From 481c1145e46ded4f26ffc82fbf5e609beda1850f Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Sun, 19 Aug 2018 15:38:03 +0000
Subject: [PATCH] Rename and collapse tls12_get_sigandhash_cbb().

Now that all callers of tls12_get_sigandhash() have been converted to CBB,
collapse tls12_get_sigandhash() and tls12_get_sigandhash_cbb() into a
single function. Rename it to tls12_gethashandsig() to be representative
of the actual order of the sigalgs parameters, and perform some other
clean up.

ok inoguchi@ tb@
---
 lib/libssl/ssl_clnt.c |  4 ++--
 lib/libssl/ssl_locl.h |  8 +++----
 lib/libssl/ssl_srvr.c |  5 ++---
 lib/libssl/t1_lib.c   | 50 ++++++++++++++++++-------------------------
 4 files changed, 28 insertions(+), 39 deletions(-)

diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index fd78a8e8a58..b026aaaee2e 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.31 2018/08/17 16:28:21 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.32 2018/08/19 15:38:03 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2416,7 +2416,7 @@ ssl3_send_client_verify(SSL *s)
 			    &hdata);
 			md = s->cert->key->digest;
 			if (hdatalen <= 0 ||
-			    !tls12_get_sigandhash_cbb(&cert_verify, pkey, md)) {
+			    !tls12_get_hashandsig(&cert_verify, pkey, md)) {
 				SSLerror(s, ERR_R_INTERNAL_ERROR);
 				goto err;
 			}
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index da4bde09f3e..8e85f100aa0 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.206 2018/08/16 17:49:48 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.207 2018/08/19 15:38:03 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1282,11 +1282,9 @@ int ssl_check_serverhello_tlsext(SSL *s);
 #define tlsext_tick_md	EVP_sha256
 int tls1_process_ticket(SSL *s, const unsigned char *session_id, int len,
     const unsigned char *limit, SSL_SESSION **ret);
-int tls12_get_sigandhash_cbb(CBB *cbb, const EVP_PKEY *pk,
-    const EVP_MD *md);
-int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
-    const EVP_MD *md);
+int tls12_get_hashid(const EVP_MD *md);
 int tls12_get_sigid(const EVP_PKEY *pk);
+int tls12_get_hashandsig(CBB *cbb, const EVP_PKEY *pk, const EVP_MD *md);
 const EVP_MD *tls12_get_hash(unsigned char hash_alg);
 
 void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index 80c7208c138..01fe6475006 100644
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.40 2018/08/19 15:29:26 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.41 2018/08/19 15:38:03 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1565,8 +1565,7 @@ ssl3_send_server_key_exchange(SSL *s)
 
 			/* Send signature algorithm. */
 			if (SSL_USE_SIGALGS(s)) {
-				if (!tls12_get_sigandhash_cbb(&server_kex, pkey,
-				    md)) {
+				if (!tls12_get_hashandsig(&server_kex, pkey, md)) {
 					/* Should never happen */
 					al = SSL_AD_INTERNAL_ERROR;
 					SSLerror(s, ERR_R_INTERNAL_ERROR);
diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index 7f166942f79..1b2e0844fb0 100644
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.142 2018/08/16 17:49:48 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.143 2018/08/19 15:38:03 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1116,51 +1116,43 @@ tls12_find_id(int nid, tls12_lookup *table, size_t tlen)
 }
 
 int
-tls12_get_sigandhash_cbb(CBB *cbb, const EVP_PKEY *pk, const EVP_MD *md)
+tls12_get_hashid(const EVP_MD *md)
 {
-	unsigned char p[2];
+	if (md == NULL)
+		return -1;
 
-	if (!tls12_get_sigandhash(p, pk, md))
-		return 0;
+	return tls12_find_id(EVP_MD_type(md), tls12_md,
+	    sizeof(tls12_md) / sizeof(tls12_lookup));
+}
 
-	if (!CBB_add_u8(cbb, p[0]))
-		return 0;
-	if (!CBB_add_u8(cbb, p[1]))
-		return 0;
+int
+tls12_get_sigid(const EVP_PKEY *pk)
+{
+	if (pk == NULL)
+		return -1;
 
-	return 1;
+	return tls12_find_id(pk->type, tls12_sig,
+	    sizeof(tls12_sig) / sizeof(tls12_lookup));
 }
 
 int
-tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md)
+tls12_get_hashandsig(CBB *cbb, const EVP_PKEY *pk, const EVP_MD *md)
 {
-	int sig_id, md_id;
+	int hash_id, sig_id;
 
-	if (md == NULL)
+	if ((hash_id = tls12_get_hashid(md)) == -1)
 		return 0;
-
-	md_id = tls12_find_id(EVP_MD_type(md), tls12_md,
-	    sizeof(tls12_md) / sizeof(tls12_lookup));
-	if (md_id == -1)
+	if ((sig_id = tls12_get_sigid(pk)) == -1)
 		return 0;
 
-	sig_id = tls12_get_sigid(pk);
-	if (sig_id == -1)
+	if (!CBB_add_u8(cbb, hash_id))
+		return 0;
+	if (!CBB_add_u8(cbb, sig_id))
 		return 0;
-
-	p[0] = (unsigned char)md_id;
-	p[1] = (unsigned char)sig_id;
 
 	return 1;
 }
 
-int
-tls12_get_sigid(const EVP_PKEY *pk)
-{
-	return tls12_find_id(pk->type, tls12_sig,
-	    sizeof(tls12_sig) / sizeof(tls12_lookup));
-}
-
 const EVP_MD *
 tls12_get_hash(unsigned char hash_alg)
 {
-- 
2.20.1