Google Git
Sign in
boringssl/boringssl.git/af3b3d397e234e8d0f994dc6adb11ff7f70c7bd8^!/.
commit
af3b3d397e234e8d0f994dc6adb11ff7f70c7bd8
[log]
author
David Benjamin <davidben@google.com>
Mon Oct 31 16:29:57 2016 -0400
committer
CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Tue Nov 01 14:48:17 2016 +0000
tree
7ca5a99a20bc6b319135de8db99f52ab73116d0f
parent
74df74b98f6cacbe2b751571e8a5d2dd30e16a12 [diff]
Only resolve which cipher list to use once.

Get some of the duplicate logic out of the way.

Change-Id: Iee7c64577e14d1ddfead7e1e32c42c5c9f2a310d
Reviewed-on: https://boringssl-review.googlesource.com/11981
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/ssl/internal.h b/ssl/internal.h
index fe1ea5a..b6f0203 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h

@@ -1652,7 +1652,8 @@
 
 void ssl_cipher_preference_list_free(
     struct ssl_cipher_preference_list_st *cipher_list);
-struct ssl_cipher_preference_list_st *ssl_get_cipher_preferences(SSL *ssl);
+const struct ssl_cipher_preference_list_st *ssl_get_cipher_preferences(
+    const SSL *ssl);
 
 int ssl_cert_set0_chain(CERT *cert, STACK_OF(X509) *chain);
 int ssl_cert_set1_chain(CERT *cert, STACK_OF(X509) *chain);

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index ad7a544..2a7c91a 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c

@@ -220,7 +220,8 @@
   ssl->s3 = NULL;
 }
 
-struct ssl_cipher_preference_list_st *ssl_get_cipher_preferences(SSL *ssl) {
+const struct ssl_cipher_preference_list_st *ssl_get_cipher_preferences(
+    const SSL *ssl) {
   if (ssl->cipher_list != NULL) {
     return ssl->cipher_list;
   }

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 491c408..b8d4549 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c

@@ -1564,23 +1564,13 @@
     return NULL;
   }
 
-  if (ssl->cipher_list != NULL) {
-    return ssl->cipher_list->ciphers;
+  const struct ssl_cipher_preference_list_st *prefs =
+      ssl_get_cipher_preferences(ssl);
+  if (prefs == NULL) {
+    return NULL;
   }
 
-  if (ssl->version >= TLS1_1_VERSION && ssl->ctx->cipher_list_tls11 != NULL) {
-    return ssl->ctx->cipher_list_tls11->ciphers;
-  }
-
-  if (ssl->version >= TLS1_VERSION && ssl->ctx->cipher_list_tls10 != NULL) {
-    return ssl->ctx->cipher_list_tls10->ciphers;
-  }
-
-  if (ssl->ctx->cipher_list != NULL) {
-    return ssl->ctx->cipher_list->ciphers;
-  }
-
-  return NULL;
+  return prefs->ciphers;
 }
 
 /* return a STACK of the ciphers available for the SSL and in order of