1 files changed, 16 insertions, 27 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index b91ba7f0f3..c7ae2a9631 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.171 2017/10/10 16:51:38 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.172 2017/10/11 17:35:00 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1380,51 +1380,40 @@ SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
 }
 int
-ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p,
+ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb)
-    size_t maxlen, size_t *outlen)
 {
        SSL_CIPHER *cipher;
-        int ciphers = 0;
+        int num_ciphers = 0;
-        CBB cbb;
        int i;
-        *outlen = 0;
+        if (ciphers == NULL)
+                return 0;
-        if (sk == NULL)
-                return (0);
-        if (!CBB_init_fixed(&cbb, p, maxlen))
-                goto err;
-        for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
+        for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
-                cipher = sk_SSL_CIPHER_value(sk, i);
+                if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL)
+                        return 0;
                /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
                if ((cipher->algorithm_ssl & SSL_TLSV1_2) &&
                    (TLS1_get_client_version(s) < TLS1_2_VERSION))
                        continue;
-                if (!CBB_add_u16(&cbb, ssl3_cipher_get_value(cipher)))
+                if (!CBB_add_u16(cbb, ssl3_cipher_get_value(cipher)))
-                        goto err;
+                        return 0;
-                ciphers++;
+                num_ciphers++;
        }
        /* Add SCSV if there are other ciphers and we're not renegotiating. */
-        if (ciphers > 0 && !s->internal->renegotiate) {
+        if (num_ciphers > 0 && !s->internal->renegotiate) {
-                if (!CBB_add_u16(&cbb, SSL3_CK_SCSV & SSL3_CK_VALUE_MASK))
+                if (!CBB_add_u16(cbb, SSL3_CK_SCSV & SSL3_CK_VALUE_MASK))
-                        goto err;
+                        return 0;
        }
-        if (!CBB_finish(&cbb, NULL, outlen))
+        if (!CBB_flush(cbb))
-                goto err;
+                return 0;
        return 1;
- err:
-        CBB_cleanup(&cbb);
-        return 0;
 }
 STACK_OF(SSL_CIPHER) *

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index b91ba7f0f3..c7ae2a9631 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_lib.c,v 1.171 2017/10/10 16:51:38 jsing Exp $ */	1	/* $OpenBSD: ssl_lib.c,v 1.172 2017/10/11 17:35:00 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1380,51 +1380,40 @@ SSL_get_shared_ciphers(const SSL s, char buf, int len)
1380	}	1380	}
1381		1381
1382	int	1382	int
1383	ssl_cipher_list_to_bytes(SSL s, STACK_OF(SSL_CIPHER) sk, unsigned char *p,	1383	ssl_cipher_list_to_bytes(SSL s, STACK_OF(SSL_CIPHER) ciphers, CBB *cbb)
1384	size_t maxlen, size_t *outlen)
1385	{	1384	{
1386	SSL_CIPHER *cipher;	1385	SSL_CIPHER *cipher;
1387	int ciphers = 0;	1386	int num_ciphers = 0;
1388	CBB cbb;
1389	int i;	1387	int i;
1390		1388
1391	*outlen = 0;	1389	if (ciphers == NULL)
1392		1390	return 0;
1393	if (sk == NULL)
1394	return (0);
1395
1396	if (!CBB_init_fixed(&cbb, p, maxlen))
1397	goto err;
1398		1391
1399	for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {	1392	for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
1400	cipher = sk_SSL_CIPHER_value(sk, i);	1393	if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL)
		1394	return 0;
1401		1395
1402	/* Skip TLS v1.2 only ciphersuites if lower than v1.2 */	1396	/* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
1403	if ((cipher->algorithm_ssl & SSL_TLSV1_2) &&	1397	if ((cipher->algorithm_ssl & SSL_TLSV1_2) &&
1404	(TLS1_get_client_version(s) < TLS1_2_VERSION))	1398	(TLS1_get_client_version(s) < TLS1_2_VERSION))
1405	continue;	1399	continue;
1406		1400
1407	if (!CBB_add_u16(&cbb, ssl3_cipher_get_value(cipher)))	1401	if (!CBB_add_u16(cbb, ssl3_cipher_get_value(cipher)))
1408	goto err;	1402	return 0;
1409		1403
1410	ciphers++;	1404	num_ciphers++;
1411	}	1405	}
1412		1406
1413	/* Add SCSV if there are other ciphers and we're not renegotiating. */	1407	/* Add SCSV if there are other ciphers and we're not renegotiating. */
1414	if (ciphers > 0 && !s->internal->renegotiate) {	1408	if (num_ciphers > 0 && !s->internal->renegotiate) {
1415	if (!CBB_add_u16(&cbb, SSL3_CK_SCSV & SSL3_CK_VALUE_MASK))	1409	if (!CBB_add_u16(cbb, SSL3_CK_SCSV & SSL3_CK_VALUE_MASK))
1416	goto err;	1410	return 0;
1417	}	1411	}
1418		1412
1419	if (!CBB_finish(&cbb, NULL, outlen))	1413	if (!CBB_flush(cbb))
1420	goto err;	1414	return 0;
1421		1415
1422	return 1;	1416	return 1;
1423
1424	err:
1425	CBB_cleanup(&cbb);
1426
1427	return 0;
1428	}	1417	}
1429		1418
1430	STACK_OF(SSL_CIPHER) *	1419	STACK_OF(SSL_CIPHER) *