diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-01 13:39:39 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-01 14:34:43 +0100 |
commit | cdd159f030a023c287709ee2163063103c3e6fd2 (patch) | |
tree | 74ace3ff1c28c7a7345626825cddb39d426e021f | |
parent | f6038b7a6aaf9ae0fba130464a4a8674b9a08067 (diff) | |
download | gnutls-cdd159f030a023c287709ee2163063103c3e6fd2.tar.gz |
gnutls_priority_get_cipher_suite_index: do not return values for non-existent ciphers
That is, do return only the enabled algorithms in states like FIPS140-2,
rather than returning the set that would have been enabled if these
restrictions wouldn't be in place.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/algorithms/ciphersuites.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index 3fb417dc70..7c8959efaf 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -1674,7 +1674,12 @@ gnutls_priority_get_cipher_suite_index(gnutls_priority_t pcache, && cs_algorithms[i].mac_algorithm == pcache->mac.priority[mac_idx]) { *sidx = i; - return 0; + + if (_gnutls_cipher_exists(cs_algorithms[i].block_algorithm) && + _gnutls_mac_exists(cs_algorithms[i].mac_algorithm)) + return 0; + else + break; } } return GNUTLS_E_UNKNOWN_CIPHER_SUITE; |