1 files changed, 1 insertions, 115 deletions

diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 97e0a4479d1..e3ab8431ab6 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.198 2019/01/21 10:32:58 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.199 2019/01/21 14:12:13 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1402,120 +1402,6 @@ SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
 	return (buf);
 }
 
-int
-ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb)
-{
-	SSL_CIPHER *cipher;
-	int num_ciphers = 0;
-	uint16_t min_vers, max_vers;
-	int i;
-
-	if (ciphers == NULL)
-		return 0;
-
-	if (!ssl_supported_version_range(s, &min_vers, &max_vers))
-		return 0;
-
-	for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
-		if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL)
-			return 0;
-
-		if (!ssl_cipher_is_permitted(cipher, min_vers, max_vers))
-			continue;
-
-		if (!CBB_add_u16(cbb, ssl3_cipher_get_value(cipher)))
-			return 0;
-
-		num_ciphers++;
-	}
-
-	/* Add SCSV if there are other ciphers and we're not renegotiating. */
-	if (num_ciphers > 0 && !s->internal->renegotiate) {
-		if (!CBB_add_u16(cbb, SSL3_CK_SCSV & SSL3_CK_VALUE_MASK))
-			return 0;
-	}
-
-	if (!CBB_flush(cbb))
-		return 0;
-
-	return 1;
-}
-
-STACK_OF(SSL_CIPHER) *
-ssl_bytes_to_cipher_list(SSL *s, CBS *cbs)
-{
-	STACK_OF(SSL_CIPHER) *ciphers = NULL;
-	const SSL_CIPHER *cipher;
-	uint16_t cipher_value, max_version;
-	unsigned long cipher_id;
-
-	if (s->s3 != NULL)
-		S3I(s)->send_connection_binding = 0;
-
-	if ((ciphers = sk_SSL_CIPHER_new_null()) == NULL) {
-		SSLerror(s, ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-
-	while (CBS_len(cbs) > 0) {
-		if (!CBS_get_u16(cbs, &cipher_value)) {
-			SSLerror(s, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
-			goto err;
-		}
-
-		cipher_id = SSL3_CK_ID | cipher_value;
-
-		if (s->s3 != NULL && cipher_id == SSL3_CK_SCSV) {
-			/*
-			 * TLS_EMPTY_RENEGOTIATION_INFO_SCSV is fatal if
-			 * renegotiating.
-			 */
-			if (s->internal->renegotiate) {
-				SSLerror(s, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
-				ssl3_send_alert(s, SSL3_AL_FATAL,
-				    SSL_AD_HANDSHAKE_FAILURE);
-
-				goto err;
-			}
-			S3I(s)->send_connection_binding = 1;
-			continue;
-		}
-
-		if (cipher_id == SSL3_CK_FALLBACK_SCSV) {
-			/*
-			 * TLS_FALLBACK_SCSV indicates that the client
-			 * previously tried a higher protocol version.
-			 * Fail if the current version is an unexpected
-			 * downgrade.
-			 */
-			max_version = ssl_max_server_version(s);
-			if (max_version == 0 || s->version < max_version) {
-				SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK);
-				if (s->s3 != NULL)
-					ssl3_send_alert(s, SSL3_AL_FATAL,
-					    SSL_AD_INAPPROPRIATE_FALLBACK);
-				goto err;
-			}
-			continue;
-		}
-
-		if ((cipher = ssl3_get_cipher_by_value(cipher_value)) != NULL) {
-			if (!sk_SSL_CIPHER_push(ciphers, cipher)) {
-				SSLerror(s, ERR_R_MALLOC_FAILURE);
-				goto err;
-			}
-		}
-	}
-
-	return (ciphers);
-
-err:
-	sk_SSL_CIPHER_free(ciphers);
-
-	return (NULL);
-}
-
-
 /*
  * Return a servername extension value if provided in Client Hello, or NULL.
  * So far, only host_name types are defined (RFC 3546).