diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-09-15 09:29:30 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-09-18 09:15:09 +0200 |
commit | 1ae2432581c2ab5ec5fe53280601bb5cb8aea545 (patch) | |
tree | 901983d9ef345e0451709b614fcb0d2d583f0796 | |
parent | a6c023dba0d00598741a224651f07abdf565147e (diff) | |
download | gnutls-1ae2432581c2ab5ec5fe53280601bb5cb8aea545.tar.gz |
constate: simplified allocation of epochs
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/constate.c | 43 | ||||
-rw-r--r-- | lib/constate.h | 6 | ||||
-rw-r--r-- | lib/handshake.c | 21 | ||||
-rw-r--r-- | lib/state.c | 13 |
4 files changed, 30 insertions, 53 deletions
diff --git a/lib/constate.c b/lib/constate.c index 1a8e19def0..8a63fe1d32 100644 --- a/lib/constate.c +++ b/lib/constate.c @@ -260,23 +260,6 @@ _gnutls_set_cipher_suite2(gnutls_session_t session, return 0; } -void -_gnutls_epoch_set_null_algos(gnutls_session_t session, - record_parameters_st * params) -{ - /* This is only called on startup. We are extra paranoid about this - because it may cause unencrypted application data to go out on - the wire. */ - if (params->initialized || params->epoch != 0) { - gnutls_assert(); - return; - } - - params->cipher = cipher_to_entry(GNUTLS_CIPHER_NULL); - params->mac = mac_to_entry(GNUTLS_MAC_NULL); - params->initialized = 1; -} - int _gnutls_epoch_set_keys(gnutls_session_t session, uint16_t epoch) { int hash_size; @@ -515,15 +498,14 @@ _gnutls_epoch_get(gnutls_session_t session, unsigned int epoch_rel, } int -_gnutls_epoch_alloc(gnutls_session_t session, uint16_t epoch, - record_parameters_st ** out) +_gnutls_epoch_new(gnutls_session_t session, unsigned null_epoch, record_parameters_st **newp) { record_parameters_st **slot; _gnutls_record_log("REC[%p]: Allocating epoch #%u\n", session, - epoch); + session->security_parameters.epoch_next); - slot = epoch_get_slot(session, epoch); + slot = epoch_get_slot(session, session->security_parameters.epoch_next); /* If slot out of range or not empty. */ if (slot == NULL) @@ -536,17 +518,24 @@ _gnutls_epoch_alloc(gnutls_session_t session, uint16_t epoch, if (*slot == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); - (*slot)->epoch = epoch; - (*slot)->cipher = NULL; - (*slot)->mac = NULL; + (*slot)->epoch = session->security_parameters.epoch_next; + + if (null_epoch) { + (*slot)->cipher = cipher_to_entry(GNUTLS_CIPHER_NULL); + (*slot)->mac = mac_to_entry(GNUTLS_MAC_NULL); + (*slot)->initialized = 1; + } else { + (*slot)->cipher = NULL; + (*slot)->mac = NULL; + } if (IS_DTLS(session)) - _gnutls_write_uint16(epoch, + _gnutls_write_uint16(session->security_parameters.epoch_next, UINT64DATA((*slot)->write. sequence_number)); - if (out != NULL) - *out = *slot; + if (newp != NULL) + *newp = *slot; return 0; } diff --git a/lib/constate.h b/lib/constate.h index bb6b387621..6145d77f3d 100644 --- a/lib/constate.h +++ b/lib/constate.h @@ -32,10 +32,12 @@ int _gnutls_connection_state_init(gnutls_session_t session); int _gnutls_read_connection_state_init(gnutls_session_t session); int _gnutls_write_connection_state_init(gnutls_session_t session); +#define _gnutls_epoch_bump(session) \ + (session)->security_parameters.epoch_next++ + int _gnutls_epoch_get(gnutls_session_t session, unsigned int epoch_rel, record_parameters_st ** params_out); -int _gnutls_epoch_alloc(gnutls_session_t session, uint16_t epoch, - record_parameters_st ** out); +int _gnutls_epoch_new(gnutls_session_t session, unsigned null_epoch, record_parameters_st **newp); void _gnutls_epoch_gc(gnutls_session_t session); void _gnutls_epoch_free(gnutls_session_t session, record_parameters_st * state); diff --git a/lib/handshake.c b/lib/handshake.c index 2928756622..cfaa290505 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -2245,6 +2245,11 @@ int gnutls_handshake(gnutls_session_t session) session->internals.priorities->cs.size == 0) return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET); + ret = + _gnutls_epoch_new(session, 0, NULL); + if (ret < 0) + return gnutls_assert_val(ret); + session->internals.used_exts_size = 0; session->internals.crt_requested = 0; session->internals.handshake_in_progress = 1; @@ -2261,20 +2266,6 @@ int gnutls_handshake(gnutls_session_t session) return gnutls_assert_val(GNUTLS_E_HANDSHAKE_DURING_FALSE_START); } - ret = - _gnutls_epoch_get(session, - session->security_parameters.epoch_next, - NULL); - if (ret < 0) { - /* We assume the epoch is not allocated if _gnutls_epoch_get fails. */ - ret = - _gnutls_epoch_alloc(session, - session->security_parameters. - epoch_next, NULL); - if (ret < 0) - return gnutls_assert_val(ret); - } - if (session->security_parameters.entity == GNUTLS_CLIENT) { do { ret = handshake_client(session); @@ -2307,7 +2298,7 @@ int gnutls_handshake(gnutls_session_t session) _gnutls_handshake_internal_state_clear(session); - session->security_parameters.epoch_next++; + _gnutls_epoch_bump(session); } return 0; diff --git a/lib/state.c b/lib/state.c index 4178e5802f..6167fb954f 100644 --- a/lib/state.c +++ b/lib/state.c @@ -247,7 +247,6 @@ void _gnutls_handshake_internal_state_clear(gnutls_session_t session) int gnutls_init(gnutls_session_t * session, unsigned int flags) { int ret; - record_parameters_st *epoch; FAIL_IF_LIB_ERROR; @@ -255,16 +254,12 @@ int gnutls_init(gnutls_session_t * session, unsigned int flags) if (*session == NULL) return GNUTLS_E_MEMORY_ERROR; - ret = _gnutls_epoch_alloc(*session, 0, &epoch); + ret = _gnutls_epoch_new(*session, 1, NULL); if (ret < 0) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + gnutls_free(*session); + return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); } - - /* Set all NULL algos on epoch 0 */ - _gnutls_epoch_set_null_algos(*session, epoch); - - (*session)->security_parameters.epoch_next = 1; + _gnutls_epoch_bump(*session); (*session)->security_parameters.entity = (flags & GNUTLS_SERVER ? GNUTLS_SERVER : GNUTLS_CLIENT); |