diff options
| author |   doug <doug@openbsd.org> | 2015-06-28 00:08:27 +0000 |
|---|---|---|
| committer | doug <doug@openbsd.org> | 2015-06-28 00:08:27 +0000 |
| commit | db0cb3299f056794dc1cde0fbb67f366a34b9b65 (patch) | |
| tree | 0117cbc694f5985532ac0e0329de72b747f63917 /lib/libssl/ssl_lib.c | |
| parent | Add unit tests for LibreSSL. (diff) | |
| download | wireguard-openbsd-db0cb3299f056794dc1cde0fbb67f366a34b9b65.tar.xz wireguard-openbsd-db0cb3299f056794dc1cde0fbb67f366a34b9b65.zip | |
Convert ssl_bytes_to_cipher_list to CBS.
Link in the new 'unit' regress and expand the invalid tests to include
some that would fail before the CBS conversion.
input + ok miod@ jsing@
Diffstat (limited to 'lib/libssl/ssl_lib.c')
| -rw-r--r-- | lib/libssl/ssl_lib.c | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index b5ce2ea5ace..1dd518d0b83 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.103 2015/04/15 16:25:43 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.104 2015/06/28 00:08:27 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -155,6 +155,8 @@ #include <openssl/engine.h> #endif +#include "bytestring.h" + const char *SSL_version_str = OPENSSL_VERSION_TEXT; SSL3_ENC_METHOD ssl3_undef_enc_method = { @@ -1410,19 +1412,21 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p) } STACK_OF(SSL_CIPHER) * -ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num) +ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num) { + CBS cbs; const SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk = NULL; - int i; unsigned long cipher_id; - uint16_t cipher_value; - uint16_t max_version; + uint16_t cipher_value, max_version; if (s->s3) s->s3->send_connection_binding = 0; - if ((num % SSL3_CIPHER_VALUE_SIZE) != 0) { + /* + * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2]. + */ + if (num < 2 || num > 0x10000 - 2) { SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); return (NULL); @@ -1433,8 +1437,14 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num) goto err; } - for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) { - n2s(p, cipher_value); + CBS_init(&cbs, p, num); + while (CBS_len(&cbs) > 0) { + if (!CBS_get_u16(&cbs, &cipher_value)) { + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, + SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); + goto err; + } + cipher_id = SSL3_CK_ID | cipher_value; if (s->s3 != NULL && cipher_id == SSL3_CK_SCSV) { |