Since SSLv3, a CipherSuite is always 2 bytes. The only place where we
need 3-byte ciphers is SSLv2-compatible ClientHello processing.
So, remove the ssl_put_cipher_by_char indirection.
Reviewed-by: Rich Salz <rsalz@openssl.org>
static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b);
static int ssl3_check_change(SSL *s);
static int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b);
static int ssl3_check_change(SSL *s);
static int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
- unsigned char *p,
- int (*put_cb) (const SSL_CIPHER *,
- unsigned char *));
}
/* Ciphers supported */
}
/* Ciphers supported */
- i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
+ i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]));
if (i == 0) {
SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
goto err;
if (i == 0) {
SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
goto err;
PACKET pkt;
unsigned char *session_id, *cipherchars;
int i, al = SSL_AD_INTERNAL_ERROR, ok;
PACKET pkt;
unsigned char *session_id, *cipherchars;
int i, al = SSL_AD_INTERNAL_ERROR, ok;
- unsigned int j, ciphercharlen;
long n;
#ifndef OPENSSL_NO_COMP
SSL_COMP *comp;
long n;
#ifndef OPENSSL_NO_COMP
SSL_COMP *comp;
- ciphercharlen = ssl_put_cipher_by_char(s, NULL, NULL);
/*
* Check if we can resume the session based on external pre-shared secret.
* EAP-FAST (RFC 4851) supports two types of session resumption.
/*
* Check if we can resume the session based on external pre-shared secret.
* EAP-FAST (RFC 4851) supports two types of session resumption.
SSL_CIPHER *pref_cipher = NULL;
PACKET bookmark = pkt;
if (!PACKET_forward(&pkt, j)
SSL_CIPHER *pref_cipher = NULL;
PACKET bookmark = pkt;
if (!PACKET_forward(&pkt, j)
- || !PACKET_get_bytes(&pkt, &cipherchars, ciphercharlen)) {
+ || !PACKET_get_bytes(&pkt, &cipherchars, TLS_CIPHER_LEN)) {
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
al = SSL_AD_DECODE_ERROR;
goto f_err;
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
al = SSL_AD_DECODE_ERROR;
goto f_err;
memcpy(s->session->session_id, session_id, j); /* j could be 0 */
}
memcpy(s->session->session_id, session_id, j); /* j could be 0 */
}
- if (!PACKET_get_bytes(&pkt, &cipherchars, ciphercharlen)) {
+ if (!PACKET_get_bytes(&pkt, &cipherchars, TLS_CIPHER_LEN)) {
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
al = SSL_AD_DECODE_ERROR;
goto f_err;
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
al = SSL_AD_DECODE_ERROR;
goto f_err;
}
int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
}
int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
- unsigned char *p,
- int (*put_cb) (const SSL_CIPHER *,
- unsigned char *))
{
int i, j = 0;
SSL_CIPHER *c;
{
int i, j = 0;
SSL_CIPHER *c;
if (sk == NULL)
return (0);
q = p;
if (sk == NULL)
return (0);
q = p;
- if (put_cb == NULL)
- put_cb = s->method->put_cipher_by_char;
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
c = sk_SSL_CIPHER_value(sk, i);
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
c = sk_SSL_CIPHER_value(sk, i);
empty_reneg_info_scsv = 0;
}
#endif
empty_reneg_info_scsv = 0;
}
#endif
+ j = s->method->put_cipher_by_char(c, p);
static SSL_CIPHER scsv = {
0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
static SSL_CIPHER scsv = {
0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
+ j = s->method->put_cipher_by_char(&scsv, p);
p += j;
#ifdef OPENSSL_RI_DEBUG
fprintf(stderr,
p += j;
#ifdef OPENSSL_RI_DEBUG
fprintf(stderr,
static SSL_CIPHER scsv = {
0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
static SSL_CIPHER scsv = {
0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
+ j = s->method->put_cipher_by_char(&scsv, p);
if(sslv2format) {
n = SSLV2_CIPHER_LEN;
} else {
if(sslv2format) {
n = SSLV2_CIPHER_LEN;
} else {
- n = ssl_put_cipher_by_char(s, NULL, NULL);
}
if (n == 0 || (num % n) != 0) {
SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
}
if (n == 0 || (num % n) != 0) {
SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
return 0;
*(unsigned char **)parg = s->s3->tmp.ciphers_raw;
return (int)s->s3->tmp.ciphers_rawlen;
return 0;
*(unsigned char **)parg = s->s3->tmp.ciphers_raw;
return (int)s->s3->tmp.ciphers_rawlen;
- } else
- return ssl_put_cipher_by_char(s, NULL, NULL);
+ } else {
+ return TLS_CIPHER_LEN;
+ }
case SSL_CTRL_GET_EXTMS_SUPPORT:
if (!s->session || SSL_in_init(s) || s->in_handshake)
return -1;
case SSL_CTRL_GET_EXTMS_SUPPORT:
if (!s->session || SSL_in_init(s) || s->in_handshake)
return -1;
#define CERT_PRIVATE_KEY 2
*/
#define CERT_PRIVATE_KEY 2
*/
+
+/* CipherSuite length. SSLv3 and all TLS versions. */
+#define TLS_CIPHER_LEN 2
/* used to hold info on the particular ciphers used */
struct ssl_cipher_st {
int valid;
/* used to hold info on the particular ciphers used */
struct ssl_cipher_st {
int valid;
*/
# define FP_ICC (int (*)(const void *,const void *))
*/
# define FP_ICC (int (*)(const void *,const void *))
-# define ssl_put_cipher_by_char(ssl,ciph,ptr) \
- ((ssl)->method->put_cipher_by_char((ciph),(ptr)))
/*
* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit
/*
* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit