Clean up ssl_cipher_list_to_bytes a little.

Still need to convert serializing code to CBB, but the current one is kinda
crazy.

Change-Id: I00e12a812c815bf01c53a26ccbb7c6727ea8c8fc
Reviewed-on: https://boringssl-review.googlesource.com/1840
Reviewed-by: Adam Langley <agl@google.com>

ssl/ssl_lib.c

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 720ab54..7270dde 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1492,13 +1492,12 @@
 	return(buf);
 	}
 
-int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
+int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, uint8_t *p)
 	{
-	int i;
+	size_t i;
 	const SSL_CIPHER *c;
 	CERT *ct = s->cert;
-	unsigned char *q;
-	int no_scsv = s->renegotiate;
+	uint8_t *q;
 	/* Set disabled masks for this session */
 	ssl_set_client_disabled(s);
 
@@ -1513,41 +1512,22 @@
 			c->algorithm_mkey & ct->mask_k ||
 			c->algorithm_auth & ct->mask_a)
 			continue;
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
-		if (c->id == SSL3_CK_SCSV)
-			{
-			if (no_scsv)
-				continue;
-			else
-				no_scsv = 1;
-			}
-#endif
 		s2n(ssl3_get_cipher_value(c), p);
 		}
-	/* If p == q, no ciphers and caller indicates an error. Otherwise
-	 * add SCSV if not renegotiating.
-	 */
-	if (p != q)
+	/* If all ciphers were disabled, return the error to the caller. */
+	if (p == q)
 		{
-		if (!no_scsv)
-			{
-			static const SSL_CIPHER scsv =
-				{
-				0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
-				};
-			s2n(ssl3_get_cipher_value(&scsv), p);
-#ifdef OPENSSL_RI_DEBUG
-			fprintf(stderr, "SCSV sent by client\n");
-#endif
-			}
-		if (s->fallback_scsv)
-			{
-			static const SSL_CIPHER fallback_scsv =
-				{
-				0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
-				};
-			s2n(ssl3_get_cipher_value(&fallback_scsv), p);
-			}
+		return 0;
+		}
+
+	/* Add SCSVs. */
+	if (!s->renegotiate)
+		{
+		s2n(SSL3_CK_SCSV & 0xffff, p);
+		}
+	if (s->fallback_scsv)
+		{
+		s2n(SSL3_CK_FALLBACK_SCSV & 0xffff, p);
 		}
 
 	return(p-q);