Remove get_cipher_by_char and put_cipher_by_char.
Without SSLv2, all cipher suite values are 2 bytes. Represent them as a uint16_t and make all functions pass those around rather than pointers. This removes SSL_CIPHER_find as it's unused. Change-Id: Iea0b75abee4352a8333a4b8e39a161430ae55ea6 Reviewed-on: https://boringssl-review.googlesource.com/1259 Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
parent
0eb17906ab
commit
39482a13ac
@ -389,8 +389,6 @@ struct ssl_method_st
|
|||||||
int (*ssl_dispatch_alert)(SSL *s);
|
int (*ssl_dispatch_alert)(SSL *s);
|
||||||
long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
|
long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
|
||||||
long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
|
long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
|
||||||
const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
|
|
||||||
int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
|
|
||||||
int (*ssl_pending)(const SSL *s);
|
int (*ssl_pending)(const SSL *s);
|
||||||
int (*num_ciphers)(void);
|
int (*num_ciphers)(void);
|
||||||
const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
|
const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
|
||||||
@ -2319,8 +2317,6 @@ const char *SSL_COMP_get_name(const void *comp);
|
|||||||
void *SSL_COMP_get_compression_methods(void);
|
void *SSL_COMP_get_compression_methods(void);
|
||||||
int SSL_COMP_add_compression_method(int id,void *cm);
|
int SSL_COMP_add_compression_method(int id,void *cm);
|
||||||
|
|
||||||
const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
|
|
||||||
|
|
||||||
/* TLS extensions functions */
|
/* TLS extensions functions */
|
||||||
int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
|
int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
|
||||||
|
|
||||||
|
@ -383,7 +383,7 @@ static int ssl23_client_hello(SSL *s)
|
|||||||
*(p++) = 0;
|
*(p++) = 0;
|
||||||
|
|
||||||
/* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
|
/* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
|
||||||
i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char);
|
i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]);
|
||||||
if (i == 0)
|
if (i == 0)
|
||||||
{
|
{
|
||||||
OPENSSL_PUT_ERROR(SSL, ssl23_client_hello, SSL_R_NO_CIPHERS_AVAILABLE);
|
OPENSSL_PUT_ERROR(SSL, ssl23_client_hello, SSL_R_NO_CIPHERS_AVAILABLE);
|
||||||
|
@ -82,31 +82,6 @@ const SSL_CIPHER *ssl23_get_cipher(unsigned int u)
|
|||||||
return(NULL);
|
return(NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* This function needs to check if the ciphers required are actually
|
|
||||||
* available */
|
|
||||||
const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
|
|
||||||
{
|
|
||||||
const SSL_CIPHER *cp;
|
|
||||||
|
|
||||||
cp=ssl3_get_cipher_by_char(p);
|
|
||||||
return(cp);
|
|
||||||
}
|
|
||||||
|
|
||||||
int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
|
|
||||||
{
|
|
||||||
long l;
|
|
||||||
|
|
||||||
/* We can write SSLv2 and SSLv3 ciphers */
|
|
||||||
if (p != NULL)
|
|
||||||
{
|
|
||||||
l=c->id;
|
|
||||||
p[0]=((unsigned char)(l>>16L))&0xFF;
|
|
||||||
p[1]=((unsigned char)(l>> 8L))&0xFF;
|
|
||||||
p[2]=((unsigned char)(l ))&0xFF;
|
|
||||||
}
|
|
||||||
return(3);
|
|
||||||
}
|
|
||||||
|
|
||||||
int ssl23_read(SSL *s, void *buf, int len)
|
int ssl23_read(SSL *s, void *buf, int len)
|
||||||
{
|
{
|
||||||
int n;
|
int n;
|
||||||
|
@ -780,7 +780,7 @@ int ssl3_client_hello(SSL *s)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Ciphers supported */
|
/* Ciphers supported */
|
||||||
i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
|
i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]);
|
||||||
if (i == 0)
|
if (i == 0)
|
||||||
{
|
{
|
||||||
OPENSSL_PUT_ERROR(SSL, ssl3_client_hello, SSL_R_NO_CIPHERS_AVAILABLE);
|
OPENSSL_PUT_ERROR(SSL, ssl3_client_hello, SSL_R_NO_CIPHERS_AVAILABLE);
|
||||||
@ -833,8 +833,7 @@ int ssl3_get_server_hello(SSL *s)
|
|||||||
int al=SSL_AD_INTERNAL_ERROR,ok;
|
int al=SSL_AD_INTERNAL_ERROR,ok;
|
||||||
long n;
|
long n;
|
||||||
CBS server_hello, server_random, session_id;
|
CBS server_hello, server_random, session_id;
|
||||||
uint16_t server_version;
|
uint16_t server_version, cipher_suite;
|
||||||
const uint8_t *cipher_ptr;
|
|
||||||
uint8_t compression_method;
|
uint8_t compression_method;
|
||||||
/* Hello verify request and/or server hello version may not
|
/* Hello verify request and/or server hello version may not
|
||||||
* match so set first packet if we're negotiating version.
|
* match so set first packet if we're negotiating version.
|
||||||
@ -882,7 +881,9 @@ int ssl3_get_server_hello(SSL *s)
|
|||||||
if (!CBS_get_u16(&server_hello, &server_version) ||
|
if (!CBS_get_u16(&server_hello, &server_version) ||
|
||||||
!CBS_get_bytes(&server_hello, &server_random, SSL3_RANDOM_SIZE) ||
|
!CBS_get_bytes(&server_hello, &server_random, SSL3_RANDOM_SIZE) ||
|
||||||
!CBS_get_u8_length_prefixed(&server_hello, &session_id) ||
|
!CBS_get_u8_length_prefixed(&server_hello, &session_id) ||
|
||||||
CBS_len(&session_id) > SSL3_SESSION_ID_SIZE)
|
CBS_len(&session_id) > SSL3_SESSION_ID_SIZE ||
|
||||||
|
!CBS_get_u16(&server_hello, &cipher_suite) ||
|
||||||
|
!CBS_get_u8(&server_hello, &compression_method))
|
||||||
{
|
{
|
||||||
al = SSL_AD_DECODE_ERROR;
|
al = SSL_AD_DECODE_ERROR;
|
||||||
OPENSSL_PUT_ERROR(SSL, ssl3_get_server_hello, SSL_R_DECODE_ERROR);
|
OPENSSL_PUT_ERROR(SSL, ssl3_get_server_hello, SSL_R_DECODE_ERROR);
|
||||||
@ -939,11 +940,9 @@ int ssl3_get_server_hello(SSL *s)
|
|||||||
NULL, &pref_cipher,
|
NULL, &pref_cipher,
|
||||||
s->tls_session_secret_cb_arg))
|
s->tls_session_secret_cb_arg))
|
||||||
{
|
{
|
||||||
/* TODO(davidben): Make ssl_get_cipher_by_char
|
|
||||||
* a bounds-checked function. */
|
|
||||||
s->session->cipher = pref_cipher ?
|
s->session->cipher = pref_cipher ?
|
||||||
pref_cipher :
|
pref_cipher :
|
||||||
ssl_get_cipher_by_char(s, CBS_data(&server_hello));
|
ssl3_get_cipher_by_value(cipher_suite);
|
||||||
s->s3->flags |= SSL3_FLAGS_CCS_OK;
|
s->s3->flags |= SSL3_FLAGS_CCS_OK;
|
||||||
s->hit = 1;
|
s->hit = 1;
|
||||||
}
|
}
|
||||||
@ -982,16 +981,7 @@ int ssl3_get_server_hello(SSL *s)
|
|||||||
memcpy(s->session->session_id, CBS_data(&session_id), CBS_len(&session_id));
|
memcpy(s->session->session_id, CBS_data(&session_id), CBS_len(&session_id));
|
||||||
}
|
}
|
||||||
|
|
||||||
/* TODO(davidben): Move the cipher_by_char hooks to CBS or
|
c = ssl3_get_cipher_by_value(cipher_suite);
|
||||||
* something else actually bounds-checked. */
|
|
||||||
cipher_ptr = CBS_data(&server_hello);
|
|
||||||
if (!CBS_skip(&server_hello, 2))
|
|
||||||
{
|
|
||||||
al = SSL_AD_DECODE_ERROR;
|
|
||||||
OPENSSL_PUT_ERROR(SSL, ssl3_get_server_hello, SSL_R_DECODE_ERROR);
|
|
||||||
goto f_err;
|
|
||||||
}
|
|
||||||
c = ssl_get_cipher_by_char(s, cipher_ptr);
|
|
||||||
if (c == NULL)
|
if (c == NULL)
|
||||||
{
|
{
|
||||||
/* unknown cipher */
|
/* unknown cipher */
|
||||||
@ -1038,12 +1028,6 @@ int ssl3_get_server_hello(SSL *s)
|
|||||||
if (!SSL_USE_SIGALGS(s) && !ssl3_digest_cached_records(s))
|
if (!SSL_USE_SIGALGS(s) && !ssl3_digest_cached_records(s))
|
||||||
goto f_err;
|
goto f_err;
|
||||||
|
|
||||||
if (!CBS_get_u8(&server_hello, &compression_method))
|
|
||||||
{
|
|
||||||
al = SSL_AD_DECODE_ERROR;
|
|
||||||
OPENSSL_PUT_ERROR(SSL, ssl3_get_server_hello, SSL_R_DECODE_ERROR);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Only the NULL compression algorithm is supported. */
|
/* Only the NULL compression algorithm is supported. */
|
||||||
if (compression_method != 0)
|
if (compression_method != 0)
|
||||||
{
|
{
|
||||||
|
38
ssl/s3_lib.c
38
ssl/s3_lib.c
@ -146,6 +146,7 @@
|
|||||||
* OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
|
* OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
|
||||||
* OTHERWISE. */
|
* OTHERWISE. */
|
||||||
|
|
||||||
|
#include <assert.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
|
||||||
#include <openssl/buf.h>
|
#include <openssl/buf.h>
|
||||||
@ -3566,35 +3567,26 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
|
|||||||
return(1);
|
return(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* This function needs to check if the ciphers required are actually
|
/* ssl3_get_cipher_by_value returns the SSL_CIPHER with value |value| or NULL if
|
||||||
* available */
|
* none exists.
|
||||||
const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
|
*
|
||||||
|
* This function needs to check if the ciphers required are actually
|
||||||
|
* available. */
|
||||||
|
const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value)
|
||||||
{
|
{
|
||||||
SSL_CIPHER c;
|
SSL_CIPHER c;
|
||||||
const SSL_CIPHER *cp;
|
|
||||||
unsigned long id;
|
|
||||||
|
|
||||||
id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
|
c.id = 0x03000000L|value;
|
||||||
c.id=id;
|
return bsearch(&c, ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(SSL_CIPHER), ssl_cipher_id_cmp);
|
||||||
cp = bsearch(&c, ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(SSL_CIPHER), ssl_cipher_id_cmp);
|
|
||||||
#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
|
|
||||||
if (cp == NULL) fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
|
|
||||||
#endif
|
|
||||||
return cp;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
