diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2017-10-10 16:51:39 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2017-10-10 16:51:39 +0000 |
| commit | 8307449bc68b434dff2fd4fe606fff6b4e3ab923 (patch) | |
| tree | a60c5d787641b6fe5c440adca032bb8f08859ca2 | |
| parent | 79350850f694e1801afae0321709da112c7b94a6 (diff) | |
Make ssl_bytes_to_cipher_list() take a CBS, rather than a pointer and
length, since the caller has already been converted to CBS. A small amount
of additional clean up whilst here.
| -rw-r--r-- | lib/libssl/ssl_lib.c | 38 | ||||
| -rw-r--r-- | lib/libssl/ssl_locl.h | 5 | ||||
| -rw-r--r-- | lib/libssl/ssl_srvr.c | 5 |
3 files changed, 19 insertions, 29 deletions
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 471fd7009e2..b91ba7f0f39 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.170 2017/08/30 16:24:21 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.171 2017/10/10 16:51:38 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1428,33 +1428,23 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p, } STACK_OF(SSL_CIPHER) * -ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num) +ssl_bytes_to_cipher_list(SSL *s, CBS *cbs) { - CBS cbs; - const SSL_CIPHER *c; - STACK_OF(SSL_CIPHER) *sk = NULL; - unsigned long cipher_id; - uint16_t cipher_value, max_version; + STACK_OF(SSL_CIPHER) *ciphers = NULL; + const SSL_CIPHER *cipher; + uint16_t cipher_value, max_version; + unsigned long cipher_id; - if (s->s3) + if (s->s3 != NULL) S3I(s)->send_connection_binding = 0; - /* - * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2]. - */ - if (num < 2 || num > 0x10000 - 2) { - SSLerror(s, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); - return (NULL); - } - - if ((sk = sk_SSL_CIPHER_new_null()) == NULL) { + if ((ciphers = sk_SSL_CIPHER_new_null()) == NULL) { SSLerror(s, ERR_R_MALLOC_FAILURE); goto err; } - CBS_init(&cbs, p, num); - while (CBS_len(&cbs) > 0) { - if (!CBS_get_u16(&cbs, &cipher_value)) { + while (CBS_len(cbs) > 0) { + if (!CBS_get_u16(cbs, &cipher_value)) { SSLerror(s, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); goto err; } @@ -1495,18 +1485,18 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num) continue; } - if ((c = ssl3_get_cipher_by_value(cipher_value)) != NULL) { - if (!sk_SSL_CIPHER_push(sk, c)) { + if ((cipher = ssl3_get_cipher_by_value(cipher_value)) != NULL) { + if (!sk_SSL_CIPHER_push(ciphers, cipher)) { SSLerror(s, ERR_R_MALLOC_FAILURE); goto err; } } } - return (sk); + return (ciphers); err: - sk_SSL_CIPHER_free(sk); + sk_SSL_CIPHER_free(ciphers); return (NULL); } diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index eed0803a852..9d9f9c3e41b 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.195 2017/10/10 15:13:26 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.196 2017/10/10 16:51:38 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1064,8 +1064,7 @@ int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); SSL_CIPHER *OBJ_bsearch_ssl_cipher_id(SSL_CIPHER *key, SSL_CIPHER const *base, int num); int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, const SSL_CIPHER * const *bp); -STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, - int num); +STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, CBS *cbs); int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p, size_t maxlen, size_t *outlen); STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index 686d8c8db6b..723d82fc821 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.23 2017/10/08 16:46:31 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.24 2017/10/10 16:51:38 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -872,11 +872,12 @@ ssl3_get_client_hello(SSL *s) if (CBS_len(&cipher_suites) > 0) { if ((ciphers = ssl_bytes_to_cipher_list(s, - CBS_data(&cipher_suites), CBS_len(&cipher_suites))) == NULL) + &cipher_suites)) == NULL) goto err; } /* If it is a hit, check that the cipher is in the list */ + /* XXX - CBS_len(&cipher_suites) will always be zero here... */ if (s->internal->hit && CBS_len(&cipher_suites) > 0) { j = 0; id = s->session->cipher->id; |