diff options
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 69628b48df..0537cf0e46 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.239 2020/12/01 07:46:01 tb Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.240 2021/01/09 10:34:29 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1484,22 +1484,30 @@ SSL_set_ciphersuites(SSL *s, const char *str) | |||
| 1484 | char * | 1484 | char * |
| 1485 | SSL_get_shared_ciphers(const SSL *s, char *buf, int len) | 1485 | SSL_get_shared_ciphers(const SSL *s, char *buf, int len) |
| 1486 | { | 1486 | { |
| 1487 | STACK_OF(SSL_CIPHER) *ciphers; | 1487 | STACK_OF(SSL_CIPHER) *client_ciphers, *server_ciphers; |
| 1488 | const SSL_CIPHER *cipher; | 1488 | const SSL_CIPHER *cipher; |
| 1489 | size_t curlen = 0; | 1489 | size_t curlen = 0; |
| 1490 | char *end; | 1490 | char *end; |
| 1491 | int i; | 1491 | int i; |
| 1492 | 1492 | ||
| 1493 | if (s->session == NULL || s->session->ciphers == NULL || len < 2) | 1493 | if (!s->server || s->session == NULL || len < 2) |
| 1494 | return (NULL); | 1494 | return NULL; |
| 1495 | 1495 | ||
| 1496 | ciphers = s->session->ciphers; | 1496 | if ((client_ciphers = s->session->ciphers) == NULL) |
| 1497 | if (sk_SSL_CIPHER_num(ciphers) == 0) | 1497 | return NULL; |
| 1498 | return (NULL); | 1498 | if ((server_ciphers = SSL_get_ciphers(s)) == NULL) |
| 1499 | return NULL; | ||
| 1500 | if (sk_SSL_CIPHER_num(client_ciphers) == 0 || | ||
| 1501 | sk_SSL_CIPHER_num(server_ciphers) == 0) | ||
| 1502 | return NULL; | ||
| 1499 | 1503 | ||
| 1500 | buf[0] = '\0'; | 1504 | buf[0] = '\0'; |
| 1501 | for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { | 1505 | for (i = 0; i < sk_SSL_CIPHER_num(client_ciphers); i++) { |
| 1502 | cipher = sk_SSL_CIPHER_value(ciphers, i); | 1506 | cipher = sk_SSL_CIPHER_value(client_ciphers, i); |
| 1507 | |||
| 1508 | if (sk_SSL_CIPHER_find(server_ciphers, cipher) < 0) | ||
| 1509 | continue; | ||
| 1510 | |||
| 1503 | end = buf + curlen; | 1511 | end = buf + curlen; |
| 1504 | if (strlcat(buf, cipher->name, len) >= len || | 1512 | if (strlcat(buf, cipher->name, len) >= len || |
| 1505 | (curlen = strlcat(buf, ":", len)) >= len) { | 1513 | (curlen = strlcat(buf, ":", len)) >= len) { |
| @@ -1511,7 +1519,7 @@ SSL_get_shared_ciphers(const SSL *s, char *buf, int len) | |||
| 1511 | /* remove trailing colon */ | 1519 | /* remove trailing colon */ |
| 1512 | if ((end = strrchr(buf, ':')) != NULL) | 1520 | if ((end = strrchr(buf, ':')) != NULL) |
| 1513 | *end = '\0'; | 1521 | *end = '\0'; |
| 1514 | return (buf); | 1522 | return buf; |
| 1515 | } | 1523 | } |
| 1516 | 1524 | ||
| 1517 | /* | 1525 | /* |