diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ext/pre_shared_key.c | 36 | ||||
-rw-r--r-- | lib/state.c | 2 | ||||
-rw-r--r-- | lib/tls13/session_ticket.h | 17 |
3 files changed, 22 insertions, 33 deletions
diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c index 240be21625..7965ee760d 100644 --- a/lib/ext/pre_shared_key.c +++ b/lib/ext/pre_shared_key.c @@ -277,6 +277,7 @@ client_send_params(gnutls_session_t session, psk_auth_info_t info = NULL; unsigned psk_id_len = 0; unsigned binders_len, binders_pos; + tls13_ticket_st *ticket = &session->internals.tls13_ticket; if (((session->internals.flags & GNUTLS_NO_TICKETS) || session->internals.tls13_ticket.ticket.data == NULL) && @@ -295,47 +296,44 @@ client_send_params(gnutls_session_t session, /* First, let's see if we have a session ticket to send */ if (!(session->internals.flags & GNUTLS_NO_TICKETS) && - session->internals.tls13_ticket.ticket.data != NULL) { + ticket->ticket.data != NULL) { + /* We found a session ticket */ - if (unlikely(session->internals.tls13_ticket.prf == NULL)) { - _gnutls13_session_ticket_unset(session); + if (unlikely(ticket->prf == NULL)) { + tls13_ticket_deinit(ticket); ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); goto cleanup; } - prf_res = session->internals.tls13_ticket.prf; + prf_res = ticket->prf; gnutls_gettime(&cur_time); if (unlikely(_gnutls_timespec_cmp(&cur_time, - &session->internals. - tls13_ticket. - arrival_time) < 0)) { + &ticket->arrival_time) < 0)) { gnutls_assert(); - _gnutls13_session_ticket_unset(session); + tls13_ticket_deinit(ticket); goto ignore_ticket; } /* Check whether the ticket is stale */ - ticket_age = timespec_sub_ms(&cur_time, - &session->internals.tls13_ticket. - arrival_time); - if (ticket_age / 1000 > session->internals.tls13_ticket.lifetime) { - _gnutls13_session_ticket_unset(session); + ticket_age = timespec_sub_ms(&cur_time, &ticket->arrival_time); + if (ticket_age / 1000 > ticket->lifetime) { + tls13_ticket_deinit(ticket); goto ignore_ticket; } - ret = compute_psk_from_ticket(&session->internals.tls13_ticket, &rkey); + ret = compute_psk_from_ticket(ticket, &rkey); if (ret < 0) { - _gnutls13_session_ticket_unset(session); + tls13_ticket_deinit(ticket); goto ignore_ticket; } /* Calculate obfuscated ticket age, in milliseconds, mod 2^32 */ - ob_ticket_age = ticket_age + session->internals.tls13_ticket.age_add; + ob_ticket_age = ticket_age + ticket->age_add; if ((ret = _gnutls_buffer_append_data_prefix(extdata, 16, - session->internals.tls13_ticket.ticket.data, - session->internals.tls13_ticket.ticket.size)) < 0) { + ticket->ticket.data, + ticket->ticket.size)) < 0) { gnutls_assert(); goto cleanup; } @@ -346,7 +344,7 @@ client_send_params(gnutls_session_t session, goto cleanup; } - psk_id_len += 6 + session->internals.tls13_ticket.ticket.size; + psk_id_len += 6 + ticket->ticket.size; binders_len += 1 + _gnutls_mac_get_algo_len(prf_res); } diff --git a/lib/state.c b/lib/state.c index 817a7b8cd8..03e76522ec 100644 --- a/lib/state.c +++ b/lib/state.c @@ -706,7 +706,7 @@ void gnutls_deinit(gnutls_session_t session) _gnutls_selected_certs_deinit(session); /* destroy any session ticket we may have received */ - _gnutls13_session_ticket_unset(session); + tls13_ticket_deinit(&session->internals.tls13_ticket); /* we rely on priorities' internal reference counting */ gnutls_priority_deinit(session->internals.priorities); diff --git a/lib/tls13/session_ticket.h b/lib/tls13/session_ticket.h index cd65327e5a..39d05c150f 100644 --- a/lib/tls13/session_ticket.h +++ b/lib/tls13/session_ticket.h @@ -33,20 +33,11 @@ int _gnutls13_unpack_session_ticket(gnutls_session_t session, inline static void tls13_ticket_deinit(tls13_ticket_st *ticket) { - if (ticket) { - zeroize_temp_key(&ticket->resumption_master_secret, - sizeof(ticket->resumption_master_secret)); + zeroize_temp_key(&ticket->resumption_master_secret, + sizeof(ticket->resumption_master_secret)); - _gnutls_free_datum(&ticket->ticket); - memset(ticket, 0, sizeof(tls13_ticket_st)); - } -} - -inline static -void _gnutls13_session_ticket_unset(gnutls_session_t session) -{ - if (session->internals.tls13_ticket.ticket.data != NULL) - tls13_ticket_deinit(&session->internals.tls13_ticket); + _gnutls_free_datum(&ticket->ticket); + memset(ticket, 0, sizeof(tls13_ticket_st)); } #endif /* GNUTLS_LIB_TLS13_SESSION_TICKET_H */ |