summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_lib.c
diff options
context:
space:
mode:
authorjsing <>2017-10-11 17:35:00 +0000
committerjsing <>2017-10-11 17:35:00 +0000
commite25867c8b77c3676ceeaccb2721083b1916ecd09 (patch)
treeca9185a9b7de54d8df3855321c5771328e85f30b /src/lib/libssl/ssl_lib.c
parent3903e57ba9926fc949f9d917a0b46c7b6f7001db (diff)
downloadopenbsd-e25867c8b77c3676ceeaccb2721083b1916ecd09.tar.gz
openbsd-e25867c8b77c3676ceeaccb2721083b1916ecd09.tar.bz2
openbsd-e25867c8b77c3676ceeaccb2721083b1916ecd09.zip
Convert ssl3_client_hello() to CBB.
As part of this, change ssl_cipher_list_to_bytes() to take a CBB argument, rather than a pointer/length. Some additional clean up/renames while here. Based on a diff from doug@
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/ssl_lib.c43
1 files changed, 16 insertions, 27 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index b91ba7f0f3..c7ae2a9631 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.171 2017/10/10 16:51:38 jsing Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.172 2017/10/11 17:35:00 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1380,51 +1380,40 @@ SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
1380} 1380}
1381 1381
1382int 1382int
1383ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p, 1383ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb)
1384 size_t maxlen, size_t *outlen)
1385{ 1384{
1386 SSL_CIPHER *cipher; 1385 SSL_CIPHER *cipher;
1387 int ciphers = 0; 1386 int num_ciphers = 0;
1388 CBB cbb;
1389 int i; 1387 int i;
1390 1388
1391 *outlen = 0; 1389 if (ciphers == NULL)
1392 1390 return 0;
1393 if (sk == NULL)
1394 return (0);
1395
1396 if (!CBB_init_fixed(&cbb, p, maxlen))
1397 goto err;
1398 1391
1399 for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { 1392 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
1400 cipher = sk_SSL_CIPHER_value(sk, i); 1393 if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL)
1394 return 0;
1401 1395
1402 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ 1396 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
1403 if ((cipher->algorithm_ssl & SSL_TLSV1_2) && 1397 if ((cipher->algorithm_ssl & SSL_TLSV1_2) &&
1404 (TLS1_get_client_version(s) < TLS1_2_VERSION)) 1398 (TLS1_get_client_version(s) < TLS1_2_VERSION))
1405 continue; 1399 continue;
1406 1400
1407 if (!CBB_add_u16(&cbb, ssl3_cipher_get_value(cipher))) 1401 if (!CBB_add_u16(cbb, ssl3_cipher_get_value(cipher)))
1408 goto err; 1402 return 0;
1409 1403
1410 ciphers++; 1404 num_ciphers++;
1411 } 1405 }
1412 1406
1413 /* Add SCSV if there are other ciphers and we're not renegotiating. */ 1407 /* Add SCSV if there are other ciphers and we're not renegotiating. */
1414 if (ciphers > 0 && !s->internal->renegotiate) { 1408 if (num_ciphers > 0 && !s->internal->renegotiate) {
1415 if (!CBB_add_u16(&cbb, SSL3_CK_SCSV & SSL3_CK_VALUE_MASK)) 1409 if (!CBB_add_u16(cbb, SSL3_CK_SCSV & SSL3_CK_VALUE_MASK))
1416 goto err; 1410 return 0;
1417 } 1411 }
1418 1412
1419 if (!CBB_finish(&cbb, NULL, outlen)) 1413 if (!CBB_flush(cbb))
1420 goto err; 1414 return 0;
1421 1415
1422 return 1; 1416 return 1;
1423
1424 err:
1425 CBB_cleanup(&cbb);
1426
1427 return 0;
1428} 1417}
1429 1418
1430STACK_OF(SSL_CIPHER) * 1419STACK_OF(SSL_CIPHER) *