Match SUITEB strings at start of cipher list.

PR#4009.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 13e228d6845aff7e454eea7c9ddd392ebfbd2868)

Conflicts:
	ssl/ssl_ciph.c

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 2cc9a4a21f75a65eddeff50e668bc118e8c2aa3e..a53f25bba7f8ca6d7533a10204c12124b1fbe0d2 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1404,15 +1404,16 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
                                     const char **prule_str)
 {
     unsigned int suiteb_flags = 0, suiteb_comb2 = 0;
-    if (!strcmp(*prule_str, "SUITEB128"))
-        suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
-    else if (!strcmp(*prule_str, "SUITEB128ONLY"))
+    if (strncmp(*prule_str, "SUITEB128ONLY", 13) == 0) {
         suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY;
-    else if (!strcmp(*prule_str, "SUITEB128C2")) {
+    } else if (strncmp(*prule_str, "SUITEB128C2", 11) == 0) {
         suiteb_comb2 = 1;
         suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
-    } else if (!strcmp(*prule_str, "SUITEB192"))
+    } else if (strncmp(*prule_str, "SUITEB128", 9) == 0) {
+        suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
+    } else if (strncmp(*prule_str, "SUITEB192", 9) == 0) {
         suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS;
+    }
 
     if (suiteb_flags) {
         c->cert_flags &= ~SSL_CERT_FLAG_SUITEB_128_LOS;