Clean up the {get,put}_cipher_by_char() implementations. Also use

ssl3_get_cipher_by_value() in other parts of the code where it simplifies things. ok doug@
author: jsing <> 2015-02-07 05:46:01 +0000
committer: jsing <> 2015-02-07 05:46:01 +0000
commit: 6462420bc08d290040b65cd657178ea158e83571 (patch)
tree: 4ee0fc11a8214e89b48aa090fc5491c12b1793be /src
parent: 6b246d35bb311ef0726da2113541c9a56921791f (diff)
download: openbsd-6462420bc08d290040b65cd657178ea158e83571.tar.gz
openbsd-6462420bc08d290040b65cd657178ea158e83571.tar.bz2
openbsd-6462420bc08d290040b65cd657178ea158e83571.zip
6 files changed, 28 insertions, 60 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index b2c7517598..9b52691015 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.106 2015/02/06 09:58:52 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.107 2015/02/07 05:46:01 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -773,7 +773,7 @@ ssl3_get_server_hello(SSL *s)
        const SSL_CIPHER        *c;
        unsigned char           *p, *q, *d;
        int                      i, al, ok;
-        unsigned int             j, cipher_id;
+        unsigned int             j;
        uint16_t                 cipher_value;
        long                     n;
        unsigned long            alg_k;
@@ -844,7 +844,6 @@ ssl3_get_server_hello(SSL *s)
        /* Get the cipher value. */
        q = p + j;
        n2s(q, cipher_value);
-        cipher_id = SSL3_CK_ID | cipher_value;
        /*
         * Check if we want to resume the session based on external
@@ -856,8 +855,8 @@ ssl3_get_server_hello(SSL *s)
                if (s->tls_session_secret_cb(s, s->session->master_key,
                    &s->session->master_key_length, NULL, &pref_cipher,
                    s->tls_session_secret_cb_arg)) {
-                        s->session->cipher = pref_cipher ?
+                        s->session->cipher = pref_cipher ? pref_cipher :
-                            pref_cipher : ssl3_get_cipher_by_id(cipher_id);
+                            ssl3_get_cipher_by_value(cipher_value);
                        s->s3->flags |= SSL3_FLAGS_CCS_OK;
                }
        }
@@ -892,8 +891,7 @@ ssl3_get_server_hello(SSL *s)
        }
        p += j;
-        c = ssl3_get_cipher_by_id(cipher_id);
+        if ((c = ssl3_get_cipher_by_value(cipher_value)) == NULL) {
-        if (c == NULL) {
                /* unknown cipher */
                al = SSL_AD_ILLEGAL_PARAMETER;
                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index a1428907ac..aae497abed 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.93 2015/02/07 04:17:11 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.94 2015/02/07 05:46:01 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2532,30 +2532,19 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
 const SSL_CIPHER *
 ssl3_get_cipher_by_char(const unsigned char *p)
 {
-        const SSL_CIPHER *cp;
+        uint16_t cipher_value;
-        unsigned long id;
-        SSL_CIPHER c;
-        id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
+        n2s(p, cipher_value);
-        c.id = id;
+        return ssl3_get_cipher_by_value(cipher_value);
-        cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
-        if (cp == NULL || cp->valid == 0)
-                return NULL;
-        else
-                return cp;
 }
 int
 ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
 {
-        long l;
        if (p != NULL) {
-                l = c->id;
+                if ((c->id & ~SSL3_CK_VALUE_MASK) != SSL3_CK_ID)
-                if ((l & 0xff000000) != 0x03000000)
                        return (0);
-                p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
+                s2n(ssl3_cipher_get_value(c), p); 
-                p[1] = ((unsigned char)(l)) & 0xFF;
        }
        return (2);
 }
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index b2c7517598..9b52691015 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.106 2015/02/06 09:58:52 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.107 2015/02/07 05:46:01 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -773,7 +773,7 @@ ssl3_get_server_hello(SSL *s)
        const SSL_CIPHER        *c;
        unsigned char           *p, *q, *d;
        int                      i, al, ok;
-        unsigned int             j, cipher_id;
+        unsigned int             j;
        uint16_t                 cipher_value;
        long                     n;
        unsigned long            alg_k;
@@ -844,7 +844,6 @@ ssl3_get_server_hello(SSL *s)
        /* Get the cipher value. */
        q = p + j;
        n2s(q, cipher_value);
-        cipher_id = SSL3_CK_ID | cipher_value;
        /*
         * Check if we want to resume the session based on external
@@ -856,8 +855,8 @@ ssl3_get_server_hello(SSL *s)
                if (s->tls_session_secret_cb(s, s->session->master_key,
                    &s->session->master_key_length, NULL, &pref_cipher,
                    s->tls_session_secret_cb_arg)) {
-                        s->session->cipher = pref_cipher ?
