From: Andy Polyakov Date: Wed, 4 Apr 2012 20:51:27 +0000 (+0000) Subject: ssl/ssl_ciph.c: interim solution for assertion in d1_pkt.c(444) [from HEAD]. X-Git-Tag: OpenSSL_1_0_1a~23 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3f98d7c0b5a6a64d440c99baa730728335adfb98;p=openssl ssl/ssl_ciph.c: interim solution for assertion in d1_pkt.c(444) [from HEAD]. PR: 2778 --- diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index ac643c928c..b96d26faba 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -616,18 +616,19 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, { const EVP_CIPHER *evp; - if (s->ssl_version >= TLS1_VERSION && - c->algorithm_enc == SSL_RC4 && + if (s->ssl_version>>8 != TLS1_VERSION_MAJOR || + s->ssl_version < TLS1_VERSION) + return 1; + + if (c->algorithm_enc == SSL_RC4 && c->algorithm_mac == SSL_MD5 && (evp=EVP_get_cipherbyname("RC4-HMAC-MD5"))) *enc = evp, *md = NULL; - else if (s->ssl_version >= TLS1_VERSION && - c->algorithm_enc == SSL_AES128 && + else if (c->algorithm_enc == SSL_AES128 && c->algorithm_mac == SSL_SHA1 && (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) *enc = evp, *md = NULL; - else if (s->ssl_version >= TLS1_VERSION && - c->algorithm_enc == SSL_AES256 && + else if (c->algorithm_enc == SSL_AES256 && c->algorithm_mac == SSL_SHA1 && (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) *enc = evp, *md = NULL;