commit c5dca8f20886f797d079e6de1547dd2e42a9b222 Author: Nick Mathewson nickm@torproject.org Date: Wed Mar 14 17:53:17 2012 -0400
Try to make get_mozilla_ciphers output the right macros in the right order --- src/common/get_mozilla_ciphers.py | 77 +++++++++++++++++++++++++++++++----- 1 files changed, 66 insertions(+), 11 deletions(-)
diff --git a/src/common/get_mozilla_ciphers.py b/src/common/get_mozilla_ciphers.py index 9b8af2e..629b4dc 100644 --- a/src/common/get_mozilla_ciphers.py +++ b/src/common/get_mozilla_ciphers.py @@ -54,11 +54,35 @@ fileA.close()
# Parse the lines and put them into a dict ciphers = {} +cipher_pref = {} for line in cipherLines: m = re.search(r'^{\s*"([^"]+)",\s*(\S*)\s*}', line) if m: key,value = m.groups() ciphers[key] = value + cipher_pref[value] = key + +#### +# Now find the correct order for the ciphers +fileC = open(ff('security/nss/lib/ssl/sslenum.c'), 'r') +firefox_ciphers = [] +inEnum=False +for line in fileC: + if not inEnum: + if "SSL_ImplementedCiphers[] =" in line: + inEnum = True + continue + + if line.startswith("};"): + break + + m = re.match(r'^\s*([A-Z_0-9]+)\s*', line) + if m: + if m.group(1) == "0": + break + firefox_ciphers.append(m.group(1)) + +fileC.close()
##### # Read the JS file to understand what ciphers are enabled. The format is @@ -111,28 +135,59 @@ for x in used_ciphers: #### # Now read through all the openssl include files, and try to find the openssl # macro names for those files. -cipher_hex = {} +openssl_macro_by_hex = {} +all_openssl_macros = {} for fl in oSSLinclude: fp = open(ossl(fl), 'r') for line in fp.readlines(): m = re.match('#define\s+(\S+)\s+(\S+)', line) if m: value,key = m.groups() - if key.startswith('0x'): + if key.startswith('0x') and "_CK_" in value: key = key.replace('0x0300','0x').lower() #print "%s %s" % (key, value) - cipher_hex[key] = value + openssl_macro_by_hex[key] = value + all_openssl_macros[value]=key fp.close()
# Now generate the output. -for x in cipher_codes: +print """\ +/* This is an include file used to define the list of ciphers clients should + * advertise. Before including it, you should define the CIPHER and XCIPHER + * macros. + * + * This file was automatically generated by get_mozilla_ciphers.py. + */""" +# Go in order by the order in CipherPrefs +for firefox_macro in firefox_ciphers: + try: - res = """#ifdef %s - CIPHER(%s, %s) - #else - XCIPHER(%s, %s) - #endif""" % (cipher_hex[x], x, cipher_hex[x], x, cipher_hex[x]) - print res + js_cipher_name = cipher_pref[firefox_macro] except KeyError: - print "Not found %s" % x + # This one has no javascript preference. + continue + + # The cipher needs to be enabled in security-prefs.js + if enabled_ciphers.get(js_cipher_name, 'false') != 'true': + continue
+ hexval = sslProtoD[firefox_macro] + + try: + openssl_macro = openssl_macro_by_hex[hexval.lower()] + openssl_macro = openssl_macro.replace("_CK_", "_TXT_") + if openssl_macro not in all_openssl_macros: + raise KeyError() + format = {'hex':hexval, 'macro':openssl_macro, 'note':""} + except KeyError: + # openssl doesn't have a macro for this. + format = {'hex':hexval, 'macro':firefox_macro, + 'note':"/* No openssl macro found for "+hexval+" */\n"} + + res = """\ +%(note)s#ifdef %(macro)s + CIPHER(%(hex)s, %(macro)s) +#else + XCIPHER(%(hex)s, %(macro)s) +#endif""" % format + print res