tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE
commit 25bdc3d121b51c5a91132618d77044ceb6245872
parent 010cbb535330643f12b68f0bea40f17b0c8c87ca
Author: Alex Xu (Hello71) <alex_y_xu@yahoo.ca>
Date:   Tue, 13 May 2025 00:12:35 -0400

Remove unused client cipher related functions

Follow-up for ddf16d6756 ("Remove support for client cipher classification.")

Diffstat:

Msrc/lib/tls/tortls.h | 2--


Msrc/lib/tls/tortls_nss.c | 24------------------------


Msrc/lib/tls/tortls_openssl.c | 7-------


Msrc/lib/tls/tortls_st.h | 3---


Msrc/test/test_tortls_openssl.c | 155-------------------------------------------------------------------------------


5 files changed, 0 insertions(+), 191 deletions(-)

diff --git a/src/lib/tls/tortls.h b/src/lib/tls/tortls.h
@@ -136,8 +136,6 @@ int tor_tls_get_my_certs(int server,
                          const struct tor_x509_cert_t **link_cert_out,
                          const struct tor_x509_cert_t **id_cert_out);
 
-const char *tor_tls_get_ciphersuite_name(tor_tls_t *tls);
-
 int evaluate_ecgroup_for_tls(const char *ecgroup);
 
 #endif /* !defined(TOR_TORTLS_H) */
diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c
@@ -739,30 +739,6 @@ tor_tls_export_key_material,(tor_tls_t *tls, uint8_t *secrets_out,
   return (s == SECSuccess) ? 0 : -1;
 }
 
-const char *
-tor_tls_get_ciphersuite_name(tor_tls_t *tls)
-{
-  tor_assert(tls);
-
-  SSLChannelInfo channel_info;
-  SSLCipherSuiteInfo cipher_info;
-
-  memset(&channel_info, 0, sizeof(channel_info));
-  memset(&cipher_info, 0, sizeof(cipher_info));
-
-  SECStatus s = SSL_GetChannelInfo(tls->ssl,
-                                   &channel_info, sizeof(channel_info));
-  if (s != SECSuccess)
-    return NULL;
-
-  s = SSL_GetCipherSuiteInfo(channel_info.cipherSuite,
-                             &cipher_info, sizeof(cipher_info));
-  if (s != SECSuccess)
-    return NULL;
-
-  return cipher_info.cipherSuiteName;
-}
-
 /** The group we should use for ecdhe when none was selected. */
 #define SEC_OID_TOR_DEFAULT_ECDHE_GROUP SEC_OID_ANSIX962_EC_PRIME256V1
 
diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c
@@ -626,13 +626,6 @@ tor_tls_debug_state_callback(const SSL *ssl, int type, int val)
   /* LCOV_EXCL_STOP */
 }
 
-/* Return the name of the negotiated ciphersuite in use on <b>tls</b> */
-const char *
-tor_tls_get_ciphersuite_name(tor_tls_t *tls)
-{
-  return SSL_get_cipher(tls->ssl);
-}
-
 /** Create a new TLS object from a file descriptor, and a flag to
  * determine whether it is functioning as a server.
  */
diff --git a/src/lib/tls/tortls_st.h b/src/lib/tls/tortls_st.h
@@ -50,9 +50,6 @@ struct tor_tls_t {
                                        * have completed successfully. */
   unsigned int isServer:1; /**< True iff this is a server-side connection */
 #ifdef ENABLE_OPENSSL
-  /** Return value from tor_tls_classify_client_ciphers, or 0 if we haven't
-   * called that function yet. */
-  int8_t client_cipher_list_type;
   size_t wantwrite_n; /**< 0 normally, >0 if we returned wantwrite last
                        * time. */
   /** Last values retrieved from BIO_number_read()/write(); see
diff --git a/src/test/test_tortls_openssl.c b/src/test/test_tortls_openssl.c
@@ -498,143 +498,6 @@ test_tortls_cert_get_key(void *ignored)
 #endif /* !defined(OPENSSL_OPAQUE) */
 
