diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-08-19 11:52:20 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-08-19 11:52:20 +0000 |
commit | 4128d9c2a1441223f149de8856d0461d96f04eb4 (patch) | |
tree | 76bd2d97ceb579b6dbc5fa99747174b814eab194 | |
parent | fbfd62394b0a7b8dc0307af1bf5caa489b6b6184 (diff) | |
download | gnutls-4128d9c2a1441223f149de8856d0461d96f04eb4.tar.gz |
gnutls now sends (again) record packets using one write.
-rw-r--r-- | lib/gnutls_cipher.c | 35 | ||||
-rw-r--r-- | lib/gnutls_kx.c | 56 | ||||
-rw-r--r-- | lib/gnutls_record.c | 11 |
3 files changed, 18 insertions, 84 deletions
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index 5ebd2496e9..3e5e7c1af7 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -33,6 +33,8 @@ #include "gnutls_record.h" #include "gnutls_constate.h" +/* returns ciphertext which contains RECORD_HEADER_SIZE unused bytes + */ int _gnutls_encrypt(GNUTLS_STATE state, const char *data, size_t data_size, uint8 ** ciphertext, ContentType type) { @@ -101,7 +103,8 @@ int _gnutls_decrypt(GNUTLS_STATE state, char *ciphertext, /* This is the actual encryption - * (and also keeps some space for headers in the encrypted data) + * (and also keeps some space for headers (RECORD_HEADER_SIZE) in the + * encrypted data) */ int _gnutls_compressed2TLSCiphertext(GNUTLS_STATE state, gnutls_datum* @@ -174,18 +177,11 @@ int _gnutls_compressed2TLSCiphertext(GNUTLS_STATE state, length = compressed.size + hash_size; - data = gnutls_malloc(length); + data = gnutls_malloc(length+RECORD_HEADER_SIZE); if (data==NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - memcpy(data, compressed.data, compressed.size); - memcpy(&data[compressed.size], MAC, hash_size); - - gnutls_cipher_encrypt(state->connection_state. - write_cipher_state, data, length); - cipher->data = data; - cipher->size = length; break; case CIPHER_BLOCK: @@ -212,20 +208,12 @@ int _gnutls_compressed2TLSCiphertext(GNUTLS_STATE state, pad = (uint8) (blocksize - (length % blocksize)) + rand; length += pad; - data = gnutls_malloc(length); + data = gnutls_malloc(length+RECORD_HEADER_SIZE); if (data==NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - memset(&data[length - pad], pad - 1, pad); - memcpy(data, compressed.data, compressed.size); - memcpy(&data[compressed.size], MAC, hash_size); - - gnutls_cipher_encrypt(state->connection_state. - write_cipher_state, data, length); - - cipher->data = data; - cipher->size = length; + memset(&data[RECORD_HEADER_SIZE + length - pad], pad - 1, pad); break; default: @@ -233,6 +221,15 @@ int _gnutls_compressed2TLSCiphertext(GNUTLS_STATE state, return GNUTLS_E_UNKNOWN_CIPHER_TYPE; } + memcpy(&data[RECORD_HEADER_SIZE], compressed.data, compressed.size); + memcpy(&data[compressed.size+RECORD_HEADER_SIZE], MAC, hash_size); + + gnutls_cipher_encrypt(state->connection_state. + write_cipher_state, &data[RECORD_HEADER_SIZE], + length); + cipher->data = data; + cipher->size = length + RECORD_HEADER_SIZE; + return 0; } diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c index 24ad5376bd..e4dea9f974 100644 --- a/lib/gnutls_kx.c +++ b/lib/gnutls_kx.c @@ -98,11 +98,6 @@ int _gnutls_send_server_kx_message(SOCKET cd, GNUTLS_STATE state) if (state->gnutls_internals.auth_struct->gnutls_generate_server_kx==NULL) return 0; -#ifdef HANDSHAKE_DEBUG - _gnutls_log( "Sending server KX message\n"); -#endif - - data_size = state->gnutls_internals.auth_struct->gnutls_generate_server_kx( state, &data); if (data_size < 0) { @@ -135,11 +130,6 @@ int _gnutls_send_server_certificate_request(SOCKET cd, GNUTLS_STATE state) if (state->gnutls_internals.send_cert_req <= 0) return 0; -#ifdef HANDSHAKE_DEBUG - _gnutls_log( "Sending server Certificate request message\n"); -#endif - - data_size = state->gnutls_internals.auth_struct->gnutls_generate_server_certificate_request( state, &data); if (data_size < 0) { @@ -167,10 +157,6 @@ int _gnutls_send_server_kx_message2(SOCKET cd, GNUTLS_STATE state) if (state->gnutls_internals.auth_struct->gnutls_generate_server_kx2 != NULL) { data_size = state->gnutls_internals.auth_struct->gnutls_generate_server_kx2( state, &data); -#ifdef HANDSHAKE_DEBUG - _gnutls_log( "Sending server KX message2\n"); -#endif - if (data_size<0) { gnutls_assert(); return data_size; @@ -199,10 +185,6 @@ int _gnutls_send_client_kx_message(SOCKET cd, GNUTLS_STATE state) if (state->gnutls_internals.auth_struct->gnutls_generate_client_kx==NULL) return 0; -#ifdef HANDSHAKE_DEBUG - _gnutls_log( "Sending client KX message\n"); -#endif - data_size = state->gnutls_internals.auth_struct->gnutls_generate_client_kx( state, &data); if (data_size < 0) { gnutls_assert(); @@ -231,10 +213,6 @@ int _gnutls_send_client_kx_message0(SOCKET cd, GNUTLS_STATE state) if ( state->gnutls_internals.auth_struct->gnutls_generate_client_kx0 == NULL) return 0; -#ifdef HANDSHAKE_DEBUG - _gnutls_log( "Sending client KX message0\n"); -#endif - data_size = state->gnutls_internals.auth_struct->gnutls_generate_client_kx0( state, &data); if (data_size < 0) { gnutls_assert(); @@ -273,9 +251,6 @@ int _gnutls_send_client_certificate_verify(SOCKET cd, GNUTLS_STATE state) */ } -#ifdef HANDSHAKE_DEBUG - _gnutls_log( "Sending client certificate verify message\n"); -#endif data_size = state->gnutls_internals.auth_struct->gnutls_generate_client_cert_vrfy( state, &data); if (data_size < 0) { gnutls_assert(); @@ -302,10 +277,6 @@ int _gnutls_recv_server_kx_message(SOCKET cd, GNUTLS_STATE state) if (state->gnutls_internals.auth_struct->gnutls_process_server_kx!=NULL) { -#ifdef HANDSHAKE_DEBUG - _gnutls_log( "Receiving Server KX message\n"); -#endif - ret = _gnutls_recv_handshake(cd, state, &data, &datasize, @@ -331,10 +302,6 @@ int _gnutls_recv_server_certificate_request(SOCKET cd, GNUTLS_STATE state) if (state->gnutls_internals.auth_struct->gnutls_process_server_certificate_request!=NULL) { -#ifdef HANDSHAKE_DEBUG - _gnutls_log( "Receiving Server Certificate request message\n"); -#endif - ret = _gnutls_recv_handshake(cd, state, &data, &datasize, @@ -363,10 +330,6 @@ int _gnutls_recv_server_kx_message2(SOCKET cd, GNUTLS_STATE state) if (state->gnutls_internals.auth_struct->gnutls_process_server_kx2 != NULL) { -#ifdef HANDSHAKE_DEBUG - _gnutls_log( "Receiving Server KX message2\n"); -#endif - ret = _gnutls_recv_handshake(cd, state, &data, &datasize, @@ -394,10 +357,6 @@ int _gnutls_recv_client_kx_message(SOCKET cd, GNUTLS_STATE state) /* Do key exchange only if the algorithm permits it */ if (state->gnutls_internals.auth_struct->gnutls_process_client_kx != NULL) { -#ifdef HANDSHAKE_DEBUG - _gnutls_log( "Receiving client KX message\n"); -#endif - ret = _gnutls_recv_handshake(cd, state, &data, &datasize, @@ -425,10 +384,6 @@ int _gnutls_recv_client_kx_message0(SOCKET cd, GNUTLS_STATE state) /* Do key exchange only if the algorithm permits it */ if (state->gnutls_internals.auth_struct->gnutls_process_client_kx0 != NULL) { -#ifdef HANDSHAKE_DEBUG - _gnutls_log( "Receiving client KX message0\n"); -#endif - ret = _gnutls_recv_handshake(cd, state, &data, &datasize, @@ -460,9 +415,6 @@ int _gnutls_send_client_certificate(SOCKET cd, GNUTLS_STATE state) if (state->gnutls_internals.auth_struct->gnutls_generate_client_certificate==NULL) return 0; -#ifdef HANDSHAKE_DEBUG - _gnutls_log( "Sending client certificate message\n"); -#endif data_size = state->gnutls_internals.auth_struct->gnutls_generate_client_certificate( state, &data); @@ -495,10 +447,6 @@ int _gnutls_send_server_certificate(SOCKET cd, GNUTLS_STATE state) if (state->gnutls_internals.auth_struct->gnutls_generate_server_certificate==NULL) return 0; -#ifdef HANDSHAKE_DEBUG - _gnutls_log( "Sending certificate message\n"); -#endif - data_size = state->gnutls_internals.auth_struct->gnutls_generate_server_certificate( state, &data); if (data_size < 0) { @@ -628,10 +576,6 @@ int _gnutls_recv_client_certificate_verify_message(SOCKET cd, GNUTLS_STATE state if (state->gnutls_internals.auth_struct->gnutls_process_client_cert_vrfy != NULL) { -#ifdef HANDSHAKE_DEBUG - _gnutls_log( "Receiving client certificate verify message\n"); -#endif - if ( state->gnutls_internals.send_cert_req == 0 || state->gnutls_key->certificate_requested == 0) { return 0; diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index 7b68602e91..b0bb5a646d 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -446,15 +446,8 @@ ssize_t gnutls_send_int(SOCKET cd, GNUTLS_STATE state, ContentType type, Handsha return cipher_size; /* error */ } - WRITEuint16( cipher_size, &headers[3]); - -#warning "CHECK if the double write breaks other implementations" - if (_gnutls_Write(cd, headers, RECORD_HEADER_SIZE, flags) != RECORD_HEADER_SIZE) { - state->gnutls_internals.valid_connection = VALID_FALSE; - state->gnutls_internals.resumable = RESUME_FALSE; - gnutls_assert(); - return GNUTLS_E_UNABLE_SEND_DATA; - } + WRITEuint16( cipher_size-RECORD_HEADER_SIZE, &headers[3]); + memcpy( cipher, headers, RECORD_HEADER_SIZE); if (_gnutls_Write(cd, cipher, cipher_size, flags) != cipher_size) { state->gnutls_internals.valid_connection = VALID_FALSE; |