From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Wed, 21 Jun 2017 08:25:32 +0000 (+0200)
Subject: priority: include a cache of supported ciphersuites
X-Git-Tag: gnutls_3_6_0~363
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=40ca6dc6830450cc02877d4af88e12a07bd6607f;p=thirdparty%2Fgnutls.git

priority: include a cache of supported ciphersuites

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---

diff --git a/lib/algorithms.h b/lib/algorithms.h
index b0334d3a8f..877e7f6d87 100644
--- a/lib/algorithms.h
+++ b/lib/algorithms.h
@@ -31,9 +31,6 @@
 #define GNUTLS_FALLBACK_SCSV_MAJOR 0x56
 #define GNUTLS_FALLBACK_SCSV_MINOR 0x00
 
-/* would allow for 256 ciphersuites */
-#define MAX_CIPHERSUITE_SIZE 512
-
 #define IS_EC(x) (((x)==GNUTLS_PK_ECDSA)||((x)==GNUTLS_PK_ECDHX))
 
 /* Functions for version handling. */
@@ -166,6 +163,11 @@ _gnutls_remove_unwanted_ciphersuites(gnutls_session_t session,
 			     gnutls_pk_algorithm_t * pk_algos,
 			     size_t pk_algos_size);
 
+const gnutls_cipher_suite_entry_st
+    *cipher_suite_get(gnutls_kx_algorithm_t kx_algorithm,
+		      gnutls_cipher_algorithm_t cipher_algorithm,
+		      gnutls_mac_algorithm_t mac_algorithm);
+
 const char *_gnutls_cipher_suite_get_name(const uint8_t suite[2]);
 gnutls_kx_algorithm_t _gnutls_cipher_suite_get_kx_algo(const uint8_t
 						       suite[2]);
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c
index 428c97bc29..867f8c1a0e 100644
--- a/lib/algorithms/ciphersuites.c
+++ b/lib/algorithms/ciphersuites.c
@@ -1174,7 +1174,7 @@ const char *_gnutls_cipher_suite_get_name(const uint8_t suite[2])
 }
 
 
-static const gnutls_cipher_suite_entry_st
+const gnutls_cipher_suite_entry_st
     *cipher_suite_get(gnutls_kx_algorithm_t kx_algorithm,
 		      gnutls_cipher_algorithm_t cipher_algorithm,
 		      gnutls_mac_algorithm_t mac_algorithm)
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 8bb58f53c4..878696491a 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -643,6 +643,13 @@ typedef enum {
 	SR_SAFE
 } safe_renegotiation_t;
 
+#define MAX_CIPHERSUITE_SIZE 256
+
+typedef struct ciphersuite_list_st {
+	const gnutls_cipher_suite_entry_st *entry[MAX_CIPHERSUITE_SIZE];
+	unsigned int size;
+} ciphersuite_list_st;
+
 /* For the external api */
 struct gnutls_priority_st {
 	priority_st cipher;
@@ -653,6 +660,9 @@ struct gnutls_priority_st {
 	priority_st sign_algo;
 	priority_st supported_ecc;
 
+	/* the supported ciphersuites */
+	ciphersuite_list_st cs;
+
 	/* to disable record padding */
 	bool no_extensions;
 	bool no_ext_master_secret;
diff --git a/lib/priority.c b/lib/priority.c
index a56b031d12..214dd89aae 100644
--- a/lib/priority.c
+++ b/lib/priority.c
@@ -33,6 +33,7 @@
 #include <extensions.h>
 #include "fips.h"
 #include "errno.h"
+#include <gnutls/gnutls.h>
 
 #define MAX_ELEMENTS 64
 
@@ -1107,6 +1108,29 @@ finish:
 	return ret;
 }
 
+static void set_ciphersuite_list(gnutls_priority_t priority_cache)
+{
+	unsigned i, j, z;
+	const gnutls_cipher_suite_entry_st *ce;
+
+	priority_cache->cs.size = 0;
+
+	for (i = 0; i < priority_cache->kx.algorithms; i++) {
+		for (j=0;j<priority_cache->cipher.algorithms;j++) {
+			for (z=0;z<priority_cache->mac.algorithms;z++) {
+				ce = cipher_suite_get(
+					priority_cache->kx.priority[i],
+					priority_cache->cipher.priority[j],
+					priority_cache->mac.priority[z]);
+
+				if (ce != NULL && priority_cache->cs.size < MAX_CIPHERSUITE_SIZE) {
+					priority_cache->cs.entry[priority_cache->cs.size++] = ce;
+				}
+			}
+		}
+	}
+}
+
 /**
  * gnutls_priority_init:
  * @priority_cache: is a #gnutls_prioritity_t type.
@@ -1400,6 +1424,9 @@ gnutls_priority_init(gnutls_priority_t * priority_cache,
 	}
 
 	free(darg);
+
+	set_ciphersuite_list(*priority_cache);
+
 	return 0;
 
       error: