diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 848de8c268..9ccc67acb9 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.87 2014/08/11 01:10:42 jsing Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.88 2014/08/23 14:52:41 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -775,9 +775,10 @@ ssl3_get_server_hello(SSL *s) | |||
| 775 | { | 775 | { |
| 776 | STACK_OF(SSL_CIPHER) *sk; | 776 | STACK_OF(SSL_CIPHER) *sk; |
| 777 | const SSL_CIPHER *c; | 777 | const SSL_CIPHER *c; |
| 778 | unsigned char *p, *d; | 778 | unsigned char *p, *q, *d; |
| 779 | int i, al, ok; | 779 | int i, al, ok; |
| 780 | unsigned int j; | 780 | unsigned int j, cipher_id; |
| 781 | uint16_t cipher_value; | ||
| 781 | long n; | 782 | long n; |
| 782 | 783 | ||
| 783 | n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, | 784 | n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, |
| @@ -830,7 +831,7 @@ ssl3_get_server_hello(SSL *s) | |||
| 830 | p += SSL3_RANDOM_SIZE; | 831 | p += SSL3_RANDOM_SIZE; |
| 831 | 832 | ||
| 832 | /* get the session-id */ | 833 | /* get the session-id */ |
| 833 | j= *(p++); | 834 | j = *(p++); |
| 834 | 835 | ||
| 835 | if ((j > sizeof s->session->session_id) || | 836 | if ((j > sizeof s->session->session_id) || |
| 836 | (j > SSL3_SESSION_ID_SIZE)) { | 837 | (j > SSL3_SESSION_ID_SIZE)) { |
| @@ -843,6 +844,11 @@ ssl3_get_server_hello(SSL *s) | |||
| 843 | if (p + j + 2 - d > n) | 844 | if (p + j + 2 - d > n) |
| 844 | goto truncated; | 845 | goto truncated; |
| 845 | 846 | ||
| 847 | /* Get the cipher value. */ | ||
| 848 | q = p + j; | ||
| 849 | n2s(q, cipher_value); | ||
| 850 | cipher_id = SSL3_CK_ID | cipher_value; | ||
| 851 | |||
| 846 | /* | 852 | /* |
| 847 | * Check if we want to resume the session based on external | 853 | * Check if we want to resume the session based on external |
| 848 | * pre-shared secret | 854 | * pre-shared secret |
| @@ -854,7 +860,7 @@ ssl3_get_server_hello(SSL *s) | |||
| 854 | &s->session->master_key_length, NULL, &pref_cipher, | 860 | &s->session->master_key_length, NULL, &pref_cipher, |
| 855 | s->tls_session_secret_cb_arg)) { | 861 | s->tls_session_secret_cb_arg)) { |
| 856 | s->session->cipher = pref_cipher ? | 862 | s->session->cipher = pref_cipher ? |
| 857 | pref_cipher : ssl3_get_cipher_by_char(p + j); | 863 | pref_cipher : ssl3_get_cipher_by_id(cipher_id); |
| 858 | s->s3->flags |= SSL3_FLAGS_CCS_OK; | 864 | s->s3->flags |= SSL3_FLAGS_CCS_OK; |
| 859 | } | 865 | } |
| 860 | } | 866 | } |
| @@ -885,10 +891,11 @@ ssl3_get_server_hello(SSL *s) | |||
| 885 | } | 891 | } |
| 886 | } | 892 | } |
| 887 | s->session->session_id_length = j; | 893 | s->session->session_id_length = j; |
| 888 | memcpy(s->session->session_id,p,j); /* j could be 0 */ | 894 | memcpy(s->session->session_id, p, j); /* j could be 0 */ |
| 889 | } | 895 | } |
| 890 | p += j; | 896 | p += j; |
| 891 | c = ssl3_get_cipher_by_char(p); | 897 | |
| 898 | c = ssl3_get_cipher_by_id(cipher_id); | ||
| 892 | if (c == NULL) { | 899 | if (c == NULL) { |
| 893 | /* unknown cipher */ | 900 | /* unknown cipher */ |
| 894 | al = SSL_AD_ILLEGAL_PARAMETER; | 901 | al = SSL_AD_ILLEGAL_PARAMETER; |
| @@ -896,6 +903,7 @@ ssl3_get_server_hello(SSL *s) | |||
| 896 | SSL_R_UNKNOWN_CIPHER_RETURNED); | 903 | SSL_R_UNKNOWN_CIPHER_RETURNED); |
| 897 | goto f_err; | 904 | goto f_err; |
| 898 | } | 905 | } |
| 906 | |||
| 899 | /* TLS v1.2 only ciphersuites require v1.2 or later */ | 907 | /* TLS v1.2 only ciphersuites require v1.2 or later */ |
| 900 | if ((c->algorithm_ssl & SSL_TLSV1_2) && | 908 | if ((c->algorithm_ssl & SSL_TLSV1_2) && |
| 901 | (TLS1_get_version(s) < TLS1_2_VERSION)) { | 909 | (TLS1_get_version(s) < TLS1_2_VERSION)) { |