diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 12 | ||||
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 23 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_clnt.c | 12 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_lib.c | 23 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_lib.c | 9 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 9 |
6 files changed, 28 insertions, 60 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index b2c7517598..9b52691015 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.106 2015/02/06 09:58:52 jsing Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.107 2015/02/07 05:46:01 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -773,7 +773,7 @@ ssl3_get_server_hello(SSL *s) | |||
| 773 | const SSL_CIPHER *c; | 773 | const SSL_CIPHER *c; |
| 774 | unsigned char *p, *q, *d; | 774 | unsigned char *p, *q, *d; |
| 775 | int i, al, ok; | 775 | int i, al, ok; |
| 776 | unsigned int j, cipher_id; | 776 | unsigned int j; |
| 777 | uint16_t cipher_value; | 777 | uint16_t cipher_value; |
| 778 | long n; | 778 | long n; |
| 779 | unsigned long alg_k; | 779 | unsigned long alg_k; |
| @@ -844,7 +844,6 @@ ssl3_get_server_hello(SSL *s) | |||
| 844 | /* Get the cipher value. */ | 844 | /* Get the cipher value. */ |
| 845 | q = p + j; | 845 | q = p + j; |
| 846 | n2s(q, cipher_value); | 846 | n2s(q, cipher_value); |
| 847 | cipher_id = SSL3_CK_ID | cipher_value; | ||
| 848 | 847 | ||
| 849 | /* | 848 | /* |
| 850 | * Check if we want to resume the session based on external | 849 | * Check if we want to resume the session based on external |
| @@ -856,8 +855,8 @@ ssl3_get_server_hello(SSL *s) | |||
| 856 | if (s->tls_session_secret_cb(s, s->session->master_key, | 855 | if (s->tls_session_secret_cb(s, s->session->master_key, |
| 857 | &s->session->master_key_length, NULL, &pref_cipher, | 856 | &s->session->master_key_length, NULL, &pref_cipher, |
| 858 | s->tls_session_secret_cb_arg)) { | 857 | s->tls_session_secret_cb_arg)) { |
| 859 | s->session->cipher = pref_cipher ? | 858 | s->session->cipher = pref_cipher ? pref_cipher : |
| 860 | pref_cipher : ssl3_get_cipher_by_id(cipher_id); | 859 | ssl3_get_cipher_by_value(cipher_value); |
| 861 | s->s3->flags |= SSL3_FLAGS_CCS_OK; | 860 | s->s3->flags |= SSL3_FLAGS_CCS_OK; |
| 862 | } | 861 | } |
| 863 | } | 862 | } |
| @@ -892,8 +891,7 @@ ssl3_get_server_hello(SSL *s) | |||
| 892 | } | 891 | } |
| 893 | p += j; | 892 | p += j; |
| 894 | 893 | ||
| 895 | c = ssl3_get_cipher_by_id(cipher_id); | 894 | if ((c = ssl3_get_cipher_by_value(cipher_value)) == NULL) { |
| 896 | if (c == NULL) { | ||
| 897 | /* unknown cipher */ | 895 | /* unknown cipher */ |
| 898 | al = SSL_AD_ILLEGAL_PARAMETER; | 896 | al = SSL_AD_ILLEGAL_PARAMETER; |
| 899 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, | 897 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, |
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index a1428907ac..aae497abed 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.93 2015/02/07 04:17:11 jsing Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.94 2015/02/07 05:46:01 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2532,30 +2532,19 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) | |||
| 2532 | const SSL_CIPHER * | 2532 | const SSL_CIPHER * |
