From e135bc9d31ad2f13909a2a62fa808e6d299586e6 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 1 Mar 2023 09:59:21 +0100 Subject: [PATCH] schannel: loop over the algos to pick the selected one Avoid using the funny macro and the extra buffer copy. Closes #10647 --- lib/vtls/schannel.c | 131 +++++++++++++++++++++++--------------------- 1 file changed, 68 insertions(+), 63 deletions(-) diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c index cdd8712aa6ea6a..6f94c7e34950f3 100644 --- a/lib/vtls/schannel.c +++ b/lib/vtls/schannel.c @@ -264,128 +264,133 @@ set_ssl_version_min_max(DWORD *enabled_protocols, /* longest is 26, buffer is slightly bigger */ #define LONGEST_ALG_ID 32 -#define CIPHEROPTION(X) \ - if(strcmp(#X, tmp) == 0) \ - return X +#define CIPHEROPTION(x) {#x, x} -static int -get_alg_id_by_name(char *name) -{ - char tmp[LONGEST_ALG_ID] = { 0 }; - char *nameEnd = strchr(name, ':'); - size_t n = nameEnd ? (size_t)(nameEnd - name) : strlen(name); +struct algo { + const char *name; + int id; +}; - /* reject too-long alg names */ - if(n > (LONGEST_ALG_ID - 1)) - return 0; - - strncpy(tmp, name, n); - tmp[n] = 0; - CIPHEROPTION(CALG_MD2); - CIPHEROPTION(CALG_MD4); - CIPHEROPTION(CALG_MD5); - CIPHEROPTION(CALG_SHA); - CIPHEROPTION(CALG_SHA1); - CIPHEROPTION(CALG_MAC); - CIPHEROPTION(CALG_RSA_SIGN); - CIPHEROPTION(CALG_DSS_SIGN); +static const struct algo algs[]= { + CIPHEROPTION(CALG_MD2), + CIPHEROPTION(CALG_MD4), + CIPHEROPTION(CALG_MD5), + CIPHEROPTION(CALG_SHA), + CIPHEROPTION(CALG_SHA1), + CIPHEROPTION(CALG_MAC), + CIPHEROPTION(CALG_RSA_SIGN), + CIPHEROPTION(CALG_DSS_SIGN), /* ifdefs for the options that are defined conditionally in wincrypt.h */ #ifdef CALG_NO_SIGN - CIPHEROPTION(CALG_NO_SIGN); + CIPHEROPTION(CALG_NO_SIGN), #endif - CIPHEROPTION(CALG_RSA_KEYX); - CIPHEROPTION(CALG_DES); + CIPHEROPTION(CALG_RSA_KEYX), + CIPHEROPTION(CALG_DES), #ifdef CALG_3DES_112 - CIPHEROPTION(CALG_3DES_112); + CIPHEROPTION(CALG_3DES_112), #endif - CIPHEROPTION(CALG_3DES); - CIPHEROPTION(CALG_DESX); - CIPHEROPTION(CALG_RC2); - CIPHEROPTION(CALG_RC4); - CIPHEROPTION(CALG_SEAL); + CIPHEROPTION(CALG_3DES), + CIPHEROPTION(CALG_DESX), + CIPHEROPTION(CALG_RC2), + CIPHEROPTION(CALG_RC4), + CIPHEROPTION(CALG_SEAL), #ifdef CALG_DH_SF - CIPHEROPTION(CALG_DH_SF); + CIPHEROPTION(CALG_DH_SF), #endif - CIPHEROPTION(CALG_DH_EPHEM); + CIPHEROPTION(CALG_DH_EPHEM), #ifdef CALG_AGREEDKEY_ANY - CIPHEROPTION(CALG_AGREEDKEY_ANY); + CIPHEROPTION(CALG_AGREEDKEY_ANY), #endif #ifdef CALG_HUGHES_MD5 - CIPHEROPTION(CALG_HUGHES_MD5); + CIPHEROPTION(CALG_HUGHES_MD5), #endif - CIPHEROPTION(CALG_SKIPJACK); + CIPHEROPTION(CALG_SKIPJACK), #ifdef