diff options
| author |   jsing <jsing@openbsd.org> | 2019-03-24 17:10:54 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2019-03-24 17:10:54 +0000 |
| commit | c4f60b245ef034c992ae80c5d28ffbc6f3d3c4e5 (patch) | |
| tree | 0d5394066144b903c4cc58dabb003cc4fa189670 /lib/libssl/ssl_ciph.c | |
| parent | Remove a stale kgdb dependency. (diff) | |
| download | wireguard-openbsd-c4f60b245ef034c992ae80c5d28ffbc6f3d3c4e5.tar.xz wireguard-openbsd-c4f60b245ef034c992ae80c5d28ffbc6f3d3c4e5.zip | |
If ssl_cipher_apply_rule() is given a specific cipher suite, match on it.
Otherwise matching a specific cipher is performed by matching against
its characteristics, which can result in multiple rather than a single
match.
Found by bluhm@'s regress tests.
ok bluhm@ tb@
Diffstat (limited to 'lib/libssl/ssl_ciph.c')
| -rw-r--r-- | lib/libssl/ssl_ciph.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index bbae6a63d9b..3cbf368ad31 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.106 2018/11/07 01:53:36 jsing Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.107 2019/03/24 17:10:54 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -921,6 +921,9 @@ ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey, cp = curr->cipher; + if (cipher_id && cp->id != cipher_id) + continue; + /* * Selection criteria is either the value of strength_bits * or the algorithms used. @@ -929,7 +932,6 @@ ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey, if (strength_bits != cp->strength_bits) continue; } else { - if (alg_mkey && !(alg_mkey & cp->algorithm_mkey)) continue; if (alg_auth && !(alg_auth & cp->algorithm_auth)) @@ -944,7 +946,6 @@ ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey, continue; } - /* add the cipher if it has not been added yet. */ if (rule == CIPHER_ADD) { /* reverse == 0 */ |