diff options
| author | doug <> | 2015-06-28 00:08:27 +0000 |
|---|---|---|
| committer | doug <> | 2015-06-28 00:08:27 +0000 |
| commit | 1618490a96ac0f443d379bc3d4dcf04769edd0ce (patch) | |
| tree | d16b139f0e8b37e46fb1c729c4b18620699b2549 /src/lib/libssl/ssl_lib.c | |
| parent | a37b07aa0776c4c4f84a698161d022b845148dde (diff) | |
| download | openbsd-1618490a96ac0f443d379bc3d4dcf04769edd0ce.tar.gz openbsd-1618490a96ac0f443d379bc3d4dcf04769edd0ce.tar.bz2 openbsd-1618490a96ac0f443d379bc3d4dcf04769edd0ce.zip | |
Convert ssl_bytes_to_cipher_list to CBS.
Link in the new 'unit' regress and expand the invalid tests to include
some that would fail before the CBS conversion.
input + ok miod@ jsing@
Diffstat (limited to 'src/lib/libssl/ssl_lib.c')
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index b5ce2ea5ac..1dd518d0b8 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.103 2015/04/15 16:25:43 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.104 2015/06/28 00:08:27 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -155,6 +155,8 @@ | |||
| 155 | #include <openssl/engine.h> | 155 | #include <openssl/engine.h> |
| 156 | #endif | 156 | #endif |
| 157 | 157 | ||
| 158 | #include "bytestring.h" | ||
| 159 | |||
| 158 | const char *SSL_version_str = OPENSSL_VERSION_TEXT; | 160 | const char *SSL_version_str = OPENSSL_VERSION_TEXT; |
| 159 | 161 | ||
| 160 | SSL3_ENC_METHOD ssl3_undef_enc_method = { | 162 | SSL3_ENC_METHOD ssl3_undef_enc_method = { |
| @@ -1410,19 +1412,21 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p) | |||
| 1410 | } | 1412 | } |
| 1411 | 1413 | ||
| 1412 | STACK_OF(SSL_CIPHER) * | 1414 | STACK_OF(SSL_CIPHER) * |
| 1413 | ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num) | 1415 | ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num) |
| 1414 | { | 1416 | { |
| 1417 | CBS cbs; | ||
| 1415 | const SSL_CIPHER *c; | 1418 | const SSL_CIPHER *c; |
| 1416 | STACK_OF(SSL_CIPHER) *sk = NULL; | 1419 | STACK_OF(SSL_CIPHER) *sk = NULL; |
| 1417 | int i; | ||
| 1418 | unsigned long cipher_id; | 1420 | unsigned long cipher_id; |
| 1419 | uint16_t cipher_value; | 1421 | uint16_t cipher_value, max_version; |
| 1420 | uint16_t max_version; | ||
| 1421 | 1422 | ||
| 1422 | if (s->s3) | 1423 | if (s->s3) |
| 1423 | s->s3->send_connection_binding = 0; | 1424 | s->s3->send_connection_binding = 0; |
| 1424 | 1425 | ||
| 1425 | if ((num % SSL3_CIPHER_VALUE_SIZE) != 0) { | 1426 | /* |
| 1427 | * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2]. | ||
| 1428 | */ | ||
| 1429 | if (num < 2 || num > 0x10000 - 2) { | ||
| 1426 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, | 1430 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, |
| 1427 | SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); | 1431 | SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); |
| 1428 | return (NULL); | 1432 | return (NULL); |
| @@ -1433,8 +1437,14 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num) | |||
| 1433 | goto err; | 1437 | goto err; |
| 1434 | } | 1438 | } |
| 1435 | 1439 | ||
| 1436 | for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) { | 1440 | CBS_init(&cbs, p, num); |
| 1437 | n2s(p, cipher_value); | 1441 | while (CBS_len(&cbs) > 0) { |
| 1442 | if (!CBS_get_u16(&cbs, &cipher_value)) { | ||
| 1443 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, | ||
| 1444 | SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); | ||
| 1445 | goto err; | ||
| 1446 | } | ||
| 1447 | |||
| 1438 | cipher_id = SSL3_CK_ID | cipher_value; | 1448 | cipher_id = SSL3_CK_ID | cipher_value; |
| 1439 | 1449 | ||
| 1440 | if (s->s3 != NULL && cipher_id == SSL3_CK_SCSV) { | 1450 | if (s->s3 != NULL && cipher_id == SSL3_CK_SCSV) { |