+                        s->session->cipher = pref_cipher ? pref_cipher :
-                            pref_cipher : ssl3_get_cipher_by_id(cipher_id);
+                            ssl3_get_cipher_by_value(cipher_value);
                        s->s3->flags |= SSL3_FLAGS_CCS_OK;
                }
        }
@@ -892,8 +891,7 @@ ssl3_get_server_hello(SSL *s)
        }
        p += j;
-        c = ssl3_get_cipher_by_id(cipher_id);
+        if ((c = ssl3_get_cipher_by_value(cipher_value)) == NULL) {
-        if (c == NULL) {
                /* unknown cipher */
                al = SSL_AD_ILLEGAL_PARAMETER;
                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index a1428907ac..aae497abed 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.93 2015/02/07 04:17:11 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.94 2015/02/07 05:46:01 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2532,30 +2532,19 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
 const SSL_CIPHER *
 ssl3_get_cipher_by_char(const unsigned char *p)
 {
-        const SSL_CIPHER *cp;
+        uint16_t cipher_value;
-        unsigned long id;
-        SSL_CIPHER c;
-        id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
+        n2s(p, cipher_value);
-        c.id = id;
+        return ssl3_get_cipher_by_value(cipher_value);
-        cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
-        if (cp == NULL || cp->valid == 0)
-                return NULL;
-        else
-                return cp;
 }
 int
 ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
 {
-        long l;
        if (p != NULL) {
-                l = c->id;
+                if ((c->id & ~SSL3_CK_VALUE_MASK) != SSL3_CK_ID)
-                if ((l & 0xff000000) != 0x03000000)
                        return (0);
-                p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
+                s2n(ssl3_cipher_get_value(c), p); 
-                p[1] = ((unsigned char)(l)) & 0xFF;
        }
        return (2);
 }
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index 5bf43623fc..8ecb37d1be 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.95 2015/01/22 09:12:57 reyk Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.96 2015/02/07 05:46:01 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1420,7 +1420,6 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
        const SSL_CIPHER        *c;
        STACK_OF(SSL_CIPHER)    *sk;
        int                      i;
-        unsigned int             cipher_id;
        uint16_t                 cipher_value;
        if (s->s3)
@@ -1442,10 +1441,9 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
        for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) {
                n2s(p, cipher_value);
-                cipher_id = SSL3_CK_ID | cipher_value;
                /* Check for SCSV */
-                if (s->s3 && cipher_id == SSL3_CK_SCSV) {
+                if (s->s3 && (SSL3_CK_ID | cipher_value) == SSL3_CK_SCSV) {
                        /* SCSV is fatal if renegotiating. */
                        if (s->renegotiate) {
                                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
@@ -1459,8 +1457,7 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
                        continue;
                }
-                c = ssl3_get_cipher_by_id(cipher_id);
+                if ((c = ssl3_get_cipher_by_value(cipher_value)) != NULL) {
-                if (c != NULL) {
                        if (!sk_SSL_CIPHER_push(sk, c)) {
                                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
                                    ERR_R_MALLOC_FAILURE);
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 5bf43623fc..8ecb37d1be 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.95 2015/01/22 09:12:57 reyk Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.96 2015/02/07 05:46:01 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1420,7 +1420,6 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
        const SSL_CIPHER        *c;
        STACK_OF(SSL_CIPHER)    *sk;
        int                      i;
-        unsigned int             cipher_id;
        uint16_t                 cipher_value;
        if (s->s3)
@@ -1442,10 +1441,9 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
        for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) {
                n2s(p, cipher_value);
-                cipher_id = SSL3_CK_ID | cipher_value;
                /* Check for SCSV */
-                if (s->s3 && cipher_id == SSL3_CK_SCSV) {
+                if (s->s3 && (SSL3_CK_ID | cipher_value) == SSL3_CK_SCSV) {
                        /* SCSV is fatal if renegotiating. */
                        if (s->renegotiate) {
                                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
@@ -1459,8 +1457,7 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
                        continue;
                }
-                c = ssl3_get_cipher_by_id(cipher_id);
+                if ((c = ssl3_get_cipher_by_value(cipher_value)) != NULL) {
-                if (c != NULL) {
                        if (!sk_SSL_CIPHER_push(sk, c)) {
                                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
                                    ERR_R_MALLOC_FAILURE);
author	jsing <>	2015-02-07 05:46:01 +0000
committer	jsing <>	2015-02-07 05:46:01 +0000
commit	6462420bc08d290040b65cd657178ea158e83571 (patch)
tree	4ee0fc11a8214e89b48aa090fc5491c12b1793be /src
parent	6b246d35bb311ef0726da2113541c9a56921791f (diff)
download	openbsd-6462420bc08d290040b65cd657178ea158e83571.tar.gz openbsd-6462420bc08d290040b65cd657178ea158e83571.tar.bz2 openbsd-6462420bc08d290040b65cd657178ea158e83571.zip