From ef88cf8e57c0c5ec5dabf3ef064c26ac8ec79f96 Mon Sep 17 00:00:00 2001 From: jsing Date: Sun, 24 Aug 2014 14:36:45 +0000 Subject: [PATCH] Replace the remaining uses of ssl3_put_cipher_by_char() with s2n and a ssl3_cipher_get_value() helper function, which returns the cipher suite value for the given cipher. ok miod@ --- lib/libssl/d1_srvr.c | 6 ++---- lib/libssl/s3_lib.c | 23 +++++++---------------- lib/libssl/s3_srvr.c | 7 +++---- lib/libssl/src/ssl/d1_srvr.c | 6 ++---- lib/libssl/src/ssl/s3_lib.c | 23 +++++++---------------- lib/libssl/src/ssl/s3_srvr.c | 7 +++---- lib/libssl/src/ssl/ssl_lib.c | 7 ++++--- lib/libssl/src/ssl/ssl_locl.h | 5 +++-- lib/libssl/ssl_lib.c | 7 ++++--- lib/libssl/ssl_locl.h | 5 +++-- 10 files changed, 38 insertions(+), 58 deletions(-) diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c index 9fdd025e2d8..4532a07da5c 100644 --- a/lib/libssl/d1_srvr.c +++ b/lib/libssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.36 2014/08/10 14:42:56 jsing Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.37 2014/08/24 14:36:45 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -898,7 +898,6 @@ dtls1_send_server_hello(SSL *s) { unsigned char *buf; unsigned char *p, *d; - int i; unsigned int sl; unsigned long l; @@ -940,8 +939,7 @@ dtls1_send_server_hello(SSL *s) /* put the cipher */ if (s->s3->tmp.new_cipher == NULL) return -1; - i = ssl3_put_cipher_by_char(s->s3->tmp.new_cipher, p); - p += i; + s2n(ssl3_cipher_get_value(s->s3->tmp.new_cipher), p); /* put the compression method */ *(p++) = 0; diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 9a256430709..8d03512a264 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.78 2014/08/23 15:37:38 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.79 2014/08/24 14:36:45 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1819,6 +1819,12 @@ ssl3_get_cipher_by_id(unsigned int id) return (NULL); } +uint16_t +ssl3_cipher_get_value(const SSL_CIPHER *c) +{ + return (c->id & SSL3_CK_VALUE_MASK); +} + int ssl3_pending(const SSL *s) { @@ -2385,21 +2391,6 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) return (1); } -int -ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) -{ - long l; - - if (p != NULL) { - l = c->id; - if ((l & 0xff000000) != 0x03000000) - return (0); - p[0] = ((unsigned char)(l >> 8L)) & 0xFF; - p[1] = ((unsigned char)(l)) & 0xFF; - } - return (2); -} - SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, STACK_OF(SSL_CIPHER) *srvr) { diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index 574910cda65..597ddd43105 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.81 2014/08/11 04:46:42 miod Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.82 2014/08/24 14:36:45 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1250,8 +1250,8 @@ ssl3_send_server_hello(SSL *s) { unsigned char *buf; unsigned char *p, *d; - int i, sl; unsigned long l; + int sl; if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { buf = (unsigned char *)s->init_buf->data; @@ -1298,8 +1298,7 @@ ssl3_send_server_hello(SSL *s) p += sl; /* put the cipher */ - i = ssl3_put_cipher_by_char(s->s3->tmp.new_cipher, p); - p += i; + s2n(ssl3_cipher_get_value(s->s3->tmp.new_cipher), p); /* put the compression method */ *(p++) = 0; diff --git a/lib/libssl/src/ssl/d1_srvr.c b/lib/libssl/src/ssl/d1_srvr.c index 9fdd025e2d8..4532a07da5c 100644 --- a/lib/libssl/src/ssl/d1_srvr.c +++ b/lib/libssl/src/ssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.36 2014/08/10 14:42:56 jsing Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.37 2014/08/24 14:36:45 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -898,7 +898,6 @@ dtls1_send_server_hello(SSL *s) { unsigned char *buf; unsigned char *p, *d; - int i; unsigned int sl; unsigned long l; @@ -940,8 +939,7 @@ dtls1_send_server_hello(SSL *s) /* put the cipher */ if (s->s3->tmp.new_cipher == NULL) return -1; - i = ssl3_put_cipher_by_char(s->s3->tmp.new_cipher, p); - p += i; + s2n(ssl3_cipher_get_value(s->s3->tmp.new_cipher), p); /* put the compression method */ *(p++) = 0; diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c index 9a256430709..8d03512a264 100644 --- a/lib/libssl/src/ssl/s3_lib.c +++ b/lib/libssl/src/ssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.78 2014/08/23 15:37:38 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.79 2014/08/24 14:36:45 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1819,6 +1819,12 @@ ssl3_get_cipher_by_id(unsigned int id) return (NULL); } +uint16_t +ssl3_cipher_get_value(const SSL_CIPHER *c) +{ + return (c->id & SSL3_CK_VALUE_MASK); +} + int ssl3_pending(const SSL *s) { @@ -2385,21 +2391,6 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) return (1); } -int -ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) -{ - long l; - - if (p != NULL) { - l = c->id; - if ((l & 0xff000000) != 0x03000000) - return (0); - p[0] = ((unsigned char)(l >> 8L)) & 0xFF; - p[1] = ((unsigned