Commit 90a52cec authored by Ralf S. Engelschall's avatar Ralf S. Engelschall
Browse files

Fix the cipher decision scheme for export ciphers: the export bits are *not* 

within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within SSL_EXP_MASK.  So, the
original variable has to be used instead of the already masked variable.

Submitted by: Richard Levitte <levitte@stacken.kth.se>
Reviewed by: Ralf S. Engelschall
parent def9f431

CHANGES

+6 −0
Original line number Diff line number Diff line
@@ -5,6 +5,12 @@ 


 Changes between 0.9.1c and 0.9.2



  *) Fix the cipher decision scheme for export ciphers: the export bits are

     *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within

     SSL_EXP_MASK.  So, the original variable has to be used instead of the

     already masked variable.

     [Richard Levitte <levitte@stacken.kth.se>]



  *) Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c

     [Richard Levitte <levitte@stacken.kth.se>]

ssl/s3_lib.c

+2 −2
Original line number Diff line number Diff line
@@ -771,11 +771,11 @@ STACK *have,*pref; 
		emask=cert->export_mask;

			

		alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);

		if (SSL_IS_EXPORT(alg))

		if (SSL_IS_EXPORT(c->algorithms))

			{

			ok=((alg & emask) == alg)?1:0;

#ifdef CIPHER_DEBUG

			printf("%d:[%08lX:%08lX]%s\n",ok,alg,mask,c->name);

			printf("%d:[%08lX:%08lX]%s (export)\n",ok,alg,mask,c->name);

#endif

			}

		else