4 files changed, 53 insertions, 32 deletions
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index c6920e2b34..8674cdf627 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_clnt.c,v 1.46 2015/09/11 18:08:21 jsing Exp $ */
+/* $OpenBSD: s23_clnt.c,v 1.47 2016/12/04 14:32:30 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -230,11 +230,11 @@ ssl23_client_hello(SSL *s)
 {
        unsigned char *buf;
        unsigned char *p, *d;
-        int i;
        unsigned long l;
        int version = 0, version_major, version_minor;
        int ret;
        unsigned long mask, options = s->options;
+        size_t outlen;
        /*
         * SSL_OP_NO_X disables all protocols above X *if* there are
@@ -294,14 +294,16 @@ ssl23_client_hello(SSL *s)
                *(p++) = 0;
                /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
-                i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]);
+                if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2],
-                if (i == 0) {
+                    buf - &p[2] + SSL3_RT_MAX_PLAIN_LENGTH, &outlen))
-                        SSLerr(SSL_F_SSL23_CLIENT_HELLO,
+                        return -1;
+                if (outlen == 0) {
+                        SSLerr(SSL_F_SSL3_CLIENT_HELLO,
                            SSL_R_NO_CIPHERS_AVAILABLE);
                        return -1;
                }
-                s2n(i, p);
+                s2n(outlen, p);
-                p += i;
+                p += outlen;
                /* add in (no) COMPRESSION */
                *(p++) = 1;
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 7a327a76a3..f39ae7fab3 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.148 2016/12/04 14:25:44 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.149 2016/12/04 14:32:30 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -588,8 +588,11 @@ int
 ssl3_client_hello(SSL *s)
 {
        unsigned char   *bufend, *p, *d;
+        size_t           outlen;
        int              i;
+        bufend = (unsigned char *)s->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;
        if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
                SSL_SESSION *sess = s->session;
@@ -678,22 +681,22 @@ ssl3_client_hello(SSL *s)
                }
                /* Ciphers supported */
-                i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]);
+                if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2],
-                if (i == 0) {
+                    bufend - &p[2], &outlen))
+                        goto err;
+                if (outlen == 0) {
                        SSLerr(SSL_F_SSL3_CLIENT_HELLO,
                            SSL_R_NO_CIPHERS_AVAILABLE);
                        goto err;
                }
-                s2n(i, p);
+                s2n(outlen, p);
-                p += i;
+                p += outlen;
                /* add in (no) COMPRESSION */
                *(p++) = 1;
                *(p++) = 0; /* Add the NULL method */
                /* TLS extensions*/
-                bufend = (unsigned char *)s->init_buf->data +
-                    SSL3_RT_MAX_PLAIN_LENGTH;
                if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) {
                        SSLerr(SSL_F_SSL3_CLIENT_HELLO,
                            ERR_R_INTERNAL_ERROR);
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index ebe78808c5..5d93a3bc13 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.121 2016/11/02 11:21:05 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.122 2016/12/04 14:32:30 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1363,35 +1363,51 @@ SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
 }
 int
-ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p)
+ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p,
+    size_t maxlen, size_t *outlen)
 {
-        int              i;
+        SSL_CIPHER *cipher;
-        SSL_CIPHER      *c;
+        int ciphers = 0;
-        unsigned char   *q;
+        CBB cbb;
+        int i;
+        *outlen = 0;
        if (sk == NULL)
                return (0);
-        q = p;
+        if (!CBB_init_fixed(&cbb, p, maxlen))
+                goto err;
        for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
-                c = sk_SSL_CIPHER_value(sk, i);
+                cipher = sk_SSL_CIPHER_value(sk, i);
                /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
-                if ((c->algorithm_ssl & SSL_TLSV1_2) &&
+                if ((cipher->algorithm_ssl & SSL_TLSV1_2) &&
                    (TLS1_get_client_version(s) < TLS1_2_VERSION))
                        continue;
-                s2n(ssl3_cipher_get_value(c), p);
+                if (!CBB_add_u16(&cbb, ssl3_cipher_get_value(cipher)))
+                        goto err;
+                ciphers++;
        }
-        /*
+        /* Add SCSV if there are other ciphers and we're not renegotiating. */
-         * If p == q, no ciphers and caller indicates an error. Otherwise
+        if (ciphers > 0 && !s->renegotiate) {
-         * add SCSV if not renegotiating.
+                if (!CBB_add_u16(&cbb, SSL3_CK_SCSV & SSL3_CK_VALUE_MASK))
-         */
+                        goto err;
-        if (p != q && !s->renegotiate)
+        }
-                s2n(SSL3_CK_SCSV & SSL3_CK_VALUE_MASK, p);
+        if (!CBB_finish(&cbb, NULL, outlen))
+                goto err;
+        return 1;
+ err:
+        CBB_cleanup(&cbb);
-        return (p - q);
+        return 0;
 }
 STACK_OF(SSL_CIPHER) *
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 6c36795b1d..c7ae289a3a 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.136 2016/11/06 17:21:04 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.137 2016/12/04 14:32:30 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -569,7 +569,7 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p,
    int num);
 int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
-    unsigned char *p);
+    unsigned char *p, size_t maxlen, size_t *outlen);
 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
    STACK_OF(SSL_CIPHER) **pref, STACK_OF(SSL_CIPHER) **sorted,
    const char *rule_str);

diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c index c6920e2b34..8674cdf627 100644 --- a/src/lib/libssl/s23_clnt.c +++ b/src/lib/libssl/s23_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s23_clnt.c,v 1.46 2015/09/11 18:08:21 jsing Exp $ */	1	/* $OpenBSD: s23_clnt.c,v 1.47 2016/12/04 14:32:30 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -230,11 +230,11 @@ ssl23_client_hello(SSL *s)
230	{	230	{
231	unsigned char *buf;	231	unsigned char *buf;
232	unsigned char p, d;	232	unsigned char p, d;
233	int i;
234	unsigned long l;	233	unsigned long l;
235	int version = 0, version_major, version_minor;	234	int version = 0, version_major, version_minor;
236	int ret;	235	int ret;
237	unsigned long mask, options = s->options;	236	unsigned long mask, options = s->options;
		237	size_t outlen;
238		238
239	/*	239	/*
240	* SSL_OP_NO_X disables all protocols above X if there are	240	* SSL_OP_NO_X disables all protocols above X if there are
@@ -294,14 +294,16 @@ ssl23_client_hello(SSL *s)
294	*(p++) = 0;	294	*(p++) = 0;
295		295
296	/* Ciphers supported (using SSL 3.0/TLS 1.0 format) */	296	/* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
297	i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]);	297	if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2],
298	if (i == 0) {	298	buf - &p[2] + SSL3_RT_MAX_PLAIN_LENGTH, &outlen))
299	SSLerr(SSL_F_SSL23_CLIENT_HELLO,	299	return -1;
		300	if (outlen == 0) {
		301	SSLerr(SSL_F_SSL3_CLIENT_HELLO,
300	SSL_R_NO_CIPHERS_AVAILABLE);	302	SSL_R_NO_CIPHERS_AVAILABLE);
301	return -1;	303	return -1;
302	}	304	}
303	s2n(i, p);	305	s2n(outlen, p);
304	p += i;	306	p += outlen;
305		307
306	/* add in (no) COMPRESSION */	308	/* add in (no) COMPRESSION */
307	*(p++) = 1;	309	*(p++) = 1;


diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 7a327a76a3..f39ae7fab3 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_clnt.c,v 1.148 2016/12/04 14:25:44 jsing Exp $ */	1	/* $OpenBSD: s3_clnt.c,v 1.149 2016/12/04 14:32:30 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -588,8 +588,11 @@ int
588	ssl3_client_hello(SSL *s)	588	ssl3_client_hello(SSL *s)
589	{	589	{
590	unsigned char bufend, p, *d;	590	unsigned char bufend, p, *d;
		591	size_t outlen;
591	int i;	592	int i;
592		593
		594	bufend = (unsigned char *)s->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;
		595
593	if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {	596	if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
594	SSL_SESSION *sess = s->session;	597	SSL_SESSION *sess = s->session;
595		598
@@ -678,22 +681,22 @@ ssl3_client_hello(SSL *s)
678	}	681	}
679		682
680	/* Ciphers supported */	683	/* Ciphers supported */
681	i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]);	684	if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2],
682	if (i == 0) {	685	bufend - &p[2], &outlen))
		686	goto err;
		687	if (outlen == 0) {
683	SSLerr(SSL_F_SSL3_CLIENT_HELLO,	688	SSLerr(SSL_F_SSL3_CLIENT_HELLO,
684	SSL_R_NO_CIPHERS_AVAILABLE);	689	SSL_R_NO_CIPHERS_AVAILABLE);
