Commit e9fa092e authored by Emilia Kasper's avatar Emilia Kasper
Browse files

Remove ssl_put_cipher_by_char 



Since SSLv3, a CipherSuite is always 2 bytes. The only place where we
need 3-byte ciphers is SSLv2-compatible ClientHello processing.

So, remove the ssl_put_cipher_by_char indirection.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent 21b0fa91

ssl/s3_clnt.c

+9 −16
Original line number Diff line number Diff line
@@ -167,9 +167,7 @@ static int ssl_set_version(SSL *s); 
static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b);

static int ssl3_check_change(SSL *s);

static int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,

                                    unsigned char *p,

                                    int (*put_cb) (const SSL_CIPHER *,

                                                 unsigned char *));

                                    unsigned char *p);





int ssl3_connect(SSL *s)
@@ -862,7 +860,7 @@ int ssl3_client_hello(SSL *s) 
        }



        /* Ciphers supported */

        i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);

        i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]));

        if (i == 0) {

            SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);

            goto err;
@@ -933,7 +931,7 @@ int ssl3_get_server_hello(SSL *s) 
    PACKET pkt;

    unsigned char *session_id, *cipherchars;

    int i, al = SSL_AD_INTERNAL_ERROR, ok;

    unsigned int j, ciphercharlen;

    unsigned int j;

    long n;

#ifndef OPENSSL_NO_COMP

    SSL_COMP *comp;
@@ -1086,7 +1084,6 @@ int ssl3_get_server_hello(SSL *s) 
        goto f_err;

    }



    ciphercharlen = ssl_put_cipher_by_char(s, NULL, NULL);

    /*

     * Check if we can resume the session based on external pre-shared secret.

     * EAP-FAST (RFC 4851) supports two types of session resumption.
@@ -1104,7 +1101,7 @@ int ssl3_get_server_hello(SSL *s) 
        SSL_CIPHER *pref_cipher = NULL;

        PACKET bookmark = pkt;

        if (!PACKET_forward(&pkt, j)

            || !PACKET_get_bytes(&pkt, &cipherchars, ciphercharlen)) {

            || !PACKET_get_bytes(&pkt, &cipherchars, TLS_CIPHER_LEN)) {

            SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);

            al = SSL_AD_DECODE_ERROR;

            goto f_err;
@@ -1159,7 +1156,7 @@ int ssl3_get_server_hello(SSL *s) 
        memcpy(s->session->session_id, session_id, j); /* j could be 0 */

    }



    if (!PACKET_get_bytes(&pkt, &cipherchars, ciphercharlen)) {

    if (!PACKET_get_bytes(&pkt, &cipherchars, TLS_CIPHER_LEN)) {

        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);

        al = SSL_AD_DECODE_ERROR;

        goto f_err;
@@ -3499,9 +3496,7 @@ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) 
}



int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,

                             unsigned char *p,

                             int (*put_cb) (const SSL_CIPHER *,

                                            unsigned char *))

                             unsigned char *p)

{

    int i, j = 0;

    SSL_CIPHER *c;
@@ -3513,8 +3508,6 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, 
    if (sk == NULL)

        return (0);

    q = p;

    if (put_cb == NULL)

        put_cb = s->method->put_cipher_by_char;



    for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {

        c = sk_SSL_CIPHER_value(sk, i);
@@ -3529,7 +3522,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, 
                empty_reneg_info_scsv = 0;

        }

#endif

        j = put_cb(c, p);

        j = s->method->put_cipher_by_char(c, p);

        p += j;

    }

    /*
@@ -3541,7 +3534,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, 
            static SSL_CIPHER scsv = {

                0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0

            };

            j = put_cb(&scsv, p);

            j = s->method->put_cipher_by_char(&scsv, p);

            p += j;

#ifdef OPENSSL_RI_DEBUG

            fprintf(stderr,
@@ -3552,7 +3545,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, 
            static SSL_CIPHER scsv = {

                0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0

            };

            j = put_cb(&scsv, p);

            j = s->method->put_cipher_by_char(&scsv, p);

            p += j;

        }

    }

ssl/s3_srvr.c

+1 −1
Original line number Diff line number Diff line
@@ -3520,7 +3520,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, 
    if(sslv2format) {

        n = SSLV2_CIPHER_LEN;

    } else {

        n = ssl_put_cipher_by_char(s, NULL, NULL);

        n = TLS_CIPHER_LEN;

    }

    if (n == 0 || (num % n) != 0) {

        SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,

ssl/ssl_lib.c

+3 −2
Original line number Diff line number Diff line
@@ -1078,8 +1078,9 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) 
                return 0;

            *(unsigned char **)parg = s->s3->tmp.ciphers_raw;

            return (int)s->s3->tmp.ciphers_rawlen;

        } else

            return ssl_put_cipher_by_char(s, NULL, NULL);

        } else {

            return TLS_CIPHER_LEN;

        }

    case SSL_CTRL_GET_EXTMS_SUPPORT:

        if (!s->session || SSL_in_init(s) || s->in_handshake)

		return -1;

ssl/ssl_locl.h

+3 −2
Original line number Diff line number Diff line
@@ -528,6 +528,9 @@ 
#define CERT_PRIVATE_KEY        2

*/





/* CipherSuite length. SSLv3 and all TLS versions. */

#define TLS_CIPHER_LEN 2

/* used to hold info on the particular ciphers used */

struct ssl_cipher_st {

    int valid;
@@ -1641,8 +1644,6 @@ struct tls_sigalgs_st { 
 */



# define FP_ICC  (int (*)(const void *,const void *))

# define ssl_put_cipher_by_char(ssl,ciph,ptr) \

                ((ssl)->method->put_cipher_by_char((ciph),(ptr)))



/*

 * This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit