summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_lib.c')
-rw-r--r--src/lib/libssl/ssl_lib.c19
1 files changed, 11 insertions, 8 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 55ab469df5..e5dedf0ba4 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.81 2014/08/11 10:46:19 jsing Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.82 2014/08/23 14:52:41 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1408,6 +1408,8 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
1408 const SSL_CIPHER *c; 1408 const SSL_CIPHER *c;
1409 STACK_OF(SSL_CIPHER) *sk; 1409 STACK_OF(SSL_CIPHER) *sk;
1410 int i; 1410 int i;
1411 unsigned int cipher_id;
1412 uint16_t cipher_value;
1411 1413
1412 if (s->s3) 1414 if (s->s3)
1413 s->s3->send_connection_binding = 0; 1415 s->s3->send_connection_binding = 0;
@@ -1427,10 +1429,12 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
1427 } 1429 }
1428 1430
1429 for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) { 1431 for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) {
1432 n2s(p, cipher_value);
1433 cipher_id = SSL3_CK_ID | cipher_value;
1434
1430 /* Check for SCSV */ 1435 /* Check for SCSV */
1431 if (s->s3 && (p[0] == ((SSL3_CK_SCSV >> 8) & 0xff)) && 1436 if (s->s3 && cipher_id == SSL3_CK_SCSV) {
1432 (p[1] == (SSL3_CK_SCSV & 0xff))) { 1437 /* SCSV is fatal if renegotiating. */
1433 /* SCSV fatal if renegotiating */
1434 if (s->renegotiate) { 1438 if (s->renegotiate) {
1435 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, 1439 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1436 SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); 1440 SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
@@ -1440,12 +1444,10 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
1440 goto err; 1444 goto err;
1441 } 1445 }
1442 s->s3->send_connection_binding = 1; 1446 s->s3->send_connection_binding = 1;
1443 p += SSL3_CIPHER_VALUE_SIZE;
1444 continue; 1447 continue;
1445 } 1448 }
1446 1449
1447 c = ssl3_get_cipher_by_char(p); 1450 c = ssl3_get_cipher_by_id(cipher_id);
1448 p += SSL3_CIPHER_VALUE_SIZE;
1449 if (c != NULL) { 1451 if (c != NULL) {
1450 if (!sk_SSL_CIPHER_push(sk, c)) { 1452 if (!sk_SSL_CIPHER_push(sk, c)) {
1451 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, 1453 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
@@ -1458,8 +1460,9 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
1458 if (skp != NULL) 1460 if (skp != NULL)
1459 *skp = sk; 1461 *skp = sk;
1460 return (sk); 1462 return (sk);
1463
1461err: 1464err:
1462 if ((skp == NULL) || (*skp == NULL)) 1465 if (skp == NULL || *skp == NULL)
1463 sk_SSL_CIPHER_free(sk); 1466 sk_SSL_CIPHER_free(sk);
1464 return (NULL); 1467 return (NULL);
1465} 1468}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 02:49:50 +0000