz