From e4f3aecf84380776b7ab1eacafa776885b3f8550 Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Mon, 11 Aug 2014 01:10:42 +0000
Subject: [PATCH] Currently, ssl3_put_char_by_bytes(NULL, NULL) is just a long
 handed way of writing "2". Add a define for the SSL3_CIPHER_VALUE_SIZE
 (rather than using a less-readable hardcoded constant everywhere) and replace
 the ssl3_put_char_by_bytes(NULL, NULL) calls with it.

ok bcook@ miod@
---
 lib/libssl/s3_clnt.c         |  4 ++--
 lib/libssl/src/ssl/s3_clnt.c |  4 ++--
 lib/libssl/src/ssl/ssl3.h    |  3 ++-
 lib/libssl/src/ssl/ssl_lib.c | 18 ++++++++----------
 lib/libssl/ssl3.h            |  3 ++-
 lib/libssl/ssl_lib.c         | 18 ++++++++----------
 6 files changed, 24 insertions(+), 26 deletions(-)

diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c
index 63e81351857..848de8c268e 100644
--- a/lib/libssl/s3_clnt.c
+++ b/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.86 2014/08/10 14:42:56 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.87 2014/08/11 01:10:42 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -904,7 +904,7 @@ ssl3_get_server_hello(SSL *s)
 		    SSL_R_WRONG_CIPHER_RETURNED);
 		goto f_err;
 	}
-	p += ssl3_put_cipher_by_char(NULL, NULL);
+	p += SSL3_CIPHER_VALUE_SIZE;
 
 	sk = ssl_get_ciphers_by_id(s);
 	i = sk_SSL_CIPHER_find(sk, c);
diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c
index 63e81351857..848de8c268e 100644
--- a/lib/libssl/src/ssl/s3_clnt.c
+++ b/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.86 2014/08/10 14:42:56 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.87 2014/08/11 01:10:42 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -904,7 +904,7 @@ ssl3_get_server_hello(SSL *s)
 		    SSL_R_WRONG_CIPHER_RETURNED);
 		goto f_err;
 	}
-	p += ssl3_put_cipher_by_char(NULL, NULL);
+	p += SSL3_CIPHER_VALUE_SIZE;
 
 	sk = ssl_get_ciphers_by_id(s);
 	i = sk_SSL_CIPHER_find(sk, c);
diff --git a/lib/libssl/src/ssl/ssl3.h b/lib/libssl/src/ssl/ssl3.h
index 4bf36c50061..9a28b4701f1 100644
--- a/lib/libssl/src/ssl/ssl3.h
+++ b/lib/libssl/src/ssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.25 2014/07/10 09:26:08 jsing Exp $ */
+/* $OpenBSD: ssl3.h,v 1.26 2014/08/11 01:10:42 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -232,6 +232,7 @@ extern "C" {
 #define SSL3_SEQUENCE_SIZE			8
 #define SSL3_SESSION_ID_SIZE			32
 #define SSL3_RT_HEADER_LENGTH			5
+#define SSL3_CIPHER_VALUE_SIZE			2
 
 #ifndef SSL3_ALIGN_PAYLOAD
  /* Some will argue that this increases memory footprint, but it's
diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c
index bf94321eeab..b3f42102665 100644
--- a/lib/libssl/src/ssl/ssl_lib.c
+++ b/lib/libssl/src/ssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.79 2014/08/10 14:42:56 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.80 2014/08/11 01:10:42 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1407,13 +1407,12 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
 {
 	const SSL_CIPHER	*c;
 	STACK_OF(SSL_CIPHER)	*sk;
-	int			 i, n;
+	int			 i;
 
 	if (s->s3)
 		s->s3->send_connection_binding = 0;
 
-	n = ssl3_put_cipher_by_char(NULL, NULL);
-	if ((num % n) != 0) {
+	if ((num % SSL3_CIPHER_VALUE_SIZE) != 0) {
 		SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
 		    SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
 		return (NULL);
@@ -1425,11 +1424,10 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
 		sk_SSL_CIPHER_zero(sk);
 	}
 
-	for (i = 0; i < num; i += n) {
+	for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) {
 		/* Check for SCSV */
-		if (s->s3 && (n != 3 || !p[0]) &&
-		    (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
-		    (p[n - 1] == (SSL3_CK_SCSV & 0xff))) {
+		if (s->s3 && (p[0] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
+		    (p[1] == (SSL3_CK_SCSV & 0xff))) {
 			/* SCSV fatal if renegotiating */
 			if (s->renegotiate) {
 				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
@@ -1440,12 +1438,12 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
 				goto err;
 			}
 			s->s3->send_connection_binding = 1;
-			p += n;
+			p += SSL3_CIPHER_VALUE_SIZE;
 			continue;
 		}
 
 		c = ssl3_get_cipher_by_char(p);
-		p += n;
+		p += SSL3_CIPHER_VALUE_SIZE;
 		if (c != NULL) {
 			if (!sk_SSL_CIPHER_push(sk, c)) {
 				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h
index 4bf36c50061..9a28b4701f1 100644
--- a/lib/libssl/ssl3.h
+++ b/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.25 2014/07/10 09:26:08 jsing Exp $ */
+/* $OpenBSD: ssl3.h,v 1.26 2014/08/11 01:10:42 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -232,6 +232,7 @@ extern "C" {
 #define SSL3_SEQUENCE_SIZE			8
 #define SSL3_SESSION_ID_SIZE			32
 #define SSL3_RT_HEADER_LENGTH			5
+#define SSL3_CIPHER_VALUE_SIZE			2
 
 #ifndef SSL3_ALIGN_PAYLOAD
  /* Some will argue that this increases memory footprint, but it's
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index bf94321eeab..b3f42102665 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.79 2014/08/10 14:42:56 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.80 2014/08/11 01:10:42 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1407,13 +1407,12 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
 {
 	const SSL_CIPHER	*c;
 	STACK_OF(SSL_CIPHER)	*sk;
-	int			 i, n;
+	int			 i;
 
 	if (s->s3)
 		s->s3->send_connection_binding = 0;
 
-	n = ssl3_put_cipher_by_char(NULL, NULL);
-	if ((num % n) != 0) {
+	if ((num % SSL3_CIPHER_VALUE_SIZE) != 0) {
 		SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
 		    SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
 		return (NULL);
@@ -1425,11 +1424,10 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
 		sk_SSL_CIPHER_zero(sk);
 	}
 
-	for (i = 0; i < num; i += n) {
+	for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) {
 		/* Check for SCSV */
-		if (s->s3 && (n != 3 || !p[0]) &&
-		    (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
-		    (p[n - 1] == (SSL3_CK_SCSV & 0xff))) {
+		if (s->s3 && (p[0] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
+		    (p[1] == (SSL3_CK_SCSV & 0xff))) {
 			/* SCSV fatal if renegotiating */
 			if (s->renegotiate) {
 				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
@@ -1440,12 +1438,12 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
 				goto err;
 			}
 			s->s3->send_connection_binding = 1;
-			p += n;
+			p += SSL3_CIPHER_VALUE_SIZE;
 			continue;
 		}
 
 		c = ssl3_get_cipher_by_char(p);
-		p += n;
+		p += SSL3_CIPHER_VALUE_SIZE;
 		if (c != NULL) {
 			if (!sk_SSL_CIPHER_push(sk, c)) {
 				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
-- 
2.20.1