From 70e6e6179f5b7c30c5e842ff74f348f67cedf838 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 3 Jul 2021 16:06:45 +0000
Subject: Do a first pass clean up of SSL_METHOD.

The num_ciphers, get_cipher_by_char and put_cipher_by_char function
pointers use the same function for all methods - call ssl3_num_ciphers()
directly, absorb ssl3_get_cipher_by_char() into SSL_CIPHER_find() and
remove the unused ssl3_put_cipher_by_char() code.

ok inoguchi@ tb@
---
 src/lib/libssl/s3_lib.c      | 47 +----------------------------------------
 src/lib/libssl/ssl_ciph.c    | 14 ++++++++++---
 src/lib/libssl/ssl_locl.h    |  6 +-----
 src/lib/libssl/ssl_methods.c | 50 +-------------------------------------------
 4 files changed, 14 insertions(+), 103 deletions(-)

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 125c108f02..b2d94629c2 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.212 2021/07/01 17:53:39 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.213 2021/07/03 16:06:44 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2484,51 +2484,6 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
 	return 0;
 }
 
-/*
- * This function needs to check if the ciphers required are actually available.
- */
-const SSL_CIPHER *
-ssl3_get_cipher_by_char(const unsigned char *p)
-{
-	uint16_t cipher_value;
-	CBS cbs;
-
-	/* We have to assume it is at least 2 bytes due to existing API. */
-	CBS_init(&cbs, p, 2);
-	if (!CBS_get_u16(&cbs, &cipher_value))
-		return NULL;
-
-	return ssl3_get_cipher_by_value(cipher_value);
-}
-
-int
-ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
-{
-	CBB cbb;
-
-	if (p == NULL)
-		return (2);
-
-	if ((c->id & ~SSL3_CK_VALUE_MASK) != SSL3_CK_ID)
-		return (0);
-
-	memset(&cbb, 0, sizeof(cbb));
-
-	/* We have to assume it is at least 2 bytes due to existing API. */
-	if (!CBB_init_fixed(&cbb, p, 2))
-		goto err;
-	if (!CBB_add_u16(&cbb, ssl3_cipher_get_value(c)))
-		goto err;
-	if (!CBB_finish(&cbb, NULL, NULL))
-		goto err;
-
-	return (2);
-
- err:
-	CBB_cleanup(&cbb);
-	return (0);
-}
-
 SSL_CIPHER *
 ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
     STACK_OF(SSL_CIPHER) *srvr)
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index bf22c4ed99..0e9941bc0b 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.123 2021/05/16 08:24:21 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.124 2021/07/03 16:06:44 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1228,7 +1228,7 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	 * in ciphers. We cannot get more than the number compiled in, so
 	 * it is used for allocation.
 	 */
-	num_of_ciphers = ssl_method->num_ciphers();
+	num_of_ciphers = ssl3_num_ciphers();
 	co_list = reallocarray(NULL, num_of_ciphers, sizeof(CIPHER_ORDER));
 	if (co_list == NULL) {
 		SSLerrorx(ERR_R_MALLOC_FAILURE);
@@ -1603,7 +1603,15 @@ SSL_CIPHER_get_value(const SSL_CIPHER *c)
 const SSL_CIPHER *
 SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr)
 {
-	return ssl->method->get_cipher_by_char(ptr);
+	uint16_t cipher_value;
+	CBS cbs;
+
+	/* This API is documented with ptr being an array of length two. */
+	CBS_init(&cbs, ptr, 2);
+	if (!CBS_get_u16(&cbs, &cipher_value))
+		return NULL;
+
+	return ssl3_get_cipher_by_value(cipher_value);
 }
 
 int
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 6ffc2e053c..677feca157 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.354 2021/07/01 17:53:39 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.355 2021/07/03 16:06:45 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -403,10 +403,7 @@ struct ssl_method_st {
 	int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
 
 	int (*ssl_dispatch_alert)(SSL *s);
-	int (*num_ciphers)(void);
 	const SSL_CIPHER *(*get_cipher)(unsigned int ncipher);
-	const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
-	int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr);
 
 	unsigned int enc_flags;		/* SSL_ENC_FLAG_* */
 };
@@ -1229,7 +1226,6 @@ int ssl_verify_alarm_type(long type);
 int SSL_SESSION_ticket(SSL_SESSION *ss, unsigned char **out, size_t *out_len);
 
