commit 180d1eb04c8f9205187d22c9f5187985cedf1177
author David Benjamin <davidben@chromium.org> Wed Oct 01 01:21:51 2014 -0400
committer Adam Langley <agl@google.com> Wed Oct 01 18:59:14 2014 +0000
tree 0abfd7b96a1519418892aa734a6bce37cd95b61f
parent 176b70efd1be70afa62369ecd6ee1f356acdec9a

Remove SSL_get_shared_ciphers.

This removes the need to track the client cipher list in the SSL_SESSION. It
also eliminates a field in SSL_SESSION that wasn't serialized by
i2d_SSL_SESSION. It's only used to implement SSL_get_shared_ciphers which is
only used by debug code.

Moreover, it doesn't work anyway. The SSLv2 logic pruned that field to the
common ciphers, but the SSLv3+ logic just stores the client list as-is. I found
no internal callers that were actually compiled (if need be we can stub in
something that always returns the empty string or so).

Change-Id: I55ad45964fb4037fd623f7591bc574b2983c0698
Reviewed-on: https://boringssl-review.googlesource.com/1866
Reviewed-by: Adam Langley <agl@google.com>

ssl/s3_srvr.c

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 4b814f3..149d9e7 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1074,13 +1074,10 @@
 			ciphers, &pref_cipher, s->tls_session_secret_cb_arg))
 			{
 			s->hit=1;
-			s->session->ciphers=ciphers;
 			s->session->verify_result=X509_V_OK;
 
-			ciphers=NULL;
-
 			/* check if some cipher was preferred by call back */
-			pref_cipher=pref_cipher ? pref_cipher : ssl3_choose_cipher(s, s->session->ciphers, ssl_get_cipher_preferences(s));
+			pref_cipher=pref_cipher ? pref_cipher : ssl3_choose_cipher(s, ciphers, ssl_get_cipher_preferences(s));
 			if (pref_cipher == NULL)
 				{
 				al=SSL_AD_HANDSHAKE_FAILURE;
@@ -1096,26 +1093,21 @@
 			if (s->cipher_list_by_id)
 				sk_SSL_CIPHER_free(s->cipher_list_by_id);
 
-			s->cipher_list = ssl_cipher_preference_list_from_ciphers(s->session->ciphers);
-			s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
+			s->cipher_list = ssl_cipher_preference_list_from_ciphers(ciphers);
+			s->cipher_list_by_id = sk_SSL_CIPHER_dup(ciphers);
 			}
 		}
 
-	/* Given s->session->ciphers and SSL_get_ciphers, we must
-	 * pick a cipher */
+	/* Given ciphers and SSL_get_ciphers, we must pick a cipher */
 
 	if (!s->hit)
 		{
-		if (s->session->ciphers != NULL)
-			sk_SSL_CIPHER_free(s->session->ciphers);
-		s->session->ciphers=ciphers;
 		if (ciphers == NULL)
 			{
 			al=SSL_AD_ILLEGAL_PARAMETER;
 			OPENSSL_PUT_ERROR(SSL, ssl3_get_client_hello, SSL_R_NO_CIPHERS_PASSED);
 			goto f_err;
 			}
-		ciphers=NULL;
 		/* Let cert callback update server certificates if required */
 		if (s->cert->cert_cb)
 			{
@@ -1129,12 +1121,11 @@
 			if (rv < 0)
 				{
 				s->rwstate=SSL_X509_LOOKUP;
-				return -1;
+				goto err;
 				}
 			s->rwstate = SSL_NOTHING;
 			}
-		c=ssl3_choose_cipher(s,s->session->ciphers,
-				     ssl_get_cipher_preferences(s));
+		c=ssl3_choose_cipher(s, ciphers, ssl_get_cipher_preferences(s));
 
 		if (c == NULL)
 			{
@@ -1203,15 +1194,6 @@
 		    s->session->original_handshake_hash_len == 0)
 			s->s3->tlsext_channel_id_valid = 0;
 
-		if (s->mode & SSL_MODE_RELEASE_BUFFERS)
-			{
-			/* Free s->session->ciphers in order to release memory. This
-			 * breaks SSL_get_shared_ciphers(), but many servers will
-			 * prefer the memory savings. */
-			sk_SSL_CIPHER_free(s->session->ciphers);
-			s->session->ciphers = NULL;
-			}
-
 		buf=(unsigned char *)s->init_buf->data;
 		/* Do the message type and length last */
 		d=p= ssl_handshake_start(s);