Add some addition tests for the cipher parsing code and tidy.
The in_group check is redundant and test an extremely absurd corner of
the syntax.
Change-Id: Ia54bcd7cda7ba05415d3a250ee93e1acedcc43d6
Reviewed-on: https://boringssl-review.googlesource.com/17542
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/ssl_cipher.c b/ssl/ssl_cipher.c
index 562c1f3..5d88878 100644
--- a/ssl/ssl_cipher.c
+++ b/ssl/ssl_cipher.c
@@ -1035,7 +1035,7 @@
uint32_t alg_mkey, alg_auth, alg_enc, alg_mac;
uint16_t min_version;
const char *l, *buf;
- int multi, skip_rule, rule, ok, in_group = 0, has_group = 0;
+ int multi, skip_rule, rule, in_group = 0, has_group = 0;
size_t j, buf_len;
uint32_t cipher_id;
char ch;
@@ -1082,10 +1082,7 @@
rule = CIPHER_SPECIAL;
l++;
} else if (ch == '[') {
- if (in_group) {
- OPENSSL_PUT_ERROR(SSL, SSL_R_NESTED_GROUP);
- return 0;
- }
+ assert(!in_group);
in_group = 1;
has_group = 1;
l++;
@@ -1185,15 +1182,11 @@
/* Ok, we have the rule, now apply it. */
if (rule == CIPHER_SPECIAL) {
- /* special command */
- ok = 0;
- if (buf_len == 8 && !strncmp(buf, "STRENGTH", 8)) {
- ok = ssl_cipher_strength_sort(head_p, tail_p);
- } else {
+ if (buf_len != 8 || strncmp(buf, "STRENGTH", 8) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_COMMAND);
+ return 0;
}
-
- if (ok == 0) {
+ if (!ssl_cipher_strength_sort(head_p, tail_p)) {
return 0;
}
