commit 6ad20dc91231d5855cdd44c49008b6718d55e5a7
author Matthew Braithwaite <mab@google.com> Tue Feb 21 16:41:33 2017 -0800
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Thu Mar 09 17:31:45 2017 +0000
tree 1dc8b6e47277f65c8e9edd77c44cf4e905b96dad
parent 130d529b7174952cbc5ed64e3420dd12ebb97d12

Move error-on-empty-cipherlist into ssl_create_cipher_list().

It's more consistent to have the helper function do the check that
its every caller already performs.  This removes the error code
SSL_R_LIBRARY_HAS_NO_CIPHERS in favor of SSL_R_NO_CIPHER_MATCH.

Change-Id: I522239770dcb881d33d54616af386142ae41b29f
Reviewed-on: https://boringssl-review.googlesource.com/13964
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/ssl_cipher.c

diff --git a/ssl/ssl_cipher.c b/ssl/ssl_cipher.c
index 4a7459f..dc9cc2a 100644
--- a/ssl/ssl_cipher.c
+++ b/ssl/ssl_cipher.c
@@ -1254,10 +1254,10 @@
   return 1;
 }
 
-STACK_OF(SSL_CIPHER) *
-ssl_create_cipher_list(const SSL_PROTOCOL_METHOD *ssl_method,
-                       struct ssl_cipher_preference_list_st **out_cipher_list,
-                       const char *rule_str, int strict) {
+int ssl_create_cipher_list(
+    const SSL_PROTOCOL_METHOD *ssl_method,
+    struct ssl_cipher_preference_list_st **out_cipher_list,
+    const char *rule_str, int strict) {
   STACK_OF(SSL_CIPHER) *cipherstack = NULL;
   CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
   uint8_t *in_group_flags = NULL;
@@ -1266,7 +1266,7 @@
 
   /* Return with error if nothing to do. */
   if (rule_str == NULL || out_cipher_list == NULL) {
-    return NULL;
+    return 0;
   }
 
   /* Now we have to collect the available ciphers from the compiled in ciphers.
@@ -1275,7 +1275,7 @@
   co_list = OPENSSL_malloc(sizeof(CIPHER_ORDER) * kCiphersLen);
   if (co_list == NULL) {
     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
-    return NULL;
+    return 0;
   }
 
   ssl_cipher_collect_ciphers(ssl_method, co_list, &head, &tail);
@@ -1377,6 +1377,11 @@
   OPENSSL_free(co_list); /* Not needed any longer */
   co_list = NULL;
 
+  if (sk_SSL_CIPHER_num(cipherstack) == 0) {
+    OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CIPHER_MATCH);
+    goto err;
+  }
+
   pref_list = OPENSSL_malloc(sizeof(struct ssl_cipher_preference_list_st));
   if (!pref_list) {
     goto err;
@@ -1395,7 +1400,7 @@
   *out_cipher_list = pref_list;
   pref_list = NULL;
 
-  return cipherstack;
+  return 1;
 
 err:
   OPENSSL_free(co_list);
@@ -1405,7 +1410,7 @@
     OPENSSL_free(pref_list->in_group_flags);
   }
   OPENSSL_free(pref_list);
-  return NULL;
+  return 0;
 }
 
 uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher) { return cipher->id; }