From 2a185a80331f057f9c985f3a46259b6acfbe8569 Mon Sep 17 00:00:00 2001 From: Joel Sing Date: Fri, 11 Sep 2020 17:36:28 +0000 Subject: Remove cipher_list_by_id. When parsing a cipher string, a cipher list is created, before being duplicated and sorted - the second copy being stored as cipher_list_by_id. This is done only so that a client can ensure that the cipher selected by a server is in the cipher list. This is pretty pointless given that most clients are short-lived and that we already had to iterate over the cipher list in order to build the client hello. Additionally, any update to the cipher list requires that cipher_list_by_id also be updated and kept in sync. Remove all of this and replace it with a simple linear scan - the overhead of duplicating and sorting the cipher list likely exceeds that of a simple linear scan over the cipher list (64 maximum, more typically ~9 or so). ok beck@ tb@ --- lib/libssl/ssl_ciphers.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'lib/libssl/ssl_ciphers.c') diff --git a/lib/libssl/ssl_ciphers.c b/lib/libssl/ssl_ciphers.c index d13ce7a9c5c..478238bd103 100644 --- a/lib/libssl/ssl_ciphers.c +++ b/lib/libssl/ssl_ciphers.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciphers.c,v 1.5 2020/09/11 15:28:07 jsing Exp $ */ +/* $OpenBSD: ssl_ciphers.c,v 1.6 2020/09/11 17:36:27 jsing Exp $ */ /* * Copyright (c) 2015-2017 Doug Hogan * Copyright (c) 2015-2018 Joel Sing @@ -22,6 +22,19 @@ #include "bytestring.h" #include "ssl_locl.h" +int +ssl_cipher_in_list(STACK_OF(SSL_CIPHER) *ciphers, const SSL_CIPHER *cipher) +{ + int i; + + for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { + if (sk_SSL_CIPHER_value(ciphers, i)->id == cipher->id) + return 1; + } + + return 0; +} + int ssl_cipher_allowed_in_version_range(const SSL_CIPHER *cipher, uint16_t min_ver, uint16_t max_ver) -- cgit v1.2.3