Remove get_cipher_by_char and put_cipher_by_char.

Without SSLv2, all cipher suite values are 2 bytes. Represent them as a
uint16_t and make all functions pass those around rather than pointers.

This removes SSL_CIPHER_find as it's unused.

Change-Id: Iea0b75abee4352a8333a4b8e39a161430ae55ea6
Reviewed-on: https://boringssl-review.googlesource.com/1259
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2014-07-20 13:30:15 -04:00 committed by Adam Langley
parent 0eb17906ab
commit 39482a13ac
10 changed files with 62 additions and 158 deletions

View File

@ -389,8 +389,6 @@ struct ssl_method_st
int (*ssl_dispatch_alert)(SSL *s); int (*ssl_dispatch_alert)(SSL *s);
long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg); long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
int (*ssl_pending)(const SSL *s); int (*ssl_pending)(const SSL *s);
int (*num_ciphers)(void); int (*num_ciphers)(void);
const SSL_CIPHER *(*get_cipher)(unsigned ncipher); const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
@ -2319,8 +2317,6 @@ const char *SSL_COMP_get_name(const void *comp);
void *SSL_COMP_get_compression_methods(void); void *SSL_COMP_get_compression_methods(void);
int SSL_COMP_add_compression_method(int id,void *cm); int SSL_COMP_add_compression_method(int id,void *cm);
const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
/* TLS extensions functions */ /* TLS extensions functions */
int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);

View File

@ -383,7 +383,7 @@ static int ssl23_client_hello(SSL *s)
*(p++) = 0; *(p++) = 0;
/* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char); i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]);
if (i == 0) if (i == 0)
{ {
OPENSSL_PUT_ERROR(SSL, ssl23_client_hello, SSL_R_NO_CIPHERS_AVAILABLE); OPENSSL_PUT_ERROR(SSL, ssl23_client_hello, SSL_R_NO_CIPHERS_AVAILABLE);

View File

@ -82,31 +82,6 @@ const SSL_CIPHER *ssl23_get_cipher(unsigned int u)
return(NULL); return(NULL);
} }
/* This function needs to check if the ciphers required are actually
* available */
const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
{
const SSL_CIPHER *cp;
cp=ssl3_get_cipher_by_char(p);
return(cp);
}
int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
{
long l;
/* We can write SSLv2 and SSLv3 ciphers */
if (p != NULL)
{
l=c->id;
p[0]=((unsigned char)(l>>16L))&0xFF;
p[1]=((unsigned char)(l>> 8L))&0xFF;
p[2]=((unsigned char)(l ))&0xFF;
}
return(3);
}
int ssl23_read(SSL *s, void *buf, int len) int ssl23_read(SSL *s, void *buf, int len)
{ {
int n; int n;

View File

@ -780,7 +780,7 @@ int ssl3_client_hello(SSL *s)
} }
/* Ciphers supported */ /* Ciphers supported */
i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0); i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]);
if (i == 0) if (i == 0)
{ {
OPENSSL_PUT_ERROR(SSL, ssl3_client_hello, SSL_R_NO_CIPHERS_AVAILABLE); OPENSSL_PUT_ERROR(SSL, ssl3_client_hello, SSL_R_NO_CIPHERS_AVAILABLE);
@ -833,8 +833,7 @@ int ssl3_get_server_hello(SSL *s)
int al=SSL_AD_INTERNAL_ERROR,ok; int al=SSL_AD_INTERNAL_ERROR,ok;
long n; long n;
CBS server_hello, server_random, session_id; CBS server_hello, server_random, session_id;
uint16_t server_version; uint16_t server_version, cipher_suite;
const uint8_t *cipher_ptr;
uint8_t compression_method; uint8_t compression_method;
/* Hello verify request and/or server hello version may not /* Hello verify request and/or server hello version may not
* match so set first packet if we're negotiating version. * match so set first packet if we're negotiating version.
@ -882,7 +881,9 @@ int ssl3_get_server_hello(SSL *s)
if (!CBS_get_u16(&server_hello, &server_version) || if (!CBS_get_u16(&server_hello, &server_version) ||
!CBS_get_bytes(&server_hello, &server_random, SSL3_RANDOM_SIZE) || !CBS_get_bytes(&server_hello, &server_random, SSL3_RANDOM_SIZE) ||
!CBS_get_u8_length_prefixed(&server_hello, &session_id) || !CBS_get_u8_length_prefixed(&server_hello, &session_id) ||
CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) CBS_len(&session_id) > SSL3_SESSION_ID_SIZE ||
!CBS_get_u16(&server_hello, &cipher_suite) ||
!CBS_get_u8(&server_hello, &compression_method))
{ {
al = SSL_AD_DECODE_ERROR; al = SSL_AD_DECODE_ERROR;
OPENSSL_PUT_ERROR(SSL, ssl3_get_server_hello, SSL_R_DECODE_ERROR); OPENSSL_PUT_ERROR(SSL, ssl3_get_server_hello, SSL_R_DECODE_ERROR);
@ -939,11 +940,9 @@ int ssl3_get_server_hello(SSL *s)
NULL, &pref_cipher, NULL, &pref_cipher,
s->tls_session_secret_cb_arg)) s->tls_session_secret_cb_arg))
{ {
/* TODO(davidben): Make ssl_get_cipher_by_char
* a bounds-checked function. */
s->session->cipher = pref_cipher ? s->session->cipher = pref_cipher ?
pref_cipher : pref_cipher :
ssl_get_cipher_by_char(s, CBS_data(&server_hello)); ssl3_get_cipher_by_value(cipher_suite);
s->s3->flags |= SSL3_FLAGS_CCS_OK; s->s3->flags |= SSL3_FLAGS_CCS_OK;
s->hit = 1; s->hit = 1;
} }
@ -982,16 +981,7 @@ int ssl3_get_server_hello(SSL *s)
memcpy(s->session->session_id, CBS_data(&session_id), CBS_len(&session_id)); memcpy(s->session->session_id, CBS_data(&session_id), CBS_len(&session_id));
} }
/* TODO(davidben): Move the cipher_by_char hooks to CBS or c = ssl3_get_cipher_by_value(cipher_suite);
* something else actually bounds-checked. */
cipher_ptr = CBS_data(&server_hello);
if (!CBS_skip(&server_hello, 2))
{
al = SSL_AD_DECODE_ERROR;
OPENSSL_PUT_ERROR(SSL, ssl3_get_server_hello, SSL_R_DECODE_ERROR);
goto f_err;
}
c = ssl_get_cipher_by_char(s, cipher_ptr);
if (c == NULL) if (c == NULL)
{ {
/* unknown cipher */ /* unknown cipher */
@ -1038,12 +1028,6 @@ int ssl3_get_server_hello(SSL *s)
if (!SSL_USE_SIGALGS(s) && !ssl3_digest_cached_records(s)) if (!SSL_USE_SIGALGS(s) && !ssl3_digest_cached_records(s))
goto f_err; goto f_err;
if (!CBS_get_u8(&server_hello, &compression_method))
{
al = SSL_AD_DECODE_ERROR;
OPENSSL_PUT_ERROR(SSL, ssl3_get_server_hello, SSL_R_DECODE_ERROR);
}
/* Only the NULL compression algorithm is supported. */ /* Only the NULL compression algorithm is supported. */
if (compression_method != 0) if (compression_method != 0)
{ {

View File

@ -146,6 +146,7 @@
* OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
* OTHERWISE. */ * OTHERWISE. */
#include <assert.h>
#include <stdio.h> #include <stdio.h>
#include <openssl/buf.h> #include <openssl/buf.h>
@ -3566,35 +3567,26 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
return(1); return(1);
} }
/* This function needs to check if the ciphers required are actually /* ssl3_get_cipher_by_value returns the SSL_CIPHER with value |value| or NULL if
* available */ * none exists.
const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) *
* This function needs to check if the ciphers required are actually
* available. */
const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value)
{ {
SSL_CIPHER c; SSL_CIPHER c;
const SSL_CIPHER *cp;
unsigned long id;
id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; c.id = 0x03000000L|value;
c.id=id; return bsearch(&c, ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(SSL_CIPHER), ssl_cipher_id_cmp);
cp = bsearch(&c, ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(SSL_CIPHER), ssl_cipher_id_cmp);
#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
if (cp == NULL) fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
#endif
return cp;
} }
int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) /* ssl3_get_cipher_by_value returns the cipher value of |c|. */
uint16_t ssl3_get_cipher_value(const SSL_CIPHER *c)
{ {
long l; unsigned long id = c->id;
/* All ciphers are SSLv3 now. */
if (p != NULL) assert((id & 0xff000000) == 0x03000000);
{ return id & 0xffff;
l=c->id;
if ((l & 0xff000000) != 0x03000000) return(0);
p[0]=((unsigned char)(l>> 8L))&0xFF;
p[1]=((unsigned char)(l ))&0xFF;
}
return(2);
} }
struct ssl_cipher_preference_list_st* ssl_get_cipher_preferences(SSL *s) struct ssl_cipher_preference_list_st* ssl_get_cipher_preferences(SSL *s)

View File

@ -1118,9 +1118,7 @@ int ssl3_get_client_hello(SSL *s)
goto f_err; goto f_err;
} }
/* TODO(davidben): Port cipher-list handling to CBS. */ if (ssl_bytes_to_cipher_list(s, &cipher_suites, &ciphers) == NULL)
if (ssl_bytes_to_cipher_list(s, CBS_data(&cipher_suites),
CBS_len(&cipher_suites), &ciphers) == NULL)
{ {
goto err; goto err;
} }
@ -1343,7 +1341,7 @@ int ssl3_send_server_hello(SSL *s)
{ {
unsigned char *buf; unsigned char *buf;
unsigned char *p,*d; unsigned char *p,*d;
int i,sl; int sl;
unsigned long l; unsigned long l;
if (s->state == SSL3_ST_SW_SRVR_HELLO_A) if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
@ -1417,8 +1415,7 @@ int ssl3_send_server_hello(SSL *s)
p+=sl; p+=sl;
/* put the cipher */ /* put the cipher */
i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p); s2n(ssl3_get_cipher_value(s->s3->tmp.new_cipher), p);
p+=i;
/* put the compression method */ /* put the compression method */
*(p++)=0; *(p++)=0;

View File

@ -1854,20 +1854,6 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
return -1; return -1;
} }
const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr)
{
const SSL_CIPHER *c;
c = ssl->method->get_cipher_by_char(ptr);
if (c == NULL || c->valid == 0)
return NULL;
return c;
}
const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr)
{
return ssl->method->get_cipher_by_char(ptr);
}
/* ssl_cipher_has_server_public_key returns 1 if |cipher| involves a /* ssl_cipher_has_server_public_key returns 1 if |cipher| involves a
* server public key in the key exchange, sent in a server Certificate * server public key in the key exchange, sent in a server Certificate
* message. Otherwise it returns 0. */ * message. Otherwise it returns 0. */

