Match SUITEB strings at start of cipher list.

author Dr. Stephen Henson <steve@openssl.org>

Thu, 3 Sep 2015 23:20:34 +0000 (00:20 +0100)

committer Dr. Stephen Henson <steve@openssl.org>

Fri, 4 Sep 2015 20:17:59 +0000 (21:17 +0100)
author Dr. Stephen Henson <steve@openssl.org>
Thu, 3 Sep 2015 23:20:34 +0000 (00:20 +0100)
committer Dr. Stephen Henson <steve@openssl.org>
Fri, 4 Sep 2015 20:17:59 +0000 (21:17 +0100)
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c

index 2dd2379819a11cfbf8ae9d383306a84c2133242c..12dac046a8e8217cc859516211be7429d1f1d1dc 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1330,15 +1330,16 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
                                      const char **prule_str)
  {
      unsigned int suiteb_flags = 0, suiteb_comb2 = 0;
-    if (strcmp(*prule_str, "SUITEB128") == 0)
-        suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
-    else if (strcmp(*prule_str, "SUITEB128ONLY") == 0)
+    if (strncmp(*prule_str, "SUITEB128ONLY", 13) == 0) {
          suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY;
-    else if (strcmp(*prule_str, "SUITEB128C2") == 0) {
+    } else if (strncmp(*prule_str, "SUITEB128C2", 11) == 0) {
          suiteb_comb2 = 1;
          suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
-    } else if (strcmp(*prule_str, "SUITEB192") == 0)
+    } else if (strncmp(*prule_str, "SUITEB128", 9) == 0) {
+        suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
+    } else if (strncmp(*prule_str, "SUITEB192", 9) == 0) {
          suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS;
+    }
  
      if (suiteb_flags) {
          c->cert_flags &= ~SSL_CERT_FLAG_SUITEB_128_LOS;
author	Dr. Stephen Henson <steve@openssl.org>
	Thu, 3 Sep 2015 23:20:34 +0000 (00:20 +0100)
committer	Dr. Stephen Henson <steve@openssl.org>
	Fri, 4 Sep 2015 20:17:59 +0000 (21:17 +0100)