diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2021-07-03 16:06:46 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2021-07-03 16:06:46 +0000 |
| commit | fc7c8d2a0b895a72b53937c765962c95eed4173e (patch) | |
| tree | cd5d01f62f8026a7513497818684e51649450f4e /lib | |
| parent | 55e1b5da5392363653ec10a540bfce2ad8e4da9a (diff) | |
Do a first pass clean up of SSL_METHOD.
The num_ciphers, get_cipher_by_char and put_cipher_by_char function
pointers use the same function for all methods - call ssl3_num_ciphers()
directly, absorb ssl3_get_cipher_by_char() into SSL_CIPHER_find() and
remove the unused ssl3_put_cipher_by_char() code.
ok inoguchi@ tb@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/s3_lib.c | 47 | ||||
| -rw-r--r-- | lib/libssl/ssl_ciph.c | 14 | ||||
| -rw-r--r-- | lib/libssl/ssl_locl.h | 6 | ||||
| -rw-r--r-- | lib/libssl/ssl_methods.c | 50 |
4 files changed, 14 insertions, 103 deletions
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 125c108f02e..b2d94629c22 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.212 2021/07/01 17:53:39 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.213 2021/07/03 16:06:44 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2484,51 +2484,6 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) return 0; } -/* - * This function needs to check if the ciphers required are actually available. - */ -const SSL_CIPHER * -ssl3_get_cipher_by_char(const unsigned char *p) -{ - uint16_t cipher_value; - CBS cbs; - - /* We have to assume it is at least 2 bytes due to existing API. */ - CBS_init(&cbs, p, 2); - if (!CBS_get_u16(&cbs, &cipher_value)) - return NULL; - - return ssl3_get_cipher_by_value(cipher_value); -} - -int -ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) -{ - CBB cbb; - - if (p == NULL) - return (2); - - if ((c->id & ~SSL3_CK_VALUE_MASK) != SSL3_CK_ID) - return (0); - - memset(&cbb, 0, sizeof(cbb)); - - /* We have to assume it is at least 2 bytes due to existing API. */ - if (!CBB_init_fixed(&cbb, p, 2)) - goto err; - if (!CBB_add_u16(&cbb, ssl3_cipher_get_value(c))) - goto err; - if (!CBB_finish(&cbb, NULL, NULL)) - goto err; - - return (2); - - err: - CBB_cleanup(&cbb); - return (0); -} - SSL_CIPHER * ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, STACK_OF(SSL_CIPHER) *srvr) diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index bf22c4ed999..0e9941bc0b4 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.123 2021/05/16 08:24:21 jsing Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.124 2021/07/03 16:06:44 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1228,7 +1228,7 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, * in ciphers. We cannot get more than the number compiled in, so * it is used for allocation. */ - num_of_ciphers = ssl_method->num_ciphers(); + num_of_ciphers = ssl3_num_ciphers(); co_list = reallocarray(NULL, num_of_ciphers, sizeof(CIPHER_ORDER)); if (co_list == NULL) { SSLerrorx(ERR_R_MALLOC_FAILURE); @@ -1603,7 +1603,15 @@ SSL_CIPHER_get_value(const SSL_CIPHER *c) const SSL_CIPHER * SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr) { - return ssl->method->get_cipher_by_char(ptr); + uint16_t cipher_value; + CBS cbs; + + /* This API is documented with ptr being an array of length two. */ + CBS_init(&cbs, ptr, 2); + if (!CBS_get_u16(&cbs, &cipher_value)) + return NULL; + + return ssl3_get_cipher_by_value(cipher_value); } int diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 6ffc2e053cd..677feca157e 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.354 2021/07/01 17:53:39 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.355 2021/07/03 16:06:45 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -403,10 +403,7 @@ struct ssl_method_st { int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); int (*ssl_dispatch_alert)(SSL *s); - int (*num_ciphers)(void); const SSL_CIPHER *(*get_cipher)(unsigned int ncipher); - const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); - int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr); unsigned int enc_flags; /* SSL_ENC_FLAG_* */ }; @@ -1229,7 +1226,6 @@ int ssl_verify_alarm_type(long type); int SSL_SESSION_ticket(SSL_SESSION *ss, unsigned char **out, size_t *out_len); const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); -int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); int ssl3_send_server_certificate(SSL *s); int ssl3_send_newsession_ticket(SSL *s); int ssl3_send_cert_status(SSL *s); diff --git a/lib/libssl/ssl_methods.c b/lib/libssl/ssl_methods.c index a3097c37b97..b9b8a95e569 100644 --- a/lib/libssl/ssl_methods.c +++ b/lib/libssl/ssl_methods.