char)(l)) & 0xFF; - } - return (2); -} - SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, STACK_OF(SSL_CIPHER) *srvr) { diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c index 574910cda65..597ddd43105 100644 --- a/lib/libssl/src/ssl/s3_srvr.c +++ b/lib/libssl/src/ssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.81 2014/08/11 04:46:42 miod Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.82 2014/08/24 14:36:45 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1250,8 +1250,8 @@ ssl3_send_server_hello(SSL *s) { unsigned char *buf; unsigned char *p, *d; - int i, sl; unsigned long l; + int sl; if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { buf = (unsigned char *)s->init_buf->data; @@ -1298,8 +1298,7 @@ ssl3_send_server_hello(SSL *s) p += sl; /* put the cipher */ - i = ssl3_put_cipher_by_char(s->s3->tmp.new_cipher, p); - p += i; + s2n(ssl3_cipher_get_value(s->s3->tmp.new_cipher), p); /* put the compression method */ *(p++) = 0; diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c index e5dedf0ba4a..fad600a07eb 100644 --- a/lib/libssl/src/ssl/ssl_lib.c +++ b/lib/libssl/src/ssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.82 2014/08/23 14:52:41 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.83 2014/08/24 14:36:45 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1384,7 +1384,8 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p) if ((c->algorithm_ssl & SSL_TLSV1_2) && (TLS1_get_client_version(s) < TLS1_2_VERSION)) continue; - p += ssl3_put_cipher_by_char(c, p); + + s2n(ssl3_cipher_get_value(c), p); } /* @@ -1395,7 +1396,7 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p) static SSL_CIPHER scsv = { 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; - p += ssl3_put_cipher_by_char(&scsv, p); + s2n(ssl3_cipher_get_value(&scsv), p); } return (p - q); diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h index 1c823c046ae..ec8f0fb7226 100644 --- a/lib/libssl/src/ssl/ssl_locl.h +++ b/lib/libssl/src/ssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.66 2014/08/23 14:52:41 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.67 2014/08/24 14:36:46 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -326,6 +326,7 @@ #define SSL_MAX_DIGEST 6 #define SSL3_CK_ID 0x03000000 +#define SSL3_CK_VALUE_MASK 0x0000ffff #define TLS1_PRF_DGST_MASK (0xff << TLS1_PRF_DGST_SHIFT) @@ -596,7 +597,6 @@ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); int ssl_verify_alarm_type(long type); void ssl_load_ciphers(void); -int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); void ssl3_init_finished_mac(SSL *s); int ssl3_send_server_certificate(SSL *s); int ssl3_send_newsession_ticket(SSL *s); @@ -616,6 +616,7 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen); int ssl3_num_ciphers(void); const SSL_CIPHER *ssl3_get_cipher(unsigned int u); const SSL_CIPHER *ssl3_get_cipher_by_id(unsigned int id); +uint16_t ssl3_cipher_get_value(const SSL_CIPHER *c); int ssl3_renegotiate(SSL *ssl); int ssl3_renegotiate_check(SSL *ssl); diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index e5dedf0ba4a..fad600a07eb 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.82 2014/08/23 14:52:41 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.83 2014/08/24 14:36:45 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1384,7 +1384,8 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p) if ((c->algorithm_ssl & SSL_TLSV1_2) && (TLS1_get_client_version(s) < TLS1_2_VERSION)) continue; - p += ssl3_put_cipher_by_char(c, p); + + s2n(ssl3_cipher_get_value(c), p); } /* @@ -1395,7 +1396,7 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p) static SSL_CIPHER scsv = { 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; - p += ssl3_put_cipher_by_char(&scsv, p); + s2n(ssl3_cipher_get_value(&scsv), p); } return (p - q); diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 1c823c046ae..ec8f0fb7226 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.66 2014/08/23 14:52:41 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.67 2014/08/24 14:36:46 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -326,6 +326,7 @@ #define SSL_MAX_DIGEST 6 #define SSL3_CK_ID 0x03000000 +#define SSL3_CK_VALUE_MASK 0x0000ffff #define TLS1_PRF_DGST_MASK (0xff << TLS1_PRF_DGST_SHIFT) @@ -596,7 +597,6 @@ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); int ssl_verify_alarm_type(long type); void ssl_load_ciphers(void); -int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); void ssl3_init_finished_mac(SSL *s); int ssl3_send_server_certificate(SSL *s); int ssl3_send_newsession_ticket(SSL *s); @@ -616,6 +616,7 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen); int ssl3_num_ciphers(void); const SSL_CIPHER *ssl3_get_cipher(unsigned int u); const SSL_CIPHER *ssl3_get_cipher_by_id(unsigned int id); +uint16_t ssl3_cipher_get_value(const SSL_CIPHER *c); int ssl3_renegotiate(SSL *ssl); int ssl3_renegotiate_check(SSL *ssl); -- 2.20.1