[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Fri Nov 15 22:29:46 UTC 2019
The branch master has been updated
via 4bac25e1115b8c613f9fff12b835aca47e2bdef7 (commit)
from d7cea0b8f50ee9cc698211f4fbf8ad5fca5812ad (commit)
- Log -----------------------------------------------------------------
commit 4bac25e1115b8c613f9fff12b835aca47e2bdef7
Author: raniervf <ranier_gyn at hotmail.com>
Date: Sat Nov 16 08:28:00 2019 +1000
commit a6efbe123af3d98b4d10d4fcdfe68dc5303212f8
Author: raniervf <ranier_gyn at hotmail.com>
Date: Thu Nov 7 18:59:11 2019 -0300
Avoid calling strlen repeatedly in loops.
Reviewed-by: Paul Yang <kaishen.yy at antfin.com>
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10380)
-----------------------------------------------------------------------
Summary of changes:
apps/s_server.c | 10 ++++++----
ssl/ssl_ciph.c | 2 +-
ssl/ssl_rsa.c | 14 ++++++++------
3 files changed, 15 insertions(+), 11 deletions(-)
diff --git a/apps/s_server.c b/apps/s_server.c
index 5fa7c2fb42..c81e572267 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2594,8 +2594,8 @@ static int sv_body(int s, int stype, int prot, unsigned char *context)
continue;
}
if (buf[0] == 'P') {
- static const char *str = "Lets print some clear text\n";
- BIO_write(SSL_get_wbio(con), str, strlen(str));
+ static const char str[] = "Lets print some clear text\n";
+ BIO_write(SSL_get_wbio(con), str, sizeof(str) -1);
}
if (buf[0] == 'S') {
print_stats(bio_s_out, SSL_get_SSL_CTX(con));
@@ -3544,6 +3544,8 @@ static int generate_session_id(SSL *ssl, unsigned char *id,
unsigned int *id_len)
{
unsigned int count = 0;
+ unsigned int session_id_prefix_len = strlen(session_id_prefix);
+
do {
if (RAND_bytes(id, *id_len) <= 0)
return 0;
@@ -3555,8 +3557,8 @@ static int generate_session_id(SSL *ssl, unsigned char *id,
* conflicts.
*/
memcpy(id, session_id_prefix,
- (strlen(session_id_prefix) < *id_len) ?
- strlen(session_id_prefix) : *id_len);
+ (session_id_prefix_len < *id_len) ?
+ session_id_prefix_len : *id_len);
}
while (SSL_has_matching_session_id(ssl, id, *id_len) &&
(++count < MAX_SESSION_ID_ATTEMPTS));
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index d047b8ff5d..ffdc4eab5b 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1581,7 +1581,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
rule_p++;
}
- if (ok && (strlen(rule_p) > 0))
+ if (ok && (rule_p[0] != '\0'))
ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list, c);
OPENSSL_free(ca_list); /* Not needed anymore */
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index ae910a04da..b32a7b90bb 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -914,8 +914,9 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
long extension_length = 0;
char *name = NULL;
char *header = NULL;
- char namePrefix1[] = "SERVERINFO FOR ";
- char namePrefix2[] = "SERVERINFOV2 FOR ";
+ static const char namePrefix1[] = "SERVERINFO FOR ";
+ static const char namePrefix2[] = "SERVERINFOV2 FOR ";
+ unsigned int name_len;
int ret = 0;
BIO *bin = NULL;
size_t num_extensions = 0, contextoff = 0;
@@ -951,19 +952,20 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
break;
}
/* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
- if (strlen(name) < strlen(namePrefix1)) {
+ name_len = strlen(name);
+ if (name_len < sizeof(namePrefix1) - 1) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_TOO_SHORT);
goto end;
}
- if (strncmp(name, namePrefix1, strlen(namePrefix1)) == 0) {
+ if (strncmp(name, namePrefix1, sizeof(namePrefix1) - 1) == 0) {
version = SSL_SERVERINFOV1;
} else {
- if (strlen(name) < strlen(namePrefix2)) {
+ if (name_len < sizeof(namePrefix2) - 1) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
SSL_R_PEM_NAME_TOO_SHORT);
goto end;
}
- if (strncmp(name, namePrefix2, strlen(namePrefix2)) != 0) {
+ if (strncmp(name, namePrefix2, sizeof(namePrefix2) - 1) != 0) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
SSL_R_PEM_NAME_BAD_PREFIX);
goto end;
More information about the openssl-commits
mailing list