From 4bac25e1115b8c613f9fff12b835aca47e2bdef7 Mon Sep 17 00:00:00 2001 From: raniervf Date: Sat, 16 Nov 2019 08:28:00 +1000 Subject: [PATCH] commit a6efbe123af3d98b4d10d4fcdfe68dc5303212f8 Author: raniervf Date: Thu Nov 7 18:59:11 2019 -0300 Avoid calling strlen repeatedly in loops. Reviewed-by: Paul Yang Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/10380) --- apps/s_server.c | 10 ++++++---- ssl/ssl_ciph.c | 2 +- ssl/ssl_rsa.c | 14 ++++++++------ 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index 5fa7c2fb42..c81e572267 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2594,8 +2594,8 @@ static int sv_body(int s, int stype, int prot, unsigned char *context) continue; } if (buf[0] == 'P') { - static const char *str = "Lets print some clear text\n"; - BIO_write(SSL_get_wbio(con), str, strlen(str)); + static const char str[] = "Lets print some clear text\n"; + BIO_write(SSL_get_wbio(con), str, sizeof(str) -1); } if (buf[0] == 'S') { print_stats(bio_s_out, SSL_get_SSL_CTX(con)); @@ -3544,6 +3544,8 @@ static int generate_session_id(SSL *ssl, unsigned char *id, unsigned int *id_len) { unsigned int count = 0; + unsigned int session_id_prefix_len = strlen(session_id_prefix); + do { if (RAND_bytes(id, *id_len) <= 0) return 0; @@ -3555,8 +3557,8 @@ static int generate_session_id(SSL *ssl, unsigned char *id, * conflicts. */ memcpy(id, session_id_prefix, - (strlen(session_id_prefix) < *id_len) ? - strlen(session_id_prefix) : *id_len); + (session_id_prefix_len < *id_len) ? + session_id_prefix_len : *id_len); } while (SSL_has_matching_session_id(ssl, id, *id_len) && (++count < MAX_SESSION_ID_ATTEMPTS)); diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index d047b8ff5d..ffdc4eab5b 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1581,7 +1581,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, rule_p++; } - if (ok && (strlen(rule_p) > 0)) + if (ok && (rule_p[0] != '\0')) ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list, c); OPENSSL_free(ca_list); /* Not needed anymore */ diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index ae910a04da..b32a7b90bb 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -914,8 +914,9 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) long extension_length = 0; char *name = NULL; char *header = NULL; - char namePrefix1[] = "SERVERINFO FOR "; - char namePrefix2[] = "SERVERINFOV2 FOR "; + static const char namePrefix1[] = "SERVERINFO FOR "; + static const char namePrefix2[] = "SERVERINFOV2 FOR "; + unsigned int name_len; int ret = 0; BIO *bin = NULL; size_t num_extensions = 0, contextoff = 0; @@ -951,19 +952,20 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) break; } /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */ - if (strlen(name) < strlen(namePrefix1)) { + name_len = strlen(name); + if (name_len < sizeof(namePrefix1) - 1) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_TOO_SHORT); goto end; } - if (strncmp(name, namePrefix1, strlen(namePrefix1)) == 0) { + if (strncmp(name, namePrefix1, sizeof(namePrefix1) - 1) == 0) { version = SSL_SERVERINFOV1; } else { - if (strlen(name) < strlen(namePrefix2)) { + if (name_len < sizeof(namePrefix2) - 1) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_TOO_SHORT); goto end; } - if (strncmp(name, namePrefix2, strlen(namePrefix2)) != 0) { + if (strncmp(name, namePrefix2, sizeof(namePrefix2) - 1) != 0) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_BAD_PREFIX); goto end; -- 2.25.1