Check algo_strength using SSL_STRONG_MASK

author Kurt Roeckx <kurt@roeckx.be>

Sun, 21 Feb 2016 17:02:36 +0000 (18:02 +0100)

committer Kurt Roeckx <kurt@roeckx.be>

Tue, 22 Mar 2016 21:00:12 +0000 (22:00 +0100)
author Kurt Roeckx <kurt@roeckx.be>
Sun, 21 Feb 2016 17:02:36 +0000 (18:02 +0100)
committer Kurt Roeckx <kurt@roeckx.be>
Tue, 22 Mar 2016 21:00:12 +0000 (22:00 +0100)
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c

index 938baaca43ae2bc2e1b055698db5dce5fa2eeaa1..46fa3e89c6c0b09f47a77626afb289a45495e626 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -970,7 +970,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
                  continue;
              if (min_tls && (min_tls != cp->min_tls))
                  continue;
-            if (algo_strength && !(algo_strength & cp->algo_strength))
+            if ((algo_strength & SSL_STRONG_MASK)
+                && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
                  continue;
              if ((algo_strength & SSL_DEFAULT_MASK)
                  && !(algo_strength & SSL_DEFAULT_MASK & cp->algo_strength))
@@ -1237,15 +1238,17 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                      alg_mac = ca_list[j]->algorithm_mac;
              }
  
-            if (ca_list[j]->algo_strength) {
-                if (algo_strength) {
-                    algo_strength &= ca_list[j]->algo_strength;
-                    if (!algo_strength) {
+            if (ca_list[j]->algo_strength & SSL_STRONG_MASK) {
+                if (algo_strength & SSL_STRONG_MASK) {
+                    algo_strength &=
+                        (ca_list[j]->algo_strength & SSL_STRONG_MASK) |
+                        ~SSL_STRONG_MASK;
+                    if (!(algo_strength & SSL_STRONG_MASK)) {
                          found = 0;
                          break;
                      }
                  } else
-                    algo_strength = ca_list[j]->algo_strength;
+                    algo_strength = ca_list[j]->algo_strength & SSL_STRONG_MASK;
              }
  
              if (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) {
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h

index 4abe7b425f7ff4fc0a728209d8b585251bab43c7..64f4ae9373c70d20d41ac2ed716ac7d066197052 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -417,6 +417,7 @@
   */
  # define TLS1_STREAM_MAC 0x10000
  
+# define SSL_STRONG_MASK         0x0000001FU
  # define SSL_DEFAULT_MASK        0X00000020U
  
  # define SSL_STRONG_NONE         0x00000001U
author	Kurt Roeckx <kurt@roeckx.be>
	Sun, 21 Feb 2016 17:02:36 +0000 (18:02 +0100)
committer	Kurt Roeckx <kurt@roeckx.be>
	Tue, 22 Mar 2016 21:00:12 +0000 (22:00 +0100)
ssl/ssl_ciph.c		patch \| blob \| history
ssl/ssl_locl.h		patch \| blob \| history