| 2533 | ssl3_get_cipher_by_char(const unsigned char *p) | 2533 | ssl3_get_cipher_by_char(const unsigned char *p) |
| 2534 | { | 2534 | { |
| 2535 | const SSL_CIPHER *cp; | 2535 | uint16_t cipher_value; |
| 2536 | unsigned long id; | ||
| 2537 | SSL_CIPHER c; | ||
| 2538 | 2536 | ||
| 2539 | id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1]; | 2537 | n2s(p, cipher_value); |
| 2540 | c.id = id; | 2538 | return ssl3_get_cipher_by_value(cipher_value); |
| 2541 | cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); | ||
| 2542 | if (cp == NULL || cp->valid == 0) | ||
| 2543 | return NULL; | ||
| 2544 | else | ||
| 2545 | return cp; | ||
| 2546 | } | 2539 | } |
| 2547 | 2540 | ||
| 2548 | int | 2541 | int |
| 2549 | ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) | 2542 | ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) |
| 2550 | { | 2543 | { |
| 2551 | long l; | ||
| 2552 | |||
| 2553 | if (p != NULL) { | 2544 | if (p != NULL) { |
| 2554 | l = c->id; | 2545 | if ((c->id & ~SSL3_CK_VALUE_MASK) != SSL3_CK_ID) |
| 2555 | if ((l & 0xff000000) != 0x03000000) | ||
| 2556 | return (0); | 2546 | return (0); |
| 2557 | p[0] = ((unsigned char)(l >> 8L)) & 0xFF; | 2547 | s2n(ssl3_cipher_get_value(c), p); |
| 2558 | p[1] = ((unsigned char)(l)) & 0xFF; | ||
| 2559 | } | 2548 | } |
| 2560 | return (2); | 2549 | return (2); |
| 2561 | } | 2550 | } |
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index b2c7517598..9b52691015 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.106 2015/02/06 09:58:52 jsing Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.107 2015/02/07 05:46:01 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -773,7 +773,7 @@ ssl3_get_server_hello(SSL *s) | |||
| 773 | const SSL_CIPHER *c; | 773 | const SSL_CIPHER *c; |
| 774 | unsigned char *p, *q, *d; | 774 | unsigned char *p, *q, *d; |
| 775 | int i, al, ok; | 775 | int i, al, ok; |
| 776 | unsigned int j, cipher_id; | 776 | unsigned int j; |
| 777 | uint16_t cipher_value; | 777 | uint16_t cipher_value; |
| 778 | long n; | 778 | long n; |
| 779 | unsigned long alg_k; | 779 | unsigned long alg_k; |
| @@ -844,7 +844,6 @@ ssl3_get_server_hello(SSL *s) | |||
| 844 | /* Get the cipher value. */ | 844 | /* Get the cipher value. */ |
| 845 | q = p + j; | 845 | q = p + j; |
| 846 | n2s(q, cipher_value); | 846 | n2s(q, cipher_value); |
| 847 | cipher_id = SSL3_CK_ID | cipher_value; | ||
| 848 | 847 | ||
| 849 | /* | 848 | /* |
| 850 | * Check if we want to resume the session based on external | 849 | * Check if we want to resume the session based on external |
| @@ -856,8 +855,8 @@ ssl3_get_server_hello(SSL *s) | |||
| 856 | if (s->tls_session_secret_cb(s, s->session->master_key, | 855 | if (s->tls_session_secret_cb(s, s->session->master_key, |
| 857 | &s->session->master_key_length, NULL, &pref_cipher, | 856 | &s->session->master_key_length, NULL, &pref_cipher, |
| 858 | s->tls_session_secret_cb_arg)) { | 857 | s->tls_session_secret_cb_arg)) { |
| 859 | s->session->cipher = pref_cipher ? | 858 | s->session->cipher = pref_cipher ? pref_cipher : |
| 860 | pref_cipher : ssl3_get_cipher_by_id(cipher_id); | 859 | ssl3_get_cipher_by_value(cipher_value); |
| 861 | s->s3->flags |= SSL3_FLAGS_CCS_OK; | 860 | s->s3->flags |= SSL3_FLAGS_CCS_OK; |
| 862 | } | 861 | } |
| 863 | } | 862 | } |
| @@ -892,8 +891,7 @@ ssl3_get_server_hello(SSL *s) | |||
