From: jsing Date: Mon, 11 Aug 2014 01:10:42 +0000 (+0000) Subject: Currently, ssl3_put_char_by_bytes(NULL, NULL) is just a long handed way X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=e4f3aecf84380776b7ab1eacafa776885b3f8550;p=openbsd Currently, ssl3_put_char_by_bytes(NULL, NULL) is just a long handed way of writing "2". Add a define for the SSL3_CIPHER_VALUE_SIZE (rather than using a less-readable hardcoded constant everywhere) and replace the ssl3_put_char_by_bytes(NULL, NULL) calls with it. ok bcook@ miod@ --- diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c index 63e81351857..848de8c268e 100644 --- a/lib/libssl/s3_clnt.c +++ b/lib/libssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.86 2014/08/10 14:42:56 jsing Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.87 2014/08/11 01:10:42 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -904,7 +904,7 @@ ssl3_get_server_hello(SSL *s) SSL_R_WRONG_CIPHER_RETURNED); goto f_err; } - p += ssl3_put_cipher_by_char(NULL, NULL); + p += SSL3_CIPHER_VALUE_SIZE; sk = ssl_get_ciphers_by_id(s); i = sk_SSL_CIPHER_find(sk, c); diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c index 63e81351857..848de8c268e 100644 --- a/lib/libssl/src/ssl/s3_clnt.c +++ b/lib/libssl/src/ssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.86 2014/08/10 14:42:56 jsing Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.87 2014/08/11 01:10:42 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -904,7 +904,7 @@ ssl3_get_server_hello(SSL *s) SSL_R_WRONG_CIPHER_RETURNED); goto f_err; } - p += ssl3_put_cipher_by_char(NULL, NULL); + p += SSL3_CIPHER_VALUE_SIZE; sk = ssl_get_ciphers_by_id(s); i = sk_SSL_CIPHER_find(sk, c); diff --git a/lib/libssl/src/ssl/ssl3.h b/lib/libssl/src/ssl/ssl3.h index 4bf36c50061..9a28b4701f1 100644 --- a/lib/libssl/src/ssl/ssl3.h +++ b/lib/libssl/src/ssl/ssl3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl3.h,v 1.25 2014/07/10 09:26:08 jsing Exp $ */ +/* $OpenBSD: ssl3.h,v 1.26 2014/08/11 01:10:42 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -232,6 +232,7 @@ extern "C" { #define SSL3_SEQUENCE_SIZE 8 #define SSL3_SESSION_ID_SIZE 32 #define SSL3_RT_HEADER_LENGTH 5 +#define SSL3_CIPHER_VALUE_SIZE 2 #ifndef SSL3_ALIGN_PAYLOAD /* Some will argue that this increases memory footprint, but it's diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c index bf94321eeab..b3f42102665 100644 --- a/lib/libssl/src/ssl/ssl_lib.c +++ b/lib/libssl/src/ssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.79 2014/08/10 14:42:56 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.80 2014/08/11 01:10:42 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1407,13 +1407,12 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, { const SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk; - int i, n; + int i; if (s->s3) s->s3->send_connection_binding = 0; - n = ssl3_put_cipher_by_char(NULL, NULL); - if ((num % n) != 0) { + if ((num % SSL3_CIPHER_VALUE_SIZE) != 0) { SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); return (NULL); @@ -1425,11 +1424,10 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, sk_SSL_CIPHER_zero(sk); } - for (i = 0; i < num; i += n) { + for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) { /* Check for SCSV */ - if (s->s3 && (n != 3 || !p[0]) && - (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && - (p[n - 1] == (SSL3_CK_SCSV & 0xff))) { + if (s->s3 && (p[0] == ((SSL3_CK_SCSV >> 8) & 0xff)) && + (p[1] == (SSL3_CK_SCSV & 0xff))) { /* SCSV fatal if renegotiating */ if (s->renegotiate) { SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, @@ -1440,12 +1438,12 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, goto err; } s->s3->send_connection_binding = 1; - p += n; + p += SSL3_CIPHER_VALUE_SIZE; continue; } c = ssl3_get_cipher_by_char(p); - p += n; + p += SSL3_CIPHER_VALUE_SIZE; if (c != NULL) { if (!sk_SSL_CIPHER_push(sk, c)) { SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h index 4bf36c50061..9a28b4701f1 100644 --- a/lib/libssl/ssl3.h +++ b/lib/libssl/ssl3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl3.h,v 1.25 2014/07/10 09:26:08 jsing Exp $ */ +/* $OpenBSD: ssl3.h,v 1.26 2014/08/11 01:10:42 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -232,6 +232,7 @@ extern "C" { #define SSL3_SEQUENCE_SIZE 8 #define SSL3_SESSION_ID_SIZE 32 #define SSL3_RT_HEADER_LENGTH 5 +#define SSL3_CIPHER_VALUE_SIZE 2 #ifndef SSL3_ALIGN_PAYLOAD /* Some will argue that this increases memory footprint, but it's diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index bf94321eeab..b3f42102665 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.79 2014/08/10 14:42:56 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.80 2014/08/11 01:10:42 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1407,13 +1407,12 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, { const SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk; - int i, n; + int i; if (s->s3) s->s3->send_connection_binding = 0; - n = ssl3_put_cipher_by_char(NULL, NULL); - if ((num % n) != 0) { + if ((num % SSL3_CIPHER_VALUE_SIZE) != 0) { SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); return (NULL); @@ -1425,11 +1424,10 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, sk_SSL_CIPHER_zero(sk); } - for (i = 0; i < num; i += n) { + for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) { /* Check for SCSV */ - if (s->s3 && (n != 3 || !p[0]) && - (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && - (p[n - 1] == (SSL3_CK_SCSV & 0xff))) { + if (s->s3 && (p[0] == ((SSL3_CK_SCSV >> 8) & 0xff)) && + (p[1] == (SSL3_CK_SCSV & 0xff))) { /* SCSV fatal if renegotiating */ if (s->renegotiate) { SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, @@ -1440,12 +1438,12 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, goto err; } s->s3->send_connection_binding = 1; - p += n; + p += SSL3_CIPHER_VALUE_SIZE; continue; } c = ssl3_get_cipher_by_char(p); - p += n; + p += SSL3_CIPHER_VALUE_SIZE; if (c != NULL) { if (!sk_SSL_CIPHER_push(sk, c)) { SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,