From b36ffe2dedec4d6117f4718449035d1c5338df1c Mon Sep 17 00:00:00 2001
From: doug <>
Date: Sun, 28 Jun 2015 00:08:27 +0000
Subject: Convert ssl_bytes_to_cipher_list to CBS.

Link in the new 'unit' regress and expand the invalid tests to include
some that would fail before the CBS conversion.

input + ok miod@ jsing@
---
 src/lib/libssl/ssl_lib.c | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

(limited to 'src/lib/libssl/ssl_lib.c')

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index b5ce2ea5ac..1dd518d0b8 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.103 2015/04/15 16:25:43 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.104 2015/06/28 00:08:27 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -155,6 +155,8 @@
 #include <openssl/engine.h>
 #endif
 
+#include "bytestring.h"
+
 const char *SSL_version_str = OPENSSL_VERSION_TEXT;
 
 SSL3_ENC_METHOD ssl3_undef_enc_method = {
@@ -1410,19 +1412,21 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p)
 }
 
 STACK_OF(SSL_CIPHER) *
-ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num)
+ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
 {
+	CBS			 cbs;
 	const SSL_CIPHER	*c;
 	STACK_OF(SSL_CIPHER)	*sk = NULL;
-	int			 i;
 	unsigned long		 cipher_id;
-	uint16_t		 cipher_value;
-	uint16_t		 max_version;
+	uint16_t		 cipher_value, max_version;
 
 	if (s->s3)
 		s->s3->send_connection_binding = 0;
 
-	if ((num % SSL3_CIPHER_VALUE_SIZE) != 0) {
+	/*
+	 * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2].
+	 */
+	if (num < 2 || num > 0x10000 - 2) {
 		SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
 		    SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
 		return (NULL);
@@ -1433,8 +1437,14 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num)
 		goto err;
 	}
 
-	for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) {
-		n2s(p, cipher_value);
+	CBS_init(&cbs, p, num);
+	while (CBS_len(&cbs) > 0) {
+		if (!CBS_get_u16(&cbs, &cipher_value)) {
+			SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
+			    SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
+			goto err;
+		}
+
 		cipher_id = SSL3_CK_ID | cipher_value;
 
 		if (s->s3 != NULL && cipher_id == SSL3_CK_SCSV) {
-- 
cgit v1.2.3-55-g6feb