From 90a52cecafb0f3280905df9121491fba6cbf30a6 Mon Sep 17 00:00:00 2001 From: "Ralf S. Engelschall" Date: Thu, 25 Feb 1999 11:03:18 +0000 Subject: [PATCH] Fix the cipher decision scheme for export ciphers: the export bits are *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within SSL_EXP_MASK. So, the original variable has to be used instead of the already masked variable. Submitted by: Richard Levitte Reviewed by: Ralf S. Engelschall --- CHANGES | 6 ++++++ ssl/s3_lib.c | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 44ff6d463..801432f47 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,12 @@ Changes between 0.9.1c and 0.9.2 + *) Fix the cipher decision scheme for export ciphers: the export bits are + *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within + SSL_EXP_MASK. So, the original variable has to be used instead of the + already masked variable. + [Richard Levitte ] + *) Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c [Richard Levitte ] diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index b7bcf8647..1dd03b126 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -771,11 +771,11 @@ STACK *have,*pref; emask=cert->export_mask; alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK); - if (SSL_IS_EXPORT(alg)) + if (SSL_IS_EXPORT(c->algorithms)) { ok=((alg & emask) == alg)?1:0; #ifdef CIPHER_DEBUG - printf("%d:[%08lX:%08lX]%s\n",ok,alg,mask,c->name); + printf("%d:[%08lX:%08lX]%s (export)\n",ok,alg,mask,c->name); #endif } else