diff options
| author |   jsing <jsing@openbsd.org> | 2017-10-11 17:35:00 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2017-10-11 17:35:00 +0000 |
| commit | f63b027d1ba2131ffa63033a25a12824888ab509 (patch) | |
| tree | f72c6069a0a2398804d03ffc280331b1612d6d0e /lib/libssl/ssl_lib.c | |
| parent | input files should not be .o; from Scott Cheloha (diff) | |
| download | wireguard-openbsd-f63b027d1ba2131ffa63033a25a12824888ab509.tar.xz wireguard-openbsd-f63b027d1ba2131ffa63033a25a12824888ab509.zip | |
Convert ssl3_client_hello() to CBB.
As part of this, change ssl_cipher_list_to_bytes() to take a CBB argument,
rather than a pointer/length. Some additional clean up/renames while here.
Based on a diff from doug@
Diffstat (limited to 'lib/libssl/ssl_lib.c')
| -rw-r--r-- | lib/libssl/ssl_lib.c | 43 |
1 files changed, 16 insertions, 27 deletions
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index b91ba7f0f39..c7ae2a9631a 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.171 2017/10/10 16:51:38 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.172 2017/10/11 17:35:00 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1380,51 +1380,40 @@ SSL_get_shared_ciphers(const SSL *s, char *buf, int len) } int -ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p, - size_t maxlen, size_t *outlen) +ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb) { SSL_CIPHER *cipher; - int ciphers = 0; - CBB cbb; + int num_ciphers = 0; int i; - *outlen = 0; - - if (sk == NULL) - return (0); - - if (!CBB_init_fixed(&cbb, p, maxlen)) - goto err; + if (ciphers == NULL) + return 0; - for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { - cipher = sk_SSL_CIPHER_value(sk, i); + for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { + if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL) + return 0; /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ if ((cipher->algorithm_ssl & SSL_TLSV1_2) && (TLS1_get_client_version(s) < TLS1_2_VERSION)) continue; - if (!CBB_add_u16(&cbb, ssl3_cipher_get_value(cipher))) - goto err; + if (!CBB_add_u16(cbb, ssl3_cipher_get_value(cipher))) + return 0; - ciphers++; + num_ciphers++; } /* Add SCSV if there are other ciphers and we're not renegotiating. */ - if (ciphers > 0 && !s->internal->renegotiate) { - if (!CBB_add_u16(&cbb, SSL3_CK_SCSV & SSL3_CK_VALUE_MASK)) - goto err; + if (num_ciphers > 0 && !s->internal->renegotiate) { + if (!CBB_add_u16(cbb, SSL3_CK_SCSV & SSL3_CK_VALUE_MASK)) + return 0; } - if (!CBB_finish(&cbb, NULL, outlen)) - goto err; + if (!CBB_flush(cbb)) + return 0; return 1; - - err: - CBB_cleanup(&cbb); - - return 0; } STACK_OF(SSL_CIPHER) * |