From: Ralf S. Engelschall <rse@openssl.org>
Date: Thu, 25 Feb 1999 11:03:18 +0000 (+0000)
Subject: Fix the cipher decision scheme for export ciphers: the export bits are *not*
X-Git-Tag: OpenSSL_0_9_2b~109
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=90a52cecafb0f3280905df9121491fba6cbf30a6;p=oweals%2Fopenssl.git

Fix the cipher decision scheme for export ciphers: the export bits are *not*
within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within SSL_EXP_MASK.  So, the
original variable has to be used instead of the already masked variable.

Submitted by: Richard Levitte <levitte@stacken.kth.se>
Reviewed by: Ralf S. Engelschall
---

diff --git a/CHANGES b/CHANGES
index 44ff6d4639..801432f471 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,12 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) Fix the cipher decision scheme for export ciphers: the export bits are
+     *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within
+     SSL_EXP_MASK.  So, the original variable has to be used instead of the
+     already masked variable.
+     [Richard Levitte <levitte@stacken.kth.se>]
+
   *) Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c
      [Richard Levitte <levitte@stacken.kth.se>]
 
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index b7bcf86476..1dd03b1265 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -771,11 +771,11 @@ STACK *have,*pref;
 		emask=cert->export_mask;
 			
 		alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
-		if (SSL_IS_EXPORT(alg))
+		if (SSL_IS_EXPORT(c->algorithms))
 			{
 			ok=((alg & emask) == alg)?1:0;
 #ifdef CIPHER_DEBUG
-			printf("%d:[%08lX:%08lX]%s\n",ok,alg,mask,c->name);
+			printf("%d:[%08lX:%08lX]%s (export)\n",ok,alg,mask,c->name);
 #endif
 			}
 		else