clean up comments

aws · Jan 6, 2025 · d4e5047 · d4e5047
1 parent 5fcdd4a
commit d4e5047
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 7 deletions.
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
@@ -1710,7 +1710,6 @@ OPENSSL_EXPORT size_t SSL_get_all_standard_cipher_names(const char **out,
                                             "TLS_AES_128_GCM_SHA256:" \
                                             "TLS_AES_256_GCM_SHA384"
 
-
 // SSL_CTX_set_strict_cipher_list configures the cipher list for |ctx|,
 // evaluating |str| as a cipher string and returning error if |str| contains
 // anything meaningless. It returns one on success and zero on failure.

diff --git a/ssl/ssl_cipher.cc b/ssl/ssl_cipher.cc
@@ -1256,18 +1256,17 @@ static int update_cipher_list(SSL_CTX *ctx) {
     return 0;
   }
 
-  int num_updated_tls12_ciphers = sk_SSL_CIPHER_num(tmp_cipher_list.get());
-
   // Delete any existing TLSv1.3 ciphersuites. These will be first in the list
   while (sk_SSL_CIPHER_num(tmp_cipher_list.get()) > 0 &&
          SSL_CIPHER_get_min_version(sk_SSL_CIPHER_value(tmp_cipher_list.get(), 0))
          == TLS1_3_VERSION) {
     sk_SSL_CIPHER_delete(tmp_cipher_list.get(), 0);
     num_removed_tls13_ciphers++;
-    num_updated_tls12_ciphers--;
   }
 
-  // Insert the new TLSv1.3 ciphersuites with corresponding in_group_flags
+  int num_updated_tls12_ciphers = sk_SSL_CIPHER_num(tmp_cipher_list.get());
+
+  // Insert the new TLSv1.3 ciphersuites while maintaining original order
   if (ctx->tls13_cipher_list != NULL && ctx->tls13_cipher_list->ciphers != NULL) {
     STACK_OF(SSL_CIPHER) *tls13_cipher_stack = ctx->tls13_cipher_list->ciphers.get();
     num_added_tls13_ciphers = sk_SSL_CIPHER_num(tls13_cipher_stack);
@@ -1287,7 +1286,7 @@ static int update_cipher_list(SSL_CTX *ctx) {
   // Copy in_group_flags from |ctx->tls13_cipher_list|
   if (ctx->tls13_cipher_list && ctx->tls13_cipher_list->in_group_flags) {
     const auto& tls13_flags = ctx->tls13_cipher_list->in_group_flags;
-    // Ensure the last element in in_group_flags is 0. The last ciphersuite
+    // Ensure value of last element in |in_group_flags| is 0. The last cipher
     // in a list must be the end of any group in that list.
     if (tls13_flags[num_added_tls13_ciphers - 1] != 0) {
       tls13_flags[num_added_tls13_ciphers - 1] = false;
@@ -1297,7 +1296,7 @@ static int update_cipher_list(SSL_CTX *ctx) {
     }
   }
 
-  // Copy in_group_flags from |ctx->cipher_list|
+  // Copy remaining in_group_flags from |ctx->cipher_list|
   if (ctx->cipher_list && ctx->cipher_list->in_group_flags) {
     for (int i = 0; i < num_updated_tls12_ciphers; i++) {
       updated_in_group_flags[i + num_added_tls13_ciphers] =