| 892 | } | 891 | } |
| 893 | p += j; | 892 | p += j; |
| 894 | 893 | ||
| 895 | c = ssl3_get_cipher_by_id(cipher_id); | 894 | if ((c = ssl3_get_cipher_by_value(cipher_value)) == NULL) { |
| 896 | if (c == NULL) { | ||
| 897 | /* unknown cipher */ | 895 | /* unknown cipher */ |
| 898 | al = SSL_AD_ILLEGAL_PARAMETER; | 896 | al = SSL_AD_ILLEGAL_PARAMETER; |
| 899 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, | 897 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, |
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c index a1428907ac..aae497abed 100644 --- a/src/lib/libssl/src/ssl/s3_lib.c +++ b/src/lib/libssl/src/ssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.93 2015/02/07 04:17:11 jsing Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.94 2015/02/07 05:46:01 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2532,30 +2532,19 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) | |||
| 2532 | const SSL_CIPHER * | 2532 | const SSL_CIPHER * |
| 2533 | ssl3_get_cipher_by_char(const unsigned char *p) | 2533 | ssl3_get_cipher_by_char(const unsigned char *p) |
| 2534 | { | 2534 | { |
| 2535 | const SSL_CIPHER *cp; | 2535 | uint16_t cipher_value; |
| 2536 | unsigned long id; | ||
| 2537 | SSL_CIPHER c; | ||
| 2538 | 2536 | ||
| 2539 | id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1]; | 2537 | n2s(p, cipher_value); |
| 2540 | c.id = id; | 2538 | return ssl3_get_cipher_by_value(cipher_value); |
| 2541 | cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); | ||
| 2542 | if (cp == NULL || cp->valid == 0) | ||
| 2543 | return NULL; | ||
| 2544 | else | ||
| 2545 | return cp; | ||
| 2546 | } | 2539 | } |
| 2547 | 2540 | ||
| 2548 | int | 2541 | int |
| 2549 | ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) | 2542 | ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) |
| 2550 | { | 2543 | { |
| 2551 | long l; | ||
| 2552 | |||
| 2553 | if (p != NULL) { | 2544 | if (p != NULL) { |
| 2554 | l = c->id; | 2545 | if ((c->id & ~SSL3_CK_VALUE_MASK) != SSL3_CK_ID) |
| 2555 | if ((l & 0xff000000) != 0x03000000) | ||
| 2556 | return (0); | 2546 | return (0); |
| 2557 | p[0] = ((unsigned char)(l >> 8L)) & 0xFF; | 2547 | s2n(ssl3_cipher_get_value(c), p); |
| 2558 | p[1] = ((unsigned char)(l)) & 0xFF; | ||
| 2559 | } | 2548 | } |
| 2560 | return (2); | 2549 | return (2); |
| 2561 | } | 2550 | } |
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c index 5bf43623fc..8ecb37d1be 100644 --- a/src/lib/libssl/src/ssl/ssl_lib.c +++ b/src/lib/libssl/src/ssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.95 2015/01/22 09:12:57 reyk Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.96 2015/02/07 05:46:01 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1420,7 +1420,6 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, | |||
| 1420 | const SSL_CIPHER *c; | 1420 | const SSL_CIPHER *c; |
| 1421 | STACK_OF(SSL_CIPHER) *sk; | 1421 | STACK_OF(SSL_CIPHER) *sk; |
| 1422 | int i; | 1422 | int i; |
| 1423 | unsigned int cipher_id; | ||
| 1424 | uint16_t cipher_value; | 1423 | uint16_t cipher_value; |
| 1425 | 1424 | ||
| 1426 | if (s->s3) | 1425 | if (s->s3) |
| @@ -1442,10 +1441,9 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, | |||
| 1442 | 1441 | ||
| 1443 | for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) { | 1442 | for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) { |
