From 9c5d55fbadefe9290f715e121bb2b35a92c19731 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Sun, 12 Jul 2020 22:40:54 +0200 Subject: [PATCH 1/3] src: avoid strcmp in SecureContext::Init --- src/node_crypto.cc | 53 ++++++++++++++++++++-------------------------- 1 file changed, 23 insertions(+), 30 deletions(-) diff --git a/src/node_crypto.cc b/src/node_crypto.cc index eae0f2e49d3c86..552287821c49a3 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -568,84 +568,77 @@ void SecureContext::Init(const FunctionCallbackInfo& args) { if (args[0]->IsString()) { const node::Utf8Value sslmethod(env->isolate(), args[0]); + const std::string methodstr(*sslmethod); // Note that SSLv2 and SSLv3 are disallowed but SSLv23_method and friends // are still accepted. They are OpenSSL's way of saying that all known // protocols below TLS 1.3 are supported unless explicitly disabled (which // we do below for SSLv2 and SSLv3.) - if (strcmp(*sslmethod, "SSLv2_method") == 0) { + if (methodstr == "SSLv2_method" || + methodstr == "SSLv2_server_method" || + methodstr == "SSLv2_client_method") { THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, "SSLv2 methods disabled"); return; - } else if (strcmp(*sslmethod, "SSLv2_server_method") == 0) { - THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, "SSLv2 methods disabled"); - return; - } else if (strcmp(*sslmethod, "SSLv2_client_method") == 0) { - THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, "SSLv2 methods disabled"); - return; - } else if (strcmp(*sslmethod, "SSLv3_method") == 0) { - THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, "SSLv3 methods disabled"); - return; - } else if (strcmp(*sslmethod, "SSLv3_server_method") == 0) { - THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, "SSLv3 methods disabled"); - return; - } else if (strcmp(*sslmethod, "SSLv3_client_method") == 0) { + } else if (methodstr == "SSLv3_method" || + methodstr == "SSLv3_server_method" || + methodstr == "SSLv3_client_method") { THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, "SSLv3 methods disabled"); return; - } else if (strcmp(*sslmethod, "SSLv23_method") == 0) { + } else if (methodstr == "SSLv23_method") { max_version = TLS1_2_VERSION; - } else if (strcmp(*sslmethod, "SSLv23_server_method") == 0) { + } else if (methodstr == "SSLv23_server_method") { max_version = TLS1_2_VERSION; method = TLS_server_method(); - } else if (strcmp(*sslmethod, "SSLv23_client_method") == 0) { + } else if (methodstr == "SSLv23_client_method") { max_version = TLS1_2_VERSION; method = TLS_client_method(); - } else if (strcmp(*sslmethod, "TLS_method") == 0) { + } else if (methodstr == "TLS_method") { min_version = 0; max_version = MAX_SUPPORTED_VERSION; - } else if (strcmp(*sslmethod, "TLS_server_method") == 0) { + } else if (methodstr == "TLS_server_method") { min_version = 0; max_version = MAX_SUPPORTED_VERSION; method = TLS_server_method(); - } else if (strcmp(*sslmethod, "TLS_client_method") == 0) { + } else if (methodstr == "TLS_client_method") { min_version = 0; max_version = MAX_SUPPORTED_VERSION; method = TLS_client_method(); - } else if (strcmp(*sslmethod, "TLSv1_method") == 0) { + } else if (methodstr == "TLSv1_method") { min_version = TLS1_VERSION; max_version = TLS1_VERSION; - } else if (strcmp(*sslmethod, "TLSv1_server_method") == 0) { + } else if (methodstr == "TLSv1_server_method") { min_version = TLS1_VERSION; max_version = TLS1_VERSION; method = TLS_server_method(); - } else if (strcmp(*sslmethod, "TLSv1_client_method") == 0) { + } else if (methodstr == "TLSv1_client_method") { min_version = TLS1_VERSION; max_version = TLS1_VERSION; method = TLS_client_method(); - } else if (strcmp(*sslmethod, "TLSv1_1_method") == 0) { + } else if (methodstr == "TLSv1_1_method") { min_version = TLS1_1_VERSION; max_version = TLS1_1_VERSION; - } else if (strcmp(*sslmethod, "TLSv1_1_server_method") == 0) { + } else if (methodstr == "TLSv1_1_server_method") { min_version = TLS1_1_VERSION; max_version = TLS1_1_VERSION; method = TLS_server_method(); - } else if (strcmp(*sslmethod, "TLSv1_1_client_method") == 0) { + } else if (methodstr == "TLSv1_1_client_method") { min_version = TLS1_1_VERSION; max_version = TLS1_1_VERSION; method = TLS_client_method(); - } else if (strcmp(*sslmethod, "TLSv1_2_method") == 0) { + } else if (methodstr == "TLSv1_2_method") { min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; - } else if (strcmp(*sslmethod, "TLSv1_2_server_method") == 0) { + } else if (methodstr == "TLSv1_2_server_method") { min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; method = TLS_server_method(); - } else if (strcmp(*sslmethod, "TLSv1_2_client_method") == 0) { + } else if (methodstr == "TLSv1_2_client_method") { min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; method = TLS_client_method(); } else { const std::string msg("Unknown method: "); - THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, (msg + * sslmethod).c_str()); + THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, (msg + methodstr).c_str()); return; } } From 24487c90cac5fdcb4336be02e0d70442b2ca0db2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Mon, 13 Jul 2020 20:46:17 +0200 Subject: [PATCH 2/3] fixup! src: avoid strcmp in SecureContext::Init --- src/node_crypto.cc | 45 ++++++++++++++++++++++----------------------- src/util.h | 4 ++++ 2 files changed, 26 insertions(+), 23 deletions(-) diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 552287821c49a3..ffa28051a7bea5 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -568,77 +568,76 @@ void SecureContext::Init(const FunctionCallbackInfo& args) { if (args[0]->IsString()) { const node::Utf8Value sslmethod(env->isolate(), args[0]); - const std::string methodstr(*sslmethod); // Note that SSLv2 and SSLv3 are disallowed but SSLv23_method and friends // are still accepted. They are OpenSSL's way of saying that all known // protocols below TLS 1.3 are supported unless explicitly disabled (which // we do below for SSLv2 and SSLv3.) - if (methodstr == "SSLv2_method" || - methodstr == "SSLv2_server_method" || - methodstr == "SSLv2_client_method") { + if (sslmethod == "SSLv2_method" || + sslmethod == "SSLv2_server_method" || + sslmethod == "SSLv2_client_method") { THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, "SSLv2 methods disabled"); return; - } else if (methodstr == "SSLv3_method" || - methodstr == "SSLv3_server_method" || - methodstr == "SSLv3_client_method") { + } else if (sslmethod == "SSLv3_method" || + sslmethod == "SSLv3_server_method" || + sslmethod == "SSLv3_client_method") { THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, "SSLv3 methods disabled"); return; - } else if (methodstr == "SSLv23_method") { + } else if (sslmethod == "SSLv23_method") { max_version = TLS1_2_VERSION; - } else if (methodstr == "SSLv23_server_method") { + } else if (sslmethod == "SSLv23_server_method") { max_version = TLS1_2_VERSION; method = TLS_server_method(); - } else if (methodstr == "SSLv23_client_method") { + } else if (sslmethod == "SSLv23_client_method") { max_version = TLS1_2_VERSION; method = TLS_client_method(); - } else if (methodstr == "TLS_method") { + } else if (sslmethod == "TLS_method") { min_version = 0; max_version = MAX_SUPPORTED_VERSION; - } else if (methodstr == "TLS_server_method") { + } else if (sslmethod == "TLS_server_method") { min_version = 0; max_version = MAX_SUPPORTED_VERSION; method = TLS_server_method(); - } else if (methodstr == "TLS_client_method") { + } else if (sslmethod == "TLS_client_method") { min_version = 0; max_version = MAX_SUPPORTED_VERSION; method = TLS_client_method(); - } else if (methodstr == "TLSv1_method") { + } else if (sslmethod == "TLSv1_method") { min_version = TLS1_VERSION; max_version = TLS1_VERSION; - } else if (methodstr == "TLSv1_server_method") { + } else if (sslmethod == "TLSv1_server_method") { min_version = TLS1_VERSION; max_version = TLS1_VERSION; method = TLS_server_method(); - } else if (methodstr == "TLSv1_client_method") { + } else if (sslmethod == "TLSv1_client_method") { min_version = TLS1_VERSION; max_version = TLS1_VERSION; method = TLS_client_method(); - } else if (methodstr == "TLSv1_1_method") { + } else if (sslmethod == "TLSv1_1_method") { min_version = TLS1_1_VERSION; max_version = TLS1_1_VERSION; - } else if (methodstr == "TLSv1_1_server_method") { + } else if (sslmethod == "TLSv1_1_server_method") { min_version = TLS1_1_VERSION; max_version = TLS1_1_VERSION; method = TLS_server_method(); - } else if (methodstr == "TLSv1_1_client_method") { + } else if (sslmethod == "TLSv1_1_client_method") { min_version = TLS1_1_VERSION; max_version = TLS1_1_VERSION; method = TLS_client_method(); - } else if (methodstr == "TLSv1_2_method") { + } else if (sslmethod == "TLSv1_2_method") { min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; - } else if (methodstr == "TLSv1_2_server_method") { + } else if (sslmethod == "TLSv1_2_server_method") { min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; method = TLS_server_method(); - } else if (methodstr == "TLSv1_2_client_method") { + } else if (sslmethod == "TLSv1_2_client_method") { min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; method = TLS_client_method(); } else { const std::string msg("Unknown method: "); - THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, (msg + methodstr).c_str()); + THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, (msg + *sslmethod).c_str()); return; } } diff --git a/src/util.h b/src/util.h index 2a4d6e27d59d9e..0844ce2a66a5eb 100644 --- a/src/util.h +++ b/src/util.h @@ -491,6 +491,10 @@ class Utf8Value : public MaybeStackBuffer { explicit Utf8Value(v8::Isolate* isolate, v8::Local value); inline std::string ToString() const { return std::string(out(), length()); } + + inline bool operator==(const char* a) const { + return strcmp(out(), a) == 0; + } }; class TwoByteValue : public MaybeStackBuffer { From c6cf437d03dd7d6a2c1a05cc3a6b6d9d0ba4c464 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Fri, 17 Jul 2020 22:27:36 +0200 Subject: [PATCH 3/3] fixup! src: avoid strcmp in SecureContext::Init --- src/node_crypto.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/node_crypto.cc b/src/node_crypto.cc index ffa28051a7bea5..844aee130ca528 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -637,7 +637,7 @@ void SecureContext::Init(const FunctionCallbackInfo& args) { method = TLS_client_method(); } else { const std::string msg("Unknown method: "); - THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, (msg + *sslmethod).c_str()); + THROW_ERR_TLS_INVALID_PROTOCOL_METHOD(env, (msg + * sslmethod).c_str()); return; } }