The ssl_ciper_get_evp() function is currently overloaded to also return the

compression associated with the SSL session. Based on one of Adam Langley's chromium diffs, factor out the compression handling code into a separate ssl_cipher_get_comp() function. Rewrite the compression handling code to avoid pointless duplication and so that failures are actually returned to and detectable by the caller. ok miod@
author: jsing <> 2014-05-25 13:27:38 +0000
committer: jsing <> 2014-05-25 13:27:38 +0000
commit: a26ab58294e030cd16e09f09139a602c114d495e (patch)
tree: 1981463f492523e729cbfd564646012bb0a6574c /src/lib/libssl/ssl_ciph.c
parent: 4742830abc4156a69bf5e7e604c4087367c1ffb1 (diff)
download: openbsd-a26ab58294e030cd16e09f09139a602c114d495e.tar.gz
openbsd-a26ab58294e030cd16e09f09139a602c114d495e.tar.bz2
openbsd-a26ab58294e030cd16e09f09139a602c114d495e.zip
1 files changed, 32 insertions, 22 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 4ae3312a1a..bd939b7563 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -481,33 +481,45 @@ load_builtin_compressions(void)
 }
 #endif
+/* ssl_cipher_get_comp sets comp to the correct SSL_COMP for the given
+ * session and returns 1. On error it returns 0. */
 int
-ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+ssl_cipher_get_comp(const SSL_SESSION *s, SSL_COMP **comp)
-    const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size, SSL_COMP **comp)
 {
+        SSL_COMP ctmp;
        int i;
-        const SSL_CIPHER *c;
-        c = s->cipher;
-        if (c == NULL)
-                return (0);
-        if (comp != NULL) {
-                SSL_COMP ctmp;
 #ifndef OPENSSL_NO_COMP
-                load_builtin_compressions();
+        load_builtin_compressions();
 #endif
-                *comp = NULL;
+        *comp = NULL;
-                ctmp.id = s->compress_meth;
+        if (s->compress_meth == 0)
-                if (ssl_comp_methods != NULL) {
+                return 1;
-                        i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp);
+        if (ssl_comp_methods == NULL)
-                        if (i >= 0)
+                return 0;
-                                *comp = sk_SSL_COMP_value(ssl_comp_methods, i);
-                        else
+        ctmp.id = s->compress_meth;
-                                *comp = NULL;
+        i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp);
-                }
+        if (i >= 0) {
+                *comp = sk_SSL_COMP_value(ssl_comp_methods, i);
+                return 1;
        }
+        return 0;
+}
+int
+ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+    const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size)
+{
+        const SSL_CIPHER *c;
+        int i;
+        c = s->cipher;
+        if (c == NULL)
+                return (0);
        if ((enc == NULL) || (md == NULL))
                return (0);
@@ -732,8 +744,6 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long
        *enc |= SSL_eNULL;
 #endif
        *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES : 0;
        *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0;
        *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 : 0;
@@ -1684,8 +1694,8 @@ ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
        SSL_COMP *ctmp;
        int i, nn;
-        if ((n == 0)
+        if ((n == 0) || (sk == NULL))
-                || (sk == NULL)) return (NULL);
+                return (NULL);
        nn = sk_SSL_COMP_num(sk);
        for (i = 0; i < nn; i++) {
                ctmp = sk_SSL_COMP_value(sk, i);
author	jsing <>	2014-05-25 13:27:38 +0000
committer	jsing <>	2014-05-25 13:27:38 +0000
commit	a26ab58294e030cd16e09f09139a602c114d495e (patch)
tree	1981463f492523e729cbfd564646012bb0a6574c /src/lib/libssl/ssl_ciph.c
parent	4742830abc4156a69bf5e7e604c4087367c1ffb1 (diff)
download	openbsd-a26ab58294e030cd16e09f09139a602c114d495e.tar.gz openbsd-a26ab58294e030cd16e09f09139a602c114d495e.tar.bz2 openbsd-a26ab58294e030cd16e09f09139a602c114d495e.zip

diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 4ae3312a1a..bd939b7563 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c
@@ -481,33 +481,45 @@ load_builtin_compressions(void)
481	}	481	}
482	#endif	482	#endif
483		483
		484	/* ssl_cipher_get_comp sets comp to the correct SSL_COMP for the given
		485	* session and returns 1. On error it returns 0. */
484	int	486	int
485	ssl_cipher_get_evp(const SSL_SESSION s, const EVP_CIPHER *enc,	487	ssl_cipher_get_comp(const SSL_SESSION s, SSL_COMP *comp)
486	const EVP_MD *md, int mac_pkey_type, int mac_secret_size, SSL_COMP *comp)
487	{	488	{
		489	SSL_COMP ctmp;
488	int i;	490	int i;
489	const SSL_CIPHER *c;
490		491
491	c = s->cipher;
492	if (c == NULL)
493	return (0);
494	if (comp != NULL) {
495	SSL_COMP ctmp;
496	#ifndef OPENSSL_NO_COMP	492	#ifndef OPENSSL_NO_COMP
497	load_builtin_compressions();	493	load_builtin_compressions();
498	#endif	494	#endif
499		495
500	*comp = NULL;	496	*comp = NULL;
501	ctmp.id = s->compress_meth;	497	if (s->compress_meth == 0)
502	if (ssl_comp_methods != NULL) {	498	return 1;
503	i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp);	499	if (ssl_comp_methods == NULL)
504	if (i >= 0)	500	return 0;
505	*comp = sk_SSL_COMP_value(ssl_comp_methods, i);	501
506	else	502	ctmp.id = s->compress_meth;
507	*comp = NULL;	503	i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp);
508	}	504	if (i >= 0) {
		505	*comp = sk_SSL_COMP_value(ssl_comp_methods, i);
		506	return 1;
509	}	507	}
510		508
		509	return 0;
		510	}
		511
		512	int
		513	ssl_cipher_get_evp(const SSL_SESSION s, const EVP_CIPHER *enc,
		514	const EVP_MD *md, int mac_pkey_type, int *mac_secret_size)
		515	{
		516	const SSL_CIPHER *c;
		517	int i;
		518
		519	c = s->cipher;
		520	if (c == NULL)
		521	return (0);
		522
511	if ((enc == NULL) \|\| (md == NULL))	523	if ((enc == NULL) \|\| (md == NULL))
512	return (0);	524	return (0);
513		525
@@ -732,8 +744,6 @@ ssl_cipher_get_disabled(unsigned long mkey, unsigned long auth, unsigned long
732	*enc \|= SSL_eNULL;	744	*enc \|= SSL_eNULL;
733	#endif	745	#endif
734		746
735
736
737	*enc \|= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES : 0;	747	*enc \|= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES : 0;
738	*enc \|= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0;	748	*enc \|= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0;
739	*enc \|= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 : 0;	749	*enc \|= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 : 0;
@@ -1684,8 +1694,8 @@ ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
1684	SSL_COMP *ctmp;	1694	SSL_COMP *ctmp;
1685	int i, nn;	1695	int i, nn;
1686		1696
1687	if ((n == 0)	1697	if ((n == 0) \|\| (sk == NULL))
1688	\|\| (sk == NULL)) return (NULL);	1698	return (NULL);
1689	nn = sk_SSL_COMP_num(sk);	1699	nn = sk_SSL_COMP_num(sk);
1690	for (i = 0; i < nn; i++) {	1700	for (i = 0; i < nn; i++) {
1691	ctmp = sk_SSL_COMP_value(sk, i);	1701	ctmp = sk_SSL_COMP_value(sk, i);