summaryrefslogtreecommitdiff
path: root/lib/libssl/ssl_ciphers.c
diff options
context:
space:
mode:
authorBrent Cook <bcook@cvs.openbsd.org>2019-05-15 09:13:17 +0000
committerBrent Cook <bcook@cvs.openbsd.org>2019-05-15 09:13:17 +0000
commit1f910bdbc1d8568df20e76df8459b3b0ce759d39 (patch)
treecadd2b58a56fd02794c02a5896cf9c0a90934747 /lib/libssl/ssl_ciphers.c
parentd2b40b486077e663dcdf4f197ef35a6d08283fb1 (diff)
s3 is never NULL since s2 (formerly used for SSLv2) does not exist, so there is
no need to check for it. Fixes COV-165788, identified with help from Alex Bumstead. ok jsing@
Diffstat (limited to 'lib/libssl/ssl_ciphers.c')
-rw-r--r--lib/libssl/ssl_ciphers.c12
1 files changed, 5 insertions, 7 deletions
diff --git a/lib/libssl/ssl_ciphers.c b/lib/libssl/ssl_ciphers.c
index 374cb6684ed..3abed60b5b7 100644
--- a/lib/libssl/ssl_ciphers.c
+++ b/lib/libssl/ssl_ciphers.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciphers.c,v 1.2 2019/01/21 14:12:13 tb Exp $ */
+/* $OpenBSD: ssl_ciphers.c,v 1.3 2019/05/15 09:13:16 bcook Exp $ */
/*
* Copyright (c) 2015-2017 Doug Hogan <doug@openbsd.org>
* Copyright (c) 2015-2018 Joel Sing <jsing@openbsd.org>
@@ -95,8 +95,7 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs)
uint16_t cipher_value, max_version;
unsigned long cipher_id;
- if (s->s3 != NULL)
- S3I(s)->send_connection_binding = 0;
+ S3I(s)->send_connection_binding = 0;
if ((ciphers = sk_SSL_CIPHER_new_null()) == NULL) {
SSLerror(s, ERR_R_MALLOC_FAILURE);
@@ -111,7 +110,7 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs)
cipher_id = SSL3_CK_ID | cipher_value;
- if (s->s3 != NULL && cipher_id == SSL3_CK_SCSV) {
+ if (cipher_id == SSL3_CK_SCSV) {
/*
* TLS_EMPTY_RENEGOTIATION_INFO_SCSV is fatal if
* renegotiating.
@@ -137,9 +136,8 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs)
max_version = ssl_max_server_version(s);
if (max_version == 0 || s->version < max_version) {
SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK);
- if (s->s3 != NULL)
- ssl3_send_alert(s, SSL3_AL_FATAL,
- SSL_AD_INAPPROPRIATE_FALLBACK);
+ ssl3_send_alert(s, SSL3_AL_FATAL,
+ SSL_AD_INAPPROPRIATE_FALLBACK);
goto err;
}
continue;