|
/* ssl3_get_cipher_by_value returns the cipher value of |c|. */
|
||||||
|
uint16_t ssl3_get_cipher_value(const SSL_CIPHER *c)
|
||||||
{
|
{
|
||||||
long l;
|
unsigned long id = c->id;
|
||||||
|
/* All ciphers are SSLv3 now. */
|
||||||
if (p != NULL)
|
assert((id & 0xff000000) == 0x03000000);
|
||||||
{
|
return id & 0xffff;
|
||||||
l=c->id;
|
|
||||||
if ((l & 0xff000000) != 0x03000000) return(0);
|
|
||||||
p[0]=((unsigned char)(l>> 8L))&0xFF;
|
|
||||||
p[1]=((unsigned char)(l ))&0xFF;
|
|
||||||
}
|
|
||||||
return(2);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
struct ssl_cipher_preference_list_st* ssl_get_cipher_preferences(SSL *s)
|
struct ssl_cipher_preference_list_st* ssl_get_cipher_preferences(SSL *s)
|
||||||
|
@ -1118,9 +1118,7 @@ int ssl3_get_client_hello(SSL *s)
|
|||||||
goto f_err;
|
goto f_err;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* TODO(davidben): Port cipher-list handling to CBS. */
|
if (ssl_bytes_to_cipher_list(s, &cipher_suites, &ciphers) == NULL)
|
||||||
if (ssl_bytes_to_cipher_list(s, CBS_data(&cipher_suites),
|
|
||||||
CBS_len(&cipher_suites), &ciphers) == NULL)
|
|
||||||
{
|
{
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
@ -1343,7 +1341,7 @@ int ssl3_send_server_hello(SSL *s)
|
|||||||
{
|
{
|
||||||
unsigned char *buf;
|
unsigned char *buf;
|
||||||
unsigned char *p,*d;
|
unsigned char *p,*d;
|
||||||
int i,sl;
|
int sl;
|
||||||
unsigned long l;
|
unsigned long l;
|
||||||
|
|
||||||
if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
|
if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
|
||||||
@ -1417,8 +1415,7 @@ int ssl3_send_server_hello(SSL *s)
|
|||||||
p+=sl;
|
p+=sl;
|
||||||
|
|
||||||
/* put the cipher */
|
/* put the cipher */
|
||||||
i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
|
s2n(ssl3_get_cipher_value(s->s3->tmp.new_cipher), p);
|
||||||
p+=i;
|
|
||||||
|
|
||||||
/* put the compression method */
|
/* put the compression method */
|
||||||
*(p++)=0;
|
*(p++)=0;
|
||||||
|
@ -1854,20 +1854,6 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr)
|
|
||||||
{
|
|
||||||
const SSL_CIPHER *c;
|
|
||||||
c = ssl->method->get_cipher_by_char(ptr);
|
|
||||||
if (c == NULL || c->valid == 0)
|
|
||||||
return NULL;
|
|
||||||
return c;
|
|
||||||
}
|
|
||||||
|
|
||||||
const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr)
|
|
||||||
{
|
|
||||||
return ssl->method->get_cipher_by_char(ptr);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* ssl_cipher_has_server_public_key returns 1 if |cipher| involves a
|
/* ssl_cipher_has_server_public_key returns 1 if |cipher| involves a
|
||||||
* server public key in the key exchange, sent in a server Certificate
|
* server public key in the key exchange, sent in a server Certificate
|
||||||
* message. Otherwise it returns 0. */
|
* message. Otherwise it returns 0. */
|
||||||
|
@ -141,6 +141,7 @@
|
|||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
|
|
||||||
|
#include <openssl/bytestring.h>
|
||||||
#include <openssl/dh.h>
|
#include <openssl/dh.h>
|
||||||
#include <openssl/engine.h>
|
#include <openssl/engine.h>
|
||||||
#include <openssl/lhash.h>
|
#include <openssl/lhash.h>
|
||||||
@ -1198,7 +1199,11 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
|
|||||||
return (int)s->cert->ciphers_rawlen;
|
return (int)s->cert->ciphers_rawlen;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
return ssl_put_cipher_by_char(s,NULL,NULL);
