ssl3_get_cipher_by_id().
ok bcook@
-/* $OpenBSD: s3_clnt.c,v 1.87 2014/08/11 01:10:42 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.88 2014/08/23 14:52:41 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
{
STACK_OF(SSL_CIPHER) *sk;
const SSL_CIPHER *c;
- unsigned char *p, *d;
+ unsigned char *p, *q, *d;
int i, al, ok;
- unsigned int j;
+ unsigned int j, cipher_id;
+ uint16_t cipher_value;
long n;
n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
p += SSL3_RANDOM_SIZE;
/* get the session-id */
- j= *(p++);
+ j = *(p++);
if ((j > sizeof s->session->session_id) ||
(j > SSL3_SESSION_ID_SIZE)) {
if (p + j + 2 - d > n)
goto truncated;
+ /* Get the cipher value. */
+ q = p + j;
+ n2s(q, cipher_value);
+ cipher_id = SSL3_CK_ID | cipher_value;
+
/*
* Check if we want to resume the session based on external
* pre-shared secret
&s->session->master_key_length, NULL, &pref_cipher,
s->tls_session_secret_cb_arg)) {
s->session->cipher = pref_cipher ?
- pref_cipher : ssl3_get_cipher_by_char(p + j);
+ pref_cipher : ssl3_get_cipher_by_id(cipher_id);
s->s3->flags |= SSL3_FLAGS_CCS_OK;
}
}
}
}
s->session->session_id_length = j;
- memcpy(s->session->session_id,p,j); /* j could be 0 */
+ memcpy(s->session->session_id, p, j); /* j could be 0 */
}
p += j;
- c = ssl3_get_cipher_by_char(p);
+
+ c = ssl3_get_cipher_by_id(cipher_id);
if (c == NULL) {
/* unknown cipher */
al = SSL_AD_ILLEGAL_PARAMETER;
SSL_R_UNKNOWN_CIPHER_RETURNED);
goto f_err;
}
+
/* TLS v1.2 only ciphersuites require v1.2 or later */
if ((c->algorithm_ssl & SSL_TLSV1_2) &&
(TLS1_get_version(s) < TLS1_2_VERSION)) {
-/* $OpenBSD: s3_lib.c,v 1.76 2014/08/11 01:06:22 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.77 2014/08/23 14:52:41 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
return (1);
}
-/* This function needs to check if the ciphers required are actually
- * available */
-const SSL_CIPHER *
-ssl3_get_cipher_by_char(const unsigned char *p)
-{
- SSL_CIPHER c;
- const SSL_CIPHER *cp;
- unsigned long id;
-
- id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
- c.id = id;
- cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
-#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
- if (cp == NULL)
- fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
-#endif
- if (cp == NULL || cp->valid == 0)
- return NULL;
- else
- return cp;
-}
-
int
ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
{
-/* $OpenBSD: s3_clnt.c,v 1.87 2014/08/11 01:10:42 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.88 2014/08/23 14:52:41 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
{
STACK_OF(SSL_CIPHER) *sk;
const SSL_CIPHER *c;
- unsigned char *p, *d;
+ unsigned char *p, *q, *d;
int i, al, ok;
- unsigned int j;
+ unsigned int j, cipher_id;
+ uint16_t cipher_value;
long n;
n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
p += SSL3_RANDOM_SIZE;
/* get the session-id */
- j= *(p++);
+ j = *(p++);
if ((j > sizeof s->session->session_id) ||
(j > SSL3_SESSION_ID_SIZE)) {
if (p + j + 2 - d > n)
goto truncated;
+ /* Get the cipher value. */
+ q = p + j;
+ n2s(q, cipher_value);
+ cipher_id = SSL3_CK_ID | cipher_value;
+
/*
* Check if we want to resume the session based on external
* pre-shared secret
&s->session->master_key_length, NULL, &pref_cipher,
s->tls_session_secret_cb_arg)) {
s->session->cipher = pref_cipher ?
