Fix cipher_compare

Unsigned overflow.  Found by Brian Carpenter

Fixes #3889

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3890)

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index d7b8fb03bc660234a8ac21825cefc86cefa10739..c3adc87268bb1e37402800cf7d7613614426915b 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2793,7 +2793,9 @@ static int cipher_compare(const void *a, const void *b)
     const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
     const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
 
     const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
     const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
 

-    return ap->id - bp->id;
+    if (ap->id == bp->id)
+        return 0;
+    return ap->id < bp->id ? -1 : 1;

 }
 
 void ssl_sort_cipher_list(void)
 }
 
 void ssl_sort_cipher_list(void)