Ticket #911: 0001-Add-tls_cipher_list_for_each-helper-function.patch

File 0001-Add-tls_cipher_list_for_each-helper-function.patch, 2.4 KB (added by Steffan Karger, 2 years ago)
  • src/openvpn/ssl.c

    From 8da8a0534888c8733b5c1ef6ebacbfb71a6b1201 Mon Sep 17 00:00:00 2001
    From: Steffan Karger <steffan@karger.me>
    Date: Thu, 20 Jul 2017 20:35:24 +0200
    Subject: [PATCH 1/2] Add tls_cipher_list_for_each() helper function
    
    We regularly have to walk through colon-separated lists, such as
    --tls-cipher of --ncp-ciphers lists.  Create a helper function to
    reduce code duplication.
    
    This is preparing for a commit that performs more accurate worst case
    crypto overhead calculation based on the --ncp-ciphers list.
    
    Signed-off-by: Steffan Karger <steffan@karger.me>
    ---
     src/openvpn/ssl.c | 44 ++++++++++++++++++++++++++++++++++++++++----
     1 file changed, 40 insertions(+), 4 deletions(-)
    
    diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
    index 8440f27..7a255c7 100644
    a b key_ctx_update_implicit_iv(struct key_ctx *ctx, uint8_t *key, size_t key_len) 
    18871887    }
    18881888}
    18891889
    1890 bool
    1891 tls_item_in_cipher_list(const char *item, const char *list)
     1890
     1891/**
     1892 * Function prototype to use with tls_cipher_list_for_each.
     1893 *
     1894 * @param ciphername    The current cipher name.
     1895 * @param ctx           The function context.
     1896 *
     1897 * @return true stops iterating.
     1898 */
     1899typedef bool (*foreach_func)(const char *ciphername, void *ctx);
     1900
     1901/**
     1902 * Call func for each item in colon-separated list.
     1903 */
     1904static void
     1905tls_cipher_list_for_each(const char *list, foreach_func func, void *func_ctx)
    18921906{
    18931907    char *tmp_ciphers = string_alloc(list, NULL);
    18941908    char *tmp_ciphers_orig = tmp_ciphers;
    tls_item_in_cipher_list(const char *item, const char *list) 
    18961910    const char *token = strtok(tmp_ciphers, ":");
    18971911    while (token)
    18981912    {
    1899         if (0 == strcmp(token, item))
     1913        if (func(token, func_ctx))
    19001914        {
    19011915            break;
    19021916        }
    19031917        token = strtok(NULL, ":");
    19041918    }
    19051919    free(tmp_ciphers_orig);
     1920}
     1921
     1922struct cipher_equal_ctx {
     1923    const char *match;
     1924    bool found;
     1925};
     1926static bool cipher_equal(const char *ciphername, void *vctx)
     1927{
     1928    struct cipher_equal_ctx *ctx = vctx;
     1929    ctx->found = 0 == strcmp(ciphername, ctx->match);
     1930    return ctx->found;
     1931}
     1932
     1933bool
     1934tls_item_in_cipher_list(const char *item, const char *list)
     1935{
     1936    struct cipher_equal_ctx ctx = (struct cipher_equal_ctx) {
     1937        .match = item,
     1938        .found = false,
     1939    };
     1940
     1941    tls_cipher_list_for_each(list, cipher_equal, &ctx);
    19061942
    1907     return token != NULL;
     1943    return ctx.found;
    19081944}
    19091945
    19101946void