summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2017-10-10 16:51:39 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2017-10-10 16:51:39 +0000
commit8307449bc68b434dff2fd4fe606fff6b4e3ab923 (patch)
treea60c5d787641b6fe5c440adca032bb8f08859ca2 /lib
parent79350850f694e1801afae0321709da112c7b94a6 (diff)
Make ssl_bytes_to_cipher_list() take a CBS, rather than a pointer and
length, since the caller has already been converted to CBS. A small amount of additional clean up whilst here.
Diffstat (limited to 'lib')
-rw-r--r--lib/libssl/ssl_lib.c38
-rw-r--r--lib/libssl/ssl_locl.h5
-rw-r--r--lib/libssl/ssl_srvr.c5
3 files changed, 19 insertions, 29 deletions
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 471fd7009e2..b91ba7f0f39 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.170 2017/08/30 16:24:21 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.171 2017/10/10 16:51:38 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1428,33 +1428,23 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p,
}
STACK_OF(SSL_CIPHER) *
-ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
+ssl_bytes_to_cipher_list(SSL *s, CBS *cbs)
{
- CBS cbs;
- const SSL_CIPHER *c;
- STACK_OF(SSL_CIPHER) *sk = NULL;
- unsigned long cipher_id;
- uint16_t cipher_value, max_version;
+ STACK_OF(SSL_CIPHER) *ciphers = NULL;
+ const SSL_CIPHER *cipher;
+ uint16_t cipher_value, max_version;
+ unsigned long cipher_id;
- if (s->s3)
+ if (s->s3 != NULL)
S3I(s)->send_connection_binding = 0;
- /*
- * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2].
- */
- if (num < 2 || num > 0x10000 - 2) {
- SSLerror(s, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
- return (NULL);
- }
-
- if ((sk = sk_SSL_CIPHER_new_null()) == NULL) {
+ if ((ciphers = sk_SSL_CIPHER_new_null()) == NULL) {
SSLerror(s, ERR_R_MALLOC_FAILURE);
goto err;
}
- CBS_init(&cbs, p, num);
- while (CBS_len(&cbs) > 0) {
- if (!CBS_get_u16(&cbs, &cipher_value)) {
+ while (CBS_len(cbs) > 0) {
+ if (!CBS_get_u16(cbs, &cipher_value)) {
SSLerror(s, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
goto err;
}
@@ -1495,18 +1485,18 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
continue;
}
- if ((c = ssl3_get_cipher_by_value(cipher_value)) != NULL) {
- if (!sk_SSL_CIPHER_push(sk, c)) {
+ if ((cipher = ssl3_get_cipher_by_value(cipher_value)) != NULL) {
+ if (!sk_SSL_CIPHER_push(ciphers, cipher)) {
SSLerror(s, ERR_R_MALLOC_FAILURE);
goto err;
}
}
}
- return (sk);
+ return (ciphers);
err:
- sk_SSL_CIPHER_free(sk);
+ sk_SSL_CIPHER_free(ciphers);
return (NULL);
}
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index eed0803a852..9d9f9c3e41b 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.195 2017/10/10 15:13:26 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.196 2017/10/10 16:51:38 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1064,8 +1064,7 @@ int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
SSL_CIPHER *OBJ_bsearch_ssl_cipher_id(SSL_CIPHER *key, SSL_CIPHER const *base, int num);
int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
const SSL_CIPHER * const *bp);
-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p,
- int num);
+STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, CBS *cbs);
int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
unsigned char *p, size_t maxlen, size_t *outlen);
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index 686d8c8db6b..723d82fc821 100644
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.23 2017/10/08 16:46:31 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.24 2017/10/10 16:51:38 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -872,11 +872,12 @@ ssl3_get_client_hello(SSL *s)
if (CBS_len(&cipher_suites) > 0) {
if ((ciphers = ssl_bytes_to_cipher_list(s,
- CBS_data(&cipher_suites), CBS_len(&cipher_suites))) == NULL)
+ &cipher_suites)) == NULL)
goto err;
}
/* If it is a hit, check that the cipher is in the list */
+ /* XXX - CBS_len(&cipher_suites) will always be zero here... */
if (s->internal->hit && CBS_len(&cipher_suites) > 0) {
j = 0;
id = s->session->cipher->id;