diff options
| author | jsing <> | 2020-09-11 13:20:32 +0000 |
|---|---|---|
| committer | jsing <> | 2020-09-11 13:20:32 +0000 |
| commit | 4a8fc6e9ea23fecaed660d04f7794c874502bef8 (patch) | |
| tree | c7f201588d2a4444718a91fbd67c253eb4e88814 /src | |
| parent | d6b7185a731bccfe67d85d5222a70e9be37752a6 (diff) | |
| download | openbsd-4a8fc6e9ea23fecaed660d04f7794c874502bef8.tar.gz openbsd-4a8fc6e9ea23fecaed660d04f7794c874502bef8.tar.bz2 openbsd-4a8fc6e9ea23fecaed660d04f7794c874502bef8.zip | |
Various ciphers related clean up.
Consistently use the names 'ciphers' and 'cipher' instead of 'sk' and 'c'.
Remove some redundant code, unnecessary parentheses and fix some style(9).
ok inoguchi@ tb@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 77 |
1 files changed, 36 insertions, 41 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index bf10cea685..6f8a14bca4 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.221 2020/08/30 15:40:19 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.222 2020/09/11 13:20:32 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -225,13 +225,13 @@ SSL_clear(SSL *s) | |||
| 225 | int | 225 | int |
| 226 | SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) | 226 | SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) |
| 227 | { | 227 | { |
| 228 | STACK_OF(SSL_CIPHER) *sk; | 228 | STACK_OF(SSL_CIPHER) *ciphers; |
| 229 | 229 | ||
| 230 | ctx->method = meth; | 230 | ctx->method = meth; |
| 231 | 231 | ||
| 232 | sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), | 232 | ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, |
| 233 | &(ctx->internal->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST); | 233 | &ctx->internal->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST); |
| 234 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { | 234 | if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) <= 0) { |
| 235 | SSLerrorx(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); | 235 | SSLerrorx(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); |
| 236 | return (0); | 236 | return (0); |
| 237 | } | 237 | } |
| @@ -1361,18 +1361,15 @@ ssl_has_ecc_ciphers(SSL *s) | |||
| 1361 | const char * | 1361 | const char * |
| 1362 | SSL_get_cipher_list(const SSL *s, int n) | 1362 | SSL_get_cipher_list(const SSL *s, int n) |
| 1363 | { | 1363 | { |
| 1364 | SSL_CIPHER *c; | 1364 | STACK_OF(SSL_CIPHER) *ciphers; |
| 1365 | STACK_OF(SSL_CIPHER) *sk; | 1365 | const SSL_CIPHER *cipher; |
| 1366 | 1366 | ||
| 1367 | if (s == NULL) | 1367 | if ((ciphers = SSL_get_ciphers(s)) == NULL) |
| 1368 | return (NULL); | ||
| 1369 | sk = SSL_get_ciphers(s); | ||
| 1370 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) | ||
| 1371 | return (NULL); | 1368 | return (NULL); |
| 1372 | c = sk_SSL_CIPHER_value(sk, n); | 1369 | if ((cipher = sk_SSL_CIPHER_value(ciphers, n)) == NULL) |
| 1373 | if (c == NULL) | ||
| 1374 | return (NULL); | 1370 | return (NULL); |
| 1375 | return (c->name); | 1371 | |
| 1372 | return (cipher->name); | ||
| 1376 | } | 1373 | } |
| 1377 | 1374 | ||
| 1378 | STACK_OF(SSL_CIPHER) * | 1375 | STACK_OF(SSL_CIPHER) * |
| @@ -1385,22 +1382,21 @@ SSL_CTX_get_ciphers(const SSL_CTX *ctx) | |||
| 1385 | int | 1382 | int |
| 1386 | SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) | 1383 | SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) |
| 1387 | { | 1384 | { |
| 1388 | STACK_OF(SSL_CIPHER) *sk; | 1385 | STACK_OF(SSL_CIPHER) *ciphers; |
| 1389 | 1386 | ||
| 1390 | sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, | ||
| 1391 | &ctx->internal->cipher_list_by_id, str); | ||
| 1392 | /* | 1387 | /* |
| 1393 | * ssl_create_cipher_list may return an empty stack if it | 1388 | * ssl_create_cipher_list may return an empty stack if it was unable to |
| 1394 | * was unable to find a cipher matching the given rule string | 1389 | * find a cipher matching the given rule string (for example if the |
