Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / openssl / a1a5710c055e139ea00e785f9eb55b3af3e4dab1^! / . / ssl / ssl_ciph.c
commita1a5710c055e139ea00e785f9eb55b3af3e4dab1[log] [tgz]
authorBrian Carlstrom <bdc@google.com>Thu Apr 19 11:55:25 2012 -0700
committerBrian Carlstrom <bdc@google.com>Fri Apr 20 11:12:03 2012 -0700
tree7dca5068c195598297266f549b2d4948c1aaedce
parent8dc607f5fdfe0293d04050de758484fc0d22833d [diff] [blame]
openssl-1.0.1a upgrade

Bug: 6366068

Change-Id: I0b6ec75b5c2a8f082b4b0fe6db2697d24f2f9b00

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 1a143a7..5898701 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c

@@ -616,18 +616,19 @@
 		{
 		const EVP_CIPHER *evp;
 
-		if	(s->ssl_version >= TLS1_VERSION &&
-			 c->algorithm_enc == SSL_RC4 &&
+		if (s->ssl_version>>8 != TLS1_VERSION_MAJOR ||
+		    s->ssl_version < TLS1_VERSION)
+			return 1;
+
+		if	(c->algorithm_enc == SSL_RC4 &&
 			 c->algorithm_mac == SSL_MD5 &&
 			 (evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
 			*enc = evp, *md = NULL;
-		else if (s->ssl_version >= TLS1_VERSION &&
-			 c->algorithm_enc == SSL_AES128 &&
+		else if (c->algorithm_enc == SSL_AES128 &&
 			 c->algorithm_mac == SSL_SHA1 &&
 			 (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
 			*enc = evp, *md = NULL;
-		else if (s->ssl_version >= TLS1_VERSION &&
-			 c->algorithm_enc == SSL_AES256 &&
+		else if (c->algorithm_enc == SSL_AES256 &&
 			 c->algorithm_mac == SSL_SHA1 &&
 			 (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
 			*enc = evp, *md = NULL;