Clean up the ssl_bytes_to_cipher_list() API - rather than having the

ability to pass or not pass a STACK_OF(SSL_CIPHER) *, which is then either
zeroed or if NULL a new one is allocated, always allocate one and return it
directly.

Inspired by simliar changes in BoringSSL.

ok beck@ doug@

diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index ce48809..5248cc8 100644 (file)
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.101 2015/03/27 12:29:54 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.102 2015/04/15 16:25:43 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -988,9 +988,9 @@ ssl3_get_client_hello(SSL *s)
        }
        if (p + i - d > n)
                goto truncated;
-       if ((i > 0) &&
-           (ssl_bytes_to_cipher_list(s, p, i, &(ciphers)) == NULL)) {
-               goto err;
+       if (i > 0) {
+               if ((ciphers = ssl_bytes_to_cipher_list(s, p, i)) == NULL)
+                       goto err;
        }
        p += i;
 

diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c
index ce48809..5248cc8 100644 (file)
--- a/lib/libssl/src/ssl/s3_srvr.c
+++ b/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.101 2015/03/27 12:29:54 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.102 2015/04/15 16:25:43 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -988,9 +988,9 @@ ssl3_get_client_hello(SSL *s)
        }
        if (p + i - d > n)
                goto truncated;
-       if ((i > 0) &&
-           (ssl_bytes_to_cipher_list(s, p, i, &(ciphers)) == NULL)) {
-               goto err;
+       if (i > 0) {
+               if ((ciphers = ssl_bytes_to_cipher_list(s, p, i)) == NULL)
+                       goto err;
        }
        p += i;
 

diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c
index 79ce81e..b5ce2ea 100644 (file)
--- a/lib/libssl/src/ssl/ssl_lib.c
+++ b/lib/libssl/src/ssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.102 2015/03/27 12:26:41 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.103 2015/04/15 16:25:43 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1410,11 +1410,10 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p)
 }
 
 STACK_OF(SSL_CIPHER) *
-ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
-    STACK_OF(SSL_CIPHER) **skp)
+ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num)
 {
        const SSL_CIPHER        *c;
-       STACK_OF(SSL_CIPHER)    *sk;
+       STACK_OF(SSL_CIPHER)    *sk = NULL;
        int                      i;
        unsigned long            cipher_id;
        uint16_t                 cipher_value;
@@ -1428,13 +1427,10 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
                    SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
                return (NULL);
        }
-       if (skp == NULL || *skp == NULL) {
-               sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */
-               if (sk == NULL)
-                       goto err;
-       } else {
-               sk = *skp;
-               sk_SSL_CIPHER_zero(sk);
+
+       if ((sk = sk_SSL_CIPHER_new_null()) == NULL) {
+               SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+               goto err;
        }
 
        for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) {
@@ -1486,13 +1482,11 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
                }
        }
 
-       if (skp != NULL)
-               *skp = sk;
        return (sk);
 
 err:
-       if (skp == NULL || *skp == NULL)
-               sk_SSL_CIPHER_free(sk);
+       sk_SSL_CIPHER_free(sk);
+
        return (NULL);
 }
 

diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h
index cb1da57..7b3ecdf 100644 (file)
--- a/lib/libssl/src/ssl/ssl_locl.h
+++ b/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.89 2015/03/27 12:29:54 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.90 2015/04/15 16:25:43 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -570,7 +570,7 @@ DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
 int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
     const SSL_CIPHER * const *bp);
 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
-    int num, STACK_OF(SSL_CIPHER) **skp);
+    int num);
 int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
     unsigned char *p);
 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,

diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 79ce81e..b5ce2ea 100644 (file)
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.102 2015/03/27 12:26:41 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.103 2015/04/15 16:25:43 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1410,11 +1410,10 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p)
 }
 
 STACK_OF(SSL_CIPHER) *
-ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
-    STACK_OF(SSL_CIPHER) **skp)
+ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num)
 {
        const SSL_CIPHER        *c;
-       STACK_OF(SSL_CIPHER)    *sk;
+       STACK_OF(SSL_CIPHER)    *sk = NULL;
        int                      i;
        unsigned long            cipher_id;
        uint16_t                 cipher_value;
@@ -1428,13 +1427,10 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
                    SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
                return (NULL);
        }
-       if (skp == NULL || *skp == NULL) {
-               sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */
-               if (sk == NULL)
-                       goto err;
-       } else {
-               sk = *skp;
-               sk_SSL_CIPHER_zero(sk);
+
+       if ((sk = sk_SSL_CIPHER_new_null()) == NULL) {
+               SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+               goto err;
        }
 
        for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) {
@@ -1486,13 +1482,11 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
                }
        }
 
-       if (skp != NULL)
-               *skp = sk;
        return (sk);
 
 err:
-       if (skp == NULL || *skp == NULL)
-               sk_SSL_CIPHER_free(sk);
+       sk_SSL_CIPHER_free(sk);
+
        return (NULL);
 }
 

diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index cb1da57..7b3ecdf 100644 (file)
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.89 2015/03/27 12:29:54 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.90 2015/04/15 16:25:43 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -570,7 +570,7 @@ DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
 int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
     const SSL_CIPHER * const *bp);
 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
-    int num, STACK_OF(SSL_CIPHER) **skp);
+    int num);
 int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
     unsigned char *p);
 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,