summaryrefslogtreecommitdiff
path: root/src/common
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2012-11-28 12:06:57 -0500
committerNick Mathewson <nickm@torproject.org>2012-12-25 20:14:07 -0500
commit047d9e57b0b6432c3fe0ba365e905916665f4740 (patch)
tree2990fda76bc6fa6bb8586e8319e72de6542f1063 /src/common
parent2a26e1d45f6a0a93feb65cc02dc433303d07c002 (diff)
downloadtor-047d9e57b0b6432c3fe0ba365e905916665f4740.tar.gz
tor-047d9e57b0b6432c3fe0ba365e905916665f4740.zip
Cache the type of client cipher list we have in the tor_tls_t
We already use this classification for deciding whether (as a server) to do a v2/v3 handshake, and we're about to start using it for deciding whether we can use good ciphersuites too.
Diffstat (limited to 'src/common')
-rw-r--r--src/common/tortls.c21
1 files changed, 18 insertions, 3 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 804cec8f1f..715b91b22d 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -170,6 +170,9 @@ struct tor_tls_t {
* one certificate). */
/** True iff we should call negotiated_callback when we're done reading. */
unsigned int got_renegotiate:1;
+ /** Return value from tor_tls_classify_client_ciphers, or 0 if we haven't
+ * called that function yet. */
+ int8_t client_cipher_list_type;
/** Incremented every time we start the server side of a handshake. */
uint8_t server_handshake_count;
size_t wantwrite_n; /**< 0 normally, >0 if we returned wantwrite last
@@ -1416,18 +1419,25 @@ tor_tls_classify_client_ciphers(const SSL *ssl, const char *address)
{
int i, res;
SSL_SESSION *session;
+ tor_tls_t *tor_tls;
if (PREDICT_UNLIKELY(!v2_cipher_list_pruned))
prune_v2_cipher_list();
+ tor_tls = tor_tls_get_by_ssl(ssl);
+ if (tor_tls && tor_tls->client_cipher_list_type)
+ return tor_tls->client_cipher_list_type;
+
/* If we reached this point, we just got a client hello. See if there is
* a cipher list. */
if (!(session = SSL_get_session((SSL *)ssl))) {
log_info(LD_NET, "No session on TLS?");
- return CIPHERS_ERR;
+ res = CIPHERS_ERR;
+ goto done;
}
if (!session->ciphers) {
log_info(LD_NET, "No ciphers on session");
- return CIPHERS_ERR;
+ res = CIPHERS_ERR;
+ goto done;
}
/* Now we need to see if there are any ciphers whose presence means we're
* dealing with an updated Tor. */
@@ -1443,7 +1453,8 @@ tor_tls_classify_client_ciphers(const SSL *ssl, const char *address)
goto v2_or_higher;
}
}
- return CIPHERS_V1;
+ res = CIPHERS_V1;
+ goto done;
v2_or_higher:
{
const uint16_t *v2_cipher = v2_cipher_list;
@@ -1480,6 +1491,10 @@ tor_tls_classify_client_ciphers(const SSL *ssl, const char *address)
tor_free(s);
smartlist_free(elts);
}
+ done:
+ if (tor_tls)
+ return tor_tls->client_cipher_list_type = res;
+
return res;
}