diff options
author | Benjamin Kaduk <bkaduk@akamai.com> | 2017-01-30 19:20:14 -0600 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2017-02-23 19:40:25 +0100 |
commit | 90134d9806f0191bc0eb0cde2750f0cd68667a6d (patch) | |
tree | 5ce79363107c5328c44aec2010455352d580bd1c /doc | |
parent | ccb8e6e0b1c536430290a87ba5c87dc072cc5a12 (diff) | |
download | openssl-90134d9806f0191bc0eb0cde2750f0cd68667a6d.tar.gz |
Refactor SSL_bytes_to_cipher_list()
Split off the portions that mutate the SSL object into a separate
function that the state machine calls, so that the public API can
be a pure function. (It still needs the SSL parameter in order
to determine what SSL_METHOD's get_cipher_by_char() routine to use,
though.)
Instead of returning the stack of ciphers (functionality that was
not used internally), require using the output parameter, and add
a separate output parameter for the SCSVs contained in the supplied
octets, if desired. This lets us move to the standard return value
convention. Also make both output stacks optional parameters.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2279)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man3/SSL_get_ciphers.pod | 19 |
1 files changed, 7 insertions, 12 deletions
diff --git a/doc/man3/SSL_get_ciphers.pod b/doc/man3/SSL_get_ciphers.pod index 5933bf5849..d1baafee79 100644 --- a/doc/man3/SSL_get_ciphers.pod +++ b/doc/man3/SSL_get_ciphers.pod @@ -15,9 +15,9 @@ SSL_bytes_to_cipher_list, SSL_get_cipher_list STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl); - STACK_OF(SSL_CIPHER) *SSL_bytes_to_cipher_list(SSL *s, - const unsigned char *bytes, - size_t len, int isv2format) + int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, + int isv2format, STACK_OF(SSL_CIPHER) **sk, + STACK_OF(SSL_CIPHER) **scsvs); const char *SSL_get_cipher_list(const SSL *ssl, int priority); =head1 DESCRIPTION @@ -49,8 +49,9 @@ SSL_bytes_to_cipher_list() treats the supplied B<len> octets in B<bytes> as a wire-protocol cipher suite specification (in the three-octet-per-cipher SSLv2 wire format if B<isv2format> is nonzero; otherwise the two-octet SSLv3/TLS wire format), and parses the cipher suites supported by the library -into the returned stack of SSL_CIPHER objects. Unsupported cipher suites -are ignored, and NULL is returned on error. +into the returned stacks of SSL_CIPHER objects sk and Signalling Cipher-Suite +Values scsvs. Unsupported cipher suites are ignored. Returns 1 on success +and 0 on failure. SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER listed for B<ssl> with B<priority>. If B<ssl> is NULL, no ciphers are @@ -74,19 +75,13 @@ free the return value itself. The stack returned by SSL_get1_supported_ciphers() should be freed using sk_SSL_CIPHER_free(). -The stack returned by SSL_bytes_to_cipher_list() should be freed using +The stacks returned by SSL_bytes_to_cipher_list() should be freed using sk_SSL_CIPHER_free(). =head1 RETURN VALUES See DESCRIPTION -=head1 BUGS - -The implementation of SSL_bytes_to_cipher_list() mutates state in the -supplied SSL object B<s>; SSL_bytes_to_cipher_list() should not be called -on a server SSL object after that server has processed the received ClientHello. - =head1 SEE ALSO L<ssl(7)>, L<SSL_CTX_set_cipher_list(3)>, |