Make ssl_bytes_to_cipher_list() take a CBS, rather than a pointer and

length, since the caller has already been converted to CBS. A small amount of additional clean up whilst here.
author: jsing <> 2017-10-10 16:51:38 +0000
committer: jsing <> 2017-10-10 16:51:38 +0000
commit: 098764416bf22cf0022a14e54c917a7d274d5907 (patch)
tree: 41440fc4cda10bdbc058059722ec231878a235ef /src/lib
parent: 9541ce793a71add79fbe8d7b3d5b3fae5015bf53 (diff)
download: openbsd-098764416bf22cf0022a14e54c917a7d274d5907.tar.gz
openbsd-098764416bf22cf0022a14e54c917a7d274d5907.tar.bz2
openbsd-098764416bf22cf0022a14e54c917a7d274d5907.zip
3 files changed, 19 insertions, 29 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 471fd7009e..b91ba7f0f3 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.170 2017/08/30 16:24:21 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.171 2017/10/10 16:51:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1428,33 +1428,23 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p,
 }
 STACK_OF(SSL_CIPHER) *
-ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
+ssl_bytes_to_cipher_list(SSL *s, CBS *cbs)
 {
-        CBS                      cbs;
+        STACK_OF(SSL_CIPHER) *ciphers = NULL;
-        const SSL_CIPHER        *c;
+        const SSL_CIPHER *cipher;
-        STACK_OF(SSL_CIPHER)    *sk = NULL;
+        uint16_t cipher_value, max_version;
-        unsigned long            cipher_id;
+        unsigned long cipher_id;
-        uint16_t                 cipher_value, max_version;
-        if (s->s3)
+        if (s->s3 != NULL)
                S3I(s)->send_connection_binding = 0;
-        /*
+        if ((ciphers = sk_SSL_CIPHER_new_null()) == NULL) {
-         * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2].
-         */
-        if (num < 2 || num > 0x10000 - 2) {
-                SSLerror(s, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
-                return (NULL);
-        }
-        if ((sk = sk_SSL_CIPHER_new_null()) == NULL) {
                SSLerror(s, ERR_R_MALLOC_FAILURE);
                goto err;
        }
-        CBS_init(&cbs, p, num);
+        while (CBS_len(cbs) > 0) {
-        while (CBS_len(&cbs) > 0) {
+                if (!CBS_get_u16(cbs, &cipher_value)) {
-                if (!CBS_get_u16(&cbs, &cipher_value)) {
                        SSLerror(s, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
                        goto err;
                }
@@ -1495,18 +1485,18 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
                        continue;
                }
-                if ((c = ssl3_get_cipher_by_value(cipher_value)) != NULL) {
+                if ((cipher = ssl3_get_cipher_by_value(cipher_value)) != NULL) {
-                        if (!sk_SSL_CIPHER_push(sk, c)) {
+                        if (!sk_SSL_CIPHER_push(ciphers, cipher)) {
                                SSLerror(s, ERR_R_MALLOC_FAILURE);
                                goto err;
                        }
                }
        }
-        return (sk);
+        return (ciphers);
 err:
-        sk_SSL_CIPHER_free(sk);
+        sk_SSL_CIPHER_free(ciphers);
        return (NULL);
 }
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index eed0803a85..9d9f9c3e41 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.195 2017/10/10 15:13:26 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.196 2017/10/10 16:51:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1064,8 +1064,7 @@ int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
 SSL_CIPHER *OBJ_bsearch_ssl_cipher_id(SSL_CIPHER *key, SSL_CIPHER const *base, int num);
 int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
    const SSL_CIPHER * const *bp);
-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p,
+STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, CBS *cbs);
-    int num);
 int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
    unsigned char *p, size_t maxlen, size_t *outlen);
 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 686d8c8db6..723d82fc82 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.23 2017/10/08 16:46:31 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.24 2017/10/10 16:51:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -872,11 +872,12 @@ ssl3_get_client_hello(SSL *s)
        if (CBS_len(&cipher_suites) > 0) {
                if ((ciphers = ssl_bytes_to_cipher_list(s,
-                    CBS_data(&cipher_suites), CBS_len(&cipher_suites))) == NULL)
+                    &cipher_suites)) == NULL)
                        goto err;
        }
        /* If it is a hit, check that the cipher is in the list */
+        /* XXX - CBS_len(&cipher_suites) will always be zero here... */
        if (s->internal->hit && CBS_len(&cipher_suites) > 0) {
                j = 0;
                id = s->session->cipher->id;
author	jsing <>	2017-10-10 16:51:38 +0000
committer	jsing <>	2017-10-10 16:51:38 +0000
commit	098764416bf22cf0022a14e54c917a7d274d5907 (patch)
tree	41440fc4cda10bdbc058059722ec231878a235ef /src/lib
parent	9541ce793a71add79fbe8d7b3d5b3fae5015bf53 (diff)
download	openbsd-098764416bf22cf0022a14e54c917a7d274d5907.tar.gz openbsd-098764416bf22cf0022a14e54c917a7d274d5907.tar.bz2 openbsd-098764416bf22cf0022a14e54c917a7d274d5907.zip