Switch various things to scopers.
Clear out some of the easy cases.
Bug: 132
Change-Id: Icd5c246cb6bec4a96c72eccd6569235c3d030ebd
Reviewed-on: https://boringssl-review.googlesource.com/18204
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/ssl_asn1.cc b/ssl/ssl_asn1.cc
index d8b1bd6..371e8e8 100644
--- a/ssl/ssl_asn1.cc
+++ b/ssl/ssl_asn1.cc
@@ -200,15 +200,14 @@
static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, uint8_t **out_data,
size_t *out_len, int for_ticket) {
- CBB cbb, session, child, child2;
-
if (in == NULL || in->cipher == NULL) {
return 0;
}
- CBB_zero(&cbb);
- if (!CBB_init(&cbb, 0) ||
- !CBB_add_asn1(&cbb, &session, CBS_ASN1_SEQUENCE) ||
+ ScopedCBB cbb;
+ CBB session, child, child2;
+ if (!CBB_init(cbb.get(), 0) ||
+ !CBB_add_asn1(cbb.get(), &session, CBS_ASN1_SEQUENCE) ||
!CBB_add_asn1_uint64(&session, kVersion) ||
!CBB_add_asn1_uint64(&session, in->ssl_version) ||
!CBB_add_asn1(&session, &child, CBS_ASN1_OCTETSTRING) ||
@@ -224,7 +223,7 @@
!CBB_add_asn1(&session, &child, kTimeoutTag) ||
!CBB_add_asn1_uint64(&child, in->timeout)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- goto err;
+ return 0;
}
/* The peer certificate is only serialized if the SHA-256 isn't
@@ -235,7 +234,7 @@
!CBB_add_bytes(&child, CRYPTO_BUFFER_data(buffer),
CRYPTO_BUFFER_len(buffer))) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- goto err;
+ return 0;
}
}
@@ -245,14 +244,14 @@
!CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) ||
!CBB_add_bytes(&child2, in->sid_ctx, in->sid_ctx_length)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- goto err;
+ return 0;
}
if (in->verify_result != X509_V_OK) {
if (!CBB_add_asn1(&session, &child, kVerifyResultTag) ||
!CBB_add_asn1_uint64(&child, in->verify_result)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- goto err;
+ return 0;
}
}
@@ -262,7 +261,7 @@
!CBB_add_bytes(&child2, (const uint8_t *)in->tlsext_hostname,
strlen(in->tlsext_hostname))) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- goto err;
+ return 0;
}
}
@@ -272,7 +271,7 @@
!CBB_add_bytes(&child2, (const uint8_t *)in->psk_identity,
strlen(in->psk_identity))) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- goto err;
+ return 0;
}
}
@@ -280,7 +279,7 @@
if (!CBB_add_asn1(&session, &child, kTicketLifetimeHintTag) ||
!CBB_add_asn1_uint64(&child, in->tlsext_tick_lifetime_hint)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- goto err;
+ return 0;
}
}
@@ -289,7 +288,7 @@
!CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) ||
!CBB_add_bytes(&child2, in->tlsext_tick, in->tlsext_ticklen)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- goto err;
+ return 0;
}
}
@@ -298,7 +297,7 @@
!CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) ||
!CBB_add_bytes(&child2, in->peer_sha256, sizeof(in->peer_sha256))) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- goto err;
+ return 0;
}
}
@@ -308,7 +307,7 @@
!CBB_add_bytes(&child2, in->original_handshake_hash,
in->original_handshake_hash_len)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- goto err;
+ return 0;
}
}
@@ -318,7 +317,7 @@
!CBB_add_bytes(&child2, in->tlsext_signed_cert_timestamp_list,
in->tlsext_signed_cert_timestamp_list_length)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- goto err;
+ return 0;
}
}
@@ -327,7 +326,7 @@
!CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) ||
!CBB_add_bytes(&child2, in->ocsp_response, in->ocsp_response_length)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- goto err;
+ return 0;
}
}
@@ -336,7 +335,7 @@
!CBB_add_asn1(&child, &child2, CBS_ASN1_BOOLEAN) ||
!CBB_add_u8(&child2, 0xff)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- goto err;
+ return 0;
}
}
@@ -344,7 +343,7 @@
(!CBB_add_asn1(&session, &child, kGroupIDTag) ||
!CBB_add_asn1_uint64(&child, in->group_id))) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- goto err;
+ return 0;
}
/* The certificate chain is only serialized if the leaf's SHA-256 isn't
@@ -354,14 +353,14 @@
sk_CRYPTO_BUFFER_num(in->certs) >= 2) {
if (!CBB_add_asn1(&session, &child, kCertChainTag)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- goto err;
+ return 0;
}
for (size_t i = 1; i < sk_CRYPTO_BUFFER_num(in->certs); i++) {
const CRYPTO_BUFFER *buffer = sk_CRYPTO_BUFFER_value(in->certs, i);
if (!CBB_add_bytes(&child, CRYPTO_BUFFER_data(buffer),
CRYPTO_BUFFER_len(buffer))) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- goto err;
+ return 0;
}
}
}
@@ -371,7 +370,7 @@
!CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) ||
!CBB_add_u32(&child2, in->ticket_age_add)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- goto err;
+ return 0;
}
}
@@ -380,7 +379,7 @@
!CBB_add_asn1(&child, &child2, CBS_ASN1_BOOLEAN) ||
!CBB_add_u8(&child2, 0x00)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- goto err;
+ return 0;
}
}
@@ -388,21 +387,21 @@
(!CBB_add_asn1(&session, &child, kPeerSignatureAlgorithmTag) ||
!CBB_add_asn1_uint64(&child, in->peer_signature_algorithm))) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- goto err;
+ return 0;
}
if (in->ticket_max_early_data != 0 &&
(!CBB_add_asn1(&session, &child, kTicketMaxEarlyDataTag) ||
!CBB_add_asn1_uint64(&child, in->ticket_max_early_data))) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- goto err;
+ return 0;
}
if (in->timeout != in->auth_timeout &&
(!CBB_add_asn1(&session, &child, kAuthTimeoutTag) ||
!CBB_add_asn1_uint64(&child, in->auth_timeout))) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- goto err;
+ return 0;
}
if (in->early_alpn) {
@@ -411,19 +410,15 @@
!CBB_add_bytes(&child2, (const uint8_t *)in->early_alpn,
in->early_alpn_len)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- goto err;
+ return 0;
}
}
- if (!CBB_finish(&cbb, out_data, out_len)) {
+ if (!CBB_finish(cbb.get(), out_data, out_len)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- goto err;
+ return 0;
}
return 1;
-
- err:
- CBB_cleanup(&cbb);
- return 0;
}
/* SSL_SESSION_parse_string gets an optional ASN.1 OCTET STRING