src - OpenBSD base system

diff options


context:
space:
mode:

author	Joel Sing <jsing@cvs.openbsd.org>	2015-02-07 05:46:02 +0000
committer	Joel Sing <jsing@cvs.openbsd.org>	2015-02-07 05:46:02 +0000
commit	b2e05952fdd0c610cab978aac3ce58c75fd3c14f (patch)
tree	72f190e35a8545548a17bd8782d1878967a707ce /lib
parent	a3f9fb935bc2c542f8a753f7b5167a09986e9330 (diff)

Clean up the {get,put}_cipher_by_char() implementations. Also use

ssl3_get_cipher_by_value() in other parts of the code where it simplifies things. ok doug@

Diffstat (limited to 'lib')

-rw-r--r--

lib/libssl/src/ssl/s3_clnt.c

-rw-r--r--

lib/libssl/src/ssl/s3_lib.c

-rw-r--r--

lib/libssl/src/ssl/ssl_lib.c

3 files changed, 14 insertions, 30 deletions

diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c
index b2c75175980..9b52691015e 100644
--- a/lib/libssl/src/ssl/s3_clnt.c
+++ b/lib/libssl/src/ssl/s3_clnt.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: s3_clnt.c,v 1.106 2015/02/06 09:58:52 jsing Exp $ */

+/* $OpenBSD: s3_clnt.c,v 1.107 2015/02/07 05:46:01 jsing Exp $ */

@@ -773,7 +773,7 @@ ssl3_get_server_hello(SSL *s)

const SSL_CIPHER *c;

unsigned char *p, *q, *d;

int i, al, ok;

- unsigned int j, cipher_id;

+ unsigned int j;

uint16_t cipher_value;

long n;

unsigned long alg_k;

@@ -844,7 +844,6 @@ ssl3_get_server_hello(SSL *s)

/* Get the cipher value. */

q = p + j;

n2s(q, cipher_value);

- cipher_id = SSL3_CK_ID | cipher_value;

* Check if we want to resume the session based on external

@@ -856,8 +855,8 @@ ssl3_get_server_hello(SSL *s)

if (s->tls_session_secret_cb(s, s->session->master_key,

&s->session->master_key_length, NULL, &pref_cipher,

s->tls_session_secret_cb_arg)) {

- s->session->cipher = pref_cipher ?

- pref_cipher : ssl3_get_cipher_by_id(cipher_id);

+ s->session->cipher = pref_cipher ? pref_cipher :

+ ssl3_get_cipher_by_value(cipher_value);

s->s3->flags |= SSL3_FLAGS_CCS_OK;

}

@@ -892,8 +891,7 @@ ssl3_get_server_hello(SSL *s)

}

p += j;

- c = ssl3_get_cipher_by_id(cipher_id);

- if (c == NULL) {

+ if ((c = ssl3_get_cipher_by_value(cipher_value)) == NULL) {

/* unknown cipher */

al = SSL_AD_ILLEGAL_PARAMETER;

SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,

diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c
index a1428907ac9..aae497abede 100644
--- a/lib/libssl/src/ssl/s3_lib.c
+++ b/lib/libssl/src/ssl/s3_lib.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: s3_lib.c,v 1.93 2015/02/07 04:17:11 jsing Exp $ */

+/* $OpenBSD: s3_lib.c,v 1.94 2015/02/07 05:46:01 jsing Exp $ */

@@ -2532,30 +2532,19 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))

const SSL_CIPHER *

ssl3_get_cipher_by_char(const unsigned char *p)

{

- const SSL_CIPHER *cp;

- unsigned long id;

- SSL_CIPHER c;

+ uint16_t cipher_value;

- id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];

- c.id = id;

- cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);

- if (cp == NULL || cp->valid == 0)

- return NULL;

- else

- return cp;

+ n2s(p, cipher_value);

+ return ssl3_get_cipher_by_value(cipher_value);

}

int

ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)

{

- long l;

if (p != NULL) {

- l = c->id;

- if ((l & 0xff000000) != 0x03000000)

+ if ((c->id & ~SSL3_CK_VALUE_MASK) != SSL3_CK_ID)

return (0);

- p[0] = ((unsigned char)(l >> 8L)) & 0xFF;

- p[1] = ((unsigned char)(l)) & 0xFF;

+ s2n(ssl3_cipher_get_value(c), p);

}

return (2);

}

diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c
index 5bf43623fc8..8ecb37d1be6 100644
--- a/lib/libssl/src/ssl/ssl_lib.c
+++ b/lib/libssl/src/ssl/ssl_lib.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ssl_lib.c,v 1.95 2015/01/22 09:12:57 reyk Exp $ */

+/* $OpenBSD: ssl_lib.c,v 1.96 2015/02/07 05:46:01 jsing Exp $ */

@@ -1420,7 +1420,6 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,

const SSL_CIPHER *c;

STACK_OF(SSL_CIPHER) *sk;

int i;

- unsigned int cipher_id;

uint16_t cipher_value;

if (s->s3)

@@ -1442,10 +1441,9 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,

for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) {

n2s(p, cipher_value);

- cipher_id = SSL3_CK_ID | cipher_value;

/* Check for SCSV */

- if (s->s3 && cipher_id == SSL3_CK_SCSV) {

+ if (s->s3 && (SSL3_CK_ID | cipher_value) == SSL3_CK_SCSV) {

/* SCSV is fatal if renegotiating. */

if (s->renegotiate) {

SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,

@@ -1459,8 +1457,7 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,

continue;

}

- c = ssl3_get_cipher_by_id(cipher_id);

- if (c != NULL) {

+ if ((c = ssl3_get_cipher_by_value(cipher_value)) != NULL) {

if (!sk_SSL_CIPHER_push(sk, c)) {

SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,

ERR_R_MALLOC_FAILURE);