diff options
| author | David Benjamin <davidben@chromium.org> | 2014-10-22 06:00:19 +0400 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2014-10-24 06:01:33 +0400 |
| commit | 9f2c0d7a946ccf1159a1456cb7a5fa816de09284 (patch) | |
| tree | c338721670ebee77df1c9513ea312d0b29e1bd47 /ssl/ssl_lib.c | |
| parent | 2a39eaeec7602034fcca6b6112369274cca8454b (diff) | |
Remove T** parameter to ssl_bytes_to_cipher_list.
There's only one caller and it doesn't use that feature. While I'm here, tidy
that function a little. Don't bother passing FALLBACK_SCSV into
ssl3_get_cipher_by_value.
Change-Id: Ie71298aeaaab6e24401e0a6c2c0d2281caa93ba4
Reviewed-on: https://boringssl-review.googlesource.com/2030
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'ssl/ssl_lib.c')
| -rw-r--r-- | ssl/ssl_lib.c | 48 |
1 files changed, 23 insertions, 25 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index f7818ed6..8357ff9a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1495,8 +1495,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, uint8_t *p) return(p-q); } -STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const CBS *cbs, - STACK_OF(SSL_CIPHER) **skp) +STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const CBS *cbs) { CBS cipher_suites = *cbs; const SSL_CIPHER *c; @@ -1508,14 +1507,14 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const CBS *cbs, if (CBS_len(&cipher_suites) % 2 != 0) { OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); - return(NULL); + return NULL; } - if ((skp == NULL) || (*skp == NULL)) - sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */ - else + + sk = sk_SSL_CIPHER_new_null(); + if (sk == NULL) { - sk= *skp; - sk_SSL_CIPHER_zero(sk); + OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, ERR_R_MALLOC_FAILURE); + goto err; } if (!CBS_stow(&cipher_suites, @@ -1535,10 +1534,10 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const CBS *cbs, goto err; } - /* Check for SCSV */ + /* Check for SCSV. */ if (s->s3 && cipher_suite == (SSL3_CK_SCSV & 0xffff)) { - /* SCSV fatal if renegotiating */ + /* SCSV is fatal if renegotiating. */ if (s->renegotiate) { OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); @@ -1546,25 +1545,25 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const CBS *cbs, goto err; } s->s3->send_connection_binding = 1; -#ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "SCSV received by server\n"); -#endif continue; } - /* Check for FALLBACK_SCSV */ - if (s->s3 && cipher_suite == (SSL3_CK_FALLBACK_SCSV & 0xffff) && - s->version < ssl_get_max_version(s)) + /* Check for FALLBACK_SCSV. */ + if (s->s3 && cipher_suite == (SSL3_CK_FALLBACK_SCSV & 0xffff)) { - OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, SSL_R_INAPPROPRIATE_FALLBACK); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_INAPPROPRIATE_FALLBACK); - goto err; + if (s->version < ssl_get_max_version(s)) + { + OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, SSL_R_INAPPROPRIATE_FALLBACK); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL3_AD_INAPPROPRIATE_FALLBACK); + goto err; + } + continue; } c = ssl3_get_cipher_by_value(cipher_suite); if (c != NULL) { - if (!sk_SSL_CIPHER_push(sk,c)) + if (!sk_SSL_CIPHER_push(sk, c)) { OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, ERR_R_MALLOC_FAILURE); goto err; @@ -1572,13 +1571,12 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const CBS *cbs, } } - if (skp != NULL) - *skp=sk; - return(sk); + return sk; + err: - if ((skp == NULL) || (*skp == NULL)) + if (sk != NULL) sk_SSL_CIPHER_free(sk); - return(NULL); + return NULL; } |