Bug 4330: Do not use SSL_METHOD::put_cipher_by_char to determine size

 ... of cipher on hello messages

The use of these methods can cause many problems in squid:
- In earlier openSSL libraries the SSL_METHOD::put_cipher_by_char method with
  NULL arguments returned the size of cipher in the SSL hello message.
  In newer openSSL releases, calling this method with NULL arguments is not
  valid any more, and can result to segfaults.
- In newer libreSSL library releases, the SSLv23_method it is used to produce
  TLS messages and does not return the size of a cipher in an v2 HELLO
  message.

This is a Measurement Factory project

diff --git a/src/ssl/bio.cc b/src/ssl/bio.cc
index 2c951773274c5d3581c787753aa87b19e0f770c9..ba3d680530a8bd17c8f2833c121fef5b975cb311 100644 (file)
--- a/src/ssl/bio.cc
+++ b/src/ssl/bio.cc
@@ -1010,9 +1010,8 @@ Ssl::Bio::sslFeatures::parseV3Hello(const unsigned char *messageContainer, size_
     ciphers += 2;
     if (ciphersLen) {
         const SSL_METHOD *method = SSLv3_method();
-        const int cs = method->put_cipher_by_char(NULL, NULL);
-        assert(cs > 0);
-        for (size_t i = 0; i < ciphersLen; i += cs) {
+        for (size_t i = 0; i < ciphersLen; i += 2) {
+            // each cipher in v3/tls  HELLO message is of size 2
             const SSL_CIPHER *c = method->get_cipher_by_char((ciphers + i));
             if (c != NULL) {
                 if (!clientRequestedCiphers.empty())
@@ -1108,9 +1107,7 @@ Ssl::Bio::sslFeatures::parseV23Hello(const unsigned char *hello, size_t size)
 
     if (ciphersLen) {
         const SSL_METHOD *method = SSLv23_method();
-        int cs = method->put_cipher_by_char(NULL, NULL);
-        assert(cs > 0);
-        for (unsigned int i = 0; i < ciphersLen; i += cs) {
+        for (unsigned int i = 0; i < ciphersLen; i += 3) {
             // The v2 hello messages cipher has 3 bytes.
             // The v2 cipher has the first byte not null
             // Because we are going to sent only v3 message we