Avoid reallocating for `suitable_suites` in `server/hs.rs`

2024-02-05 14:10:14 -08:00 · 2024-02-05 14:10:14 -08:00 · 616d0dde7a
parent ec11229787
commit 616d0dde7a
2 changed files with 14 additions and 40 deletions
--- a/rustls/src/server/hs.rs
+++ b/rustls/src/server/hs.rs
@ -334,19 +334,19 @@ impl ExpectClientHello {
        };
        let certkey = ActiveCertifiedKey::from_certified_key(&certkey);

-        // Reduce our supported ciphersuites by the certificate.
-        // (no-op for TLS1.3)
-        let suitable_suites = suites::reduce_given_sigalg(
-            &self.config.provider.cipher_suites,
-            certkey.get_key().algorithm(),
-        );
-
-        // And version
-        let suitable_suites = suites::reduce_given_version_and_protocol(
-            &suitable_suites,
-            version,
-            cx.common.protocol,
-        );
+        let suitable_suites = self
+            .config
+            .provider
+            .cipher_suites
+            .iter()
+            .filter(|suite| {
+                // Reduce our supported ciphersuites by the certificate.
+                suite.usable_for_signature_algorithm(certkey.get_key().algorithm())
+                // And version
+                && suite.version().version == version && suite.usable_for_protocol(cx.common.protocol)
+            })
+            .copied()
+            .collect::<Vec<_>>();

        let suite = if self.config.ignore_client_order {
            suites::choose_ciphersuite_preferring_server(
--- a/rustls/src/suites.rs
+++ b/rustls/src/suites.rs
@ -1,7 +1,7 @@
 use crate::common_state::Protocol;
 use crate::crypto;
 use crate::crypto::cipher::{AeadKey, Iv};
-use crate::enums::{CipherSuite, ProtocolVersion, SignatureAlgorithm, SignatureScheme};
+use crate::enums::{CipherSuite, SignatureAlgorithm, SignatureScheme};
 #[cfg(feature = "tls12")]
 use crate::tls12::Tls12CipherSuite;
 use crate::tls13::Tls13CipherSuite;
@ -9,7 +9,6 @@ use crate::tls13::Tls13CipherSuite;
 use crate::versions::TLS12;
 use crate::versions::{SupportedProtocolVersion, TLS13};

-use alloc::vec::Vec;
 use core::fmt;

 /// Common state for cipher suites (both for TLS 1.2 and TLS 1.3)
@ -174,31 +173,6 @@ pub(crate) fn choose_ciphersuite_preferring_server(
    None
 }

-/// Return a list of the ciphersuites in `all` with the suites
-/// incompatible with `SignatureAlgorithm` `sigalg` removed.
-pub(crate) fn reduce_given_sigalg(
-    all: &[SupportedCipherSuite],
-    sigalg: SignatureAlgorithm,
-) -> Vec<SupportedCipherSuite> {
-    all.iter()
-        .filter(|&&suite| suite.usable_for_signature_algorithm(sigalg))
-        .copied()
-        .collect()
-}
-
-/// Return a list of the ciphersuites in `all` with the suites
-/// incompatible with the chosen `version` removed.
-pub(crate) fn reduce_given_version_and_protocol(
-    all: &[SupportedCipherSuite],
-    version: ProtocolVersion,
-    proto: Protocol,
-) -> Vec<SupportedCipherSuite> {
-    all.iter()
-        .filter(|&&suite| suite.version().version == version && suite.usable_for_protocol(proto))
-        .copied()
-        .collect()
-}
-
 /// Return true if `sigscheme` is usable by any of the given suites.
 pub(crate) fn compatible_sigscheme_for_suites(
    sigscheme: SignatureScheme,