Sort cipher-list at runtime.

Reduces #ifdef complexity.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
This commit is contained in:
Rich Salz 2016-03-16 12:33:00 -04:00
parent 757c416c4d
commit 748f254657
4 changed files with 2125 additions and 2427 deletions

File diff suppressed because it is too large Load diff

View file

@ -488,7 +488,9 @@ void ssl_load_ciphers(void)
{
size_t i;
const ssl_cipher_table *t;
disabled_enc_mask = 0;
ssl_sort_cipher_list();
for (i = 0, t = ssl_cipher_table_cipher; i < SSL_ENC_NUM_IDX; i++, t++) {
if (t->nid == NID_undef) {
ssl_cipher_methods[i] = NULL;

View file

@ -1949,6 +1949,7 @@ __owur int ssl_cert_type(X509 *x, EVP_PKEY *pkey);
void ssl_set_masks(SSL *s);
__owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
__owur int ssl_verify_alarm_type(long type);
void ssl_sort_cipher_list(void);
void ssl_load_ciphers(void);
__owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
__owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,

View file

@ -1057,7 +1057,6 @@ int main(int argc, char *argv[])
#endif
int no_protocol;
int min_version = 0, max_version = 0;
#ifndef OPENSSL_NO_CT
/*
* Disable CT validation by default, because it will interfere with
@ -1065,7 +1064,6 @@ int main(int argc, char *argv[])
*/
ct_validation_cb ct_validation = NULL;
#endif
SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL, *s_cctx2 = NULL;
STACK_OF(OPENSSL_STRING) *conf_args = NULL;
char *arg = NULL, *argn = NULL;
@ -3569,6 +3567,7 @@ static int do_test_cipherlist(void)
* call functions, thus avoiding auto-init
*/
OPENSSL_init_crypto(0, NULL);
OPENSSL_init_ssl(0, NULL);
meth = TLS_method();
tci = NULL;