------------------------------------------------------------
revno: 13931
revision-id: squid3@treenet.co.nz-20151001104613-0evw0t1ex6f09pi9
parent: squid3@treenet.co.nz-20150927082859-7za4czz7cpqry16n
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4330
author: Christos Tsantilas <chtsanti@users.sourceforge.net>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Thu 2015-10-01 03:46:13 -0700
message:
  Bug 4330: Do not use SSL_METHOD::put_cipher_by_char to determine size
  
   ... of cipher on hello messages
  
  The use of these methods can cause many problems in squid:
  - In earlier openSSL libraries the SSL_METHOD::put_cipher_by_char method with
    NULL arguments returned the size of cipher in the SSL hello message.
    In newer openSSL releases, calling this method with NULL arguments is not
    valid any more, and can result to segfaults.
  - In newer libreSSL library releases, the SSLv23_method it is used to produce
    TLS messages and does not return the size of a cipher in an v2 HELLO 
    message.
  
  This is a Measurement Factory project
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20151001104613-0evw0t1ex6f09pi9
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 609ee49d20e209fbe6f16a5325e439325c200146
# timestamp: 2015-10-01 10:50:30 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20150927082859-\
#   7za4czz7cpqry16n
# 
# Begin patch
=== modified file 'src/ssl/bio.cc'
--- src/ssl/bio.cc	2015-09-17 05:58:53 +0000
+++ src/ssl/bio.cc	2015-10-01 10:46:13 +0000
@@ -1010,9 +1010,8 @@
     ciphers += 2;
     if (ciphersLen) {
         const SSL_METHOD *method = SSLv3_method();
-        const int cs = method->put_cipher_by_char(NULL, NULL);
-        assert(cs > 0);
-        for (size_t i = 0; i < ciphersLen; i += cs) {
+        for (size_t i = 0; i < ciphersLen; i += 2) {
+            // each cipher in v3/tls  HELLO message is of size 2
             const SSL_CIPHER *c = method->get_cipher_by_char((ciphers + i));
             if (c != NULL) {
                 if (!clientRequestedCiphers.empty())
@@ -1108,9 +1107,7 @@
 
     if (ciphersLen) {
         const SSL_METHOD *method = SSLv23_method();
-        int cs = method->put_cipher_by_char(NULL, NULL);
-        assert(cs > 0);
-        for (unsigned int i = 0; i < ciphersLen; i += cs) {
+        for (unsigned int i = 0; i < ciphersLen; i += 3) {
             // The v2 hello messages cipher has 3 bytes.
             // The v2 cipher has the first byte not null
             // Because we are going to sent only v3 message we