diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-04-07 16:03:16 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-04-07 16:06:03 +0200 |
commit | b05cf9b5b9d1200c4128b53f48e35891b9215cf0 (patch) | |
tree | ee69d87efc969ec190ee0b1f36e8059dd2f9e54e /lib | |
parent | fc84f938e2f669d8edb090e0945fe60ba73d75ff (diff) | |
download | gnutls-b05cf9b5b9d1200c4128b53f48e35891b9215cf0.tar.gz |
extend the fallback to setkey in addition to init
Diffstat (limited to 'lib')
-rw-r--r-- | lib/crypto-backend.c | 8 | ||||
-rw-r--r-- | lib/gnutls_cipher_int.c | 12 |
2 files changed, 12 insertions, 8 deletions
diff --git a/lib/crypto-backend.c b/lib/crypto-backend.c index 4f8249caa1..3c427601d2 100644 --- a/lib/crypto-backend.c +++ b/lib/crypto-backend.c @@ -151,7 +151,7 @@ void _gnutls_crypto_deregister(void) * priority of 90 and CPU-assisted of 80. The algorithm with the lowest priority will be * used by gnutls. * - * In the case the registered init function returns %GNUTLS_E_NEED_FALLBACK, + * In the case the registered init or setkey functions return %GNUTLS_E_NEED_FALLBACK, * GnuTLS will attempt to use the next in priority registered cipher. * * This function should be called before gnutls_global_init(). @@ -196,7 +196,7 @@ const gnutls_crypto_cipher_st * priority of 90 and CPU-assisted of 80. The algorithm with the lowest priority will be * used by gnutls. * - * In the case the registered init function returns %GNUTLS_E_NEED_FALLBACK, + * In the case the registered init or setkey functions return %GNUTLS_E_NEED_FALLBACK, * GnuTLS will attempt to use the next in priority registered cipher. * * The functions which are marked as non-AEAD they are not required when @@ -247,8 +247,8 @@ gnutls_crypto_register_cipher(gnutls_cipher_algorithm_t algorithm, * priority of 90 and CPU-assisted of 80. The algorithm with the lowest priority will be * used by gnutls. * - * In the case the registered init function return %GNUTLS_E_NEED_FALLBACK - * then GnuTLS will attempt to use the next in priority registered cipher. + * In the case the registered init or setkey functions return %GNUTLS_E_NEED_FALLBACK, + * GnuTLS will attempt to use the next in priority registered cipher. * * The functions registered will be used with the new AEAD API introduced in * GnuTLS 3.4.0. Internally GnuTLS uses the new AEAD API. diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c index 6670023c8c..bfc3d27f44 100644 --- a/lib/gnutls_cipher_int.c +++ b/lib/gnutls_cipher_int.c @@ -31,8 +31,11 @@ #include <algorithms.h> #define SR_FB(x, cleanup) ret=(x); if ( ret<0 ) { \ - if (ret == GNUTLS_E_NEED_FALLBACK) \ + if (ret == GNUTLS_E_NEED_FALLBACK) { \ + if (handle->handle) \ + handle->deinit(handle->handle); \ goto fallback; \ + } \ gnutls_assert(); \ ret = GNUTLS_E_INTERNAL_ERROR; \ goto cleanup; \ @@ -61,8 +64,8 @@ int _gnutls_cipher_exists(gnutls_cipher_algorithm_t cipher) } int -_gnutls_cipher_init(cipher_hd_st * handle, const cipher_entry_st * e, - const gnutls_datum_t * key, const gnutls_datum_t * iv, +_gnutls_cipher_init(cipher_hd_st *handle, const cipher_entry_st *e, + const gnutls_datum_t *key, const gnutls_datum_t *iv, int enc) { int ret = GNUTLS_E_INTERNAL_ERROR; @@ -74,6 +77,7 @@ _gnutls_cipher_init(cipher_hd_st * handle, const cipher_entry_st * e, FAIL_IF_LIB_ERROR; handle->e = e; + handle->handle = NULL; /* check if a cipher has been registered */ @@ -91,7 +95,7 @@ _gnutls_cipher_init(cipher_hd_st * handle, const cipher_entry_st * e, /* if cc->init() returns GNUTLS_E_NEED_FALLBACK we * use the default ciphers */ SR_FB(cc->init(e->id, &handle->handle, enc), cc_cleanup); - SR(cc->setkey(handle->handle, key->data, key->size), + SR_FB(cc->setkey(handle->handle, key->data, key->size), cc_cleanup); if (iv) { SR(cc->setiv(handle->handle, iv->data, iv->size), |