CALG_TEK - CIPHEROPTION(CALG_TEK); + CIPHEROPTION(CALG_TEK), #endif - CIPHEROPTION(CALG_CYLINK_MEK); - CIPHEROPTION(CALG_SSL3_SHAMD5); + CIPHEROPTION(CALG_CYLINK_MEK), + CIPHEROPTION(CALG_SSL3_SHAMD5), #ifdef CALG_SSL3_MASTER - CIPHEROPTION(CALG_SSL3_MASTER); + CIPHEROPTION(CALG_SSL3_MASTER), #endif #ifdef CALG_SCHANNEL_MASTER_HASH - CIPHEROPTION(CALG_SCHANNEL_MASTER_HASH); + CIPHEROPTION(CALG_SCHANNEL_MASTER_HASH), #endif #ifdef CALG_SCHANNEL_MAC_KEY - CIPHEROPTION(CALG_SCHANNEL_MAC_KEY); + CIPHEROPTION(CALG_SCHANNEL_MAC_KEY), #endif #ifdef CALG_SCHANNEL_ENC_KEY - CIPHEROPTION(CALG_SCHANNEL_ENC_KEY); + CIPHEROPTION(CALG_SCHANNEL_ENC_KEY), #endif #ifdef CALG_PCT1_MASTER - CIPHEROPTION(CALG_PCT1_MASTER); + CIPHEROPTION(CALG_PCT1_MASTER), #endif #ifdef CALG_SSL2_MASTER - CIPHEROPTION(CALG_SSL2_MASTER); + CIPHEROPTION(CALG_SSL2_MASTER), #endif #ifdef CALG_TLS1_MASTER - CIPHEROPTION(CALG_TLS1_MASTER); + CIPHEROPTION(CALG_TLS1_MASTER), #endif #ifdef CALG_RC5 - CIPHEROPTION(CALG_RC5); + CIPHEROPTION(CALG_RC5), #endif #ifdef CALG_HMAC - CIPHEROPTION(CALG_HMAC); + CIPHEROPTION(CALG_HMAC), #endif #ifdef CALG_TLS1PRF - CIPHEROPTION(CALG_TLS1PRF); + CIPHEROPTION(CALG_TLS1PRF), #endif #ifdef CALG_HASH_REPLACE_OWF - CIPHEROPTION(CALG_HASH_REPLACE_OWF); + CIPHEROPTION(CALG_HASH_REPLACE_OWF), #endif #ifdef CALG_AES_128 - CIPHEROPTION(CALG_AES_128); + CIPHEROPTION(CALG_AES_128), #endif #ifdef CALG_AES_192 - CIPHEROPTION(CALG_AES_192); + CIPHEROPTION(CALG_AES_192), #endif #ifdef CALG_AES_256 - CIPHEROPTION(CALG_AES_256); + CIPHEROPTION(CALG_AES_256), #endif #ifdef CALG_AES - CIPHEROPTION(CALG_AES); + CIPHEROPTION(CALG_AES), #endif #ifdef CALG_SHA_256 - CIPHEROPTION(CALG_SHA_256); + CIPHEROPTION(CALG_SHA_256), #endif #ifdef CALG_SHA_384 - CIPHEROPTION(CALG_SHA_384); + CIPHEROPTION(CALG_SHA_384), #endif #ifdef CALG_SHA_512 - CIPHEROPTION(CALG_SHA_512); + CIPHEROPTION(CALG_SHA_512), #endif #ifdef CALG_ECDH - CIPHEROPTION(CALG_ECDH); + CIPHEROPTION(CALG_ECDH), #endif #ifdef CALG_ECMQV - CIPHEROPTION(CALG_ECMQV); + CIPHEROPTION(CALG_ECMQV), #endif #ifdef CALG_ECDSA - CIPHEROPTION(CALG_ECDSA); + CIPHEROPTION(CALG_ECDSA), #endif #ifdef CALG_ECDH_EPHEM - CIPHEROPTION(CALG_ECDH_EPHEM); + CIPHEROPTION(CALG_ECDH_EPHEM), #endif - return 0; + {NULL, 0}, +}; + +static int +get_alg_id_by_name(char *name) +{ + char *nameEnd = strchr(name, ':'); + size_t n = nameEnd ? (size_t)(nameEnd - name) : strlen(name); + int i; + + for(i = 0; algs[i].name; i++) { + if((n == strlen(algs[i].name) && !strncmp(algs[i].name, name, n))) + return algs[i].id; + } + return 0; /* not found */ } #define NUM_CIPHERS 47 /* There are 47 options listed above */