- pref_cipher : ssl3_get_cipher_by_char(p + j);
+ pref_cipher : ssl3_get_cipher_by_id(cipher_id);
s->s3->flags |= SSL3_FLAGS_CCS_OK;
}
}
}
}
s->session->session_id_length = j;
- memcpy(s->session->session_id,p,j); /* j could be 0 */
+ memcpy(s->session->session_id, p, j); /* j could be 0 */
}
p += j;
- c = ssl3_get_cipher_by_char(p);
+
+ c = ssl3_get_cipher_by_id(cipher_id);
if (c == NULL) {
/* unknown cipher */
al = SSL_AD_ILLEGAL_PARAMETER;
SSL_R_UNKNOWN_CIPHER_RETURNED);
goto f_err;
}
+
/* TLS v1.2 only ciphersuites require v1.2 or later */
if ((c->algorithm_ssl & SSL_TLSV1_2) &&
(TLS1_get_version(s) < TLS1_2_VERSION)) {
-/* $OpenBSD: s3_lib.c,v 1.76 2014/08/11 01:06:22 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.77 2014/08/23 14:52:41 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
return (1);
}
-/* This function needs to check if the ciphers required are actually
- * available */
-const SSL_CIPHER *
-ssl3_get_cipher_by_char(const unsigned char *p)
-{
- SSL_CIPHER c;
- const SSL_CIPHER *cp;
- unsigned long id;
-
- id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
- c.id = id;
- cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
-#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
- if (cp == NULL)
- fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
-#endif
- if (cp == NULL || cp->valid == 0)
- return NULL;
- else
- return cp;
-}
-
int
ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
{
-/* $OpenBSD: ssl_lib.c,v 1.81 2014/08/11 10:46:19 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.82 2014/08/23 14:52:41 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
const SSL_CIPHER *c;
STACK_OF(SSL_CIPHER) *sk;
int i;
+ unsigned int cipher_id;
+ uint16_t cipher_value;
if (s->s3)
s->s3->send_connection_binding = 0;
}
for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) {
+ n2s(p, cipher_value);
+ cipher_id = SSL3_CK_ID | cipher_value;
+
/* Check for SCSV */
- if (s->s3 && (p[0] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
- (p[1] == (SSL3_CK_SCSV & 0xff))) {
- /* SCSV fatal if renegotiating */
+ if (s->s3 && cipher_id == SSL3_CK_SCSV) {
+ /* SCSV is fatal if renegotiating. */
if (s->renegotiate) {
SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
goto err;
}
s->s3->send_connection_binding = 1;
- p += SSL3_CIPHER_VALUE_SIZE;
continue;
}
- c = ssl3_get_cipher_by_char(p);
- p += SSL3_CIPHER_VALUE_SIZE;
+ c = ssl3_get_cipher_by_id(cipher_id);
if (c != NULL) {
if (!sk_SSL_CIPHER_push(sk, c)) {
SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
if (skp != NULL)
*skp = sk;
return (sk);
+
err:
- if ((skp == NULL) || (*skp == NULL))
+ if (skp == NULL || *skp == NULL)
sk_SSL_CIPHER_free(sk);
return (NULL);
}
-/* $OpenBSD: ssl_locl.h,v 1.65 2014/08/11 01:06:22 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.66 2014/08/23 14:52:41 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* make sure to update this constant too */
#define SSL_MAX_DIGEST 6
+#define SSL3_CK_ID 0x03000000
+
#define TLS1_PRF_DGST_MASK (0xff << TLS1_PRF_DGST_SHIFT)
#define TLS1_PRF_DGST_SHIFT 10
int ssl_verify_alarm_type(long type);
void ssl_load_ciphers(void);
-const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
void ssl3_init_finished_mac(SSL *s);
int ssl3_send_server_certificate(SSL *s);
-/* $OpenBSD: ssl_lib.c,v 1.81 2014/08/11 10:46:19 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.82 2014/08/23 14:52:41 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
const SSL_CIPHER *c;
STACK_OF(SSL_CIPHER) *sk;
int i;
+ unsigned int cipher_id;
+ uint16_t cipher_value;
if (s->s3)
s->s3->send_connection_binding = 0;
}
for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) {
+ n2s(p, cipher_value);
+ cipher_id = SSL3_CK_ID | cipher_value;
+
/* Check for SCSV */
- if (s->s3 && (p[0] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
- (p[1] == (SSL3_CK_SCSV & 0xff))) {
- /* SCSV fatal if renegotiating */
+ if (s->s3 && cipher_id == SSL3_CK_SCSV) {
+ /* SCSV is fatal if renegotiating. */
if (s->renegotiate) {
SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
goto err;
}
s->s3->send_connection_binding = 1;
- p += SSL3_CIPHER_VALUE_SIZE;
continue;
}
- c = ssl3_get_cipher_by_char(p);
- p += SSL3_CIPHER_VALUE_SIZE;
+ c = ssl3_get_cipher_by_id(cipher_id);
if (c != NULL) {
if (!sk_SSL_CIPHER_push(sk, c)) {
SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
if (skp != NULL)
*skp = sk;
return (sk);
+
err:
- if ((skp == NULL) || (*skp == NULL))
+ if (skp == NULL || *skp == NULL)
sk_SSL_CIPHER_free(sk);
return (NULL);
}
-/* $OpenBSD: ssl_locl.h,v 1.65 2014/08/11 01:06:22 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.66 2014/08/23 14:52:41 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* make sure to update this constant too */
#define SSL_MAX_DIGEST 6
+#define SSL3_CK_ID 0x03000000
+
#define TLS1_PRF_DGST_MASK (0xff << TLS1_PRF_DGST_SHIFT)
#define TLS1_PRF_DGST_SHIFT 10
int ssl_verify_alarm_type(long type);
void ssl_load_ciphers(void);
-const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
void ssl3_init_finished_mac(SSL *s);
int ssl3_send_server_certificate(SSL *s);
projects / openbsd / commitdiff