diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-09-26 16:44:39 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-10-10 18:10:33 +0200 |
commit | 1acd8d489af837df83a535ab63f639695c495e70 (patch) | |
tree | a7adc5597f6bdb6caf0548f9e86f99b46237b475 | |
parent | 39b4e7c6f7788e254991fa97d70665083d23e56d (diff) | |
download | gnutls-1acd8d489af837df83a535ab63f639695c495e70.tar.gz |
kx: moved to new buffer API
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/auth/cert.c | 9 | ||||
-rw-r--r-- | lib/auth/dh_common.c | 6 | ||||
-rw-r--r-- | lib/auth/dhe.c | 7 | ||||
-rw-r--r-- | lib/auth/dhe_psk.c | 6 | ||||
-rw-r--r-- | lib/auth/ecdhe.c | 13 | ||||
-rw-r--r-- | lib/auth/rsa.c | 7 | ||||
-rw-r--r-- | lib/auth/rsa_psk.c | 5 | ||||
-rw-r--r-- | lib/auth/srp_kx.c | 5 | ||||
-rw-r--r-- | lib/auth/srp_rsa.c | 9 | ||||
-rw-r--r-- | lib/kx.c | 170 | ||||
-rw-r--r-- | lib/str.c | 8 | ||||
-rw-r--r-- | lib/str.h | 3 |
12 files changed, 123 insertions, 125 deletions
diff --git a/lib/auth/cert.c b/lib/auth/cert.c index 820d66cbb3..3d463d0a76 100644 --- a/lib/auth/cert.c +++ b/lib/auth/cert.c @@ -619,6 +619,7 @@ static int gen_x509_crt(gnutls_session_t session, gnutls_buffer_st * data) gnutls_pcert_st *apr_cert_list; gnutls_privkey_t apr_pkey; int apr_cert_list_length; + unsigned init_pos = data->length; /* find the appropriate certificate */ @@ -660,7 +661,7 @@ static int gen_x509_crt(gnutls_session_t session, gnutls_buffer_st * data) return gnutls_assert_val(ret); } - return data->length; + return data->length - init_pos; } int @@ -1002,6 +1003,7 @@ _gnutls_gen_cert_client_crt_vrfy(gnutls_session_t session, gnutls_datum_t signature = { NULL, 0 }; gnutls_sign_algorithm_t sign_algo; const version_entry_st *ver = get_version(session); + unsigned init_pos = data->length; if (unlikely(ver == NULL)) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); @@ -1053,7 +1055,7 @@ _gnutls_gen_cert_client_crt_vrfy(gnutls_session_t session, goto cleanup; } - ret = data->length; + ret = data->length - init_pos; cleanup: _gnutls_free_datum(&signature); @@ -1143,6 +1145,7 @@ _gnutls_gen_cert_server_cert_req(gnutls_session_t session, int ret; uint8_t tmp_data[CERTTYPE_SIZE]; const version_entry_st *ver = get_version(session); + unsigned init_pos = data->length; if (unlikely(ver == NULL)) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); @@ -1196,7 +1199,7 @@ _gnutls_gen_cert_server_cert_req(gnutls_session_t session, return gnutls_assert_val(ret); } - return data->length; + return data->length - init_pos; } /* This function will return the appropriate certificate to use. diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c index 6d6a7e5648..659921dfdf 100644 --- a/lib/auth/dh_common.c +++ b/lib/auth/dh_common.c @@ -127,6 +127,7 @@ _gnutls_gen_dh_common_client_kx_int(gnutls_session_t session, int ret; gnutls_pk_params_st peer_pub; gnutls_datum_t tmp_dh_key = {NULL, 0}; + unsigned init_pos = data->length; gnutls_pk_params_init(&peer_pub); @@ -168,7 +169,7 @@ _gnutls_gen_dh_common_client_kx_int(gnutls_session_t session, goto error; } - ret = data->length; + ret = data->length - init_pos; error: gnutls_pk_params_clear(&session->key.dh_params); @@ -314,6 +315,7 @@ _gnutls_dh_common_print_server_kx(gnutls_session_t session, { int ret; unsigned q_bits = session->key.dh_params.qbits; + unsigned init_pos = data->length; if (q_bits < 192 && q_bits != 0) { gnutls_assert(); @@ -348,7 +350,7 @@ _gnutls_dh_common_print_server_kx(gnutls_session_t session, goto cleanup; } - ret = data->length; + ret = data->length - init_pos; cleanup: return ret; diff --git a/lib/auth/dhe.c b/lib/auth/dhe.c index 8bf7b79459..cf6c9e53ce 100644 --- a/lib/auth/dhe.c +++ b/lib/auth/dhe.c @@ -87,6 +87,7 @@ gen_dhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data) { int ret = 0; gnutls_certificate_credentials_t cred; + unsigned sig_pos; cred = (gnutls_certificate_credentials_t) _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE); @@ -108,6 +109,8 @@ gen_dhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data) return gnutls_assert_val(ret); } + sig_pos = data->length; + ret = _gnutls_dh_common_print_server_kx(session, data); if (ret < 0) { @@ -116,8 +119,8 @@ gen_dhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data) } /* Generate the signature. */ - return _gnutls_gen_dhe_signature(session, data, data->data, - data->length); + return _gnutls_gen_dhe_signature(session, data, &data->data[sig_pos], + data->length-sig_pos); } diff --git a/lib/auth/dhe_psk.c b/lib/auth/dhe_psk.c index 501451aff0..cb0c203a91 100644 --- a/lib/auth/dhe_psk.c +++ b/lib/auth/dhe_psk.c @@ -100,6 +100,7 @@ gen_ecdhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data) int ret, free; gnutls_psk_client_credentials_t cred; gnutls_datum_t username, key; + unsigned init_pos = data->length; cred = (gnutls_psk_client_credentials_t) _gnutls_get_cred(session, GNUTLS_CRD_PSK); @@ -127,7 +128,7 @@ gen_ecdhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data) goto cleanup; } - ret = data->length; + ret = data->length - init_pos; cleanup: if (free) { @@ -144,6 +145,7 @@ gen_dhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data) int ret, free; gnutls_psk_client_credentials_t cred; gnutls_datum_t username, key; + unsigned init_pos = data->length; cred = (gnutls_psk_client_credentials_t) _gnutls_get_cred(session, GNUTLS_CRD_PSK); @@ -171,7 +173,7 @@ gen_dhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data) goto cleanup; } - ret = data->length; + ret = data->length - init_pos; cleanup: if (free) { diff --git a/lib/auth/ecdhe.c b/lib/auth/ecdhe.c index 8f3ee8cfbf..c1d88add37 100644 --- a/lib/auth/ecdhe.c +++ b/lib/auth/ecdhe.c @@ -242,6 +242,7 @@ _gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session, const gnutls_group_entry_st *group = get_group(session); const gnutls_ecc_curve_entry_st *ecurve; int pk; + unsigned init_pos = data->length; if (group == NULL) return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES); @@ -299,7 +300,7 @@ _gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session, goto cleanup; } - ret = data->length; + ret = data->length - init_pos; cleanup: gnutls_pk_params_clear(&session->key.ecdh_params); return ret; @@ -412,6 +413,7 @@ int _gnutls_ecdh_common_print_server_kx(gnutls_session_t session, uint8_t p; int ret; gnutls_datum_t out; + unsigned init_pos = data->length; if (group == NULL || group->curve == 0) return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES); @@ -472,7 +474,7 @@ int _gnutls_ecdh_common_print_server_kx(gnutls_session_t session, } - return data->length; + return data->length - init_pos; } static int @@ -480,6 +482,7 @@ gen_ecdhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data) { int ret = 0; gnutls_certificate_credentials_t cred; + unsigned sig_pos; cred = (gnutls_certificate_credentials_t) _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE); @@ -495,6 +498,8 @@ gen_ecdhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data) return ret; } + sig_pos = data->length; + ret = _gnutls_ecdh_common_print_server_kx(session, data, get_group @@ -505,8 +510,8 @@ gen_ecdhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data) } /* Generate the signature. */ - return _gnutls_gen_dhe_signature(session, data, data->data, - data->length); + return _gnutls_gen_dhe_signature(session, data, &data->data[sig_pos], + data->length-sig_pos); } #endif diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c index a691c129e3..f2e36bbe22 100644 --- a/lib/auth/rsa.c +++ b/lib/auth/rsa.c @@ -308,9 +308,12 @@ _gnutls_gen_rsa_client_kx(gnutls_session_t session, #ifdef ENABLE_SSL3 if (get_num_version(session) == GNUTLS_SSL3) { /* SSL 3.0 */ - _gnutls_buffer_replace_data(data, &sdata); + ret = + _gnutls_buffer_append_data(data, sdata.data, + sdata.size); - return data->length; + _gnutls_free_datum(&sdata); + return ret; } else #endif { /* TLS 1.x */ diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c index 9c34cf9359..5a29f91837 100644 --- a/lib/auth/rsa_psk.c +++ b/lib/auth/rsa_psk.c @@ -136,6 +136,7 @@ _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session, gnutls_psk_client_credentials_t cred; gnutls_datum_t username, key; int ret, free; + unsigned init_pos; if (auth == NULL) { /* this shouldn't have happened. The proc_certificate @@ -220,6 +221,8 @@ _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session, * } */ + init_pos = data->length; + /* Write psk_identity and EncryptedPreMasterSecret into data stream */ ret = @@ -239,7 +242,7 @@ _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session, goto cleanup; } - ret = data->length; + ret = data->length - init_pos; cleanup: _gnutls_free_datum(&sdata); diff --git a/lib/auth/srp_kx.c b/lib/auth/srp_kx.c index d0fb688917..da7b2ba69b 100644 --- a/lib/auth/srp_kx.c +++ b/lib/auth/srp_kx.c @@ -125,6 +125,7 @@ _gnutls_gen_srp_server_kx(gnutls_session_t session, size_t tmp_size; gnutls_ext_priv_data_t epriv; srp_ext_st *priv; + unsigned init_pos; ret = _gnutls_hello_ext_get_sdata(session, GNUTLS_EXTENSION_SRP, @@ -158,6 +159,8 @@ _gnutls_gen_srp_server_kx(gnutls_session_t session, return ret; } + init_pos = data->length; + /* copy from pwd_entry to local variables (actually in session) */ tmp_size = pwd_entry->g.size; if (_gnutls_mpi_init_scan_nz(&G, pwd_entry->g.data, tmp_size) < 0) { @@ -231,7 +234,7 @@ _gnutls_gen_srp_server_kx(gnutls_session_t session, _gnutls_mpi_log("SRP B: ", B); - ret = data->length; + ret = data->length - init_pos; cleanup: _gnutls_srp_entry_free(pwd_entry); diff --git a/lib/auth/srp_rsa.c b/lib/auth/srp_rsa.c index 2565249944..2101f70a0f 100644 --- a/lib/auth/srp_rsa.c +++ b/lib/auth/srp_rsa.c @@ -87,17 +87,20 @@ gen_srp_cert_server_kx(gnutls_session_t session, gnutls_buffer_st * data) int apr_cert_list_length; gnutls_sign_algorithm_t sign_algo; const version_entry_st *ver = get_version(session); + unsigned init_pos; if (unlikely(ver == NULL)) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + init_pos = data->length; + ret = _gnutls_gen_srp_server_kx(session, data); if (ret < 0) return ret; - ddata.data = data->data; - ddata.size = data->length; + ddata.data = &data->data[init_pos]; + ddata.size = data->length-init_pos; cred = (gnutls_certificate_credentials_t) _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE); @@ -158,7 +161,7 @@ gen_srp_cert_server_kx(gnutls_session_t session, gnutls_buffer_st * data) goto cleanup; } - ret = data->length; + ret = data->length - init_pos; cleanup: _gnutls_free_datum(&signature); @@ -36,35 +36,6 @@ #include <datum.h> #include <mbuffers.h> -/* This is a temporary function to be used before the generate_* - internal API is changed to use mbuffers. For now we don't avoid the - extra alloc + memcpy. */ -static int -send_handshake(gnutls_session_t session, uint8_t * data, size_t size, - gnutls_handshake_description_t type) -{ - mbuffer_st *bufel; - - if (data == NULL && size == 0) - return _gnutls_send_handshake(session, NULL, type); - - if (data == NULL && size > 0) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - bufel = _gnutls_handshake_alloc(session, size); - if (bufel == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - - _mbuffer_set_udata(bufel, data, size); - - return _gnutls_send_handshake(session, bufel, type); -} - - /* This file contains important thing for the TLS handshake procedure. */ @@ -213,26 +184,29 @@ generate_normal_master(gnutls_session_t session, return ret; } - /* This is called when we want to receive the key exchange message of the * server. It does nothing if this type of message is not required * by the selected ciphersuite. */ int _gnutls_send_server_kx_message(gnutls_session_t session, int again) { - gnutls_buffer_st