|
{
|
||||||
|
/* Passing a NULL |parg| returns the size of a single
|
||||||
|
* cipher suite value. */
|
||||||
|
return 2;
|
||||||
|
}
|
||||||
default:
|
default:
|
||||||
return(s->method->ssl_ctrl(s,cmd,larg,parg));
|
return(s->method->ssl_ctrl(s,cmd,larg,parg));
|
||||||
}
|
}
|
||||||
@ -1504,10 +1509,9 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
|
|||||||
return(buf);
|
return(buf);
|
||||||
}
|
}
|
||||||
|
|
||||||
int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
|
int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
|
||||||
int (*put_cb)(const SSL_CIPHER *, unsigned char *))
|
|
||||||
{
|
{
|
||||||
int i,j=0;
|
int i;
|
||||||
SSL_CIPHER *c;
|
SSL_CIPHER *c;
|
||||||
CERT *ct = s->cert;
|
CERT *ct = s->cert;
|
||||||
unsigned char *q;
|
unsigned char *q;
|
||||||
@ -1518,9 +1522,6 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
|
|||||||
if (sk == NULL) return(0);
|
if (sk == NULL) return(0);
|
||||||
q=p;
|
q=p;
|
||||||
|
|
||||||
if (put_cb == NULL)
|
|
||||||
put_cb = s->method->put_cipher_by_char;
|
|
||||||
|
|
||||||
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
|
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
|
||||||
{
|
{
|
||||||
c=sk_SSL_CIPHER_value(sk,i);
|
c=sk_SSL_CIPHER_value(sk,i);
|
||||||
@ -1538,8 +1539,7 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
|
|||||||
no_scsv = 1;
|
no_scsv = 1;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
j = put_cb(c, p);
|
s2n(ssl3_get_cipher_value(c), p);
|
||||||
p += j;
|
|
||||||
}
|
}
|
||||||
/* If p == q, no ciphers and caller indicates an error. Otherwise
|
/* If p == q, no ciphers and caller indicates an error. Otherwise
|
||||||
* add SCSV if not renegotiating.
|
* add SCSV if not renegotiating.
|
||||||
@ -1552,8 +1552,7 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
|
|||||||
{
|
{
|
||||||
0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
|
0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
|
||||||
};
|
};
|
||||||
j = put_cb(&scsv, p);
|
s2n(ssl3_get_cipher_value(&scsv), p);
|
||||||
p += j;
|
|
||||||
#ifdef OPENSSL_RI_DEBUG
|
#ifdef OPENSSL_RI_DEBUG
|
||||||
fprintf(stderr, "SCSV sent by client\n");
|
fprintf(stderr, "SCSV sent by client\n");
|
||||||
#endif
|
#endif
|
||||||
@ -1564,25 +1563,24 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
|
|||||||
{
|
{
|
||||||
0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
|
0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
|
||||||
};
|
};
|
||||||
j = put_cb(&fallback_scsv, p);
|
s2n(ssl3_get_cipher_value(&fallback_scsv), p);
|
||||||
p += j;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return(p-q);
|
return(p-q);
|
||||||
}
|
}
|
||||||
|
|
||||||
STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const uint8_t *p,int num,
|
STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const CBS *cbs,
|
||||||
STACK_OF(SSL_CIPHER) **skp)
|
STACK_OF(SSL_CIPHER) **skp)
|
||||||
{
|
{
|
||||||
|
CBS cipher_suites = *cbs;
|
||||||
const SSL_CIPHER *c;
|
const SSL_CIPHER *c;
|
||||||
STACK_OF(SSL_CIPHER) *sk;
|
STACK_OF(SSL_CIPHER) *sk;
|
||||||
int i,n;
|
|
||||||
if (s->s3)
|
if (s->s3)
|
||||||
s->s3->send_connection_binding = 0;
|
s->s3->send_connection_binding = 0;
|
||||||
|
|
||||||
n=ssl_put_cipher_by_char(s,NULL,NULL);
|
if (CBS_len(&cipher_suites) % 2 != 0)
|
||||||
if ((num%n) != 0)
|
|
||||||
{
|
{
|
||||||
OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
