projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d2f950c)
ssl/ssl_ciph.c: interim solution for assertion in d1_pkt.c(444) [from HEAD].
authorAndy Polyakov <appro@openssl.org>
Wed, 4 Apr 2012 20:51:27 +0000 (20:51 +0000)
committerAndy Polyakov <appro@openssl.org>
Wed, 4 Apr 2012 20:51:27 +0000 (20:51 +0000)
PR: 2778

ssl/ssl_ciph.c patch | blob | history

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index ac643c928c390c60337e1d4d2ad53cb4cad59ce6..b96d26faba2eb9c4e48b7ddcc60008a0bef15ab9 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -616,18 +616,19 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
                {
                const EVP_CIPHER *evp;
 
-               if      (s->ssl_version >= TLS1_VERSION &&
-                        c->algorithm_enc == SSL_RC4 &&
+               if (s->ssl_version>>8 != TLS1_VERSION_MAJOR ||
+                   s->ssl_version < TLS1_VERSION)
+                       return 1;
+
+               if      (c->algorithm_enc == SSL_RC4 &&
                         c->algorithm_mac == SSL_MD5 &&
                         (evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
                        *enc = evp, *md = NULL;
-               else if (s->ssl_version >= TLS1_VERSION &&
-                        c->algorithm_enc == SSL_AES128 &&
+               else if (c->algorithm_enc == SSL_AES128 &&
                         c->algorithm_mac == SSL_SHA1 &&
                         (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
                        *enc = evp, *md = NULL;
-               else if (s->ssl_version >= TLS1_VERSION &&
-                        c->algorithm_enc == SSL_AES256 &&
+               else if (c->algorithm_enc == SSL_AES256 &&
                         c->algorithm_mac == SSL_SHA1 &&
                         (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
                        *enc = evp, *md = NULL;
Unnamed repository; edit this file 'description' to name the repository.