| 1395 | * (for example if the rule string specifies a cipher which | 1390 | * rule string specifies a cipher which has been disabled). This is not |
| 1396 | * has been disabled). This is not an error as far as | 1391 | * an error as far as ssl_create_cipher_list is concerned, and hence |
| 1397 | * ssl_create_cipher_list is concerned, and hence | ||
| 1398 | * ctx->cipher_list and ctx->internal->cipher_list_by_id has been | 1392 | * ctx->cipher_list and ctx->internal->cipher_list_by_id has been |
| 1399 | * updated. | 1393 | * updated. |
| 1400 | */ | 1394 | */ |
| 1401 | if (sk == NULL) | 1395 | ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, |
| 1396 | &ctx->internal->cipher_list_by_id, str); | ||
| 1397 | if (ciphers == NULL) { | ||
| 1402 | return (0); | 1398 | return (0); |
| 1403 | else if (sk_SSL_CIPHER_num(sk) == 0) { | 1399 | } else if (sk_SSL_CIPHER_num(ciphers) == 0) { |
| 1404 | SSLerrorx(SSL_R_NO_CIPHER_MATCH); | 1400 | SSLerrorx(SSL_R_NO_CIPHER_MATCH); |
| 1405 | return (0); | 1401 | return (0); |
| 1406 | } | 1402 | } |
| @@ -1411,42 +1407,41 @@ SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) | |||
| 1411 | int | 1407 | int |
| 1412 | SSL_set_cipher_list(SSL *s, const char *str) | 1408 | SSL_set_cipher_list(SSL *s, const char *str) |
| 1413 | { | 1409 | { |
| 1414 | STACK_OF(SSL_CIPHER) *sk; | 1410 | STACK_OF(SSL_CIPHER) *ciphers; |
| 1415 | 1411 | ||
| 1416 | sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, | 1412 | /* See comment in SSL_CTX_set_cipher_list. */ |
| 1417 | &s->internal->cipher_list_by_id, str); | 1413 | ciphers = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, |
| 1418 | /* see comment in SSL_CTX_set_cipher_list */ | 1414 | &s->internal->cipher_list_by_id, str); |
| 1419 | if (sk == NULL) | 1415 | if (ciphers == NULL) { |
| 1420 | return (0); | 1416 | return (0); |
| 1421 | else if (sk_SSL_CIPHER_num(sk) == 0) { | 1417 | } else if (sk_SSL_CIPHER_num(ciphers) == 0) { |
| 1422 | SSLerror(s, SSL_R_NO_CIPHER_MATCH); | 1418 | SSLerror(s, SSL_R_NO_CIPHER_MATCH); |
| 1423 | return (0); | 1419 | return (0); |
| 1424 | } | 1420 | } |
| 1425 | return (1); | 1421 | return (1); |
| 1426 | } | 1422 | } |
| 1427 | 1423 | ||
| 1428 | /* works well for SSLv2, not so good for SSLv3 */ | ||
| 1429 | char * | 1424 | char * |
| 1430 | SSL_get_shared_ciphers(const SSL *s, char *buf, int len) | 1425 | SSL_get_shared_ciphers(const SSL *s, char *buf, int len) |
| 1431 | { | 1426 | { |
| 1432 | char *end; | 1427 | STACK_OF(SSL_CIPHER) *ciphers; |
| 1433 | STACK_OF(SSL_CIPHER) *sk; | 1428 | const SSL_CIPHER *cipher; |
| 1434 | SSL_CIPHER *c; | 1429 | size_t curlen = 0; |
| 1435 | size_t curlen = 0; | 1430 | char *end; |
| 1436 | int i; | 1431 | int i; |
| 1437 | 1432 | ||
| 1438 | if (s->session == NULL || s->session->ciphers == NULL || len < 2) | 1433 | if (s->session == NULL || s->session->ciphers == NULL || len < 2) |
| 1439 | return (NULL); | 1434 | return (NULL); |
| 1440 | 1435 | ||
| 1441 | sk = s->session->ciphers; | 1436 | ciphers = s->session->ciphers; |
| 1442 | if (sk_SSL_CIPHER_num(sk) == 0) | 1437 | if (sk_SSL_CIPHER_num(ciphers) == 0) |
| 1443 | return (NULL); | 1438 | return (NULL); |
| 1444 | 1439 | ||
| 1445 | buf[0] = '\0'; | 1440 | buf[0] = '\0'; |
| 1446 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { | 1441 | for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { |
| 1447 | c = sk_SSL_CIPHER_value(sk, i); | 1442 | cipher = sk_SSL_CIPHER_value(ciphers, i); |
| 1448 | end = buf + curlen; | 1443 | end = buf + curlen; |
| 1449 | if (strlcat(buf, c->name, len) >= len || | 1444 | if (strlcat(buf, cipher->name, len) >= len || |
| 1450 | (curlen = strlcat(buf, ":", len)) >= len) { | 1445 | (curlen = strlcat(buf, ":", len)) >= len) { |
| 1451 | /* remove truncated cipher from list */ | 1446 | /* remove truncated cipher from list */ |
| 1452 | *end = '\0'; | 1447 | *end = '\0'; |