Match SUITEB strings at start of cipher list.

[openssl.git] / ssl / ssl_ciph.c

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index c048fc2a8c18d5b687faa2fd6af7e7f34b32a0be..12dac046a8e8217cc859516211be7429d1f1d1dc 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1038,12 +1038,11 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
         curr = curr->next;
     }
 
-    number_uses = OPENSSL_malloc(sizeof(int) * (max_strength_bits + 1));
+    number_uses = OPENSSL_zalloc(sizeof(int) * (max_strength_bits + 1));
     if (!number_uses) {
         SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE);
         return (0);
     }
-    memset(number_uses, 0, sizeof(int) * (max_strength_bits + 1));
 
     /*
      * Now find the strength_bits values actually used
@@ -1331,15 +1330,16 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
                                     const char **prule_str)
 {
     unsigned int suiteb_flags = 0, suiteb_comb2 = 0;
-    if (strcmp(*prule_str, "SUITEB128") == 0)
-        suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
-    else if (strcmp(*prule_str, "SUITEB128ONLY") == 0)
+    if (strncmp(*prule_str, "SUITEB128ONLY", 13) == 0) {
         suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY;
-    else if (strcmp(*prule_str, "SUITEB128C2") == 0) {
+    } else if (strncmp(*prule_str, "SUITEB128C2", 11) == 0) {
         suiteb_comb2 = 1;
         suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
-    } else if (strcmp(*prule_str, "SUITEB192") == 0)
+    } else if (strncmp(*prule_str, "SUITEB128", 9) == 0) {
+        suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
+    } else if (strncmp(*prule_str, "SUITEB192", 9) == 0) {
         suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS;
+    }
 
     if (suiteb_flags) {
         c->cert_flags &= ~SSL_CERT_FLAG_SUITEB_128_LOS;