[openssl] OpenSSL_1_1_1-stable update

kaduk at mit.edu kaduk at mit.edu
Mon Nov 2 20:03:53 UTC 2020


The branch OpenSSL_1_1_1-stable has been updated
       via  25fa346e906c4f487727cfebd5a40740709e677b (commit)
       via  d5242203692812a57b2012083822f0c818ca55c1 (commit)
      from  5795acffd8706e1cb584284ee5bb3a30986d0e75 (commit)


- Log -----------------------------------------------------------------
commit 25fa346e906c4f487727cfebd5a40740709e677b
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Sun Sep 27 15:01:12 2020 -0700

    Unify ssl3_get_cipher_by_std_name() implementation
    
    The handling for the SCSVs was the same as for regular ciphers;
    just merge them into the same table-driven handler.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    
    (cherry picked from commit 231849bc9ca69dfd3adf40821421d8e2d804d8e8)
    
    (Merged from https://github.com/openssl/openssl/pull/13280)

commit d5242203692812a57b2012083822f0c818ca55c1
Author: hklaas <71921312+hklaas at users.noreply.github.com>
Date:   Sat Sep 26 10:54:13 2020 +0100

    optimise ssl3_get_cipher_by_std_name()
    
    Return immediately on matched cipher. Without this patch the code only breaks out of the inner for loop, meaning for a matched TLS13 cipher the code will still loop through 160ish SSL3 ciphers.
    
    CLA: trivial
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    
    (cherry picked from commit d93bded6aa2852e681de2ed76fb43c415687af68)
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/13280)

-----------------------------------------------------------------------

Summary of changes:
 ssl/s3_lib.c | 21 ++++++---------------
 1 file changed, 6 insertions(+), 15 deletions(-)

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index a987604bcd..4511b52c9a 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4072,9 +4072,10 @@ const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
 
 const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
 {
-    SSL_CIPHER *c = NULL, *tbl;
-    SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers};
-    size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS};
+    SSL_CIPHER *tbl;
+    SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs};
+    size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS,
+                              SSL3_NUM_SCSVS};
 
     /* this is not efficient, necessary to optimize this? */
     for (j = 0; j < OSSL_NELEM(alltabs); j++) {
@@ -4082,21 +4083,11 @@ const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
             if (tbl->stdname == NULL)
                 continue;
             if (strcmp(stdname, tbl->stdname) == 0) {
-                c = tbl;
-                break;
-            }
-        }
-    }
-    if (c == NULL) {
-        tbl = ssl3_scsvs;
-        for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
-            if (strcmp(stdname, tbl->stdname) == 0) {
-                c = tbl;
-                break;
+                return tbl;
             }
         }
     }
-    return c;
+    return NULL;
 }
 
 /*


More information about the openssl-commits mailing list