Bug 4330: Do not use SSL_METHOD::put_cipher_by_char to determine size of

cipher on hello messages

The use of these methods can cause many problems in squid:
- In earlier openSSL libraries the SSL_METHOD::put_cipher_by_char method with
  NULL arguments returned the size of cipher in the SSL hello message.
  In newer openSSL releases, calling this method with NULL arguments is not
  valid any more, and can result to segfaults.
- In newer libreSSL library releases, the SSLv23_method it is used to produce
  TLS messages and does not return the size of a cipher in an v2 HELLO
  message.

This is a Measurement Factory project

diff --git a/src/ssl/bio.cc b/src/ssl/bio.cc
index da2b1c73211d234e0223a8c36173b57758229f68..f3f2a4059c9705f9b54aadf0d70a825093c1f27e 100644 (file)
--- a/src/ssl/bio.cc
+++ b/src/ssl/bio.cc
@@ -1007,9 +1007,8 @@ Ssl::Bio::sslFeatures::parseV3Hello(const unsigned char *messageContainer, size_
     ciphers += 2;
     if (ciphersLen) {
         const SSL_METHOD *method = SSLv3_method();
-        const int cs = method->put_cipher_by_char(NULL, NULL);
-        assert(cs > 0);
-        for (size_t i = 0; i < ciphersLen; i += cs) {
+        for (size_t i = 0; i < ciphersLen; i += 2) {
+            // each cipher in v3/tls  HELLO message is of size 2
             const SSL_CIPHER *c = method->get_cipher_by_char((ciphers + i));
             if (c != NULL) {
                 if (!clientRequestedCiphers.empty())
@@ -1105,9 +1104,7 @@ Ssl::Bio::sslFeatures::parseV23Hello(const unsigned char *hello, size_t size)
 
     if (ciphersLen) {
         const SSL_METHOD *method = SSLv23_method();
-        int cs = method->put_cipher_by_char(NULL, NULL);
-        assert(cs > 0);
-        for (unsigned int i = 0; i < ciphersLen; i += cs) {
+        for (unsigned int i = 0; i < ciphersLen; i += 3) {
             // The v2 hello messages cipher has 3 bytes.
             // The v2 cipher has the first byte not null
             // Because we are going to sent only v3 message we