View File

@ -141,6 +141,7 @@
#include <stdio.h> #include <stdio.h>
#include <assert.h> #include <assert.h>
#include <openssl/bytestring.h>
#include <openssl/dh.h> #include <openssl/dh.h>
#include <openssl/engine.h> #include <openssl/engine.h>
#include <openssl/lhash.h> #include <openssl/lhash.h>
@ -1198,7 +1199,11 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
return (int)s->cert->ciphers_rawlen; return (int)s->cert->ciphers_rawlen;
} }
else else
return ssl_put_cipher_by_char(s,NULL,NULL); {
/* Passing a NULL |parg| returns the size of a single
* cipher suite value. */
return 2;
}
default: default:
return(s->method->ssl_ctrl(s,cmd,larg,parg)); return(s->method->ssl_ctrl(s,cmd,larg,parg));
} }
@ -1504,10 +1509,9 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
return(buf); return(buf);
} }
int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
int (*put_cb)(const SSL_CIPHER *, unsigned char *))
{ {
int i,j=0; int i;
SSL_CIPHER *c; SSL_CIPHER *c;
CERT *ct = s->cert; CERT *ct = s->cert;
unsigned char *q; unsigned char *q;
@ -1518,9 +1522,6 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
if (sk == NULL) return(0); if (sk == NULL) return(0);
q=p; q=p;
if (put_cb == NULL)
put_cb = s->method->put_cipher_by_char;
for (i=0; i<sk_SSL_CIPHER_num(sk); i++) for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
{ {
c=sk_SSL_CIPHER_value(sk,i); c=sk_SSL_CIPHER_value(sk,i);
@ -1538,8 +1539,7 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
no_scsv = 1; no_scsv = 1;
} }
#endif #endif
j = put_cb(c, p); s2n(ssl3_get_cipher_value(c), p);
p += j;
} }
/* If p == q, no ciphers and caller indicates an error. Otherwise /* If p == q, no ciphers and caller indicates an error. Otherwise
* add SCSV if not renegotiating. * add SCSV if not renegotiating.
@ -1552,8 +1552,7 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
{ {
0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
}; };
j = put_cb(&scsv, p); s2n(ssl3_get_cipher_value(&scsv), p);
p += j;
#ifdef OPENSSL_RI_DEBUG #ifdef OPENSSL_RI_DEBUG
fprintf(stderr, "SCSV sent by client\n"); fprintf(stderr, "SCSV sent by client\n");
#endif #endif
@ -1564,25 +1563,24 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
{ {
0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
}; };
j = put_cb(&fallback_scsv, p); s2n(ssl3_get_cipher_value(&fallback_scsv), p);
p += j;
} }
} }
return(p-q); return(p-q);
} }
STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const uint8_t *p,int num, STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const CBS *cbs,
STACK_OF(SSL_CIPHER) **skp) STACK_OF(SSL_CIPHER) **skp)
{ {
CBS cipher_suites = *cbs;
const SSL_CIPHER *c; const SSL_CIPHER *c;
STACK_OF(SSL_CIPHER) *sk; STACK_OF(SSL_CIPHER) *sk;
int i,n;
if (s->s3) if (s->s3)
s->s3->send_connection_binding = 0; s->s3->send_connection_binding = 0;
n=ssl_put_cipher_by_char(s,NULL,NULL); if (CBS_len(&cipher_suites) % 2 != 0)
if ((num%n) != 0)
{ {
OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
return(NULL); return(NULL);
@ -1595,22 +1593,25 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const uint8_t *p,int num,
sk_SSL_CIPHER_zero(sk); sk_SSL_CIPHER_zero(sk);
} }
if (s->cert->ciphers_raw) if (!CBS_stow(&cipher_suites,
OPENSSL_free(s->cert->ciphers_raw); &s->cert->ciphers_raw, &s->cert->ciphers_rawlen))
s->cert->ciphers_raw = BUF_memdup(p, num);
if (s->cert->ciphers_raw == NULL)
{ {
OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, ERR_R_MALLOC_FAILURE); OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }
s->cert->ciphers_rawlen = (size_t)num;
for (i=0; i<num; i+=n) while (CBS_len(&cipher_suites) > 0)
{ {
uint16_t cipher_suite;
if (!CBS_get_u16(&cipher_suites, &cipher_suite))
{
OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, ERR_R_INTERNAL_ERROR);
goto err;
}
/* Check for SCSV */ /* Check for SCSV */
if (s->s3 && (n != 3 || !p[0]) && if (s->s3 && cipher_suite == (SSL3_CK_SCSV & 0xffff))
(p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
(p[n-1] == (SSL3_CK_SCSV & 0xff)))
{ {
/* SCSV fatal if renegotiating */ /* SCSV fatal if renegotiating */
if (s->renegotiate) if (s->renegotiate)
@ -1620,7 +1621,6 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const uint8_t *p,int num,
goto err; goto err;
} }
s->s3->send_connection_binding = 1; s->s3->send_connection_binding = 1;
p += n;
#ifdef OPENSSL_RI_DEBUG #ifdef OPENSSL_RI_DEBUG
fprintf(stderr, "SCSV received by server\n"); fprintf(stderr, "SCSV received by server\n");
#endif #endif
@ -1628,9 +1628,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const uint8_t *p,int num,
} }
/* Check for FALLBACK_SCSV */ /* Check for FALLBACK_SCSV */
if (s->s3 && n == 2 && if (s->s3 && cipher_suite == (SSL3_CK_FALLBACK_SCSV & 0xffff) &&
(p[0] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) &&
(p[1] == (SSL3_CK_FALLBACK_SCSV & 0xff)) &&
s->version < ssl_get_max_version(s)) s->version < ssl_get_max_version(s))
{ {
OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, SSL_R_INAPPROPRIATE_FALLBACK); OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, SSL_R_INAPPROPRIATE_FALLBACK);
@ -1638,8 +1636,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const uint8_t *p,int num,
goto err; goto err;
} }
c=ssl_get_cipher_by_char(s,p); c = ssl3_get_cipher_by_value(cipher_suite);
p+=n;
if (c != NULL) if (c != NULL)
{ {
if (!sk_SSL_CIPHER_push(sk,c)) if (!sk_SSL_CIPHER_push(sk,c))

