Google Git
Sign in
boringssl / boringssl / 5491e3fdb71b8c708e1b8d79ac9d5ba1b15b6860^! / .
commit5491e3fdb71b8c708e1b8d79ac9d5ba1b15b6860[log] [tgz]
authorDavid Benjamin <davidben@chromium.org>Mon Sep 29 19:33:09 2014 -0400
committerAdam Langley <agl@google.com>Tue Sep 30 19:17:40 2014 +0000
tree9f6b6741066c7187cb13de6647f9d5a8f6d55f16
parent6a3ecf37dac2de2b37cf417affb012e402a4934c [diff]
Clean up ssl_cipher_list_to_bytes a little.

Still need to convert serializing code to CBB, but the current one is kinda
crazy.

Change-Id: I00e12a812c815bf01c53a26ccbb7c6727ea8c8fc
Reviewed-on: https://boringssl-review.googlesource.com/1840
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 720ab54..7270dde 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c

@@ -1492,13 +1492,12 @@
 	return(buf);
 	}
 
-int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
+int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, uint8_t *p)
 	{
-	int i;
+	size_t i;
 	const SSL_CIPHER *c;
 	CERT *ct = s->cert;
-	unsigned char *q;
-	int no_scsv = s->renegotiate;
+	uint8_t *q;
 	/* Set disabled masks for this session */
 	ssl_set_client_disabled(s);
 
@@ -1513,41 +1512,22 @@
 			c->algorithm_mkey & ct->mask_k ||
 			c->algorithm_auth & ct->mask_a)
 			continue;
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
-		if (c->id == SSL3_CK_SCSV)
-			{
-			if (no_scsv)
-				continue;
-			else
-				no_scsv = 1;
-			}
-#endif
 		s2n(ssl3_get_cipher_value(c), p);
 		}
-	/* If p == q, no ciphers and caller indicates an error. Otherwise
-	 * add SCSV if not renegotiating.
-	 */
-	if (p != q)
+	/* If all ciphers were disabled, return the error to the caller. */
+	if (p == q)
 		{
-		if (!no_scsv)
-			{
-			static const SSL_CIPHER scsv =
-				{
-				0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
-				};
-			s2n(ssl3_get_cipher_value(&scsv), p);
-#ifdef OPENSSL_RI_DEBUG
-			fprintf(stderr, "SCSV sent by client\n");
-#endif
-			}
-		if (s->fallback_scsv)
-			{
-			static const SSL_CIPHER fallback_scsv =
-				{
-				0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
-				};
-			s2n(ssl3_get_cipher_value(&fallback_scsv), p);
-			}
+		return 0;
+		}
+
+	/* Add SCSVs. */
+	if (!s->renegotiate)
+		{
+		s2n(SSL3_CK_SCSV & 0xffff, p);
+		}
+	if (s->fallback_scsv)
+		{
+		s2n(SSL3_CK_FALLBACK_SCSV & 0xffff, p);
 		}
 
 	return(p-q);

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index f9f3bed..8a3a3ff 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h

@@ -804,7 +804,7 @@
 int ssl_cipher_ptr_id_cmp(const SSL_CIPHER **ap, const SSL_CIPHER **bp);
 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const CBS *cbs,
 					       STACK_OF(SSL_CIPHER) **skp);
-int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p);
+int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, uint8_t *p);
 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
 					     struct ssl_cipher_preference_list_st **pref,
 					     STACK_OF(SSL_CIPHER) **sorted,