diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-11-28 12:06:57 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-12-25 20:14:07 -0500 |
| commit | 047d9e57b0b6432c3fe0ba365e905916665f4740 (patch) | |
| tree | 2990fda76bc6fa6bb8586e8319e72de6542f1063 /src/common/tortls.c | |
| parent | 2a26e1d45f6a0a93feb65cc02dc433303d07c002 (diff) | |
| download | tor-047d9e57b0b6432c3fe0ba365e905916665f4740.tar tor-047d9e57b0b6432c3fe0ba365e905916665f4740.tar.gz | |
Cache the type of client cipher list we have in the tor_tls_t
We already use this classification for deciding whether (as a server)
to do a v2/v3 handshake, and we're about to start using it for
deciding whether we can use good ciphersuites too.
Diffstat (limited to 'src/common/tortls.c')
| -rw-r--r-- | src/common/tortls.c | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index 804cec8f1..715b91b22 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -170,6 +170,9 @@ struct tor_tls_t { * one certificate). */ /** True iff we should call negotiated_callback when we're done reading. */ unsigned int got_renegotiate:1; + /** Return value from tor_tls_classify_client_ciphers, or 0 if we haven't + * called that function yet. */ + int8_t client_cipher_list_type; /** Incremented every time we start the server side of a handshake. */ uint8_t server_handshake_count; size_t wantwrite_n; /**< 0 normally, >0 if we returned wantwrite last @@ -1416,18 +1419,25 @@ tor_tls_classify_client_ciphers(const SSL *ssl, const char *address) { int i, res; SSL_SESSION *session; + tor_tls_t *tor_tls; if (PREDICT_UNLIKELY(!v2_cipher_list_pruned)) prune_v2_cipher_list(); + tor_tls = tor_tls_get_by_ssl(ssl); + if (tor_tls && tor_tls->client_cipher_list_type) + return tor_tls->client_cipher_list_type; + /* If we reached this point, we just got a client hello. See if there is * a cipher list. */ if (!(session = SSL_get_session((SSL *)ssl))) { log_info(LD_NET, "No session on TLS?"); - return CIPHERS_ERR; + res = CIPHERS_ERR; + goto done; } if (!session->ciphers) { log_info(LD_NET, "No ciphers on session"); - return CIPHERS_ERR; + res = CIPHERS_ERR; + goto done; } /* Now we need to see if there are any ciphers whose presence means we're * dealing with an updated Tor. */ @@ -1443,7 +1453,8 @@ tor_tls_classify_client_ciphers(const SSL *ssl, const char *address) goto v2_or_higher; } } - return CIPHERS_V1; + res = CIPHERS_V1; + goto done; v2_or_higher: { const uint16_t *v2_cipher = v2_cipher_list; @@ -1480,6 +1491,10 @@ tor_tls_classify_client_ciphers(const SSL *ssl, const char *address) tor_free(s); smartlist_free(elts); } + done: + if (tor_tls) + return tor_tls->client_cipher_list_type = res; + return res; } |