Remove ssl_put_cipher_by_char

Since SSLv3, a CipherSuite is always 2 bytes. The only place where we
need 3-byte ciphers is SSLv2-compatible ClientHello processing.

So, remove the ssl_put_cipher_by_char indirection.

Reviewed-by: Rich Salz <rsalz@openssl.org>

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 7cfff635f0cef9d9f23917ae3a5587dec6945bb2..036a531d7c996f9d43ae92b7fd8b19b8f54be7d4 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -167,9 +167,7 @@ static int ssl_set_version(SSL *s);
 static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b);
 static int ssl3_check_change(SSL *s);
 static int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
-                                    unsigned char *p,
-                                    int (*put_cb) (const SSL_CIPHER *,
-                                                 unsigned char *));
+                                    unsigned char *p);
 
 
 int ssl3_connect(SSL *s)
@@ -862,7 +860,7 @@ int ssl3_client_hello(SSL *s)
         }
 
         /* Ciphers supported */
-        i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
+        i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]));
         if (i == 0) {
             SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
             goto err;
@@ -933,7 +931,7 @@ int ssl3_get_server_hello(SSL *s)
     PACKET pkt;
     unsigned char *session_id, *cipherchars;
     int i, al = SSL_AD_INTERNAL_ERROR, ok;
-    unsigned int j, ciphercharlen;
+    unsigned int j;
     long n;
 #ifndef OPENSSL_NO_COMP
     SSL_COMP *comp;
@@ -1086,7 +1084,6 @@ int ssl3_get_server_hello(SSL *s)
         goto f_err;
     }
 
-    ciphercharlen = ssl_put_cipher_by_char(s, NULL, NULL);
     /*
      * Check if we can resume the session based on external pre-shared secret.
      * EAP-FAST (RFC 4851) supports two types of session resumption.
@@ -1104,7 +1101,7 @@ int ssl3_get_server_hello(SSL *s)
         SSL_CIPHER *pref_cipher = NULL;
         PACKET bookmark = pkt;
         if (!PACKET_forward(&pkt, j)
-            || !PACKET_get_bytes(&pkt, &cipherchars, ciphercharlen)) {
+            || !PACKET_get_bytes(&pkt, &cipherchars, TLS_CIPHER_LEN)) {
             SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
             al = SSL_AD_DECODE_ERROR;
             goto f_err;
@@ -1159,7 +1156,7 @@ int ssl3_get_server_hello(SSL *s)
         memcpy(s->session->session_id, session_id, j); /* j could be 0 */
     }
 
-    if (!PACKET_get_bytes(&pkt, &cipherchars, ciphercharlen)) {
+    if (!PACKET_get_bytes(&pkt, &cipherchars, TLS_CIPHER_LEN)) {
         SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_LENGTH_MISMATCH);
         al = SSL_AD_DECODE_ERROR;
         goto f_err;
@@ -3499,9 +3496,7 @@ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
 }
 
 int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
-                             unsigned char *p,
-                             int (*put_cb) (const SSL_CIPHER *,
-                                            unsigned char *))
+                             unsigned char *p)
 {
     int i, j = 0;
     SSL_CIPHER *c;
@@ -3513,8 +3508,6 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
     if (sk == NULL)
         return (0);
     q = p;
-    if (put_cb == NULL)
-        put_cb = s->method->put_cipher_by_char;
 
     for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
         c = sk_SSL_CIPHER_value(sk, i);
@@ -3529,7 +3522,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
                 empty_reneg_info_scsv = 0;
         }
 #endif
-        j = put_cb(c, p);
+        j = s->method->put_cipher_by_char(c, p);
         p += j;
     }
     /*
@@ -3541,7 +3534,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
             static SSL_CIPHER scsv = {
                 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
             };
-            j = put_cb(&scsv, p);
+            j = s->method->put_cipher_by_char(&scsv, p);
             p += j;
 #ifdef OPENSSL_RI_DEBUG
             fprintf(stderr,
@@ -3552,7 +3545,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
             static SSL_CIPHER scsv = {
                 0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
             };
-            j = put_cb(&scsv, p);
+            j = s->method->put_cipher_by_char(&scsv, p);
             p += j;
         }
     }

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index aea72794ef74d514ae1d17393b60721c1709f08a..f771bd9eee4acc8985dbaa8e949cc289ef67e3bd 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -3520,7 +3520,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
     if(sslv2format) {
         n = SSLV2_CIPHER_LEN;
     } else {
-        n = ssl_put_cipher_by_char(s, NULL, NULL);
+        n = TLS_CIPHER_LEN;
     }
     if (n == 0 || (num % n) != 0) {
         SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index e794d820585bb11b7d1f3bd065d41b9192ed0a38..6d1e4e8064ebc94a074060fd3f6fe931428e95cb 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1078,8 +1078,9 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
                 return 0;
             *(unsigned char **)parg = s->s3->tmp.ciphers_raw;
             return (int)s->s3->tmp.ciphers_rawlen;
-        } else
-            return ssl_put_cipher_by_char(s, NULL, NULL);
+        } else {
+            return TLS_CIPHER_LEN;
+        }
     case SSL_CTRL_GET_EXTMS_SUPPORT:
         if (!s->session || SSL_in_init(s) || s->in_handshake)
                return -1;

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 083ced392737abeb916b32db7a4d03777f4512b9..32e6338adc099daed6070b7d09a2ee8a3c70304f 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -528,6 +528,9 @@
 #define CERT_PRIVATE_KEY        2
 */
 
+
+/* CipherSuite length. SSLv3 and all TLS versions. */
+#define TLS_CIPHER_LEN 2
 /* used to hold info on the particular ciphers used */
 struct ssl_cipher_st {
     int valid;
@@ -1641,8 +1644,6 @@ struct tls_sigalgs_st {
  */
 
 # define FP_ICC  (int (*)(const void *,const void *))
-# define ssl_put_cipher_by_char(ssl,ciph,ptr) \
-                ((ssl)->method->put_cipher_by_char((ciph),(ptr)))
 
 /*
  * This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit