diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-04-28 10:31:50 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-04-28 13:42:40 +0200 |
commit | 8d095429ea6f01a6db84df8d896a0f7bb5b0bba1 (patch) | |
tree | ae6de0e0f165250186aad2eb9e08dcb87b740a9b | |
parent | cfe068979d11ef99362cb3b2354556c275911a1b (diff) | |
download | gnutls-8d095429ea6f01a6db84df8d896a0f7bb5b0bba1.tar.gz |
instead of assigning a variable per flag use the init flags directly
That is store the flags provided in gnutls_init() in the session structure
and use these flags directly when required.
-rw-r--r-- | lib/auth/cert.c | 2 | ||||
-rw-r--r-- | lib/dtls.c | 6 | ||||
-rw-r--r-- | lib/dtls.h | 2 | ||||
-rw-r--r-- | lib/ext/ext_master_secret.c | 4 | ||||
-rw-r--r-- | lib/gnutls_int.h | 10 | ||||
-rw-r--r-- | lib/handshake.c | 6 | ||||
-rw-r--r-- | lib/record.c | 8 | ||||
-rw-r--r-- | lib/state.c | 20 |
8 files changed, 17 insertions, 41 deletions
diff --git a/lib/auth/cert.c b/lib/auth/cert.c index e08e20bd77..c68eb1a981 100644 --- a/lib/auth/cert.c +++ b/lib/auth/cert.c @@ -223,7 +223,7 @@ find_x509_client_cert(gnutls_session_t session, * then send that one. */ if (cred->ncerts == 1 && - (data_size == 0 || session->internals.force_client_cert)) { + (data_size == 0 || (session->internals.flags & GNUTLS_FORCE_CLIENT_CERT))) { *indx = 0; return 0; } diff --git a/lib/dtls.c b/lib/dtls.c index 6ae3056910..ece8c66291 100644 --- a/lib/dtls.c +++ b/lib/dtls.c @@ -241,7 +241,7 @@ int _dtls_transmit(gnutls_session_t session) * return. */ if (session->internals.dtls.flight_init != 0 - && session->internals.blocking == 0) { + && (session->internals.flags & GNUTLS_NONBLOCK)) { /* just in case previous run was interrupted */ ret = _gnutls_io_write_flush(session); if (ret < 0) { @@ -360,7 +360,7 @@ int _dtls_transmit(gnutls_session_t session) goto cleanup; } else { /* all other messages -> implicit ack (receive of next flight) */ - if (session->internals.blocking != 0) + if (!(session->internals.flags & GNUTLS_NONBLOCK)) ret = _gnutls_io_check_recv(session, timeout); @@ -427,7 +427,7 @@ int _dtls_wait_and_retransmit(gnutls_session_t session) { int ret; - if (session->internals.blocking != 0) + if (!(session->internals.flags & GNUTLS_NONBLOCK)) ret = _gnutls_io_check_recv(session, TIMER_WINDOW); else ret = _gnutls_io_check_recv(session, 0); diff --git a/lib/dtls.h b/lib/dtls.h index 008c145f62..d5c8e1df88 100644 --- a/lib/dtls.h +++ b/lib/dtls.h @@ -53,7 +53,7 @@ void _dtls_reset_window(gnutls_session_t session, uint8_t sequence[8]); int _rr; \ if (r != GNUTLS_E_INTERRUPTED) _rr = GNUTLS_E_AGAIN; \ else _rr = r; \ - if (session->internals.blocking != 0) \ + if (!(session->internals.flags & GNUTLS_NONBLOCK)) \ millisleep(50); \ return gnutls_assert_val(_rr); \ } \ diff --git a/lib/ext/ext_master_secret.c b/lib/ext/ext_master_secret.c index 82da0ab0ba..0dc0b820fe 100644 --- a/lib/ext/ext_master_secret.c +++ b/lib/ext/ext_master_secret.c @@ -58,7 +58,7 @@ _gnutls_ext_master_secret_recv_params(gnutls_session_t session, { ssize_t data_size = _data_size; - if (session->internals.try_ext_master_secret == 0 || + if ((session->internals.flags & GNUTLS_NO_EXTENSIONS) || session->internals.priorities.no_ext_master_secret != 0) { return 0; } @@ -88,7 +88,7 @@ static int _gnutls_ext_master_secret_send_params(gnutls_session_t session, gnutls_buffer_st * extdata) { - if (session->internals.try_ext_master_secret == 0 || + if ((session->internals.flags & GNUTLS_NO_EXTENSIONS) || session->internals.priorities.no_ext_master_secret != 0) { session->security_parameters.ext_master_secret = 0; return 0; diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 743e1ba678..e968745416 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -998,10 +998,8 @@ typedef struct { recv_state_t recv_state; /* state of the receive function */ bool sc_random_set; - bool no_replay_protection; /* DTLS replay protection */ - bool allow_cert_change; /* whether the peer is allowed to change certificate */ - bool force_client_cert; - bool try_ext_master_secret; /* whether to try negotiating the ext master secret */ + + unsigned flags; /* the flags in gnutls_init() */ /* a verify callback to override the verify callback from the credentials * structure */ @@ -1012,14 +1010,10 @@ typedef struct { unsigned vc_status; unsigned int additional_verify_flags; /* may be set by priorities or the vc functions */ - /* whether this session uses non-blocking sockets */ - bool blocking; - /* the SHA256 hash of the peer's certificate */ uint8_t cert_hash[32]; bool cert_hash_set; - bool enable_false_start; /* whether TLS false start has been requested */ bool false_start_used; /* non-zero if false start was used for appdata */ /* If you add anything here, check _gnutls_handshake_internal_state_clear(). diff --git a/lib/handshake.c b/lib/handshake.c index 0b69a52fc6..0fdd1ae98d 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -2593,7 +2593,7 @@ int gnutls_handshake(gnutls_session_t session) /* clear handshake buffer */ if (session->security_parameters.entity != GNUTLS_CLIENT || - !session->internals.enable_false_start || + !(session->internals.flags & GNUTLS_ENABLE_FALSE_START) || session->internals.recv_state != RECV_STATE_FALSE_START) { _gnutls_handshake_hash_buffers_clear(session); @@ -2677,7 +2677,7 @@ static int check_if_cert_hash_is_same(gnutls_session_t session, gnutls_certifica char tmp[32]; int ret; - if (session->internals.allow_cert_change != 0) + if (session->internals.flags & GNUTLS_ALLOW_CERT_CHANGE) return 0; ai = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); @@ -2934,7 +2934,7 @@ static int handshake_client(gnutls_session_t session) case STATE17: STATE = STATE17; - if (session->internals.resumed == RESUME_FALSE && session->internals.enable_false_start != 0 && can_send_false_start(session)) { + if (session->internals.resumed == RESUME_FALSE && (session->internals.flags & GNUTLS_ENABLE_FALSE_START) && can_send_false_start(session)) { session->internals.false_start_used = 1; session->internals.recv_state = RECV_STATE_FALSE_START; /* complete this phase of the handshake. We diff --git a/lib/record.c b/lib/record.c index 52b22393fa..981ec868d2 100644 --- a/lib/record.c +++ b/lib/record.c @@ -1153,7 +1153,7 @@ _gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type, record_state = &record_params->read; /* receive headers */ - ret = recv_headers(session, record_params, type, htype, &record, session->internals.blocking?&ms:0); + ret = recv_headers(session, record_params, type, htype, &record, (!(session->internals.flags & GNUTLS_NONBLOCK))?&ms:0); if (ret < 0) { ret = gnutls_assert_val_fatal(ret); goto recv_error; @@ -1168,7 +1168,7 @@ _gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type, */ ret = _gnutls_io_read_buffered(session, record.packet_size, - record.type, session->internals.blocking?&ms:0); + record.type, (!(session->internals.flags & GNUTLS_NONBLOCK))?&ms:0); if (ret != record.packet_size) { gnutls_assert(); goto recv_error; @@ -1228,7 +1228,7 @@ _gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type, * messing with our windows. */ if (IS_DTLS(session)) { - if (likely(session->internals.no_replay_protection == 0)) { + if (likely(!(session->internals.flags & GNUTLS_NO_REPLAY_PROTECTION))) { ret = _dtls_record_check(record_params, packet_sequence); if (ret < 0) { _gnutls_record_log @@ -1387,7 +1387,7 @@ check_session_status(gnutls_session_t session) /* if false start is not complete we always expect for handshake packets * prior to anything else. */ if (session->security_parameters.entity == GNUTLS_CLIENT && - session->internals.enable_false_start != 0) { + (session->internals.flags & GNUTLS_ENABLE_FALSE_START)) { /* Attempt to complete handshake */ session->internals.recv_state = RECV_STATE_FALSE_START_HANDLING; diff --git a/lib/state.c b/lib/state.c index 03dc2d3620..6527695067 100644 --- a/lib/state.c +++ b/lib/state.c @@ -424,11 +424,6 @@ int gnutls_init(gnutls_session_t * session, unsigned int flags) (*session)->internals.transport = GNUTLS_STREAM; } - if (flags & GNUTLS_NONBLOCK) - (*session)->internals.blocking = 0; - else - (*session)->internals.blocking = 1; - /* Enable useful extensions */ if ((flags & GNUTLS_CLIENT) && !(flags & GNUTLS_NO_EXTENSIONS)) { #ifdef ENABLE_SESSION_TICKETS @@ -440,20 +435,7 @@ int gnutls_init(gnutls_session_t * session, unsigned int flags) #endif } - if (!(flags & GNUTLS_NO_EXTENSIONS)) - (*session)->internals.try_ext_master_secret = 1; - - if (flags & GNUTLS_FORCE_CLIENT_CERT) - (*session)->internals.force_client_cert = 1; - - if (flags & GNUTLS_NO_REPLAY_PROTECTION) - (*session)->internals.no_replay_protection = 1; - - if (flags & GNUTLS_ALLOW_CERT_CHANGE) - (*session)->internals.allow_cert_change = 1; - - if (flags & GNUTLS_ENABLE_FALSE_START) - (*session)->internals.enable_false_start = 1; + (*session)->internals.flags = flags; return 0; } |