|
OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
|
||||||
return(NULL);
|
return(NULL);
|
||||||
@ -1595,22 +1593,25 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const uint8_t *p,int num,
|
|||||||
sk_SSL_CIPHER_zero(sk);
|
sk_SSL_CIPHER_zero(sk);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (s->cert->ciphers_raw)
|
if (!CBS_stow(&cipher_suites,
|
||||||
OPENSSL_free(s->cert->ciphers_raw);
|
&s->cert->ciphers_raw, &s->cert->ciphers_rawlen))
|
||||||
s->cert->ciphers_raw = BUF_memdup(p, num);
|
|
||||||
if (s->cert->ciphers_raw == NULL)
|
|
||||||
{
|
{
|
||||||
OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, ERR_R_MALLOC_FAILURE);
|
OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, ERR_R_MALLOC_FAILURE);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
s->cert->ciphers_rawlen = (size_t)num;
|
|
||||||
|
|
||||||
for (i=0; i<num; i+=n)
|
while (CBS_len(&cipher_suites) > 0)
|
||||||
{
|
{
|
||||||
|
uint16_t cipher_suite;
|
||||||
|
|
||||||
|
if (!CBS_get_u16(&cipher_suites, &cipher_suite))
|
||||||
|
{
|
||||||
|
OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, ERR_R_INTERNAL_ERROR);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
|
||||||
/* Check for SCSV */
|
/* Check for SCSV */
|
||||||
if (s->s3 && (n != 3 || !p[0]) &&
|
if (s->s3 && cipher_suite == (SSL3_CK_SCSV & 0xffff))
|
||||||
(p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
|
|
||||||
(p[n-1] == (SSL3_CK_SCSV & 0xff)))
|
|
||||||
{
|
{
|
||||||
/* SCSV fatal if renegotiating */
|
/* SCSV fatal if renegotiating */
|
||||||
if (s->renegotiate)
|
if (s->renegotiate)
|
||||||
@ -1620,7 +1621,6 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const uint8_t *p,int num,
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
s->s3->send_connection_binding = 1;
|
s->s3->send_connection_binding = 1;
|
||||||
p += n;
|
|
||||||
#ifdef OPENSSL_RI_DEBUG
|
#ifdef OPENSSL_RI_DEBUG
|
||||||
fprintf(stderr, "SCSV received by server\n");
|
fprintf(stderr, "SCSV received by server\n");
|
||||||
#endif
|
#endif
|
||||||
@ -1628,9 +1628,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const uint8_t *p,int num,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Check for FALLBACK_SCSV */
|
/* Check for FALLBACK_SCSV */
|
||||||
if (s->s3 && n == 2 &&
|
if (s->s3 && cipher_suite == (SSL3_CK_FALLBACK_SCSV & 0xffff) &&
|
||||||
(p[0] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) &&
|
|
||||||
(p[1] == (SSL3_CK_FALLBACK_SCSV & 0xff)) &&
|
|
||||||
s->version < ssl_get_max_version(s))
|
s->version < ssl_get_max_version(s))
|
||||||
{
|
{
|
||||||
OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, SSL_R_INAPPROPRIATE_FALLBACK);
|
OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, SSL_R_INAPPROPRIATE_FALLBACK);
|
||||||
@ -1638,8 +1636,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const uint8_t *p,int num,
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
c=ssl_get_cipher_by_char(s,p);
|
c = ssl3_get_cipher_by_value(cipher_suite);
|
||||||
p+=n;
|
|
||||||
if (c != NULL)
|
if (c != NULL)
|
||||||
{
|
{
|
||||||
if (!sk_SSL_CIPHER_push(sk,c))
|
if (!sk_SSL_CIPHER_push(sk,c))
|
||||||
|
@ -668,8 +668,6 @@ struct tls_sigalgs_st
|
|||||||
/*#define IDEA_DEBUG */
|
/*#define IDEA_DEBUG */
|
||||||
|
|
||||||
#define FP_ICC (int (*)(const void *,const void *))
|
#define FP_ICC (int (*)(const void *,const void *))
|
||||||
#define ssl_put_cipher_by_char(ssl,ciph,ptr) \
|
|
||||||
