[openssl-commits] [openssl] master update

Emilia Kasper emilia at openssl.org
Tue Sep 22 18:37:12 UTC 2015


The branch master has been updated
       via  e9fa092efca0afbf99bb575193f69e3f8a938f02 (commit)
      from  21b0fa91186ff1c1c3d956c0593ef4ac02521695 (commit)


- Log -----------------------------------------------------------------
commit e9fa092efca0afbf99bb575193f69e3f8a938f02
Author: Emilia Kasper <emilia at openssl.org>
Date:   Fri Sep 18 15:00:37 2015 +0200

    Remove ssl_put_cipher_by_char
    
    Since SSLv3, a CipherSuite is always 2 bytes. The only place where we
    need 3-byte ciphers is SSLv2-compatible ClientHello processing.
    
    So, remove the ssl_put_cipher_by_char indirection.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 ssl/s3_clnt.c  | 25 +++++++++----------------
 ssl/s3_srvr.c  |  2 +-
 ssl/ssl_lib.c  |  5 +++--
 ssl/ssl_locl.h |  5 +++--
 4 files changed, 16 insertions(+), 21 deletions(-)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 7cfff63..036a531 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -167,9 +167,7 @@ static int ssl_set_version(SSL *s);
 static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b);
 static int ssl3_check_change(SSL *s);
 static int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
-                                    unsigned char *p,
-                                    int (*put_cb) (const SSL_CIPHER *,
-                                                 unsigned char *));
+                                    unsigned char *p);
 
 
 int ssl3_connect(SSL *s)
@@ -862,7 +860,7 @@ int ssl3_client_hello(SSL *s)
         }
 
         /* Ciphers supported */
-        i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
+        i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]));
         if (i == 0) {
             SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
             goto err;
@@ -933,7 +931,7 @@ int ssl3_get_server_hello(SSL *s)
     PACKET pkt;
     unsigned char *session_id, *cipherchars;
     int i, al = SSL_AD_INTERNAL_ERROR, ok;
-    unsigned int j, ciphercharlen;
+    unsigned int j;
     long n;
 #ifndef OPENSSL_NO_COMP
     SSL_COMP *comp;
@@ -1086,7 +1084,6 @@ int ssl3_get_server_hello(SSL *s)
         goto f_err;
     }
 
-    ciphercharlen = ssl_put_cipher_by_char(s, NULL, NULL);
     /*
      * Check if we can resume the session based on external pre-shared secret.
      * EAP-FAST (RFC 4851) supports two types of session resumption.
@@ -1104,7 +1101,7 @@ int ssl3_get_server_hello(SSL *s)
         SSL_CIPHER *pref_cipher = NULL;
         PACKET bookmark = pkt;
         if (!PACKET_forward(&pkt, j)
-            || !PACKET_get_bytes(&pkt, &cipherchars, ciphercharlen)) {
+            || !PACKET_get_bytes(&pkt, &cipherchars, TLS_CIPHER_LEN)) {
             SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
             al = SSL_AD_DECODE_ERROR;
             goto f_err;
@@ -1159,7 +1156,7 @@ int ssl3_get_server_hello(SSL *s)
         memcpy(s->session->session_id, session_id, j); /* j could be 0 */
     }
 
-    if (!PACKET_get_bytes(&pkt, &cipherchars, ciphercharlen)) {
+    if (!PACKET_get_bytes(&pkt, &cipherchars, TLS_CIPHER_LEN)) {
         SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
         al = SSL_AD_DECODE_ERROR;
         goto f_err;
@@ -3499,9 +3496,7 @@ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
 }
 
 int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
-                             unsigned char *p,
-                             int (*put_cb) (const SSL_CIPHER *,
-                                            unsigned char *))
+                             unsigned char *p)
 {
     int i, j = 0;
     SSL_CIPHER *c;
@@ -3513,8 +3508,6 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
     if (sk == NULL)
         return (0);
     q = p;
-    if (put_cb == NULL)
-        put_cb = s->method->put_cipher_by_char;
 
     for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
         c = sk_SSL_CIPHER_value(sk, i);
@@ -3529,7 +3522,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
                 empty_reneg_info_scsv = 0;
         }
 #endif
-        j = put_cb(c, p);
+        j = s->method->put_cipher_by_char(c, p);
         p += j;
     }
     /*
@@ -3541,7 +3534,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
             static SSL_CIPHER scsv = {
                 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
             };
-            j = put_cb(&scsv, p);
+            j = s->method->put_cipher_by_char(&scsv, p);
             p += j;
 #ifdef OPENSSL_RI_DEBUG
             fprintf(stderr,
@@ -3552,7 +3545,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
             static SSL_CIPHER scsv = {
                 0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
             };
-            j = put_cb(&scsv, p);
+            j = s->method->put_cipher_by_char(&scsv, p);
             p += j;
         }
     }
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index aea7279..f771bd9 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -3520,7 +3520,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
     if(sslv2format) {
         n = SSLV2_CIPHER_LEN;
     } else {
-        n = ssl_put_cipher_by_char(s, NULL, NULL);
+        n = TLS_CIPHER_LEN;
     }
     if (n == 0 || (num % n) != 0) {
         SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index e794d82..6d1e4e8 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1078,8 +1078,9 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
                 return 0;
             *(unsigned char **)parg = s->s3->tmp.ciphers_raw;
             return (int)s->s3->tmp.ciphers_rawlen;
-        } else
-            return ssl_put_cipher_by_char(s, NULL, NULL);
+        } else {
+            return TLS_CIPHER_LEN;
+        }
     case SSL_CTRL_GET_EXTMS_SUPPORT:
         if (!s->session || SSL_in_init(s) || s->in_handshake)
 		return -1;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 083ced3..32e6338 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -528,6 +528,9 @@
 #define CERT_PRIVATE_KEY        2
 */
 
+
+/* CipherSuite length. SSLv3 and all TLS versions. */
+#define TLS_CIPHER_LEN 2
 /* used to hold info on the particular ciphers used */
 struct ssl_cipher_st {
     int valid;
@@ -1641,8 +1644,6 @@ struct tls_sigalgs_st {
  */
 
 # define FP_ICC  (int (*)(const void *,const void *))
-# define ssl_put_cipher_by_char(ssl,ciph,ptr) \
-                ((ssl)->method->put_cipher_by_char((ciph),(ptr)))
 
 /*
  * This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit


More information about the openssl-commits mailing list