Re: [Openvpn-devel] [PATCH v2 2/3] Refactor counting number of element in a : delimited list into function

Sat, 18 Apr 2020 14:13:21 -0700 

Hi,

On 16/04/2020 17:26, Arne Schwabe wrote:
> Signed-off-by: Arne Schwabe <a...@rfc2549.org>

Patch looks good and does what it says.

I tested the parser to make sure it still parses the ciphers as
expected, and it does:

./openvpn --tls-cipher
TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256:TLS-RSA-PSK-WITH-AES-256-GCM-SHA384:TLS-RSA-PSK-WITH-AES-256-CBC-SHA384
--show-tls
Available TLS Ciphers, listed in order of preference:

For TLS 1.2 and older (--tls-cipher):

TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256
TLS-RSA-PSK-WITH-AES-256-GCM-SHA384
TLS-RSA-PSK-WITH-AES-256-CBC-SHA384

So all good imho.

Acked-by: Antonio Quartulli <anto...@openvpn.net>

Regards,


> ---
>  src/openvpn/misc.c        | 19 +++++++++++++++++++
>  src/openvpn/misc.h        | 14 ++++++++++++++
>  src/openvpn/ssl_mbedtls.c | 15 ++-------------
>  3 files changed, 35 insertions(+), 13 deletions(-)
> 
> diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
> index 1c17948c..a768f88d 100644
> --- a/src/openvpn/misc.c
> +++ b/src/openvpn/misc.c
> @@ -765,4 +765,23 @@ output_peer_info_env(struct env_set *es, const char 
> *peer_info)
>      }
>  }
>  
> +int
> +get_num_elements(const char *string, char delimiter)
> +{
> +    int string_len = strlen(string);
> +
> +    ASSERT(0 != string_len);
> +
> +    int element_count = 1;
> +    /* Get number of ciphers */
> +    for (int i = 0; i < string_len; i++)
> +    {
> +        if (string[i] == delimiter)
> +        {
> +            element_count++;
> +        }
> +    }
> +
> +    return element_count;
> +}
>  #endif /* P2MP_SERVER */
> diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h
> index 991b7df2..2605c6d2 100644
> --- a/src/openvpn/misc.h
> +++ b/src/openvpn/misc.h
> @@ -175,4 +175,18 @@ void output_peer_info_env(struct env_set *es, const char 
> *peer_info);
>  
>  #endif /* P2MP_SERVER */
>  
> +/**
> + * Returns the occurrences of 'delimiter' in a string +1
> + * This is typically used to find out the number elements in a
> + * cipher string or similar that is separated by : like
> + *
> + *   X25519:secp256r1:X448:secp512r1:secp384r1:brainpoolP384r1
> + *
> + * @param string        the string to work on
> + * @param delimiter     the delimiter to count, typically ':'
> + * @return              occrrences of delimiter + 1
> + */
> +int
> +get_num_elements(const char *string, char delimiter);
> +
>  #endif /* ifndef MISC_H */
> diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c
> index 4f194ad7..51669278 100644
> --- a/src/openvpn/ssl_mbedtls.c
> +++ b/src/openvpn/ssl_mbedtls.c
> @@ -289,33 +289,22 @@ void
>  tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
>  {
>      char *tmp_ciphers, *tmp_ciphers_orig, *token;
> -    int i, cipher_count;
> -    int ciphers_len;
>  
>      if (NULL == ciphers)
>      {
>          return; /* Nothing to do */
> -
>      }
> -    ciphers_len = strlen(ciphers);
>  
>      ASSERT(NULL != ctx);
> -    ASSERT(0 != ciphers_len);
>  
>      /* Get number of ciphers */
> -    for (i = 0, cipher_count = 1; i < ciphers_len; i++)
> -    {
> -        if (ciphers[i] == ':')
> -        {
> -            cipher_count++;
> -        }
> -    }
> +    int cipher_count = get_num_elements(ciphers, ':');
>  
>      /* Allocate an array for them */
>      ALLOC_ARRAY_CLEAR(ctx->allowed_ciphers, int, cipher_count+1)
>  
>      /* Parse allowed ciphers, getting IDs */
> -    i = 0;
> +    int i = 0;
>      tmp_ciphers_orig = tmp_ciphers = string_alloc(ciphers, NULL);
>  
>      token = strtok(tmp_ciphers, ":");
> 

-- 
Antonio Quartulli


_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to