wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Sort cipher-list at runtime.

Browse source 
Reduces #ifdef complexity.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
This commit is contained in:
Rich Salz 2016-03-16 12:33:00 -04:00
parent 757c416c4d
commit 748f254657
4 changed files with 2125 additions and 2427 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4546
ssl/s3_lib.c
View file

File diff suppressed because it is too large Load diff

2
ssl/ssl_ciph.c
View file

@ -488,7 +488,9 @@ void ssl_load_ciphers(void)
{ {
size_t i; size_t i;
const ssl_cipher_table *t; const ssl_cipher_table *t;
disabled_enc_mask = 0; disabled_enc_mask = 0;
ssl_sort_cipher_list();
for (i = 0, t = ssl_cipher_table_cipher; i < SSL_ENC_NUM_IDX; i++, t++) { for (i = 0, t = ssl_cipher_table_cipher; i < SSL_ENC_NUM_IDX; i++, t++) {
if (t->nid == NID_undef) { if (t->nid == NID_undef) {
ssl_cipher_methods[i] = NULL; ssl_cipher_methods[i] = NULL;

1
ssl/ssl_locl.h
View file

@ -1949,6 +1949,7 @@ __owur int ssl_cert_type(X509 *x, EVP_PKEY *pkey);
void ssl_set_masks(SSL *s); void ssl_set_masks(SSL *s);
__owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); __owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
__owur int ssl_verify_alarm_type(long type); __owur int ssl_verify_alarm_type(long type);
void ssl_sort_cipher_list(void);
void ssl_load_ciphers(void); void ssl_load_ciphers(void);
__owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len); __owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
__owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, __owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,

3
test/ssltest.c
View file

@ -1057,7 +1057,6 @@ int main(int argc, char *argv[])
#endif #endif
int no_protocol; int no_protocol;
int min_version = 0, max_version = 0; int min_version = 0, max_version = 0;
#ifndef OPENSSL_NO_CT #ifndef OPENSSL_NO_CT
/* /*
* Disable CT validation by default, because it will interfere with * Disable CT validation by default, because it will interfere with
@ -1065,7 +1064,6 @@ int main(int argc, char *argv[])
*/ */
ct_validation_cb ct_validation = NULL; ct_validation_cb ct_validation = NULL;
#endif #endif
SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL, *s_cctx2 = NULL; SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL, *s_cctx2 = NULL;
STACK_OF(OPENSSL_STRING) *conf_args = NULL; STACK_OF(OPENSSL_STRING) *conf_args = NULL;
char *arg = NULL, *argn = NULL; char *arg = NULL, *argn = NULL;
@ -3569,6 +3567,7 @@ static int do_test_cipherlist(void)
* call functions, thus avoiding auto-init * call functions, thus avoiding auto-init
*/ */
OPENSSL_init_crypto(0, NULL); OPENSSL_init_crypto(0, NULL);
OPENSSL_init_ssl(0, NULL);
meth = TLS_method(); meth = TLS_method();
tci = NULL; tci = NULL;