((ssl)->method->put_cipher_by_char((ciph),(ptr)))
|
|
||||||
|
|
||||||
/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
|
/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
|
||||||
* It is a bit of a mess of functions, but hell, think of it as
|
* It is a bit of a mess of functions, but hell, think of it as
|
||||||
@ -790,8 +788,6 @@ const SSL_METHOD *func_name(void) \
|
|||||||
ssl3_dispatch_alert, \
|
ssl3_dispatch_alert, \
|
||||||
ssl3_ctrl, \
|
ssl3_ctrl, \
|
||||||
ssl3_ctx_ctrl, \
|
ssl3_ctx_ctrl, \
|
||||||
ssl3_get_cipher_by_char, \
|
|
||||||
ssl3_put_cipher_by_char, \
|
|
||||||
ssl3_pending, \
|
ssl3_pending, \
|
||||||
ssl3_num_ciphers, \
|
ssl3_num_ciphers, \
|
||||||
ssl3_get_cipher, \
|
ssl3_get_cipher, \
|
||||||
@ -827,8 +823,6 @@ const SSL_METHOD *func_name(void) \
|
|||||||
ssl3_dispatch_alert, \
|
ssl3_dispatch_alert, \
|
||||||
ssl3_ctrl, \
|
ssl3_ctrl, \
|
||||||
ssl3_ctx_ctrl, \
|
ssl3_ctx_ctrl, \
|
||||||
ssl3_get_cipher_by_char, \
|
|
||||||
ssl3_put_cipher_by_char, \
|
|
||||||
ssl3_pending, \
|
ssl3_pending, \
|
||||||
ssl3_num_ciphers, \
|
ssl3_num_ciphers, \
|
||||||
ssl3_get_cipher, \
|
ssl3_get_cipher, \
|
||||||
@ -864,8 +858,6 @@ const SSL_METHOD *func_name(void) \
|
|||||||
ssl3_dispatch_alert, \
|
ssl3_dispatch_alert, \
|
||||||
ssl3_ctrl, \
|
ssl3_ctrl, \
|
||||||
ssl3_ctx_ctrl, \
|
ssl3_ctx_ctrl, \
|
||||||
ssl23_get_cipher_by_char, \
|
|
||||||
ssl23_put_cipher_by_char, \
|
|
||||||
ssl_undefined_const_function, \
|
ssl_undefined_const_function, \
|
||||||
ssl23_num_ciphers, \
|
ssl23_num_ciphers, \
|
||||||
ssl23_get_cipher, \
|
ssl23_get_cipher, \
|
||||||
@ -901,8 +893,6 @@ const SSL_METHOD *func_name(void) \
|
|||||||
NULL, /* NULL - dispatch_alert */ \
|
NULL, /* NULL - dispatch_alert */ \
|
||||||
ssl2_ctrl, /* local */ \
|
ssl2_ctrl, /* local */ \
|
||||||
ssl2_ctx_ctrl, /* local */ \
|
ssl2_ctx_ctrl, /* local */ \
|
||||||
ssl2_get_cipher_by_char, \
|
|
||||||
ssl2_put_cipher_by_char, \
|
|
||||||
ssl2_pending, \
|
ssl2_pending, \
|
||||||
ssl2_num_ciphers, \
|
ssl2_num_ciphers, \
|
||||||
ssl2_get_cipher, \
|
ssl2_get_cipher, \
|
||||||
@ -939,8 +929,6 @@ const SSL_METHOD *func_name(void) \
|
|||||||
dtls1_dispatch_alert, \
|
dtls1_dispatch_alert, \
|
||||||
dtls1_ctrl, \
|
dtls1_ctrl, \
|
||||||
ssl3_ctx_ctrl, \
|
ssl3_ctx_ctrl, \
|
||||||
ssl3_get_cipher_by_char, \
|
|
||||||
ssl3_put_cipher_by_char, \
|
|
||||||
ssl3_pending, \
|
ssl3_pending, \
|
||||||
ssl3_num_ciphers, \
|
ssl3_num_ciphers, \
|
||||||
dtls1_get_cipher, \
|
dtls1_get_cipher, \
|
||||||
@ -969,10 +957,9 @@ int ssl_get_new_session(SSL *s, int session);
|
|||||||
int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx);
|
int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx);
|
||||||
int ssl_cipher_id_cmp(const void *in_a, const void *in_b);
|
int ssl_cipher_id_cmp(const void *in_a, const void *in_b);
|
||||||
int ssl_cipher_ptr_id_cmp(const SSL_CIPHER **ap, const SSL_CIPHER **bp);
|
int ssl_cipher_ptr_id_cmp(const SSL_CIPHER **ap, const SSL_CIPHER **bp);
|
||||||
STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const uint8_t *p,int num,
|
STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const CBS *cbs,
|
||||||
STACK_OF(SSL_CIPHER) **skp);
|
STACK_OF(SSL_CIPHER) **skp);
|
||||||
int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
|
int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p);
|
||||||
int (*put_cb)(const SSL_CIPHER *, unsigned char *));
|
|
||||||
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
|
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
|
||||||
struct ssl_cipher_preference_list_st **pref,
|
struct ssl_cipher_preference_list_st **pref,
|
||||||
STACK_OF(SSL_CIPHER) **sorted,
|
STACK_OF(SSL_CIPHER) **sorted,
|
||||||
@ -992,7 +979,6 @@ int ssl_cipher_get_mac(const SSL_SESSION *s, const EVP_MD **md, int *mac_pkey_ty
|
|||||||
int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);
|
int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);
|
||||||
int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);
|
int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);
|
||||||
int ssl_cipher_get_cert_index(const SSL_CIPHER *c);
|
int ssl_cipher_get_cert_index(const SSL_CIPHER *c);
|
||||||
const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr);
|
|
||||||
int ssl_cipher_has_server_public_key(const SSL_CIPHER *cipher);
|
int ssl_cipher_has_server_public_key(const SSL_CIPHER *cipher);
|
||||||
int ssl_cipher_requires_server_key_exchange(const SSL_CIPHER *cipher);
|
int ssl_cipher_requires_server_key_exchange(const SSL_CIPHER *cipher);
|
||||||
|
|
||||||
@ -1048,8 +1034,8 @@ long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
|
|||||||
int ssl2_pending(const SSL *s);
|
int ssl2_pending(const SSL *s);
|
||||||
long ssl2_default_timeout(void );
|
long ssl2_default_timeout(void );
|
||||||
|
|
||||||
const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
|
const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value);
|
||||||
int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
|
uint16_t ssl3_get_cipher_value(const SSL_CIPHER *c);
|
||||||
void ssl3_init_finished_mac(SSL *s);
|
void ssl3_init_finished_mac(SSL *s);
|
||||||
int ssl3_send_server_certificate(SSL *s);
|
int ssl3_send_server_certificate(SSL *s);
|
||||||
int ssl3_send_newsession_ticket(SSL *s);
|
int ssl3_send_newsession_ticket(SSL *s);
|
||||||
@ -1115,8 +1101,6 @@ const SSL_CIPHER *ssl23_get_cipher(unsigned int u);
|
|||||||
int ssl23_read(SSL *s, void *buf, int len);
|
int ssl23_read(SSL *s, void *buf, int len);
|
||||||
int ssl23_peek(SSL *s, void *buf, int len);
|
int ssl23_peek(SSL *s, void *buf, int len);
|
||||||
int ssl23_write(SSL *s, const void *buf, int len);
|
int ssl23_write(SSL *s, const void *buf, int len);
|
||||||
int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
|
|
||||||
const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
|
|
||||||
long ssl23_default_timeout(void );
|
long ssl23_default_timeout(void );
|
||||||
|
|
||||||
long tls1_default_timeout(void);
|
long tls1_default_timeout(void);
|
||||||
|
@ -560,16 +560,9 @@ int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx)
|
|||||||
|
|
||||||
if (ret->cipher == NULL)
|
if (ret->cipher == NULL)
|
||||||
{
|
{
|
||||||
unsigned char buf[5],*p;
|
/* The cipher id has a leading 0x03 to be removed (and then put
|
||||||
unsigned long l;
|
* back for the binary search) as a remnant of SSLv2 support. */
|
||||||
|
ret->cipher = ssl3_get_cipher_by_value(ret->cipher_id & 0xffff);
|
||||||
p=buf;
|
|
||||||
l=ret->cipher_id;
|
|
||||||
l2n(l,p);
|
|
||||||
if ((ret->ssl_version>>8) >= SSL3_VERSION_MAJOR)
|
|
||||||
ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
|
|
||||||
else
|
|
||||||
ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
|
|
||||||
if (ret->cipher == NULL)
|
if (ret->cipher == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user