| 1444 | n2s(p, cipher_value); | 1443 | n2s(p, cipher_value); |
| 1445 | cipher_id = SSL3_CK_ID | cipher_value; | ||
| 1446 | 1444 | ||
| 1447 | /* Check for SCSV */ | 1445 | /* Check for SCSV */ |
| 1448 | if (s->s3 && cipher_id == SSL3_CK_SCSV) { | 1446 | if (s->s3 && (SSL3_CK_ID | cipher_value) == SSL3_CK_SCSV) { |
| 1449 | /* SCSV is fatal if renegotiating. */ | 1447 | /* SCSV is fatal if renegotiating. */ |
| 1450 | if (s->renegotiate) { | 1448 | if (s->renegotiate) { |
| 1451 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, | 1449 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, |
| @@ -1459,8 +1457,7 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, | |||
| 1459 | continue; | 1457 | continue; |
| 1460 | } | 1458 | } |
| 1461 | 1459 | ||
| 1462 | c = ssl3_get_cipher_by_id(cipher_id); | 1460 | if ((c = ssl3_get_cipher_by_value(cipher_value)) != NULL) { |
| 1463 | if (c != NULL) { | ||
| 1464 | if (!sk_SSL_CIPHER_push(sk, c)) { | 1461 | if (!sk_SSL_CIPHER_push(sk, c)) { |
| 1465 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, | 1462 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, |
| 1466 | ERR_R_MALLOC_FAILURE); | 1463 | ERR_R_MALLOC_FAILURE); |
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 5bf43623fc..8ecb37d1be 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.95 2015/01/22 09:12:57 reyk Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.96 2015/02/07 05:46:01 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1420,7 +1420,6 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, | |||
| 1420 | const SSL_CIPHER *c; | 1420 | const SSL_CIPHER *c; |
| 1421 | STACK_OF(SSL_CIPHER) *sk; | 1421 | STACK_OF(SSL_CIPHER) *sk; |
| 1422 | int i; | 1422 | int i; |
| 1423 | unsigned int cipher_id; | ||
| 1424 | uint16_t cipher_value; | 1423 | uint16_t cipher_value; |
| 1425 | 1424 | ||
| 1426 | if (s->s3) | 1425 | if (s->s3) |
| @@ -1442,10 +1441,9 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, | |||
| 1442 | 1441 | ||
| 1443 | for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) { | 1442 | for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) { |
| 1444 | n2s(p, cipher_value); | 1443 | n2s(p, cipher_value); |
| 1445 | cipher_id = SSL3_CK_ID | cipher_value; | ||
| 1446 | 1444 | ||
| 1447 | /* Check for SCSV */ | 1445 | /* Check for SCSV */ |
| 1448 | if (s->s3 && cipher_id == SSL3_CK_SCSV) { | 1446 | if (s->s3 && (SSL3_CK_ID | cipher_value) == SSL3_CK_SCSV) { |
| 1449 | /* SCSV is fatal if renegotiating. */ | 1447 | /* SCSV is fatal if renegotiating. */ |
| 1450 | if (s->renegotiate) { | 1448 | if (s->renegotiate) { |
| 1451 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, | 1449 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, |
| @@ -1459,8 +1457,7 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, | |||
| 1459 | continue; | 1457 | continue; |
| 1460 | } | 1458 | } |
| 1461 | 1459 | ||
| 1462 | c = ssl3_get_cipher_by_id(cipher_id); | 1460 | if ((c = ssl3_get_cipher_by_value(cipher_value)) != NULL) { |
| 1463 | if (c != NULL) { | ||
| 1464 | if (!sk_SSL_CIPHER_push(sk, c)) { | 1461 | if (!sk_SSL_CIPHER_push(sk, c)) { |
| 1465 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, | 1462 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, |
| 1466 | ERR_R_MALLOC_FAILURE); | 1463 | ERR_R_MALLOC_FAILURE); |