gnutls_priority_get_cipher_suite_index: do not return values for non-existent ciphers

That is, do return only the enabled algorithms in states like FIPS140-2, rather than returning the set that would have been enabled if these restrictions wouldn't be in place. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-03-01 13:39:39 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-03-01 14:34:43 +0100
commit: cdd159f030a023c287709ee2163063103c3e6fd2 (patch)
tree: 74ace3ff1c28c7a7345626825cddb39d426e021f
parent: f6038b7a6aaf9ae0fba130464a4a8674b9a08067 (diff)
download: gnutls-cdd159f030a023c287709ee2163063103c3e6fd2.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c
index 3fb417dc70..7c8959efaf 100644
--- a/lib/algorithms/ciphersuites.c
+++ b/lib/algorithms/ciphersuites.c
@@ -1674,7 +1674,12 @@ gnutls_priority_get_cipher_suite_index(gnutls_priority_t pcache,
 		    && cs_algorithms[i].mac_algorithm ==
 		    pcache->mac.priority[mac_idx]) {
 			*sidx = i;
-			return 0;
+
+			if (_gnutls_cipher_exists(cs_algorithms[i].block_algorithm) &&
+			    _gnutls_mac_exists(cs_algorithms[i].mac_algorithm))
+				return 0;
+			else
+				break;
 		}
 	}
 	return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-03-01 13:39:39 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-03-01 14:34:43 +0100
commit	cdd159f030a023c287709ee2163063103c3e6fd2 (patch)
tree	74ace3ff1c28c7a7345626825cddb39d426e021f
parent	f6038b7a6aaf9ae0fba130464a4a8674b9a08067 (diff)
download	gnutls-cdd159f030a023c287709ee2163063103c3e6fd2.tar.gz