View File

@ -668,8 +668,6 @@ struct tls_sigalgs_st
/*#define IDEA_DEBUG */ /*#define IDEA_DEBUG */
#define FP_ICC (int (*)(const void *,const void *)) #define FP_ICC (int (*)(const void *,const void *))
#define ssl_put_cipher_by_char(ssl,ciph,ptr) \
((ssl)->method->put_cipher_by_char((ciph),(ptr)))
/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff /* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
* It is a bit of a mess of functions, but hell, think of it as * It is a bit of a mess of functions, but hell, think of it as
@ -790,8 +788,6 @@ const SSL_METHOD *func_name(void) \
ssl3_dispatch_alert, \ ssl3_dispatch_alert, \
ssl3_ctrl, \ ssl3_ctrl, \
ssl3_ctx_ctrl, \ ssl3_ctx_ctrl, \
ssl3_get_cipher_by_char, \
ssl3_put_cipher_by_char, \
ssl3_pending, \ ssl3_pending, \
ssl3_num_ciphers, \ ssl3_num_ciphers, \
ssl3_get_cipher, \ ssl3_get_cipher, \
@ -827,8 +823,6 @@ const SSL_METHOD *func_name(void) \
ssl3_dispatch_alert, \ ssl3_dispatch_alert, \
ssl3_ctrl, \ ssl3_ctrl, \
ssl3_ctx_ctrl, \ ssl3_ctx_ctrl, \
ssl3_get_cipher_by_char, \
ssl3_put_cipher_by_char, \
ssl3_pending, \ ssl3_pending, \
ssl3_num_ciphers, \ ssl3_num_ciphers, \
ssl3_get_cipher, \ ssl3_get_cipher, \
@ -864,8 +858,6 @@ const SSL_METHOD *func_name(void) \
ssl3_dispatch_alert, \ ssl3_dispatch_alert, \
ssl3_ctrl, \ ssl3_ctrl, \
ssl3_ctx_ctrl, \ ssl3_ctx_ctrl, \
ssl23_get_cipher_by_char, \
ssl23_put_cipher_by_char, \
ssl_undefined_const_function, \ ssl_undefined_const_function, \
ssl23_num_ciphers, \ ssl23_num_ciphers, \
ssl23_get_cipher, \ ssl23_get_cipher, \
@ -901,8 +893,6 @@ const SSL_METHOD *func_name(void) \
NULL, /* NULL - dispatch_alert */ \ NULL, /* NULL - dispatch_alert */ \
ssl2_ctrl, /* local */ \ ssl2_ctrl, /* local */ \
ssl2_ctx_ctrl, /* local */ \ ssl2_ctx_ctrl, /* local */ \
ssl2_get_cipher_by_char, \
ssl2_put_cipher_by_char, \
ssl2_pending, \ ssl2_pending, \
ssl2_num_ciphers, \ ssl2_num_ciphers, \
ssl2_get_cipher, \ ssl2_get_cipher, \
@ -939,8 +929,6 @@ const SSL_METHOD *func_name(void) \
dtls1_dispatch_alert, \ dtls1_dispatch_alert, \
dtls1_ctrl, \ dtls1_ctrl, \
ssl3_ctx_ctrl, \ ssl3_ctx_ctrl, \
ssl3_get_cipher_by_char, \
ssl3_put_cipher_by_char, \
ssl3_pending, \ ssl3_pending, \
ssl3_num_ciphers, \ ssl3_num_ciphers, \
dtls1_get_cipher, \ dtls1_get_cipher, \
@ -969,10 +957,9 @@ int ssl_get_new_session(SSL *s, int session);
int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx); int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx);
int ssl_cipher_id_cmp(const void *in_a, const void *in_b); int ssl_cipher_id_cmp(const void *in_a, const void *in_b);
int ssl_cipher_ptr_id_cmp(const SSL_CIPHER **ap, const SSL_CIPHER **bp); int ssl_cipher_ptr_id_cmp(const SSL_CIPHER **ap, const SSL_CIPHER **bp);
STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const uint8_t *p,int num, STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const CBS *cbs,
STACK_OF(SSL_CIPHER) **skp); STACK_OF(SSL_CIPHER) **skp);
