From: Dr. Stephen Henson Date: Thu, 3 Sep 2015 23:20:34 +0000 (+0100) Subject: Match SUITEB strings at start of cipher list. X-Git-Tag: OpenSSL_1_1_0-pre1~716 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=13e228d6845aff7e454eea7c9ddd392ebfbd2868;p=oweals%2Fopenssl.git Match SUITEB strings at start of cipher list. PR#4009. Reviewed-by: Rich Salz --- diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 2dd2379819..12dac046a8 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1330,15 +1330,16 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, const char **prule_str) { unsigned int suiteb_flags = 0, suiteb_comb2 = 0; - if (strcmp(*prule_str, "SUITEB128") == 0) - suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; - else if (strcmp(*prule_str, "SUITEB128ONLY") == 0) + if (strncmp(*prule_str, "SUITEB128ONLY", 13) == 0) { suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY; - else if (strcmp(*prule_str, "SUITEB128C2") == 0) { + } else if (strncmp(*prule_str, "SUITEB128C2", 11) == 0) { suiteb_comb2 = 1; suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; - } else if (strcmp(*prule_str, "SUITEB192") == 0) + } else if (strncmp(*prule_str, "SUITEB128", 9) == 0) { + suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; + } else if (strncmp(*prule_str, "SUITEB192", 9) == 0) { suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS; + } if (suiteb_flags) { c->cert_flags &= ~SSL_CERT_FLAG_SUITEB_128_LOS;