security_parameters: ease access to group information by keeping pointer to it

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

13 files changed, 54 insertions, 51 deletions

diff --git a/lib/algorithms.h b/lib/algorithms.h
index ceb333ec2d..97404ec8c1 100644
--- a/lib/algorithms.h
+++ b/lib/algorithms.h
@@ -351,15 +351,6 @@ const gnutls_ecc_curve_entry_st
 const gnutls_group_entry_st *_gnutls_tls_id_to_group(unsigned num);
 const gnutls_group_entry_st * _gnutls_id_to_group(unsigned id);
 
-inline static const gnutls_ecc_curve_entry_st
-    *_gnutls_group_get_curve_params(gnutls_group_t group)
-{
-	const gnutls_group_entry_st *e = _gnutls_id_to_group(group);
-	if (e)
-		return _gnutls_ecc_curve_get_params(e->curve);
-	return NULL;
-}
-
 gnutls_ecc_curve_t _gnutls_ecc_bits_to_curve(gnutls_pk_algorithm_t pk, int bits);
 #define MAX_ECC_CURVE_SIZE 66
 
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c
index ac7328a309..7de2d2bbaf 100644
--- a/lib/algorithms/ciphersuites.c
+++ b/lib/algorithms/ciphersuites.c
@@ -1404,7 +1404,7 @@ _gnutls_figure_common_ciphersuite(gnutls_session_t session,
 		return gnutls_assert_val(GNUTLS_E_NO_CIPHER_SUITES);
 	}
 
-	group = _gnutls_id_to_group(_gnutls_session_group_get(session));
+	group = get_group(session);
 
 	if (session->internals.priorities->server_precedence == 0) {
 		for (i = 0; i < peer_clist->size; i++) {
diff --git a/lib/algorithms/kx.c b/lib/algorithms/kx.c
index 9e004c5eb2..51f3f077a1 100644
--- a/lib/algorithms/kx.c
+++ b/lib/algorithms/kx.c
@@ -24,7 +24,7 @@
 #include <algorithms.h>
 #include "errors.h"
 #include <x509/common.h>
-
+#include "state.h"
 
 extern mod_auth_st rsa_auth_struct;
 extern mod_auth_st dhe_rsa_auth_struct;
@@ -254,7 +254,7 @@ bool _gnutls_kx_allows_false_start(gnutls_session_t session)
 	if (ret != 0) {
 		const gnutls_group_entry_st *e;
 
-		e = _gnutls_id_to_group(session->security_parameters.group);
+		e = get_group(session);
 
 #if defined(ENABLE_DHE) || defined(ENABLE_ANON)
 		if (needs_dh != 0) {
diff --git a/lib/auth/anon_ecdh.c b/lib/auth/anon_ecdh.c
index 368fda1573..2872427eea 100644
--- a/lib/auth/anon_ecdh.c
+++ b/lib/auth/anon_ecdh.c
@@ -82,7 +82,7 @@ gen_anon_ecdh_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
 
 	ret =
 	    _gnutls_ecdh_common_print_server_kx(session, data,
-						_gnutls_session_group_get
+						get_group
 						(session));
 	if (ret < 0) {
 		gnutls_assert();
@@ -107,7 +107,7 @@ proc_anon_ecdh_client_kx(gnutls_session_t session, uint8_t * data,
 
 	return _gnutls_proc_ecdh_common_client_kx(session, data,
 						  _data_size,
-						  _gnutls_session_group_get
+						  get_group
 						  (session), NULL);
 }
 
diff --git a/lib/auth/dhe_psk.c b/lib/auth/dhe_psk.c
index 2edec8d91b..501451aff0 100644
--- a/lib/auth/dhe_psk.c
+++ b/lib/auth/dhe_psk.c
@@ -259,7 +259,7 @@ gen_ecdhe_psk_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
 		return gnutls_assert_val(ret);
 
 	ret = _gnutls_ecdh_common_print_server_kx(session, data,
-						  _gnutls_session_group_get
+						  get_group
 						  (session));
 	if (ret < 0)
 		gnutls_assert();
@@ -395,7 +395,7 @@ proc_ecdhe_psk_client_kx(gnutls_session_t session, uint8_t * data,
 		return gnutls_assert_val(ret);
 
 	ret = _gnutls_proc_ecdh_common_client_kx(session, data, data_size,
-						 _gnutls_session_group_get
+						 get_group
 						 (session), &psk_key);
 
 	_gnutls_free_key_datum(&psk_key);
diff --git a/lib/auth/ecdhe.c b/lib/auth/ecdhe.c
index 6a54b00555..ae8c9f11fa 100644
--- a/lib/auth/ecdhe.c
+++ b/lib/auth/ecdhe.c
@@ -137,16 +137,19 @@ static int calc_ecdh_key(gnutls_session_t session,
 
 int _gnutls_proc_ecdh_common_client_kx(gnutls_session_t session,
 				       uint8_t * data, size_t _data_size,
-				       gnutls_group_t group,
+				       const struct gnutls_group_entry_st *group,
 				       gnutls_datum_t * psk_key)
 {
 	ssize_t data_size = _data_size;
 	int ret, i = 0;
 	unsigned point_size;
-	const gnutls_ecc_curve_entry_st *ecurve =
-		_gnutls_group_get_curve_params((gnutls_ecc_curve_t)group);
+	const gnutls_ecc_curve_entry_st *ecurve;
+
+	if (group == NULL)
+		return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES);
 
-	if (group == 0 || ecurve == NULL)
+	 ecurve = _gnutls_ecc_curve_get_params(group->curve);
+	if (ecurve == NULL)
 		return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES);
 
 	DECR_LEN(data_size, 1);
@@ -213,7 +216,7 @@ proc_ecdhe_client_kx(gnutls_session_t session,
 
 	return _gnutls_proc_ecdh_common_client_kx(session, data,
 						  _data_size,
-						  _gnutls_session_group_get
+						  get_group
 						  (session), NULL);
 }
 
@@ -231,11 +234,14 @@ _gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session,
 {
 	int ret;
 	gnutls_datum_t out;
-	gnutls_group_t group = _gnutls_session_group_get(session);
-	const gnutls_ecc_curve_entry_st *ecurve =
-		_gnutls_group_get_curve_params((gnutls_ecc_curve_t)group);
+	const gnutls_group_entry_st *group = get_group(session);
+	const gnutls_ecc_curve_entry_st *ecurve;
 	int pk;
 
+	if (group == NULL)
+		return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES);
+
+	 ecurve = _gnutls_ecc_curve_get_params(group->curve);
 	if (ecurve == NULL)
 		return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES);
 
@@ -243,7 +249,7 @@ _gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session,
 
 	/* generate temporal key */
 	ret =
-	    _gnutls_pk_generate_keys(pk, (gnutls_ecc_curve_t)group,
+	    _gnutls_pk_generate_keys(pk, ecurve->id,
 				     &session->key.ecdh_params, 1);
 	if (ret < 0)
 		return gnutls_assert_val(ret);
@@ -396,15 +402,13 @@ _gnutls_proc_ecdh_common_server_kx(gnutls_session_t session,
  * be inserted */
 int _gnutls_ecdh_common_print_server_kx(gnutls_session_t session,
 					gnutls_buffer_st * data,
-					gnutls_group_t group)
+					const gnutls_group_entry_st *group)
 {
 	uint8_t p;
 	int ret;
 	gnutls_datum_t out;
-	const gnutls_group_entry_st *e;
 
-	e = _gnutls_id_to_group(group);
-	if (e == NULL || e->curve == 0)
+	if (group == NULL || group->curve == 0)
 		return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES);
 
 	/* just in case we are resuming a session */
@@ -421,21 +425,21 @@ int _gnutls_ecdh_common_print_server_kx(gnutls_session_t session,
 
 	ret =
 	    _gnutls_buffer_append_prefix(data, 16,
-					 e->tls_id);
+					 group->tls_id);
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
 
 	/* generate temporal key */
 	ret =
-	    _gnutls_pk_generate_keys(e->pk, group,
+	    _gnutls_pk_generate_keys(group->pk, group->curve,
 				     &session->key.ecdh_params, 1);
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
-	if (e->pk == GNUTLS_PK_EC) {
+	if (group->pk == GNUTLS_PK_EC) {
 		ret =
-		    _gnutls_ecc_ansi_x962_export(e->curve,
+		    _gnutls_ecc_ansi_x962_export(group->curve,
 						 session->key.ecdh_params.
 						 params[ECC_X] /* x */ ,
 						 session->key.ecdh_params.
@@ -451,7 +455,7 @@ int _gnutls_ecdh_common_print_server_kx(gnutls_session_t session,
 		if (ret < 0)
 			return gnutls_assert_val(ret);
 
-	} else if (e->pk == GNUTLS_PK_ECDH_X25519) {
+	} else if (group->pk == GNUTLS_PK_ECDH_X25519) {
 		ret =
 			_gnutls_buffer_append_data_prefix(data, 8,
 					session->key.ecdh_params.raw_pub.data,
@@ -488,7 +492,7 @@ gen_ecdhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
 
 	ret =
 	    _gnutls_ecdh_common_print_server_kx(session, data,
-						_gnutls_session_group_get
+						get_group
 						(session));
 	if (ret < 0) {
 		gnutls_assert();
diff --git a/lib/auth/ecdhe.h b/lib/auth/ecdhe.h
index 2917ea830b..4991bc3317 100644
--- a/lib/auth/ecdhe.h
+++ b/lib/auth/ecdhe.h
@@ -38,12 +38,12 @@ _gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session,
 int
 _gnutls_proc_ecdh_common_client_kx(gnutls_session_t session,
 				   uint8_t * data, size_t _data_size,
-				   gnutls_group_t group,
+				   const struct gnutls_group_entry_st *group,
 				   gnutls_datum_t * psk_key);
 
 int _gnutls_ecdh_common_print_server_kx(gnutls_session_t,
 					gnutls_buffer_st * data,
-					gnutls_group_t group);
+					const struct gnutls_group_entry_st *group);
 int _gnutls_proc_ecdh_common_server_kx(gnutls_session_t session,
 				       uint8_t * data, size_t _data_size);
 
diff --git a/lib/dh.c b/lib/dh.c
index bcf967abdd..3a3c540c5a 100644
--- a/lib/dh.c
+++ b/lib/dh.c
@@ -79,7 +79,7 @@ _gnutls_figure_dh_params(gnutls_session_t session, gnutls_dh_params_t dh_params,
 	/* if client advertised RFC7919 */
 	if (session->internals.have_ffdhe) {
 		for (i=0;i<session->internals.priorities->groups.size;i++) {
-			if (session->internals.priorities->groups.entry[i]->id == session->security_parameters.group) {
+			if (session->internals.priorities->groups.entry[i] == get_group(session)) {
 				ret = _gnutls_mpi_init_scan_nz(&p,
 						session->internals.priorities->groups.entry[i]->prime->data,
 						session->internals.priorities->groups.entry[i]->prime->size);
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 1fb8d94c73..2f3a2fbec2 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -591,7 +591,7 @@ typedef struct {
 	/* holds the negotiated certificate type */
 	gnutls_certificate_type_t cert_type;
 
-	gnutls_group_t group; /* holds the EC curve / DH group */
+	const gnutls_group_entry_st *grp; /* holds the EC curve / DH group */
 
 	/* Holds the signature algorithm used in this session - If any */
 	gnutls_sign_algorithm_t server_sign_algo;
diff --git a/lib/session.c b/lib/session.c
index b429cd0dd0..edbf548be5 100644
--- a/lib/session.c
+++ b/lib/session.c
@@ -281,12 +281,14 @@ char *gnutls_session_get_desc(gnutls_session_t session)
 	unsigned mac_id;
 	unsigned sign_algo;
 	char *desc;
+	const struct gnutls_group_entry_st *group = get_group(session);
 
 	if (session->internals.initial_negotiation_completed == 0)
 		return NULL;
 
 	kx = session->security_parameters.cs->kx_algorithm;
-	group_name = gnutls_group_get_name(_gnutls_session_group_get(session));
+	if (group)
+		group_name = group->name;
 #if defined(ENABLE_DHE) || defined(ENABLE_ANON)
 	if (group_name == NULL && _gnutls_kx_is_dhe(kx)) {
 		dh_bits = gnutls_dh_get_prime_bits(session);
diff --git a/lib/session_pack.c b/lib/session_pack.c
index 5e0ef0e589..3bcff851d3 100644
--- a/lib/session_pack.c
+++ b/lib/session_pack.c
@@ -766,7 +766,12 @@ pack_security_parameters(gnutls_session_t session, gnutls_buffer_st * ps)
 	BUFFER_APPEND_NUM(ps,
 			  session->security_parameters.
 			  max_record_recv_size);
-	BUFFER_APPEND_NUM(ps, session->security_parameters.group);
+
+	if (session->security_parameters.grp) {
+		BUFFER_APPEND_NUM(ps, session->security_parameters.grp->id);
+	} else {
+		BUFFER_APPEND_NUM(ps, 0);
+	}
 
 	BUFFER_APPEND_NUM(ps,
 			  session->security_parameters.server_sign_algo);
@@ -851,9 +856,10 @@ unpack_security_parameters(gnutls_session_t session, gnutls_buffer_st * ps)
 		       session->internals.resumed_security_parameters.
 		       max_record_recv_size);
 
-	BUFFER_POP_NUM(ps,
-		       session->internals.resumed_security_parameters.
-		       group);
+	BUFFER_POP_NUM(ps, ret);
+	session->internals.resumed_security_parameters.grp = _gnutls_id_to_group(ret);
+	/* it can be null */
+
 	BUFFER_POP_NUM(ps,
 		       session->internals.resumed_security_parameters.
 		       server_sign_algo);
@@ -967,7 +973,7 @@ gnutls_session_set_premaster(gnutls_session_t session, unsigned int entity,
 	session->internals.resumed_security_parameters.timestamp =
 	    gnutls_time(0);
 
-	session->internals.resumed_security_parameters.group = 0;
+	session->internals.resumed_security_parameters.grp = 0;
 
 	session->internals.premaster_set = 1;
 
diff --git a/lib/state.c b/lib/state.c
index 99241ec471..d68ab15354 100644
--- a/lib/state.c
+++ b/lib/state.c
@@ -949,7 +949,7 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session)
 {
 	const gnutls_group_entry_st *e;
 
-	e = _gnutls_id_to_group(_gnutls_session_group_get(session));
+	e = get_group(session);
 	if (e == NULL || e->curve == 0)
 		return 0;
 	return e->curve;
@@ -971,7 +971,7 @@ gnutls_group_t gnutls_group_get(gnutls_session_t session)
 {
 	const gnutls_group_entry_st *e;
 
-	e = _gnutls_id_to_group(_gnutls_session_group_get(session));
+	e = get_group(session);
 	if (e == NULL)
 		return 0;
 	return e->id;
diff --git a/lib/state.h b/lib/state.h
index 5fec7f64bb..253af0e17c 100644
--- a/lib/state.h
+++ b/lib/state.h
@@ -25,10 +25,10 @@
 
 #include "gnutls_int.h"
 
-inline static gnutls_ecc_curve_t
-_gnutls_session_group_get(gnutls_session_t session)
+inline static const gnutls_group_entry_st *
+get_group(gnutls_session_t session)
 {
-	return session->security_parameters.group;
+	return session->security_parameters.grp;
 }
 
 int _gnutls_session_is_ecc(gnutls_session_t session);
@@ -39,7 +39,7 @@ _gnutls_session_group_set(gnutls_session_t session,
 {
 	_gnutls_handshake_log("HSK[%p]: Selected group %s (%d)\n",
 			      session, e->name, e->id);
-	session->security_parameters.group = e->id;
+	session->security_parameters.grp = e;
 }