From 3c8e40888023ea3a64023ce924efeff05ee35993 Mon Sep 17 00:00:00 2001
From: bcook <>
Date: Wed, 15 May 2019 09:13:16 +0000
Subject: s3 is never NULL since s2 (formerly used for SSLv2) does not exist,
 so there is no need to check for it. Fixes COV-165788, identified with help
 from Alex Bumstead.

ok jsing@
---
 src/lib/libssl/ssl_ciphers.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

(limited to 'src/lib/libssl/ssl_ciphers.c')

diff --git a/src/lib/libssl/ssl_ciphers.c b/src/lib/libssl/ssl_ciphers.c
index 374cb6684e..3abed60b5b 100644
--- a/src/lib/libssl/ssl_ciphers.c
+++ b/src/lib/libssl/ssl_ciphers.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ssl_ciphers.c,v 1.2 2019/01/21 14:12:13 tb Exp $ */
+/*	$OpenBSD: ssl_ciphers.c,v 1.3 2019/05/15 09:13:16 bcook Exp $ */
 /*
  * Copyright (c) 2015-2017 Doug Hogan <doug@openbsd.org>
  * Copyright (c) 2015-2018 Joel Sing <jsing@openbsd.org>
@@ -95,8 +95,7 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs)
 	uint16_t cipher_value, max_version;
 	unsigned long cipher_id;
 
-	if (s->s3 != NULL)
-		S3I(s)->send_connection_binding = 0;
+	S3I(s)->send_connection_binding = 0;
 
 	if ((ciphers = sk_SSL_CIPHER_new_null()) == NULL) {
 		SSLerror(s, ERR_R_MALLOC_FAILURE);
@@ -111,7 +110,7 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs)
 
 		cipher_id = SSL3_CK_ID | cipher_value;
 
-		if (s->s3 != NULL && cipher_id == SSL3_CK_SCSV) {
+		if (cipher_id == SSL3_CK_SCSV) {
 			/*
 			 * TLS_EMPTY_RENEGOTIATION_INFO_SCSV is fatal if
 			 * renegotiating.
@@ -137,9 +136,8 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs)
 			max_version = ssl_max_server_version(s);
 			if (max_version == 0 || s->version < max_version) {
 				SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK);
-				if (s->s3 != NULL)
-					ssl3_send_alert(s, SSL3_AL_FATAL,
-					    SSL_AD_INAPPROPRIATE_FALLBACK);
+				ssl3_send_alert(s, SSL3_AL_FATAL,
+					SSL_AD_INAPPROPRIATE_FALLBACK);
 				goto err;
 			}
 			continue;
-- 
cgit v1.2.3-55-g6feb