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_methods.c,v 1.26 2021/07/01 17:53:39 jsing Exp $ */ +/* $OpenBSD: ssl_methods.c,v 1.27 2021/07/03 16:06:45 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -78,10 +78,7 @@ static const SSL_METHOD DTLS_method_data = { .ssl_read_bytes = dtls1_read_bytes, .ssl_write_bytes = dtls1_write_app_data_bytes, .ssl_dispatch_alert = dtls1_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, .get_cipher = dtls1_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, .enc_flags = TLSV1_2_ENC_FLAGS, }; @@ -103,10 +100,7 @@ static const SSL_METHOD DTLS_client_method_data = { .ssl_read_bytes = dtls1_read_bytes, .ssl_write_bytes = dtls1_write_app_data_bytes, .ssl_dispatch_alert = dtls1_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, .get_cipher = dtls1_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, .enc_flags = TLSV1_2_ENC_FLAGS, }; @@ -128,10 +122,7 @@ static const SSL_METHOD DTLSv1_method_data = { .ssl_read_bytes = dtls1_read_bytes, .ssl_write_bytes = dtls1_write_app_data_bytes, .ssl_dispatch_alert = dtls1_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, .get_cipher = dtls1_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, .enc_flags = TLSV1_1_ENC_FLAGS, }; @@ -153,10 +144,7 @@ static const SSL_METHOD DTLSv1_client_method_data = { .ssl_read_bytes = dtls1_read_bytes, .ssl_write_bytes = dtls1_write_app_data_bytes, .ssl_dispatch_alert = dtls1_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, .get_cipher = dtls1_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, .enc_flags = TLSV1_1_ENC_FLAGS, }; @@ -178,10 +166,7 @@ static const SSL_METHOD DTLSv1_2_method_data = { .ssl_read_bytes = dtls1_read_bytes, .ssl_write_bytes = dtls1_write_app_data_bytes, .ssl_dispatch_alert = dtls1_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, .get_cipher = dtls1_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, .enc_flags = TLSV1_2_ENC_FLAGS, }; @@ -203,10 +188,7 @@ static const SSL_METHOD DTLSv1_2_client_method_data = { .ssl_read_bytes = dtls1_read_bytes, .ssl_write_bytes = dtls1_write_app_data_bytes, .ssl_dispatch_alert = dtls1_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, .get_cipher = dtls1_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, .enc_flags = TLSV1_2_ENC_FLAGS, }; @@ -283,10 +265,7 @@ static const SSL_METHOD TLS_method_data = { .ssl_read_bytes = tls13_legacy_read_bytes, .ssl_write_bytes = tls13_legacy_write_bytes, .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, .enc_flags = TLSV1_3_ENC_FLAGS, }; #endif @@ -309,10 +288,7 @@ static const SSL_METHOD TLS_legacy_method_data = { .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, .enc_flags = TLSV1_2_ENC_FLAGS, }; @@ -335,10 +311,7 @@ static const SSL_METHOD TLS_client_method_data = { .ssl_read_bytes = tls13_legacy_read_bytes, .ssl_write_bytes = tls13_legacy_write_bytes, .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, .enc_flags = TLSV1_3_ENC_FLAGS, }; @@ -362,10 +335,7 @@ static const SSL_METHOD TLS_legacy_client_method_data = { .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, .enc_flags = TLSV1_2_ENC_FLAGS, }; #endif @@ -388,10 +358,7 @@ static const SSL_METHOD TLSv1_method_data = { .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, .enc_flags = TLSV1_ENC_FLAGS, }; @@ -413,10 +380,7 @@ static const SSL_METHOD TLSv1_client_method_data = { .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, .enc_flags = TLSV1_ENC_FLAGS, }; @@ -438,10 +402,7 @@ static const SSL_METHOD TLSv1_1_method_data = { .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, .enc_flags = TLSV1_1_ENC_FLAGS, }; @@ -463,10 +424,7 @@ static const SSL_METHOD TLSv1_1_client_method_data = { .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, .enc_flags = TLSV1_1_ENC_FLAGS, }; @@ -488,10 +446,7 @@ static const SSL_METHOD TLSv1_2_method_data = { .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, .enc_flags = TLSV1_2_ENC_FLAGS, }; @@ -513,10 +468,7 @@ static const SSL_METHOD TLSv1_2_client_method_data = { .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, .enc_flags = TLSV1_2_ENC_FLAGS, }; |