 #ifndef OPENSSL_OPAQUE
-static void
-test_tortls_get_ciphersuite_name(void *ignored)
-{
-  (void)ignored;
-  const char *ret;
-  tor_tls_t *ctx;
-  ctx = tor_malloc_zero(sizeof(tor_tls_t));
-  ctx->ssl = tor_malloc_zero(sizeof(SSL));
-
-  ret = tor_tls_get_ciphersuite_name(ctx);
-  tt_str_op(ret, OP_EQ, "(NONE)");
-
- done:
-  tor_free(ctx->ssl);
-  tor_free(ctx);
-}
-
-static SSL_CIPHER *
-get_cipher_by_id(uint16_t id)
-{
-  int i;
-  const SSL_METHOD *method = SSLv23_method();
-  int num = method->num_ciphers();
-  for (i = 0; i < num; ++i) {
-    const SSL_CIPHER *cipher = method->get_cipher(i);
-    if (id == (SSL_CIPHER_get_id(cipher) & 0xffff)) {
-      return (SSL_CIPHER *)cipher;
-    }
-  }
-
-  return NULL;
-}
-
-static void
-test_tortls_classify_client_ciphers(void *ignored)
-{
-  (void)ignored;
-  int i;
-  int ret;
-  SSL_CTX *ctx;
-  SSL *ssl;
-  tor_tls_t *tls;
-  STACK_OF(SSL_CIPHER) *ciphers;
-  SSL_CIPHER *tmp_cipher;
-
-  library_init();
-
-  tor_tls_allocate_tor_tls_object_ex_data_index();
-
-  tls = tor_malloc_zero(sizeof(tor_tls_t));
-  tls->magic = TOR_TLS_MAGIC;
-
-  ctx = SSL_CTX_new(TLSv1_method());
-  ssl = SSL_new(ctx);
-  tls->ssl = ssl;
-
-  ciphers = sk_SSL_CIPHER_new_null();
-
-  ret = tor_tls_classify_client_ciphers(ssl, NULL);
-  tt_int_op(ret, OP_EQ, -1);
-
-  SSL_set_ex_data(ssl, tor_tls_object_ex_data_index, tls);
-  tls->client_cipher_list_type = 42;
-
-  ret = tor_tls_classify_client_ciphers(ssl, NULL);
-  tt_int_op(ret, OP_EQ, 42);
-
-  tls->client_cipher_list_type = 0;
-  ret = tor_tls_classify_client_ciphers(ssl, ciphers);
-  tt_int_op(ret, OP_EQ, 1);
-  tt_int_op(tls->client_cipher_list_type, OP_EQ, 1);
-
-  tls->client_cipher_list_type = 0;
-  ret = tor_tls_classify_client_ciphers(ssl, SSL_get_ciphers(ssl));
-  tt_int_op(ret, OP_EQ, 3);
-  tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
-
-  SSL_CIPHER *one = get_cipher_by_name(TLS1_TXT_DHE_RSA_WITH_AES_128_SHA),
-    *two = get_cipher_by_name(TLS1_TXT_DHE_RSA_WITH_AES_256_SHA),
-    *three = get_cipher_by_name(SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA),
-    *four = NULL;
-  sk_SSL_CIPHER_push(ciphers, one);
-  sk_SSL_CIPHER_push(ciphers, two);
-  sk_SSL_CIPHER_push(ciphers, three);
-  sk_SSL_CIPHER_push(ciphers, four);
-
-  tls->client_cipher_list_type = 0;
-  ret = tor_tls_classify_client_ciphers(ssl, ciphers);
-  tt_int_op(ret, OP_EQ, 1);
-  tt_int_op(tls->client_cipher_list_type, OP_EQ, 1);
-
-  sk_SSL_CIPHER_zero(ciphers);
-
-  one = get_cipher_by_name("ECDHE-RSA-AES256-GCM-SHA384");
-  tt_assert(one);
-  one->id = 0x00ff;
-  two = get_cipher_by_name("ECDHE-RSA-AES128-GCM-SHA256");
-  tt_assert(two);
-  two->id = 0x0000;
-  sk_SSL_CIPHER_push(ciphers, one);
-  tls->client_cipher_list_type = 0;
-  ret = tor_tls_classify_client_ciphers(ssl, ciphers);
-  tt_int_op(ret, OP_EQ, 3);
-  tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
-
-  sk_SSL_CIPHER_push(ciphers, two);
-  tls->client_cipher_list_type = 0;
-  ret = tor_tls_classify_client_ciphers(ssl, ciphers);
-  tt_int_op(ret, OP_EQ, 3);
-  tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
-
-  one->id = 0xC00A;
-  tls->client_cipher_list_type = 0;
-  ret = tor_tls_classify_client_ciphers(ssl, ciphers);
-  tt_int_op(ret, OP_EQ, 3);
-  tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
-
-  sk_SSL_CIPHER_zero(ciphers);
-  for (i=0; v2_cipher_list[i]; i++) {
-    tmp_cipher = get_cipher_by_id(v2_cipher_list[i]);
-    tt_assert(tmp_cipher);
-    sk_SSL_CIPHER_push(ciphers, tmp_cipher);
-  }
-  tls->client_cipher_list_type = 0;
-  ret = tor_tls_classify_client_ciphers(ssl, ciphers);
-  tt_int_op(ret, OP_EQ, 2);
-  tt_int_op(tls->client_cipher_list_type, OP_EQ, 2);
-
- done:
-  sk_SSL_CIPHER_free(ciphers);
-  SSL_free(tls->ssl);
-  tor_free(tls);
-  SSL_CTX_free(ctx);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-#ifndef OPENSSL_OPAQUE
 static int fixed_ssl_pending_result = 0;
 
 static int
@@ -952,24 +815,6 @@ test_tortls_set_renegotiate_callback(void *ignored)
 #endif /* !defined(OPENSSL_OPAQUE) */
 
 #ifndef OPENSSL_OPAQUE
-static SSL_CIPHER *fixed_cipher1 = NULL;
-static SSL_CIPHER *fixed_cipher2 = NULL;
-static const SSL_CIPHER *
-fake_get_cipher(unsigned ncipher)
-{
-
-  switch (ncipher) {
-  case 1:
-    return fixed_cipher1;
-  case 2:
-    return fixed_cipher2;
-  default:
-    return NULL;
-  }
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-#ifndef OPENSSL_OPAQUE
 static void
 test_tortls_debug_state_callback(void *ignored)
 {