From: jsing <jsing@openbsd.org>
Date: Wed, 15 Apr 2015 16:25:43 +0000 (+0000)
Subject: Clean up the ssl_bytes_to_cipher_list() API - rather than having the
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=ca366248adfd5c721424a6c92d7b72413e244187;p=openbsd

Clean up the ssl_bytes_to_cipher_list() API - rather than having the
ability to pass or not pass a STACK_OF(SSL_CIPHER) *, which is then either
zeroed or if NULL a new one is allocated, always allocate one and return it
directly.

Inspired by simliar changes in BoringSSL.

ok beck@ doug@
---

diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index ce48809f65b..5248cc864c2 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.101 2015/03/27 12:29:54 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.102 2015/04/15 16:25:43 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -988,9 +988,9 @@ ssl3_get_client_hello(SSL *s)
 	}
 	if (p + i - d > n)
 		goto truncated;
-	if ((i > 0) &&
-	    (ssl_bytes_to_cipher_list(s, p, i, &(ciphers)) == NULL)) {
-		goto err;
+	if (i > 0) {
+		if ((ciphers = ssl_bytes_to_cipher_list(s, p, i)) == NULL)
+			goto err;
 	}
 	p += i;
 
diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c
index ce48809f65b..5248cc864c2 100644
--- a/lib/libssl/src/ssl/s3_srvr.c
+++ b/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.101 2015/03/27 12:29:54 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.102 2015/04/15 16:25:43 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -988,9 +988,9 @@ ssl3_get_client_hello(SSL *s)
 	}
 	if (p + i - d > n)
 		goto truncated;
-	if ((i > 0) &&
-	    (ssl_bytes_to_cipher_list(s, p, i, &(ciphers)) == NULL)) {
-		goto err;
+	if (i > 0) {
+		if ((ciphers = ssl_bytes_to_cipher_list(s, p, i)) == NULL)
+			goto err;
 	}
 	p += i;
 
diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c
index 79ce81e70eb..b5ce2ea5ace 100644
--- a/lib/libssl/src/ssl/ssl_lib.c
+++ b/lib/libssl/src/ssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.102 2015/03/27 12:26:41 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.103 2015/04/15 16:25:43 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1410,11 +1410,10 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p)
 }
 
 STACK_OF(SSL_CIPHER) *
-ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
-    STACK_OF(SSL_CIPHER) **skp)
+ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num)
 {
 	const SSL_CIPHER	*c;
-	STACK_OF(SSL_CIPHER)	*sk;
+	STACK_OF(SSL_CIPHER)	*sk = NULL;
 	int			 i;
 	unsigned long		 cipher_id;
 	uint16_t		 cipher_value;
@@ -1428,13 +1427,10 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
 		    SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
 		return (NULL);
 	}
-	if (skp == NULL || *skp == NULL) {
-		sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */
-		if (sk == NULL)
-			goto err;
-	} else {
-		sk = *skp;
-		sk_SSL_CIPHER_zero(sk);
+
+	if ((sk = sk_SSL_CIPHER_new_null()) == NULL) {
+		SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+		goto err;
 	}
 
 	for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) {
@@ -1486,13 +1482,11 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
 		}
 	}
 
-	if (skp != NULL)
-		*skp = sk;
 	return (sk);
 
 err:
-	if (skp == NULL || *skp == NULL)
-		sk_SSL_CIPHER_free(sk);
+	sk_SSL_CIPHER_free(sk);
+
 	return (NULL);
 }
 
diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h
index cb1da576f4e..7b3ecdf6654 100644
--- a/lib/libssl/src/ssl/ssl_locl.h
+++ b/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.89 2015/03/27 12:29:54 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.90 2015/04/15 16:25:43 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -570,7 +570,7 @@ DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
 int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
     const SSL_CIPHER * const *bp);
 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
-    int num, STACK_OF(SSL_CIPHER) **skp);
+    int num);
 int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
     unsigned char *p);
 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 79ce81e70eb..b5ce2ea5ace 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.102 2015/03/27 12:26:41 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.103 2015/04/15 16:25:43 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1410,11 +1410,10 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p)
 }
 
 STACK_OF(SSL_CIPHER) *
-ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
-    STACK_OF(SSL_CIPHER) **skp)
+ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num)
 {
 	const SSL_CIPHER	*c;
-	STACK_OF(SSL_CIPHER)	*sk;
+	STACK_OF(SSL_CIPHER)	*sk = NULL;
 	int			 i;
 	unsigned long		 cipher_id;
 	uint16_t		 cipher_value;
@@ -1428,13 +1427,10 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
 		    SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
 		return (NULL);
 	}
-	if (skp == NULL || *skp == NULL) {
-		sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */
-		if (sk == NULL)
-			goto err;
-	} else {
-		sk = *skp;
-		sk_SSL_CIPHER_zero(sk);
+
+	if ((sk = sk_SSL_CIPHER_new_null()) == NULL) {
+		SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+		goto err;
 	}
 
 	for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) {
@@ -1486,13 +1482,11 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
 		}
 	}
 
-	if (skp != NULL)
-		*skp = sk;
 	return (sk);
 
 err:
-	if (skp == NULL || *skp == NULL)
-		sk_SSL_CIPHER_free(sk);
+	sk_SSL_CIPHER_free(sk);
+
 	return (NULL);
 }
 
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index cb1da576f4e..7b3ecdf6654 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.89 2015/03/27 12:29:54 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.90 2015/04/15 16:25:43 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -570,7 +570,7 @@ DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
 int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
     const SSL_CIPHER * const *bp);
 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
-    int num, STACK_OF(SSL_CIPHER) **skp);
+    int num);
 int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
     unsigned char *p);
 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,