diff options
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_lib.c | 26 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_locl.h | 4 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 26 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 4 |
4 files changed, 40 insertions, 20 deletions
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c index b5ce2ea5ac..1dd518d0b8 100644 --- a/src/lib/libssl/src/ssl/ssl_lib.c +++ b/src/lib/libssl/src/ssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.103 2015/04/15 16:25:43 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.104 2015/06/28 00:08:27 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -155,6 +155,8 @@ | |||
| 155 | #include <openssl/engine.h> | 155 | #include <openssl/engine.h> |
| 156 | #endif | 156 | #endif |
| 157 | 157 | ||
| 158 | #include "bytestring.h" | ||
| 159 | |||
| 158 | const char *SSL_version_str = OPENSSL_VERSION_TEXT; | 160 | const char *SSL_version_str = OPENSSL_VERSION_TEXT; |
| 159 | 161 | ||
| 160 | SSL3_ENC_METHOD ssl3_undef_enc_method = { | 162 | SSL3_ENC_METHOD ssl3_undef_enc_method = { |
| @@ -1410,19 +1412,21 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p) | |||
| 1410 | } | 1412 | } |
| 1411 | 1413 | ||
| 1412 | STACK_OF(SSL_CIPHER) * | 1414 | STACK_OF(SSL_CIPHER) * |
| 1413 | ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num) | 1415 | ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num) |
| 1414 | { | 1416 | { |
| 1417 | CBS cbs; | ||
| 1415 | const SSL_CIPHER *c; | 1418 | const SSL_CIPHER *c; |
| 1416 | STACK_OF(SSL_CIPHER) *sk = NULL; | 1419 | STACK_OF(SSL_CIPHER) *sk = NULL; |
| 1417 | int i; | ||
| 1418 | unsigned long cipher_id; | 1420 | unsigned long cipher_id; |
| 1419 | uint16_t cipher_value; | 1421 | uint16_t cipher_value, max_version; |
| 1420 | uint16_t max_version; | ||
| 1421 | 1422 | ||
| 1422 | if (s->s3) | 1423 | if (s->s3) |
| 1423 | s->s3->send_connection_binding = 0; | 1424 | s->s3->send_connection_binding = 0; |
| 1424 | 1425 | ||
| 1425 | if ((num % SSL3_CIPHER_VALUE_SIZE) != 0) { | 1426 | /* |
| 1427 | * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2]. | ||
| 1428 | */ | ||
| 1429 | if (num < 2 || num > 0x10000 - 2) { | ||
| 1426 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, | 1430 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, |
| 1427 | SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); | 1431 | SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); |
| 1428 | return (NULL); | 1432 | return (NULL); |
| @@ -1433,8 +1437,14 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num) | |||
| 1433 | goto err; | 1437 | goto err; |
| 1434 | } | 1438 | } |
| 1435 | 1439 | ||
| 1436 | for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) { | 1440 | CBS_init(&cbs, p, num); |
| 1437 | n2s(p, cipher_value); | 1441 | while (CBS_len(&cbs) > 0) { |
| 1442 | if (!CBS_get_u16(&cbs, &cipher_value)) { | ||
| 1443 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, | ||
| 1444 | SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); | ||
| 1445 | goto err; | ||
| 1446 | } | ||
| 1447 | |||
| 1438 | cipher_id = SSL3_CK_ID | cipher_value; | 1448 | cipher_id = SSL3_CK_ID | cipher_value; |
| 1439 | 1449 | ||
| 1440 | if (s->s3 != NULL && cipher_id == SSL3_CK_SCSV) { | 1450 | if (s->s3 != NULL && cipher_id == SSL3_CK_SCSV) { |
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index 43c6974268..8116bfddfa 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.93 2015/06/20 16:42:48 doug Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.94 2015/06/28 00:08:27 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -569,7 +569,7 @@ int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); | |||
| 569 | DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); | 569 | DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); |
| 570 | int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, | 570 | int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, |
| 571 | const SSL_CIPHER * const *bp); | 571 | const SSL_CIPHER * const *bp); |
| 572 | STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, | 572 | STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, |
| 573 | int num); | 573 | int num); |
| 574 | int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, | 574 | int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, |
| 575 | unsigned char *p); | 575 | unsigned char *p); |
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index b5ce2ea5ac..1dd518d0b8 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.103 2015/04/15 16:25:43 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.104 2015/06/28 00:08:27 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -155,6 +155,8 @@ | |||
| 155 | #include <openssl/engine.h> | 155 | #include <openssl/engine.h> |
| 156 | #endif | 156 | #endif |
| 157 | 157 | ||
| 158 | #include "bytestring.h" | ||
| 159 | |||
| 158 | const char *SSL_version_str = OPENSSL_VERSION_TEXT; | 160 | const char *SSL_version_str = OPENSSL_VERSION_TEXT; |
| 159 | 161 | ||
| 160 | SSL3_ENC_METHOD ssl3_undef_enc_method = { | 162 | SSL3_ENC_METHOD ssl3_undef_enc_method = { |
| @@ -1410,19 +1412,21 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p) | |||
| 1410 | } | 1412 | } |
| 1411 | 1413 | ||
| 1412 | STACK_OF(SSL_CIPHER) * | 1414 | STACK_OF(SSL_CIPHER) * |
| 1413 | ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num) | 1415 | ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num) |
| 1414 | { | 1416 | { |
| 1417 | CBS cbs; | ||
| 1415 | const SSL_CIPHER *c; | 1418 | const SSL_CIPHER *c; |
| 1416 | STACK_OF(SSL_CIPHER) *sk = NULL; | 1419 | STACK_OF(SSL_CIPHER) *sk = NULL; |
| 1417 | int i; | ||
| 1418 | unsigned long cipher_id; | 1420 | unsigned long cipher_id; |
| 1419 | uint16_t cipher_value; | 1421 | uint16_t cipher_value, max_version; |
| 1420 | uint16_t max_version; | ||
| 1421 | 1422 | ||
| 1422 | if (s->s3) | 1423 | if (s->s3) |
| 1423 | s->s3->send_connection_binding = 0; | 1424 | s->s3->send_connection_binding = 0; |
| 1424 | 1425 | ||
| 1425 | if ((num % SSL3_CIPHER_VALUE_SIZE) != 0) { | 1426 | /* |
| 1427 | * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2]. | ||
| 1428 | */ | ||
| 1429 | if (num < 2 || num > 0x10000 - 2) { | ||
| 1426 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, | 1430 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, |
| 1427 | SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); | 1431 | SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); |
| 1428 | return (NULL); | 1432 | return (NULL); |
| @@ -1433,8 +1437,14 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num) | |||
| 1433 | goto err; | 1437 | goto err; |
| 1434 | } | 1438 | } |
| 1435 | 1439 | ||
| 1436 | for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) { | 1440 | CBS_init(&cbs, p, num); |
| 1437 | n2s(p, cipher_value); | 1441 | while (CBS_len(&cbs) > 0) { |
| 1442 | if (!CBS_get_u16(&cbs, &cipher_value)) { | ||
| 1443 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, | ||
| 1444 | SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); | ||
| 1445 | goto err; | ||
| 1446 | } | ||
| 1447 | |||
| 1438 | cipher_id = SSL3_CK_ID | cipher_value; | 1448 | cipher_id = SSL3_CK_ID | cipher_value; |
| 1439 | 1449 | ||
| 1440 | if (s->s3 != NULL && cipher_id == SSL3_CK_SCSV) { | 1450 | if (s->s3 != NULL && cipher_id == SSL3_CK_SCSV) { |
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 43c6974268..8116bfddfa 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.93 2015/06/20 16:42:48 doug Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.94 2015/06/28 00:08:27 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -569,7 +569,7 @@ int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); | |||
| 569 | DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); | 569 | DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); |
| 570 | int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, | 570 | int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, |
| 571 | const SSL_CIPHER * const *bp); | 571 | const SSL_CIPHER * const *bp); |
| 572 | STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, | 572 | STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, |
| 573 | int num); | 573 | int num); |
| 574 | int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, | 574 | int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, |
| 575 | unsigned char *p); | 575 | unsigned char *p); |