int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p);
int (*put_cb)(const SSL_CIPHER *, unsigned char *));
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
struct ssl_cipher_preference_list_st **pref, struct ssl_cipher_preference_list_st **pref,
STACK_OF(SSL_CIPHER) **sorted, STACK_OF(SSL_CIPHER) **sorted,
@ -992,7 +979,6 @@ int ssl_cipher_get_mac(const SSL_SESSION *s, const EVP_MD **md, int *mac_pkey_ty
int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md); int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);
int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md); int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);
int ssl_cipher_get_cert_index(const SSL_CIPHER *c); int ssl_cipher_get_cert_index(const SSL_CIPHER *c);
const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr);
int ssl_cipher_has_server_public_key(const SSL_CIPHER *cipher); int ssl_cipher_has_server_public_key(const SSL_CIPHER *cipher);
int ssl_cipher_requires_server_key_exchange(const SSL_CIPHER *cipher); int ssl_cipher_requires_server_key_exchange(const SSL_CIPHER *cipher);
@ -1048,8 +1034,8 @@ long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
int ssl2_pending(const SSL *s); int ssl2_pending(const SSL *s);
long ssl2_default_timeout(void ); long ssl2_default_timeout(void );
const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value);
int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); uint16_t ssl3_get_cipher_value(const SSL_CIPHER *c);
void ssl3_init_finished_mac(SSL *s); void ssl3_init_finished_mac(SSL *s);
int ssl3_send_server_certificate(SSL *s); int ssl3_send_server_certificate(SSL *s);
int ssl3_send_newsession_ticket(SSL *s); int ssl3_send_newsession_ticket(SSL *s);
@ -1115,8 +1101,6 @@ const SSL_CIPHER *ssl23_get_cipher(unsigned int u);
int ssl23_read(SSL *s, void *buf, int len); int ssl23_read(SSL *s, void *buf, int len);
int ssl23_peek(SSL *s, void *buf, int len); int ssl23_peek(SSL *s, void *buf, int len);
int ssl23_write(SSL *s, const void *buf, int len); int ssl23_write(SSL *s, const void *buf, int len);
int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
long ssl23_default_timeout(void ); long ssl23_default_timeout(void );
long tls1_default_timeout(void); long tls1_default_timeout(void);

View File

@ -560,16 +560,9 @@ int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx)
if (ret->cipher == NULL) if (ret->cipher == NULL)
{ {
unsigned char buf[5],*p; /* The cipher id has a leading 0x03 to be removed (and then put
unsigned long l; * back for the binary search) as a remnant of SSLv2 support. */
ret->cipher = ssl3_get_cipher_by_value(ret->cipher_id & 0xffff);
p=buf;
l=ret->cipher_id;
l2n(l,p);
if ((ret->ssl_version>>8) >= SSL3_VERSION_MAJOR)
ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
else
ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
if (ret->cipher == NULL) if (ret->cipher == NULL)
goto err; goto err;
} }