generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Check algo_strength using SSL_STRONG_MASK

Browse Source 
algo_strength contains 2 parts that need to be checked by their own.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #2082
This commit is contained in:
Kurt Roeckx
2016-02-21 18:02:36 +01:00
parent d577a69a0f
commit 88a9614ba3
2 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
ssl/ssl_ciph.c
View File

@@ -970,7 +970,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
continue;
if (min_tls && (min_tls != cp->min_tls))
continue;
if (algo_strength && !(algo_strength & cp->algo_strength))
if ((algo_strength & SSL_STRONG_MASK)
&& !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
continue;
if ((algo_strength & SSL_DEFAULT_MASK)
&& !(algo_strength & SSL_DEFAULT_MASK & cp->algo_strength))
@@ -1237,15 +1238,17 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
alg_mac = ca_list[j]->algorithm_mac;
}
if (ca_list[j]->algo_strength) {
if (algo_strength) {
algo_strength &= ca_list[j]->algo_strength;
if (!algo_strength) {
if (ca_list[j]->algo_strength & SSL_STRONG_MASK) {
if (algo_strength & SSL_STRONG_MASK) {
algo_strength &=
(ca_list[j]->algo_strength & SSL_STRONG_MASK) |
~SSL_STRONG_MASK;
if (!(algo_strength & SSL_STRONG_MASK)) {
found = 0;
break;
}
} else
algo_strength = ca_list[j]->algo_strength;
algo_strength = ca_list[j]->algo_strength & SSL_STRONG_MASK;
}
if (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) {