 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
-int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
 int ssl3_send_server_certificate(SSL *s);
 int ssl3_send_newsession_ticket(SSL *s);
 int ssl3_send_cert_status(SSL *s);
diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c
index a3097c37b9..b9b8a95e56 100644
--- a/src/lib/libssl/ssl_methods.c
+++ b/src/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_methods.c,v 1.26 2021/07/01 17:53:39 jsing Exp $ */
+/* $OpenBSD: ssl_methods.c,v 1.27 2021/07/03 16:06:45 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -78,10 +78,7 @@ static const SSL_METHOD DTLS_method_data = {
 	.ssl_read_bytes = dtls1_read_bytes,
 	.ssl_write_bytes = dtls1_write_app_data_bytes,
 	.ssl_dispatch_alert = dtls1_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = dtls1_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
 	.enc_flags = TLSV1_2_ENC_FLAGS,
 };
 
@@ -103,10 +100,7 @@ static const SSL_METHOD DTLS_client_method_data = {
 	.ssl_read_bytes = dtls1_read_bytes,
 	.ssl_write_bytes = dtls1_write_app_data_bytes,
 	.ssl_dispatch_alert = dtls1_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = dtls1_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
 	.enc_flags = TLSV1_2_ENC_FLAGS,
 };
 
@@ -128,10 +122,7 @@ static const SSL_METHOD DTLSv1_method_data = {
 	.ssl_read_bytes = dtls1_read_bytes,
 	.ssl_write_bytes = dtls1_write_app_data_bytes,
 	.ssl_dispatch_alert = dtls1_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = dtls1_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
 	.enc_flags = TLSV1_1_ENC_FLAGS,
 };
 
@@ -153,10 +144,7 @@ static const SSL_METHOD DTLSv1_client_method_data = {
 	.ssl_read_bytes = dtls1_read_bytes,
 	.ssl_write_bytes = dtls1_write_app_data_bytes,
 	.ssl_dispatch_alert = dtls1_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = dtls1_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
 	.enc_flags = TLSV1_1_ENC_FLAGS,
 };
 
@@ -178,10 +166,7 @@ static const SSL_METHOD DTLSv1_2_method_data = {
 	.ssl_read_bytes = dtls1_read_bytes,
 	.ssl_write_bytes = dtls1_write_app_data_bytes,
 	.ssl_dispatch_alert = dtls1_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = dtls1_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
 	.enc_flags = TLSV1_2_ENC_FLAGS,
 };
 
@@ -203,10 +188,7 @@ static const SSL_METHOD DTLSv1_2_client_method_data = {
 	.ssl_read_bytes = dtls1_read_bytes,
 	.ssl_write_bytes = dtls1_write_app_data_bytes,
 	.ssl_dispatch_alert = dtls1_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = dtls1_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
 	.enc_flags = TLSV1_2_ENC_FLAGS,
 };
 
@@ -283,10 +265,7 @@ static const SSL_METHOD TLS_method_data = {
 	.ssl_read_bytes = tls13_legacy_read_bytes,
 	.ssl_write_bytes = tls13_legacy_write_bytes,
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
 	.enc_flags = TLSV1_3_ENC_FLAGS,
 };
 #endif
@@ -309,10 +288,7 @@ static const SSL_METHOD TLS_legacy_method_data = {
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
 	.enc_flags = TLSV1_2_ENC_FLAGS,
 };
 
@@ -335,10 +311,7 @@ static const SSL_METHOD TLS_client_method_data = {
 	.ssl_read_bytes = tls13_legacy_read_bytes,
 	.ssl_write_bytes = tls13_legacy_write_bytes,
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
 	.enc_flags = TLSV1_3_ENC_FLAGS,
 };
 
@@ -362,10 +335,7 @@ static const SSL_METHOD TLS_legacy_client_method_data = {
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
 	.enc_flags = TLSV1_2_ENC_FLAGS,
 };
 #endif
@@ -388,10 +358,7 @@ static const SSL_METHOD TLSv1_method_data = {
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
 	.enc_flags = TLSV1_ENC_FLAGS,
 };
 
@@ -413,10 +380,7 @@ static const SSL_METHOD TLSv1_client_method_data = {
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
 	.enc_flags = TLSV1_ENC_FLAGS,
 };
 
@@ -438,10 +402,7 @@ static const SSL_METHOD TLSv1_1_method_data = {
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
 	.enc_flags = TLSV1_1_ENC_FLAGS,
 };
 
@@ -463,10 +424,7 @@ static const SSL_METHOD TLSv1_1_client_method_data = {
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
 	.enc_flags = TLSV1_1_ENC_FLAGS,
 };
 
@@ -488,10 +446,7 @@ static const SSL_METHOD TLSv1_2_method_data = {
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
 	.enc_flags = TLSV1_2_ENC_FLAGS,
 };
 
@@ -513,10 +468,7 @@ static const SSL_METHOD TLSv1_2_client_method_data = {
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
 	.enc_flags = TLSV1_2_ENC_FLAGS,
 };
 
-- 
cgit v1.2.3-55-g6feb