Remove cipher_list_by_id.

When parsing a cipher string, a cipher list is created, before being duplicated and sorted - the second copy being stored as cipher_list_by_id. This is done only so that a client can ensure that the cipher selected by a server is in the cipher list. This is pretty pointless given that most clients are short-lived and that we already had to iterate over the cipher list in order to build the client hello. Additionally, any update to the cipher list requires that cipher_list_by_id also be updated and kept in sync. Remove all of this and replace it with a simple linear scan - the overhead of duplicating and sorting the cipher list likely exceeds that of a simple linear scan over the cipher list (64 maximum, more typically ~9 or so). ok beck@ tb@
author: jsing <> 2020-09-11 17:36:27 +0000
committer: jsing <> 2020-09-11 17:36:27 +0000
commit: 188f2a73ec9cc4314b9998227079cccb89e8677a (patch)
tree: 62dedc456145da98fc6ed3e6c1be5685fe0e1232 /src/lib/libssl/ssl_locl.h
parent: 044cfc226bee4d04817ab4f4d3a6b1d0ab4db4ed (diff)
download: openbsd-188f2a73ec9cc4314b9998227079cccb89e8677a.tar.gz
openbsd-188f2a73ec9cc4314b9998227079cccb89e8677a.tar.bz2
openbsd-188f2a73ec9cc4314b9998227079cccb89e8677a.zip
1 files changed, 3 insertions, 11 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index bfd0ea6733..df07ca68a6 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.289 2020/09/11 15:28:08 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.290 2020/09/11 17:36:27 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -599,9 +599,6 @@ typedef struct ssl_ctx_internal_st {
        CRYPTO_EX_DATA ex_data;
-        /* same cipher_list but sorted for lookup */
-        STACK_OF(SSL_CIPHER) *cipher_list_by_id;
        struct cert_st /* CERT */ *cert;
        /* Default values used when no per-SSL value is defined follow */
@@ -746,9 +743,6 @@ typedef struct ssl_internal_st {
        int hit;                /* reusing a previous session */
-        /* crypto */
-        STACK_OF(SSL_CIPHER) *cipher_list_by_id;
        /* These are the ones being used, the ones in SSL_SESSION are
         * the ones to be 'copied' into these ones */
        int mac_flags;
@@ -1127,6 +1121,7 @@ int ssl_version_set_min(const SSL_METHOD *meth, uint16_t ver, uint16_t max_ver,
 int ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver,
    uint16_t *out_ver);
 int ssl_downgrade_max_version(SSL *s, uint16_t *max_ver);
+int ssl_cipher_in_list(STACK_OF(SSL_CIPHER) *ciphers, const SSL_CIPHER *cipher);
 int ssl_cipher_allowed_in_version_range(const SSL_CIPHER *cipher,
    uint16_t min_ver, uint16_t max_ver);
@@ -1166,13 +1161,10 @@ int ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block,
 int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
 SSL_CIPHER *OBJ_bsearch_ssl_cipher_id(SSL_CIPHER *key, SSL_CIPHER const *base,
    int num);
-int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
-    const SSL_CIPHER * const *bp);
 int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb);
 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, CBS *cbs);
 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
-    STACK_OF(SSL_CIPHER) **pref, STACK_OF(SSL_CIPHER) **sorted,
+    STACK_OF(SSL_CIPHER) **pref, const char *rule_str);
-    const char *rule_str);
 void ssl_update_cache(SSL *s, int mode);
 int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
    const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size);
author	jsing <>	2020-09-11 17:36:27 +0000
committer	jsing <>	2020-09-11 17:36:27 +0000
commit	188f2a73ec9cc4314b9998227079cccb89e8677a (patch)
tree	62dedc456145da98fc6ed3e6c1be5685fe0e1232 /src/lib/libssl/ssl_locl.h
parent	044cfc226bee4d04817ab4f4d3a6b1d0ab4db4ed (diff)
download	openbsd-188f2a73ec9cc4314b9998227079cccb89e8677a.tar.gz openbsd-188f2a73ec9cc4314b9998227079cccb89e8677a.tar.bz2 openbsd-188f2a73ec9cc4314b9998227079cccb89e8677a.zip