[openssl-commits] [openssl] master update
Emilia Kasper
emilia at openssl.org
Tue Sep 22 18:37:12 UTC 2015
The branch master has been updated
via e9fa092efca0afbf99bb575193f69e3f8a938f02 (commit)
from 21b0fa91186ff1c1c3d956c0593ef4ac02521695 (commit)
- Log -----------------------------------------------------------------
commit e9fa092efca0afbf99bb575193f69e3f8a938f02
Author: Emilia Kasper <emilia at openssl.org>
Date: Fri Sep 18 15:00:37 2015 +0200
Remove ssl_put_cipher_by_char
Since SSLv3, a CipherSuite is always 2 bytes. The only place where we
need 3-byte ciphers is SSLv2-compatible ClientHello processing.
So, remove the ssl_put_cipher_by_char indirection.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/s3_clnt.c | 25 +++++++++----------------
ssl/s3_srvr.c | 2 +-
ssl/ssl_lib.c | 5 +++--
ssl/ssl_locl.h | 5 +++--
4 files changed, 16 insertions(+), 21 deletions(-)
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 7cfff63..036a531 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -167,9 +167,7 @@ static int ssl_set_version(SSL *s);
static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b);
static int ssl3_check_change(SSL *s);
static int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
- unsigned char *p,
- int (*put_cb) (const SSL_CIPHER *,
- unsigned char *));
+ unsigned char *p);
int ssl3_connect(SSL *s)
@@ -862,7 +860,7 @@ int ssl3_client_hello(SSL *s)
}
/* Ciphers supported */
- i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
+ i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]));
if (i == 0) {
SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
goto err;
@@ -933,7 +931,7 @@ int ssl3_get_server_hello(SSL *s)
PACKET pkt;
unsigned char *session_id, *cipherchars;
int i, al = SSL_AD_INTERNAL_ERROR, ok;
- unsigned int j, ciphercharlen;
+ unsigned int j;
long n;
#ifndef OPENSSL_NO_COMP
SSL_COMP *comp;
@@ -1086,7 +1084,6 @@ int ssl3_get_server_hello(SSL *s)
goto f_err;
}
- ciphercharlen = ssl_put_cipher_by_char(s, NULL, NULL);
/*
* Check if we can resume the session based on external pre-shared secret.
* EAP-FAST (RFC 4851) supports two types of session resumption.
@@ -1104,7 +1101,7 @@ int ssl3_get_server_hello(SSL *s)
SSL_CIPHER *pref_cipher = NULL;
PACKET bookmark = pkt;
if (!PACKET_forward(&pkt, j)
- || !PACKET_get_bytes(&pkt, &cipherchars, ciphercharlen)) {
+ || !PACKET_get_bytes(&pkt, &cipherchars, TLS_CIPHER_LEN)) {
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
al = SSL_AD_DECODE_ERROR;
goto f_err;
@@ -1159,7 +1156,7 @@ int ssl3_get_server_hello(SSL *s)
memcpy(s->session->session_id, session_id, j); /* j could be 0 */
}
- if (!PACKET_get_bytes(&pkt, &cipherchars, ciphercharlen)) {
+ if (!PACKET_get_bytes(&pkt, &cipherchars, TLS_CIPHER_LEN)) {
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
al = SSL_AD_DECODE_ERROR;
goto f_err;
@@ -3499,9 +3496,7 @@ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
}
int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
- unsigned char *p,
- int (*put_cb) (const SSL_CIPHER *,
- unsigned char *))
+ unsigned char *p)
{
int i, j = 0;
SSL_CIPHER *c;
@@ -3513,8 +3508,6 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
if (sk == NULL)
return (0);
q = p;
- if (put_cb == NULL)
- put_cb = s->method->put_cipher_by_char;
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
c = sk_SSL_CIPHER_value(sk, i);
@@ -3529,7 +3522,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
empty_reneg_info_scsv = 0;
}
#endif
- j = put_cb(c, p);
+ j = s->method->put_cipher_by_char(c, p);
p += j;
}
/*
@@ -3541,7 +3534,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
static SSL_CIPHER scsv = {
0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
- j = put_cb(&scsv, p);
+ j = s->method->put_cipher_by_char(&scsv, p);
p += j;
#ifdef OPENSSL_RI_DEBUG
fprintf(stderr,
@@ -3552,7 +3545,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
static SSL_CIPHER scsv = {
0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
- j = put_cb(&scsv, p);
+ j = s->method->put_cipher_by_char(&scsv, p);
p += j;
}
}
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index aea7279..f771bd9 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -3520,7 +3520,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
if(sslv2format) {
n = SSLV2_CIPHER_LEN;
} else {
- n = ssl_put_cipher_by_char(s, NULL, NULL);
+ n = TLS_CIPHER_LEN;
}
if (n == 0 || (num % n) != 0) {
SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index e794d82..6d1e4e8 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1078,8 +1078,9 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
return 0;
*(unsigned char **)parg = s->s3->tmp.ciphers_raw;
return (int)s->s3->tmp.ciphers_rawlen;
- } else
- return ssl_put_cipher_by_char(s, NULL, NULL);
+ } else {
+ return TLS_CIPHER_LEN;
+ }
case SSL_CTRL_GET_EXTMS_SUPPORT:
if (!s->session || SSL_in_init(s) || s->in_handshake)
return -1;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 083ced3..32e6338 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -528,6 +528,9 @@
#define CERT_PRIVATE_KEY 2
*/
+
+/* CipherSuite length. SSLv3 and all TLS versions. */
+#define TLS_CIPHER_LEN 2
/* used to hold info on the particular ciphers used */
struct ssl_cipher_st {
int valid;
@@ -1641,8 +1644,6 @@ struct tls_sigalgs_st {
*/
# define FP_ICC (int (*)(const void *,const void *))
-# define ssl_put_cipher_by_char(ssl,ciph,ptr) \
- ((ssl)->method->put_cipher_by_char((ciph),(ptr)))
/*
* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit
More information about the openssl-commits
mailing list