From: Viktor Dukhovni Date: Thu, 13 Feb 2025 07:40:15 +0000 (+1100) Subject: Refactor squeezing out empty tuples X-Git-Tag: openssl-3.5.0-alpha1~505 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0554bddd4feaa3f7bd0366d9592902548e4acc74;p=thirdparty%2Fopenssl.git Refactor squeezing out empty tuples This is more efficient if multiple empty tuples are present, and may also help to avoid Coverify false positives. Reviewed-by: Tim Hudson Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/26732) --- diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 8fb1470b80f..3d8c5fde76d 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1675,18 +1675,19 @@ int tls1_set_groups_list(SSL_CTX *ctx, } /* - * We check whether a tuple was completly emptied by using "-" prefix excessively, - * in which case we remove the tuple + * We check whether a tuple was completly emptied by using "-" prefix + * excessively, in which case we remove the tuple */ - for (i = 0; i < gcb.tplcnt; i++) { - if (gcb.tuplcnt_arr[i] == 0) { - for (j = i; j < (gcb.tplcnt - 1); j++) /* Move tuples to the left */ - gcb.tuplcnt_arr[j] = gcb.tuplcnt_arr[j + 1]; - - gcb.tplcnt--; /* We just deleted a tuple, update book keeping */ - i--; /* Acount for the fact that the list is shorter now */ - } + for (i = j = 0; j < gcb.tplcnt; j++) { + if (gcb.tuplcnt_arr[j] == 0) + continue; + /* If there's a gap, move to first unfilled slot */ + if (j == i) + ++i; + else + gcb.tuplcnt_arr[i++] = gcb.tuplcnt_arr[j]; } + gcb.tplcnt = i; /* Some more checks (at least one remaining group, not more that nominally 4 key shares */ if (gcb.gidcnt == 0) {