[tor-commits] [tor/master] Try to make get_mozilla_ciphers output the right macros in the right order
nickm at torproject.org
nickm at torproject.org
Wed Jun 13 16:11:17 UTC 2012
commit c5dca8f20886f797d079e6de1547dd2e42a9b222
Author: Nick Mathewson <nickm at torproject.org>
Date: Wed Mar 14 17:53:17 2012 -0400
Try to make get_mozilla_ciphers output the right macros in the right order
---
src/common/get_mozilla_ciphers.py | 77 +++++++++++++++++++++++++++++++-----
1 files changed, 66 insertions(+), 11 deletions(-)
diff --git a/src/common/get_mozilla_ciphers.py b/src/common/get_mozilla_ciphers.py
index 9b8af2e..629b4dc 100644
--- a/src/common/get_mozilla_ciphers.py
+++ b/src/common/get_mozilla_ciphers.py
@@ -54,11 +54,35 @@ fileA.close()
# Parse the lines and put them into a dict
ciphers = {}
+cipher_pref = {}
for line in cipherLines:
m = re.search(r'^{\s*\"([^\"]+)\",\s*(\S*)\s*}', line)
if m:
key,value = m.groups()
ciphers[key] = value
+ cipher_pref[value] = key
+
+####
+# Now find the correct order for the ciphers
+fileC = open(ff('security/nss/lib/ssl/sslenum.c'), 'r')
+firefox_ciphers = []
+inEnum=False
+for line in fileC:
+ if not inEnum:
+ if "SSL_ImplementedCiphers[] =" in line:
+ inEnum = True
+ continue
+
+ if line.startswith("};"):
+ break
+
+ m = re.match(r'^\s*([A-Z_0-9]+)\s*', line)
+ if m:
+ if m.group(1) == "0":
+ break
+ firefox_ciphers.append(m.group(1))
+
+fileC.close()
#####
# Read the JS file to understand what ciphers are enabled. The format is
@@ -111,28 +135,59 @@ for x in used_ciphers:
####
# Now read through all the openssl include files, and try to find the openssl
# macro names for those files.
-cipher_hex = {}
+openssl_macro_by_hex = {}
+all_openssl_macros = {}
for fl in oSSLinclude:
fp = open(ossl(fl), 'r')
for line in fp.readlines():
m = re.match('#define\s+(\S+)\s+(\S+)', line)
if m:
value,key = m.groups()
- if key.startswith('0x'):
+ if key.startswith('0x') and "_CK_" in value:
key = key.replace('0x0300','0x').lower()
#print "%s %s" % (key, value)
- cipher_hex[key] = value
+ openssl_macro_by_hex[key] = value
+ all_openssl_macros[value]=key
fp.close()
# Now generate the output.
-for x in cipher_codes:
+print """\
+/* This is an include file used to define the list of ciphers clients should
+ * advertise. Before including it, you should define the CIPHER and XCIPHER
+ * macros.
+ *
+ * This file was automatically generated by get_mozilla_ciphers.py.
+ */"""
+# Go in order by the order in CipherPrefs
+for firefox_macro in firefox_ciphers:
+
try:
- res = """#ifdef %s
- CIPHER(%s, %s)
- #else
- XCIPHER(%s, %s)
- #endif""" % (cipher_hex[x], x, cipher_hex[x], x, cipher_hex[x])
- print res
+ js_cipher_name = cipher_pref[firefox_macro]
except KeyError:
- print "Not found %s" % x
+ # This one has no javascript preference.
+ continue
+
+ # The cipher needs to be enabled in security-prefs.js
+ if enabled_ciphers.get(js_cipher_name, 'false') != 'true':
+ continue
+ hexval = sslProtoD[firefox_macro]
+
+ try:
+ openssl_macro = openssl_macro_by_hex[hexval.lower()]
+ openssl_macro = openssl_macro.replace("_CK_", "_TXT_")
+ if openssl_macro not in all_openssl_macros:
+ raise KeyError()
+ format = {'hex':hexval, 'macro':openssl_macro, 'note':""}
+ except KeyError:
+ # openssl doesn't have a macro for this.
+ format = {'hex':hexval, 'macro':firefox_macro,
+ 'note':"/* No openssl macro found for "+hexval+" */\n"}
+
+ res = """\
+%(note)s#ifdef %(macro)s
+ CIPHER(%(hex)s, %(macro)s)
+#else
+ XCIPHER(%(hex)s, %(macro)s)
+#endif""" % format
+ print res
More information about the tor-commits
mailing list