685	goto err;	690	goto err;
686	}	691	}
687	s2n(i, p);	692	s2n(outlen, p);
688	p += i;	693	p += outlen;
689		694
690	/* add in (no) COMPRESSION */	695	/* add in (no) COMPRESSION */
691	*(p++) = 1;	696	*(p++) = 1;
692	(p++) = 0; / Add the NULL method */	697	(p++) = 0; / Add the NULL method */
693		698
694	/* TLS extensions*/	699	/* TLS extensions*/
695	bufend = (unsigned char *)s->init_buf->data +
696	SSL3_RT_MAX_PLAIN_LENGTH;
697	if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) {	700	if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) {
698	SSLerr(SSL_F_SSL3_CLIENT_HELLO,	701	SSLerr(SSL_F_SSL3_CLIENT_HELLO,
699	ERR_R_INTERNAL_ERROR);	702	ERR_R_INTERNAL_ERROR);


diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index ebe78808c5..5d93a3bc13 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_lib.c,v 1.121 2016/11/02 11:21:05 jsing Exp $ */	1	/* $OpenBSD: ssl_lib.c,v 1.122 2016/12/04 14:32:30 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1363,35 +1363,51 @@ SSL_get_shared_ciphers(const SSL s, char buf, int len)
1363	}	1363	}
1364		1364
1365	int	1365	int
1366	ssl_cipher_list_to_bytes(SSL s, STACK_OF(SSL_CIPHER) sk, unsigned char *p)	1366	ssl_cipher_list_to_bytes(SSL s, STACK_OF(SSL_CIPHER) sk, unsigned char *p,
		1367	size_t maxlen, size_t *outlen)
1367	{	1368	{
1368	int i;	1369	SSL_CIPHER *cipher;
1369	SSL_CIPHER *c;	1370	int ciphers = 0;
1370	unsigned char *q;	1371	CBB cbb;
		1372	int i;
		1373
		1374	*outlen = 0;
1371		1375
1372	if (sk == NULL)	1376	if (sk == NULL)
1373	return (0);	1377	return (0);
1374	q = p;	1378
		1379	if (!CBB_init_fixed(&cbb, p, maxlen))
		1380	goto err;
1375		1381
1376	for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {	1382	for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
1377	c = sk_SSL_CIPHER_value(sk, i);	1383	cipher = sk_SSL_CIPHER_value(sk, i);
1378		1384
1379	/* Skip TLS v1.2 only ciphersuites if lower than v1.2 */	1385	/* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
1380	if ((c->algorithm_ssl & SSL_TLSV1_2) &&	1386	if ((cipher->algorithm_ssl & SSL_TLSV1_2) &&
1381	(TLS1_get_client_version(s) < TLS1_2_VERSION))	1387	(TLS1_get_client_version(s) < TLS1_2_VERSION))
1382	continue;	1388	continue;
1383		1389
1384	s2n(ssl3_cipher_get_value(c), p);	1390	if (!CBB_add_u16(&cbb, ssl3_cipher_get_value(cipher)))
		1391	goto err;
		1392
		1393	ciphers++;
1385	}	1394	}
1386		1395
1387	/*	1396	/* Add SCSV if there are other ciphers and we're not renegotiating. */
1388	* If p == q, no ciphers and caller indicates an error. Otherwise	1397	if (ciphers > 0 && !s->renegotiate) {
1389	* add SCSV if not renegotiating.	1398	if (!CBB_add_u16(&cbb, SSL3_CK_SCSV & SSL3_CK_VALUE_MASK))
1390	*/	1399	goto err;
1391	if (p != q && !s->renegotiate)	1400	}
1392	s2n(SSL3_CK_SCSV & SSL3_CK_VALUE_MASK, p);	1401
		1402	if (!CBB_finish(&cbb, NULL, outlen))
		1403	goto err;
		1404
		1405	return 1;
		1406
		1407	err:
		1408	CBB_cleanup(&cbb);
1393		1409
1394	return (p - q);	1410	return 0;
1395	}	1411	}
1396		1412
1397	STACK_OF(SSL_CIPHER) *	1413	STACK_OF(SSL_CIPHER) *


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 6c36795b1d..c7ae289a3a 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.136 2016/11/06 17:21:04 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.137 2016/12/04 14:32:30 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -569,7 +569,7 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
569	STACK_OF(SSL_CIPHER) ssl_bytes_to_cipher_list(SSL s, const unsigned char *p,	569	STACK_OF(SSL_CIPHER) ssl_bytes_to_cipher_list(SSL s, const unsigned char *p,
570	int num);	570	int num);
571	int ssl_cipher_list_to_bytes(SSL s, STACK_OF(SSL_CIPHER) sk,	571	int ssl_cipher_list_to_bytes(SSL s, STACK_OF(SSL_CIPHER) sk,
572	unsigned char *p);	572	unsigned char p, size_t maxlen, size_t outlen);
573	STACK_OF(SSL_CIPHER) ssl_create_cipher_list(const SSL_METHOD meth,	573	STACK_OF(SSL_CIPHER) ssl_create_cipher_list(const SSL_METHOD meth,
574	STACK_OF(SSL_CIPHER) pref, STACK_OF(SSL_CIPHER) sorted,	574	STACK_OF(SSL_CIPHER) pref, STACK_OF(SSL_CIPHER) sorted,
575	const char *rule_str);	575	const char *rule_str);