From: Dr. Stephen Henson <steve@openssl.org>
Date: Tue, 12 Aug 2014 17:33:00 +0000 (+0100)
Subject: Fix SRP ciphersuites.
X-Git-Tag: OpenSSL_1_0_1j~59
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=03ebf85f7757c5da9f9d4fecb8ea1a1af18df46d;p=openssl

Fix SRP ciphersuites.

Add patch missed from backport of SRP ciphersuite fix.
PR#3490
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
---

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 4835bef1a7..e17f1267d5 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3822,10 +3822,15 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 		emask_k = cert->export_mask_k;
 		emask_a = cert->export_mask_a;
 #ifndef OPENSSL_NO_SRP
-		mask_k=cert->mask_k | s->srp_ctx.srp_Mask;
-		emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask;
+		if (s->srp_ctx.srp_Mask & SSL_kSRP)
+			{
+			mask_k |= SSL_kSRP;
+			emask_k |= SSL_kSRP;
+			mask_a |= SSL_aSRP;
+			emask_a |= SSL_aSRP;
+			}
 #endif
-			
+
 #ifdef KSSL_DEBUG
 /*		printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
 #endif    /* KSSL_DEBUG */