mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-20 10:12:15 +01:00
Code Issues Projects Releases Wiki Activity

Use SSL_CIPHER_find where possible.

Browse Source
This commit is contained in:
Nick Mathewson 2015-05-14 10:14:06 -04:00
parent 67964cfa78
commit 496df21c89
1 changed files with 22 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
src/common/tortls.c
View File

@ -1518,10 +1518,23 @@ static int v2_cipher_list_pruned = 0;
/** Return 0 if <b>m</b> does not support the cipher with ID <b>cipher</b>; /** Return 0 if <b>m</b> does not support the cipher with ID <b>cipher</b>;
* return 1 if it does support it, or if we have no way to tell. */ * return 1 if it does support it, or if we have no way to tell. */
static int static int
find_cipher_by_id(const SSL_METHOD *m, uint16_t cipher) find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher)
{ {
const SSL_CIPHER *c; const SSL_CIPHER *c;
#ifdef HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR #if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,2)
{
unsigned char cipherid[3];
tor_assert(ssl);
set_uint16(cipherid, htons(cipher));
cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting
* with a two-byte 'cipherid', it may look for a v2
* cipher with the appropriate 3 bytes. */
c = SSL_CIPHER_find((SSL*)ssl, cipherid);
if (c)
tor_assert((c->id & 0xffff) == cipher);
return c != NULL;
}
#elif defined(HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR)
if (m && m->get_cipher_by_char) { if (m && m->get_cipher_by_char) {
unsigned char cipherid[3]; unsigned char cipherid[3];
set_uint16(cipherid, htons(cipher)); set_uint16(cipherid, htons(cipher));
@ -1534,6 +1547,7 @@ find_cipher_by_id(const SSL_METHOD *m, uint16_t cipher)
return c != NULL; return c != NULL;
} else } else
#endif #endif
#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0)
if (m && m->get_cipher && m->num_ciphers) { if (m && m->get_cipher && m->num_ciphers) {
/* It would seem that some of the "let's-clean-up-openssl" forks have /* It would seem that some of the "let's-clean-up-openssl" forks have
* removed the get_cipher_by_char function. Okay, so now you get a * removed the get_cipher_by_char function. Okay, so now you get a
@ -1547,23 +1561,24 @@ find_cipher_by_id(const SSL_METHOD *m, uint16_t cipher)
} }
} }
return 0; return 0;
} else {
return 1; /* No way to search */
} }
#endif
(void) ssl;
return 1; /* No way to search */
} }
/** Remove from v2_cipher_list every cipher that we don't support, so that /** Remove from v2_cipher_list every cipher that we don't support, so that
* comparing v2_cipher_list to a client's cipher list will give a sensible * comparing v2_cipher_list to a client's cipher list will give a sensible
* result. */ * result. */
static void static void
prune_v2_cipher_list(void) prune_v2_cipher_list(const SSL *ssl)
{ {
uint16_t *inp, *outp; uint16_t *inp, *outp;
const SSL_METHOD *m = SSLv23_method(); const SSL_METHOD *m = SSLv23_method();
inp = outp = v2_cipher_list; inp = outp = v2_cipher_list;
while (*inp) { while (*inp) {
if (find_cipher_by_id(m, *inp)) { if (find_cipher_by_id(ssl, m, *inp)) {
*outp++ = *inp++; *outp++ = *inp++;
} else { } else {
inp++; inp++;
@ -1585,7 +1600,7 @@ tor_tls_classify_client_ciphers(const SSL *ssl,
int i, res; int i, res;
tor_tls_t *tor_tls; tor_tls_t *tor_tls;
if (PREDICT_UNLIKELY(!v2_cipher_list_pruned)) if (PREDICT_UNLIKELY(!v2_cipher_list_pruned))
prune_v2_cipher_list(); prune_v2_cipher_list(ssl);
tor_tls = tor_tls_get_by_ssl(ssl); tor_tls = tor_tls_get_by_ssl(ssl);
if (tor_tls && tor_tls->client_cipher_list_type) if (tor_tls && tor_tls->client_cipher_list_type)