Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked

up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the
cipher value is manually written into a buffer, just so the cipher can be
located using ssl3_get_cipher_by_char().

ok bcook@ miod@

6 files changed, 36 insertions, 30 deletions

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index acb35a8f25..1d84effeea 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.75 2014/08/10 15:06:15 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.76 2014/08/11 01:06:22 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1873,6 +1873,19 @@ ssl3_get_cipher(unsigned int u)
                 return (NULL);
 }
 
+const SSL_CIPHER *
+ssl3_get_cipher_by_id(unsigned int id)
+{
+        const SSL_CIPHER *cp;
+        SSL_CIPHER c;
+
+        c.id = id;
+        cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
+        if (cp != NULL && cp->valid == 1)
+                return (cp);
+        return (NULL);
+}
+
 int
 ssl3_pending(const SSL *s)
 {
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index acb35a8f25..1d84effeea 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.75 2014/08/10 15:06:15 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.76 2014/08/11 01:06:22 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1873,6 +1873,19 @@ ssl3_get_cipher(unsigned int u)
                 return (NULL);
 }
 
+const SSL_CIPHER *
+ssl3_get_cipher_by_id(unsigned int id)
+{
+        const SSL_CIPHER *cp;
+        SSL_CIPHER c;
+
+        c.id = id;
+        cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
+        if (cp != NULL && cp->valid == 1)
+                return (cp);
+        return (NULL);
+}
+
 int
 ssl3_pending(const SSL *s)
 {
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 7961c4c06e..87b27a1d99 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.64 2014/08/10 14:42:56 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.65 2014/08/11 01:06:22 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -614,6 +614,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
 int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen);
 int ssl3_num_ciphers(void);
 const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
+const SSL_CIPHER *ssl3_get_cipher_by_id(unsigned int id);
 int ssl3_renegotiate(SSL *ssl);
 
 int ssl3_renegotiate_check(SSL *ssl);
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c
index d4fa5a618f..8e285ea9b1 100644
--- a/src/lib/libssl/src/ssl/ssl_sess.c
+++ b/src/lib/libssl/src/ssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.39 2014/08/10 14:42:56 jsing Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.40 2014/08/11 01:06:22 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -558,18 +558,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
         }
 
         if (ret->cipher == NULL) {
-                unsigned char buf[5], *p;
-                unsigned long l;
-
-                p = buf;
-                l = ret->cipher_id;
-                l2n(l, p);
-
-                if ((ret->ssl_version >> 8) >= SSL3_VERSION_MAJOR)
-                        ret->cipher = ssl3_get_cipher_by_char(&buf[2]);
-                else
-                        ret->cipher = ssl3_get_cipher_by_char(&buf[1]);
-
+                ret->cipher = ssl3_get_cipher_by_id(ret->cipher_id);
                 if (ret->cipher == NULL)
                         goto err;
         }
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 7961c4c06e..87b27a1d99 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.64 2014/08/10 14:42:56 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.65 2014/08/11 01:06:22 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -614,6 +614,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
 int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen);
 int ssl3_num_ciphers(void);
 const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
+const SSL_CIPHER *ssl3_get_cipher_by_id(unsigned int id);
 int ssl3_renegotiate(SSL *ssl);
 
 int ssl3_renegotiate_check(SSL *ssl);
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index d4fa5a618f..8e285ea9b1 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.39 2014/08/10 14:42:56 jsing Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.40 2014/08/11 01:06:22 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -558,18 +558,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
         }
 
         if (ret->cipher == NULL) {
-                unsigned char buf[5], *p;
-                unsigned long l;
-
-                p = buf;
-                l = ret->cipher_id;
-                l2n(l, p);
-
-                if ((ret->ssl_version >> 8) >= SSL3_VERSION_MAJOR)
-                        ret->cipher = ssl3_get_cipher_by_char(&buf[2]);
-                else
-                        ret->cipher = ssl3_get_cipher_by_char(&buf[1]);
-
+                ret->cipher = ssl3_get_cipher_by_id(ret->cipher_id);
                 if (ret->cipher == NULL)
                         goto err;
         }