Remove ssl_put_cipher_by_char

Since SSLv3, a CipherSuite is always 2 bytes. The only place where we need 3-byte ciphers is SSLv2-compatible ClientHello processing. So, remove the ssl_put_cipher_by_char indirection. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-18 15:00:37 +02:00 · 2015-09-18 15:00:37 +02:00 · e9fa092efc
parent 21b0fa9118
commit e9fa092efc
4 changed files with 16 additions and 21 deletions
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@ -167,9 +167,7 @@ static int ssl_set_version(SSL *s);
 static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b);
 static int ssl3_check_change(SSL *s);
 static int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
-                                    unsigned char *p,
-                                    int (*put_cb) (const SSL_CIPHER *,
-                                                 unsigned char *));
+                                    unsigned char *p);


 int ssl3_connect(SSL *s)
@ -862,7 +860,7 @@ int ssl3_client_hello(SSL *s)
        }

        /* Ciphers supported */
-        i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
+        i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]));
        if (i == 0) {
            SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
            goto err;
@ -933,7 +931,7 @@ int ssl3_get_server_hello(SSL *s)
    PACKET pkt;
    unsigned char *session_id, *cipherchars;
    int i, al = SSL_AD_INTERNAL_ERROR, ok;
-    unsigned int j, ciphercharlen;
+    unsigned int j;
    long n;
 #ifndef OPENSSL_NO_COMP
    SSL_COMP *comp;
@ -1086,7 +1084,6 @@ int ssl3_get_server_hello(SSL *s)
        goto f_err;
    }

-    ciphercharlen = ssl_put_cipher_by_char(s, NULL, NULL);
    /*
     * Check if we can resume the session based on external pre-shared secret.
     * EAP-FAST (RFC 4851) supports two types of session resumption.
@ -1104,7 +1101,7 @@ int ssl3_get_server_hello(SSL *s)
        SSL_CIPHER *pref_cipher = NULL;
        PACKET bookmark = pkt;
        if (!PACKET_forward(&pkt, j)
-            || !PACKET_get_bytes(&pkt, &cipherchars, ciphercharlen)) {
+            || !PACKET_get_bytes(&pkt, &cipherchars, TLS_CIPHER_LEN)) {
            SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
            al = SSL_AD_DECODE_ERROR;
            goto f_err;
@ -1159,7 +1156,7 @@ int ssl3_get_server_hello(SSL *s)
        memcpy(s->session->session_id, session_id, j); /* j could be 0 */
    }

-    if (!PACKET_get_bytes(&pkt, &cipherchars, ciphercharlen)) {
+    if (!PACKET_get_bytes(&pkt, &cipherchars, TLS_CIPHER_LEN)) {
        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
        al = SSL_AD_DECODE_ERROR;
        goto f_err;
@ -3499,9 +3496,7 @@ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
 }

 int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
-                             unsigned char *p,
-                             int (*put_cb) (const SSL_CIPHER *,
-                                            unsigned char *))
+                             unsigned char *p)
 {
    int i, j = 0;
    SSL_CIPHER *c;
@ -3513,8 +3508,6 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
    if (sk == NULL)
        return (0);
    q = p;
-    if (put_cb == NULL)
-        put_cb = s->method->put_cipher_by_char;

    for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
        c = sk_SSL_CIPHER_value(sk, i);
@ -3529,7 +3522,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
                empty_reneg_info_scsv = 0;
        }
 #endif
-        j = put_cb(c, p);
+        j = s->method->put_cipher_by_char(c, p);
        p += j;
    }
    /*
@ -3541,7 +3534,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
            static SSL_CIPHER scsv = {
                0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
            };
-            j = put_cb(&scsv, p);
+            j = s->method->put_cipher_by_char(&scsv, p);
            p += j;
 #ifdef OPENSSL_RI_DEBUG
            fprintf(stderr,
@ -3552,7 +3545,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
            static SSL_CIPHER scsv = {
                0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
            };
-            j = put_cb(&scsv, p);
+            j = s->method->put_cipher_by_char(&scsv, p);
            p += j;
        }
    }
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@ -3520,7 +3520,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
    if(sslv2format) {
        n = SSLV2_CIPHER_LEN;
    } else {
-        n = ssl_put_cipher_by_char(s, NULL, NULL);
+        n = TLS_CIPHER_LEN;
    }
    if (n == 0 || (num % n) != 0) {
        SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -1078,8 +1078,9 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
                return 0;
            *(unsigned char **)parg = s->s3->tmp.ciphers_raw;
            return (int)s->s3->tmp.ciphers_rawlen;
-        } else
-            return ssl_put_cipher_by_char(s, NULL, NULL);
+        } else {
+            return TLS_CIPHER_LEN;
+        }
    case SSL_CTRL_GET_EXTMS_SUPPORT:
        if (!s->session || SSL_in_init(s) || s->in_handshake)
 		return -1;
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@ -528,6 +528,9 @@
 #define CERT_PRIVATE_KEY        2
 */

+
+/* CipherSuite length. SSLv3 and all TLS versions. */
+#define TLS_CIPHER_LEN 2
 /* used to hold info on the particular ciphers used */
 struct ssl_cipher_st {
    int valid;
@ -1641,8 +1644,6 @@ struct tls_sigalgs_st {
 */

 # define FP_ICC  (int (*)(const void *,const void *))
-# define ssl_put_cipher_by_char(ssl,ciph,ptr) \
-                ((ssl)->method->put_cipher_by_char((ciph),(ptr)))

 /*
 * This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit