Provide a ssl3_get_cipher_by_id() function that allows ciphers to be looked

up by their ID. For one, this avoids an ugly mess in ssl_sess.c, where the
cipher value is manually written into a buffer, just so the cipher can be
located using ssl3_get_cipher_by_char().

ok bcook@ miod@

diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index acb35a8..1d84eff 100644 (file)
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.75 2014/08/10 15:06:15 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.76 2014/08/11 01:06:22 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1873,6 +1873,19 @@ ssl3_get_cipher(unsigned int u)
                return (NULL);
 }
 
+const SSL_CIPHER *
+ssl3_get_cipher_by_id(unsigned int id)
+{
+       const SSL_CIPHER *cp;
+       SSL_CIPHER c;
+
+       c.id = id;
+       cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
+       if (cp != NULL && cp->valid == 1)
+               return (cp);
+       return (NULL);
+}
+
 int
 ssl3_pending(const SSL *s)
 {

diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c
index acb35a8..1d84eff 100644 (file)
--- a/lib/libssl/src/ssl/s3_lib.c
+++ b/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.75 2014/08/10 15:06:15 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.76 2014/08/11 01:06:22 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1873,6 +1873,19 @@ ssl3_get_cipher(unsigned int u)
                return (NULL);
 }
 
+const SSL_CIPHER *
+ssl3_get_cipher_by_id(unsigned int id)
+{
+       const SSL_CIPHER *cp;
+       SSL_CIPHER c;
+
+       c.id = id;
+       cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
+       if (cp != NULL && cp->valid == 1)
+               return (cp);
+       return (NULL);
+}
+
 int
 ssl3_pending(const SSL *s)
 {

diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h
index 7961c4c..87b27a1 100644 (file)
--- a/lib/libssl/src/ssl/ssl_locl.h
+++ b/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.64 2014/08/10 14:42:56 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.65 2014/08/11 01:06:22 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -614,6 +614,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
 int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen);
 int ssl3_num_ciphers(void);
 const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
+const SSL_CIPHER *ssl3_get_cipher_by_id(unsigned int id);
 int ssl3_renegotiate(SSL *ssl);
 
 int ssl3_renegotiate_check(SSL *ssl);

diff --git a/lib/libssl/src/ssl/ssl_sess.c b/lib/libssl/src/ssl/ssl_sess.c
index d4fa5a6..8e285ea 100644 (file)
--- a/lib/libssl/src/ssl/ssl_sess.c
+++ b/lib/libssl/src/ssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.39 2014/08/10 14:42:56 jsing Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.40 2014/08/11 01:06:22 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -558,18 +558,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
        }
 
        if (ret->cipher == NULL) {
-               unsigned char buf[5], *p;
-               unsigned long l;
-
-               p = buf;
-               l = ret->cipher_id;
-               l2n(l, p);
-
-               if ((ret->ssl_version >> 8) >= SSL3_VERSION_MAJOR)
-                       ret->cipher = ssl3_get_cipher_by_char(&buf[2]);
-               else
-                       ret->cipher = ssl3_get_cipher_by_char(&buf[1]);
-
+               ret->cipher = ssl3_get_cipher_by_id(ret->cipher_id);
                if (ret->cipher == NULL)
                        goto err;
        }

diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 7961c4c..87b27a1 100644 (file)
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.64 2014/08/10 14:42:56 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.65 2014/08/11 01:06:22 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -614,6 +614,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
 int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen);
 int ssl3_num_ciphers(void);
 const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
+const SSL_CIPHER *ssl3_get_cipher_by_id(unsigned int id);
 int ssl3_renegotiate(SSL *ssl);
 
 int ssl3_renegotiate_check(SSL *ssl);

diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c
index d4fa5a6..8e285ea 100644 (file)
--- a/lib/libssl/ssl_sess.c
+++ b/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.39 2014/08/10 14:42:56 jsing Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.40 2014/08/11 01:06:22 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -558,18 +558,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
        }
 
        if (ret->cipher == NULL) {
-               unsigned char buf[5], *p;
-               unsigned long l;
-
-               p = buf;
-               l = ret->cipher_id;
-               l2n(l, p);
-
-               if ((ret->ssl_version >> 8) >= SSL3_VERSION_MAJOR)
-                       ret->cipher = ssl3_get_cipher_by_char(&buf[2]);
-               else
-                       ret->cipher = ssl3_get_cipher_by_char(&buf[1]);
-
+               ret->cipher = ssl3_get_cipher_by_id(ret->cipher_id);
                if (ret->cipher == NULL)
                        goto err;
        }