data; + gnutls_buffer_st buf; int ret = 0; + mbuffer_st *bufel = NULL; if (session->internals.auth_struct->gnutls_generate_server_kx == NULL) return 0; - _gnutls_buffer_init(&data); if (again == 0) { + ret = _gnutls_buffer_init_handshake_mbuffer(&buf); + if (ret < 0) + return gnutls_assert_val(ret); + ret = session->internals.auth_struct-> - gnutls_generate_server_kx(session, &data); + gnutls_generate_server_kx(session, &buf); if (ret == GNUTLS_E_INT_RET_0) { gnutls_assert(); @@ -244,16 +218,14 @@ int _gnutls_send_server_kx_message(gnutls_session_t session, int again) gnutls_assert(); goto cleanup; } - } - ret = send_handshake(session, data.data, data.length, - GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE); - if (ret < 0) { - gnutls_assert(); + bufel = _gnutls_buffer_to_mbuffer(&buf); } - cleanup: - _gnutls_buffer_clear(&data); + return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE); + + cleanup: + _gnutls_buffer_clear(&buf); return ret; } @@ -262,8 +234,9 @@ int _gnutls_send_server_kx_message(gnutls_session_t session, int again) */ int _gnutls_send_server_crt_request(gnutls_session_t session, int again) { - gnutls_buffer_st data; + gnutls_buffer_st buf; int ret = 0; + mbuffer_st *bufel = NULL; if (session->internals.auth_struct-> gnutls_generate_server_crt_request == NULL) @@ -272,27 +245,28 @@ int _gnutls_send_server_crt_request(gnutls_session_t session, int again) if (session->internals.send_cert_req <= 0) return 0; - _gnutls_buffer_init(&data); if (again == 0) { + ret = _gnutls_buffer_init_handshake_mbuffer(&buf); + if (ret < 0) + return gnutls_assert_val(ret); + ret = session->internals.auth_struct-> - gnutls_generate_server_crt_request(session, &data); + gnutls_generate_server_crt_request(session, &buf); if (ret < 0) { gnutls_assert(); goto cleanup; } - } - ret = send_handshake(session, data.data, data.length, - GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST); - if (ret < 0) { - gnutls_assert(); + bufel = _gnutls_buffer_to_mbuffer(&buf); } - cleanup: - _gnutls_buffer_clear(&data); + return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST); + + cleanup: + _gnutls_buffer_clear(&buf); return ret; } @@ -302,32 +276,34 @@ int _gnutls_send_server_crt_request(gnutls_session_t session, int again) */ int _gnutls_send_client_kx_message(gnutls_session_t session, int again) { - gnutls_buffer_st data; + gnutls_buffer_st buf; int ret = 0; + mbuffer_st *bufel = NULL; if (session->internals.auth_struct->gnutls_generate_client_kx == NULL) return 0; - _gnutls_buffer_init(&data); - if (again == 0) { + ret = _gnutls_buffer_init_handshake_mbuffer(&buf); + if (ret < 0) + return gnutls_assert_val(ret); + ret = session->internals.auth_struct-> - gnutls_generate_client_kx(session, &data); + gnutls_generate_client_kx(session, &buf); if (ret < 0) { gnutls_assert(); goto cleanup; } - } - ret = send_handshake(session, data.data, data.length, - GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE); - if (ret < 0) { - gnutls_assert(); + + bufel = _gnutls_buffer_to_mbuffer(&buf); } - cleanup: - _gnutls_buffer_clear(&data); + return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE); + + cleanup: + _gnutls_buffer_clear(&buf); return ret; } @@ -338,8 +314,9 @@ int _gnutls_send_client_kx_message(gnutls_session_t session, int again) int _gnutls_send_client_certificate_verify(gnutls_session_t session, int again) { - gnutls_buffer_st data; + gnutls_buffer_st buf; int ret = 0; + mbuffer_st *bufel = NULL; /* This is a packet that is only sent by the client */ @@ -359,12 +336,14 @@ _gnutls_send_client_certificate_verify(gnutls_session_t session, int again) */ } - _gnutls_buffer_init(&data); - if (again == 0) { + ret = _gnutls_buffer_init_handshake_mbuffer(&buf); + if (ret < 0) + return gnutls_assert_val(ret); + ret = session->internals.auth_struct-> - gnutls_generate_client_crt_vrfy(session, &data); + gnutls_generate_client_crt_vrfy(session, &buf); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -373,16 +352,14 @@ _gnutls_send_client_certificate_verify(gnutls_session_t session, int again) if (ret == 0) goto cleanup; - } - ret = send_handshake(session, data.data, data.length, - GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY); - if (ret < 0) { - gnutls_assert(); + bufel = _gnutls_buffer_to_mbuffer(&buf); } - cleanup: - _gnutls_buffer_clear(&data); + return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY); + + cleanup: + _gnutls_buffer_clear(&buf); return ret; } @@ -390,9 +367,9 @@ _gnutls_send_client_certificate_verify(gnutls_session_t session, int again) */ int _gnutls_send_client_certificate(gnutls_session_t session, int again) { - gnutls_buffer_st data; + gnutls_buffer_st buf; int ret = 0; - + mbuffer_st *bufel = NULL; if (session->internals.crt_requested == 0) return 0; @@ -401,9 +378,11 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again) gnutls_generate_client_certificate == NULL) return 0; - _gnutls_buffer_init(&data); - if (again == 0) { + ret = _gnutls_buffer_init_handshake_mbuffer(&buf); + if (ret < 0) + return gnutls_assert_val(ret); + #ifdef ENABLE_SSL3 if (get_num_version(session) != GNUTLS_SSL3 || session->internals.selected_cert_list_length > 0) @@ -414,13 +393,15 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again) ret = session->internals.auth_struct-> gnutls_generate_client_certificate(session, - &data); + &buf); if (ret < 0) { gnutls_assert(); goto cleanup; } } + + bufel = _gnutls_buffer_to_mbuffer(&buf); } #ifdef ENABLE_SSL3 @@ -430,18 +411,18 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again) */ if (get_num_version(session) == GNUTLS_SSL3 && session->internals.selected_cert_list_length == 0) { - ret = + _mbuffer_xfree(&bufel); + return gnutls_alert_send(session, GNUTLS_AL_WARNING, GNUTLS_A_SSL3_NO_CERTIFICATE); } else /* TLS 1.0 or SSL 3.0 with a valid certificate */ #endif - ret = send_handshake(session, data.data, data.length, - GNUTLS_HANDSHAKE_CERTIFICATE_PKT); + return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_PKT); - cleanup: - _gnutls_buffer_clear(&data); + cleanup: + _gnutls_buffer_clear(&buf); return ret; } @@ -450,34 +431,35 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again) */ int _gnutls_send_server_certificate(gnutls_session_t session, int again) { - gnutls_buffer_st data; + gnutls_buffer_st buf; int ret = 0; - + mbuffer_st *bufel = NULL; if (session->internals.auth_struct-> gnutls_generate_server_certificate == NULL) return 0; - _gnutls_buffer_init(&data); - if (again == 0) { + ret = _gnutls_buffer_init_handshake_mbuffer(&buf); + if (ret < 0) + return gnutls_assert_val(ret); + ret = session->internals.auth_struct-> - gnutls_generate_server_certificate(session, &data); + gnutls_generate_server_certificate(session, &buf); if (ret < 0) { gnutls_assert(); goto cleanup; } - } - ret = send_handshake(session, data.data, data.length, - GNUTLS_HANDSHAKE_CERTIFICATE_PKT); - if (ret < 0) { - gnutls_assert(); + + bufel = _gnutls_buffer_to_mbuffer(&buf); } - cleanup: - _gnutls_buffer_clear(&data); + return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_PKT); + + cleanup: + _gnutls_buffer_clear(&buf); return ret; } @@ -75,14 +75,6 @@ void _gnutls_buffer_init(gnutls_buffer_st * str) str->length = 0; } -void _gnutls_buffer_replace_data(gnutls_buffer_st * buf, - gnutls_datum_t * data) -{ - gnutls_free(buf->allocd); - buf->allocd = buf->data = data->data; - buf->max_length = buf->length = data->size; -} - void _gnutls_buffer_clear(gnutls_buffer_st * str) { if (str == NULL || str->allocd == NULL) @@ -101,9 +101,6 @@ int _gnutls_buffer_append_str(gnutls_buffer_st *, const char *str); #include <num.h> -void _gnutls_buffer_replace_data(gnutls_buffer_st * buf, - gnutls_datum_t * data); - int _gnutls_buffer_append_prefix(gnutls_buffer_st * buf, int pfx_size, size_t data_size); |