wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix SSL_get_shared_ciphers()

Browse source 
The function SSL_get_shared_ciphers() is supposed to return ciphers shared
by the client and the server. However it only ever returned the client
ciphers.

Fixes #5317

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6113)
This commit is contained in:
Matt Caswell 2018-04-27 11:20:52 +01:00
parent c7e10755fa
commit a216df599a
2 changed files with 20 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
include/openssl/ssl.h
View file

@ -1497,7 +1497,7 @@ __owur int SSL_get_fd(const SSL *s);
__owur int SSL_get_rfd(const SSL *s);
__owur int SSL_get_wfd(const SSL *s);
__owur const char *SSL_get_cipher_list(const SSL *s, int n);
__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size);
__owur int SSL_get_read_ahead(const SSL *s);
__owur int SSL_pending(const SSL *s);
__owur int SSL_has_pending(const SSL *s);

29
ssl/ssl_lib.c
View file

@ -2549,28 +2549,37 @@ int SSL_set_cipher_list(SSL *s, const char *str)
return 1;
}
char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
{
char *p;
STACK_OF(SSL_CIPHER) *sk;
STACK_OF(SSL_CIPHER) *clntsk, *srvrsk;
const SSL_CIPHER *c;
int i;
if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2))
if (!s->server
|| s->session == NULL
|| s->session->ciphers == NULL
|| size < 2)
return NULL;
p = buf;
sk = s->session->ciphers;
if (sk_SSL_CIPHER_num(sk) == 0)
clntsk = s->session->ciphers;
srvrsk = SSL_get_ciphers(s);
if (clntsk == NULL || srvrsk == NULL)
return NULL;
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0)
return NULL;
for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) {
int n;
c = sk_SSL_CIPHER_value(sk, i);
c = sk_SSL_CIPHER_value(clntsk, i);
if (sk_SSL_CIPHER_find(srvrsk, c) < 0)
continue;
n = strlen(c->name);
if (n + 1 > len) {
if (n + 1 > size) {
if (p != buf)
--p;
*p = '\0';
@ -2579,7 +2588,7 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
strcpy(p, c->name);
p += n;
*(p++) = ':';
len -= n + 1;
size -= n + 1;
}
p[-1] = '\0';
return buf;